Www.vendorportal.ecms.va.gov



TRANSFORMATION TWENTY-ONE TOTAL TECHNOLOGY NEXT GENERATION (T4NG)PERFORMANCE WORK STATEMENT (PWS)DEPARTMENT OF VETERANS AFFAIRSOffice of Information & TechnologyHealth Data Products (HDP)VistA Imaging Image Exchange (VIX) Service and Image ViewerSustainment and Development SupportDate: April 01 2019TAC-19-53088Task Order PWS Version Number: 1.0Contents TOC \o "1-4" \h \z \u 1.0BACKGROUND PAGEREF _Toc5006588 \h 62.0APPLICABLE DOCUMENTS PAGEREF _Toc5006589 \h 63.0SCOPE OF WORK PAGEREF _Toc5006590 \h 83.1APPLICABILITY PAGEREF _Toc5006591 \h 83.2ORDER TYPE PAGEREF _Toc5006592 \h 84.0PERFORMANCE DETAILS PAGEREF _Toc5006593 \h 84.1PERFORMANCE PERIOD PAGEREF _Toc5006594 \h 84.2PLACE OF PERFORMANCE PAGEREF _Toc5006595 \h 94.3TRAVEL OR SPECIAL REQUIREMENTS PAGEREF _Toc5006596 \h 94.4CONTRACT MANAGEMENT PAGEREF _Toc5006597 \h 94.5GOVERNMENT FURNISHED PROPERTY PAGEREF _Toc5006598 \h 94.6KEY PERSONNEL PAGEREF _Toc5006599 \h 104.7SECURITY AND PRIVACY PAGEREF _Toc5006600 \h 124.7.1POSITION/TASK RISK DESIGNATION LEVEL(S) PAGEREF _Toc5006601 \h 135.0SPECIFIC TASKS AND DELIVERABLES PAGEREF _Toc5006602 \h 145.1PROJECT MANAGEMENT PAGEREF _Toc5006603 \h 145.1.1CONTRACTOR PROJECT MANAGEMENT PLAN PAGEREF _Toc5006604 \h 145.1.2CONTRACTOR STAFFING PLAN PAGEREF _Toc5006605 \h 145.1.3RATIONAL REPORTING REQUIREMENTS PAGEREF _Toc5006606 \h 155.1.4RATIONAL TOOLS TRAINING PAGEREF _Toc5006607 \h 155.1.5PRIVACY & HIPAA TRAINING PAGEREF _Toc5006608 \h 165.1.6CONTRACTORS ONBOARDING/OFF-BOARDING (CONB) PAGEREF _Toc5006609 \h 165.1.7TECHNICAL KICKOFF MEETING PAGEREF _Toc5006610 \h 175.1.8CONFIGURATION MANAGEMENT PAGEREF _Toc5006611 \h 175.2VIX SERVICE AND VIX VIEWER SUSTAINMENT INTAKE PAGEREF _Toc5006612 \h 185.3VIX SERVICE AND IMAGE VIEWER SUSTAINMENT MANAGEMENT PAGEREF _Toc5006613 \h 195.3.1DEFECT MANAGEMENT PLANNING PAGEREF _Toc5006614 \h 195.3.2AUTHORITY TO OPERATE PAGEREF _Toc5006615 \h 215.3.3DEFECT PROCESSING PAGEREF _Toc5006616 \h 215.3.3.1DEFECT CLASSIFICATION AND PRIORITIZATION PAGEREF _Toc5006617 \h 215.3.3.2DEFECT REMEDIATION PROCESSING PAGEREF _Toc5006618 \h 225.3.3.3DEFECT TRACKING AND REPORTING PAGEREF _Toc5006619 \h 245.3.4TROUBLE TICKET PROCESSING PAGEREF _Toc5006620 \h 255.3.4.1TROUBLE TICKET PROCESSING PERFORMANCE TARGETS PAGEREF _Toc5006621 \h 255.3.4.2TROUBLE TICKET DEFECT PRIORITY PAGEREF _Toc5006684 \h 295.3.4.3TROUBLE TICKET RECLASSIFICATION PAGEREF _Toc5006685 \h 305.3.4.4TROUBLE TICKET CLOSURE AND BACKLOG REDUCTION PAGEREF _Toc5006686 \h 305.3.5PRODUCT SUSTAIMENT MONITORING AND REPORTING PAGEREF _Toc5006687 \h 315.4PROBLEM ASSESSMENT PAGEREF _Toc5006688 \h 315.5PROBLEM REMEDIATION PAGEREF _Toc5006689 \h 335.5.1WORKAROUND PAGEREF _Toc5006690 \h 335.5.2DEFECT CODE REPAIR PAGEREF _Toc5006691 \h 345.5.3TABLE MAINTENANCE PAGEREF _Toc5006692 \h 345.5.4DOCUMENTATION DEFECT REMEDIATION PAGEREF _Toc5006693 \h 345.6SUSTAINMENT TESTING AND VALIDATION PAGEREF _Toc5006694 \h 355.6.1VIX WEB SERVICES PERFORMANCE TESTING PAGEREF _Toc5006695 \h 375.7DEFECT RELEASE MANAGEMENT AND SUPPORT PAGEREF _Toc5006696 \h 395.8QUALITY ASSURANCE OF ASSETS AND POST RELEASE SUPPORT PAGEREF _Toc5006697 \h 405.9CVIX SERVICE ADMINISTRATION PAGEREF _Toc5006698 \h 415.9.1VIX SERVICE SYSTEM PERFORMANCE BASELINE PAGEREF _Toc5006699 \h 415.10EXTERNAL SUSTAINMENT COORDINATION PAGEREF _Toc5006700 \h 425.10.1EMBEDDED COMMERCIAL OF THE SHELF (COTS) SUSTAINMENT PAGEREF _Toc5006701 \h 425.10.2INTER-AGENCY SUSTAINMENT COORDINATION PAGEREF _Toc5006702 \h 435.10.3INTRA-AGENCY COORDINATION PAGEREF _Toc5006703 \h 445.10.4ADDITIONAL IMAGE VIEWER CONSUMMERS PAGEREF _Toc5006704 \h 455.11VIX SOFTWARE DEVELOPMENT (OPTIONAL TASKS ONE THROUGH Eight) PAGEREF _Toc5006705 \h 465.11.1VIX SERVICE AND ENHANCED IMAGE VIEWER REQUIREMENTS MANAGEMENT PAGEREF _Toc5006706 \h 465.11.2BUILD AND DEVELOPMENT PAGEREF _Toc5006707 \h 475.11.2.1SOFTWARE DESIGN PAGEREF _Toc5006708 \h 475.11.2.2DEVELOPMENT BUILD PLANNING PAGEREF _Toc5006709 \h 485.11.2.3SPRINT PLANNING PAGEREF _Toc5006710 \h 505.11.2.4SPRINT EXECUTION PAGEREF _Toc5006711 \h 515.11.3DEVELOPMENT TESTING PAGEREF _Toc5006712 \h 525.11.3.1OTHER TESTING SUPPORT PAGEREF _Toc5006713 \h 545.11.4ASSESSMENT AND AUTHORIZATION (A&A) SUPPORT PAGEREF _Toc5006714 \h 555.11.5RELEASE SUPPORT PAGEREF _Toc5006715 \h 565.11.6END-USER TRAINING MATERIALS PAGEREF _Toc5006716 \h 575.12ENTERPRISE CLINICAL IMAGE ARCHIVE (ECIA) INTERFACE ENHANCEMENT (OPTIONAL TASK ONE) PAGEREF _Toc5006717 \h 585.13VIX SERVICE FOR COMMERCIAL PACS (OPTIONAL TASK TWO) PAGEREF _Toc5006718 \h 605.14ENABLE COMMUNITY VIEWER WITH the ENHANCED IMAGE VIEWER (OPTIONAL TASK THREE) PAGEREF _Toc5006719 \h 605.15ENHANCED IMAGE VIEWER V4.0 (Optional task four) PAGEREF _Toc5006720 \h 615.16ADD IMAGE SHARING PORTAL FOR EXTERNAL CONSULTING PROVIDERS (OPTIONAL TASK FIVE) PAGEREF _Toc5006721 \h 635.17ADD EXTERNAL LOGICAL OBSERVATION IDENTIFIERS NAMES AND CODES (LOINC) MAPPING FOR IMAGE ARTIFACTS RETRIEVED VIA VIX SERVICE (OPTIONAL TASK SIX) PAGEREF _Toc5006722 \h 645.18TELEPATHOLOGY – ADD AUTO-PDX, RETEST AND NATIONALLY RELEASE (OPTIONAL TASK Seven) PAGEREF _Toc5006723 \h 645.19TRANSITION SUPPORT (OPTIONAL TASK Eight) PAGEREF _Toc5006724 \h 665.20OPTION PERIOD ONE PAGEREF _Toc5006725 \h 665.21OPTION PERIOD TWO PAGEREF _Toc5006726 \h 675.22OPTION PERIOD THREE PAGEREF _Toc5006727 \h 675.23OPTION PERIOD FOUR PAGEREF _Toc5006728 \h 676.0GENERAL REQUIREMENTS PAGEREF _Toc5006729 \h 676.1PERFORMANCE METRICS PAGEREF _Toc5006730 \h 676.2SECTION 508 – ELECTRONIC AND INFORMATION TECHNOLOGY (EIT) STANDARDS PAGEREF _Toc5006731 \h 686.2.1EQUIVALENT FACILITATION PAGEREF _Toc5006732 \h 696.2.2COMPATIBILITY WITH ASSISTIVE TECHNOLOGY PAGEREF _Toc5006733 \h 696.2.3ACCEPTANCE AND ACCEPTANCE TESTING PAGEREF _Toc5006734 \h 696.3SHIPMENT OF HARDWARE OR EQUIPMENT PAGEREF _Toc5006735 \h 70BACKGROUNDThe mission of the Department of Veterans Affairs (VA), Office of Information & Technology (OI&T), Enterprise Program Management Office (EPMO), is to provide benefits and services to Veterans of the United States.? In meeting these goals, OI&T strives to provide high quality, effective, and efficient Information Technology (IT) services to those responsible for providing care to the Veterans at the point-of-care as well as throughout all the points of the Veterans’ health care in an effective, timely and compassionate manner.? VA depends on Information Management/Information Technology (IM/IT) systems to meet mission goals.VA OI&T has developed and enhanced an image sharing service designated as the Veterans Health Information Systems & Technology Architecture (VistA) Imaging Image Exchange (VIX) Service as well as a zero footprint, open source html 5.0 image viewer known as the Enhanced Image Viewer for viewing medical images and image artifacts such as scanned documents. The current VIX Service extends the VistA Imaging environment and facilitates image and document sharing with the Department of Defense (DoD) via the VA’s Data Access Service (DAS). DoD can locate and fetch VA archived medical image studies and scanned documents archived in VA VistA Imaging systems located at Veterans Health Administration (VHA) facilities. VA staff via the VistA Imaging user clients as well as the VA instance of the Joint Legacy Viewer (JLV) can locate and fetch radiology images and electronic documents via the VIX Service/DAS interface from the DoD Health Artifact Image Management System (HAIMS).VA’s DAS is a data transport and access capability enabling VA’s systems to access or retrieve data through DAS from other systems that DAS has already established connections with. Similarly, DAS has connectivity to an expanding list of systems in DoD, Health and Human Services (HHS), and commercial entities. DAS customers with appropriate need and approved credentials can utilize DAS to access data from these systems as well.APPLICABLE DOCUMENTSThe Contractor shall comply with the following documents, in addition to the documents in Paragraph 2.0 in the T4NG Basic Performance Work Statement (PWS), in the performance of this effort. “Veteran Focused Integration Process Guide 3.2”, December 2018, “VIP Release Process Guide”, Version 2.0”, October 2017, “POLARIS User Guide”, Version 1.9”, March 2017, Enterprise Design Patterns, VA Directive 6551, March 17, 2016, and Access Management - Access Services Integration Patterns, Version 2.0, March 2016; Imaging Documentation, Imaging Services Architecture (VISA) Interface Control DocumentVistA Imaging System CVIX Production Operations Manual/Administration Guide VistA Imaging System VIX Service Installation GuideImage Viewer Version 2.0 Production Operations Manual (MAG*3.0*201)Enhanced Image Viewer User Guide Revision 12.0 (MAG*3.0*201)VistA Imaging Exchange Administrator’s Guide Revision 11.0 (MAG**3.0*197)DRAFT Enhanced Image Viewer VIX Integration GuideDAS Data Routing Service V1.6.5Health Product Support Release of Products and Patches Guide Version 2.5 or laterVA Rational Tools GuideVA Standard Data Services, Enterprise Terminology Services:NIST SP 800-30 Rev 1 Guide for Conducting Risk Assessments OI&T Process Asset Library, Product Support (HPS) CA SDM Guide (11/10/2015) Product Support Release of Products and Patches Guide (3/22/2016) 1 - Health Product Support VIP ProcessInnovation 873 Telepathology Requirements Specification Document V1.3Innovation 873 Telepathology System Design Document v1.2Design, Engineering and Architecture Strategic Technology Alignment Team Compliance Project Team User Guide Standard Operating Procedure V1.0 dated June 11, 2018SCOPE OF WORKThe Contractor shall provide sustainment support services for the VIX Service and the Enhanced Image Viewer as described in this PWS. The Contractor shall also provide Agile software development services for the Optional Tasks listed below in alignment with the VA’s Enterprise Design Pattern program, if exercised: Optional Task 1:Enterprise Clinical Image Archive (ECIA) Interface Enhancement Optional Task 2:VIX Service for Commercial Picture Archiving and Communications System (PACS) Optional Task 3:Enable Community Viewer with the Enhanced Image ViewerOptional Task 4:Enhanced Image Viewer v4.0Optional Task 5:Add Image Sharing Portal for External Consulting Providers Optional Task 6:Add External Logical Observation Identifiers Names and Codes (LOINC) Mapping for Image Artifacts Retrieved Via VIX Service Optional Task 7:Telepathology - Add Auto-PDX, Retest and Nationally ReleaseOptional Task8:Transition SupportAPPLICABILITYThis Task Order (TO) effort PWS is within the scope of the T4NG Basic PWS paragraph(s): 4.2.1 Design and Development, 4.2.4 Enterprise Application/Services, 4.2.6 Web Application Design and Development, 4.2.9 System/Software Integration, 4.2.12 Engineering and Technical Documentation, 4.4 Test & Evaluation, 4.8 Operations and Maintenance, 4.9 Cyber Security, and 4.10 Training.ORDER TYPEThe effort shall be proposed on a Firm Fixed Price (FFP) basis.PERFORMANCE DETAILSPERFORMANCE PERIODThe period of performance (PoP) shall be 12 months from date of award with four 12- month option periods and one 60-day option for transition. This effort shall also include eight optional tasks that may be exercised at any time during the Task Order. If exercised, each Optional Tasks exercise shall not exceed 12-months or the overall Task Order PoP of 60 months.The overall Task Order PoP shall not exceed 60 months. PLACE OF PERFORMANCEEfforts under this TO shall be performed at Contractor facilities. The Contractor shall identify the Contractor’s place of performance in their Task Execution Plan submission.TRAVEL OR SPECIAL REQUIREMENTSThe Government anticipates travel to perform the tasks associated with the effort, as well as to attend program-related meetings or conferences throughout the PoP.? Include all estimated travel costs in your firm-fixed price line items. These costs will not be directly reimbursed by the Government.The total estimated number of trips in support of the program related meetings for this effort is two per year during the base period and each option period. Anticipated locations shall be the DC Metro area, estimated at three people per trip and three days in duration.CONTRACT MANAGEMENTAll requirements of Sections 7.0 and 8.0 of the T4NG Basic PWS apply to this effort. This TO shall be addressed in the Contractor’s Progress, Status and Management Report as set forth in the T4NG Basic ERNMENT FURNISHED PROPERTYThe Government has determined that remote access solutions involving Citrix Access Gateway (CAG) have proven to be an unsatisfactory access method to complete the tasks on this specific TO. The Government also understands that Government Furnished Equipment (GFE) is limited to Contractors requiring direct access to the network to: access development environments; install, configure and run TRM-approved software and tools (e.g., Laurel Bridge SDK, Apache Tomcat, Aware JP2000, SQL Server Express, Fortify, Soap UI, RESTful Web Services, Lighthouse, InterSystems Healthshare, etc.); upload/download/ manipulate code, run scripts, apply patches, etc.; configure and change system settings; check logs, troubleshoot/debug, and test/QA.Based on the Government assessment of remote access solutions and the requirements of this TO, the Government estimates that the following GFE will be required by this TO:Twenty developer-grade laptops The Government will not provide IT accessories including Mobile Wi-Fi hotspots/wireless access points, additional or specialized keyboards or mice, laptop bags, extra charging cables, extra PIV readers, peripheral devices, additional RAM, etc. The Contractor is responsible for providing these types of IT accessories in support of the TO as necessary and any VA installation required for these IT accessories shall be coordinated with the COR.The Government will provide access to VA’s IBM Rational Collaborative Application Lifecycle Management (CALM) Toolset (hereafter referred to as Rational) to provide a single Agile project/product application lifecycle management toolset to track execution details after contractors complete the training as required in Section 5.1.3. To access VA’s IBM Rational, the Contractor will require VA access. If the mandated toolset changes throughout the period of performance of this contract, then the Government will provide access to the new toolset. The Government will provide the following Government Furnished Information (GFI) for performance of this TO: Access to VA Project Management Tools and Repositories including:VA OI&T Process Asset Library (formerly ProPath)Rational Tool SuitePrimavera/Microsoft (MS) ProjectPlanning and On-Line Activity/Release Integration Scheduler (POLARIS) VA SharePointHistorical Project DataVA Account & Network Access (VPN)FortifyDevelopment tools such as Compilers, Debuggers, Build Tools, Test Tools GFI referenced in Section 2.0 “Applicable Documents” that are provided as Attachments to this PWS or found at listed URLs VistA Imaging VIX Service and VIX Viewer Application CodeVistA Imaging Image Viewer Sustainment Transition Acceptance Plan KEY PERSONNEL The Government expects competent, productive, and qualified IT professionals to be assigned to the project team. These individuals must have expertise in the Agile development methodology. All changes in key personnel require government approval.The Contractor shall identify the key roles critical to successful accomplishment of the work to be performed under this task order. In addition, the Contractor shall identify the qualifications, capabilities, and experience of the personnel identified to assume such roles. At a minimum, this shall include the following:The Government requires either a full-time Certified Scrum Master (CSM) with a certificate from the Scrum Alliance OR a Professional Scrum Master (PSM) with a certificate from Scrum; and a full-time Project Manager. The Project Manager may serve as the Scrum Master if the Project Manager hold a required certificate. The Government requires a Rational Quality Manager and Solutions expert with a certificate as an IBM Certified Specialist – Rational Quality Manager AND an IBM Certified Solutions Expert – Collaborative Lifecycle Management from a recognized training institute. This Rational Quality Manager and Solutions expert must have at least three years of experience on a development project. These individuals must have expertise in the Rational Jazz Suite tools, specifically, DOORS Next Generation, Team Concert and Quality Manager. The Government requires an experienced (minimum of two years) Massachusetts General Hospital Utility Multi-Programming System (MUMPS) developer.The Government requires an Apache Tomcat expert with a detailed knowledge and understanding of developing applications based upon Apache Tomcat who also has experience (minimum of two years) as a senior lead developer, leading a development team utilizing Apache Tomcat.The Government requires personnel that are knowledgeable programming and developing VIX Service Installer enhancements (minimum of two years).The Government requires personnel that are knowledgeable in the VIX Service system administration (minimum of two years).The Government requires an experienced (minimum of two years) SOA Architect capable of identifying, documenting, monitoring, and maintaining the architecturally significant aspects of the system and the functional interface to the application infrastructure for both development and sustainment activities.The Government requires the right to review resume and accept replacement of Key Personnel when a replacement