BACKGROUND .gov



PERFORMANCE WORK STATEMENTDEPARTMENT OF VETERANS AFFAIRS (VA)Veterans Health AdministrationLouis Stokes Cleveland VA Medical CenterSpinal Cord Injury Program Delivery, Installation and Configuration, Demonstration, and Training of Environmental Control Units for the Louis Stokes Cleveland Department of Veterans Affairs Medical CenterDate: June 25, 2018Version 1.0 BACKGROUNDThe Louis Stokes Cleveland (LSC) Department of Veterans Affairs (VA) Medical Center (VAMC) located at 10701 East Boulevard, Cleveland OH 44106, is a medical facility with both tertiary and long-term care patients. The Spinal Cord Injury (SCI) program at this facility is CARF (formerly, the Commission for the Accreditation of Rehabilitation Facilities) accredited due to the high quality and focus on the rehabilitative program for Veterans with SCI. This program accommodates 32 acute, 26 long term care, 3 outpatient, and 1 Independent Living Apartment beds. The continuum of care of these respective patient populations involves acute rehabilitation, specifically within its SCI population. Patients receive both inpatient and outpatient rehabilitative services, whether in response to a new SCI injury, or due to deconditioning for a variety of medical reasons. The therapies and modalities available to maximize rehabilitation and skill maintenance are of utmost importance in preserving the health and welfare of a patient. Patients with limited functionality do not have the capability to control their surroundings. There is an identified need to provide Environmental Control Units (ECUs) throughout the entire SCI program at the LSC VAMC in order to successfully and effectively provide consistent, quality care.APPLICABLE DOCUMENTSIn the performance of the tasks associated with this Performance Work Statement (PWS), the Contractor shall comply with the following:44 U.S.C. § 3541-3549,?“Federal Information Security Management Act (FISMA) of 2002”“Federal Information Security Modernization Act of 2014”Federal Information Processing Standards (FIPS) Publication 140-2, “Security Requirements For Cryptographic Modules”FIPS Pub 199. Standards for Security Categorization of Federal Information and Information Systems, February 2004FIPS Pub 200, Minimum Security Requirements for Federal Information and Information Systems, March 2016FIPS Pub 201-2, “Personal Identity Verification of Federal Employees and Contractors,” August 201310 U.S.C. § 2224, "Defense Information Assurance Program"Carnegie Mellon Software Engineering Institute, Capability Maturity Model? Integration for Development (CMMI-DEV), Version 1.3 November 2010; and Carnegie Mellon Software Engineering Institute, Capability Maturity Model? Integration for Acquisition (CMMI-ACQ), Version 1.3 November 20105 U.S.C. § 552a, as amended, “The Privacy Act of 1974” Public Law 109-461, Veterans Benefits, Health Care, and Information Technology Act of 2006, Title IX, Information Security Matters42 U.S.C. § 2000d “Title VI of the Civil Rights Act of 1964”VA Directive 0710, “Personnel Security and Suitability Program,” June 4, 2010, Handbook 0710, Personnel Security and Suitability Security Program, May 2, 2016, HYPERLINK "" \o "VA Publications Homepage" Directive and Handbook 6102, “Internet/Intranet Services,” July 15, 200836 C.F.R. Part 1194 “Electronic and Information Technology Accessibility Standards,” July 1, 2003Office of Management and Budget (OMB) Circular A-130, “Managing Federal Information as a Strategic Resource,” July 28, 201632 C.F.R. Part 199, “Civilian Health and Medical Program of the Uniformed Services (CHAMPUS)”An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, October 2008Sections 504 and 508 of the Rehabilitation Act (29 U.S.C. § 794d), as amended by the Workforce Investment Act of 1998 (P.L. 105-220), August 7, 1998Homeland Security Presidential Directive (12) (HSPD-12), August 27, 2004VA Directive 6500, “Managing Information Security Risk: VA Information Security Program,” September 20, 2012VA Handbook 6500, “Risk Management Framework for VA Information Systems – Tier 3: VA Information Security Program,” March 10, 2015VA Handbook 6500.1, “Electronic Media Sanitization,” November 03, 2008VA Handbook 6500.2, “Management of Breaches Involving Sensitive Personal Information (SPI)”, July 28, 2016VA Handbook 6500.3, “Assessment, Authorization, And Continuous Monitoring Of VA Information Systems,” February 3, 2014VA Handbook 6500.5, “Incorporating Security and Privacy in System Development Lifecycle”, March 22, 2010VA Handbook 6500.6, “Contract Security,” March 12, 2010VA Handbook 