Www.vendorportal.ecms.va.gov



PERFORMANCE WORK STATEMENT (PWS)DEPARTMENT OF VETERANS AFFAIRSVeteran’s Health Administration (VHA)VISN 19 Real Time Location System (RTLS)Asset Tracking ExpansionDate: August 19, 2019TAC-19-55806PWS Version Number: 1.8 Contents TOC \o "1-4" \h \z \u 1.0BACKGROUND PAGEREF _Toc17360746 \h 41.1WORK ALREADY COMPLETED UNDER NATIONAL RTLS CONTRACT PAGEREF _Toc17360747 \h 52.0APPLICABLE DOCUMENTS PAGEREF _Toc17360748 \h 63.0SCOPE OF WORK PAGEREF _Toc17360749 \h 93.1CONTRACT TYPE PAGEREF _Toc17360750 \h 104.0PERFORMANCE DETAILS PAGEREF _Toc17360751 \h 104.1PERFORMANCE PERIOD PAGEREF _Toc17360752 \h 104.2PLACE OF PERFORMANCE PAGEREF _Toc17360753 \h 104.3TRAVEL PAGEREF _Toc17360754 \h 115.0SPECIFIC TASKS AND DELIVERABLES PAGEREF _Toc17360755 \h 125.1PROJECT MANAGEMENT PAGEREF _Toc17360756 \h 135.1.1CONTRACTOR PROJECT MANAGEMENT PLAN PAGEREF _Toc17360757 \h 135.1.2REPORTING REQUIREMENTS PAGEREF _Toc17360758 \h 135.1.3IMPLEMENTATION MANAGER PAGEREF _Toc17360759 \h 145.1.4TECHNICAL KICKOFF MEETING PAGEREF _Toc17360760 \h 145.2SITE ASSESSMENT PAGEREF _Toc17360761 \h 145.2.1WIRELESS TECHNOLOGY PAGEREF _Toc17360762 \h 155.3RTLS DESIGN PAGEREF _Toc17360763 \h 155.3.1RTLS TIME STAMP PAGEREF _Toc17360764 \h 155.3.2HARDWARE DESIGN PAGEREF _Toc17360765 \h 155.3.2.1HARDWARE DESIGN DOCUMENT PAGEREF _Toc17360766 \h 165.4HARDWARE PAGEREF _Toc17360767 \h 175.5INSTALL AND TAGGING PAGEREF _Toc17360768 \h 175.5.1INFRASTRUCTURE INSTALLTION PAGEREF _Toc17360769 \h 175.5.2ASSET TAGGING PAGEREF _Toc17360770 \h 185.6FINGERPRINTING PAGEREF _Toc17360771 \h 195.7SOFTWARE PAGEREF _Toc17360772 \h 195.7.1USER INTERFACE PAGEREF _Toc17360773 \h 195.7.2VISTA INTERFACES PAGEREF _Toc17360774 \h 195.8SOFTWARE CONFIGURATION & Maintenance PAGEREF _Toc17360775 \h 205.8.1CENTRAK SOFTWARE CONFIGURATION PAGEREF _Toc17360776 \h 205.8.2INTELLIGENT INSITES SOFTWARE CONFIGURATION PAGEREF _Toc17360777 \h 205.8.3SYSTEM ADMINISTRATION PAGEREF _Toc17360778 \h 215.9FACILITY ACCEPTANCE TESTING PAGEREF _Toc17360779 \h 215.10TRAINING PAGEREF _Toc17360780 \h 225.10.1SYSTEM USER TRAINING PAGEREF _Toc17360781 \h 235.10.2TECHNICAL MAINTENANCE AND REPAIR TRAINING PAGEREF _Toc17360782 \h 235.10.3SYSTEM ADMINISTRATOR TRAINING PAGEREF _Toc17360783 \h 245.11TRANSITION PLANNING PAGEREF _Toc17360784 \h 245.12SYSTEM ACCEPTANCE PAGEREF _Toc17360785 \h 255.13WARRANTY SERVICES PAGEREF _Toc17360786 \h 256.0GENERAL REQUIREMENTS PAGEREF _Toc17360787 \h 256.1ENTERPRISE AND IT FRAMEWORK PAGEREF _Toc17360788 \h 256.1.1VA TECHNICAL REFERENCE MODEL PAGEREF _Toc17360789 \h 266.1.2FEDERAL IDENTITY, CREDENTIAL, AND ACCESS MANAGEMENT (FICAM) PAGEREF _Toc17360790 \h 266.1.3INTERNET PROTOCOL VERSION 6 (IPV6) PAGEREF _Toc17360791 \h 276.1.4TRUSTED INTERNET CONNECTION (TIC) PAGEREF _Toc17360792 \h 286.1.5STANDARD COMPUTER CONFIGURATION PAGEREF _Toc17360793 \h 286.1.6VETERAN FOCUSED INTEGRATION PROCESS (VIP) PAGEREF _Toc17360794 \h 296.1.7PROCESS ASSETT LIBRARY (PAL) PAGEREF _Toc17360795 \h 296.1.8AUTHORITATIVE DATA SOURCES PAGEREF _Toc17360796 \h 296.2SECURITY AND PRIVACY REQUIREMENTS PAGEREF _Toc17360797 \h 306.2.1POSITION/TASK RISK DESIGNATION LEVEL(S) PAGEREF _Toc17360798 \h 306.2.2CONTRACTOR PERSONNEL SECURITY REQUIREMENTS PAGEREF _Toc17360799 \h 316.2.2.1CONTRACTOR TRAINING REQUIREMENTS PAGEREF _Toc17360800 \h 336.3METHOD AND DISTRIBUTION OF DELIVERABLES PAGEREF _Toc17360801 \h 336.4PERFORMANCE METRICS PAGEREF _Toc17360802 \h 336.5FACILITY/RESOURCE PROVISIONS PAGEREF _Toc17360803 \h 356.6GOVERNMENT FURNISHED PROPERTY PAGEREF _Toc17360804 \h 366.7SHIPMENT OF HARDWARE OR EQUIPMENT PAGEREF _Toc17360805 \h 37ADDENDUM A – ADDITIONAL VA REQUIREMENTS, CONSOLIDATED PAGEREF _Toc17360806 \h 37ADDENDUM B – VA INFORMATION AND INFORMATION SYSTEM SECURITY/PRIVACY LANGUAGE PAGEREF _Toc17360807 \h 45BACKGROUNDThe mission of the Department of Veterans Affairs (VA) Veterans Health Administration (VHA) is to provide benefits and services to Veterans of the United States.? In meeting these goals, VHA strives to provide high quality, effective, and efficient services to those responsible for providing care to the Veterans at the point-of-care as well as throughout all the points of the Veterans’ health care in an effective, timely and compassionate manner.Real Time Location System (RTLS) Asset Tracking (AT) capability is currently provided by CenTrak RTLS Technology and Intelligent InSites Middleware in the VA Medical Centers and by OATSystems in the VA Consolidated Mail Order Pharmacies (CMOPs). Both are supplemented via the Intelligent InSites Asset Management Business Intelligent (BI) Solution. RTLS technology combines a variety of signaling and wireless communication methods to determine the location of tagged assets. Knowing the location of tagged assets can be used to speed up annual inventory, locate equipment, reduce theft/loss, track patients and track staff to improve workflow.Active RTLS technology uses tags that transmit a Radio Frequency Identification (RFID) through Wi-Fi at a regular interval. The same tags may also listen for and report the receipt of other signaling technologies like Infrared (IR) or Low Frequency (LF) emitters. These technologies are designed for room level accuracy. VA’s Asset Tracking solution uses Active Tags. At those Veteran Integrated Service Network (VISN) facilities currently operating AT, AT data is collected and transferred from the CenTrak system to the Intelligent InSites system. InSites for AT is an RTLS specific Business Intelligent platform that leverages location-based data to provide users with the following information:A real-time Graphical User Interface (GUI) display of location status for individual assetsA set of statistically based reports and dashboards that present the state of the RTLS inventory, as well as the employment of individual assets.RTLS users may access and use individual application functionality directly from CenTrak or from InSites. The InSites implementation can also be interfaced to VA’s Veterans Information Systems and Technology Architecture (VISTA) Automated Engineering Management System /Medical Equipment Reporting System (AEMS/MERS). AEMS-MERS is a VISTA legacy package that supports IT Equipment management, transfer and tracking. Currently, MuleSoft Enterprise Service Bus (ESB) is deployed as part of the interface solution to VISTA.Two peripheral, but important components of the RTLS infrastructure not previously noted is their use of Storage Area Network (SAN) subsystems and F5 load balancers. The VISN RTLS Server Infrastructure SAN has 21 Terabytes (TBs) of space, while the VA Medical Center (VAMC) SANs have 7 TBs. Also, a pair of F5 Load Balancers are deployed in the server rack of each VISN, VISN Disaster Recovery (DR) and CMOP configuration. The Muskogee and Oklahoma City locations utilize the VISN 16 infrastructure on the Austin Information Technology Center (AITC). WORK ALREADY COMPLETED UNDER NATIONAL RTLS CONTRACT The work completed by Centrak and Intelligent Insite included Facility IDFacility NameAT Status436-FHMMontana HCSImplementation complete575-GRJGrand Junction VAMCImplementation complete623-MUSEastern Oklahoma VAMCImplementation complete635-OKCOklahoma City VAMCImplementation complete666-SHESheridan VAMCImplementation complete660-SLCSalt Lake City HCSImplementation in progress442-CHYCheyenne VAMCImplementation in progressFor V19 sites listed as ‘Implementation complete’ in Table 1, initial deployment of the RTLS system is complete and sites are currently utilizing the system. Initial deployment of the system covered targeted areas of the medical center. The purpose of this procurement is to extend coverage areas, configure existing hardware that is not yet configured, and re-configure system software to meet facility needs. Sites listed as ‘Implementation in progress’ in Table 1Procured, installed and configured the Data Center and site level VAMC server hardware to include standing up virtual machines and Structured Query Language (SQL) databases for production and pre-production platformsAll Data Center and site level VAMC software solutions are installed at sitesPreliminary work to support configuration of the facility space file Centrak Clinical Grade Location hardware installed per the VAMC RTLS Hardware Deployment Design Document (See Section 6.6 Government Furnished Information). Insites performed configuration work such as Map Regioning and Map Rendering. (See Attachment V - Facility Rendered Maps)The Vista Interface Package was designed, developed and accepted under a separate Enterprise System Engineering (ESE) Task Order (TO). Sites at which ‘No Implementation’ has occurred thus far include 3 expected sites but are subject to change based on VA needs.APPLICABLE DOCUMENTSIn the performance of the tasks associated with this Performance Work Statement, the Contractor shall comply with the following:44 U.S.C. § 3541-3549,?“Federal Information Security Management Act (FISMA) of 2002”“Federal Information Security Modernization Act of 2014”Federal Information Processing Standards (FIPS) Publication 140-2, “Security Requirements For Cryptographic Modules”FIPS Pub 199. Standards for Security Categorization of Federal Information and Information Systems, February 2004FIPS Pub 200, Minimum Security Requirements for Federal Information and Information Systems, March 2016FIPS Pub 201-2, “Personal Identity Verification of Federal Employees and Contractors,” August 201310 U.S.C. § 2224, "Defense Information Assurance Program"Carnegie Mellon Software Engineering Institute, Capability Maturity Model? Integration for Development (CMMI-DEV), Version 1.3 November 2010; and Carnegie Mellon Software Engineering Institute, Capability Maturity Model? Integration for Acquisition (CMMI-ACQ), Version 1.3 November 20105 U.S.C. § 552a, as amended, “The Privacy Act of 1974” Public Law 109-461, Veterans Benefits, Health Care, and Information Technology Act of 2006, Title IX, Information Security Matters42 U.S.C. § 2000d “Title VI of the Civil Rights Act of 1964”VA Directive 0710, “Personnel Security and Suitability Program,” June 4, 2010, Handbook 0710, Personnel Security and Suitability Security Program, May 2, 2016, HYPERLINK "" \o "VA Publications Homepage" Directive and Handbook 6102, “Internet/Intranet Services,” July 15, 200836 C.F.R. Part 1194 “Electronic and Information Technology Accessibility Standards,” July 1, 2003Office of Management and Budget (OMB) Circular A-130, “Managing Federal Information as a Strategic Resource,” July 28, 201632 C.F.R. Part 199, “Civilian Health and Medical Program of the Uniformed Services (CHAMPUS)”An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, October 2008Sections 504 and 508 of the Rehabilitation Act (29 U.S.C. § 794d), as amended, January 18, 2017Homeland Security Presidential Directive (12) (HSPD-12), August 27, 2004VA Directive 6500, “Managing Information Security Risk: VA Information Security Program,” September 20, 2012VA Handbook 6500, “Risk Management Framework for VA Information Systems – Tier 3: VA Information Security Program,” March 10, 2015VA Handbook 6500.1, “Electronic Media Sanitization,” November 03, 2008VA Handbook 6500.2, “Management of Breaches Involving Sensitive Personal Information (SPI)”, July 28, 2016VA Handbook 6500.3, “Assessment, Authorization, And Continuous Monitoring Of VA Information Systems,” February 3, 2014VA Handbook 6500.5, “Incorporating Security and Privacy in System Development Lifecycle”, March 22, 2010VA Handbook 6500.6, “Contract Security,” March 12, 2010VA Handbook 6500.8, “Information System Contingency Planning”, April 6, 2011OI&T Process Asset Library (PAL), . Reference Process Maps at and Artifact templates at Technical Reference Model (TRM) (reference at )VA Directive 6508, “Implementation of Privacy Threshold Analysis and Privacy Impact Assessment,” October 15, 2014VA Handbook 6508.1, “Procedures for Privacy Threshold Analysis and Privacy Impact Assessment,” July 30, 2015VA Handbook 6510, “VA Identity and Access Management”, January 15, 2016VA Directive 6300, Records and Information Management, February 26, 2009VA Handbook, 6300.1, Records Management Procedures, March 24, 2010NIST SP 800-37 Rev 1, Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach, June 5, 2014NIST SP 800-53 Rev. 4, Security and Privacy Controls for Federal Information Systems and Organizations, January 22, 2015OMB Memorandum, “Transition to IPv6”, September 28, 2010VA Directive 0735, Homeland Security Presidential Directive 12 (HSPD-12) Program, October 26, 2015VA Handbook 0735, Homeland