Veterans Affairs
1. Title of Request: EES eLearning Software as a Service (SaaS) Design and Development Package2. Background: The Department of Veterans Affairs (DVA), Veterans Health Administration (VHA) Employee Education System (EES) is a unique government learning organization that also provides professional accreditation. The component services and sub component services described in this performance work statement (PWS) will require programming to meet unique needs related to accreditation, project management, content development and review; and delivery of final products and source files for both desktop and mobile environments.EES has used an integrated eLearning design and development tool since October 2014 that provides five key “software as a service” (SaaS) components:Authoring system: allows a non-programmer to build the basics of a module, including some interactive components, quizzes, pages, etc. as a storyboard. The authoring system exports content as files in the courseware template, which can later be tweaked by a developer.Review system external to the VA firewall that allows for review in the authoring system described above and for courses during development.? VA Section 508 compliant courseware templates. Course packager: ‘packages’ courseware template files into a SCORM 1.2 module, which can be posted and tracked on the VA Talent Management System (TMS).Support services for issues with programming, coding or Americans with Disabilities Act (ADA), Section 508 compliance within the software.This SaaS and its components will be employed for all phases of courseware design, development, implementation and closeout. The benefit of these integrated components will include:Method for the multiple non-programmers to build content modulesTemplates designed for rapid development VA Section 508 compliant courseware, resulting in reduced time in editing for Section 508 remediation Online review for subject matter experts, instructional designers and developers, expediting content review A course packager to package modules to SCORM 1.2 or SCORM 2004Industry expert support for programming 3. Scope of Work: VHA EES requires an existing, available and tested eLearning SaaS that allows for the completion of 45 new eLearning projects and 120 new eLearning modules per year and the following elements to support rapid eLearning design, development and implementation that supports and complies with VA enterprise systems: Storage and display for eLearning courses in all phases of development to include a sandbox for prototyping courseware for developmentStoryboard design systemCourse review system Development tools, to facilitate page design VA Section 508 compliant course template, which is downloadable and useable on VA computers/ desktop/ equipmentSCORM packager with output that functions accurately on the VA Talent Management System for thousands of end users Output from the SaaS should also be capable of producing courseware that operates successfully on mobile devices and in lower bandwidth environments. The VA Section 508 Office has a stringent set of requirements that may require modification of the SaaS so that output of courseware can meet the needs of those requiring use of assistive devices. The SaaS will provide a stable base for content management, design, development and implementation of eLearning within the VA and the VA TMS, while producing output that is Section 508 compliant. Functional elements within the integrated software as a service platform must include information architecture (e.g., storyboard) design of eLearning courseware, as well as implementation services that include build and output of functional eLearning modules that complies and operates on the VA TMS or alternate VA enterprise learning management systems, as well as other SCORM conformant learning management systems (LMS). Content produced by this service will use web programming to allow for functioning in a variety of lower bandwidth end user environments, including mobile devices (e.g., Android and iOS). The menu, navigation, assessments and other inherent elements generated by this service will be Section 508 compliant as determined by the VA Section 508 Office.The purpose of this contract is to provide for consistency and continuity of government project management, review and deliverables across multiple VA organizations. This continuity and consistency will be provided through the component services and sub component services described below.4. Period of Performance: Fiscal year 2019 with Option Year5. Type of Contract: Firm-Fixed Price6. Place of Performance: Services will be performed at the contractor’s facility. 7. Government Recognized Holidays: Unless specifically authorized in writing by the Contracting Officer, no services will be provided and no charges will be incurred and/or billed to any order on this contract on any of the Federal Holidays listed below.New Year’s DayLabor DayMartin Luther King DayColumbus DayPresidents' DayVeterans' DayMemorial DayThanksgiving DayIndependence DayChristmas Day8. Mandatory Tasks and Associated Deliverables: 8.1 Demonstration of product: Prior to acceptance of any quote, the vendor must provide a demonstration that meets the following criteria: Authoring system: allows a non-programmer to build the basics of a module including some interactive components, quizzes,?pages, etc. as a storyboard. The authoring system exports content as files in the courseware template, which can later be tweaked by a developer.Review system external to the VA firewall that allows for review in the Authoring system above and for courses during development.? Section 508 compliant courseware templates, including OMNI template, classic template, OMNI media playerCourse packager: ‘packages’ courseware template files into a SCORM 1.2 module, which can be posted and tracked on the VA TMS.Support services for issues with programming, coding or Section 508 compliance within the coursewareDeliverable numberDeliverableQuantityDeliverable day or date8.1Demonstration of Product 1 Demonstration of all required components of the SaaS Prior to bid acceptance and contract award 8.2 User Management System within the SaaS: A pre-built and tested user management system will provide for registration, user access and clarification of task project roles used during the design, development and implementation of electronic learning products. The service will provide for users and advanced users. These sub-component services requirements are:8.2.1 Registration: New users will be able to use an online form to register. The system will provide for a minimum of 1,400 users and 250 advanced users. A sponsor with the role of eLearning Producer or Project Manager will be required for new registrants to enter the system and projects. 8.2.2 Host/ guest organizations: EES is considered the host organization. The host organization will have all administrative rights and be able to create any number of guest organizations and assign any number of projects to the host organization. The guest organization can assign any number of projects to itself. VA contractors with awarded contracts can be designated as a guest organization by the host organization. Reports will be available to the host organization from the vendor in terms of number of users, current status of projects and task groups, last date content, in any phase the project has been accessed. The government reserves the right to request two custom reports from the vendor within the period of performance. 8.2.3 Designated project manager or eLearning producer The host organization or guest organization will be able to assign designated projects to their host organization. User: Defined as subject matter expert reviewers and other project team members Advanced Users: Defined as a project manager, eLearning producer, developers and instructional designers. Only those designated as an EES developer or eLearning producer shall have access to the content builder tool described below. 8.2.4 Project manager /eLearning producer team member assignments: The EES or VA project manager or eLearning producer will be able to assign new users and their role and privileges: i.e., project manager, instructional system designer, web developer, and reviewer. 8.2.5 Password retrieval: User can retrieve forgotten passwords automatically via email from the system. 8.2.6 Application level access: Each individual user account will be unique. Applications, projects, or even single task groups will be assigned at the user account level by a project manager or eLearning producer. 8.2.7 Storage system: The system will allow for storage of eLearning modules complete or under development, source files, media files, and packaged courseware, and act an indexed repository for stored content. Secure FTP (SFTP) will be available to upload or download files as needed. 