6500.8, “Information System Contingency Planning”, April 6, 2011OI&T Process Asset Library (PAL), . Reference Process Maps at and Artifact templates at Technical Reference Model (TRM) (reference at )VA Directive 6508, “Implementation of Privacy Threshold Analysis and Privacy Impact Assessment,” October 15, 2014VA Handbook 6508.1, “Procedures for Privacy Threshold Analysis and Privacy Impact Assessment,” July 30, 2015VA Handbook 6510, “VA Identity and Access Management”, January 15, 2016VA Directive 6300, Records and Information Management, February 26, 2009VA Handbook, 6300.1, Records Management Procedures, March 24, 2010NIST SP 800-37, Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach, June 10, 2014NIST SP 800-53 Rev. 4, Security and Privacy Controls for Federal Information Systems and Organizations, January 22, 2015OMB Memorandum, “Transition to IPv6”, September 28, 2010VA Directive 0735, Homeland Security Presidential Directive 12 (HSPD-12) Program, October 26, 2015VA Handbook 0735, Homeland Security Presidential Directive 12 (HSPD-12) Program, March 24, 2014OMB Memorandum M-06-18, Acquisition of Products and Services for Implementation of HSPD-12, June 30, 2006OMB Memorandum 04-04, E-Authentication Guidance for Federal Agencies, December 16, 2003OMB Memorandum 05-24, Implementation of Homeland Security Presidential Directive (HSPD) 12 – Policy for a Common Identification Standard for Federal Employees and Contractors, August 5, 2005OMB memorandum M-11-11, “Continued Implementation of Homeland Security Presidential Directive (HSPD) 12 – Policy for a Common Identification Standard for Federal Employees and Contractors, February 3, 2011OMB Memorandum, Guidance for Homeland Security Presidential Directive (HSPD) 12 Implementation, May 23, 2008Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance, December 2, 2011NIST SP 800-116, A Recommendation for the Use of Personal Identity Verification (PIV) Credentials in Physical Access Control Systems, November 20, 2008OMB Memorandum M-07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information, May 22, 2007NIST SP 800-63-3, 800-63A, 800-63B, 800-63C, Digital Identity Guidelines, June 2017NIST SP 800-157, Guidelines for Derived PIV Credentials, December 2014NIST SP 800-164, Guidelines on Hardware-Rooted Security in Mobile Devices (Draft), October 2012Draft National Institute of Standards and Technology Interagency Report (NISTIR) 7981 Mobile, PIV, and Authentication, March 2014VA Memorandum, VAIQ #7100147, Continued Implementation of Homeland Security Presidential Directive 12 (HSPD-12), April 29, 2011 (reference )IAM Identity Management Business Requirements Guidance document, May 2013, (reference Enterprise Architecture Section, PIV/IAM (reference )VA Memorandum “Mandate to meet PIV Requirements for New and Existing Systems” (VAIQ# 7712300), June 30, 2015, Internet Connections (TIC) Reference Architecture Document, Version 2.0, Federal Interagency Technical Reference Architectures, Department of Homeland Security, October 1, 2013, OMB Memorandum M-08-05, “Implementation of Trusted Internet Connections (TIC), November 20, 2007OMB Memorandum M-08-23, Securing the Federal Government’s Domain Name System Infrastructure, August 22, 2008VA Memorandum, VAIQ #7497987, Compliance – Electronic Product Environmental Assessment Tool (EPEAT) – IT Electronic Equipment, August 11, 2014 (reference Document Libraries, EPEAT/Green Purchasing Section, ) Sections 524 and 525 of the Energy Independence and Security Act of 2007, (Public Law 110–140), December 19, 2007Section 104 of the Energy Policy Act of 2005, (Public Law 109–58), August 8, 2005Executive Order 13693, “Planning for Federal Sustainability in the Next Decade”, dated March 19, 2015Executive Order 13221, “Energy-Efficient Standby Power Devices,” August 2, 2001VA Directive 0058, “VA Green Purchasing Program”, July 19, 2013VA Handbook 0058, “VA Green Purchasing Program”, July 19, 2013Office of Information Security (OIS) VAIQ #7424808 Memorandum, “Remote Access”, January 15, 2014, Act of 1996, 40 U.S.C. §11101 and §11103VA Memorandum, “Implementation of Federal Personal Identity Verification (PIV) Credentials for Federal and Contractor Access to VA IT Systems”, (VAIQ# 7614373) July 9, 2015, Memorandum “Mandatory Use of PIV Multifactor Authentication to VA Information System” (VAIQ# 7613595), June 30, 2015, Memorandum “Mandatory Use of PIV Multifactor Authentication for Users with Elevated Privileges” (VAIQ# 7613597), June 30, 2015; “Veteran Focused Integration Process (VIP) Guide 2.0”, May 2017, “VIP Release Process Guide”, Version 