Security Presidential Directive 12 (HSPD-12) Program, March 24, 2014OMB Memorandum M-06-18, Acquisition of Products and Services for Implementation of HSPD-12, June 30, 2006OMB Memorandum 04-04, E-Authentication Guidance for Federal Agencies, December 16, 2003OMB Memorandum 05-24, Implementation of Homeland Security Presidential Directive (HSPD) 12 – Policy for a Common Identification Standard for Federal Employees and Contractors, August 5, 2005OMB memorandum M-11-11, “Continued Implementation of Homeland Security Presidential Directive (HSPD) 12 – Policy for a Common Identification Standard for Federal Employees and Contractors, February 3, 2011OMB Memorandum, Guidance for Homeland Security Presidential Directive (HSPD) 12 Implementation, May 23, 2008Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance, December 2, 2011NIST SP 800-116 Rev 1, Guidelines for the Use of Personal Identity Verification (PIV) Credentials in Facility Access, June 2018OMB Memorandum M-07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information, May 22, 2007NIST SP 800-63-3, 800-63A, 800-63B, 800-63C, Digital Identity Guidelines, June 2017NIST SP 800-157, Guidelines for Derived PIV Credentials, December 2014NIST SP 800-164, Guidelines on Hardware-Rooted Security in Mobile Devices (Draft), October 2012Draft National Institute of Standards and Technology Interagency Report (NISTIR) 7981 Mobile, PIV, and Authentication, March 2014VA Memorandum, VAIQ #7100147, Continued Implementation of Homeland Security Presidential Directive 12 (HSPD-12), April 29, 2011 (reference )IAM Identity Management Business Requirements Guidance document, May 2013, (reference Enterprise Architecture Section, PIV/IAM (reference )VA Memorandum “Mandate to meet PIV Requirements for New and Existing Systems” (VAIQ# 7712300), June 30, 2015, Internet Connections (TIC) Reference Architecture Document, Version 2.2, Federal Interagency Technical Reference Architectures, Department of Homeland Security, June 19, 2017, HYPERLINK "" \o "Link to TIC Reference Architecture Document" Memorandum M-08-05, “Implementation of Trusted Internet Connections (TIC), November 20, 2007OMB Memorandum M-08-23, Securing the Federal Government’s Domain Name System Infrastructure, August 22, 2008VA Memorandum, VAIQ #7497987, Compliance – Electronic Product Environmental Assessment Tool (EPEAT) – IT Electronic Equipment, August 11, 2014 (reference Document Libraries, EPEAT/Green Purchasing Section, ) Sections 524 and 525 of the Energy Independence and Security Act of 2007, (Public Law 110–140), December 19, 2007Section 104 of the Energy Policy Act of 2005, (Public Law 109–58), August 8, 2005Executive Order 13834, “Efficient Federal Operations”, dated May 17, 2018Executive Order 13221, “Energy-Efficient Standby Power Devices,” August 2, 2001VA Directive 0058, “VA Green Purchasing Program”, July 19, 2013VA Handbook 0058, “VA Green Purchasing Program”, July 19, 2013Office of Information Security (OIS) VAIQ #7424808 Memorandum, “Remote Access”, January 15, 2014, Act of 1996, 40 U.S.C. §11101 and §11103VA Memorandum, “Implementation of Federal Personal Identity Verification (PIV) Credentials for Federal and Contractor Access to VA IT Systems”, (VAIQ# 7614373) July 9, 2015, Memorandum “Mandatory Use of PIV Multifactor Authentication to VA Information System” (VAIQ# 7613595), June 30, 2015, Memorandum “Mandatory Use of PIV Multifactor Authentication for Users with Elevated Privileges” (VAIQ# 7613597), June 30, 2015; “Veteran Focused Integration Process (VIP) Guide 3.2”, December 2018, “VIP Release Process Guide”, Version 1.4, May 2016, “POLARIS User Guide”, Version 1.9, March 2017, Memorandum “Use of Personal Email (VAIQ #7581492)”, April 24, 2015, OF WORKThe Contractor shall provide and/or acquire the services, hardware, and software required by individual Task Orders to enable VHA to procure solutions and technical expertise across the suite of RFID/RTLS enabling technologies to support the needs at individual VA medical facilities within VISN 19. Contracts awarded will be Indefinite-Delivery-Indefinite-Quantity (IDIQ) contracts that will provide RTLS hardware, software, documentation, and, incidental services to authorized users in VHA. Incidental services include end user acceptance testing, training, warranty and maintenance services, and technical engineering services. Hardware and software delivery and installation, as well as performance of associated acceptance testing, training and warranty and maintenance services, will be required at the VISN 19 sites. The scope of this contract includes 10 sites within VISN 19, including up to three sites that have no implementation. Work can include expansion of current sites, completion of implementation already started, and new implementations (See section 1.1).CONTRACT TYPEThis is an IDIQ contract. Individual Task Orders shall be issued on a performance-based Firm Fixed Price (FFP) basis.PERFORMANCE DETAILSPERFORMANCE PERIODThe ordering period shall be 3 years from the date of award. The period of performance for any task order may go up to 12 months beyond the last day of the ordering period. Any work at the Government site shall not take place on Federal holidays or weekends unless directed by the Contracting Officer (CO). There are ten (10) Federal holidays set by law (USC Title 5 Section 6103) that VA follows:Under current definitions, four are set by date:New Year's DayJanuary 1Independence DayJuly 4Veterans DayNovember 11Christmas DayDecember 25If any of the above falls on a Saturday, then Friday shall be observed as a holiday. Similarly, if one falls on a Sunday, then Monday shall be observed as a holiday.The other six are set by a day of the week and month:Martin Luther King's BirthdayThird Monday in JanuaryWashington's BirthdayThird Monday in FebruaryMemorial DayLast Monday in MayLabor DayFirst Monday in SeptemberColumbus DaySecond Monday in OctoberThanksgivingFourth Thursday in November PLACE OF PERFORMANCEThe place of performance shall be identified in individual Task Orders. Locations will be VISN 19 medical facilities detailed below along with ancillary space such as logistics and engineering functions supporting hospital operations. - The final three locations listed below are the expected sites, but are subject to change based on VA needs.Table 1 - VISN 19 FacilitiesFacility IDFacility NameAddress436-FHMMontana HCS3687 Veterans Drive Fort Harrison, MT 59636575-GRJGrand Junction VAMC2121 North Avenue Grand Junction, CO 81501623-MUSEastern Oklahoma VAMC1011 Honor Heights Dr.?Muskogee, OK 74401635-OKCOklahoma City VAMC921 NE 13th Street Oklahoma City, OK 73104666-SHESheridan VAMC1898 Fort Road Sheridan, WY 82801660-SLCSalt Lake City HCS500 Foothill Drive Salt Lake City, UT 84148442-CHYCheyenne VAMC2360 East Pershing Blvd Cheyenne, WY 82001554-ECHEastern Colorado HCS1700 N Wheeling St Aurora,?CO?80045436-FHMMontana HCS – Billings CBOC1775 Spring Creek Ln, Billings, MT 59102623-MUSEastern Oklahoma VAMC – Tulsa CBOCConstruction in progressTRAVELThe Government anticipates travel under this effort to perform the tasks associated with the effort. Include all estimated travel costs in your firm-fixed price line items. These costs will not be directly reimbursed by the Government.Anticipated locations and durations include the following. All durations are estimatesFort Harrison, MTSite Assessment – 3 daysHardware installation – 10 daysFacility acceptance testing – 3 daysGrand Junction, CO Site Assessment – 3 daysHardware installation – 15 daysFacility acceptance testing – 5 daysMuskogee, OKSite Assessment – 3 daysHardware installation – 10 daysFacility acceptance testing – 3 days Oklahoma City, OKSite Assessment – 3 daysHardware installation – 15 daysFacility acceptance testing – 5 days Sheridan, WYSite Assessment – 3 daysHardware installation – 15 daysFacility acceptance testing – 5 daysSalt Lake City, UT Site Assessment – 5 daysHardware validation, testing & installation – 20 daysAsset Tagging and Commissioning – 40 daysFacility acceptance testing – 5 daysAdditional hardware installation – 5 daysTraining – 5 daysCheyenne, WYSite Assessment – 3 daysHardware validation, testing & installation – 20 daysAsset Tagging and Commissioning – 35 daysFacility acceptance testing – 5 daysAdditional hardware installation – 5 daysTraining – 5 daysSPECIFIC TASKS AND DELIVERABLESThe Contractor shall perform the following:PROJECT MANAGEMENTCONTRACTOR PROJECT MANAGEMENT PLANThe Contractor shall deliver a Contractor Project Management Plan (CPMP) that lays out the Contractor’s approach, timeline and tools to be used in execution of the contract. ?The CPMP should take the form of both a narrative and graphic format that displays the schedule, milestones, risks and resource support.??The CPMP shall also include how the Contractor shall coordinate and execute planned, routine, and ad hoc data collection reporting requests as identified within the PWS. The Contractor shall update and maintain the VA PM approved CPMP throughout the PoP. In addition to the above, the CPMP shall contain an MS Project Schedule that 1.Contains Milestones and deliverable dates at each VISN Facility. 2.Contains Government dependencies (e.g., document acceptance) and be broken out by facility.Deliverable: Contractor Project Management PlanREPORTING REQUIREMENTSThe Contractor shall provide the COR with Monthly Progress Reports in electronic form in Microsoft Word and Project formats.? The report shall include detailed instructions/explanations for each required data element, to ensure that data is accurate and consistent. These reports shall reflect data as of the last day of the preceding Week.The Monthly Progress Reports shall cover all work completed during the reporting period and work planned for the subsequent reporting period.? The report shall also identify any problems that arose and a description of how the problems were resolved.? If problems have not been completely resolved, the Contractor shall provide an explanation including their plan and timeframe for resolving the issue. The Contractor shall monitor performance against the CPMP and report any deviations. It is expected that the Contractor will keep in communication with VA accordingly so that issues that arise are transparent to both parties to prevent escalation of outstanding issues. The Monthly Progress Report shall be required during active Task Orders. Deliverable:? Monthly Progress Report, Due the 15th day of each month throughout the PoP of the task orderIMPLEMENTATION MANAGERThe Contractor shall provide a single point of contact, an Implementation Manager, to oversee implementation of all Task Orders. The Contractor Implementation Manager shall be responsible for: Effectively communicating the project progress to VHA and VA Contractor team membersEnsuring proper deliverables are delivered to VHACoordinating, escalating, and resolving Contractor-related project issuesRepresenting the Contractor in status meetings and providing timely status reportsTECHNICAL KICKOFF MEETINGThe Contractor shall hold a technical kickoff meeting within 10 days after task order award, if requested by VA. The Contractor shall present, for review and approval by the Government, the details of the intended approach, work plan, and project schedule for each effort. The Contractor shall specify dates, locations (can be virtual), agenda (shall be provided to all attendees at least five (5) calendar days prior to the meeting), and meeting minutes (shall be provided to all attendees within three (3) calendar days after the meeting). The Contractor shall invite the Contracting Officer (CO), Contract Specialist (CS), COR, and the VA PM.SITE ASSESSMENTThe Contractor shall perform a detailed site assessment at the selected site from the Table in section 4.2. to provide a full scope of requirements for site needs. The Contractor shall coordinate with the COR and site POCs to schedule site assessments. The Contractor shall coordinate with the COR to conduct a pre-assessment conference call at least 2 weeks in advance of the site assessment. The call shall be attended by facility stakeholders and subcontractor(s). Coordination for at least 1 site assessment shall start by 9/30/2019. Anticipated expansion requirements are listed in Attachment I – RTLS Expansion Requirements. The Contractor shall provide the COR an AT Site Assessment Report that outlines all requirements per site to include hardware, software and service. Line items shall be listed in the format of the price cost schedule