of a resource occurs. The Contractor shall provide a labor mix defined within the T4NG labor categories for each of these technologies sufficient to support the requirements identified in the PWS. These Key Personnel shall have appropriate certifications and experience in the Key Technologies and processes listed above. These Key Personnel shall provide leadership on the scrum process and serve as the lead for technologies related to MUMPs and VA legacy systems.The Contractor shall not remove, divert, or replace Key Personnel (to include the positions described above) from work without prior notification of the Contracting Officer (CO) and Contracting Officer’ Representative (COR). Any personnel the Contractor offers as a substitute shall have the ability and qualifications equal to or better than the key personnel being replaced. All notifications of substitutions in Key Personnel shall be submitted to the CO and COR at least 14 calendar days prior to making any change in Key Personnel. The notification shall be written and provide a detailed explanation of the circumstances necessitating the proposed substitution. The Contractor shall submit a complete resume for the proposed substitute for review by the Government. Deliverable:Relevant Certifications for Certified Scrum Master/IBM Quality and Lifecycle Management Certifications SECURITY AND PRIVACYAll requirements in Section 6.0 of the T4NG Basic PWS apply to this effort. Specific TO requirements relating to Addendum B, Section B4.0 paragraphs j and k supersede the corresponding T4NG Basic PWS paragraphs, and are as follows:The vendor shall notify VA within 24 hours of the discovery or disclosure of successful exploits of the vulnerability which can compromise the security of the Systems (including the confidentiality or integrity of its data and operations, or the availability of the system). Such issues shall be remediated as quickly as is practical, based upon the severity of the incident. When the Security Fixes involve installing third party patches (such as Microsoft OS patches, JAVA, Apache Tomcat or SQL Server Express), the vendor will provide written notice to VA that the patch has been validated as not affecting the Systems within 10 working days. When the vendor is responsible for operations or maintenance of the Systems, they shall apply the Security Fixes based upon the requirements identified within the TO.It has been determined that protected health information may be disclosed or accessed and a signed Business Associate Agreement (BAA) shall be required. The Contractor shall adhere to the requirements set forth within the BAA, referenced in Section D of the Request for Task Execution Plan (RTEP) and shall comply with VA Directive 6066. POSITION/TASK RISK DESIGNATION LEVEL(S)In accordance with VA Handbook 0710, Personnel Security and Suitability Program, the position sensitivity and the level of background investigation commensurate with the required level of access for the following tasks within the PWS are:Position Sensitivity and Background Investigation Requirements by TaskTask NumberTier1 / Low RiskTier 2 / Moderate RiskTier 4 / High Risk5.1 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.2 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.3 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.4 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.5 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.6 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.7 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.8 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.9 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.10 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.11 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.12 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.13 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.14 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.15 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.16 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.17 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.18 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.19 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.20 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.21 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.22 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.23 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX The Tasks identified above and the resulting Position Sensitivity and Background Investigation requirements identify, in effect, the Background Investigation requirements for Contractor individuals, based upon the tasks the particular Contractor individual will be working. The submitted Contractor Staff Roster must indicate the required Background Investigation Level for each Contractor individual based upon the tasks the Contractor individual will be working, in accordance with their submitted proposal.SPECIFIC TASKS AND DELIVERABLESThe Contractor shall perform the following tasks in accordance with the Veteran-focused Integration Process (VIP):PROJECT MANAGEMENTCONTRACTOR PROJECT MANAGEMENT PLANThe Contractor shall deliver a Contractor Project Management Plan (CPMP) that lays out the Contractor’s approach, timeline and tools to be used in execution of this TO effort. ?The CPMP should take the form of both a narrative and graphic format that displays the schedule, milestones, risks, and resource support.??The key personnel shall be documented and maintained in the CPMP. The CPMP shall also include how the Contractor shall coordinate and execute planned, routine, and ad-hoc data collection reporting requests as identified within the PWS. The initial baseline CPMP shall be concurred upon and updated throughout the PoP in accordance with Section B of the TO. The Contractor shall update and maintain the VA PM approved CPMP throughout the PoP.Deliverable: Contractor Project Management PlanCONTRACTOR STAFFING PLANThe purpose of the Staffing Plan is to make certain the project has sufficient staff with the right skills and experience to ensure a successful project completion.? The Contractor shall present its Staffing Plan, to include project organization chart, project team roles, project responsibilities, associated skillsets, and number of staff required per assignment, estimated start dates, breakdown in terms of staff’s Full Time Equivalent (FTE) for each role, contact information for all Task Order Contractor staff.The Contractor shall ensure established staffing levels are maintained on each reporting period, shall monitor performance, and shall report any deviations.? The Staffing Plan shall be delivered to the Project Manager (PM) and COR for review.? The Staffing Plan shall be updated when changes are warranted.Deliverable:Staffing PlanRATIONAL REPORTING REQUIREMENTSThe Contractor shall use the VA’s implementation of the Rational Toolset, or VA OI&T defined replacement tool, to provide a single Agile project/product lifecycle management tool to track execution details. The Rational Project/Product Data and Artifact Repository shall be used to provide a single authoritative project and product data and artifact repository. All OI&T project data and artifacts shall be required to be managed in this data and artifact repository daily for the full PoP. All checked out artifacts shall be checked back in daily and any data updated daily, to ensure that Rational synchronizes all changed information immediately for all team members to access work proficiently without the concern of working on aged information.The Contractor shall input and manage the following data using VA provided Rational tools in accordance with the VA Rational Tools Guide: Project/product agile requirements backlogScheduled project/product sprints, builds and releasesProject/product risks and issuesProject/product configurations and changesProject/product test plans, cases/scripts, and resultsAll other project/product planning and engineering documentationTraceability of requirements to:Change ordersConfigurable itemsRisks, impediments, and issuesTest casesTest resultsRATIONAL TOOLS TRAININGAll Contractor personnel shall complete all of the following VA TMS training courses before access can be granted to the Rational Tools:TMS ID 3878248 - IBM Rational Team Concert - Agile Sprint, Configuration/Change Management Level 1TMS ID 3878249 - IBM Rational Team Concert - Agile Sprint, Configuration /Change Management Level 2TMS ID 3878250 - IBM Rational DOORS Next Generation - Requirements Management Level 1TMS ID 3897036 - IBM Rational DOORS Next Generation - Requirements Management Level 2TMS ID 3897034 - IBM Rational Quality Manager - Quality Management Level 1 TMS ID 3897035 - IBM Rational Quality Manager - Quality Management Level 2Upon completion of the Rational Training Courses, the Contractor shall provide VA with the Rational Training Certificates.Contractor personnel who have completed these VA training courses within the past 24 months and have furnished Rational Training Certificates will not be required to re-take the training courses. Deliverables:Rational Training CertificatesPRIVACY & HIPAA TRAININGThe Contractor shall submit TMS training certificates of completion for VA Privacy and Information Security Awareness and Rules of Behavior and Health Insurance Portability and Accountability Act (HIPAA) training and provide signed copies of the Contractor Rules of Behavior in accordance with Section 9, Training, from Appendix C of the VA Handbook 6500.6, “Contract Security”.Deliverables:VA Privacy and Information Security Awareness and Rules of Behavior Training Certificates Signed Contractor Rules of Behavior VA HIPAA Certificate of CompletionCONTRACTORS ONBOARDING/OFF-BOARDING (CONB)The Contractor shall be responsible for executing and managing the Contactor requirements in the CONB process in the VA OI&T Process Asset Library. Onboarding includes steps to obtain a VA network and email account, complete training, initiate background investigations, and gain physical and logical access, which may include elevated privileges to the development and test environments required for the successful completion of this task.A single Contractor Onboarding POC shall be designated by the Contractor that tracks and reports the onboarding status of all Contractor personnel. The Contractor Onboarding POC shall be responsible for accurate and timely submission of all required VA onboarding paperwork to the COR. The Contractor shall provide an Onboarding Status Report weekly for any staff with outstanding onboarding requests for review by the COR, VA PM and Project Manager.At the conclusion of this task order the Contractor shall be responsible for executing and managing the contactor requirements for off-boarding in the CONB process in the VA OI&T Process Asset Library. Deliverable:Onboarding Status ReportTECHNICAL KICKOFF MEETINGA technical kickoff meeting shall be held within 10 days after TO award.? The Contractor shall coordinate the date, time, and location (can be virtual) with the Contracting Officer (CO), as the Post-Award Conference Chairperson, the VA PM, as the Co-Chairperson, the Contract Specialist (CS), and the COR.? The Contractor shall provide a draft agenda to the CO and VA PM at least five (5) calendar days prior to the meeting.? Upon Government approval of a final agenda, the Contractor shall distribute to all meeting attendees.? During the kickoff-meeting, the Contractor shall present, for review and approval by the Government, the details of the intended approach, work plan, and project schedule for each effort via a Microsoft Office PowerPoint presentation.? At the conclusion of the meeting, the Contractor shall update the presentation with a final slide entitled “Summary Report” which shall include notes on any major issues, agreements, or disagreements discussed during the kickoff meeting and the following statement “As the Post-Award Conference Chairperson, I have reviewed the entirety of this presentation and assert that it is an accurate representation and summary of the discussions held during the Technical Kickoff Meeting for the VA Enterprise Endpoint Security.”? The Contractor shall submit the final updated presentation to the CO for review and signature within three (3) calendar days after the meeting.? The Contractor shall also work with the CS, the Government’s designated note taker, to prepare and distribute the meeting minutes of the kickoff meeting to the CO, COR and all attendees within three (3) calendar days after the meeting.? The Contractor shall obtain concurrence from the CS on the content of the meeting minutes prior to distribution of the document.”CONFIGURATION MANAGEMENTThe Contractor shall:Request and schedule training with the Enterprise Project Management Organization (EPMO) Configuration Management Department for VA configuration management deployment needs, CM standards and CM requirements using Rational Team Concert (RTC) for all applicable Contractor Team resources prior to either initiating the backlog defect grooming and the sustainment build planning.Identify the standard and unique aspects of configuration management to be performed that meets the project and the Enterprise Project Management Division (EPMD) and VIP requirements. Identify types of configuration items pertaining to each product to be placed under configuration management.Update and incorporate the VIX Service and Enhanced Image Viewer Configuration Management Plan (to be delivered at the close out of the currently active Image Viewer for Enterprise Health Management Platform (eHMP) project to create an overall VIX Service and VIX Viewer Configuration Management Plan that includes both software development and sustainment in Rational. The VIX Service and VIX Viewer Configuration Management Plan shall specify how all software source code and electronic artifact configuration and version management will be managed. The Contractor shall use VA PM approved tools to manage change, activity, issue, action, risk, and other project data as prescribed by VA standards and processes. Ensure that all project software and non-software artifacts are versioned correctly and follow a build/release promotion versioning approach which identifies all major, minor, and update changes to the components.For the software builds, the date of the build shall be included as the last segment.When a new VIX Installer instance for a software client installation is created, it shall be a new build as well, and versioned accordingly.Create Project and Product Artifacts baselined and versioned in the Configuration Management (CM) repository to allow the tool to show active and past histories of the check-ins and check-outs of all software components, data, and software project engineering documents. Maintain all baselines of software, software builds, and electronic artifacts in the repository, labeling updates and versions according to CM procedures. Ensure all code is checked in with a frequency compliant with the approved VIX Service and VIX Viewer Configuration Management Plan.Establish and maintain status reporting on change and configuration management activity and ensure data records and artifacts are filed and updated daily.Ensure all off-boarding Contractor personnel have checked in all code, documents, and other project artifacts.Manage a Change Management Process that supports all necessary changes for the project including changes to Definition of Done, Acceptance Criteria, and any other items deemed necessary as part of the Configuration Management Process.Use Rational Team Concert as the VA approved tool and repository for all software source code and electronic artifact configuration and version management. The Contractor shall use IBM Rational Team Concert tool to manage change, activity, issue, action, risk, and other project data as prescribed by VA standards and processes.Develop, verify and submit with all project build deliveries, a Version Description Document (VDD) that conforms to VA Process Asset Library standard templates and addresses the manifest of the contents of all software builds created for project releases outside the development environment.Deliverables:VIX Service Configuration Management Plan (CMP)Version Description Document (VDD)VIX SERVICE AND VIX VIEWER SUSTAINMENT INTAKEThe Contractor shall provide intake support upon contract award of the VIX Service and Enhanced Image Viewer Sustainment Transition Acceptance Plan baseline(s). The Contractor shall acknowledge receipt of the baselines being Government Furnished Information (GFI). The Contractor shall analyze the intake GFI for validating the assets to follow VA guidance and criteria for transition acceptance. The Contractor shall provide a Transition Acceptance Gap Analysis Report, briefly describing any gaps between the actual products and the guidance and criteria for transition acceptance.The Contractor shall be responsive to applicable VA policies, processes and standard operating procedures for applicable VA GFI.The Contractor shall produce a Sustainment Intake Plan, detailing the staffing of all roles required by the product Rational repository (Note: The subject application(s) are part of the Imaging Rational repository and is shared with other parties). The plan shall give a schedule of assessment and turnover of environments, any demonstrations of the software application which are required for training to include Question & Answer or side by side review(s), and planned date of