1.4, May 2016, “POLARIS User Guide”, Version 1.2, February 2016, Memorandum “Use of Personal Email (VAIQ #7581492)”, April 24, 2015, Memorandum “Updated VA Information Security Rules of Behavior (VAIQ #7823189)”, September, 15, 2017, contractor shall deliver 62 ECUs that offer multiple input methods such as eye gaze, sip and puff, touch, etc., that allow a patient with limited functionality who is quadriplegic, paraplegic, or suffers from Multiple Sclerosis (MS) or Amyotrophic Lateral Sclerosis (ALS), to control room lighting, hospital bed, television, telephone, nurse call light, internet, and communicate within the confines of their hospital bed using any one of the following input methods: sip and puff, eye gaze, voice, head tracker, direct touch, and switch. The contractor shall configure and install, demonstrate the capabilities, and provide training to VA staff for the ECUs.PERFORMANCE DETAILSPERFORMANCE PERIODThe Period of Performance (POP) is 30 days from the date of award for delivery; four months from the date of award to complete installation and configuration, demonstration, and training, with a warranty for 2 years from the date of acceptance.PLACE OF PERFORMANCETasks under this PWS shall be performed at the LSC VAMC, located at 10701 East Boulevard, Cleveland, OH 44106.TRAVELThe Government anticipates travel under this effort to perform the tasks associated with the effort. The contractor shall include all travel costs in the proposed firm-fixed-priced line items. Travel costs will not be directly reimbursed by the Government.SPECIFIC TASKS AND DELIVERABLES.KICK-OFF MEETINGThe Contractor shall establish and conduct a kick-off meeting with the VA Program Manager (PM), COR, Delivery Date Coordinator, Implementation Manager, and Facility CIOs (or designee) to discuss delivery schedule requirements and facilitate delivery of equipment.? This meeting shall be conducted telephonically within ten days after award and shall address the delivery and installation schedule. The contractor shall work with the Site point of contact identified in section 5.3 of this document.? Deliverables:Kick-off meeting.Delivery and Installation Schedule.ENVIRONMENT CONTROL UNITS.The contractor shall provide 62 ECUs that offer multiple input methods allow a patient with limited functionality who is quadriplegic, paraplegic, or suffers from MS or ALS, to control their environment and have the ability to participate in a broad range of activities. The ECUs shall have the capabilities and features necessary to provide patients the capability to control the environment from a tablet that uses the VA patient wireless system.The contractor shall provide an ECU that has the capabilities of the Autonome brand name Environmental Care Unit. The ECUs shall enable patients with limited functionality to control, compute, and communicate through the use of the ECU. The ECU shall allow patients with limited functionality who is quadriplegic, paraplegic, or suffers from MS or ALS to control room lighting, hospital beds, television, telephone, nurse call light, internet, and communicate within the confines of their hospital bed through the ECU. The ECUs shall be versatile and work for individuals with varying degrees of disability; the ECUs shall have the ability to be controlled by touch screen, voice, sip and puff, touch switch, and eye gaze devices. The ECU shall be able to control multiple environmental functions and provide simple set-up and so staff can easily assist patients in the use of the device. The home screen on the tablet shall look similar to the home screen on a smart phone and have an easily identifiable icon for each of the functions (such controlling room lighting, hospital bed, television, telephone, nurse call light, and internet.The contractor shall warrant that the products delivered shall be free from defects in materials and workmanship for a period of no less than two years from date of acceptance. If any such product proves defective during the warranty period, the contractor shall repair the defective product at no additional cost to the Government for parts, labor, and shipping, or the contractor shall provide a replacement product acceptable to the Government in exchange for the defective product.ECU Characteristics.The contractor shall provide 62 ECUs and all hardware necessary to install and configure the ECUs. The ECUs and installation hardware shall have the salient characteristics identified below and in Exhibit A.ECU Core Unit:Can be programmed to perform no fewer than 150 functionsFull on-board programming, no tools