8.2.8. User Management Support: The vendor will provide technical support to ensure the user management system works correctly and users and administrators have access to technical support.Deliverable numberDeliverableQuantityDeliverable day or date8.2User Management System: 1 user management system for the entire SaaS 1 day post contract award 8.3 User Interface: After successful login, the user interface will be encountered. This home page (or dashboard) will provide access to role-related functional applications, user account management, a support system, a knowledge base for user instructional purposes and a review functional application status. The subcomponent services are:Application menu: The home page or dashboard view will provide quick access to user applications when access is granted by the project manager or eLearning producer to each individual user. Some users may have access to launch more applications than others based on their role assignment. Account management: All users will have access to manage their account information (name, address, phone, and company or government agency name.). Support: A support link will be available that provides access to a ticket based support system.8.3.4 Knowledge base: The knowledge base will contain a search tool that allows a user to search on topic/keywords related to functional applications that provide instructions on ‘how to’ information. Information will be provided to allow users to perform the common tasks associated with the system. Deliverable numberDeliverableQuantityDeliverable day or date8.3User Interface 1 for each User 1 day post contract award8.4 Project Management Functions: The SaaS will provide for the management of eLearning projects from start to finish through the online sharing of component service and sub-component services. The subcomponent services are:8.4.1 Project organization: Projects will be organized by roles (project manager or eLearning producer). Within each project there will be subgroups that are designated for design and development of individual modules. The SaaS will provide for online review during various development stages. The user will be able to review and comment online on storyboards and individual pages under development. Reviewer’s comments and name will be recorded and displayed for subsequent reviewers. 8.4.2 Review statistics report: The project management function will allow for the production of reports unique to each project and functional application that records and or summarizes comments and date of submission.8.4.3 Acceptance milestones: At the project management level, administrators, project managers, and eLearning producers (as assigned) will have the ability to have sign off privileges. The project management system will be adaptable to allow for unique milestone titles. These milestones are typically: Accreditation Review, Content Review, 508 Review, Pilot Review, and LMS Validation. 8.4.4 Phases: Normally, the functional applications move through phases: 1) design, 2) development, 3) internal and external alpha and beta review, 4) 508 compliance review, 5) LMS or equivalent validation as determined by the government. The SaaS should have the capability to provide distinctive phases that allow the eLearning work to be done and all users with assigned permissions to access these phases. 8.4.5 Files: The system will have a file repository that allows for the sharing and posting of files electronically, and the ability to transfer files and/or entire directories via SFTP (Secure FTP) or approved VA IT protocol to the parent host organization. Files may be transferred using Adobe Dreamweaver’s SFTP function as well as other SFTP VA approved/compatible programs. Deliverable numberDeliverableQuantityDeliverable day or date8.4Project Management Functions1 for each Project 1 day post contract award8.5 Content Builder The SaaS will have the ability for an instructional system designer to build design information architecture (storyboards) intuitively with no additional assistance required and store that information in a VA approved digital format that allows for shared (client/ instructional designer/ developer) online content review, modification and publication in MS Word format. The content builder function will emulate 90 percent of the final output of the functional web content module. Content builder pages will be exported as formatted web pages that will be in HTML or HTML5 or the industry accepted standard that is compliant, compatible and conformant with VA systems and with current, common web browsers including Firefox, Safari, Chrome, Opera, Edge, and IE11. All pages and interactive objects that are output from the content builder must meet Section 508 compliant standards (when tagged properly) as tested by the VA Section 508 Office or VA trusted testers. Included in content builder are the following subcomponent functional objects:8.5.1 Menu: The course menu is designed for navigation within each module and organized in a hierarchical fashion. Menu items will normally include lessons within the module that may contain one or more pages and/or assessments. Pages within a lesson may be grouped into topics that appear within the lesson. Hierarchy is to be available and organized as Module > Lesson > Topic (optional) > Page (or Assessment). The menu will not mark complete until all pages have been visited and show that lessons have been completed as the learner progresses through the module. Within each lesson, an option will be available to add topics as content divisions. 8.5.2 Navigation and page structure: Common navigation buttons will be available as part of the navigational structure on all pages and include Back and Next (page) buttons, as well as links to Help, Resources, Exit, and an indicator showing percentage of module completion. Page numbers will be available. There will also be a link to a page that shows which Lessons have been complete.8.5.3 Content display functions: The content builder will allow the designer to type in text and upload images for display within the content area. The content area will be designed for typical 1024 x 728 pixel resolution and allow for vertical scrolling. Formatting capacity for text and images will allow for resize and positioning of these page elements. Content display items will ultimately be exported to the course files and that content will be Section 508 compliant according to VA Section 508 standards. The content builder will allow the designer to export the content as a word document for sharing with subject matter experts, or to export the entire module as files. Functional content display objects that may be added and edited in the content builder include:a. Toggle list: In this object the learner selects from a text or image link that allows the learner to view associated content once a link is activated. Several layouts will be available including: ? Vertical layout (Links on left, content on right); ? Horizontal layout (Links across the top, content below); ? Carousel layout (User selects arrows or text to allow content segments to move across content elements in a single page horizontally). All toggle lists may be set to allow the next button to be disabled until all content items are visited. The designer determines the number of toggle list links on each page. b. Pop-up: In this object the learner selects from a text or image link that displays a JavaScript pop-up text object.c. New window: This allows for a link to be created that allows for opening of a new window with new content. The new window will also be editable within the content builder. d. Hub and spoke: This allows for design of navigation to and from more than one page that emanates from links on the primary page. For spokes, a link will be provided to return to the hub page. e. Tables: Tables may be created with the ability to modify colors, row and column headers, and other table parameters (row span, column span, etc.). Options for tables will include those required for VA Section 508 compliance. f. Links: Links may be created by placing link text and addresses into the content builder. When links are created, input will be available for disclaimer text to appear when the link is selected. g. Text editing: Text size, font and color, header designation, highlighting, lists, and other text elements are editable in the content builder. Text content may be pasted into the content builder from text copied outside the program. The built in text editor will contain a spell check function. h. Scenes: Content within the editor will have the option to be divided into Scenes. Scenes will allow for a segment of on-screen content to appear alongside a related script for narration. Script will be input via another screen or tab that is joined with the content so that each scene is ultimately displayed in the storyboard along with its corresponding on screen content and script.8.5.4 Assessments and knowledge checks: The content builder will allow the designer to type in questions and answers to create questions and feedback for both assessments and knowledge checks. The assessments function will also have the following configurations:a. Assessments may be created at any point in the module and may be set to require a designer specified score before the learner may advance in the module or for the module to be completed successfully and completion to be passed to the VA TMS.b. A feedback option will be available for correct or incorrectly answered questions. For feedback on incorrectly answered multiple choice or multiple questions during assessments, the correct answer will not be shown as a default but will be available as an option for the designer/ developer.c. A remediation ‘link to content’ function will be available in the assessment tool that will allow for a link to associated content to be accessed after the assessment is complete. A link back to the assessment will be available on the content page. d. Configurations for assessments include end of lesson assessments and end of course assessments. e. Knowledge checks will be available as another option for assessments but a specific score is not required to advance in the module. f. Knowledge check/assessment questions will be matching, multiple answer, multiple choice, and true/ false. g. The designer will be able to set the required score for passing an assessment.h. The assessments function will allow designers to link a question to specific learning objectives.8.5.5 Media input: The content builder will allow for input of audio and video files. Options will be available for upload of these files along with their associated captioning files and/or audio described files. 8.5.6 Review/commenting feature: The content builder will allow for review and commenting on specific pages within the content. The display of comments will be easy to access, read, and edit. The commenting feature may be turned on or off by project managers or eLearning producers assigned to that product. The project manager will be able to track comments by reviewer and page. Comments placed within the review system will have ability to be divided according to role, so developers can divide their responses to each comment. Each comment will be displayable in a list format as well as comments on the individual page where the comment was placed. Comments will be exportable into a csv file and sortable by date, reviewer, and location. 