with the description of the item, quantity, cost per unit, and CLIN number. The Assessment Report shall include narrative and diagrams where appropriate to demonstrate understanding of the project goals. The assessment will include a timeline for the entire project lifecycle with the following milestones defined as a minimum. Milestones may be defined based on Task Order award date (e.x. 3 months after TO award date):Equipment installation startLimited installation capability demonstrationEquipment installation completionUser Acceptance TestingUser TrainingThe Contractor shall provide multiple offerings for the assessment to include a site assessment with CenTrak representation and a site assessment with Centrak and Intelligent InSites representation. Deliverable:AT Site Assessment ReportWIRELESS TECHNOLOGY The Contractor shall utilize the existing Wi-Fi infrastructure (See Attachment U - Facility AP design report) at each facility as the core active tag ranging and distance measurement (communication between tag and reader). The Contractor shall notify the Government when known existing Wi-Fi infrastructure at each facility is not available or is insufficient and supplemental technologies will be required where Wi-Fi is not available or insufficient to achieve the resolution objectives of the applications. Alternate solutions can be utilized/quoted if cheaper or more efficient than the use of VA wireless technology or in areas where there is not enough Wi-Fi Coverage e.g. supplemental clinical grade location hardware.RTLS DESIGNThe Contractor shall provide and install an RTLS system that meets all the requirements detailed below.RTLS TIME STAMP The Contractor shall ensure all applications synchronize with internal VISN Facility time standard. The synchronization of time on this network is critical in every aspect of managing, securing, planning, and debugging as it involves determining when an event happened.??HARDWARE DESIGN The Contractor shall provide and install all RTLS supporting hardware and components so as to blend in (or not be visible at all), with the general surface treatments of the facility.The Contractor shall install RTLS components so as to have minimal impact on the business operations of the facility and meet applicable infection control and health and safety requirements such as Joint Commission and local Infection Control Risk Assessment (ICRA) findings and standards. This installation shall occur during normal business hours. This may include use of containment units for any above the ceiling work.HARDWARE DESIGN DOCUMENTIf a Hardware Deployment Design Document (HDDD) does not exist for a facility, the Contractor shall develop and provide the document. If a HDDD exists for a facility (work completed under the National RTLS contract), the contractor shall update the existing document. VA will provide Attachment M - Facility RTLS Hardware Deployment Design Document for each of the facilities which illustrates the approved design and hardware installation. The Contractor shall update the HDDD throughout the remaining implementation so that it remains current with the existing design. The Preliminary HDDD shall include: Proposed quantity and location of supplemental Wi-Fi infrastructure to achieve the goals of the RTLS applications and room coverage requirements.Proposed changes, corrections and/or updates to the VA-provided maps and Engineering Space Files as noted during the Contractor’s site validation.Any other tools and templates that help to define the design (e.g., configuration, components, business rules, etc.) of the VISN RTLS to aid the VISN facility in making design decisions to achieve the goals of the proposed RTLS applications. RTLS Database Infrastructure – As designated by VA, as part of the Preliminary HDDD, the Contractor shall provide draft documentation of the Server configuration and architecture that will be configured and optimized to meet the needs of the facility. This draft documentation shall include:A diagram that lays out the server requirements at each location along with expected bandwidth utilization for the WAN links, expected application latency requirements, server specification (including power, BTUs, and network connections), provide the specification for the number of tags that can be supported per serverAll servers provided must operate using a fully supported operating system. For example, if the server is Microsoft Windows-based, the operating system must be Microsoft Windows Server 2012 or newer.The solution shall be capable of running in a virtual server environment.Contractor shall provide a server build document that details all software installed, Operating System, Computer Name, IP Address. The document shall be detailed so that a System Administrator can re-install all necessary applications and software to stand up a new server in the event of a disaster.The Offeror is required to submit a complete VA Directive 6550 Pre-Procurement Assessment form. See attachment A in Section 2 Applicable Documents. The Contractor will provide network system documentation as requested by COR. The RTLS Database Infrastructure was designed and installed under the previous Task Order under the National RTLS Contract. When designated by VA, the Contractor shall maintain the database infrastructure that supports the requirements of the facilities in accordance with the approved Attachment E - RTLS Systems Design Document (SDD)Deliverables:Preliminary Hardware Deployment Design Document (HDDD)HARDWAREThe Contractor shall provide all necessary RTLS hardware components, to include infrastructure components and asset tags, delivered to sites as specified in the HDDD and ordered at the task order level. If components require batteries, batteries shall be included with components. The Contractor shall coordinate with the COR and site POCs to schedule delivery. Written or e-mail COR concurrence is required to ship hardware. VA attempted to list all required hardware. However, if hardware that is within scope of this PWS is needed, additional products may be added to the base contract via modification. The Contractor shall provide a copy of the signed Facility Receiving Report to the COR once components are delivered. The Contractor shall submit a copy of the final signed Receiving Reports for each Facility. The Receiving Report shall also contain:Confirmation of the order and delivery of the componentsReconciliation (if any) of what was planned to be delivered versus what was actually delivered. Details of where items were delivered, what time they were delivered, and who from the Government received themDeliverable:Facility Receiving ReportINSTALL AND TAGGINGINFRASTRUCTURE INSTALLATIONThe Contractor shall install all necessary RTLS hardware components delivered to sites. The Contractor shall coordinate with the COR and site POCs to schedule installation.The Contractor shall install RTLS supporting hardware and components so as to blend in (or not be visible at all), with the general surface treatments of the facility. The Contractor shall install RTLS components so as to have minimal impact on the business operations of the facility and meet applicable infection control and health and safety requirements such as Joint Commission and local Infection Control Risk Assessment (ICRA) findings and standards. This installation shall occur during normal business hours. This may include use of containment units for any above the ceiling work.Installation of stars requires a data connection. The Contractor will use available data connections whenever possible. If a new data connection and cabling is required, the Contractor will provide cabling services. For sites with a status of ‘Implementation in progress’, the Contractor shall evaluate if batteries need to be changed in existing infrastructure devices. If batteries need to be changed, the Contractor shall provide and replace batteries in infrastructure devices. ASSET TAGGINGThe Contractor shall create and provide a Facility Tagging and Commissioning Plan for sites with a status of ‘Implementation in progress’ and ‘No implementation’ prior to beginning the tagging process for review and approval by the COR. Once approved, this plan shall be integrated into the CPMP. This Plan shall include:Identification of all Asset Groups and Assets to be tagged in accordance with the VA National Tagging Standard (see Attachment B - Inventory List and Attachment J- National IS AT Tag Standard)A schedule during normal business hours (not to interrupt business operations) to tag and commission all assetsGuidance and instructions on tag placement (unless provided by the Government)Method for quality control of tag placement and commissioned dataMethod for taking corrective actions on misplaced tags, defective tags, assets that cannot be located, incorrect information in the RTLS database, and other errors that can occur during the tagging and commissioning processDocumentation to allow the Government to perform the tagging and commissioning processUpon COR approval of the Facility Tagging and Commissioning Plan, the Contractor shall execute and report on tagging and commissioning operations weekly with the COR either through email or status calls, and in the Monthly Progress Reports (Section 5.1.2).Deliverable:Facility Tagging and Commissioning PlanFINGERPRINTING The Contractor shall implement RTLS Fingerprinting Technology at the facility as designated by VA. The Contractor shall work with VA staff to gain access to all rooms and minimize disruption of patient care. Fingerprinting Technology is utilized to determine location in Wi-Fi covered areas. Fingerprinting technology captures signal strength from multiple RTLS Active tags received by the Access Points. Data is collected throughout the facility and utilized by CenTrak to determine the location of an asset. SOFTWAREThe Contractor shall provide and install all necessary software for the asset tracking application as designated by VA. VA shall provide a virtual server platform on which software may reside. The Contractor shall provide a Software Installation Report. This Report shall include a list of all software and licenses that are installed at the facility. Deliverable:Software Installation ReportUSER INTERFACEThe Contractor solution shall provide multiple offerings to include the Intelligent InSites user platform currently in use at sites with a status of ‘Implementation complete’ and the CenTrak Asset Viewer platform. The CenTrak Asset Viewer platform shall provide the following capabilities:Web based user interfaceDisplays facility assets in a list view; assets may be searched by asset number (identifier), asset type, asset model, asset manufacturer, or tag ID Display facility assets in a map view; asset location shall be displayed on a facility floorplan in a pictographic methodAsset information may be exported from the system in an excel formatAccess past year of asset location history (capability may be developed)Asset egress alerts (capability may be developed as designated by VA)VISTA INTERFACESThe Contractor shall develop and/or provide an interface with VA’s Inventory Management System as designated by VA. The interface shall have the following capabilities: 1. Update last known location in the inventory management system daily. 2. Update last seen date in the inventory management system daily. 