Exhibit 10.1
70RTAC21D00000001
The Department of Homeland Security (DHS)
Office of the Chief Information Officer (OCIO)
Cellular Wireless Managed Services 2.0
Indefinite-Delivery Indefinite-Quantity (IDIQ)
Contract
DHS Office of Procurement Operations 245 Murray Lane, SW, D.C.
20528
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
IDIQ CONTRACT TERMS AND CONDITIONS
Only
the Contracting Officer (CO) for the IDIQ contract is authorized to
change the terms and conditions at the IDIQ contract level by
issuing a modification bilaterally signed by the CO and the
Contractor, which is also referred to as the IDIQ contract
Holder.
1.0
IDIQ Contract Period of Performance/Ordering Period
This is a single award IDIQ contract. The Period of Performance of
this IDIQ contract, which will also be referred to as the Ordering
Period, will be twelve (12) months from the date of IDIQ contract
award with four (4) 12-month option periods.
Orders may be issued at any time during the IDIQ contract period of
performance and may extend for a period of twelve (12) months after
the expiration date of the IDIQ contract. The period of performance
of each order will be specified at the order level.
2.0
Place of Performance
The
primary service location is off-site at the Contractor’s
facilities. The specific place of performance for these locations
will be determined at the order level including both the contiguous
United States (CONUS) or outside the contiguous United States
(OCONUS). The place of performance for in-building wireless
services shall include DHS facilities within the CONUS. The OCONUS
support will be provided remotely for wireless services offering
and trouble-shooting effort over the phone.
The Contractor may authorize its employees to telework under task
orders issued against this IDIQ contract on an as-needed basis. The
Contractor is required to coordinate with the order level CO and/or
Contracting Officer’ Representative (COR) when the need for
telework is identified and shall receive DHS pre-approval. The
Contractor shall maintain their own corporate telework policy for
its employees.
3.0
Type of Orders
The
IDIQ contract will allow for Firm Fixed Price (FFP), Time and
Materials (T&M), Labor Hour (LH), and hybrid type orders. The
type of order will be identified at the order level.
4.0
Flow Down of Clauses
All clauses on the Contractor’s IDIQ contract will flow down
to each order.
5.0 [Reserved].
6.0
Funding Obligation
6.1
Each
individual order placed against this IDIQ contract will obligate
funds.
Page 7 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
6.2
Funding
obligation in the amount of $2,500.00 is provided as a minimum
guaranteed amount covered by this IDIQ contract. Immediately after
the first order is issued against the contract, the funds will be
de-obligated by contract modification. This IDIQ contract does not
obligate any additional funds at the contract level.
7.0 Guarantee and Maximum Contract Limitation
Minimum. The minimum guaranteed award amount for this IDIQ contract
is $2,500
for only the base period of
performance of this contract (inclusive of any fee). Either an
option exercise under FAR clause 52.217-9 or an extension under FAR
clause 52.217-8 does not re-establish the contract
minimum.
(a)
Maximum.
The cumulative dollar ceiling value of the resulting single-award
IDIQ contract is $500,000,000.00.
(b)
The
Government has no obligation to issue Orders to the Contractor
beyond the amount specified in paragraph (a) of this
section.
8.0 IDIQ Ordering Procedures
8.1 IDIQ orders and their administration will be
performed by duly appointed COs assigned by DHS Headquarters and
Components within their warrant authority. The order-level CO shall
award and administer orders in accordance with the DHS internal
ordering procedures that will be established immediately after the
IDIQ award, and the procedures outlined in FAR 16.505(a) Ordering.
Task orders are subject to the terms and conditions of the IDIQ
contract.
8.2 All costs associated with the preparation of the
Contractor’s order proposals will be at the
Contractor’s expense.
8.3 When a requesting office identifies a need that is
within the scope of this IDIQ contract, the requesting
office’s CO and COR shall follow all Headquarters/Component
procedures for ordering off a single-award IDIQ
contract.
8.4
IDIQ
orders may only be issued from the date of the IDIQ contract
establishment through the IDIQ contract’s expiration date.
The maximum period of performance for the order after the
expiration date of the IDIQ contract shall be no longer than twelve
(12) months.
8.5
Each
order issued under this IDIQ contract will include the following
information, as applicable:
(1)
IDIQ
contract number and order number;
(2)
Date
of the order;
(3)
Description
of the work to be performed;
(4)
The
work schedule, period of performance, or required completion date
(include the requesting office’s typical hours of operation,
if applicable);
(5)
Place
of performance;
Page 8 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
(6)
Deliverables;
(7)
CLIN number and description, quantity, unit price,
and extended total;
(8)
The firm-fixed-price to complete the requirements
or labor-mix table with labor categories and rates
identified;
(9)
The security requirements;
(10)
The payment schedule; and
(11)
Accounting and appropriation
data.
8.6
Special Requirements for T&M and LH Orders
For
each order against this IDIQ contract that is issued on a T&M
or LH basis, additional provisions and clauses required for and/or
applicable to T&M or LH services will be incorporated by the
Component ordering office in its solicitation and a resultant task
order award.
9.0
Organizational Conflicts of Interest Notice
The
Contractor should be aware that it may be deemed ineligible to
perform any or entire parts of optional services under task orders
by reason of an organizational conflict of interest (OCI) (see FAR
9.5, Organizational and Consultant Conflicts of Interest). The
Contractor’s eligibility or ineligibility related to the
existing or potential OCI to participate in task orders is
determined by the task order level CO.
10.0 Termination
Notwithstanding
any other provision relating to this IDIQ contract, DHS may
terminate the IDIQ contract at any time in accordance with FAR
52.212-4 (l) or (m). Any disputes will be handled in accordance
with, FAR 52.212-4 (d).
11.0 Invoicing
Invoices
shall be prepared in accordance with FAR Clause 52.232-25, Prompt
Payment, and 52.232-1, Payments. In addition to invoice preparation
as required by the FAR, the Contractor’s invoice shall
include the following information:
(1)
Cover
sheet identifying DHS;
(2)
Order
and Contract Number;
(3)
Modification
Number, if any;
(4)
DUNS
Number;
(5)
Month
services provided
(6)
CLIN
and Accounting Classifications
The
Contractor shall submit the invoice electronically as directed
through the subsequent task orders. The contractor shall provide an
electronic copy of the invoice to the order level COR for IDIQ
expenditure tracking purposes and rate validation.
Page 9 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
The
Contractor shall prepare and submit a sufficient and procurement
regulatory-compliant invoice and receiving report for technical
certification of inspection/acceptance of services and approval for
payment. The Contractor shall attach back up information to the
invoices and receiving reports substantiating all costs for
services performed. A written or electronic acceptance by the COR
and date of acceptance shall be included as part of the backup
documentation. If the invoice is submitted without all required
back up documentation, the invoice shall be rejected. The
Government reserves the right to have all invoices and backup
documentation reviewed by the CO prior to payment
approval.