8.5.7 Information architecture tool: The information architecture function will allow the designer to input the terminal learning objectives (TLO) associated with each module (or lesson) and associate enabling learning objectives (ELOs) with each TLO. Each ELO may be associated with a page or pages in the content builder. Each ELO may contain one or more associated assessment questions. The tool will allow for linking of question feedback to a page that contains the content answering the associated assessment question. 8.5.8 Storyboard export tool: The content builder will allow for external export of content into a storyboard document in MS word format for review by subject matter experts and instructional designers outside the SaaS. The content builder will also allow for the option to export a script only version of the storyboard. Deliverable numberDeliverableQuantityDeliverable day or date8.5Content Builder 1 for each module 1 day post contract award8.6 Export Tool: After content is built using the content builder, an export tool will build all pages into a module that includes all pages, scripting, necessary files, and functionality to allow for a runtime module (a module that operates using internal web scripting but that has not yet been packaged to SCORM). The content shall be exported to a commonly used course template (as described throughout this section). All modules created using the export tool will have the following component features and properties: 8.6.1 Section 508 compliance: Functional elements created within the module builder tool as outlined in Section 8.4 above will be 100 percent Section 508 compliant as determined by testing performed by the VA Section 508 Office. 8.6.2 Editable content: The content area of each module will be easily readable and editable using standard programming such as HTML, HTML5, JavaScript, JSon and cascading style sheet (CSS) programming and syntax. Included media and image elements will be placed within the exported module in their designated location as defined when built in the content builder. 8.6.3 Learning management system functionality: All content built using the export tool will contain those functional elements commonly present (course completion, bookmarking, score, and completion status) within content objects that, after SCORM packaging, will run in the SCORM environment, including tracking of module progress, bookmarking, and pass/fail status as well the data tracking elements used in SCORM 1.2 and 2004. When packed for SCORM, SCORM functions will run and operate within SCORM conformant learning management systems and the VA TMS. SCORM 2004 assessments will allow individual question data to be recorded by a SCORM 2004 conformant LMS. Deliverable numberDeliverableQuantityDeliverable day or date8.6Export Tool 1 for each module 1 day post contract award 8.7 Courseware Template: A VA compatible independent and downloadable course template will be available that allows for setup and programming outside the content builder system. VA will own the most current downloadable version of the courseware template. The template will contain the same functional items that are outlined in the content builder, editable by those familiar with HTML, HTML5, and simple JavaScript. The template allows the web developer to minimize effort in developing complex course global programming and provides features that aid in the Section 508 certification. This template provides the architecture to develop courseware to be posted on VA TMS and other SCORM conformant LMS. This template will allow for setup of menu pages, assessments, and course pages using common programming elements including JavaScript, HTML, HTML5, and CSS. Template pages will utilize HTML or HTML5 or the industry accepted standard that is compliant, compatible and conformant with VA systems and with current, common web browsers including Firefox, Safari, Chrome, Opera, Edge, and IE11. The most recent version of the courseware template shall be available to the VA for use for editing or new courseware development for a period of twenty four months after termination of this contract. The course template will contain the following properties and functional components:8.7.1 Section 508 compliance: All menu items, functional elements, images, and pages available in the course template will be 100 percent Section 508 compliant as determined and tested by the VA Section 508 Office. A checklist of compliance requirements is available in the Standards Checklist section at the VA Section 508 Resources page. 8.7.2 Responsive display/mobile devices: A responsive version (alters display size and formatting according to device/screen) of the template will be available that will allow correctly formatted views of the course module using mobile devices (phone or tablet). Those devices include commonly used browsers used by the latest Android or iOS operating systems. HTML5 and/or other compatible formatting/programming will be used to allow for lower bandwidth environments and display using these systems’ browsers. 8.7.3 Interactive display components: Multiple display functions will be available as described in the content builder section 8.4.2. The content structure will be divisible into lessons, topics, and pages. Content display options included in the build in scripting in the template include:a. Toggle list: In this object the learner selects from a text or image link that allows the learner to view associated content once a link is activated. Several layouts will be available including: ? Vertical layout (Links on left, content on right); ? Horizontal layout (Links across the top, content below); ? Carousel layout (User selects arrows or text to allow content segments to move across content elements in a single page horizontally). All toggle lists may be set to allow the next button to be disabled until all content items are visited. The designer determines the number of toggle list links on each page. b. Pop-up: In this object the learner selects from a text or image link that displays a JavaScript pop-up text object.c. New window: This allows for a link to be created that allows for opening of a new window with new content. The new window will also be editable within the content builder. d. Hub and spoke: This allows for design of navigation to and from more than one page that emanates from links on the primary page. For spokes, a link will be provided to return to the hub page. e. Tables: Tables may be created with ability to modify colors, row and column headers, and other table parameters (row span, column span, etc.). Options for tables will include those required for VA Section 508 compliance. f. Links: Links may be created by placing link text and address into the content builder. When links are created, input will be available for disclaimer text to appear when the link is selected.g. Menu: The course menu is designed for navigation within each module and organized in a hierarchical fashion. Menu items will normally include lessons within the module that may contain one or more pages and/or assessments. Pages within a lesson may be grouped into topics that appear within the lesson. Hierarchy is to be available and organized as Module > Lesson > Topic (optional) > Page (or Assessment). The menu will not mark complete until all pages have been visited and show that lessons have been completed as the learner progresses through the module. Within each lesson, an option will be available to add topics as content divisions. h. Navigation and page structure: Common navigation buttons will be available as part of the navigational structure on all pages and include Back and Next (page) buttons; as well as links to Help, Resources, an Exit button, and an indicator showing percentage of module completion. Page numbers will be available. There will also be a link to a page that shows which Lessons have been complete.8.7.4 Assessments: Assessments will have the properties discussed in Section 8.4.3 and will include capability to easily program these elements within the parameters of the template code: a. Require a designer-specified score before the learner may advance in the module.b. Feedback will be available for correct or incorrectly answered questions. For feedback on incorrectly answered multiple choice or multiple questions during scored assessments, the correct answer will not be shown as a default.c. A ‘link to content’ function will be available in the assessment tool that will allow for a link to associated content to be accessed after the assessment is complete. d. Configurations for assessments include end of lesson assessments and end of course assessments. e. Knowledge checks will be available as another option for assessments but a specific score is not required to complete the module. The developer will have the option to disable the Next button until knowledge checks are passed at a set score. f. Assessment questions will be available as matching, multiple answer, multiple choice, true/ false, and fill in the blank items. g. The designer will be able to set the required score for passing an assessment.h. The assessments function will allow designers to link a question to a learning objective and for individual question feedback available on completion of an assessment to be linked back to content that contains an answer to that question. 8.7.5 Functional examples: The contractor will provide both adequate documentation and functional examples allowing developers to manipulate all functional components within the template. 8.7.6 SCORM compatibility: The template will be compatible with SCORM 1.2 and SCORM 2004. Correct packaging using a SCORM packager will allow the module to function correctly on VA TMS or other SCORM conformant learning management system. 