or hardware requiredBuilt-in infrared (IR) captureMacros (scenes) fully editable with up to 20 functions per macroChangeable telephone numbers and basic functionsUser-adjustable volume, brightness, and scan rateCustom template design functions Minimum of 13 inch tablet- medical specifications communication aid with rugged body integrated amplification, switch, and other USB access, auditory feedback, Servus environmental control – Grid 3 software.Seamless File Backup & ManagementOne Button Press Design for Remote Support Team ToolsRemote AssistanceWi-Fi / Bluetooth capabilities2 USB Ports (minimum 2.0)1 Headphone/1 Microphone jack 1/8”Integrated Universal Infrared Remote Capabilities with learning window and multiple IR emittersDual switch ports for ancillary access equipmentAssistive Technology software designed for application integration and multiple access methodologiesAbility to mount the device to a bed as well as a wheelchair if necessaryMinimum of 120 square foot coverage rangeSip and Puff Access / Microphone DeviceInput SpeechDual switch or single switch with scanningAt least 96 unique and different words available with multiple command useInternal microphoneExternal keys for caregiver useOutputInternal LoudspeakerAuditory – provide voice feedback on menu commands that will acknowledge confirmation on a patient’s voice command. Additional ECU Accessories Eye Gaze:Tracking – Hybrid infrared video eye & head tracking binocular & monocular trackingWorking volume - 300x200x200mm3 (WxHxD)Accuracy, static - 0.5 degreeAccuracy, over full working volume – 1 degree Max. head movement velocity - 15 cm/sRecovery time – 40 msCommunicationAt least 50 user phrases at 60 second long each. Remote activation of emergency dial number using an interface for outbound telephone callsVoice announcing caller IDArticulating arm with minimum reach of 72” from wall. Base for mounting arms shall have the ability to transfer locations ECU shall be capable of being controlled by eye gaze with the following characteristics:Tracking – Hybrid infrared video eye & head tracking binocular & monocular trackingMounting bracket for Eye Tech camera 13 inchWorking volume - 300x200x200mm3 (WxHxD)Accuracy, static - 0.5 degreeAccuracy, over full working volume – 1 degree Max. head movement velocity - 15 cm/sRecovery time – 40 msECU shall be capable of being controlled by sip n’ puff tubing and straws that are commercially availableDual microphone and Sip and Puff input device. ECU shall have single and dual switch scanningECU shall provide access and interfaces to utilize computer games, E-books, ability to write documents, internet access and social video networking applicationsPrivacy speaker for telephoneWall bracket that is compatible with the dual mounting for televisionsECU shall interface with nurse call systems. All cabling required to interface with the hospital equipment shall be included, including: Nurse Call cables with ?” male jacks to 1/4” jacks, cables 20ft in length Switch Cables from ECU device to bed unitAdditional bed cables will be determined by bed type. Bed type will be verified in patible with the Hill-Rom beds located throughout the acute SCI unit, long-term care SCI unit and the SCI outpatient clinic.Mounting for the sip-n-puff straws, microphones, speakers, and other accessories must be included for the beds.Augmentative communication capabilities to include word prediction software shall be included.Ability to delete user settings and saved documents in between patients must be included.Cable that connects to the ECU that is installed in a wall, and then is capable of reaching the patient bed: AutonoME JCT compatible with Versa Care 15 pin; 25pin interface cable for AutonoME wall box; 3.5mm stereo port for auxiliary switch; Sip/Puff tube interface; 3.5mm microphone cable.Wall Box for AutonoME Hospital- 17x17x4 The Dual: microphone and Sip and Puff input deviceBreak away cable with a single connection for control by patient care providers (bed).Cable management to include cable coverings and protection (bed).Software interface for ECU capable of being minimized for full PC features by administrative staff.Deliverables:62 ECUs and associated devices, hardware, and software.62 Support Arm and associated hardware and cables for ECU installation.Shipment/Delivery of ECU Units.The Contractor shall provide multiple ECU unit deliveries as installation occurs. The Contractor shall finalize the Delivery Schedule and shall coordinate with the COR for specifics. The contractor shall provide the delivery schedule no later than five days after