Additional order invoicing information will be
specified at the order level. 12.0
Discounts
12.1
The Contractor is encouraged to provide additional discounts at the
order level from their IDIQ established rates for any contract line
items (CLINs). The Contractor shall make efforts to have any
discounted rates, which are given to DHS Components in future
orders and are more advantageous than the IDIQ contract rates,
available for other future Components orders.
12.2. Pricing for carriers’ devices and services shall not
exceed the commercial rates or GSA Schedule rates. The Contractor
is encouraged to make efforts to provide a price discount to offer
the best pricing at the order level.
13.0 Travel
The Contractor may be required to travel to support the order
requirements. All travel required by the Government, when the
travel destination is beyond a 50 miles radius of the
Contractor’s primary work location (either the assigned DHS
onsite facility or the Contractor’s corporate office) will be
reimbursed to the Contractor in accordance with the Federal Travel
Regulations and FAR 31.205-46. The contractor shall be responsible
for obtaining advance COR approval (electronic mail is acceptable)
for all reimbursable travel in advance of each travel event. The
travel requirement will be either in the contiguous United States
(CONUS) or outside the contiguous United States
(OCONUS).
14.0 Other Direct Cost (ODC) - Other than Travel
Materials and supplies are separate and distinct from those items
included in the fixed rate or fixed price portions of the contract
or included in the contractor's indirect rates. The contractor
shall not charge the Government for materials/supplies that are
priced in the fixed rates or fixed price portions of the contract
or included in the indirect rates.
15.0 Non-Personal Services
The
Government and the Contractor understand and agree that the
services delivered by the Contractor to the Government are
non-personal services. The parties also recognize and agree that no
employer-employee relationship exists or will exist between the
Government and the
Page 10 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
Contractor.
The Contractor and the Contractor’s employees are not
employees of the Federal Government and are not eligible for
entitlement and benefits given federal employees.
Contractor personnel under the task order shall not (i) be placed
in a position where there is an appearance that they are employed
by a Federal Official, or are under the supervision, direction, or
evaluation of a Federal Official, or (ii) be placed in a position
of command, supervision, administration, or control over Government
personnel.
16.0 Qualified Contractor Personnel
The
Contractor shall be responsible for employing technically qualified
personnel to perform the work specified in the SOW. The Contractor
shall maintain the personnel, organization, and administrative
control necessary to ensure that the work delivered meets the
government’s specifications and requirements. Each Contractor
employee must possess knowledge and experience directly related to
work he/she is required to perform under this IDIQ
contract.
The Government reserves the right, during the life of this IDIQ
contract, to request work histories on any contractor employee for
the purposes of verifying compliance with the above
requirements; additionally, the Government reserves the right to
review and approve resumes of contractor personnel proposed to be
assigned to any Component order. In addition, the contractor shall
have the demonstrated ability to reach out to a wide variety of
subject matter experts in relevant fields, retain their services,
and productively engage them in support of government
requirements.
17.0 Identification of Contractor Personnel
The Contractor shall ensure that its employees identify themselves
as employees of their
respective company while working on DHS contracts. For example,
contractor personnel shall introduce themselves in person and in
voice-mail, and sign attendance logs as employees of their
respective companies, and not as DHS employees. The contractor
shall ensure that their personnel use the following format
signature on all official e-mails generated by DHS
computers:
Name
Position or Professional Title
Company Name
Supporting the Component / Component Office of DHS
Phone
Fax
Other contact information as desired
18.0 Security Requirements
The
specific security requirements will be defined at the Task Order
level. Compliance with the security clauses in this contract is not
optional.
Page 11 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
This
IDIQ contract supports orders from Unclassified to Secret with Top
Secret (TS)/Sensitive Compartmented Information (SCI) access
control during the overall period of performance for the IDIQ
contract. Contract Security Classification Specification, DD Form
254 will be incorporated at time of task order award for security
requirements and classification guidance, as
applicable.
The
Contract awardee must be able to acquire a Top Secret Facility
Clearance Level within one (1) year after contract award. Failure
to meet this requirement may result in contract
termination.
The
Contract employees, performing work in support of this award shall
have been granted at a minimum “Top Secret” security
clearance from the Defense Industrial Security Clearance Office.
The contract employees will only have access to SECRET level
information until Defense Security Service has granted a full TS to
the Contractor Facility.
Note:
Interim TS is not accepted by DHS for access to Top Secret
information.
*
This can only apply if SECRET level work is available until a Final
Facility Level Clearance at TS is granted. Not all contract
personnel may require access at the full TS/SCI level. This is
determined by the CO/PM on the 1125 form sent to Personnel Security
for Suitability/Onboarding. The contract employees will only have
access to SECRET level information until Defense Security Service
has granted a full TS to the Contractor Facility.
All contractor personnel under this IDIQ contract
shall be required to complete DHS Entry on Duty (EOD) and will not
be permitted access to DHS facilities, systems and information
until EOD status is approved. All EODs will be facilitated at the
Task Order level.
The
procedures outlined below will be used by the DHS Office of the
Chief Security Officer (OCSO), Personnel Security Division (PSD) to
process background investigations, EOD determinations, and Fitness
determinations, as required, in a timely and efficient
manner.
Contractor
employees (to include applicants, temporary, part-time and
replacement employees) under the contract, requiring access to
sensitive information, shall undergo a position-sensitivity
analysis based on the duties each individual will perform on the
contract. The results of the position sensitivity analysis shall
identify the appropriate background investigation to be conducted.
All background investigations will be processed through the DHS
OCSO/PSD. Prospective contractor employees shall submit the below
completed forms to the DHS OCSO/PSD. The Standard Form (SF) 85-P
must be completed electronically through the Office of Personnel
Management’s e-QIP SYSTEM. The SF-85P signature pages and
other completed forms must be given to the OSCO/PSD no less than
thirty (30) calendar days before the start date of the contract or
thirty (30) calendar days prior to the requested entry on duty
date, for all contractor employees whether a replacement, addition,
subcontractor employee, or vendor:
a.
Standard Form (SF)
85-P, “Questionnaire for Public Trust
Positions”
i.
SF-85P
Certification
ii.
SF-85P
Authorization for Release of Information
b.
FD Form 258,
“Fingerprint Card” (2 copies)
Page 12 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
c.
DHS
Form 11000-6 “Conditional Access To Sensitive But
Unclassified Information Non-Disclosure
Agreement”
d.
DHS
Form 11000-9, “Disclosure and Authorization Pertaining to
Consumer Reports Pursuant to the Fair Credit Reporting
Act”
Only
complete packages will be accepted by the DHS OCSO/PSD. Specific
instructions on submission of packages will be provided upon award
of the contract.