8.7.7 LMS /SCORM testing: After a module is tested, the system will allow for launch of the SCORM module for testing in a SCORM environment including functionality similar to the VA TMS (i.e., the system will ‘mimic’ the functionality of the VA TMS to allow for troubleshooting). 8.7.8 Auto-play toggle off/on: The learner will have the option (by a simple selection) within the module for the associated media player to allow media displayed within the entire course (all pages) to play automatically on page load or to require the learner to activate the media via a play button. This meets Section 508 requirements while allowing for those not using assistive technology to play the module automatically. 8.7.9 Editability of myInstruo? Legacy Content: The courseware template shall allow legacy courses programmed using the legacy myInstruo? Classic Courseware Template to be imported or placed directly in the template with no editing, so that the course menu, lessons, pages, page content, assessments, and other information are properly aligned, maintain their original functionality. After import content shall be able to be edited then packaged to SCORM 1.2 and SCORM 2004 specifications.Deliverable numberDeliverableQuantityDeliverable day or date8.7Courseware Template 1 for each module Downloadable immediately on request. 8.8 Media Player: A downloadable HTML 5 based media player will be available for use in the course template or within a separate, standalone HTML page that allows for VA Section 508 compliant displays of media elements: Flash (.swf), mp4 videos, and mp3 audio and other industry common media format that are compatible with VA systems. The media player will allow for play on desktop and mobile devices (i.e., iOS and Android compatible). The media player will use simple parameters and variables for the programmer to easily customize its use on the course page, including display dimensions, position, media type, audio descriptions, closed captioning, and placement of a transcript. The controls and functionality of the media player will be Section 508 compliant as determined by the VA Section 508 Office. The most recent version of the media player will be available and usable by the VA for implementation of new media objects for a period of 24 months after termination of this contract. The media player will have the following programmable functional elements and properties:8.8.1 Audio described video: When a video with an audio descriptive track is used, the player will allow for an alternate audio described version of a video to be easily accessed by the end user. 8.8.1 Closed captioning: The player will allow for flexible use of common captioning files for closed captioning, including webVTT, SMPTE-TT, DXFP (xml) formats. The player will also allow the ability to display a transcript of the narrative. During playing of the media, the player will highlight the content being spoken in real time, so the viewer can see the progression through the narrative. 8.8.2 Animation of HTML elements: The media player will allow for HTML (or HTML5) elements to appear or disappear on a course template page to create an animated effect that is timed with play of the media. Animation will be controlled by adding simple language to HTML elements (e.g., to show and hide a div element). Timing of animation of HTML elements will be done in simple, human readable code. Showing and hiding HTML elements includes most html elements including lists, tables, paragraphs, images, div tags and other commonly used HTML elements. Showing and hiding elements will include fading in and out of those elements so the appearance is not compromised. The animation will be synched with the audio or video timeline. When the player is advanced manually the animation will also advance. 8.8.3 Poster image and loading screen: The media player allows for placement of a poster image that appears before the media starts playing. A loading screen will appear when the content begins loading. 8.8.4 Media player controls/ appearance: The media player will have play and pause buttons, as well as buttons to allow closed captioning, transcript, and audio description of video to appear when an audio described track is available. The current time and total time of video will appear as well as an indicator to show where the current play is occurring. 8.8.5 Mobile device compatibility: The media player will have capacity to launch and operate within mobile devices using the most up to date versions of iOS and Android and the commonly used, industry standard browsers they currently employ. Deliverable numberDeliverableQuantityDeliverable day or date8.8Media Player 11 day post contract award8.9 Course Packager: The system will contain a SCORM packager used to develop the various SCORM files, including the manifest file, for SCORM Version 1.2, SCORM 2004, or AICC-HACP in order to program the module to be SCORM conformant. The developer may choose to use the packager to develop the code for production on a SCORM conformant LMS or the VA TMS or equivalent VA approved system. The packaging function will allow the course content to communicate specifically with the VA TMS or equivalent VA approved system and other SCORM conformant LMS. Deliverable numberDeliverableQuantityDeliverable day or date8.9Course Packager 1 for each advanced user account with unlimited use1 day post contract award8.10 Support System: The contractor will provide a support function using staff with technically advanced programming, coding and technical skills that will resolve technical difficulties associated with the SaaS, the associated courseware template, and system/ template related Section 508 compliance, as determined and defined by the VA Section 508 Office or VA trusted testers. Training and support will:8.10.1 Provide VA/EES specific technical support: A support ticket link will be available within the SaaS that provides access to technical support. The contractor will also respond to support requests for system or template related issues by direct email or phone. Support requests will be replied to with an initial answer within 24 hours (during government business days) from date of initiation. Further investigation may be required for more complex requests. The contractor will reply to support requests with effective solutions and maintain a 98 percent satisfaction rate from users as reported by the vendor using customer satisfaction surveys.8.10.2 Section 508 Support: The contractor will have expert knowledge of Section 508 requirements and provide solutions to meet or remediate Section 508 technical requirements. The contractor will maintain contact with the VA Section 508 Office and/or VA trusted testers to keep abreast of significant changes in requirements. 8.10.3 Technical Documentation: The contractor will provide up to date and thorough online documentation and instructions for use of the content builder, courseware templates, and media player in an indexed format for easy searching by those seeking technical help. The contractor shall also provide downloadable examples of the variety of interactions and media implementations available in the courseware template and media player. Deliverable numberDeliverableQuantityDeliverable day or date8.10Support System1 1 day post contract award 8.11: Modify SaaS and courseware templates to meet specific VA TMS or equivalent VA approved systems and VA Section 508 needs: As a response to the changing needs of the VA, its technical environment, changing browser and device environments, and VA Section 508 requirements, the contractor will respond with modifications of the system and/or its associated template to allow courseware to run successfully and be Section 508 accessible when issues arise with functional elements of the courseware. Modifications as a result of significant changes to Section 508 requirements and/or VA TMS technical requirements will occur within 15 working days from date of identification of issue. Current VA Section 508 Standards can be found at: numberDeliverableQuantityDeliverable day or date8.11Modifications to meet TMS/VA Section 508 needs1 Available within 10 working days on request from CO or COR 8.12: Training: The contractor will supply two hours of training per month on the system and its associated template. Training shall meet the objectives agreed upon to ensure system users have needed skills to operate the various components of the system. The hours may be combined to form a longer training session. Training will occur over VA approved webinar software (e.g., Adobe Connect or MS Lync, etc.). Deliverable numberDeliverableQuantityDeliverable day or date8.12Training provided @ 24 hours per annum1 1 day post contract award 8.13: Evaluation and testing. In addition to any written response, the system and its components will be tested as described in Addendum I. 8.14: xAPI Optional line item. If not included in the existing SaaS and associated templates, the contractor will provide a proposal and pricing information for a contract option to include xAPI conformant statements in the course template and course packager components. The government will reserve the right to accept or decline the proposal as line item of the contract bid. If the government accepts the proposal as part of the acceptance of bid for contract, then the xAPI optional task will become a deliverable. When xAPI component is ultimately implemented, statements will include those compatible with eLearning interactions including pages experienced, per question correct/ incorrect responses, completion, and other xAPI conformant data. Once statements are implemented, data output will be required to operate and communicate with xAPI conformant learning record stores (LRS). Deliverable numberDeliverableQuantityDeliverable day or date8.14Proposal for inclusion of xAPI conformant data into template and content builder. 