full transfer. Within 45 days of initial intake, the Contractor shall provide a Certification of Receipt of Knowledge Transfer andAsset Transition, certifying they have received sufficient knowledge transfer to support the application(s) and that the assets transferred match those listed on the Certificate of Transition Completion for all Assets.The Contractor shall update all applicable documentation pertaining to the application(s) being supported under this TO per the Contractor’s Sustainment Intake Plan, review of Rational instances and artifacts, and the results of any Q&A, Demo, or side by side review. The Contractor shall not proliferate the repository without the express concurrence of the government nor shall the Contractor create proprietary repositories for maintaining Government software documentation.Deliverables:Transition Acceptance Gap Analysis ReportSustainment Intake PlanCertification of Receipt of Knowledge Transfer and Asset TransitionVIX SERVICE AND IMAGE VIEWER SUSTAINMENT MANAGEMENTDEFECT MANAGEMENT PLANNINGThe Contractor shall document in a Defect Management Plan the items detailed below. The purpose of the Defect Management Plan is twofold: to reduce any existing backlog of defects, and to plan for remediation of further defects as they are identified. The Defect Management Plan shall address the application baseline, to include the defect list and defect density matrix. The Defect Management Plan shall incorporate the notion that defect density will scale down over time as the application matures in the production environment, and in accordance with the established performance metrics listed below. The Defect Management Plan shall establish processes and procedures in alignment with the Health Product Support (HPS) VIP Process. Processes and procedures set forth in the Defect Management Plan shall conform to all other VA, EPMO, and EPMD policies, standards, and mandated processes and procedures. The Defect Management Plan shall address, at minimum, the following:Schedule - Maintenance release per application. Number and type of releases, i.e., mandatory and emergency patchesTesting Plan – VA required testing in accordance with applicable policies and planned vendor testing such as unit, regression, and smoke testing adequate to ensure the released coding changes meet the requirements.Code Support Plan – Developer toolkit and integrated development environment, demonstrating compliance with VA Technical Reference Model (TRM) and all other applicable requirementsQuality and Performance Plan – Continuous improvement methodology, quality control procedures, processes and toolsCompliancy Plan – The Contractor shall ensure maintenance or renewal of compliancy with Federal, VA, VA OI&T EPMD Policy and Standards (e.g., Section 508)The Defect Management Plan shall also address documentation procedures to assure that all documents (to include such online documents as help files) generated or updated are posted to the appropriate repositories.The Defect Management Plan shall make use of applicable VA repositories per guidance in section 2.0 to monitor other development and enhancements efforts and VA software development direction to avoid software remediation or table maintenance activities that are in conflict with other concurrent un-released development efforts.Each month the Contractor shall extract from its Defect Management Plan a Monthly Code Plan, detailing all planned code remediation and scheduled releases for the subsequent 3 months, for review by the government. The Contractor shall be responsive to any comments the government makes during this review.Deliverables:Defect Management PlanMonthly Code PlanAUTHORITY TO OPERATEThe Contractor shall maintain the supported applications, Authority to Operate (ATO), per VA guidance, and participate in the renewing of the product ATO as necessary.The sustained applications are currently components of VistA Imaging with VistA Imaging currently being a component of VistA. The Contractor shall create or update all necessary documentation, and input into system portals to achieve ATO, as required per the security assessment and authorization (A&A) process and VIP.DEFECT PROCESSINGA defect is defined as a flaw in a component or system that can cause the component or system to fail to perform its required function. A defect, if encountered during execution, may cause a failure of the component or system. The Contractor shall process and remediate defects discovered by users or during Contractor analysis.DEFECT CLASSIFICATION AND PRIORITIZATION5.3.3.1.1 DEFECT SEVERITYThe contractor shall update the defect severity in the defect log in accordance with the HPS VIP Process.5.3.3.1.2 DEFECT PRIORITYThe Contractor shall consult with the applicable HPS Tier 2 Government personnel to assign a defect priority to each item in the defect log. This (along with the timeliness targets in Section 5.3.4.1) determines the speed with which the defect must be remediated.The Contractor shall use the definitions given in the HPS VIP Process to assign defect priorities.5.3.3.1.3 PRODUCTION SUPPORT ISSUESFor all production support issues, regardless of priority or severity, the Contractor shall:Update trouble tickets with the current status and a description of the solution or activities in progress to resolve the trouble ticket. Document and track production support issues that are considered application defects.Record the defect severity and defect priority in the defect log.DEFECT REMEDIATION PROCESSINGThe Contractor shall make modifications to software logic, database schemas, and metadata in accordance with established VA policies and procedures, as necessary, to remediate software defects. The Contractor shall maintain all documentation to ensure adherence to the production application (in accordance with all applicable documents per Section 2.0 and the government accepted Defect Management Plan described above. The Contractor shall adhere to VA OI&T policies and guidance documentation (HPS VIP Process, help desk system guide, release guide, etc.) as well as overarching VA guidance, e.g., the TRM, etc. The Contractor shall leverage industry standards and best practices (Institute of Electrical and Electronics Engineers, IT Infrastructure Library, Control Objectives for Information and Related Technologies, etc.) in the absence of established policies and guidance.The Contractor shall maintain configuration control of code assets in the Rational code environment. The Contractor shall manage defects and report on progress in accordance with industry best practices for Capability Maturity Model Integrated level 3 and all applicable VA guidance.The Contractor shall address defects in database tables or VistA files. This shall encompass design flaws within tables, queries, reports, and other database entities as well as any required extraction, transformation, and loading of data necessary to maintain functionality.The Contractor shall manage the application processes appropriately to validate controlled baselines and releases of different artifacts. The Contractor shall manage the configurations of all software and work with the assigned VA configuration control board for approval of changes. The Contractor shall update the Configuration Management Plan (CMP) as necessary for each type of configuration item (such as software code, software builds, software design documents and test plan elaborations) necessary for the development, building, testing, and deployment of the application. The CMP shall be maintained and updated quarterly or in accordance with the HPS VIP Process, if other than quarterly is specified. The Contractor shall maintain, monitor and improve as necessary the standard operating procedures for each type of software build process.The Contractor shall ensure that modifications made for the purpose of defect remediation or table maintenance do not adversely affect patient safety. The Contractor shall prioritize work for patient safety issues, report status to the Government PM, and correct, on an urgent basis, all defects identified as patient safety issues. The Contractor shall coordinate this critical work with the designated VA personnel so that impacts to other project work can be managed. The Contractor shall prioritize defect remediation for patient safety issues. As part of the performance metrics, the Contractor shall address all patient safety issues in accordance with the HPS VIP Process.The Contractor shall comply with applicable policies and compliancy requirements referenced in section 2.0 and their successor guidance. The Contractor shall not make or perpetuate integration points between applications that do not have approved integration agreements in place. The Contractor shall identify suchissues with the Government for proper Integration Control Registration and await approval from the Government to proceed, as described in the HPS VIP ProcessThe Contractor shall ensure that artifacts constructed in atypical languages, such as Mumps (M) code, are installable. Artifacts shall be wrapped in the appropriate file format (for example ear, war, jar, exe, msi, etc.) for deployment.Defect repair shall be scheduled using Agile methodologies, such that high priority, high impact code repairs that arise over the course of sustainment may impact the overall defect repair release schedule, as directed by the government, in accordance with Work Estimates and any Plan of Action and Milestones (POAMs) provided by the Contractor.The VA OI&T mission includes continuously improving the quality and performance of IT assets in sustainment and reducing the backlog of business demands for defect remediation, both in terms of absolute number of defects and in terms of defect density. The Contractor shall perform defect repair in accordance with the Contractor’s Defect Management Plan as accepted by the Government, the provisions in sections 5.4 through 5.8, and the guidance and process documents referenced in section 2.0 to reduce and ultimately eliminate the defect backlog and defect density for each application. The Contractor shall report progress in reducing and eliminating defect backlog as described below.The Contractor shall monitor and remediate defects by addressing maintenance statistics demonstrating improvement and responsiveness to the Government. The Contractor shall update the Rational repository pursuant to applicable guidance to reflect actual defect remediation statistics and application table maintenance activities. HPS may collect business user satisfaction data on specific applications. TheContractor shall monitor these results and provide corrective recommendations and take corrective measures to address them. The Contractor shall utilize the appropriate tools and repositories in accordance with VA policies as described in section 2.0. The Contractor shall analyze the defect repair statistics to make recommendations about software re-design, software replacement or other techniques to improve the quality of the software baseline.The Contractor shall ensure that all documentation (to include online documentation, e.g. help files), required or impacted by defect remediation is complete, correct, and up to date.The Contractor shall be responsible for Tier 3 duties as outlined in the HPS Help Desk Guides (refer to the HPS CA SDM Guide per section 2.0). Issues and/or defects identified during root cause analysis, deep dives, security scans, by customer or compliance audit, etc., shall be input into a Trouble Ticket by the Contractor at the direction of the Government and handled in accordance with required trouble ticket anddefect management processes.The Contractor shall coordinate with the other application VA project teams when defect remediation may cause downstream impacts to applications in the other portfolios.DEFECT TRACKING AND REPORTINGThe Contractor shall report monthly on defect data for VA management oversight, providing a status of all defects and their disposition (acknowledged, under analysis, fix being coded/tested/released; etc.). The Contractor shall store defect reports in the Rational VA repository. Issues related to software applications are tracked as trouble tickets within the VA help desk IT Service Management (ITSM) Tool ticketing system.Monthly Summary Defect Report – The Contractor shall provide a Monthly Summary Defect Report derived from the defect log and helpdesk ticket system, and responsive to the performance standards in listed in the Defect Management Planning Section above. The report shall present data across all application supported and per each application, showing the status of all defects and including lessons learned in support of defect resolution. The Contractor shall also include a POAM for any application which has defects that are currently failing to meet the performance standards or are at risk of failing to meet those standards.The report shall show for each application for the current and prior three reporting periods:Defect Density:Enterprise Applications: Number of defects remaining per 1000 source lines of code (uncommented)VistA Applications: Number of defects remaining per 100 times the number of routinesBaseline Defect Backlog Trend: Percentage of Baseline Defects remediatedAny deviations from the Defect Management Plan and to what degree they were harmful or helpfulAnnual Summary Defect Report – At the end of each contract period of performance the Contractor shall provide an Annual Summary Defect Report, containing the Monthly Defect Summary Report for the final month of the year. The report shall include all defects remediated during that period of performance and show security defects and total defects separately.Deliverables:Monthly Summary Defect ReportAnnual Summary Defect ReportTROUBLE TICKET PROCESSINGTROUBLE TICKET PROCESSING PERFORMANCE TARGETSThe Contractor shall track all problems identified through the VA problem resolution and help desk ticket system and referred to as Tier 3. The Contractor shall record all new Tier 3 problems within one hour of issue realization into the VA help desk ticket system. The Contractor shall begin assessment of escalated tickets for potential defects and acknowledge receipt within one workday of ticket referral or Tier 3 input. The Contractor shall update all cases using the VA help desk ticket system. The current status of all applicable defect tickets shall be recorded in the help desk ticket system within two work days of status change.The Contractor shall in performance of trouble ticket processing comply with the performance targets identified in Table 5.1, Table 5.2, and Table 5.3. If the Contractor encounters instances of Government delay, the Contractor shall document issue and cause for recommendation of resolution within two hours of awareness of the issue.Table 5.1 – Standard Performance Targets for Tier 3 Ticket and Defect Remediation processing by Ticket Defect Priority, per Step (calendar days)ActivityCriticalHighMedium, Low and UnclassifiableTicket AcknowledgementImmediateImmediate?Temporary/Emergency Workaround< ?