The
DHS OCSO/PSD may, as it deems appropriate, authorize and grant a
favorable EOD decision based on preliminary checks. A favorable EOD
decision allows a contractor employee to commence work temporarily
prior to the completion of the full background investigation. The
granting of a favorable EOD decision shall not be considered as
assurance that a favorable Fitness determination will follow. In
addition, a favorable EOD or Fitness determination shall in no way
prevent, preclude, or bar DHS from withdrawing or terminating
access to government facilities or information, at any time during
the term of the contract. No employee of the contractor shall be
allowed unescorted access to a Government facility without a
favorable EOD or Fitness determination by the DHS
OCSO/PSD.
Limited
access to Government buildings is allowable without an EOD decision
if the contractor is escorted by a Government employee and the
purpose of the visit is to attend a limited number of required
briefings or nonrecurring meetings in order to facilitate the
transition of a contract. The intent of this statement is to allow
a minimum amount of meeting/transition attendances to prepare for
the new contract.
The
DHS OCSO/PSD shall be notified of all terminations/resignations
within five (5) calendar days of occurrence. The contractor shall
return to the COR all DHS issued identification cards and building
passes that have either expired or have been collected from
terminated employees. If an identification card or building pass is
not available to be returned, a report shall be submitted to the
COR, referencing the pass or card number, name of individual to
whom it was issued and the last known location and disposition of
the pass or card.
When
sensitive Government information is processed on Department
telecommunications and automated information systems, the
contractor shall provide for the administrative control of
sensitive data being processed. Contractor personnel must have a
favorable EOD or Fitness determination by the DHS OCSO/PSD, to
access this information. Contractors who fail to comply with
Department security policy are subject to having their access to
Department IT systems and facilities terminated, whether or not the
failure results in criminal prosecution. Any person who improperly
discloses sensitive information is subject to criminal and civil
penalties and sanctions under a variety of laws (e.g., Privacy
Act).
Requests for Exception to U.S. Citizenship Requirement
Special procedures apply for exception to the requirement that
persons accessing DHS systems be U.S. citizens. Under normal
circumstances, only U.S. citizens are allowed access to DHS systems
and networks; but there is a need at times to grant access to
foreign nationals. Access for foreign nationals is normally a
long-term commitment, and exceptions to citizenship requirements
are treated differently from security policy waivers. Exceptions to
the U.S. citizenship requirement should be requested by completing
a Foreign National Visitor Access Request, DHS Form
11052-
Page 13 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
1, which is available online or through the DHS Office of the Chief
Security Officer (OCSO). Components who have access may file their
request via the Foreign National Vetting Management System (FNVMS),
a part of the DHS OCSO Integrated Security Management System's
(ISMS). For further information regarding the citizenship exception
process, contact the DHS OCSO
This Policy Directive and the DHS 4300A Sensitive Systems Handbook
apply to all DHS employees, contractors, detailees, others working
on behalf of DHS, and users of DHS information systems that
collect, generate, process, store, display, transmit, or receive
DHS information unless an approved waiver has been granted. This
includes prototypes, telecommunications systems, and all systems in
all phases of the Systems Engineering Life Cycle
(SELC).
Failure to follow these instructions may delay the
completion of background investigations, EOD and Fitness
determinations. Note that any delays in this process, which are not
caused by the Government, do not relieve a contractor from
performing under the terms of the contract. Your
POC at the Security Office is:
______________________________________
19.0 Contractor Performance Assessment Reporting System
(CPARS)
DHS collects vendor performance data in CPARS.
CPARS is a web-enabled application that collects and manages the
library of automated Contractor Performance Assessment Reports
(CPARs). CPARS is for UNCLASSIFIED use only. Classified information
is not to be entered into this system. A CPAR assesses a
contractor's performance and provides a record, both positive and
negative, on a given contractor during a specific period of time.
Each assessment is based on objective facts and supported by
program and contract management data, such as cost performance
reports, customer comments, quality reviews, technical interchange
meetings, fmancial solvency assessments, construction/production
management reviews, contractor operations reviews, functional
performance evaluations, and earned contract incentives. The
contractor shall participate in the DHS CPARS program via the CPARS
website at: https://www.cpars.gov.
20.0 Disclosure of Information
20.1 The contractor is reminded
that information incorporated into the IDIQ contract or into an
order may be subject to disclosure under the Freedom of Information
Act (FOIA). See paragraph (e) of FAR 52.212-1, Instructions to
Offerors — Commercial Items, for guidance on marking data
submitted as part of a quotation for the IDIQ contract or for an
order.
20.2 Any information made available to the IDIQ
contract Holder by the Government must be used only for the purpose
of carrying out the provisions of this IDIQ contract and all
subsequent orders and must not be divulged or made known in any
manner to any person except as may be necessary in the performance
of the order.
20.3 In performance of this
IDIQ contract, the IDIQ contract Holder assumes responsibility for
protection of the confidentiality of Government records and must
ensure that all work performed
Page 14 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
by
its subcontractors shall be under the supervision of the IDIQ
contract Holder or the IDIQ contract Holder's responsible
employees.
20.4 Each officer or employee of the IDIQ contract
Holder or any of its subcontractors to whom any Government record
may be made available or disclosed must be notified in writing by
the IDIQ Holder that information disclosed to such officer or
employee can be used only for a purpose and to the extent
authorized herein.
21.0 Subcontract Arrangements
21.1 It is anticipated that the awarded contractor will
be termed “IDIQ Contract Holder" or “IDIQ Contractor"
and considered the Prime Contractor. The IDIQ Contract Holder may
have subcontractor agreements with other contractors termed
“subcontractors” for purposes of meeting the
requirements of the IDIQ contract.
21.2 For purposes of the IDIQ contract and order
administration, all Government communications, ordering, and
scheduling flows through the IDIQ Contract Holder. Furthermore, all
invoices shall be submitted by the IDIQ Contract Holder and all
payments will be made to the IDIQ Contract Holder who, in turn,
will be responsible for payment to each subcontractor. Any disputes
involving the distribution of payment between the IDIQ Contract
Holder and subcontractor shall be resolved without any involvement
of the Government.
21.3 The IDIQ Contract Holder shall provide the IDIQ
contract CO with a primary and alternate administrative points of
contact (POC) after IDIQ contract award. The IDIQ Contract Holder
shall notify the DHS IDIQ contract CO and Contracting Officer's
Representative (COR) of any changes in contact information as
expeditiously as possible.
21.4 If the addition of a new subcontractor is
requested by the IDIQ Contract Holder, the IDIQ Contact Holder
shall submit the new teaming arrangement document to the IDIQ CO.
The IDIQ Contract Holder shall also include the work to be
performed by the new partner, and the new partner's
responsibilities as it relates to the services and tasks in the
IDIQ contract SOW. The IDIQ contract CO will review the request for
a new subcontractor and either approve the request or provide
rationale for denying the request.
22.0 IDIQ Contract Prices and Price Adjustments
22.1 The discount pricing established at the IDIQ level
shall be maintained throughout the life of the IDIQ contract,
unless a price adjustment is justified and incorporated by the IDIQ
contract CO.
22.2 The order level CO may seek additional discounts
or price reductions from the IDIQ contract pricing when issuing a
task order.