3. Pull equipment information fields from the inventory management system to the RTLS AT system daily based on equipment record number; all fields availablewithin the RTLS AT system for which corresponding information exists in the inventory management system shall be populated. Under a separate Enterprise System Engineering (ESE) Task Order, several Interfaces between the Intelligent InSites RTLS solution and the Department of VA VISTA were developed and implemented under the National RTLS Project. VA shall install the VISTA Package and the Contractor shall configure the interfaces (See Attachment R – RTLS ESE Interface Technical Manual). The Contractor shall develop, provide, implement and test an interface with equivalent capabilities to that of the VISTA interface with the following inventory management systems:VA MAXIMO Asset Management System (MAXIMO)If the CenTrak Asset Viewer user interface is specified, the Contractor shall develop, provide, implement and test an interface with the VA Inventory Management System. If possible, a direct integration that does not require middleware shall be developed. The system may interface with the following inventory management systems as designated by VA:Department of Veterans Affairs (VA) Veterans Integrated System Architecture (VISTA)VA MAXIMO Asset Management System (MAXIMO)SOFTWARE CONFIGURATION & MaintenanceCENTRAK SOFTWARE CONFIGURATION Per hardware design changes and/or VA reconfiguration requirements, the Contractor shall update rendering and regioning maps in CenTrak ConnectPulse and/or CenTrak Asset Viewer. When applicable, naming shall conform to data standards as outlined in the RTLS Enterprise Data Architecture (EDA) Standards Workbook. Further, the Contractor shall provide configuration updates for existing hardware. Configuration changes shall be scoped during the site assessment at each facility. INTELLIGENT INSITES SOFTWARE CONFIGURATIONPer hardware design changes and/or VA reconfiguration requirements, the Contractor shall update rendering and regioning maps in Intelligent InSites application. Naming shall conform to data standards as outlined in the RTLS Enterprise Data Architecture (EDA) Standards Workbook. Configuration changes shall be scoped during the site assessment at each facility. SYSTEM ADMINISTRATIONFor sites with a status of ‘Implementation in progress’ or ‘No implementation’, the Contractor shall provide Database and System Administration services during the implementation and warranty period. Sites with a status of ‘Implementation complete’ have database and administration services covered under a separate sustainment contract, therefore work shall not be included in this contract. The System Administration Services shall include:1. Perform daily system health checks on servers and databases, including monitoring application logs.2. Security compliance and remediation of application related vulnerabilities.3. Apply Monthly OS security patches provided by OIT.4. Troubleshoot connectivity issues.5. Troubleshoot startup/shutdown server and application issues.6. Implement Software Upgrades.FACILITY ACCEPTANCE TESTING The Contractor shall create and provide an Acceptance Test Plan that includes 2 phases. A single Acceptance Test Plan is required to define testing methodology for all TOs. The Contractor shall not execute testing on any TO until the COR approves the Acceptance Test Plan. The VA shall provide test scripts; the Contractor may redact test scripts to meet the scope of the requirement. Phase 1: Performance Testing:The Contractor shall perform testing on the system and/or system enhancements to certify Proof of Performance to include Clinical Grade Location Accuracy of 100%. Active tags in non-clinical grade location areas shall accurately report the vertical (floor) location 97% of the time and horizontal location within 10 meters with an accuracy of 90%. The Contractor shall test and verify that all system functions and specification requirements are met and operational, and no unwanted effects, such as signal distortion, interference with other facility devices, etc. are present. The Contractor shall provide VA with a copy of the performance test plan methodology and test results.If the system does not meet requirements and additional remediation hardware is required, the Contractor shall provide a list that outlines additional requirements per site to include hardware, software and service in the Facility Remediation Hardware Report. Line items shall be listed in the format of the price cost schedule with the description of the item, quantity, cost per unit, and CLIN #.Phase 2: User Acceptance Testing:The Contractor shall schedule an acceptance test date and provide VA 30 days written notice prior to the date the acceptance test is expected to begin. The notification of the acceptance test shall include the expected length (in time) of the test(s). The Contractor shall provide certified/qualified personnel to assist VA with performing this testing. The Contractor shall provide VA with a copy of the acceptance test plan methodology and test results. At the COR’s discretion, the test results may be accepted without meeting the above location accuracy requirements. At a minimum, the Facility Acceptance Test Report shall provide a rating of location accuracy for each of the locations within scope to the smallest division requested e.g. bay accuracy – room accuracy – area accuracy – floor accuracy – building accuracy. The report shall be in an excel format and provide the tag ID, location, division, clinical grade or wifi, and accuracy rating (does or does not meet defined requirements). The overall location accuracies for clinical grade and wifi areas shall be calculated and displayed respectively in the report. The proposed format of the Facility Acceptance Test Report shall be included in the Facility Acceptance Test Plan. Following acceptance of the Test Report, the Contractor shall provide the Final Hardware Deployment Design Document (HDDD). The HDDD shall include complete hardware configuration, including any additional hardware purchased under this contract. This document shall be in the format of a .pdf floor map layout and also in a table excel spreadsheet format. This document shall include: Final quantity and location of hardware identified in the Preliminary Hardware Design Document that was installed to meet the goals of the RTLS applications being deployed at each Facility. The information provided shall include the Centrak Hardware Type, Hardware Unique Identification Device #, Hardware Serial Number, and Building, Floor, and Room number where it was installed. Deliverables:AT Acceptance Test PlanAT Facility Remediation Hardware ReportAT Facility Acceptance Test ReportAT Facility Final Hardware Deployment Design DocumentTRAINING The Contractor shall develop and provide a Facility Training Plan and deliver onsite or remote training as designated by VA. The Contractor shall provide training following the approval of the Facility Acceptance Test Report. The required training is detailed in the sections below. The Contractor shall provide certified/qualified personnel and conduct the training sessions. The VA anticipates the need for on-site training, but the Contractor shall provide a remote training option. The content of the on-site training and remote training shall be the same. The Contractor shall submit a Training Plan for each facility for review and approval by the COR. The Training Plan shall include, at a minimum:Training locations, training dates, and training timesFormat, method and / or delivery of training (e.g. onsite, web based)Training audience (e.g. technical repair, system user, system administrator)Instructor profile and content informationThe Contractor shall also provide Training Material and Schedules for each training event and complete those events in accordance with the approved Facility Training Plan. Once training is completed, the Contractor shall include in the Monthly Progress Report (Section 5.1.2) the following:1. Facility-specific list of the attendees for each training session2. The Contractor staff that conducted the trainingThe Contractor shall provide multiple offerings for each training to include the Intelligent InSites user platform and the CenTrak Asset Viewer platform. Deliverables:Facility Training PlanTraining Material and SchedulesSYSTEM USER TRAINING The Contractor shall provide training to all users on system application and use. Initial training shall be on-site or remote. Thereafter, VA shall have unlimited access to web or computer-based training, tailored to VA configuration. To improve system adoption and use, system user training shall also include a train the trainer approach. The VA shall identify Super Users to receive training and information that will be used to instruct others after contractor completes their initial onsite training. The system user training shall run for 8 hours per day for 1 week at each facility and shall be spent either in a small classroom setting or with individuals at work stations. This training is for employees on all different shifts; Salt Lake City and Denver require overnight shift training. Education curriculum must include the following:Operations and set-upReport and query generationUser maintenanceUser troubleshootingUser tipsTECHNICAL MAINTENANCE AND REPAIR TRAINING The Contractor shall train designated VA staff on technical maintenance and repair at each Facility. The Contractor shall provide each trained VA staff member with all service tools, service keys and other diagnostic software, technical documentation, and accessories necessary to service the RTLS prior to the warranty expiration.The Contractor shall furnish any devices required or recommended to test, calibrate, and operate / maintain / configure the system for proper operation. The Contractor shall provide service/maintenance/diagnostic software and associated security keys for in-house service of the equipment. Where applicable, the Contractor shall renew the software license or security key for the duration of the contract at a VA facility. At a minimum, the service software shall include system diagnostics down to the board or module level, error codes and definitions, and system setup capabilities to include networking, and peripheral connectivity.SYSTEM ADMINISTRATOR TRAINING The Contractor shall train designated selected VA staff for the purposes of supporting the application as a system administrator at the facility. The Contractor shall provide multiple offerings to be selected by VA. Offerings shall include Intelligent InSites user interface training and CenTrak asset tracking system training. The Contractor shall provide each trained VA staff member with all application and support tools necessary to configure and use the system. In addition, the system administrator is expected to have the knowledge after training to provide first level application support to VA users.TRANSITION PLANNINGThe Contractor shall develop an AT Transition Plan for sites with a status of ‘Implementation in progress’ and ‘No Implementation’. The Transition Plans shall include a detailed procedure to transition all RLTS duties to Government staff by the end of this contract. The Contractor shall submit a Transition Plan that addresses transitioning daily operational oversight of the components of RTLS Asset Tracking Application at each facility including all hardware (including supplemental wireless infrastructure) and software as well as maintenance, repair and configuration management procedures. Once the Transition Plans are approved by the COR, the Contractor shall execute those plans. The Contractor shall provide User and Technical Manuals that shall include all components of the system.1. Two (2) copies of operator's instruction manuals per facility2. Two (2) copies of complete technical service manuals including detailed troubleshooting guides, necessary diagnostic software, service keys, schematic diagrams, and parts lists per facilityDeliverables:AT Transition PlanUser and Technical ManualsSYSTEM ACCEPTANCEVA Facility acceptance of the system shall be based on Government approval of the following:VA Approved Facility Acceptance Test ReportVA Approved Facility Final Hardware Design DocumentVA Approved Facility AT Transition Plan (when applicable) WARRANTY SERVICES All new RTLS equipment, hardware, and services performed under each TO shall be covered under the manufacturer’s warranty and shall include all parts and labor and technical support for a minimum of one (1) year following acceptance by VA. For sites with a status of ‘Implementation Complete’, support services are provided under a separate sustainment contract, therefore warranty services provided would cover only hardware and services obtained under this contract. The warranty shall be included in the system price and not priced separately. The Contractor shall either perform or manage all maintenance during the system warranty period. The Contractor shall oversee all sub-Contractor support, maintenance and warranties. Service Maintenance Agreements (SMA) for CenTrak and Intelligent InSites for hardware and services provided under each TO shall be included respectively during the warranty period. The Contractor shall provide Database and System Administration services during the warranty period as described in section 5.8.3 A Facility Warranty Status Report detailing hardware and software specifications and warranty end dates will be delivered in accordance with the start of each warranty period.It is anticipated that VA staff members will handle initial trouble calls from end users. Issues, which