1 prior to contract award9. Formal Acceptance or Rejection of Deliverables: The Government will review each deliverable by project task and provide feedback/comments within 15 business days. The contractor shall have five (5) business days to incorporate feedback/comments and make appropriate revisions. The contractor shall provide the revised version of each deliverable to the EES point of contact (POC). The EES POC will review each deliverable and determine final acceptance by the Government within 15 business days. The COR will notify the contractor of final acceptance within (15) fifteen business days.10. Changes To The PWSAny changes to this PWS shall be authorized and approved only through written correspondence from the contracting officer. A copy of each change will be kept in a project folder along with all other products of the project. Costs incurred by the contractor through the actions of parties other than the contracting officer shall be borne by the contractor. Costs of remediation of contract deliverables identified by the VA project team, contracting officer representative (COR) or contracting officer shall be borne by the contractor.11. Contractor Reporting RequirementsThe contractor shall submit a monthly progress report addressing the status of all active efforts. The official reporting for order compliance shall be these monthly reports due on the fifth day of each month. The reports will cover progress made for the prior month. At the conclusion of each task, the contractor shall provide a written memo documenting task completion.The monthly progress report shall also identify any problems that may have arisen and an explanation of how each problem was resolved, or where not resolved, a plan for how the problem will be resolved.The contractor shall take minutes of all formal conference calls and/or meetings held with the VA project team, VA EES project manager and/or eLearning producer. Copies of these minutes shall be attached to the next monthly progress report.Monthly progress reports shall contain, but are not limited to, the following:Status summary (total and new task groups/projects)Status update to the project management planChange request status (new, open, closed since last report)Issue status (new, open, and closed since last report)Schedule statusMinutes of status meetingsContractor staff roster (providing updates as they occur, including personnel and security requirements)Status of required background investigationsThe contractor shall notify the COR and contracting officer, in writing, if problems arise that could adversely impact the performance of the contract or any task order assigned against the contract.Status of any technical reviews in progress or completed. Number of new courses, titles and user name Total number of courses, development status, titles, user name 12. Files, Media, and System BackupThe government shall be the proprietary owner of all course content, files, graphics and media added to the SaaS. Complete courses archived on the SaaS will be the sole property of the government. The government will be afforded 45 days from date of contract expiration or change to export or transfer courses, files, including source files, content, media or graphics. The vendor will collaborate with the government on this requirement. The SaaS shall be backed up every 15 minutes to prevent loss of data. The system shall be 100% restorable during reimplementation from the backed up version. 13. Performance Requirements:The contractor shall adhere to the elements outlined below in the Performance Requirements Summary Table.Performance Requirements Summary Table: Performance IndicatorPerformance StandardMinimum Acceptable StandardMethod of SurveillanceCorrective ActionFrequency8.1When SaaS demonstrated to technical experts, all components and subcomponents will be shown to function according to performance work statement100% of all components of SaaS will function in accordance with performance work statementTechnical observation and review Immediate remedyEach time 8.2 User Management SystemWhen set by the eLearning producer or project manager, users within the VA project teams will have the correctly assigned capabilities and functions?within the projects and modules. Users have correct capabilities and functions within projects or modules according to their assigned roleTechnical observation and reviewImmediate remedyEach time8.3 User Interface The home page (dashboard) will provides access to role related functional applications, user account management, a ticket based support system and a knowledge base for user instructional purposes.User will gain access to the tools from within the user interface. All user interface components and functions Technical observation and reviewImmediate remedyEach time8.4 Project Management Project managers and eLearning producers are able to manage their projects and modules without delays. No more than two instances of errors to prevent implementation of project management tasks per month. Technical observation and review Remedy within 1 working daysEach project or module assignment8.5 Content Builder SystemProject managers, eLearning producers and instructional system designers have ability to: build via online fill in the blanks formatted design content documents. Design information architecture (storyboards) and store information for later review by SMEs No more than two or less instances where errors prevent ISD from performing design tasks in content builder per month.Technical observation and reviewRemedy within 1 working daysEach module assignment 8.6 Export ToolDesigners will be able to export the content from the content builder system into a set of editable HTML, HTML5, JavaScript, and other common development files No more than one error or malfunction per week for all exported modules. Technical observation and review Remedy within 1 working dayPer week 8.7 Course TemplateCourse template will allow for setup and programming outside of the content builder system within Section 508 specifications. No more than one error or malfunction per module for contractor programmed template functional elements. VA development team or VA Section 508 Office reviewRemedy within 2 working daysEach module8.8 Media PlayerProvide Section 508 compliant displays of media elements within web pages (either standalone or in courseware template) No more than one error or malfunction per module. VA development team or VA Section 508 Office review of playable media objects Remedy within 2 working daysEach instance of use 8.9 Course PackagerPackages module using SCORM 1.2, SCORM 2004, or AICC-HACP standards for VA TMS and/or other SCORM conformant LMS. No more than one error per 20 exported modules. Review by VA developer or eLearning producer Remedy within 2 working daysPer 20 modules 8.10 Support System Response to help tickets/ requests allows users to overcome technical or Section 508 issuesRespond with effective solution to 90% of template or system related issues within 24 hours on government business days. 10% within 48 hours. Technical review of applied solution for successful implementation Respond to deficiency within 1working days Each instance of help request8.11 Modify system to meet VA Section 508 needsImplement modifications to courseware functionality to meet VA defined Section 508 needs with modifications. Modification will be in place within 10 government business days from initiation of requests for courseware template remediation. Review by VA Section 508 Office or VA Trusted Tester.Successful modification of template within 5 working daysEach instance of required modification8.12 Training Provide 2 hours per month of trainingEffective training to meet VA training objectives for system or template usage will take place within 15 working days of requestReview/ attendance of COR attendance or review of training recording Revision of remedial training within 5 working daysEach training instance8.13 Evaluation and testingThe proposed systems and courseware output will operate successfully during the testing process.Testing by technical review of each functional item as described in Addendum I Correction within 1 working day of any deficit Each instance of a testable item 8.14xAPI Option DeliverableConformance to xAPI standards and protocol on implementation of option. Successful storage of Operability of xAPI conformance data and courseware.Technical review and observationCorrection within 5 working days of any deficitEach instance of a testable module Addendum I: Evaluation by Testing Testing of potential systems and their courseware output will enable the VA to determine functionality, usefulness, and operability within its system. Testing will be done on Android, iOS, and Windows desktop platforms using commonly employed browsers. Testing will include evaluating elements described above and include at a minimum those elements described below:Each proposed system will provide sample instances of user management, user interface, content builder, and export tool to allow the VA to inspect the interface. Criteria: All user and course management systems will be easy to access and function with 100 percent operability without significant delays.The content export tool will be used to export content from the content builder allowing the VA and VA Section 508 Office to test the output for compliance and VA TMS or other LMS functionality. Criteria: Module will track per page progress and pass completion to testing VATMS or other LMS at 100 percent using all identified testing platforms and browsersThe contractor will supply a sample module created in the proposed template for testing by the VA Section 508 Office and within the VA TMS environment. Testing may occur using both mobile devices and commonly used web browsers. The SCORM 1.2 testable module shall include all the following elements that are described above:Responsive display: the module will be easily viewable and function on mobile devices or on a desktop/laptop computer Menu structure with lessons/ topics/ pages and a module status