the kick-off meeting. The contractor shall update the delivery schedule prior to and after each delivery.Inspection: DestinationAcceptance: DestinationFreight on Board (FOB): DestinationShip To and Mark For the following Site Point of Contact:Department of Veterans AffairsFacility Name: Louis Stokes Cleveland VA Medical CenterAttention: Fran McClellanAddress: 10701 East BoulevardCity, State Zip code: Cleveland, OH 44106Voice/Phone: 216-791-3800, ext 4731Email Address: frances.mcclellan@Special Shipping InstructionsPrior to shipping, the Contractor shall notify Site POCs, by phone followed by email to the Site POCs and the COR. The email shall include a statement which includes all line items included in the shipment so this can be reviewed for accuracy. The Contractor cannot make any changes to the delivery schedule at the request of Site POC.Contractors must coordinate deliveries with Contracting Officer’s Representative and Site POC before shipment of any ECU units or related parts to ensure site has adequate storage space.All shipments, either single or multiple container deliveries, shall bear the VA Purchase Order number on external shipping labels and associated manifests or packing lists. In the case of multiple container deliveries, a statement readable near the VA PO number will indicate total number of containers for the complete shipment (ex. “Package 1 of 2”), clearly readable on manifests and external shipping labels.Packing Slips/Labels and Lists shall include the following:IFCAP PO # ____________ (e.g., 541-E11234). Project Description: _________ (e.g., Environmental Control Units, installation hardware and cables)Total number of Containers:? Package ___ of ___.? (e.g., Package 1 of 3)Shipment/Installation Progress ReportThe Contractor shall update, on a weekly basis, the Delivery and Installation Schedule identifying the progress that has occurred. The Updated Delivery and Installation Schedule shall identify the items shipped, the serial number associated with each piece of equipment/hardware; the date of each shipment; tracking information, the status of each shipment.The Updated Delivery and Installation Schedule shall identify any problems and provide a description of how the problems were resolved/addressed.? If problems have not been completely resolved, the Contractor shall provide an explanation and status of resolution.The Updated Delivery and Installation Schedule shall be submitted to the COR and include a Microsoft Excel document that clearly identifies the serial number of each piece of equipment being delivered. The Updated Delivery and Installation Schedule shall only have one (1) serial number per cell. Deliverable:Updated Delivery and Installation Schedule.ECU Installation and Configuration.Once all units have been received by the Government, the contractor shall provide the Site POCs and the COR with an Updated Delivery and Installation Schedule. The Site POCs shall work to update the Shipment/Installation progress report with the specific installation room/site and bed type for each ECU unit.The contractor shall install 62 ECUs at the Louis Stokes Cleveland VAMC as follows:1 unit installed in 6A-113 on the 6th floor of the main hospital, 32 units installed in the patient rooms the 6B side of the 6th floor of the main hospital, 26 units installed in the patient rooms on the basement level of the CARES tower, and 3 units installed in the outpatient clinic located in 6A-127 on the 6th floor of the main hospital.The contractor shall coordinate the installation schedule with the facility POC. The contractor shall coordinate installations to occur with the most minimal disruptions to patients as possible. The contractor shall work with the COR, to coordinate with biomedical engineering, as well as SCI nursing and therapy staff, to install all the units in the directed locations. The contractor shall include the COR on all coordination activities.The Contractor shall warrant that the products the Contractor installs shall be free from defects in materials and workmanship for a period of two years from the date of acceptance. If any such product proves defective during the warranty period the vendor will repair the defective product at no charge to the Government for parts and labor, or a replacement in exchange for the defective product.Placement of wall components shall be on a pre-assembled wall mounted panel to contain the telephone and command center. This wall material shall have a standard requirement of 17" x 17" x 4”.From this panel shall be a cable leading to the bed called a "break away