< 1/3< ?Problem Assessment (Ticket Analysis – Traceability, Analysis, classification & Processing, Reproduce Problem, Code Evaluation & Review1/31115Propose Solution and Create Patch Stub1/357Stakeholder Review for Rating Repair Priority1/333Obtain Committed Test site(s)5710Register POLARIS Release156Problem Remediation (Repair, Internal Testing, attach Build to Patch Stub, SQA Review)254159Critical Decision #2 – Review for IOC Release3610Conduct IOC51414Submit IOC Findings122Release Agent Review and Evaluate1/32/31CD2 Review for National Release1/32/31Release Coordinator Releases Patch1/32/31Note 1: For Critical Severity defect, this includes securing a waiver from the Tier 2 Clin 3 Team Manager for accelerated IOC. Table 5.2 – Standard Performance Targets for Tier 3 Ticket and Defect Remediation Processing by Ticket Defect Priority, Cumulative Elapsed Time (calendar days)ActivityCriticalHighMedium, Low and UnclassifiableTicket AcknowledgementImmediateImmediate?Temporary/Emergency Workaround< 1/4< 1/31Problem Assessment (Ticket Analysis – Traceability, Analysis, classification & Processing, Reproduce Problem, Code Evaluation & Review1 1/31216Propose Solution and Create Patch Stub1 2/31723Stakeholder Review for Rating Repair Priority22026Obtain Committed Test site(s)72736Register POLARIS Release83242Problem Remediation (Repair, Internal Testing, attach Build to Patch Stub, SQA Review)3373101Critical Decision #2 – Review for IOC Release3679111Conduct IOC4193125Submit IOC Findings4295127Release Agent Review and Evaluate42 1/395 2/3128CD2 Review for National Release42 2/396 1/3129Release Coordinator Releases Patch143297130Defects that pose a security risk are held to a higher performance standard, as specified in the table below. This standard is measured from the time of detection of the defect.Table 5.3 – Performance Standards for Tier 3 Ticket and Security Defect Remediation Processing by Ticket Defect Priority (calendar days)Standard Performance MeasuresCriticalHighMediumLowTime to Ticket Acknowledgement/EntryImmediately upon defect identificationImmediately upon defect identification< 1/2 day< 1/2 dayTime to Analyze/Determine Resolution< 1 day< 2 days2 days3 daysTime to Resolve IssueRepair (ready for test sites)< 5 days< 10 days< 20 days< 45 days / as otherwise agreedRepair (to include DeploymentAs soon as possible< 30 days< 45 daysNot to exceed 120 days / as otherwise agreedThe Contractor shall ensure compliancy defects are addressed even when originating outside of trouble ticket intake. For example, defects may be identified during routine code and/or system scanning. The Contractor shall open a new trouble ticket for any such security defects. As another example, Section 508 defects may be identified in the course of routine compliancy scanning, and in these cases to the Contractor shall open a new trouble ticket.After evaluation, the Contractor shall update the helpdesk ticket system status field of Tier 3 defect referrals with the status. The Contractor shall update the status within two workdays of any status change. If the Contractor determines that the problem addressed by the ticket is already being processed, the Contractor shall inform HPS Tier 2 of the problem and the respective ticket numbers for the original ticket for theproblem and the new ticket. Tier 2 will classify the new ticket as a child of the original ticket. The Contractor shall be held to performance measurements relative to the original ticket only. After evaluation, if the fix is determined by the Contractor to be an enhancement instead of a defect, the Contractor shall provide the information to the VA COR for validation. Upon validation, the Contractor shall refer the ticket to HPS Tier 2 to refer the user to the process for initiating a request for new functionality via VIPR.During characterization, classification, root cause analysis, problem remediation specification, planning and implementation, the Contractor shall maintain a record of activity within the trouble ticket system. Upon successful implementation of a remediation (i.e., fix; patch, code repair release), the ticket shall be updated to reflect a closed status.The Contractor shall ensure that information in the defect log is synchronized with the trouble tickets in the helpdesk ticketing system, updating each when the other is updated. To ensure that the defect log and help desk ticketing systems remain in synch, the Contractor shall produce a Ticket/Defect Gap Report as part of the Product Sustainment Report discussed below, detailing any defects not associated with tickets, and any tickets referred to Tier 3 that are not associated with a defect in the defect log, and giving the cause for the gap.The Contractor shall review, update, and manage all trouble tickets on a daily basis. The Contractor shall provide updates on the status of open Tier 3 tickets during the Government PM’s weekly meetings.TROUBLE TICKET DEFECT PRIORITYTrouble tickets referred to the Contractor will have a defect severity recorded on each by Tier 2 personnel. In CA SDM, a field was referred to as “Defect Priority”. Each field value captured identical information with identical values. Henceforth, for this TO this field shall be referred to as “Ticket Defect Priority”. This is a measure of Defect Severity and is identical to the Defect Severity in the Rational defect log. The Defect Severity definitions and values are addressed within the HPS VIP Process.TROUBLE TICKET RECLASSIFICATIONWhile processing tickets, the Contractor may become aware of factors which would tend to contradict the ticket defect priority assigned. Priority change request are approved by the VA PM/COR as is any reclassification of the ticket.TROUBLE TICKET CLOSURE AND BACKLOG REDUCTIONThe Contractor shall document in its Monthly Summary Defect Report (see Section 5.3.3.3) the drawdown and closure of trouble tickets and their associated defects, demonstrating the following:Reduction of the backlog of defects in the application baseline per applicationDecrease in defect density by applicationAdherence to the Defect Management Plan to include deviations from the plan and assessment of any benefit or hindrance accrued therebyThe VIX Service and Enhanced Image Viewer backlog at time of transition shall be addressed by the Contractor – performance standards listed above require future workload be remediated on pace with demand hence future backlog is not anticipated. The Contractor shall contact the HPS Clin3 Team and obtain the historical parent ticket counts (defects) by severity that have been captured prior to the award of this TO. At time of TO award, the Government approximates an average of 5.4 tickets per application transitioning from incumbent contracts. These tickets are to be addressed in accordance with processes discussed above, and, to the greatest extent possible, with the timeliness objectives listed above. Tickets transitioned at time of award shall be remediated and closed no later than the base year of the contract. The Contractor shall provide a Backlog Remediation Plan by application for the Government’s approval outlining the approach, schedule, and resources required to meet this requirement. The plan shall endeavor to remediate tickets as within the targets set forth in the performance tables above to the greatest extent possible. The plan shall demonstrate complete remediation of the backlog by no later than the end of the base period.Deliverable:Backlog Remediation PlanPRODUCT SUSTAIMENT MONITORING AND REPORTINGThe Contractor shall monitor updates/changes to the One VA TRM and execute necessary upgrades to enterprise application platforms to ensure each application operates within VA defined versions and constraints. Updates/changes also shall include those of other VA applications that are needed by the application(s). The Contractor shall monitor software updates issued by VA resulting from VA-developedproducts and services and execute necessary upgrades to enterprise application platforms to ensure each application operates on the most current VA approved software base.When the Contractor deems application software updates require migrating to a new software revision, the Contractor shall submit the software revision to the One VA TRM for approval prior to re-versioning the software in released code. The Contractor shall, on a quarterly basis, produce the Product Sustainment Report, composed of the following:On-boarding, Compliance, Provisioning, and Access Report for contract resources Workforce Staffing Report The Ticket/Defect Gap Report Testing Progress Report Product Impacting Technology Standard Update report (see below)Embedded COTS Sustainment Report, if applicable (see section 5.10.1)The Contractor shall include in its Product Sustainment Report, a Product Impacting Technology Standard Update Report, noting any changes to product technology standard which impact Applications under sustainment in a way which cannot be remediated as defects (i.e. require significant redesign, reengineering, or other changes outside the base requirements of this TO).Deliverables:Product Sustainment ReportsPROBLEM ASSESSMENTProblem assessment consists of evaluation and analysis of problems, which the Contractor shall do in accordance with the Defect Management Plan and the provisions of the VIX Service and Image viewer Sustainment Management section above, and within the performance targets detailed in the same section.The Contractor shall triage the issue to determine if the problem is traceable to requirements, design, configuration, testing, code defect, documentation deficiency, or knowledge gap, and to determine whether further analysis is required.If defect analysis shows that remediation would involve adding new functionality (e.g. is a requirement or design defect), the Contractor shall so inform HPS Tier 2 staff and the COR, so that they may communicate to users that new functionality is requested and determine the correct method or process is followed to initiate the identified new functionality. If the defect did not originate with a ticket, but would require a functional enhancement to correct, the Contractor shall inform the Government PM and/or COR of this, so that they may communicate the findings to the business or product owner.For temporary workarounds the Government may require additional documentation or process flowcharts as discussed below to assist the Government in describing the workaround until a permanent fix or enhancement can be implemented.In differentiating problems, defects, and functional enhancements the Contractor shall adhere to the HPS VIP Process to understand its roles and responsibilities in providing linkages to packages.The Contractor shall utilize all appropriate tools (e.g. error logging, root cause analysis) to analyze the application to determine the causality of problems. The Contractor shall document these steps taken and findings when conducting this analysis and provide a Defect Analysis Report upon COR or Government PM request. Historically, this type of report is required for one out of 10 applications per year.The Contractor shall be available to coordinate with other operational support entities in cases when application defects are found to cause, arise from, or impact non-application issues.After evaluation, the Contractor shall update trouble tickets to reflect Tier 3 defect referrals with the evaluated status, as well as the defect log and any other documents and/or artifacts applicable per the HPS VIP Process.After performing this evaluation and determining release is required, the Contractor shall request a Release Coordinator, per the process listed in the HPS VIP Process.The Contractor shall update the VA directed repository with defect and table statistics during and after problem evaluation and analysis, per the HPS VIP Process.If during this process, the Contractor determines that remediation will require a release of code into the production environment, or a release of updated documentation, they shall register the potential release in accordance with the HPS VIP Process.Deliverables:Defect Analysis ReportPROBLEM REMEDIATIONProblem remediation at the code level may consist of a workaround, a defect code repair, table maintenance, documentation updates, process flowcharts or any combination thereof. The Contractor shall follow the processes and procedures set forth in the HPS VIP Process, updating all documents and artifacts specified therein. The Contractor shall create any source code, table maintenance updates, Structured Query Language (SQL) scripts, or updated documentation associated with the remediation as Remediation Assets, which shall be provided in fully tested form in the Defect Release Management and Support Section below. If the remediation changes how the user interacts with the application (e.g. for a workaround), the Contractor shall also update the problem ticket with instructions on using the application.The Contractor shall coordinate and collaborate with Government personnel as specified in the HPS VIP Process and/or directed by the Government PM, as needed.The Contractor shall begin work on the solution upon Government approval of the proposed solution.The Contractor shall implement any temporary work-arounds proposed and approved by the designated Government official. Following that the Contractor shall review the proposed solution with stakeholders and other development teams. The Contractor shall follow the process within the HPS VIP Process.Throughout Problem Remediation, the Contractor shall implement its Defect Management Plan, and abide by the provisions and the performance objectives described in the VIX Service and Image Viewer Sustainment Management section above.WORKAROUNDA temporary workaround enables end users to continue to use the application in production while defect processing takes place. The Contractor shall assist in proposing immediate solutions, such as process changes rather than code changes, for this purpose. This may include updates to banners, manual data corrections, user bulletins, instructional text to Tier 2, etc. The Contractor shall coordinate, document, and test the solution and implement upon Government approval. This workaround is considered a temporary fix until a permanent code repair has been specified and implemented.DEFECT CODE REPAIRThe Contractor shall remediate code according to its Defect Management Plan. Coding activities to remediate defects shall be included in the Monthly Code Plan discussed above in the Defect Management Plan. The Contractor shall perform coding in accordance with the government approved Monthly Code Plan. The code shall be generated in accordance with defect remediation processing requirements. The Contractor shall create/update associated documentation related to code repair.The Contractor shall follow the procedures for Code remediation set forth in HPS VIP Process.TABLE MAINTENANCETable maintenance is defined as periodic or reoccurring activities that include reference table updates and distribution of code set updates necessary for applications to continue operating within established business functionality levels. The Contractor shall obtain, modify, test, and release table maintenance updates in a manner that corresponds with the established interval, availability, and necessary implementation dates (effective dates) for reference tables. The Contractor shall provide code set versions as necessary to perform required table maintenance. The Contractor shall perform all table maintenance that will be requested as part of normal corrective maintenance. The Contractor shall create/update associated documentation related to table maintenance.Additionally, ad hoc table maintenance shall be performed based on ticket requests and to performance objectives established for ticket processing.The Table Maintenance process is similar in all respects to the Code remediation process, except that the patches created are to tables and/or SQL scripts.Note that Tables are referred to as Files in VistA applications.DOCUMENTATION DEFECT REMEDIATIONDeficient documentation constitutes a defect, which is categorized by severity and prioritized as any other defect. The Contractor shall update deficient documents to address the defect, within the performance targets set forth above. All documents remediated are subject to Government approval.The Contractor shall follow the procedures set forth in the HPS VIP Process to remediate, gain approval for, and stage for release any remediated documents.SUSTAINMENT TESTING AND VALIDATIONThe Contractor shall implement new VIX Service development and test environments utilizing the VA Enterprise Cloud (VAEC) development environment. The test environment, at a minimum, shall:One clustered Central VIX implementation with database clusteringOne standalone VistA site with a VistA Imaging implementation and a General Electric Medical Systems MUSE-CV server instanceOne (1) integrated VistA site with two (2) divisions where each division has a dedicated VistA Imaging system. One of the divisions shall also have a MUSE-CV server instanceNote: The VAEC for testing may need to be expanded based upon awarded enhancement activitiesThe Contractor shall follow Agile best practices while testing modifications to ensure released changes correct the defects they are intended to correct, without creating additional defects (including compliancy defects). The Contractor shall develop a Master Sustainment Test Plan, which shall provide an overview of the defect remediation testing to be performed that results in an assessment of the extent to which the code:1.Can be verified to meet the requirements that guided its design and development2.Responds correctly to required inputs3.Performs its functions as outlined in the requirements for each deliverable4.Demonstrates integration with both the DAS and DoD systems or VA consuming applications when applicable5.Demonstrates ability to be installed and run in its intended environmentsThe Master Sustainment Test Plan shall describe the test types, approaches, tools/techniques, pass/fail criteria, deliverables, test data strategy and schedule. The Contractor shall maintain and update the Master Sustainment Test Plan throughout the base and option periods, incorporating updates with each code Configuration Item (CI) to be tested. The Contractor shall conduct Unit Testing, Component Integration and System Testing (CI/ST), Functional Testing, and Regression Testing. The Contractor shall develop, enhance, and maintain the necessary testing artifacts, including test cases, test scripts, and test data, and provide test case traceability to the VIX Service and the Enhanced Image Viewer and associated Software Design Documents (SDDs). The Master Sustainment Test Plan shall include how the VA Enterprise Cloud Development Environment and VA DAS’s Silver and Gold test environments shall be used to ensure testing integration with DAS, DoD and consuming applications. The Contractor shall schedule work in test environments and request the appropriate access to these environments. If environments are not fully configured and inclusive of required software versions and test data, then the responsibility for creating this environment is entirely the Contractor’s. Historically environments need only be configured during platform update and at time of transition for sustainment purposes. The Contractor shall not use VA production data for any purpose during defect remediation, table maintenance development, or SQA. Data maintained by the Contractor in software development and test environments shall not be based on real VA production data. The Master Sustainment Test Plan shall also include a schedule that identifies how the testing for the VIX Service and the Enhanced Image Viewer aligns with the DAS and consuming application(s) testing. The Master Sustainment Test Plan shall include test cases and scripts for Unit Testing, Component Integration and Systems