22.3 For any price increase or decreases made to the
carrier’s GSA Schedule contract, if affecting the established
IDIQ contract pricing, the Contractor shall immediately notify the
IDIQ contract CO.
Page 15 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
23.0 FAR Clauses
FAR 52.252-2 Clauses Incorporated by Reference (FEB
1998)
This IDIQ contract incorporates one or more clauses by reference,
with the same force and effect as if they were given in full text.
Upon request, the Contracting Officer will make their full text
available. Also, the full text of a clause may be accessed
electronically at the following web addresses:
http://acquisition.gov/far/index.htral
The
following clauses are incorporated by reference:
|
CLAUSE
|
TITLE
|
DATE
|
|
52.202-1
|
Definitions
|
Jun
2020
|
|
52.203-12
|
Limitation
on Payments to Influence Certain Federal Transactions
|
Jun
2020
|
|
52.203-17
|
Contractor
Employee Whistleblower Rights and Requirement To Inform Employees
of Whistleblower Rights
|
Jun
2020
|
|
52.204-2
|
Security
Requirements
|
Aug
1996
|
|
52.204-9
|
Personal
Identity Verification of Contractor Personnel
|
Jan
2011
|
|
52.209-10
|
Prohibition
on Contracting with Inverted Domestic Corporations
|
Nov
2015
|
|
52.212-4
|
Contract
Terms and Conditions — Commercial Items
|
Oct
2018
|
|
52.212-4
Alt 1
|
Contract
Terms and Conditions — Commercial Items
|
Jan
2017
|
|
52.216-32
|
Task-Order
and Delivery-Order Ombudsman
|
Sept
2019
|
|
52.227-14
|
Rights
in Data - General
|
May
2014
|
|
52.242-3
|
Penalties
for Unallowable Costs
|
May
2014
|
|
52.245-1
|
Government
Property
|
Jan
2017
|
|
52.245-9
|
Use
and Charges
|
Apr
2012
|
|
52.246-25
|
Limitation
of Liability—Services
|
Feb
1997
|
|
52.247-35
|
F.O.B.
Destination, Within Consignee's Premises
|
Apr
1984
|
|
52.251-1
|
Government
Supply Sources
|
Apr
2012
|
FAR Clauses Incorporated in Full Text
52.204-23 PROHIBITION ON
CONTRACTING FOR HARDWARE, SOFTWARE, AND SERVICES DEVELOPED OR
PROVIDED BY KASPERSKY LAB AND OTHER COVERED E NTITIES
(DEVIATION 20-05)
(a)
Definitions.
As used in this clause-
"Covered article" means any hardware, software, or service
that-
(1)
Is
developed or provided by a covered entity;
Page 16 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
(2)
Includes
any hardware, software, or service developed or provided in whole
or in part by a covered entity; or
(3)
Contains
components using any hardware or software developed in whole or in
part by a
covered
entity.
"Covered
entity" means-
(1)
Kaspersky
Lab;
(2)
Any
successor entity to Kaspersky Lab;
(3)
Any
entity that controls, is controlled by, or is under common control
with Kaspersky Lab; or
(4)
Any
entity of which Kaspersky Lab has a majority
ownership.
(b)
Prohibition.
Section 1634 of Division A of the National Defense Authorization
Act for Fiscal Year 2018 (Pub. L. 115-91) prohibits Government use
of any covered article. The Contractor is prohibited
from-
(1)
Providing
any covered article that the Government will use on or after
October 1, 2018; and
(2)
Using
any covered article on or after October 1, 2018 , in the
development of data or deliverables first produced in the
performance of the contract.
(c)
Reporting
requirement.
(1)
In the event the Contractor identifies covered
article provided to the Government during contract performance, or
the Contractor is notified of such by a subcontractor at any tier
or by any other source, the Contractor shall report, in writing,
via email, to the Contracting Officer, Contracting Officer ' s
Representative , and the Enterprise Security Operations Center
(SOC) at NDAA Incidents@ hq.dhs.gov,
with required information in the body of the email. In the case of
the Department of Defense, the Contractor shall report to the
website at https://dibnet.dod.mil.
For indefinite delivery contracts, the Contractor shall report to
the Enterprise SOC, Contracting Officer for the indefinite delivery
contract and the Contracting
Officer(s) and Contracting Officer's
Representative(s) for any affected order or, in the case of the
Department of Defense, identify both the indefinite delivery
contract and any affected orders in the report provided at
https://dibne t.dod.mil.
(2)
The
Contractor shall report the following information pursuant to
paragraph (c)(1) of this clause:
(i)
Within
1 business day from the date of such identification or
notification: the contract number; the order number(s), if
applicable; supplier name; brand; model number (Original Equipment
Manufacturer (OEM) number, manufacturer part number, or wholesaler
number); item description; and any readily available information
about mitigation actions undertaken or recommended.
(ii)
Within
10 business days of submitting the report pursuant to paragraph
(c)(1) of this clause: any further available information about
mitigation actions undertaken or recommended. In addition, the
Contractor shall describe the efforts it undertook to prevent use
or submission of a covered article, any reasons that led to the use
or submission of the covered article, and any additional efforts
that will be incorporated to prevent future use or submission of
covered articles. (c) Subcontracts. The Contractor shall insert the
substance of this clause, including this paragraph (d), in all
subcontracts, including subcontracts for the acquisition of
commercial items.
Page 17 of 53
70RTAC21D00000001DHS-Wide Cellular Wireless Managed Services
2.0
(End of clause)
52.204-25 PROHIBITION ON CONTRACTING FOR
CERTAIN TELECOMMUNICATIONS AND
VIDEO SURVEILLANCE SERVICES OR EQUIPMENT (DEVIATION 20-05) (AUG 2020)
(a) Definitions.
As used in this
clause—
“Backhaul”
means intermediate links between the core network, or backbone
network, and the small subnetworks at the edge of the network
(e.g., connecting cell phones/towers to the core telephone
network). Backhaul can be wireless (e.g., microwave) or wired
(e.g., fiber optic, coaxial cable, Ethernet).
“Covered
foreign country” means The People’s Republic
of
China. “Covered telecommunications equipment or
services”
means–
(1)
Telecommunications
equipment produced by Huawei Technologies Company or ZTE
Corporation (or any subsidiary or affiliate of such
entities);
(2)
For
the purpose of public safety, security of Government facilities,
physical security surveillance of critical infrastructure, and
other national security purposes, video surveillance and
telecommunications equipment produced by Hytera Communications
Corporation, Hangzhou Hikvision Digital Technology Company, or
Dahua Technology Company (or any subsidiary or affiliate of such
entities);
(3)
Telecommunications
or video surveillance services provided by such entities or using
such equipment; or
(4)
Telecommunications
or video surveillance equipment or services produced or provided by
an entity that the Secretary of Defense, in consultation with the
Director of National Intelligence or the Director of the Federal
Bureau of Investigation, reasonably believes to be an entity owned
or controlled by, or otherwise connected to, the government of a
covered foreign country.