cable.” This cable shall contain the bed control, privacy microphone, privacy speaker, and sip and puff switch wires. The cable shall be in two pieces, with a disconnect capability within 2 to 4 feet from the bed to allow the nursing staff or others to detach the bed from the environmental control before moving the bed.The Contractor shall ensure the configuration of all units includes environmental control system units along with command center phone with privacy speaker, microphone input, direct Infrared (IR) input and wall mount bracket; command center interface with IR relay, 6-way bed control, IR receiver, and Nurse call. The contractor shall configure the ECU to have the home screen with all required options.Demonstration of ECU functionality.The Contractor shall demonstrate the functionality of one of the installed ECU units on site at the VAMC for up to 20 Government staff that include users and administrators, and information techology. The demonstration shall include performance of the following: Input (Access):1.The user can effectively operate the available input (access) method described in the PWS.2.The input (access) method is reliable and repeatable.3.The input (access) method has the capability to be modified to accommodate changes in the user's condition.4.The ECU shall control all of the devices specified by the user that he/she wants to control.Ease of Learning:1.The memory and sequencing requirements is user friendly.2.The system can start with a single function and expand into a full system at a later time. 3.User functions can be excluded if necessary.Feedback: 1.The user can adjust the ECU feedback to accommodate specific needs (e.g. vision or hearing problems).2.Feedback reliable and recognizable.Menu:1.Choices are presented in an understandable way.Accessory Accommodation: 1.The system shall accommodate the addition of accessories to control additional functions if necessary. 2.The system can be customized to meet the unique needs of a specific user. Additional functionalities to be demonstrated:ECU:HCI Television / MenuLightsFull power bed control (up, down, head up and down, foot up and down)A nurse-call interface At least two (2) relays to interface with other automated devices such as automatic window shades.Sip and Puff Straws:Sip and Puff tubes shall contain .02 micron Gacterin Filter (bi-dractonal).The Government will accept the ECU units upon successful operation of the ECUs for 10 calendar days from the date of contractor demonstration. After the 10 calendar days, the contractor shall document the demonstration in an acceptance certificate.Deliverable:ECU demonstration acceptance certificate.Training.The contractor shall provide onsite training for approximately 120 SCI staff to update the staff on the new hardware and associated devices, hardware, and software. Training shall occur on all three shifts to accommodate the clinical staff, over a period of five days after the installation is complete. Training will take place either in the Independent Living Apartment, the acute unit of the SCI Service, Outpatient Clinic, or the Long-Term Care SCI unit. Therapy staff shall be trained separately.The contractor shall provide detailed training to approximately 10 Government “Super users” and several Therapy staff who will be responsible for training new staff in the use of the hardware and software and performing initial troubleshooting of equipment. Super user training shall be held in two different sessions.The contractor shall provide all hardware and software manuals: hard copy for the therapy gym and electronic versions. The contractor shall provide training materials that the Government may reproduce as needed in the future to train various levels of users, such as nursing staff, Super Users, and patients.Deliverable:Onsite training and training materials.GENERAL REQUIREMENTSSECTION 508NOTICE OF THE FEDERAL ACCESSIBILITY LAW AFFECTING ALL ELECTRONIC AND INFORMATION TECHNOLOGY PROCUREMENTS On August 7, 1998, Section 508 of the Rehabilitation Act of 1973 was amended to require that when Federal departments or agencies develop, procure, maintain, or use Electronic and Information Technology, that they shall ensure it allows Federal employees with disabilities to have access to and use of information and data that is comparable to the access to and use of information and data by other Federal employees. Section 508 required the Architectural and Transportation Barriers Compliance Board (Access Board) to publish standards setting forth a definition of electronic and information technology and the