screen. Text and images HTML elements with images that change during narration (this page will contain the media player)Toggle lists (horizontal, vertical, and carousel): prefer some with images within their menu items Pop-up textNew windowHub and spokeTables and lists.mp4 video with closed captioning (CC using separate captioning file). The video will contain a version that has screen descriptions. Toggle to enable/ disable autoplay on all pagesA module page showing course completion statusAn assessment containing matching, T/F, multiple choice, multiple answer itemsA knowledge check containing at least two question types A final exam (necessary for completing module) Criteria for all elements: The contractor will be queried on how they produced the elements. All elements will function correctly and be 100 percent Section 508 compliant as tested by the VA Section 508 Office. Any performance errors will be corrected within five business days. The VA will create a sample module using the content builder system and its related export functionality with selected elements from the list above. This module will be tested for functionality and Section 508 compliance. Criteria for all elements: For native content exported from platform, all elements will function correctly and be 100 percent Section 508 compliant as tested by the VA Section 508 Office. Any performance errors will be corrected within five business days. 14. Government Responsibilities [If applicable]The VA will provide a Government Furnished Material (GFM) via online submission within the system which provides: Name of the host, guest host, or user requesting project creationProject manager (if applicable) Title of the module Purpose of the programList of instructional system designer, web developer, and reviewers within the project15. Contractor Experience Requirements – Key Personnel The contractor shall provide the following highly skilled and experienced specialists for this PBWS. These key personnel are essential for successful contractor accomplishment of the work to be performed under this contract and subsequent option year contract awards. The contract shall submit one page resumes of these key personnel for review and evaluation with the request for proposal. These one page resumes shall demonstrate the skill and experience of the key personnel. The contractor agrees that the key personnel shall not be removed, diverted, or replaced from work without approval of the CO and COR. These key personnel include: 14.1Contractor project manager14.2Visual information specialist (senior graphic artist)14.3 Professional data base developer/ administrator 14.4 Senior web/ mobile course developer or programmerWhen key personnel are required to be replaced, their substitutes shall have the ability and qualifications equal to or better than the key personnel who are being replaced. Requests to substitute personnel shall be approved by the COR and the CO prior to the commencement of work on any task. All requests for approval of substitutions in personnel shall be submitted to the COR and the CO within 30 calendar days prior to making any change in key personnel. The request shall be written and provide a detailed explanation of the circumstances necessitating the proposed substitution. The contractor shall submit a complete resume for the proposed substitute, any changes to the rate specified in the order (as applicable) and any other information requested by the CO needed to approve or disapprove the proposed substitution. The CO will evaluate such requests and promptly notify the contractor of approval or disapproval thereof in writing.The VA reserves the right to request removal of key personnel, when services and deliverables are jeopardized as demonstrated by a lack of knowledge, lack of skills or demonstrated inability to communication with the VA project team members. 15.5 Any personnel the contractor offers as substitutes shall have the ability and qualifications equal to or better than the key personnel being replaced. Requests to substitute personnel shall be approved by the COR and the CO. All requests for approval of substitutions in personnel shall be submitted to the COR and the CO within 30 calendar days prior to making any change in key personnel. The request shall be written and provide a detailed explanation of the circumstances necessitating the proposed substitution. The contractor shall submit a complete resume for the proposed substitute, any changes to the rate specified in the order (as applicable) and any other information requested by the CO needed to approve or disapprove the proposed substitution. The CO will evaluate such requests and promptly notify the contractor of approval or disapproval thereof in writing.16. Confidentiality And Nondisclosure16.1. It is agreed that: The preliminary and final deliverables, and all associated working papers, application source code, and other material deemed relevant by VA which have been generated by the contractor in the performance of this contract, are the exclusive property of the U.S. Government and shall be submitted to the Contracting Officer at the conclusion of the contract.16.2. The Contracting Officer will be the sole authorized official to release, verbally or in writing, any data, draft deliverables, final deliverables, or any other written or printed materials pertaining to this contract. No information shall be released by the contractor. Any request for information relating to this contract, presented to the contractor, shall be submitted to the Contracting Officer for response.16.3. Press releases, marketing material, or any other printed or electronic documentation related to this project, shall not be publicized without the written approval of the Contracting Officer. 510.224-1 Privacy Act Notification. As prescribed in 24.104, insert the following clause in solicitations and contracts, when the design, development, or operation of a system of records on individuals is required to accomplish an agency function: Privacy Act Notification (Apr 1984) The Contractor will be required to design, develop, or operate a system of records on individuals, to accomplish an agency function subject to the Privacy Act of 1974, Public Law 93-579, December 31, 1974 (5 U.S.C. 552a) and applicable agency regulations. Violation of the Act may involve the imposition of criminal penalties. (End of clause) 510.224-2 Privacy Act. As prescribed in 24.104, insert the following clause in solicitations and contracts, when the design, development, or operation of a system of records on individuals is required to accomplish an agency function: Privacy Act (Apr 1984) (a) The Contractor agrees to— (1) Comply with the Privacy Act of 1974 (the Act) and the agency rules and regulations issued under the Act in the design, development, or operation of any system of records on individuals to accomplish an agency function when the contract specifically identifies— (i) The systems of records; and (ii) The design, development, or operation work that the contractor is to perform; (2) Include the Privacy Act notification contained in this contract in every solicitation and resulting subcontract and in every subcontract awarded without a solicitation, when the work statement in the proposed subcontract requires the redesign, development, or operation of a system of records on individuals that is subject to the Act; and (3) Include this clause, including this paragraph (3), in all subcontracts awarded under this contract which requires the design, development, or operation of such a system of records. (b) In the event of violations of the Act, a civil action may be brought against the agency involved when the violation concerns the design, development, or operation of a system of records on individuals to accomplish an agency function, and criminal penalties may be imposed upon the officers or employees of the agency when the violation concerns the operation of a system of records on individuals to accomplish an agency function. For purposes of the Act, when the contract is for the operation of a system of records on individuals to accomplish an agency function, the Contractor is considered to be an employee of the agency. (c)(1) “Operation of a system of records,” as used in this clause, means performance of any of the activities associated with maintaining the system of records, including the collection, use, and dissemination of records. (2) “Record,” as used in this clause, means any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, education, financial transactions, medical history, and criminal or employment history and that contains the person’s name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a fingerprint or voiceprint or a photograph. (3) “System of records on individuals,” as used in this clause, means a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual.17. Contract Security:VA Information and Information System Security/Privacy Language for Contracted Personnel from VA Handbook 6500.6, Contract Security, Appendix C:GeneralContractors, contractor personnel, subcontractors, and subcontractor personnel shall be subject to the same Federal laws, regulations, standards, and VA Directives and Handbooks as VA and VA personnel regarding information and information system security.Access To VA Information And VA Information SystemsA contractor/subcontractor shall request logical (technical) or physical access to VA information and VA information systems for their employees, subcontractors, and affiliates only to the extent necessary to perform the services specified in the contract, agreement, or task order.All contractors, subcontractors, and third-party servicers and associates working with VA information are subject to the same investigative requirements as those of VA appointees or employees who have access to the same types of information. The level and process of background security investigations for contractors must be in accordance with VA Directive and Handbook 0710, Personnel