Testing, Functional Testing and automated Regression Testing. The Contractor shall maintain and perform automated Regression Testing utilizing IBM Rational Function Tester and shall provide updated Rational Functional Tester Regression Scripts as required. VA will review and provide comments to the Contractor. The Contractor shall address any Government comments.The Contractor shall support the security, accessibility, performance, technical standards, audits, and reviews. All compliancy testing shall be conducted by the Contractor in accordance with the policies processes, guidance, and procedures mandated by the respective compliancy offices.The Contractor shall deliver code with zero Severity Level One and zero Severity Level Two vulnerabilities identified by Fortify scans. The Contractor shall provide risk assessment reports and a business case for all vulnerabilities as part of the Software Vulnerability Report. This applies to all newly developed code only. The Contractor shall produce a Software Vulnerability Report with each software release. The Software Vulnerability Report shall include vulnerabilities, risks, and mitigation strategies.The Contractor shall utilize and complete the VistA Software Quality Assurance (SQA) Review Checklist, and upon completion of testing; document and deliver the Test Evaluation Summary, which shall also include Test Results, a Test Defect Log and the Test Execution Log. Deliverables shall be updated as defect remediation functionality is delivered for deployment of each maintenance software release deliverable, i.e. VIX Service (VIX/CVIX) and Enhanced Image Viewer applications.As part of its Product Sustainment Report discussed above, the Contractor shall provide a Testing Progress Report containing the status of all items planned for testing, in testing, or which have in the prior two weeks completed testing.Once testing is complete and any modifications are made, the Contractor shall update source code, table maintenance patches, and/or SQL scripts. When applicable (i.e. for VistA applications), at the end of testing, the Contractor shall create or update the VistA Software Quality Assurance Checklist.Deliverables:Master Sustainment Test PlanRational Function Tester Regression ScriptsSoftware Vulnerability ReportVistA Software Quality Assurance ChecklistDefect Item(s) Test Evaluation SummaryVIX WEB SERVICE PERFORMANCE TESTINGThe Contractor shall implement a VIX Web Service Performance Test Program within the VAEC VIX Service test environment for testing the web servers and the existing VIX web services with the currently interfaces VA and 3rd party web sites. The VIX Web Service Performance Test Program shall implement web service performance, load, stress and capacity testing utilities simulating current usage traffic to test the current VIX services, based upon the current server infrastructure for performance, reliability and scalability. The VIX Web Service Performance Test Program shall permit users to record and replay realistic application usage scenarios in order to create load tests without writing scripts.The VIX Web Service Performance Test Program shall permit users the ability to define and change conditional logic controls. These features provide efficiencies for testing without requiring users to write script for the tests they need to execute.Load testing utilities shall provide for automated creation of load tests by recording actions a user performs over web pages and simulating the actions with virtual users working simultaneously. Each virtual user shall simulate a recorded scenario, and the entire load test shall simulate a real-life load on the applicable server(s).Load testing of VIX Services shall involve testing the performance and scalability of the VIX services including the current VIX web server infrastructure with varying user load, based upon simulated current real-life and realistic projected production transactions.The simulated usage traffic shall also be able to determine how the VIX services and VIX web server infrastructure behaves when multiple users hits it simultaneously.The VIX Web Service Performance Test Program shall support the exporting of testing result data to multiple databases and browsers, as well as exporting data to a variety of industry-wide formats and standards.The VIX Web Service Performance Test Program shall be automated, wherever feasible.The Contractor shall utilize TRM approved web service load and performance analysis tools, i.e., Apache JMeter, SoapUI, IBM Rational Performance Tester, etc., with an emphasis on open source or tools available under existing VA license agreements to exercise the VIX web service performance testing. VA approval will be required for any web service testing tools requiring the acquisition of an additional license or submittal to the VA TRM, prior to use.The VIX Web Service Performance Test Program implementation shall be extensible to support the testing of future VIX Service enhancements.The Contractor shall document the installation and configuration of the VIX Web Service Performance Test Program in a VIX Web Service Performance Test Program Configuration Management Plan.The Contractor shall provide a User Guide for the VIX Web Service Performance Test Program.The Contractor shall update the baseline for VIX web service performance and resourcing, based upon the results of each VIX web service performance test or to receive and review the VIX web service performance test results of a VIX Service enhancement.Deliverables:VIX Web Service Performance Test Program Configuration Management Plan VIX Web Service Performance Test Program User GuideDEFECT RELEASE MANAGEMENT AND SUPPORTThe Contractor shall release fully tested Source Code, Table Maintenance Patches and /or SQL Scripts, Informational Patches, and any Release Documentation per the processes given the HPS VIP Process and the VIP Release Process. The Contractor shall coordinate with assigned Government personnel to assure all release materials are reviewed and approved, and requirements for release are met. The Contractor shall further coordinate with assigned government personnel to assure that Initial Operating Capability (IOC) testing is performed, either via the standard process or fast tracked. The Contractor shall produce and/or update documents and artifacts as specified in aforementioned guidance documents.The POLARIS calendaring process and tool will be used to track software installations, hardware replacements, system upgrades, patch release and implementation, special works in progress, and other deployment events in the VA production environment. The Contractor shall be responsible for populating and updating the POLARIS calendaring process for each release and deployment.The Contractor shall update the existing VIX Service Production Operations Manual (POM) for each existing Software Application when there is an update to the VIX Service or Enhanced Image Viewer Applications. The POM defines the specific technical and operational processes that must be carried out on a daily, weekly, monthly, and sometimes yearly basis for the specific Software Applications. The POM is an application-specific document containing detailed topology, dependencies, support structure, monitoring specifics, maintenance windows, and so forth. Additionally, it contains the system’s scheduled events (regular production jobs, performance reporting, or maintenance windows, etc.). The POM is intended to provide Field Operations staff the necessary instructions to operate and support production computer systems. The Contractor shall provide a VistA Imaging Patch Description document to include Installation, Rollback, Back-out Guides for each existing Software Application when there is update to the Software Applications. The Installation, Rollback, and Back-out Guide defines the ordered, technical steps required to deploy, install the product, and if necessary, to roll back or back out the installation to the previously installed version of the product.The Contractor shall submit a Freedom of Information Act (FOIA) Delivery Package (for each software release) consisting of required software code, system builds, and artifacts as described in the Open Source Submission Checklist.The Contractor shall provide FORUM Patch Release Notifications in accordance with VA OI&T policy and requirements.The Contractor shall maintain the User Manuals for each Software Application with respect to defect remediation. The User Manual addresses procedural information for the business users on daily operational use of the software.The Contractor shall provide all required documentation and receive approval for an ATO update when applicable as specified in EPMO Website.Deliverables:Approved VIP Release Readiness ReportUpdated VIX Service Production Operations Manual (POM)National Release VistA Imaging Patch Description (Identification of Corrected Defects, Installation, Rollback and Back-out Plan Guide)FOIA Delivery PackageFORUM National Patch Announcements with Release NotesQUALITY ASSURANCE OF ASSETS AND POST RELEASE SUPPORTIn accordance with the VIP Guide, support of code assets released and deployed begins upon successful completion of production deployment for the first release.Defects may be identified by the business users and referred to the COR/Government PM and his or her designees, to include Tier 2 Team Managers, Release Agents, and Tier 2 Support staff and Release Coordinators. For each defect identified, the Contractor shall triage the defect in accordance with the severity levels set forth in HPS VIP Process, and performance standards set forth in Section 5.3.4.1, assess and remediate the defect in accordance with its Defect Management Plan, and following the processes and procedures referred to and providing all services and deliverables in Sections 5.2 through 5.7 and the HPS VIP Process.Changes to application code shall not result in new defects or adverse impacts to the application being modified or to other applications that interact with that application, nor shall it cause the application to become non-compliant with any applicable policy or standard, e.g. Section 508, VA Security Standards. The Contractor shall take all appropriate actions as described in Sections 5.2 through 5.7 and follow the processes mandated therein to ensure that compliancy with policy and standards is maintained orappropriate certification of compliancy (e.g. Section 508 Conformance Validation Statement, Security ATO) is obtained in the case that the defect being remediated caused the application to become noncompliant with one or more standards.CVIX SERVICE ADMINISTRATIONThe Contractor shall be responsible for administrating for the enterprise CVIX Service infrastructure located at the VA’s Austin Information and Technology Center (AITC) and the active CVIX Service Continuity of Operations (COOP) infrastructure located at the Philadelphia Information and Technology Center (PITC) in accordance with the AITC Enterprise Operations Policies and Procedures. Activities include administrating and representing the CVIX Service in accordance with the AITC Enterprise Operations Policy and Procedures, responding to AITC Enterprise Operations Policies and Procedure Updates, network configuration recommendations, remediating VA identified security deficiencies, and interoperability validation and troubleshooting with consumers of the CVIX Services within the VA and between the DoD applications that utilize the CVIX.The Contractor shall perform daily monitoring of the CVIX transactions and remediation of CVIX hosted application and service errors, ongoing application maintenance such as certificate replacements, and configuration changes as required for continuing communication with partner applications. The Contractor shall troubleshoot performance degradations when they occur. Deliverables:Monthly VA-VA Image/Imaging Metadata Sharing ReportMonthly VA-DoD Image/Imaging Metadata Sharing ReportMonthly VIX/CVIX Error Analysis and Remediation ReportVIX SERVICE SYSTEM PERFORMANCE BASELINEThe Contractor shall monitor the current VIX Service server infrastructure and services and provide a VIX Service Baseline Report within 120 days of the award of the base task award.The Contractor shall update and validate the VIX Service Baseline Report, properly adjusted to account for all maintenance and enhancement releases during the task award period. Deliverables:VIX Service Baseline ReportEXTERNAL SUSTAINMENT COORDINATIONApplications may have dependencies or down-stream impacts beyond VA or may require coordination among various VA organizations.EMBEDDED COMMERCIAL OF THE SHELF (COTS) SUSTAINMENTThe Contractor shall provide Tier 3 support services for applicable COTS products (individual seat or enterprise, perpetual, or renewable). The Contractor shall ensure that embedded COTS remain compliant with all requirements of the product baseline.VA considers open source software a “commercial off-the-shelf” (COTS) product as defined by Title 41 – Public Contracts, Chapter 7 – Office of Federal Procurement Policy, Section 403 Definitions, Item (12); and Section 431: (c) “Commercially available off-the-shelf item.”The Contractor shall integrate all embedded COTS specific activities and deliverables into any standalone deliverables of the product. For example, maintenance releases for the embedded COTS product shall be integrated with customer-facing defect releases and included in the overall defect management and application maintenance plans, schedules, risk logs and reports. The CMP for the embedded COTS product shall be integrated with the overall defect management plan. The Contractor shall integratedocumentation of embedded COTS related code and table updates with overall code and table update documentation.The Contractor shall establish and/or maintain discrete software code configuration items comprising the embedded COTS product components and the VA-owned software code assets which altogether comprise the indicated software products. The Contractor shall include in every second Product Sustainment Report an Embedded COTS Sustainment Report section reporting on all embedded COTS products indicating the application in which it is embedded, COTS production version and release level, date of installation/integration, plan for maintenance upgrades, known issues/defects and remediation plan.The Contractor shall bear all costs and responsibilities for embedded COTS management associated with meeting VA requirements for integrated sustainment. The Contractor shall proactively monitor, address, plan for, and propose solution for embedded COTS or any of the related components approaching end of life to ensure continuity of VA business operation.INTER-AGENCY SUSTAINMENT COORDINATIONThe Contractor shall provide the necessary coordination with external commercial entities or government agencies (hereinafter collectively “External Entities”) to assure that the VA software application baselines or external systems are synchronized with VA system interfaces.The Contractor shall provide coordination to include participation in joint meetings with external entities and enrollment with specification change update notification bulletins (if available). The Contractor shall assist in developing any external Memoranda of Understanding (MOUs) as necessary to maintain consistency (e.g. specifications, interface control documents, schedules, governance, etc.) across the interface(s). The Contractor shall maintain interface documentation and develop Integrated Schedulesshowing relationships and interdependencies with the activities of the external entities and how any associated changes are mapped to the Quarterly Release Plan section of the Monthly Code Plan (see Sections 5.7 and 5.3.1). The Contractor shall ensure a test environment is available to modify and test updates/changes to the interfaces driven by specification changes with interfaced systems. The Contractor shall integrate all inter-agency coordination specific activities and deliverables with the overall deliverables for the indicated products. For example, maintenance releases for products with externaldependencies shall be included in the overall defect management and application maintenance plans, release plans, schedules, risk logs and reports for the indicated products. The Contractor shall create or update any Other Documentation per MOU (i.e. agreed in the MOU to be provided).The Contractor shall update and maintain the CMP specific to each of the indicated products. The Contractor shall coordinate with the Integrated Product Teams (IPTs), Change Control Boards (CCBs), and external entity stakeholders as required to evaluate configuration needs and assess system requirements. The Contractor shall establish and implement a configuration management process in accordance with the CMP, and coordinate meetings with external entities as required. The Contractorshall denote in the CMP the process and resources with whom builds, and releases shall be created, tested, deployed and managed through change control and captured in a change log.The Contractor shall certify, monitor, and assume responsibility to assure compliance with all requirements, policies and applicable laws and modifications to VA products with related external entities requirements. The Contractor shall provide the necessary coordination to define, approve, and communicate data standards, procedures, and metrics. The Contractor shall research and produce documentation of established data