“Critical
technology” means–
(1)
Defense articles or defense services included on the United States
Munitions List set forth in the International Traffic in Arms
Regulations under subchapter M of chapter I of title 22, Code of
Federal Regulations;
(i)
Items included on the Commerce Control List set forth in Supplement
Page 18 of 53
70RTAC21D00000001DHS-Wide Cellular Wireless Managed Services
2.0
No.
1 to part 774 of the Export Administration Regulations under
subchapter C of chapter VII of title 15, Code of Federal
Regulations, and controlled-Pursuant to multilateral regimes,
including for reasons relating to national security, chemical and
biological weapons proliferation, nuclear nonproliferation, or
missile technology; or
(ii)
For reasons relating to regional stability or surreptitious
listening;
(2)
Specially
designed and prepared nuclear equipment, parts and components,
materials, software, and technology covered by part 810 of title
10, Code of Federal Regulations (relating to assistance to foreign
atomic energy activities);
(3)
Nuclear
facilities, equipment, and material covered by part 110 of title
10, Code of Federal Regulations (relating to export and import of
nuclear equipment and material);
(4)
Select
agents and toxins covered by part 331 of title 7, Code of Federal
Regulations, part 121 of title 9 of such Code, or part 73 of title
42 of such Code; or
(5)
Emerging
and foundational technologies controlled pursuant to section 1758
of the Export Control Reform Act of 2018 (50 U.S.C.
4817).
“Interconnection
arrangements” means arrangements governing the physical
connection of two or more networks to allow the use of
another’s network to hand off traffic where it is ultimately
delivered (e.g., connection of a customer of telephone provider A
to a customer of telephone company B) or sharing data and other
information resources.
“Reasonable
inquiry” means an inquiry designed to uncover any information
in the entity’s possession about the identity of the producer
or provider of covered telecommunications equipment or services
used by the entity that excludes the need to include an internal or
third-party audit.
“Roaming”
means cellular communications services (e.g., voice, video, data)
received from a visited network when unable to connect to the
facilities of the home network either because signal coverage is
too weak or because traffic is too high.
“Substantial
or essential component” means any component necessary for the
proper function or performance of a piece of equipment, system, or
service.
(b) Prohibition.
Page 19 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
(c)
Section 889(a)(1)(A) of the John S. McCain National Defense
Authorization Act for Fiscal Year 2019 (Pub. L. 115–232)
prohibits the head of an executive agency on or after August 13,
2019, from procuring or obtaining, or extending or renewing a
contract to procure or obtain, any equipment, system, or service
that uses covered telecommunications equipment or services as a
substantial or essential component of any system, or as critical
technology as part of any system. The Contractor is prohibited from
providing to the Government any equipment, system, or service that
uses covered telecommunications equipment or services as a
substantial or essential component of any system, or as critical
technology as part of any system, unless an exception at paragraph
of this clause applies or the covered telecommunication equipment
or services are covered by a waiver described in FAR
4.2104.
(2)
Section 889(a)(1)(B) of the John S. McCain National Defense
Authorization Act for Fiscal Year 2019 (Pub. L. 115–232)
prohibits the head of an executive agency on or after August 13,
2020, from entering into a contract, or extending or renewing a
contract, with an entity that uses any equipment, system, or
service that uses covered telecommunications equipment or services
as a substantial or essential component of any system, or as
critical technology as part of any system, unless an exception at
paragraph
(c)
of this clause applies or the covered telecommunication equipment
or services are covered by a waiver described in FAR 4.2104. This
prohibition applies to the use of covered telecommunications
equipment or services, regardless of whether that use is in
performance of work under a Federal contract.
(c) Exceptions.
This clause does not prohibit
contractors from providing—
(1)
A
service that connects to the facilities of a third-party, such as
backhaul, roaming, or interconnection arrangements; or
(2)
Telecommunications
equipment that cannot route or redirect user data traffic or permit
visibility into any user data or packets that such equipment
transmits or otherwise handles.
(d) Reporting requirement.
(1)
In the event the Contractor identifies covered telecommunications
equipment or services used as a substantial or essential component
of any system, or as critical technology as part of any system,
during contract performance, or the Contractor is notified of such
by a subcontractor at any tier or by any other source, the
Contractor shall report the information in paragraph (d)(2) of this
clause in writing via email to the Contracting Officer, Contracting
Officer’s Representative, and the Enterprise
Security Operations Center (SOC)
at
, with required
information
in the body of the email. In the case of the Department of Defense,
the Contractor shall report to the
website
at
. For indefinite
Page 20 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
delivery
contracts, the Contractor shall report to the Enterprise SOC,
Contracting Officer for the indefinite delivery contract and the
Contracting Officer(s) and Contracting Officer’s
Representative(s) for any affected order or, in the case of the
Department of Defense, identify both the indefinite delivery
contract and anyaffected orders in the
report provided
at
.
(2)
The Contractor shall report the following information pursuant to
paragraph (d)(1) of this clause
(i)
Within
one business day from the date of such identification or
notification: the contract number; the order number(s), if
applicable; supplier name; supplier unique entity identifier (if
known); supplier Commercial and Government Entity(CAGE) code (if
known); brand; model number (original equipment manufacturer
number, manufacturer part number, or wholesaler number); item
description; and any readily available information about mitigation
actions undertaken or recommended.
(ii)
Within
10 business days of submitting the information in paragraph
(d)(2)(i) of this clause: any further available information about
mitigation actions undertaken or recommended. In addition, the
Contractor shall describe the efforts it undertook to prevent use
or submission of covered telecommunications equipment or services,
and any additional efforts that will be incorporated to prevent
future use or submission of covered telecommunications equipment or
services.
(e) Subcontracts.
The Contractor shall insert the
substance of this clause, including this paragraph (e), in all
subcontracts and other contractual instruments,
including subcontracts
for the acquisition of commercial items.
(End of clause)
52.212-5 Contract Terms and Conditions Required to Implement
Statutes or Executive Orders - Commercial Items (OCT
2020)
(a)
The Contractor shall comply with the following Federal Acquisition
Regulation (FAR) clauses, which are incorporated in this contract
by reference, to implement provisions of law or Executive orders
applicable to acquisitions of commercial items:
(1) 52.203-19,
Prohibition on Requiring Certain Internal Confidentiality
Agreements or Statements (JAN 2017) (section 743 of Division E, Title VII, of
the Consolidated and Further Continuing Appropriations Act, 2015
(Pub. L. 113-235) and its successor provisions in subsequent
appropriations acts (and as extended in continuing
resolutions)).
(2) 52.204-23,
Prohibition on Contracting for Hardware, Software, and Services
Developed or Provided by Kaspersky Lab and Other Covered Entities
(JUL
2018) (Section 1634 of Pub. L.
115-91).