cannot be resolved by VA staff, will be referred to the contractor by VA technical support staff. Methods for requesting technical support from the contractor shall include telephone and e-mail. The Help Desk shall be staffed from 8am to 5pm MDT. The help desk shall respond to calls within 2 hours after receiving the initial call. The Contractor shall coordinate with the VA POC to schedule on-site service; service shall occur within 15 business days of the reported incident. Deliverable:AT Warranty Status ReportGENERAL REQUIREMENTSENTERPRISE AND IT FRAMEWORKVA TECHNICAL REFERENCE MODELThe Contractor shall support the VA enterprise management framework. In association with the framework, the Contractor shall comply with OI&T Technical Reference Model (VA TRM). The VA TRM is one component within the overall Enterprise Architecture (EA) that establishes a common vocabulary and structure for describing the information technology used to develop, operate, and maintain enterprise applications. Moreover, the VA TRM, which includes the Standards Profile and Product List, serves as a technology roadmap and tool for supporting OI&T. Architecture & Engineering Services (AES) has overall responsibility for the VA TRM.FEDERAL IDENTITY, CREDENTIAL, AND ACCESS MANAGEMENT (FICAM) The Contractor shall ensure Commercial Off-The-Shelf (COTS) product(s), software configuration and customization, and/or new software are Personal Identity Verification (PIV) card-enabled by accepting HSPD-12 PIV credentials using VA Enterprise Technical Architecture (ETA), HYPERLINK "" \o "Link to One-VA Enterprise Technical Architecture", and VA Identity and Access Management (IAM) approved enterprise design and integration patterns, . The Contractor shall ensure all Contractor delivered applications and systems comply with the VA Identity, Credential, and Access Management policies and guidelines set forth in the VA Handbook 6510 and align with the Federal Identity, Credential, and Access Management Roadmap and Implementation Guidance v2.0.The Contractor shall ensure all Contractor delivered applications and systems provide user authentication services compliant with the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-63-3, VA Handbook 6500 Appendix F, “VA System Security Controls”, and VA IAM enterprise requirements for direct, assertion based authentication, and/or trust based authentication, as determined by the design and integration patterns.?Direct authentication at a minimum must include Public Key Infrastructure (PKI) based authentication supportive of PIV card and/or Common Access Card (CAC), as determined by the business need.The Contractor shall ensure all Contractor delivered applications and systems conform to the specific Identity and Access Management PIV requirements set forth in the Office of Management and Budget (OMB) Memoranda M-04-04, M-05-24, M-11-11, and NIST Federal Information Processing Standard (FIPS) 201-2. OMB Memoranda M-04-04, M-05-24, and M-11-11 can be found at: , , and respectively. Contractor delivered applications and systems shall be on the FIPS 201-2 Approved Product List (APL). If the Contractor delivered application and system is not on the APL, the Contractor shall be responsible for taking the application and system through the FIPS 201 Evaluation Program.The Contractor shall ensure all Contractor delivered applications and systems support:Automated provisioning and are able to use enterprise provisioning service.Interfacing with VA’s Master Veteran Index (MVI) to provision identity attributes, if the solution relies on VA user identities. MVI is the authoritative source for VA user identity data.The VA defined unique identity (Secure Identifier [SEC ID] / Integrated Control Number [ICN]).Multiple authenticators for a given identity and authenticators at every Authenticator Assurance Level (AAL) appropriate for the solution.Identity proofing for each Identity Assurance Level (IAL) appropriate for the solution.Federation for each Federation Assurance Level (FAL) appropriate for the solution, if applicable.Two-factor authentication (2FA) through an applicable design pattern as outlined in VA Enterprise Design Patterns.A Security Assertion Markup Language (SAML) implementation if the solution relies on assertion based authentication. Additional assertion implementations, besides the required SAML assertion, may be provided as long as they are compliant with NIST SP 800-63-3 guidelines.Authentication/account binding based on trusted Hypertext Transfer Protocol (HTTP) headers if the solution relies on Trust based authentication.Role Based Access Control.Auditing and reporting pliance with VAIQ# 7712300 Mandate to meet PIV requirements for new and existing systems. required Assurance Levels for this specific effort are Identity Assurance Level 3, Authenticator Assurance Level 3, and Federation Assurance Level 3.INTERNET PROTOCOL VERSION 6 (IPV6)The Contractor solution shall support the latest Internet Protocol Version 6 (IPv6) based upon the directives issued by the Office of Management and Budget (OMB) on August 2, 2005 () and September 28, 2010 (HYPERLINK "" \o "link to OMB Memorandum dated September 28, 2010, Transition to IPv6"). IPv6 technology, in accordance with the USGv6 Profile, NIST Special Publication (SP) 500-267 ( HYPERLINK "" ), the Technical Infrastructure for USGv6 Adoption ( HYPERLINK "" ), and the NIST SP 800 series applicable compliance (HYPERLINK "" \o "Link to NIST Special Publications") shall be included in all IT infrastructures, application designs, application development, operational systems and sub-systems, and their integration. In addition to the above requirements, all devices shall support native IPv6 and/or dual stack (IPv6 / IPv4) connectivity without additional memory or other resources being provided by the Government, so that they can function in a mixed environment. All public/external facing servers and services (e.g. web, email, DNS, ISP services, etc.) shall support native IPv6 and/or dual stack (IPv6/ IPv4) users and all internal infrastructure and applications shall communicate using native IPv6 and/or dual stack (IPv6/ IPv4) operations. Guidance and support of improved methodologies which ensure interoperability with legacy protocol and services in dual stack solutions, in addition to OMB/VA memoranda, can be found at: INTERNET CONNECTION (TIC)The Contractor solution shall meet the requirements outlined in Office of Management and Budget Memorandum M08-05 mandating Trusted Internet Connections (TIC) (), M08-23 mandating Domain Name System Security (NSSEC) (), and shall comply with the Trusted Internet Connections (TIC) Reference Architecture Document, Version 2.0 HYPERLINK "" \o "Link to TIC Reference Architecture Document" COMPUTER CONFIGURATIONThe Contractor IT end user solution that is developed for use on standard VA computers shall be compatible with and be supported on the standard VA operating system, currently Windows 7 (64bit), Internet Explorer 11 and Office 365 ProPlus.? In preparation for the future VA standard configuration update, end user solutions shall also be compatible with Windows 10.? However, Windows 10 is not the VA standard yet and is currently approved for limited use during its rollout.? We are in-process of this rollout and making Windows 10 the standard for OI&T. Upon the release approval of Windows 10 as the VA standard, Windows 10 will supersede Windows 7 respectively.? Applications delivered to the VA and intended to be deployed to Windows 7 workstations shall be delivered as a signed?.msi package with switches for silent and unattended installation and updates shall be delivered in signed .msp file formats for easy deployment using System Center Configuration Manager (SCCM) VA’s current desktop application deployment tool.? Signing of the software code shall be through a vendor provided certificate that is trusted by the VA using a code signing authority such as Verizon/Cybertrust or Symantec/VeriSign.? The Contractor shall also ensure and certify that their solution functions as expected when used from a standard VA computer, with non-admin, standard user rights that have been configured using the United States Government Configuration Baseline (USGCB) and Defense Information Systems Agency (DISA) Secure Technical Implementation Guide (STIG) specific to the particular client operating system being used.VETERAN FOCUSED INTEGRATION PROCESS (VIP)The Contractor shall support VA efforts IAW the Veteran Focused Integration Process (VIP). VIP is a Lean-Agile framework that services the interest of Veterans through the efficient streamlining of activities that occur within the enterprise. The VIP Guide can be found at . The VIP framework creates an environment delivering more frequent releases through a deeper application of Agile practices. In parallel with a single integrated release process, VIP will increase cross-organizational and business stakeholder engagement, provide greater visibility into projects, increase Agile adoption and institute a predictive delivery cadence. VIP is now the single authoritative process that IT projects must follow to ensure development and delivery of IT productsPROCESS ASSETT LIBRARY (PAL)The Contractor shall perform their duties consistent with the processes defined in the OIT Process Asset Library (PAL). ?The PAL scope includes the full spectrum of OIT functions and activities, such as VIP project management, operations, service delivery, communications, acquisition, and resource management. PAL serves as an authoritative and informative repository of searchable processes, activities or tasks, roles, artifacts, tools and applicable standards and guides to assist the OIT workforce, Government and Contractor personnel. The Contractor shall follow the PAL processes to ensure compliance with policies and regulations and to meet VA quality standards. ?The PAL includes the contractor onboarding process consistent with Section 6.2.2 and can be found at . The main PAL can be accessed at process.AUTHORITATIVE DATA SOURCESThe VA Enterprise Architecture Repository (VEAR) is one component within the overall Enterprise Architecture (EA) that establishes the common framework for data taxonomy for describing the data architecture used to develop, operate, and maintain enterprise applications. The Contractor shall comply with the department’s Authoritative Data Source (ADS) requirement that VA systems, services, and processes throughout the enterprise shall access VA data solely through official VA ADSs where applicable, see below.??The Information Classes which compose each ADS are located in the VEAR, in the Data & Information domain. The Contractor shall ensure that all delivered applications and system solutions support: Interfacing with VA’s Master Veteran Index (MVI) to provision identity attributes, if the solution relies on VA user identities. MVI is the authoritative source for VA user identity data.Interfacing with Capital Asset Inventory (CAI) to conduct real property record management actions, if the solution relies on real property records data. CAI is the authoritative source for VA real property record management data. Interfacing with electronic Contract Management System (eCMS) for access to contract, contract line item, purchase requisition, offering vendor and vendor, and solicitation information above the micro-purchase threshold, if the solution relies on procurement data. ECMS is the authoritative source for VA procurement actions data. Interfacing with HRSmart Human Resources Information System to conduct personnel action processing, on-boarding, benefits management, and compensation management, if the solution relies on personnel data. HRSmart is the authoritative source for VA personnel information data.Interfacing with Vet360 to access personal contact information, if the solution relies on VA Veteran personal contact information data. Vet360 is the authoritative source for VA Veteran Personal Contact Data.Interfacing with VA/Department of Defense (DoD) Identity Repository (VADIR) for determining eligibility for VA benefits under Title 38, if the solution relies on qualifying active duty military service data. VADIR is the authoritative source for Qualifying Active Duty military service in the VA.SECURITY AND PRIVACY REQUIREMENTSIt has been determined that protected health information may be disclosed or accessed and a signed Business Associate Agreement (BAA) shall be required. The Contractor shall adhere to the requirements set