technical and functional criteria for such technology to comply with Section 508. These standards have been developed and published with an effective date of December 21, 2000. Federal departments and agencies shall develop all Electronic and Information Technology requirements to comply with the standards found in 36 CFR 1194.Section 508 – Electronic and Information Technology (EIT) Standards: The Section 508 standards established by the Architectural and Transportation Barriers Compliance Board (Access Board) are incorporated into, and made part of all VA orders, solicitations and purchase orders developed to procure Electronic and Information Technology (EIT). These standards are found in their entirety at: and . A printed copy of the standards will be supplied upon request. The Contractor shall comply with the technical standards as marked: FORMCHECKBOX § 1194.21 Software applications and operating systems FORMCHECKBOX § 1194.22 Web-based intranet and internet information and applications FORMCHECKBOX § 1194.23 Telecommunications products FORMCHECKBOX § 1194.24 Video and multimedia products FORMCHECKBOX § 1194.25 Self-contained, closed products FORMCHECKBOX § 1194.26 Desktop and portable computers FORMCHECKBOX § 1194.31 Functional Performance Criteria FORMCHECKBOX § 1194.41 Information, Documentation, and SupportEquivalent FacilitationAlternatively, offerors may propose products and services that provide equivalent facilitation, pursuant to Section 508, subpart A, §1194.5. Such offerors will be considered to have provided equivalent facilitation when the proposed deliverables result in substantially equivalent or greater access to and use of information for those with patibility with Assistive TechnologyThe Section 508 standards do not require the installation of specific accessibility-related software or the attachment of an assistive technology device. Section 508 requires that the EIT be compatible with such software and devices so that EIT can be accessible to and usable by individuals using assistive technology, including but not limited to screen readers, screen magnifiers, and speech recognition software.Acceptance and Acceptance TestingDeliverables resulting from this solicitation will be accepted based in part on satisfaction of the identified Section 508 standards’ requirements for accessibility and must include final test results demonstrating Section 508 compliance. Deliverables should meet applicable accessibility requirements and should not adversely affect accessibility features of existing EIT technologies. The Government reserves the right to independently test for 508 Compliance before delivery. The Contractor shall be able to demonstrate 508 Compliance upon delivery.Automated test tools and manual techniques are used in the VA Section 508 compliance assessment. Additional information concerning tools and resources can be found at Section 508 Compliance Test RMATION TECHNOLOGY USING ENERGY-EFFICIENT PRODUCTS The Contractor shall comply with Sections 524 and Sections 525 of the Energy Independence and Security Act of 2007; Section 104 of the Energy Policy Act of 2005; Executive Order 13514, “Federal Leadership in Environmental, Energy, and Economic Performance,” dated October 5, 2009; Executive Order 13423, “Strengthening Federal Environmental, Energy, and Transportation Management,” dated January 24, 2007; Executive Order 13221, “Energy-Efficient Standby Power Devices,” dated August 2, 2001; and the Federal Acquisition Regulation (FAR) to provide ENERGY STAR?, FEMP designated, low standby power, and Electronic Product Environmental Assessment Tool (EPEAT) registered products in providing information technology products and/or services. The Contractor shall ensure that information technology products are procured and/or services are performed with products that meet and/or exceed ENERGY STAR, FEMP designated, low standby power, and EPEAT guidelines. The Contractor shall provide/use products that earn the ENERGY STAR label and meet the ENERGY STAR specifications for energy efficiency. Specifically, the Contractor shall:Provide/use ENERGY STAR products, as specified at products (contains complete product specifications and updated lists of qualifying products). Provide/use the purchasing specifications listed for FEMP designated products at femp.procurement. The Contractor shall use the low standby power products specified at . Provide/use EPEAT registered products as specified at . At a minimum, the Contractor shall acquire EPEAT? Bronze registered products. EPEAT registered products are required to meet