Suitability and Security Program. The Office for Operations, Security, and Preparedness is responsible for these policies and procedures.Contract personnel who require access to national security programs must have a valid security clearance. National Industrial Security Program (NISP) was established by Executive Order 12829 to ensure that cleared U.S. defense industry contract personnel safeguard the classified information in their possession while performing work on contracts, programs, bids, or research and development efforts. The Department of Veterans Affairs does not have a Memorandum of Agreement with Defense Security Service (DSS). Verification of a Security Clearance must be processed through the Special Security Officer located in the Planning and National Security Service within the Office of Operations, Security, and Preparedness.Custom software development and outsourced operations must be located in the U.S. to the maximum extent practical. If such services are proposed to be performed abroad and are not disallowed by other VA policy or mandates, the contractor/subcontractor must state where all non-U.S. services are provided and detail a security plan, deemed to be acceptable by VA, specifically to address mitigation of the resulting problems of communication, control, data protection, and so forth. Location within the U.S. may be an evaluation factor.The contractor or subcontractor must notify the Contracting Officer immediately when an employee working on a VA system or with access to VA information is reassigned or leaves the contractor or subcontractor’s employ. The Contracting Officer must also be notified immediately by the contractor or subcontractor prior to an unfriendly termination.3. VA Information Custodial LanguageInformation made available to the contractor or subcontractor by VA for the performance or administration of this contract or information developed by the contractor/subcontractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the contractor/subcontractor's rights to use data as described in Rights in Data - General, FAR 52.227-14(d) (1).VA information should not be co-mingled, if possible, with any other data on the contractors/subcontractor’s information systems or media storage systems in order to ensure VA requirements related to data protection and media sanitization can be met. If co-mingling must be allowed to meet the requirements of the business need, the contractor must ensure that VA’s information is returned to the VA or destroyed in accordance with VA’s sanitization requirements. VA reserves the right to conduct onsite inspections of contractor and subcontractor IT resources to ensure data security controls, separation of data and job duties, and destruction/media sanitization procedures are in compliance with VA directive requirements.Prior to termination or completion of this contract, contractor/subcontractor must not destroy information received from VA, or gathered/created by the contractor in the course of performing this contract without prior written approval by the VA. Any data destruction done on behalf of VA by a contractor/subcontractor must be done in accordance with National Archives and Records Administration (NARA) requirements as outlined in VA Directive 6300, Records and Information Management and its Handbook 6300.1 Records Management Procedures, applicable VA Records Control Schedules, and VA Handbook 6500.1, Electronic Media Sanitization. Self-certification by the contractor that the data destruction requirements above have been met must be sent to the VA Contracting Officer within 30 days of termination of the contract.The contractor/subcontractor must receive, gather, store, back up, maintain, use, disclose and dispose of VA information only in compliance with the terms of the contract and applicable Federal and VA information confidentiality and security laws, regulations and policies. If Federal or VA information confidentiality and security laws, regulations and policies become applicable to the VA information or information systems after execution of the contract, or if NIST issues or updates applicable FIPS or Special Publications (SP) after execution of this contract, the parties agree to negotiate in good faith to implement the information confidentiality and security laws, regulations and policies in this contract.The contractor/subcontractor shall not make copies of VA information except as authorized and necessary to perform the terms of the agreement or to preserve electronic information stored on contractor/subcontractor electronic storage media for restoration in case any electronic equipment or data used by the contractor/subcontractor needs to be restored to an operating state. If copies are made for restoration purposes, after the restoration is complete, the copies must be appropriately destroyed.If VA determines that the contractor has violated any of the information confidentiality, privacy, and security provisions of the contract, it shall be sufficient grounds for VA to withhold payment to the contractor or third party or terminate the contract for default or terminate for cause under Federal Acquisition Regulation (FAR) part 12.If a VHA contract is terminated for cause, the associated BAA must also be terminated and appropriate actions taken in accordance with VHA Handbook 1600.01, Business Associate Agreements. Absent an agreement to use or disclose protected health information, there is no business associate relationship.The contractor/subcontractor must store, transport, or transmit VA sensitive information in an encrypted form, using VA-approved encryption tools that are, at a minimum, FIPS 140-2 validated.The contractor/subcontractor’s firewall and Web services security controls, if applicable, shall meet or exceed VA’s minimum requirements. VA Configuration Guidelines are available upon request.Except for uses and disclosures of VA information authorized by this contract for performance of the contract, the contractor/subcontractor may use and disclose VA information only in two other situations: (i) in response to a qualifying order of a court of competent jurisdiction, or (ii) with VA’s prior written approval. The contractor/subcontractor must refer all requests for, demands for production of, or inquiries about, VA information and information systems to the VA contracting officer for response.Notwithstanding the provision above, the contractor/subcontractor shall not release VA records protected by Title 38 U.S.C. 5705, confidentiality of medical quality assurance records and/or Title 38 U.S.C. 7332, confidentiality of certain health records pertaining to drug addiction, sickle cell anemia, alcoholism or alcohol abuse, or infection with human immunodeficiency virus. If the contractor/subcontractor is in receipt of a court order or other requests for the above mentioned information, that contractor/subcontractor shall immediately refer such court orders or other requests to the VA contracting officer for response.For service that involves the storage, generating, transmitting, or exchanging of VA sensitive information but does not require C&A or an MOU-ISA for system interconnection, the contractor/subcontractor must complete a Contractor Security Control Assessment (CSCA) on a yearly basis and provide it to the COR.4. Security Incident InvestigationThe term “security incident” means an event that has, or could have, resulted in unauthorized access to, loss or damage to VA assets, or sensitive information, or an action that breaches VA security procedures. The contractor/subcontractor shall immediately notify the COR and simultaneously, the designated ISO and Privacy Officer for the contract of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information, including that contained in system(s) to which the contractor/subcontractor has access.To the extent known by the contractor/subcontractor, the contractor/subcontractor’s notice to VA shall identify the information involved, the circumstances surrounding the incident (including to whom, how, when, and where the VA information or assets were placed at risk or compromised), and any other information that the contractor/subcontractor considers relevant.With respect to unsecured protected health information, the business associate is deemed to have discovered a data breach when the business associate knew or should have known of a breach of such information. Upon discovery, the business associate must notify the covered entity of the breach. Notifications need to be made in accordance with the executed business associate agreement.In instances of theft or break-in or other criminal activity, the contractor/subcontractor must concurrently report the incident to the appropriate law enforcement entity (or entities) of jurisdiction, including the VA OIG and Security and Law Enforcement. The contractor, its employees, and its subcontractors and their employees shall cooperate with VA and any law enforcement authority responsible for the investigation and prosecution of any possible criminal law violation(s) associated with any incident. The contractor/subcontractor shall cooperate with VA in any civil litigation to recover VA information, obtain monetary or other compensation from a third party for damages arising from any incident, or obtain injunctive relief against any third party arising from, or related to, the incident.5. Liquidated Damages For Data BreachConsistent with the requirements of 38 U.S.C. §5725, a contract may require access to sensitive personal information. If so, the contractor is liable to VA for liquidated damages in the event of a data breach or privacy incident involving any SPI the contractor/subcontractor processes or maintains under this contract.The contractor/subcontractor shall provide notice to VA of a “security incident” as set forth in the Security Incident Investigation section above. Upon such notification, VA must secure from a non-Department entity or the VA Office of Inspector General an independent