forth within the BAA, referenced in Section D of the contract, and shall comply with VA Directive 6066.POSITION/TASK RISK DESIGNATION LEVEL(S)In accordance with VA Handbook 0710, Personnel Security and Suitability Program, the position sensitivity and the level of background investigation commensurate with the required level of access for the following tasks within the PWS are:Position Sensitivity and Background Investigation Requirements by TaskTask NumberTier1 / Low RiskTier 2 / Moderate RiskTier 4 / High Risk5.1 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.2 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.3 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.4 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.5 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.6 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.7 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.8 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.9 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.10 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.11 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.12 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX 5.13 FORMCHECKBOX FORMCHECKBOX FORMCHECKBOX The Tasks identified above and the resulting Position Sensitivity and Background Investigation requirements identify, in effect, the Background Investigation requirements for Contractor individuals, based upon the tasks the particular Contractor individual will be working. The submitted Contractor Staff Roster must indicate the required Background Investigation Level for each Contractor individual based upon the tasks the Contractor individual will be working, in accordance with their submitted proposal.CONTRACTOR PERSONNEL SECURITY REQUIREMENTSContractor Responsibilities: The Contractor shall prescreen all personnel requiring access to the computer systems to ensure they maintain the appropriate Background Investigation, and are able to read, write, speak and understand the English language.Within 3 business days after award, the Contractor shall provide a roster of Contractor and Subcontractor employees to the COR to begin their background investigations in accordance with the PAL template artifact. The Contractor Staff Roster shall contain the Contractor’s Full Name, Date of Birth, Place of Birth, individual background investigation level requirement (based upon Section 6.2 Tasks), etc. The Contractor shall submit full Social Security Numbers either within the Contractor Staff Roster or under separate cover to the COR. The Contractor Staff Roster shall be updated and provided to VA within 1 day of any changes in employee status, training certification completion status, Background Investigation level status, additions/removal of employees, etc. throughout the Period of Performance. The Contractor Staff Roster shall remain a historical document indicating all past information and the Contractor shall indicate in the Comment field, employees no longer supporting this contract. The preferred method to send the Contractor Staff Roster or Social Security Number is by encrypted e-mail. If unable to send encrypted e-mail, other methods which comply with FIPS 140-2 are to encrypt the file, use a secure fax, or use a traceable mail service.The Contractor should coordinate with the location of the nearest VA fingerprinting office through the COR. Only electronic fingerprints are authorized. The Contractor shall bring their completed Security and Investigations Center (SIC) Fingerprint request form with them (see paragraph d.4. below) when getting fingerprints taken.The Contractor shall ensure the following required forms are submitted to the COR within 5 days after contract award:Optional Form 306Self-Certification of Continuous ServiceVA Form 0710 Completed SIC Fingerprint Request FormThe Contractor personnel shall submit all required information related to their background investigations (completion of the investigation documents (SF85, SF85P, or SF 86) utilizing the Office of Personnel Management’s (OPM) Electronic Questionnaire for Investigations Processing (e-QIP) after receiving an email notification from the Security and Investigation Center (SIC). The Contractor employee shall certify and release the e-QIP document, print and sign the signature pages, and send them encrypted to the COR for electronic submission to the SIC. These documents shall be submitted to the COR within 3 business days of receipt of the e-QIP notification email. (Note: OPM is moving towards a “click to sign” process. If click to sign is used, the Contractor employee should notify the COR within 3 business days that documents were signed via e-QIP).The Contractor shall be responsible for the actions of all personnel provided to work for VA under this contract. In the event that damages arise from work performed by Contractor provided personnel, under the auspices of this contract, the Contractor shall be responsible for all resources necessary to remedy the incident.A Contractor may be granted unescorted access to VA facilities and/or access to VA Information Technology resources (network and/or protected data) with a favorably adjudicated Special Agreement Check (SAC), completed training delineated in VA Handbook 6500.6 (Appendix C, Section 9), signed “Contractor Rules of Behavior”, and with a valid, operational PIV credential for PIV-only logical access to VA’s network. A PIV card credential can be issued once your SAC has been favorably adjudicated and your background investigation has been scheduled by OPM. However, the Contractor will be responsible for the actions of the Contractor personnel they provide to perform work for VA. The investigative history for Contractor personnel working under this contract must be maintained in the database of OPM.The Contractor, when notified of an unfavorably adjudicated background investigation on a Contractor employee as determined by the Government, shall withdraw the employee from consideration in working under the contract.Failure to comply with the Contractor personnel security investigative requirements may result in loss of physical and/or logical access to VA facilities and systems by Contractor and Subcontractor employees and/or termination of the contract for default.Identity Credential Holders must follow all HSPD-12 policies and procedures as well as use and protect their assigned identity credentials in accordance with VA policies and procedures, displaying their badges at all times, and returning the identity credentials upon termination of their relationship with VA.Deliverable:Contractor Staff RosterCONTRACTOR TRAINING REQUIREMENTSThe Contractor shall submit a Training Certificate verifying completion of VA Privacy and Information Security Awareness and Rules of Behavior for each Contractor employee and Subcontractor employee requiring access to VA information and VA information systems. The Contractor shall also provide signed copies of the Contractor Rules of Behavior in accordance with Section 9, Training, from Appendix C of the VA Handbook 6500.6, “Contract Security”. The Contractor shall complete his training annually and provide updated certificates as required. The Contractor shall also successfully complete any additional information security or privacy training, as required for VA personnel with equivalent information system access.Deliverables:VA Privacy and Information Security Awareness and Rules of Behavior Training Certificate of CompletionContractor Rules of Behavior – SignedMETHOD AND DISTRIBUTION OF DELIVERABLESThe Contractor shall deliver documentation in electronic format, unless otherwise directed in Section B of the solicitation/contract. Acceptable electronic media include: MS Word 2000/2003/2007/2010, MS Excel 2000/2003/2007/2010, MS PowerPoint 2000/2003/2007/2010, MS Project 2000/2003/2007/2010, MS Access 2000/2003/2007/2010, MS Visio 2000/2002/2003/2007/2010, AutoCAD 2002/2004/2007/2010, and Adobe Postscript Data Format (PDF). PERFORMANCE METRICSThe table below defines the Performance Standards and Acceptable Levels of Performance associated with this effort.Performance ObjectivePerformance StandardAcceptable Levels of PerformanceTechnical / Quality of Product or ServiceDemonstrates understanding of requirementsEfficient and effective in meeting requirements Meets technical needs and mission requirementsProvides quality services/productsSatisfactory or higherProject Milestones and ScheduleEstablished milestones and project dates are metProducts completed, reviewed, delivered in accordance with the established scheduleNotifies customer in advance of potential problemsSatisfactory or higherCost & StaffingCurrency of expertise and staffing levels appropriatePersonnel possess necessary knowledge, skills and abilities to perform tasksSatisfactory or higherManagementIntegration and coordination of all activities to execute effortSatisfactory or higherClinical grade location accuracy Active tags in clinical areas shall accurately report the tag location 100% of the time.Satisfactory or higherNon-clinical grade location accuracyActive tags in non-clinical grade location areas shall accurately report the vertical (floor) location 97% of the time and horizontal location within 10 meters with an accuracy of 90%. Satisfactory or higherThe COR will utilize a Quality Assurance Surveillance Plan (QASP) throughout the life of the contract to ensure that the Contractor is performing the services required by this PWS in an acceptable level of performance. The Government reserves the right to alter or change the surveillance methods in the QASP at its own discretion. FACILITY/RESOURCE PROVISIONS The Government will provide office space, telephone service and system access when authorized contract staff work at a Government location as required in order to accomplish the Tasks associated with this PWS. All procedural guides, reference materials, and program documentation for the project and other Government applications will also be provided on an as-needed basis.The Contractor shall request other Government documentation deemed pertinent to the work accomplishment directly from the Government officials with whom the Contractor has contact. The Contractor shall consider the COR as the final source for needed Government documentation when the Contractor fails to secure the documents by other means. The Contractor is expected to use common knowledge and resourcefulness in securing all other reference materials, standard industry publications, and related materials that are pertinent to the work.VA may provide remote access to VA specific systems/network in accordance with VA Handbook 6500, which requires the use of a VA approved method to connect external equipment/systems to VA’s network. Citrix Access Gateway (CAG) is the current and only VA approved method for remote access users when using or manipulating VA information for official VA Business. VA permits CAG remote access through approved Personally Owned Equipment (POE) and Other Equipment (OE) provided the equipment meets all applicable 6500 Handbook requirements for POE/OE. All of the security controls required for Government furnished equipment (GFE) must be utilized in approved POE or OE. The Contractor shall provide proof to the COR for review and approval that their POE or OE meets the VA Handbook 6500 requirements and VA Handbook 6500.6 Appendix C, herein incorporated as Addendum B, before use. CAG authorized users shall not be permitted to copy, print or save any VA information accessed via CAG at any time. VA prohibits remote access to VA’s network from non-North Atlantic Treaty Organization (NATO) countries. The exception to this are countries where VA has approved operations established (e.g. Philippines and South Korea). Exceptions are determined by the COR in coordination with the Information Security Officer (ISO) and Privacy Officer (PO).This remote access may provide access to VA specific software such as Veterans Health Information System and Technology Architecture (VistA), ClearQuest, PAL, Primavera, and Remedy, including appropriate seat management and user licenses, depending upon the level of access granted. The Contractor shall utilize government-provided software development and test accounts, document and requirements repositories, etc. as required for the development, storage, maintenance and delivery of products within the scope of this effort.? The Contractor shall not transmit, store or otherwise maintain sensitive data or products