the technical specifications of ENERGY STAR, but are not automatically on the ENERGY STAR qualified product lists. The Contractor shall ensure that applicable products are on both the EPEAT Registry and ENERGY STAR Qualified Product Lists.The Contractor shall use these products to the maximum extent possible without jeopardizing the intended end use or detracting from the overall quality delivered to the end user. The following is a list of information technology products for which ENERGY STAR, FEMP designated, low standby power, and EPEAT registered products are available: Computer Desktops, Laptops, Notebooks, Displays, Monitors, Integrated Desktop Computers, Workstation Desktops, Thin Clients, Disk DrivesImaging Equipment (Printers Copiers, Multi-Function Devices, Scanners, Fax Machines, Digital Duplicators, Mailing Machines)Televisions, Multimedia ProjectorsRESERVED.CONTRACTOR PERSONNEL SECURITY REQUIREMENTSThe contractor’s representative(s) shall be escorted at all times in VA facilities and will not have access to Government computers or IT equipment. INFORMATION SECURITY CONSIDERATIONS:The Assessment and Authorization (A&A) requirements do not apply and a Security Accreditation Package is not required.A prohibition on unauthorized disclosure: “Information made available to the contractor or subcontractor by VA for the performance or administration of this contract or information developed by the contractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA.” See VA handbook 6500.6, Appendix C, paragraph 3.a.A requirement for data breach notification: Upon discovery of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information, including that contained in system(s) to which the contractor/subcontractor has access, the contractor/subcontractor shall immediately and simultaneously notify the COR, the designated ISO, and Privacy Officer for the contract. The term “security incident” means an event that has, or could have, resulted in unauthorized access to, loss or damage to VA assets, or sensitive information, or an action that breaches VA security procedures. See VA Handbook 6500.6, Appendix C, paragraph 6.a.A requirement to pay liquidated damages in the event of a data breach: “In the event of a data breach or privacy incident involving SPI the contractor processes or maintains under this contract, the contractor shall be liable to VA for liquidated damages for a specified amount per affected individual to cover the cost of providing credit protection services to those individuals.” See VA handbook 6500.6, Appendix C, paragraph 7.a., 7.d.A requirement for annual security/privacy awareness training: “Before being granted access to VA information or information systems, all contractor employees and subcontractor employees requiring such access shall complete on an annual basis either: (i) the VA security/privacy awareness training (contains VA security/privacy requirements) within 1 week of the initiation of the contract, or (ii) security awareness training provided or arranged by the contractor that conforms to VA’s security/privacy requirements as delineated in the hard copy of the VA security awareness training provided to the contractor. If the contractor provides their own training that conforms to VA’s requirements, they will provide the COR or CO, a yearly report (due annually on the date of the contract initiation) stating that all applicable employees involved in the VA’s contract have received their annual security/privacy training that meets VA’s requirements and the total number of employees trained. See VA Handbook 6500.6, Appendix C, paragraph 9.A requirement to sign VA’s Rules of Behavior: “Before being granted access to VA information or information systems, all contractor employees and subcontractor employees requiring such access shall sign on annual basis an acknowledgement that they have read, understand, and agree to abide by VA’s Contractor Rules of Behavior which is attached to this contract.” See VA Handbook 6500.6, Appendix C, paragraph 9, Appendix D. Note: If a medical device vendor anticipates that the services under the contract will be performed by 10 or more individuals, the Contractor Rules of Behavior may be signed by the vendor’s designated representative. The contract must reflect by signing the Rules of Behavior on behalf of the vendor that the designated representative agrees to ensure that all such individuals review and understand the Contractor Rules of Behavior when accessing VA’s information and information systems. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download