risk analysis of the data breach to determine the level of risk associated with the data breach for the potential misuse of any sensitive personal information involved in the data breach. The term 'data breach' means the loss, theft, or other unauthorized access, or any access other than that incidental to the scope of employment, to data containing sensitive personal information, in electronic or printed form, that results in the potential compromise of the confidentiality or integrity of the data. Contractor shall fully cooperate with the entity performing the risk analysis. Failure to cooperate may be deemed a material breach and grounds for contract termination.Each risk analysis shall address all relevant information concerning the data breach, including the following:(1) Nature of the event (loss, theft, unauthorized access);(2) Description of the event, including:date of occurrence;data elements involved, including any PII, such as full name, social security number, date of birth, home address, account number, disability code;(3) Number of individuals affected or potentially affected;(4) Names of individuals or groups affected or potentially affected;(5) Ease of logical data access to the lost, stolen or improperly accessed data in light of the degree of protection for the data, e.g., unencrypted, plain text;(6) Amount of time the data has been out of VA control;(7) The likelihood that the sensitive personal information will or has been compromised (made accessible to and usable by unauthorized persons);Known misuses of data containing sensitive personal information, if any;Assessment of the potential harm to the affected individuals;Data breach analysis as outlined in 6500.2 Handbook, Management of Security and Privacy Incidents, as appropriate; andWhether credit protection services may assist record subjects in avoiding or mitigating the results of identity theft based on the sensitive personal information that may have been compromised.d. Based on the determinations of the independent risk analysis, the contractor shall be responsible for paying to the VA liquidated damages in the amount of $37.50 per affected individual to cover the cost of providing credit protection services to affected individuals consisting of the following:Notification;One year of credit monitoring services consisting of automatic daily monitoring of at least 3 relevant credit bureau reports;Data breach analysis;Fraud resolution services, including writing dispute letters, initiating fraud alerts and credit freezes, to assist affected individuals to bring matters to resolution;One year of identity theft insurance with $20,000.00 coverage at $0 deductible; andNecessary legal expenses the subjects may incur to repair falsified or damaged credit records, histories, or financial affairs.6. Traininga. All contractor employees and subcontractor employees requiring access to VA information and VA information systems shall complete the following before being granted access to VA information and its systems:Sign and acknowledge (either manually or electronically) understanding of and responsibilities for compliance with the Contractor Rules of Behavior relating to access to VA information and information systems;Successfully complete the VA Privacy and Information Security Awareness and Rules of Behavior training and annually complete required security/privacy training; andSuccessfully complete any additional cyber security or privacy training, as required for VA personnel with equivalent information system access [to be defined by the VA program official and provided to the contracting officer for inclusion in the solicitation document – e.g., any role-based information security training required in accordance with NIST Special Publication 800-16, Information Technology Security Training Requirements.]b. The contractor shall provide to the contracting officer and/or the COR a copy of the training certificate and certification of signing the Contractor Rules of Behavior for each applicable employee within 1 week of the initiation of the contract and annually thereafter, as required.c. Failure to complete the mandatory annual training and sign the Contractor Rules of Behavior annually, within the timeframe required, is grounds for suspension or termination of all physical or electronic access privileges and removal from work on the contract until such time as the training and documents are complete.Contractor Personnel Security Background Investigations and Special Agreement Checks (SAC)All contractor employees are subject to the same level of investigation as VA employees who have access to VA Sensitive Information and VA information systems. The position sensitivity for this effort has been designated as <LOW RISK> and the level of background investigation is <National Agency Check With Written Inquiries (NACI)>. This requirement is applicable to all subcontractor personnel requiring the same access. (2) The contractor employee is required to submit all requested paperwork to appropriate VA staff for the background investigation within requested timeframe. Contractor Responsibilities(1) Background investigations from investigating agencies other than OPM are permitted if the agencies possess an OPM and Defense Security Service certification. Security and Investigations Center staff will verify the information and advise the contracting officer whether access to the computer systems can be authorized.(2) The contractor shall prescreen all personnel requiring access to the computer systems to ensure they maintain a U.S. citizenship and are able to read, write, speak and understand the English language without the use of an interpreter.(3) The contractor, when notified of an unfavorable determination by the Government, shall withdraw the employee from consideration from working under the contract. (4) Failure to comply with the contractor personnel security requirements may result in termination of the contract for default. (5) The contractor will be responsible for the actions of all individuals provided to work for the VA under this contract. In the event that damages arise from work performed by contractor provided personnel, under the auspices of this contract, the contractor will be responsible for all resources necessary to remedy the ernment Responsibilities(1) The VA Security and Investigations Center (07C) will provide the necessary forms to the contractor or to the contractor's employees after receiving a list of names and addresses. (2) Upon receipt, the VA Security and Investigations Center (07C) will review the completed forms for accuracy and forward the forms to OPM to conduct the background investigation. (3) The VA facility will pay for investigations conducted by the OPM.(4) The VA Security and Investigations Center (07C) will notify the contracting officer and contractor after adjudicating the results of the background investigations received from OPM. INTERNET/INTRANETThe contractor shall comply with Department of Veterans Affairs (VA) Directive 6102 and VA Handbook 6102 (Internet/Intranet Services).VA Directive 6102 sets forth policies and responsibilities for the planning, design, maintenance support, and any other functions related to the administration of a VA Internet/Intranet Service Site or related service (hereinafter referred to as Internet). This directive applies to all organizational elements in the Department. This policy applies to all individuals designing and/or maintaining VA Internet Service Sites; including but not limited to full time and part time employees, contractors, interns, and volunteers. This policy applies to all VA Internet/Intranet domains and servers that utilize VA resources. This includes but is not limited to and other extensions such as, “.com, .edu, .mil, .net, .org,” and personal Internet service pages managed from individual workstations.VA Handbook 6102 establishes Department-wide procedures for managing, maintaining, establishing, and presenting VA Internet/Intranet Service Sites or related services (hereafter referred to as “Internet”). The handbook implements the policies contained in VA Directive 6102, Internet/Intranet Services. This includes, but is not limited to, File Transfer Protocol (FTP), Hypertext Markup Language (HTML), Simple Mail Transfer Protocol (SMTP), Web pages, Active Server Pages (ASP), e-mail forums, and list servers. VA Directive 6102 and VA Handbook 6102 are available at: Internet/Intranet Services Directive 6102 Services Handbook 6102 In addition, any technologies that enable a Network Delivered Application (NDA) to access or modify resources of the local machine that are outside of the browser's?”sand box" are strictly prohibited. Specifically, this prohibition includes signed-applets or any ActiveX controls delivered through a browser's session. ActiveX is expressly forbidden within the VA while .NET is allowed only when granted a waiver by the VA CIO *PRIOR* to use.JavaScript is the preferred language standard for developing relatively simple interactions (i.e., forms validation, interactive menus, etc.) and Applets (J2SE APIs and Java Language) for complex network delivered applications. ................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- home veterans affairs
- usb flash drive user guide
- vba irm directive no 0 00 00title veterans affairs
- image of the va seal
- vba irm handbook no 00 00 00title of handbook heading 1
- veterans affairs
- department of veterans affairs va st louis hcs
- ccsp application procedures
- ees training brochure va talent management system
Related searches
- department of veterans affairs resume
- veterans affairs outlook web access
- veterans affairs outlook webmail
- veterans affairs employee email access
- my pay veterans affairs employees
- department of veterans affairs fms
- veterans affairs email access
- dept veterans affairs co pay
- veterans affairs webmail access
- veterans affairs email directory
- veterans affairs intranet for employees
- veterans affairs employee directory