in Contractor systems (or media) within the VA firewall IAW VA Handbook 6500.6 dated March 12, 2010. All VA sensitive information shall be protected at all times in accordance with VA Handbook 6500, local security field office System Security Plans (SSP’s) and Authority to Operate (ATO)’s for all systems/LAN’s accessed while performing the tasks detailed in this PWS. The Contractor shall ensure all work is performed in countries deemed not to pose a significant security risk. For detailed Security and Privacy Requirements (additional requirements of the contract consolidated into an addendum for easy reference) refer to REF _Ref252783628 \h \* MERGEFORMAT ADDENDUM A – ADDITIONAL VA REQUIREMENTS, CONSOLIDATED and ADDENDUM B - VA INFORMATION AND INFORMATION SYSTEM SECURITY/PRIVACY ERNMENT FURNISHED PROPERTYThe Contractor will be provided the following Government Furnished Property (GFP):Attachment A - Facility Drawings (e.g. CAD Drawings)Attachment B - Facility Equipment Inventory List(s)Attachment C - Facility Delivery Location and Staging Area(s)Attachment D - RTLS Requirement Specification Document (RSD)Attachment E - RTLS Systems Design Document (SDD)Attachment F - RTLS_National_AT_HandheldInstallUserGuideAttachment G - RTLS Handheld Systems Design DocumentAttachment H - Facility Engineering Space FileAttachment I - V19 RTLS expansion requirementsAttachment J - RTLS National Program Standards - RTLS_National_IS_AT_Tag_StandardAttachment K - RTLS National Program Standards - RTLS_National_IS_G_Supplemental_Hardware_StandardAttachment L - RTLS National Program Standards - RTLS_National_InsitesMapRenderingSpecsAttachment M - Facility RTLS Hardware Deployment Design DocumentAttachment N – RTLS Vista Interface PackageAttachment O - RTLS Data Standards WorkbookAttachment P – RTLS DQT DocumentationAttachment Q - RTLS Enterprise Data Architecture StandardAttachment R – ESE Interfaces Technical ManualAttachment S – VISN and VAMC Site Server Build Document Attachment T – RTLS Server Software Baseline Document Attachment U – Facility AP Design ReportAttachment V – Facility Rendered MapsAttachment W - National RTLS AT Application Usage DocumentAttachment X – V19 RTLS ServersSHIPMENT OF HARDWARE OR EQUIPMENTInspection: DestinationAcceptance: DestinationFree on Board (FOB): DestinationShip To and Mark For:PrimaryAlternateName:Name:Address:Address:Voice:Voice:Email:Email:Special Shipping Instructions:Prior to shipping, Contractor shall notify Site POCs, by phone followed by email, of all incoming deliveries including line-by-line details for review of requirements.? Contractor shall not make any changes to the delivery schedule at the request of Site POC.Contractors shall coordinate deliveries with Site POCs before shipment of hardware to ensure sites have adequate storage space.All shipments, either single or multiple container deliveries, shall bear the VA IFCAP Purchase Order number on external shipping labels and associated manifests or packing lists.? In the case of multiple container deliveries, a statement readable near the VA IFCAP PO number shall indicate total number of containers for the complete shipment (e.g. “Package 1 of 2”), clearly readable on manifests and external shipping labels.Packing Slips/Labels and Lists shall also include the following:IFCAP PO #: ____________ (e.g., 166-E11234 (the IFCAP PO number is located in block #20 of the SF 1449))Project Description: (e.g. Tier I Lifecycle Refresh)Total number of Containers:? Package ___ of ___.? (e.g., Package 1 of 3)ADDENDUM A – ADDITIONAL VA REQUIREMENTS, CONSOLIDATEDCyber and Information Security Requirements for VA IT ServicesThe Contractor shall ensure adequate LAN/Internet, data, information, and system security in accordance with VA standard operating procedures and standard PWS language, conditions, laws, and regulations.? The Contractor’s firewall and web server shall meet or exceed VA minimum requirements for security.? All VA data shall be protected behind an approved firewall.? Any security violations or attempted violations shall be reported to the VA Program Manager and VA Information Security Officer as soon as possible.? The Contractor shall follow all applicable VA policies and procedures governing information security, especially those that pertain to certification and accreditation.Contractor supplied equipment, PCs of all types, equipment with hard drives, etc. for contract services must meet all security requirements that apply to Government Furnished Equipment (GFE) and Government Owned Equipment (GOE).? Security Requirements include:? a) VA Approved Encryption Software must be installed on all laptops or mobile devices before placed into operation, b) Bluetooth equipped devices are prohibited within VA; Bluetooth must be permanently disabled or removed from the device, unless the connection uses FIPS 140-2 (or its successor) validated encryption, c) VA approved anti-virus and firewall software, d) Equipment must meet all VA sanitization requirements and procedures before disposal.? The COR, CO, the PM, and the Information Security Officer (ISO) must be notified and verify all security requirements have been adhered to.Each documented initiative under this contract incorporates VA Handbook 6500.6, “Contract Security,” March 12, 2010 by reference as though fully set forth therein. The VA Handbook 6500.6, “Contract Security” shall also be included in every related agreement, contract or order.? The VA Handbook 6500.6, Appendix C, is included in this document as Addendum B.Training requirements: The Contractor shall complete all mandatory training courses on the current VA training site, the VA Talent Management System (TMS) 2.0, and will be tracked therein. The TMS 2.0 may be accessed at HYPERLINK "" \o "Link to TMS 2.0 Homepage". If you do not have a TMS 2.0 profile, go to and click on the “Create New User” link on the TMS 2.0 to gain access.Contractor employees shall complete a VA Systems Access Agreement if they are provided access privileges as an authorized user of the computer system of VA.VA Enterprise Architecture ComplianceThe applications, supplies, and services furnished under this contract must comply with VA Enterprise Architecture (EA), available at in force at the time of issuance of this contract, including the Program Management Plan and VA's rules, standards, and guidelines in the Technical Reference Model/Standards Profile (TRMSP).? VA reserves the right to assess contract deliverables for EA compliance prior to acceptance.VA Internet and Intranet StandardsThe Contractor shall adhere to and comply with VA Directive 6102 and VA Handbook 6102, Internet/Intranet Services, including applicable amendments and changes, if the Contractor’s work includes managing, maintaining, establishing and presenting information on VA’s Internet/Intranet Service Sites.? This pertains, but is not limited to: creating announcements; collecting information; databases to be accessed, graphics and links to external sites. Internet/Intranet Services Directive 6102 is posted at (copy and paste the following URL to browser): Services Handbook 6102 is posted at (copy and paste following URL to browser): of the Federal Accessibility Law Affecting All Information and Communication Technology (ICT) Procurements?(Section 508)On January 18, 2017, the Architectural and Transportation Barriers Compliance Board (Access Board) revised and updated, in a single rulemaking, standards for electronic and information technology developed, procured, maintained, or used by Federal agencies covered by Section 508 of the Rehabilitation Act of 1973, as well as our guidelines for telecommunications equipment and customer premises equipment covered by Section 255 of the Communications Act of 1934. The revisions and updates to the Section 508-based standards and Section 255-based guidelines are intended to ensure that information and communication technology (ICT) covered by the respective statutes is accessible to and usable by individuals with disabilities.Section 508 – Information and Communication Technology (ICT) StandardsThe Section 508 standards established by the Access Board are incorporated into, and made part of all VA orders, solicitations and purchase orders developed to procure ICT. These standards are found in their entirety at: . A printed copy of the standards will be supplied upon request.?Federal agencies must comply with the updated Section 508 Standards beginning on January 18, 2018. The Final Rule as published in the Federal Register is available from the Access Board: . The Contractor shall comply with “508 Chapter 2: Scoping Requirements” for all electronic ICT and content delivered under this contract. Specifically, as appropriate for the technology and its functionality, the Contractor shall comply with the technical standards marked here: FORMCHECKBOX E205 Electronic Content – (Accessibility Standard -WCAG 2.0 Level A and AA Guidelines) FORMCHECKBOX E204 Functional Performance Criteria FORMCHECKBOX E206 Hardware Requirements FORMCHECKBOX E207 Software Requirements FORMCHECKBOX E208 Support Documentation and Services RequirementsCompatibility with Assistive TechnologyThe standards do not require installation of specific accessibility-related software or attachment of an assistive technology device. Section 508 requires that ICT be compatible with such software and devices so that ICT can be accessible to and usable by individuals using assistive technology, including but not limited to screen readers, screen magnifiers, and speech recognition software.Acceptance and Acceptance TestingDeliverables resulting from this solicitation will be accepted based in part on satisfaction of the Section 508 Chapter 2: Scoping Requirements standards identified above.The Government reserves the right to test for Section 508 Compliance before delivery. The Contractor shall be able to demonstrate Section 508 Compliance upon delivery.Physical Security & Safety Requirements:The Contractor and their personnel shall follow all VA policies, standard operating procedures, applicable laws and regulations while on VA property.? Violations of VA regulations and policies may result in citation and disciplinary measures for persons violating the law.The Contractor and their personnel shall wear visible identification at all times while they are on the premises.VA does not provide parking spaces at the work site; the Contractor must obtain parking at the work site if needed.? It is the responsibility of the Contractor to park in the appropriate designated parking areas.? VA will not invalidate or make reimbursement for parking violations of the Contractor under any conditions.Smoking is prohibited inside/outside any building other than the designated smoking areas.Possession of weapons is prohibited.The Contractor shall obtain all necessary licenses and/or permits required to perform the work, with the exception of software licenses that need to be procured from a Contractor or vendor in accordance with the requirements document. The Contractor shall take all reasonable precautions necessary to protect persons and property from injury or damage during the performance of this contract.Confidentiality and Non-DisclosureThe Contractor shall follow all VA rules and regulations regarding information security to prevent disclosure of sensitive information to unauthorized individuals or organizations.The Contractor may have access to Protected Health Information (PHI) and Electronic Protected Health Information (EPHI) that is subject to protection under the regulations issued by the Department of Health and Human Services, as mandated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA); 45 CFR Parts 160 and 164, Subparts A and E, the Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”); and 45 CFR Parts 160 and 164, Subparts A and C, the Security Standard (“Security Rule”).? Pursuant to the Privacy and Security Rules, the Contractor must agree in writing to certain mandatory provisions regarding the use and disclosure of PHI and EPHI.??The Contractor will have access to some privileged and confidential materials of VA.? These printed and electronic documents are for internal use only, are not to be copied or released without permission, and remain the sole property of VA.? Some of these materials are protected by the Privacy Act of 1974 (revised by PL 93-5791) and Title 38.? Unauthorized disclosure of Privacy Act or Title 38 covered materials is a criminal offense.The VA CO will be the sole authorized official to release