Page 21 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
(3) 52.204-25,
Prohibition on Contracting for Certain Telecommunications and Video
Surveillance Services or Equipment. (AUG 2020) (Section 889(a)(1)(A) of Pub. L.
115-232).
(4) 52.209-10,
Prohibition on Contracting with Inverted Domestic Corporations
(NOV
2015).
(5) 52.233-3,
Protest After Award (AUG 1996) (31 U.S.C. 3553).
(6) 52.233-4,
Applicable Law for Breach of Contract Claim (OCT 2004) (Public Laws 10877 and 108-78 ( 19 U.S.C.
3805 note)).
(b)
The Contractor shall comply with the FAR clauses in this paragraph
(b) that the Contracting Officer has indicated as being
incorporated in this contract by reference to implement provisions
of law or Executive orders applicable to acquisitions of commercial
items:
[Contracting Officer check as
appropriate.]
X
(1) 52.203-6,
Restrictions on Subcontractor Sales to the Government
(JUNE
2020), with Alternate
I (OCT 1995) (41 U.S.C. 4704 and 10 U.S.C.
2402).
X
(2) 52.203-13,
Contractor Code of Business Ethics and Conduct
(JUN
2020) (41 U.S.C.
3509)).
(3) 52.203-15, Whistleblower Protections under the
American Recovery and Reinvestment Act of 2009
(JUN
2010) (Section 1553 of Pub. L. 111-5).
(Applies to contracts funded by the American Recovery and
Reinvestment Act of 2009.)
X (4) 52.204-10, Reporting Executive Compensation
and First-Tier Subcontract Awards (JUN 2020) (Pub. L. 109-282) ( 31 U.S.C. 6101
note).
__
(5) [Reserved].
(6) 52.204-14, Service Contract Reporting
Requirements (OCT 2016) (Pub. L. 111-117, section 743 of Div.
C).
X
(7) 52.204-15,
Service Contract Reporting Requirements for Indefinite-Delivery
Contracts (OCT 2016) (Pub. L. 111-117, section 743 of Div.
C).
X
(8) 52.209-6,
Protecting the Government’s Interest When Subcontracting with
Contractors Debarred, Suspended, or Proposed for Debarment.
(JUN
2020) (31 U.S.C. 6101
note).
(9) 52.209-9, Updates of Publicly Available
Information Regarding Responsibility Matters (OCT 2018) (41 U.S.C. 2313).
__
(10) [Reserved].
__
(11)
Page 22 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
(i) 52.219-3, Notice of HUBZone Set-Aside or Sole-Source Award
(MAR
2020) (15 U.S.C.
657a).
__ (ii) Alternate I (MAR 2020) of 52.219-3.
__
(12)
(i) 52.219-4, Notice of Price Evaluation Preference for HUBZone
Small Business Concerns (MAR
2020) (if the offeror elects to waive the preference, it shall so
indicate in its offer)
(15 U.S.C. 657a).
__ (ii) Alternate I (MAR 2020) of 52.219-4.
__
(13) [Reserved]
_X_
(14)
(i) 52.219-6, Notice of Total Small Business Set-Aside
(MAR
2020) (15 U.S.C.
644).
__ (ii) Alternate I (MAR 2020) of 52.219-6.
__
(15)
(i) 52.219-7, Notice of Partial Small Business Set-Aside
(MAR
2020) (15 U.S.C.
644).
__ (ii) Alternate I (MAR 2020) of 52.219-7.
__ (16) 52.219-8, Utilization of Small Business
Concerns (OCT
2018) (15 U.S.C. 637(d)(2) and (3)).
__
(17)
(i) 52.219-9, Small Business Subcontracting Plan
(JUN
2020) (15 U.S.C.
637(d)(4)).
__ (ii) Alternate I (NOV 2016) of 52.219-9.
__ (iii) Alternate II (NOV 2016) of 52.219-9.
__ (iv) Alternate III (JUN 2020) of 52.219-9.
__ (v) Alternate IV (JUN 2020) of 52.219-9
__
(18)
(i) 52.219-13, Notice of Set-Aside of Orders (MAR 2020) (15 U.S.C. 644(r)).
(ii) Alternate I (MAR 2020) of 52.219-13.
__ (19) 52.219-14, Limitations on Subcontracting
(MAR
2020) (15 U.S.C. 637(a)(14)).
g
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
(20) 52.219-16,
Liquidated Damages-Subcontracting Plan (JAN 1999) (15 U.S.C.
637(d)(4)(F)(i)).
(21) 52.219-27,
Notice of Service-Disabled Veteran-Owned Small Business Set-Aside
(MAR
2020) (15 U.S.C.
657f).
__
(22)
(i) 52.219-28, Post Award Small Business Program
Rerepresentation (MAY 2020) (15 U.S.C. 632(a)(2)).
(ii)
Alternate I (MAR 2020) of 52.219-28.
(23) 52.219-29,
Notice of Set-Aside for, or Sole Source Award to, Economically
Disadvantaged Women-Owned Small Business Concerns
(MAR
2020) (15 U.S.C.
637(m)).
(24) 52.219-30,
Notice of Set-Aside for, or Sole Source Award to, Women-Owned Small
Business Concerns Eligible Under the Women-Owned Small Business
Program (Mar2020) (15 U.S.C. 637(m)).
(25) 52.219-32,
Orders Issued Directly Under Small Business Reserves
(MAR
2020) (15 U.S.C.
644(r)).
__ (26) 52.219-33, Nonmanufacturer Rule
(MAR
2020) (15U.S.C. 637(a)(17)). _X_ (27)
52.222-3, Convict Labor (JUN 2003) (E.O.11755).
X (28) 52.222-19, Child Labor-Cooperation with
Authorities and Remedies (JAN2020) (E.O.13126).
_X_ (29) 52.222-21, Prohibition of Segregated
Facilities (APR 2015).
_X_
(30)
(i) 52.222-26, Equal Opportunity
(SEP
2016) (E.O.11246).
__ (ii) Alternate I (FEB 1999) of 52.222-26.
_X_
(31)
(i) 52.222-35, Equal Opportunity for Veterans
(JUN
2020) (38 U.S.C.
4212).
__ (ii) Alternate I (JUL 2014) of 52.222-35.
_X_
(32)
(i) 52.222-36, Equal Opportunity for Workers with
Disabilities (JUN 2020) (29 U.S.C. 793).
Page 24 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
__ (ii) Alternate I (JUL 2014) of 52.222-36.
_X_ (33) 52.222-37, Employment Reports on Veterans
(JUN
2020) (38 U.S.C.
4212).
X (34) 52.222-40, Notification of Employee Rights
Under the National Labor Relations Act (DEC 2010) (E.O. 13496).
_X_
(35)
(i) 52.222-50, Combating Trafficking in Persons
(OCT
2020) (22 U.S.C. chapter 78 and E.O.
13627).
__ (ii) Alternate I (MAR 2015) of 52.222-50 (22 U.S.C. chapter 78 and E.O.
13627).