standards, as well as any on-going changes. The Contractor shall track and enforce conformance to data standards as necessary and manage and resolve related issues if they arise.In the event of changes to the VA software application baseline, the Contractor shall provide the necessary coordination to assure that changes are compliant with any Federal regulatory, statutory or policy requirements (such as FDA) and obtain the requisite approvals prior to release. The Contractor shall participate in joint meetings with the external entities, as required, to assure adequate understanding of the requirements and approval process. The Contractor shall obtain any required externalapproval/acceptance prior to releasing any change to the VA software application baseline, and create and disseminate progress reports. The Contractor shall create and disseminate Ad-Hoc Progress Reports and document process improvement recommendations throughout the course of the contract at the direction of the Government, historically on a quarterly basis. The Contractor shall conduct a root cause analysis of any defect that is identified after the change has gone into production. At the conclusion, the Contractor shall provide Process Improvement and Best Practices Documentation and Technical Guides for Inter-AgencyCoordination to both internal and external entities.Deliverables:External MOU(s)Other Documentation per MOUIntegrated SchedulesAd-Hoc Progress ReportsProcess Improvement and Best Practice Documentation and Technical Guides for Inter-Agency CoordinationINTRA-AGENCY COORDINATIONThe Contractor shall provide the necessary coordination with VA Organizations external to HPS (hereinafter collectively “VA Entities”) to assure that the VA software application baselines or external systems are synchronized with VA system interfaces.The Contractor shall provide coordination to include participation in joint meetings with VA entities and enrollment with specification change update notification bulletins (if available). The Contractor shall deliver Meeting Minutes after each meeting. The Contractor shall maintain interface documentation and develop integrated schedules showing relationships and interdependencies with the activities of the VA entities and how any associated changes are mapped to the Quarterly Release Plan section of the Monthly Code Plan (see Sections 5.7 and 5.3.1). The Contractor shall ensure a test environment is available to modify and test updates/changes to the interfaces driven by specification changes with interfaced systems. The Contractor shall integrate all intra-agency coordination specific activities and deliverables with the overall deliverables for the indicated products. For example, maintenance releases for products with external dependencies shall be included in the overall defect management and application maintenance plans, release plans, schedules, risk logs and reports for the indicated products. The Contractor shall update and maintain the CMP specific to each of the indicated products. The Contractor shall coordinate with the IPTs, CCBs, and VA entity stakeholders as required to evaluate configuration needs and assess system requirements. The Contractor shall establish and implement a configuration management process in accordance with the CMP, and coordinate meetings with VAentities as required delivering Meeting Minutes after the meetings. The Contractor shall denote in the CMP the process and resources with whom builds, and releases shall be created, tested, deployed and managed through change control and captured in a change log.The Contractor shall provide the necessary coordination to define, approve, and communicate data standards, procedures, and metrics. The Contractor shall research and produce documentation of established data standards, as well as any on-going changes. The Contractor shall track and enforce conformance to data standards as necessary and manage and resolve related issues if they arise. The Contractor shall document process improvement recommendations throughout the course of the task order at the direction of the Government, historically on a quarterly basis. The Contractor shall conduct a root cause analysis of any defect that is identified after a change has gone into production. At the conclusion, the Contractor shall provide Process Improvement and Best Practices Documentation and Technical Guides for Intra Agency Coordination to VA entities.Deliverables:Meeting MinutesProcess Improvement and Best Practice Documentation and Technical Guides for Intra-Agency CoordinationADDITIONAL IMAGE VIEWER CONSUMMERSThe Contractor shall plan to provide consulting and assistance as necessary to the Computerized Patient Record System (CPRS) team to utilize the new VIX Service Image Viewer as a CPRS release. VIX SOFTWARE Enhancements (OPTIONAL TASKS ONE THROUGH Eight)The Contractor shall provide an additional scrum team, one for Optional Task ONE, one for Optional Task TWO, etc., to support all the services and deliverables. Backlogs are expected to evolve over time to reflect changing program priorities. It is anticipated that the level of effort and mix of resources (i.e., scrum teams) for each Optional Task necessary to complete each release will remain consistent through the base and option period releases. The Government anticipates the scrum team to be comprised of approximately six full time equivalents but shall at a minimum be comprised of a team of at minimum five full time equivalents. The individuals should consist of the appropriate technical skill sets, as well as additional development management resources to support each release cycle, to include defect management support following the release of all software into production. The Contractor shall provide software development services for each of the optional tasks under this effort using the agile process as outlined below.VIX SERVICE AND ENHANCED IMAGE VIEWER REQUIREMENTS MANAGEMENT The Contractor shall coordinate requirements management with VA stakeholders to include requirement assessment, design, development, and testing. This effort is for the VIX Service and the Enhanced Image Viewer enhancements only. The Contractor shall complete an initial backlog grooming session with the VA team to properly understand and elaborate business Agile requirements. The outcome of this session shall be a complete review of, and agreement to, the initial user stories, including user stories added due to backlog grooming by decomposing epics into stakeholder needs, business requirements, business rules, requirements visualizations and user story elaborations. The Contractor shall: Ensure all epics, including all VA Standard Compliance Epics are included and executed as appropriate within the overall agile backlog grooming effort. Populate the backlog during an initial planning session identifying all features the team considers relevant to building the product. The backlog serves as the primary source for all program requirements and user stories, and the team shall prioritize the contents.Establish initial Unit of measurement (e.g. Story Points) as the estimated relative complexity of user stories. Facilitate any stakeholder briefings, meetings and/or elicitation sessions.Execute requirements reviews with stakeholders and record results of reviews using Rational DOORS Next Generation, updating requirements data because of the reviews.Identify the development and test environment access that is needed 30 days prior to development start. Update and maintain the VIX Service and Enhanced Image Viewer Requirement Data in Rational to include all Epics, stakeholder needs, visualizations, user stories, and other sources of requirements information for functional and non-functional requirements. All Requirements Data is under change control and is fully linked to work items that show traceability to design changes, configurable items, test cases and test results. Deliverable:VIX Service and Enhanced Image Viewer Requirement DataBUILD AND DEVELOPMENTThe Contractor shall provide build and development services to include, Application and Platform Architecture/Design, User Centered Design, Software Development, System Engineering, Software Quality Assurance, Configuration Management, Testing (Unit, Functional, System, Cybersecurity, Performance, and Acceptance), 508 compliance Support, System and Software Documentation, Defect Management, System and Performance Metrics Capture, and ATO support. The Contractor shall provide System Administration support IAW the CVIX Service Administration section for the CVIX development and enhancement software build(s).SOFTWARE DESIGNThe Contractor shall analyze, document, and manage the architecture for the entire project and present a methodology for knowledge dissemination throughout each Scrum team to achieve project level execution adherence to the architecture. The Contractor shall examine the functionality, purpose, and integration of existing and planned architecture to determine and document the business, data, application and technology principles that will drive the system architecture and design. The Contractor shall develop application and platform architecture that is consistent with the architectural framework and methodologies established by the VA Enterprise Design Patterns. The Contractor shall design interfaces between platforms, systems, services and the databases the system will access, and identify needed processes and structures to ensure proper system performance.The high-level technical approach shall be approved by VA OIT prior to the deployment of the build. Any changes determined necessary during Build Planning shall be approved by VA OIT at the end of the Build Planning event prior to any actual development work commencing. The Contractor shall develop and update a Technical Roadmap in Rational of upcoming architecture features needed to ensure a cohesive, integrated, reusable, stable, scalable, performant, secured product architecture.The Contractor shall ensure that the detailed design includes the development of detailed data and process models, screen and report designs, interface specifications and control specifications. The detailed design shall be documented in Rational as follows:Develop and/or update detailed Software Design Documentation that specifies the design of new systems including Custom Development, Software as a Service, Hosted Services; modifications or updates to an existing system.Develop and/or update Interface Design and Control Documentation that describes the interfaces to a system or subsystem.Develop and/or update Database Modeling and Mapping Spreadsheets that detail the mapping between the logical data model and the database schema representations.Support Software Quality Assurance (SQA) and test engineers in arriving at appropriate tests for each of the identified requirements.Provide updates to the Requirements Traceability Matrix (RTM) that traces the requirements throughout the software development lifecycle.Document risks in Rational Risk Management tool.Provide analysis of the legacy VistA system design and workflows to ensure all interface dependencies are fully realized.Deliverables:Technical RoadmapInterface Design and Control DocumentationDatabase Modeling and Mapping SpreadsheetsUpdated Requirements Traceability Matrix (RTM)DEVELOPMENT BUILD PLANNINGThe Contractor shall develop and deliver a Development Build Plan in collaboration with the project team in Rational prior to beginning the build. The Development Build Plan shall address the scope of work which will be completed in the agreed upon build timeframe. Each build shall be three months in duration and shall be made up of two to four-week sprints. The Contractor shall work with the VA PM and the VA Business Owner to review and determine the Epics and user stories to be included in a build. Each build shall end with a new release candidate or push to production. The Contractor shall perform Backlog grooming and prioritization and maintain the project Backlog for the VA business owner within Rational Team Concert, continuously, for each build, in every release, and throughout the PoP. All activity scheduled in each build and the Backlogs shall be captured and have status showing all work items, changes, impediments, and retrospectives. All data and artifacts in Rational Team Concert shall be fully linked to requirements data and test data.The Contractor’s development Build planning activities shall consist of the following: Conduct additional requirements elaboration to the extent necessary to breakdown the Epics into user stories or tasks to develop Development Build Plans and maintain the Backlog. The Contractor shall collaborate with VA Project Teams to review, elaborate, prioritize and update the Backlog. This Backlog grooming shall occur continuously throughout the build.The Contractor shall facilitate Backlog grooming and Development Build Planning sessions to outline the intent of the build, that are not a formal commitment. The Contractor shall update the resulting Build Plan within Rational Team Concert.Identification of the Epics and user stories to be completed within the build, and agreement of acceptance criteria for each user story and task in the build. Joint determination of the Definition of Done for the features within the build.Identification of field sites (if needed), acceptance criteria, and ATO requirements (if needed).Coordinate and validate Memorandum of Understandings (MOUs) and Service Level Agreements (SLAs) for partner dependencies that specifically highlight the commitment of partners to associated release. The coordination of these agreements will be for VA approval and execution. The Development Build Plan shall include:High-level Epic(s)Feature Breakout Relationship TraceabilityKey Performance Indicators Success Criteria Identified Dependencies (internal and external)Approved Wireframes (if needed)Functional DesignTechnical ApproachDefinition of DoneThe Contractor shall develop software agreed to in the Development Build Plan. Should the Acceptance Criteria, Feature Specifications, or the Definition of Done require updating during the Sprint cycles, all changes shall be managed under a fully documented Change Control Process provided by VA Project Team and the Contractor shall update the Development Build Plan.The Contractor shall identify Build and Development risks that might impact the success of the project, document these risks in the VA approved Risk Management Tool, and implement mitigation of identified risks utilizing appropriate strategies. The Contractor shall perform all Build and Development support using an Agile methodology and approach, in accordance with any frameworks or architectures required by the VA.Deliverables:Developmental Build PlanUpdated BacklogSPRINT PLANNINGA build shall consist of a series of sprints (typically two-four weeks duration). Leveraging the accepted build plan, the Contractor shall perform Sprint Planning for the sprint(s) within the build. The Contractor shall provide a Development Sprint Plan prior to the beginning of each Sprint which defines the work to be completed during the Sprint. Once the Sprint Plan is approved by the Government, the Government will establish when the sprint is complete. All activity planned in each sprint shall be captured and have status showing all work items, changes, and impediments. All data and artifacts in Rational Team Concert shall be fully linked to requirements data and test data.The Contractor shall:Initiate and participate in a Sprint Planning Meeting, at the beginning of each sprint. The Contractor shall update the Sprint Plan in Rational Team Concert at the conclusion of the Sprint Planning.Support, coordinate and provide input for the Sprint Acceptance Criteria in Rational Team Concert. The Sprint Acceptance Criteria shall be coordinated and approved for every sprint.Deliverable:Developmental Sprint PlanSPRINT EXECUTIONThe Contractor shall document all activity executed in each sprint and updates to the Backlog in Rational including all project artifacts such as work items, changes, risks, issues, impediments, and retrospectives. All data and artifacts in Rational Team Concert shall be fully linked to requirements data and test data. All project artifacts and source code will be under change and configuration management as specified by the COR using Rational. The Contractor shall:Provide a certified Scrum Master per sprint team to provide the following functions including: facilitate all ceremonies, ensure Rational is updated daily, enforce scrum framework, track and assist with removing impediments, and facilitate integration across sprint teams.Develop the features and capabilities as work items in Rational Team Concert that were established in the Sprint Plan.Conduct sprint development including disciplined testing (unit, functional, integration, regression) and reviews as a continuous process, to avoid finding issues at the end of sprint development.Initiate and conduct daily scrums (typically 15 minutes) to show the team progress, impediments and daily plans.Update Rational daily, to include progress on tasks during sprints, blockers and dependencies.Coordinate and support demonstration of the sprint activities with the project team and Users at the end of each sprint. This is termed a Sprint Review and will result in Customer Acceptance of the Sprint.Develop and deliver automated build and automated publishing capabilities to schedule jobs and support continuous integration for every sprint. Automated build tools shall be in compliance with the approved list from the One-VA TRM and code shall be demonstrable and stable enough to be promoted to another environment without issue by evidence of the status of tests and results in the Rational Tools.Deliver developed Source Code in Rational for every sprint.Initiate and facilitate a Sprint Retrospective at the end of the Sprint to capture team performance lessons learned. Identify any planned sprint items not completed during the sprint, issues encountered and plans for resolution. The Contractor shall deliver, the following Agile reports to show progress of development:1.Sprint Burn Down Chart for each project/product being modified at the conclusion of each Sprint that illustrates the cumulative planned estimated metrics versus the cumulative actual completed metrics. 