in writing, any data, draft deliverables, final deliverables, or any other written or printed materials pertaining to this contract. The Contractor shall release no information.? Any request for information relating to this contract presented to the Contractor shall be submitted to the VA CO for response.Contractor personnel recognize that in the performance of this effort, Contractor personnel may receive or have access to sensitive information, including information provided on a proprietary basis by carriers, equipment manufacturers and other private or public entities.? Contractor personnel agree to safeguard such information and use the information exclusively in the performance of this contract.? Contractor shall follow all VA rules and regulations regarding information security to prevent disclosure of sensitive information to unauthorized individuals or organizations as enumerated in this section and elsewhere in this Contract and its subparts and appendices.Contractor shall limit access to the minimum number of personnel necessary for contract performance for all information considered sensitive or proprietary in nature.? If the Contractor is uncertain of the sensitivity of any information obtained during the performance this contract, the Contractor has a responsibility to ask the VA CO.Contractor shall train all of their employees involved in the performance of this contract on their roles and responsibilities for proper handling and nondisclosure of sensitive VA or proprietary information.? Contractor personnel shall not engage in any other action, venture or employment wherein sensitive information shall be used for the profit of any party other than those furnishing the information. The sensitive information transferred, generated, transmitted, or stored herein is for VA benefit and ownership alone. Contractor shall maintain physical security at all facilities housing the activities performed under this contract, including any Contractor facilities according to VA-approved guidelines and directives.? The Contractor shall ensure that security procedures are defined and enforced to ensure all personnel who are provided access to patient data must comply with published procedures to protect the privacy and confidentiality of such information as required by VA.Contractor must adhere to the following:The use of “thumb drives” or any other medium for transport of information is expressly prohibited.Controlled access to system and security software and documentation.Recording, monitoring, and control of passwords and privileges.All terminated personnel are denied physical and electronic access to all data, program listings, data processing equipment and systems.VA, as well as any Contractor (or Subcontractor) systems used to support development, provide the capability to cancel immediately all access privileges and authorizations upon employee termination.Contractor PM and VA PM are informed within twenty-four (24) hours of any employee termination.Acquisition sensitive information shall be marked "Acquisition Sensitive" and shall be handled as "For Official Use Only (FOUO)".Contractor does not require access to classified data.Regulatory standard of conduct governs all personnel directly and indirectly involved in procurements.? All personnel engaged in procurement and related activities shall conduct business in a manner above reproach and, except as authorized by statute or regulation, with complete impartiality and with preferential treatment for none.? The general rule is to strictly avoid any conflict of interest or even the appearance of a conflict of interest in VA/Contractor relationships.VA Form 0752 shall be completed by all Contractor employees working on this contract, and shall be provided to the CO before any work is performed.? In the case that Contractor personnel are replaced in the future, their replacements shall complete VA Form 0752 prior to beginning RMATION TECHNOLOGY USING ENERGY-EFFICIENT PRODUCTS The Contractor shall comply with Sections 524 and Sections 525 of the Energy Independence and Security Act of 2007; Section 104 of the Energy Policy Act of 2005; Executive Order 13834, “Efficient Federal Operations”, dated May 17, 2018; Executive Order 13221, “Energy-Efficient Standby Power Devices,” dated August 2, 2001; and the Federal Acquisition Regulation (FAR) to provide ENERGY STAR?, Federal Energy Management Program (FEMP) designated, low standby power, and Electronic Product Environmental Assessment Tool (EPEAT) registered products in providing information technology products and/or services. The Contractor shall ensure that information technology products are procured and/or services are performed with products that meet and/or exceed ENERGY STAR, FEMP designated, low standby power, and EPEAT guidelines. The Contractor shall provide/use products that earn the ENERGY STAR label and meet the ENERGY STAR specifications for energy efficiency. Specifically, the Contractor shall:Provide/use ENERGY STAR products, as specified at products (contains complete product specifications and updated lists of qualifying products). Provide/use the purchasing specifications listed for FEMP designated products at . The Contractor shall use the low standby power products specified at . Provide/use EPEAT registered products as specified at . At a minimum, the Contractor shall acquire EPEAT? Bronze registered products. EPEAT registered products are required to meet the technical specifications of ENERGY STAR, but are not automatically on the ENERGY STAR qualified product lists. The Contractor shall ensure that applicable products are on both the EPEAT Registry and ENERGY STAR Qualified Product Lists.The Contractor shall use these products to the maximum extent possible without jeopardizing the intended end use or detracting from the overall quality delivered to the end user. The following is a list of information technology products for which ENERGY STAR, FEMP designated, low standby power, and EPEAT registered products are available: Computer Desktops, Laptops, Notebooks, Displays, Monitors, Integrated Desktop Computers, Workstation Desktops, Thin Clients, Disk DrivesImaging Equipment (Printers, Copiers, Multi-Function Devices, Scanners, Fax Machines, Digital Duplicators, Mailing Machines)Televisions, Multimedia ProjectorsThis list is continually evolving, and as a result is not all-inclusive.OEM HARDWARE REQUIREMENTSThe Contractor shall ensure that information technology products are procured and/or services are performed with products that are new equipment and new parts for the required services described herein; no used, refurbished, or remanufactured equipment or parts shall be provided under any circumstances. Absolutely no “Gray Market Goods” or “Counterfeit Electronic Parts” shall be provided. Gray market goods are defined as genuine branded goods intentionally or unintentionally sold outside of an authorized sales-territory or by non-authorized dealers in an authorized territory. All equipment shall be accompanied by the original equipment manufacturer’s (OEM’s) warranty. Counterfeit electronic parts are defined as unlawful or unauthorized reproduction, substitution, or alteration that has been knowingly mismarked, misidentified, or otherwise misrepresented to be an authentic, unmodified electronic part from the original manufacturer, or a source with the express written authority of the original manufacturer or current design activity, including an authorized aftermarket manufacturer. Unlawful or unauthorized substitution includes used electronic parts represented as new, or the false identification of grade, serial number, lot number, date code, or performance characteristics. ADDENDUM B – VA INFORMATION AND INFORMATION SYSTEM SECURITY/PRIVACY LANGUAGEAPPLICABLE PARAGRAPHS TAILORED FROM: THE VA INFORMATION AND INFORMATION SYSTEM SECURITY/PRIVACY LANGUAGE, VA HANDBOOK 6500.6, APPENDIX C, MARCH 12, 2010GENERALContractors, Contractor personnel, Subcontractors, and Subcontractor personnel shall be subject to the same Federal laws, regulations, standards, and VA Directives and Handbooks as VA and VA personnel regarding information and information system RMATION SYSTEM DESIGN AND DEVELOPMENTN/AINFORMATION SYSTEM HOSTING, OPERATION, MAINTENANCE, OR USEN/ASECURITY INCIDENT INVESTIGATIONN/ALIQUIDATED DAMAGES FOR DATA BREACHN/ASECURITY CONTROLS COMPLIANCE TESTINGN/ATRAININGN/A TaskDeliverable ID Deliverable Description REF _Ref259632988 \r \h \* MERGEFORMAT 5.1.1AContractor Project Management PlanDue 30 days after receipt of task order (ARO) and updated monthly thereafter.Electronic submission to: VA PM, COR, CO.Inspection: destinationAcceptance: destination5.1.2AMonthly Progress ReportDue the 15th day of each month throughout the period of performance (PoP).Electronic submission to: VA PM, CORInspection: destinationAcceptance: destination 5.2ASite Assessment ReportDue 10 business days after completion of site assessment.Electronic submission to: VA PM, CORInspection: destinationAcceptance: destination 5.3.2.1APreliminary Hardware Deployment Design DocumentDue 15 business days after completion of site assessment.Electronic submission to: VA PM, CORInspection: destinationAcceptance: destination5.4AFacility Receiving ReportDue upon delivery of all equipment to each location. Electronic submission to: VA PM, CORInspection: destinationAcceptance: destination 5.5.2AFacility Tagging and Commissioning PlanDue 30 days prior to the beginning of the tagging process. Electronic submission to: VA PM, CORInspection: destinationAcceptance: destination5.7ASoftware Installation ReportDue upon installation of all software to each location. Electronic submission to: VA PM, CORInspection: destinationAcceptance: destination5.9AAcceptance Test PlanDue 60 business days prior to the first TO Testing event. VA shall have 10 business days to provide comments. Contractor shall provide final updates within 5 business days after VA comment. COR will have 5 business days to review and approve.Electronic submission to: VA PM, CORInspection: destinationAcceptance: destination5.9BRemediation Hardware ReportDue 5 business days after completion of testingElectronic submission to: VA PM, CORInspection: destinationAcceptance: destination 5.9CFacility Acceptance Test ReportDue 5 business days after the completion of testing. VA shall have 10 business days to provide comments. Contractor shall provide final updates within 5 business days after VA comment. COR will have 5 business days to review and approve.Electronic submission to: VA PM, CORInspection: destinationAcceptance: destination5.9DFinal Hardware Deployment Design DocumentDue 10 business days after government acceptance of the Final Test Report.Electronic submission to: VA PM, CORInspection: destinationAcceptance: destination5.10AFacility Training PlanDue 45 days prior to training eventElectronic submission to: VA PM, CORInspection: destinationAcceptance: destination5.10BTraining Materials and SchedulesDue 20 days prior to training event. VA shall have 10 business days to provide comments. Contractor shall provide final updates within 5 business days after VA comment. COR will have 5 business days to review and approve.Electronic submission to: VA PM, CORInspection: destinationAcceptance: destination5.11ATransition PlanDue 30 days prior to the end of PoP.Electronic submission to: VA PM, COR, CO.Inspection: destinationAcceptance: destination5.11BUser and Technical ManualsDue 30 days prior to the end of PoP.Electronic submission to: VA PM, CORInspection: destinationAcceptance: destination5.13AWarranty Status ReportDue 30 days prior to the end of PoP.Electronic submission to: VA PM, CORInspection: destinationAcceptance: destination6.2.2AContractor Staff RosterDue 3 days after contract award and updated throughout the PoP.Electronic submission to: VA PM, COR, CO.Inspection: destinationAcceptance: destination6.2.2.1AVA Privacy and Information Security Awareness and Rules of Behavior Training Certificate of CompletionDue 30 days after contract award dateElectronic submission to: VA PM, CORInspection: destinationAcceptance: destination 6.2.2.1BContractor Rules of Behavior - Signed Due 30 days after contract award dateElectronic submission to: VA PM, CORInspection: destinationAcceptance: destination 6.2.3CFinal Section 508 Compliance Test ResultsDue upon delivery of each deliverableElectronic submission to: VA PM, COR, CO.Inspection: destinationAcceptance: destination ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download