X (36) 52.222-54, Employment Eligibility
Verification (OCT 2015). (Executive Order 12989). (Not applicable to
the acquisition of commercially available off-the-shelf items or
certain other types of commercial items as prescribed in
22.1803.)
__
(37)
(i)
52.223-9, Estimate of Percentage of Recovered Material Content for
EPA–Designated Items (May 2008) ( 42 U.S.C.
6962(c)(3)(A)(ii)). (Not applicable to the acquisition of
commercially available off-the-shelf items.)
(ii) Alternate I (MAY 2008) of 52.223-9 (42 U.S.C. 6962(i)(2)(C)). (Not
applicable to the acquisition of commercially available
off-the-shelf items.)
(38) 52.223-11, Ozone-Depleting Substances and High
Global Warming Potential Hydrofluorocarbons (Jun 2016) (E.O.
13693).
(39) 52.223-12, Maintenance, Service, Repair, or
Disposal of Refrigeration Equipment and Air Conditioners
(JUN
2016) (E.O.
13693).
__
(40)
(i) 52.223-13, Acquisition of
EPEAT®-Registered Imaging Equipment (JUN 2014) (E.O.s 13423 and 13514).
__ (ii) Alternate I (OCT 2015) of 52.223-13.
__
(41)
(i) 52.223-14, Acquisition of
EPEAT®-Registered Televisions (JUN 2014) (E.O.s 13423 and 13514).
__
(ii) Alternate I (Jun2014) of 52.223-14.
Page 25 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
X (42) 52.223-15, Energy Efficiency in
Energy-Consuming Products (MAY 2020) (42 U.S.C. 8259b).
__
(43)
(i) 52.223-16, Acquisition of
EPEAT®-Registered Personal Computer Products
(OCT
2015) (E.O.s 13423 and
13514).
__ (ii) Alternate I (JUN 2014) of 52.223-16.
X (44) 52.223-18, Encouraging Contractor Policies
to Ban Text Messaging While Driving (JUN 2020) (E.O. 13513).
__ (45) 52.223-20, Aerosols (JUN 2016) (E.O. 13693).
__
(46) 52.223-21, Foams (Jun2016) (E.O. 13693).
__
(47)
(i) 52.224-3 Privacy Training (JAN 2017) (5 U.S.C. 552 a).
__ (ii) Alternate I (JAN 2017) of 52.224-3.
__ (48) 52.225-1,
Buy American-Supplies (May 2014) (41 U.S.C. chapter
83).
__
(49)
(i) 52.225-3, Buy American-Free Trade Agreements-Israeli Trade Act
(MAY
2014) (41 U.S.C.chapter83, 19 U.S.C. 3301 note, 19 U.S.C. 2112
note, 19 U.S.C. 3805 note, 19 U. S.C. 4001 note, Pub. L. 103-182,
108-77, 108-78, 108-286, 108-302, 109-53, 109-169, 109-283,
110-138, 112-41, 112-42, and 112-43.
__ (ii) Alternate I (MAY 2014) of 52.225-3.
__ (iii) Alternate II (MAY 2014) of
52.225-3.
__ (iv) Alternate III (MAY 2014) of
52.225-3.
(50) 52.225-5,
Trade Agreements (OCT 2019) (19 U.S.C. 2501, et
seq., 19 U.S.C. 3301
note).
(51) 52.225-13,
Restrictions on Certain Foreign Purchases (JUN 2008) (E.O.’s, proclamations, and statutes
administered by the Office of Foreign Assets Control of the
Department of the Treasury).
(52) 52.225-26,
Contractors Performing Private Security Functions Outside the
United States (Oct 2016) (Section 862, as amended, of the National
Defense Authorization Act for Fiscal Year 2008; 10 U.S.C.
2302Note).
Page 26 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
(53) 52.226-4,
Notice of Disaster or Emergency Area Set-Aside (Nov2007) (42 U.S.C.
5150).
(54) 52.226-5,
Restrictions on Subcontracting Outside Disaster or Emergency Area
(Nov2007) (42 U.S.C. 5150).
__ (55) 52.229-12, Tax on Certain Foreign
Procurements (JUN 2020).
(56) 52.232-29,
Terms for Financing of Purchases of Commercial Items
(FEB
2002) (41 U.S.C. 4505, 10 U.S.C.
2307(f)).
(57) 52.232-30,
Installment Payments for Commercial Items (Jan2017) (41 U.S.C.
4505, 10 U.S.C. 2307(f)).
X (58) 52.232-33, Payment by Electronic Funds
Transfer-System for Award Management (OCT2018) (31 U.S.C. 3332).
(59)
52.232-34, Payment by Electronic Funds Transfer-Other than System
for Award Management (Jul 2013) (31 U.S.C. 3332).
_X_ (60) 52.232-36, Payment by Third Party
(MAY
2014) (31 U.S.C.
3332).
_X_ (61) 52.239-1, Privacy or Security Safeguards
(AUG
1996) (5 U.S.C.
552a).
(62) 52.242-5, Payments to Small Business
Subcontractors (JAN 2017) (15 U.S.C. 637(d)(13)).
__
(63)
(i) 52.247-64, Preference for Privately Owned
U.S.-Flag Commercial Vessels (FEB 2006) (46 U.S.C. Appx. 1241(b) and 10 U.S.C.
2631).
__ (ii) Alternate I (APR 2003) of 52.247-64.
__ (iii) Alternate II
(FEB
2006) of
52.247-64.
(c)
The Contractor shall comply with the FAR clauses in this paragraph
(c), applicable to commercial services, that the Contracting
Officer has indicated as being incorporated in this contract by
reference to implement provisions of law or Executive orders
applicable to acquisitions of commercial items:
[Contracting Officer check as
appropriate.]
__ (1) 52.222-41, Service Contract Labor Standards
(AUG
2018) (41 U.S.C.
chapter67).
X (2) 52.222-42, Statement of Equivalent Rates for
Federal Hires (MAY 2014) (29 U.S.C. 206 and 41 U.S.C. chapter
67).
Page 27 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
(3) 52.222-43,
Fair Labor Standards Act and Service Contract Labor
Standards-Price
Adjustment (Multiple Year and Option Contracts)
(AUG
2018) (29 U.S.C. 206 and 41 U.S.C. chapter 67).
(4) 52.222-44,
Fair Labor Standards Act and Service Contract Labor Standards-Price
Adjustment (May 2014) ( 29U.S.C.206 and 41 U.S.C. chapter
67).
(5) 52.222-51,
Exemption from Application of the Service Contract Labor Standards
to Contracts for Maintenance, Calibration, or Repair of Certain
Equipment-Requirements (May 2014) (41 U.S.C. chapter
67).
(6) 52.222-53,
Exemption from Application of the Service Contract Labor Standards
to Contracts for Certain Services-Requirements
(MAY
2014) (41 U.S.C. chapter
67).
__ (7) 52.222-55, Minimum Wages Under Executive
Order 13658 (DEC 2015).