2.The Velocity Chart showing the amount of value delivered in each sprint. Deliverables: Developmental Source CodeSprint Burn Down ChartVelocity ChartDEVELOPMENT TESTINGThe Contractor shall perform testing throughout development and shall support Government acceptance testing.The Contractor shall adopt Agile best practices for development testing into each Agile development Sprint and Build. The Contractor shall populate their Test Strategy section of the Development Test Plan in VA’s implementation of Rational Quality Manager tool. The Contractor shall perform the following Development Testing:Unit TestingFunctional Testing508 Compliance TestingFull Integrated System Performance TestingRegression TestingPerformance TestingCybersecurity vulnerability scans and remediationInteroperability TestingThe Contractor shall conduct Development Tests throughout the development lifecycle (e.g., user story, sprint, build, release). The Contractor shall utilize industry best practices of continuous integration methods using One-VA Technical Reference Model (TRM) approved tools. Automated regression testing will utilize the IBM Rational Function Tester and will be baselined upon previously developed regression tests scripts located in Rational. The Contractor shall conduct testing related to non-functional requirements (e.g. load, performance, installation, back-out, and rollback). Performance testing shall be accomplished through load testing and technical analysis of capacity planning data obtained by the project team utilizing the VIX web service performance testing utilities listed in the VIX Web Service Performance Testing section above against the current VIX Service System Performance Baseline described in the VIX Service System Performance Baseline section.For each enhancement, the Contractor shall simulate realistic production transactions and load for the purposes of ensuring or confirming the enhanced VIX service can accommodate the new service requests projected. The Contractor shall implement web service performance, load, stress and capacity testing simulating realistic production and usage traffic to test each VIX Service enhancement design, based upon the current server infrastructure for performance, reliability and scalability. Load testing of VIX Services shall involve testing the performance and scalability of the VIX server infrastructure and services with varying user load. Web services load testing shall include simulating real-life user load for the VIX Services and realistic enhancement based additional traffic. The simulated usage traffic shall also be able to determine how the VIX Service behaves when multiple users hits it simultaneously.If the Contractor needs to enhance the VIX web service performance test program in order to accommodate and properly exercise an awarded VIX web service enhancement, the Contractor shall utilize TRM approved web service load and performance analysis tools, i.e., Apache JMeter, SoapUI, IBM Rational Performance Tester, etc., with an emphasis on open source or tools available under existing VA license agreements to exercise the VIX web service performance testing. VA approval will be required for any web service testing tools requiring the acquisition of an additional license or submittal to the VA TRM, prior to use.If the current VIX Service System Performance Baseline is determined to be inadequate to support the new enhancement, the Contractor shall identify the deficiencies to the VA using and annotating the VIX Service System Performance Baseline with justifications and estimated costs.The Contractor shall deliver a VIX Web Service Performance Test Report to include the test assumptions, test configuration, results and recommendations for each awarded enhancement.Architectural compliance assessments shall be completed through submission of design materials to confirm compliance with allowed Enterprise Design Patterns. The Contractor shall perform Security scanning is by multiple methods and multiple times throughout the course of a project with methods such as web application penetration testing, code analysis tools (Fortify), etc.The Contractor shall provide Development Test Cases/Scripts and Developmental Test Execution Data in the Rational Quality Manager following the templates and data requirements appropriate for each test purpose appropriate to each phase of development. The Contractor shall include all tests, test results, and status of all testing and relevant metrics. The Contractor shall ensure that all compliance review planning, execution details and their testing and compliance results are entered and maintained in Rational Quality Manager. Test management data and artifacts include such items as test cases, scripts, configurations, utilities, tools, plans and results shall be entered into Rational. OTHER TESTING SUPPORTThe Contractor shall deploy the software to the User Acceptance Test (UAT) environment and support the maintenance of that environment for the duration of the tests. The Contractor shall work with the VA Business to assist in User Acceptance Testing and incorporate the results into Rational. The Contractor shall support the following Government testing:User Acceptance Testing (UAT)Human Factors Engineering TestingIndependent Verification and Validation (IV&V) testingJoint testing between External Partners and VAAssessment and Authorization (A&A) TestingThe Contractor shall support the operation level security, accessibility, performance, technical standards, architectural compliance, user acceptance and IOC tests, audits, and reviews. Accessibility reviews are performed through a variety of tool based and manual reviews, able to scan web applications and other technologies used for user interfaces. Any COR/PM-directed VistA cybersecurity vulnerability scans, remediation, and reports shall be completed prior to the conduct of the PM/COR acceptance testing.The Contractor shall provide all Development Test Results in the Rational Quality Manager, which is the final piece of data that completes the Requirements Traceability Matrix (RTM). The Contractor shall ensure that results of all assessments of the project performed by the Contractor or by VA offices are consolidated into Rational for planning and status reporting and are under version control in Rational Team Concert. COR/VA PM acceptance will occur through the Rational Quality Manager approval process.The Contractor shall manage, track and remediate findings and defects from all associated tests. When a defect is identified during testing, the Contractor shall log it in the Defect Log, selecting the appropriate severity level. The Contractor shall support the Project Manager in prioritizing the defect in the sprint backlog by participating in the Defect Management Board. Based on a prioritization, the defect could be added to the current Sprint or entered into the Backlog.The Contractor shall ensure Rational data is up-to-date on a daily basis so that VA stakeholders can access accurate and timely status.Deliverables:Developmental Test PlanDevelopmental Test Cases/ScriptsDevelopmental Regression Test Scripts for Rational Functional Tester Developmental Test Execution DataDevelopmental Test ResultsDevelopmental Defect LogASSESSMENT AND AUTHORIZATION (A&A) SUPPORTThe Contractor shall provide support, applicable documentation, and coordination with Information Security Officer (ISOs) to ensure consistency with VA ATO requirements for certification to ensure that the software enhancements meet VA information security policies and standards.The Contractor shall:Support Field Security Services (FSS) ISOs and Office of Cyber Security (OCS) Security Control Assessment (SCA) team for assessment requirements as detailed in VA Directive and Handbook 6500 Information Security Program, VA Handbook 6500.3 Certification and Accreditation of VA Information Systems (which is included in the T4NG Basic PWS).If implemented in MUMPS/Delphi code:Conduct cybersecurity software code quality testing and validation of all software code and provide certified scan reports validating the required code quality.Conduct and participate in vulnerability scans and tests or best practice quality checks or reviews as detailed in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Rev 3 Recommended Security Controls for Federal Information Systems and Organizations (which is included in the T4NG Basic PWS), if/when requested by the COR. Security scanning shall be performed by multiple methods and is done multiple times throughout the course of a project with methods such as web application penetration testing, code analysis tools (Fortify), etc.Remediate critical and high vulnerabilities identified in government scans or quality checks or reviews.Provide Vulnerability Scanning Reports and Assessments as detailed in NIST SP 800-30 Rev 1 Guide for Conducting Risk Assessments.Provide support by identifying, documenting, reviewing, and maintaining the A&A Artifacts as needed to support an ATO request in accordance with VA policy and Federal Law and guidelines, as detailed in NIST SP 800-37 Rev 1 Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach (which is included in the T4NG Basic PWS). Additionally, the Contractor shall update A&A Artifacts (e.g., documentation, code, etc.) of the development based on comments from the A&A review process conducted. A&A Artifacts shall include the following:Privacy Impact Assessment (PIA) (coordinate with Office of Privacy)Risk Assessment (RA) (coordinate with Office of Risk Management and Incident Reporting)Security Configuration Checklist (SCC)System Interconnection Agreements (MOU and Interconnection)Interconnection Security Agreement (ISA) as necessaryDeliverables:Vulnerability Scanning Reports and AssessmentsA&A ArtifactsRELEASE SUPPORTThe VIP Release Process is conducted during the build and development cycle by one or more assigned Release Agents, who perform frequent, regular reviews of required and appropriately linked product data in the mandated repositories. The Release Agents also provide timely feedback to the product team concerning the status of the product data and the status of the team’s compliance with the VIP Release Process. The Contractor shall support OI&T’s single VIP Release process.The POLARIS calendaring process and tool will be used to track software installations, hardware replacements, system upgrades, patch release and implementation, special works in progress, and other deployment events in the VA production environment. The Contractor shall provide data for populating and updating the POLARIS Calendar process for each release and deployment.The Contractor shall develop VistA Imaging Developmental POMs for each new development and enhancement of Software Applications. The POM shall include regular maintenance and operations information, Responsibility, Accountability, Consulted, and Informed (RACI) information, process flowcharts, dataflow diagrams, key monitoring indicators, and troubleshooting information as described in section 5.2.2.3.The Contractor shall develop VistA Imaging Patch Descriptions including Developmental Deployment, Installation, Back-out, Rollback Plans for each new development and enhancement of Software Applications. This document shall detail technical steps to deploy and install the specific Software Applications and to back-out and rollback to previous software version. The Contractor shall develop Developmental User Manual for each new development and enhancement of Software Application. The Developmental User Manual addresses procedural information for the business users on daily operational use of each specific software application. The Contractor shall develop IOC Test Site Feedback Forms for the patch deliverable to include documentation of the site installation, site test personnel, system administrator and/or user test scripts and customer recommendation and acceptance for the deliverable.The Contractor shall provide FORUM Patch Release notifications in accordance with VA OI&T policy and requirements for each new development and enhancement of Software Applications.The Contractor shall hold test site calls with VA staff to include IOC test site staff, Release Coordinators and VIP Release Agents once the product is approved for IOC production testing.The Contractor shall provide all required documentation and receive approval for ATO as specified in EPMO Website.Deliverables:Developmental Production Operations Manuals Developmental User ManualsEND-USER TRAINING MATERIALSThe Contractor shall create and maintain Supplementary Training Materials to assist with the training of end users of the system. The Contractor shall create documents that can supplement existing Training Materials and add to existing knowledge base repositories. The Contractor shall ensure all end-user functionality in the system is accounted for in Training Materials and knowledge base repository.The Contractor shall:Create Supplementary Training Materials for each newly developed functionality that can be used to train end users.Update existing Training Materials for each Epic within the build and/or product to include the changes/enhancements that have been implemented.Deliverables:Supplementary Training Materials Updated Training MaterialsENTERPRISE CLINICAL IMAGE ARCHIVE (ECIA) INTERFACE ENHANCEMENT (OPTIONAL TASK ONE)The Contractor shall perform planning, development, testing, and release for a VIX Service to enhance current VA image sharing capability with DoD to include VIX Service bi-directional connectivity with the DoD ECIA. If any VIX Viewer enhancements are necessary to meet this functionality, they too shall be provided. Market research and technical interface analysis must be carried out to determine the most appropriate industry standard(s) for communication between VA CVIX/VistA Imaging and DoD ECIA/PACS. Interface options will likely be limited to those already supported by the commercial Hyland, formally ACUO Vendor Neutral Archive (VNA) solution utilized by ECIA.The Contractor shall develop the documentation required by VIP and shall be responsible for shepherding the requirements through Critical Decision One (CD1) and (CD2), IOC and FOC review. The contractor shall deliver all required Deployment/Installation/Back out/Rollback documentation prior to CD2 and shall deliver a Version Description document with each release. The Contractor shall deliver iterative software builds at least every two (2) weeks into RTC and provide the final VIX/CVIX Performance Enhancement Software Build and Source Code upon IOC approval for entry.CVIX to ECIA bi-directional interface (On the CVIX):?The CVIX shall bidirectionally interface with the ECIAThe CVIX shall use MVI services to resolve patient?identifiersThe CVIX shall query ECIA Temporal Node for an web service manifestThe CVIX shall receive the web service manifestThe CVIX shall convert the metadata from the manifest to a study graph that is understood by VA image viewing applications and return the study graph to the callerImage related metadata requests from DoDThe CVIX shall respond to incoming manifest requestsThe CVIX shall authenticate incoming requests (internally)The CVIX shall use MPI/MVI services to resolve patient?identifiersThe CVIX shall find where patient was treatedThe CVIX shall use federation to retrieve study graphThe CVIX shall convert study graph to web service manifestThe CVIX shall return the manifest to callerMPI/MVI patient correlation clientThe VIX Service shall perform patient correlation in both directions using enterprise VA and DoD MPI servicesImage TransferThe VIX Service shall facilitate image transfer through federation for VA images to DoDThe VIX Service shall facilitate image transfer through federation for DoD images to VAThe Contractor shall provide or update the following documentation: a)VistA Imaging Technical Manual (existing)b)VistA Imaging System CVIX Administrator's Guide and Product Operations Manual (existing)c)VistA Imaging System VIX Service Installation Guide (existing)d)VIX Administrator's Guide (existing)Deliverables:A.Updated VIX Service SDDB.VIX Web Service Performance Test Report Triad approved VIP Critical Decision 2 for IOC Triad approved VIP Critical Decision 2 for National ReleaseE.VistA Imaging VIX Service ECIA Enhancement Patch DescriptionF.FORUM National Patch Announcement VIX SERVICE FOR COMMERCIAL PACS (OPTIONAL TASK TWO)The Contractor shall extend the local VIX interface for commercial PACS in the VA to support query for images from multiple VA sites (multiple vendors). The interfaces developed for VA CVIX to DoD ECIA can be reused internally for VistA Imaging to provide images to commercial radiology PACS within VA. Additional standards may be required to provide a high level of compatibility across multiple PACS vendors.The Contactor shall:Develop the interface to be Bi-directional interfaceEstablish PACS interface validation services for interoperability Document the commercial PACS interface in an interface Conformance Requirements documentDesign, implement and maintain a validation environment in the VA’s Amazon cloudConduct and manage validation testing with commercial PACS vendors - collect and publish resultsDeliverables:A.Updated VIX Service SDDB.VIX Web Service Performance Test Triad approved VIP Critical Decision 2 for IOC Triad approved VIP Critical Decision 2 for National ReleaseE.VistA Imaging VIX Service Commercial PACS Enhancement Patch DescriptionF.FORUM National Patch AnnouncementENABLE COMMUNITY VIEWER WITH the ENHANCED IMAGE VIEWER (OPTIONAL TASK THREE)The Contractor shall perform planning, development, testing, and release for the VIX Service and the Enhanced Image Viewer enhancements to enable the VA Community Viewer application and users to access image artifacts in VistA Imaging and DAS storage. The Contractor shall:Split deployment of VIX and Viewer Services for the Community Viewer solutionSeparate VIX and Viewer servicesDevelop an installer for split deploymentModify the VIX viewer services to use Transport Layer Security (TLS) v1.2 or the most recent version listed in the VA TRM to the VIX Service Add Certificate Validation Authentication changes in VIX Service to support the security enhancements for the CV implementationModify the VIX and Viewer modifications for additional Query filters to properly support CV usage of the VIX ViewerAdd VIX Service support for clustered services for the CV deploymentEnhance and maintain the VIX Service test environments to support the additional CV application including Dark Launch Initial Operating Capability testing. Deliverables:A.Updated VIX Service SDDB.VIX Web Service Performance Test ReportC.VI Triad approved VIP Critical Decision 2 for IOC Triad approved VIP Critical Decision 2 for National ReleaseD.VistA Imaging VIX Service Community Viewer Enhancement Patch DescriptionF.FORUM National Patch AnnouncementENHANCED IMAGE VIEWER V4.0 (Optional task four)The Contractor shall enhance the VistA Imaging, the VIX Service and the Image Viewer to include the following requirements:Dental Viewing:The enhanced Image Viewer shall hang and display a full mouth series using the DICOM Hanging ProtocolEnable VistA Imaging and the enhanced Image Viewer to utilize the DICOM Dental Hanging protocols for displaying dental imagesVistA Imaging for dental STL files: A computer file format for Stereolithography, or Standard Tessellation Language. It describes a physical space mathematically as a series of small triangles using a three-dimensional coordinate system and is widely used in dentistry.Server-Side Rendering:Create new services and pre-processing mechanisms for rendering images on the Viewer/Render server to allow for faster image rendering and manipulationAnalysis and recommendation of server-side hardware and operating system requirements? ???? ?Note: this is a technology pre-requisite for Image Collaboration and 3D/MIP/MPRImage Collaboration:?Allow a user that is viewing images to invite other users to view into that sessionUsers shall able to share selected portions of a study that is currently viewedUsers shall be able to share stored images and streaming video (live or stored)Remote users will see real-time navigation and image manipulation that is performed by the user that initiated the collaboration session??Allow collaboration with users that are within the VA intranetAllow collaboration with users that are outside of the VA intranet (read only)Enable telestration (shared annotation) capabilities for all intranet users within the sessionAnalysis for integration with Skype for Business or other audio/video conferencing system VA usesPrototype an integration with Skype for Business or other audio/video conferencing systemThe system shall allow for real-time or scheduled collaboration events?? ??3D/MIP/MPR Viewing Through Toolkits or Commercial Standalone Viewers:Analysis & recommendation of available toolkits (commercial vs. open source) Determine toolkit support for the following features and create a matrix with time estimates to help determine if commercial or open source is the best solution:? 3D - opacity3D - CVR (color volume reconstruction)MPR - oblique planesMPR - curved planesMPR - slab thicknessMIP - viewsSlice/reference line supportSegmentationCroppingSubtractionColor map support?? ?? ? ?Analysis and recommendation of server-side hardware and operating system requirementsPrototype 3D/MIP/MPRProduction release (depends on results of analysis)Viewer Optimization for Mobile Apps:GesturesKeyboard shortcutsQR Code scanning to bring up studies on mobile phones??Deliverables:A.Updated VIX Service SDDB.VIX Web Service Performance Test Report Triad approved VIP Critical Decision 2 for IOC Triad approved VIP Critical Decision 2 for National ReleaseE.VistA Imaging VIX Service Enhanced Image Viewer V4.0 Patch DescriptionF.FORUM National Patch AnnouncementADD IMAGE SHARING PORTAL FOR EXTERNAL CONSULTING PROVIDERS (OPTIONAL TASK FIVE)The Contractor shall add a Health Insurance Portability and Accountability Act (HIPAA) compliant image sharing portal for external providers to exchange DICOM images to include, but not limited to, authentication, download, share, and images.Deliverables:A.VIX Web Service Performance Test Triad approved VIP Critical Decision 2 for IOC Triad approved VIP Critical Decision 2 for National ReleaseD.VistA Imaging VIX Service Image Portal Enhancement Patch DescriptionE.FORUM National Patch AnnouncementADD EXTERNAL LOGICAL OBSERVATION IDENTIFIERS NAMES AND CODES (LOINC) MAPPING FOR IMAGE ARTIFACTS RETRIEVED VIA VIX SERVICE (OPTIONAL TASK SIX)The Contractor shall perform planning, development, testing, and release for the VIX Service to enable the VIX Service to provide the appropriate LOINC mapping for image artifact fetch requests via the VIX Service from (DoD and third party) consuming applications. The solution shall be implemented in alignment with the VA Data and Enterprise Terminology Services.The Contractor shall:Implement an external LOINC map for document image artifacts based upon the current Procedure/Event Deliverables:A.Updated VIX Service SDDB.VIX Web Service Performance Test Triad approved VIP Critical Decision 2 for IOC Triad approved VIP Critical Decision 2 for National ReleaseE.VistA Imaging VIX Service LOINC Enhancement Patch DescriptionF.FORUM National Patch AnnouncementTELEPATHOLOGY – ADD AUTO-PDX, RETEST AND NATIONALLY RELEASE (OPTIONAL TASK Seven)The Contractor shall utilize the VAEC Development Environment to validate the VHA Innovation 873 Telepathology prototype in the VHA GitHub repository against the current VistA instance and the most current instances of the VIX Service Site VIX and CVIX to ensure that the functional requirements of the existing prototype (identified in the VHA GitHub repository) work with the current VistA and VIX Service. The Contractor shall evaluate the following additional VistA Patient Data Exchange (PDX) requirement as to its feasibility and acceptability with the VA OI&T Master Veteran Index implementation and VA management team. If acceptable, the Contractor shall incorporate the VistA PDX requirement, along with the following previously added additional functional requirements: ?The Telepathology application shall automatically generate a PDX from the referral site to the consulting site and automatically add the subject telepathology patient to the consulting site's VistA database.?The Telepathology application shall automatically generate accession numbers for cases at the consulting site when a supplementary report is verified. ?The Telepathology application shall automatically generate a consulting site report based on the verified supplementary report. ?The Telepathology application shall automatically generate a patient encounter with the appropriate encounter information at the consulting site for workload credit The Contractor shall deliver a Telepathology Prototype Validation Report. Any requirement that cannot be verified in the VAEC environment shall be identified with an explanation as to why it cannot be delivered in the VAEC environment and the Contractor shall present it to the project Change Control Board. Upon approval, the Contractor shall move the requirement to the project backlog.Example: The Telepathology application shall have the ability to generate a Patient Data Exchange (PDX) from the referral site to the consulting site and shall automatically add the patient to the consulting site's VistA database because demonstration and validating this requirement necessitates validation with the VA’s internal network.Based upon successfully validating if the previously delivered prototype functions correctly with the current instance of VistA, the Contractor shall update the Innovation 873 Telepathology Requirements Specification Document (RSD) in GitHub and migrate the Telepathology Requirements to the Imaging Rational repository as well as the source code. Identified defects shall be also be entered into Rational. The Contractor shall build, test, coordinate and perform required IOC testing and nationally release the subject telepathology application in accordance with Section 5.11.Deliverables:A.Telepathology Prototype VistA Validation ReportB.Rational VistA Imaging Space update with all identified Telepathology prototype requirements and identified Telepathology defects. Triad approved VIP Critical Decision 2 for IOC Triad approved VIP Critical Decision 2 for National ReleaseE.VistA Imaging Telepathology Patch DescriptionF.FORUM National Patch AnnouncementTRANSITION SUPPORT (OPTIONAL TASK Eight)In accordance with the VIP Guide, transition of knowledge and of product to Sustainment occurs at the end of Product Warranty. The Contractor shall provide a Transition Plan for 90 days of outgoing transition support for transitioning work from the current task order to a follow-on task order or Government entity. This transition may be to a Government entity or to another Contractor or to the incumbent Contractor under a new task order. In accordance with the development of a Government-approved Transition Plan, the Contractor shall assist the Government in implementing a complete transition from this contract to a new support provider. The transition support shall include formal coordination with Government staff and successor staff and management. It shall also include delivery of copies of all artifacts delivered under this contract, as well as existing policies and procedures, and delivery of baseline metrics and statistics. This Transition Plan shall include:Coordination with Government representatives.Review, evaluation and transition of current support services.Transition of historic data to new Contractor system.Transition of Rational accounts.Transfer of hardware and software warranties, maintenance agreements and licenses. Transfer of all necessary business and/or technical documentation.Orientation phase and program to introduce Government and Contractor personnel, programs, and users to the Contractor's team, tools, methodologies, and business processes.Disposition of Contractor purchased Government owned assets. Transfer of GFE and GFI, and GFE inventory management assistance.Turn-in of all Government keys, ID/access cards, and security codes.Deliverable:A.Sustainment Transition Acceptance PlanOPTION PERIOD ONEThe Contractor shall continue to perform the tasks indicated in Sections 5.1, 5.2 & 5.3, inclusive of sustainment support for any enhancements completed in PWS 5.11 if this option is exercised.OPTION PERIOD TWOThe Contractor shall continue to perform the tasks indicated in Sections 5.1, 5.2 & 5.3, inclusive of sustainment support for any enhancements completed in PWS 5.11 if this option is exercised.OPTION PERIOD THREEThe Contractor shall continue to perform the tasks indicated in Sections 5.1, 5.2 & 5.3, inclusive of sustainment support for any enhancements completed in PWS 5.11 if this option is exercised. OPTION PERIOD FOURThe Contractor shall continue to perform the tasks indicated in Sections 5.1, 5.2 & 5.3, inclusive of sustainment support for any enhancements completed in PWS 5.11 if this option is exercised.GENERAL REQUIREMENTSPERFORMANCE METRICSThe table below defines the Performance Standards and Acceptable Levels of Performance associated with this effort.Performance ObjectivePerformance StandardAcceptable Levels of PerformanceTechnical / Quality of Product or ServiceShows understanding of requirementsEfficient and effective in meeting requirements Meets technical needs and mission requirementsProvides quality services/productsSatisfactory or higherProject Milestones and ScheduleQuick response capabilityProducts completed, reviewed, delivered in accordance with the established scheduleNotifies customer in advance of potential problemsSatisfactory or higherCost & StaffingCurrency of expertise and staffing levels appropriatePersonnel possess necessary knowledge, skills and abilities to perform tasksSatisfactory or higherManagementIntegration and coordination of all activities to execute effortSatisfactory or higherThe COR will utilize a Quality Assurance Surveillance Plan (QASP) throughout the life of the TO to ensure that the Contractor is performing the services required by this PWS in an acceptable level of performance. The Government reserves the right to alter or change the QASP at its own discretion. A Performance Based Service Assessment will be used by the COR in accordance with the QASP to assess Contractor performance. SECTION 508 – ELECTRONIC AND INFORMATION TECHNOLOGY (EIT) STANDARDS On August 7, 1998, Section 508 of the Rehabilitation Act of 1973 was amended to require that when Federal departments or agencies develop, procure, maintain, or use Electronic and Information Technology, that they shall ensure it allows Federal employees with disabilities to have access to and use of information and data that is comparable to the access to and use of information and data by other Federal employees. Section 508 required the Architectural and Transportation Barriers Compliance Board (Access Board) to publish standards setting forth a definition of electronic and information technology and the technical and functional criteria for such technology to comply with Section 508. These standards have been developed are published with an effective date of December 21, 2000. Federal departments and agencies shall develop all Electronic and Information Technology requirements to comply with the standards found in 36 CFR 1194.The following Section 508 Requirements supersede Addendum A, Section A3 from the T4NG Basic PWS.The Section 508 standards established by the Architectural and Transportation Barriers Compliance Board (Access Board) are incorporated into, and made part of all VA orders, solicitations and purchase orders developed to procure Electronic and Information Technology (EIT). These standards are found in their entirety at: and . A printed copy of the standards will be supplied upon request.? The Contractor shall comply with the technical standards as marked: FORMCHECKBOX § 1194.21 Software applications and operating systems FORMCHECKBOX § 1194.22 Web-based intranet and internet information and applications FORMCHECKBOX § 1194.23 Telecommunications products FORMCHECKBOX § 1194.24 Video and multimedia products FORMCHECKBOX § 1194.25 Self-contained, closed products FORMCHECKBOX § 1194.26 Desktop and portable computers FORMCHECKBOX § 1194.31 Functional Performance Criteria FORMCHECKBOX § 1194.41 Information, Documentation, and SupportEQUIVALENT FACILITATIONAlternatively, offerors may propose products and services that provide equivalent facilitation, pursuant to Section 508, subpart A, §1194.5. Such offerors will be considered to have provided equivalent facilitation when the proposed deliverables result in substantially equivalent or greater access to and use of information for those with disabilities. COMPATIBILITY WITH ASSISTIVE TECHNOLOGYThe Section 508 standards do not require the installation of specific accessibility-related software or the attachment of an assistive technology device. Section 508 requires that the EIT be compatible with such software and devices so that EIT can be accessible to and usable by individuals using assistive technology, including but not limited to screen readers, screen magnifiers, and speech recognition software.ACCEPTANCE AND ACCEPTANCE TESTINGDeliverables resulting from this solicitation will be accepted based in part on satisfaction of the identified Section 508 standards’ requirements for accessibility and must include final test results demonstrating Section 508 compliance. Deliverables should meet applicable accessibility requirements and should not adversely affect accessibility features of existing EIT technologies. The Government reserves the right to independently test for Section 508 Compliance before delivery. The Contractor shall be able to demonstrate Section 508 Compliance upon delivery.Automated test tools and manual techniques are used in the VA Section 508 compliance assessment. Additional information concerning tools and resources can be found at Section 508 Compliance Test ResultsSHIPMENT OF HARDWARE OR EQUIPMENTN/A ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download