__ (8) 52.222-62, Paid Sick Leave Under Executive
Order 13706 (JAN 2017) (E.O. 13706).
(9)
52.226-6, Promoting Excess Food Donation to Nonprofit Organizations
(Jun 2020) (42 U.S.C. 1792).
(d) Comptroller
General Examination of Record.
The Contractor shall comply with the provisions of this paragraph
(d) if this contract was awarded using other than sealed bid, is in
excess of the simplified acquisition threshold, as defined in FAR
2.101, on the date of award of this contract, and does not contain
the clause at 52.215-2, Audit and
Records-Negotiation.
(1) The
Comptroller General of the United States, or an authorized
representative of the Comptroller General, shall have access to and
right to examine any of the Contractor’s directly pertinent
records involving transactions related to this
contract.
(2) The
Contractor shall make available at its offices at all reasonable
times the records, materials, and other evidence for examination,
audit, or reproduction, until 3 years after final payment under
this contract or for any shorter period specified in FAR subpart
4.7, Contractor Records Retention, of the other clauses of this
contract. If this contract is completely or partially terminated,
the records relating to the work terminated shall be made available
for 3 years after any resulting final termination settlement.
Records relating to appeals under the disputes clause or to
litigation or the settlement of claims arising under or relating to
this contract shall be made available until such appeals,
litigation, or claims are finally resolved.
(3) As
used in this clause, records include books, documents, accounting
procedures and practices, and other data, regardless of type and
regardless of form. This does not require the Contractor to create
or maintain any record that the Contractor does not maintain in the
ordinary course of business or pursuant to a provision of
law.
(e)
(1)
Notwithstanding the requirements of the clauses in paragraphs (a),
(b), (c), and (d) of this clause, the Contractor is not required to
flow down any FAR clause, other than those in this
Page 28 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
paragraph
(e)(1) in a subcontract for commercial items. Unless otherwise
indicated below, the extent of the flow down shall be as required
by the clause-
(i) 52.203-13,
Contractor Code of Business Ethics and Conduct
(JUN
2020) (41 U.S.C.
3509).
(ii) 52.203-19,
Prohibition on Requiring Certain Internal Confidentiality
Agreements or Statements (Jan 2017) (section 743 of Division E,
Title VII, of the Consolidated and Further Continuing
Appropriations Act, 2015 (Pub. L. 113-235) and its successor
provisions in subsequent appropriations acts (and as extended in
continuing resolutions)).
(iii) 52.204-23,
Prohibition on Contracting for Hardware, Software, and Services
Developed or Provided by Kaspersky Lab and Other Covered Entities
(JUL
2018) (Section 1634 of Pub. L.
115-91).
(iv) 52.204-25,
Prohibition on Contracting for Certain Telecommunications and Video
Surveillance Services or Equipment. (AUG 2020) (Section 889(a)(1)(A) of Pub. L.
115-232).
(v) 52.219-8,
Utilization of Small Business Concerns (OCT
2018)
(15 U.S.C. 637(d)(2) and (3)), in all subcontracts that offer
further subcontracting opportunities. If the subcontract (except
subcontracts to small business concerns) exceeds the applicable
threshold specified in FAR 19.702(a) on the date of subcontract
award, the subcontractor must include 52.219-8 in lower tier
subcontracts that offer subcontracting opportunities.
(vi) 52.222-21,
Prohibition of Segregated Facilities (APR 2015).
(vii) 52.222-26,
Equal Opportunity (SEP 2015) (E.O.11246).
(
) 52.222-35,
Equal Opportunity for Veterans (JUN 2020) (38 U.S.C. 4212).
(viii) 52.222-36,
Equal Opportunity for Workers with Disabilities
(JUN
2020) (29 U.S.C.
793).
(ix) 52.222-37,
Employment Reports on Veterans (JUN 2020) (38 U.S.C. 4212).
(x) 52.222-40,
Notification of Employee Rights Under the National Labor Relations
Act (DEC 2010) (E.O. 13496). Flow down required in
accordance with paragraph (f) of FAR clause
52.222-40.
(xi) 52.222-41,
Service Contract Labor Standards (Aug2018) (41 U.S.C. chapter
67).
(xii)
(A) 52.222-50, Combating Trafficking in Persons
(OCT
2020) (22 U.S.C. chapter 78 and E.O
13627).
(B)
Alternate I (Mar2015) of 52.222-50 (22 U.S.C. chapter 78 and E.O.
13627). g
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
(xiv) 52.222-51,
Exemption from Application of the Service Contract Labor Standards
to Contracts for Maintenance, Calibration, or Repair of Certain
Equipment-Requirements (May2014) (41 U.S.C. chapter
67).
(xv) 52.222-53,
Exemption from Application of the Service Contract Labor Standards
to Contracts for Certain Services-Requirements
(MAY2014)
(41 U.S.C. chapter 67).
(xvi) 52.222-54,
Employment Eligibility Verification (OCT 2015) (E.O. 12989).
(i) 52.222-55,
Minimum Wages Under Executive Order 13658 (DEC 2015).
(
) 52.222-62,
Paid Sick Leave Under Executive Order 13706 (JAN 2017) (E.O. 13706).
(xvii)
(A)
52.224-3, Privacy Training (Jan 2017) (5 U.S.C. 552a).
(B) Alternate I (JAN 2017) of 52.224-3.
(xviii) 52.225-26,
Contractors Performing Private Security Functions Outside the
United States (OCT 2016) (Section 862, as amended, of the National
Defense Authorization Act for Fiscal Year 2008; 10 U.S.C. 2302
Note).
(xix) 52.226-6,
Promoting Excess Food Donation to Nonprofit Organizations
(JUN
2020) (42 U.S.C. 1792). Flow down
required in accordance with paragraph (e) of FAR clause
52.226-6.
(ii) 52.247-64,
Preference for Privately Owned U.S.-Flag Commercial Vessels
(FEB
2006) (46 U.S.C. Appx. 1241(b) and 10
U.S.C. 2631). Flow down required in accordance with paragraph (d)
of FAR clause 52.247-64.
(2)
While not required, the Contractor may include in its subcontracts
for commercial items a minimal number of additional clauses
necessary to satisfy its contractual obligations.
(End of clause)
52.216-18 Ordering (AUG 2020)
(a)Any
supplies and services to be furnished under this contract shall be
ordered by issuance of delivery orders or task orders by the
individuals or activities designated in the Schedule. Such orders
may be issued from November 25, 2020 through November 24, 2021 for
the Base Period, and a respective 12-month period for each of the
Option Periods.
Page 30 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
(b)All
delivery orders or task orders are subject to the terms and
conditions of this contract. In the event of conflict between a
delivery order or task order and this contract, the contract shall
control.
(c)A
delivery order or task order is considered "issued"
when—
(1)If
sent by mail (includes transmittal by U.S. mail or private delivery
service), the Government deposits the order in the
mail;
(2)If
sent by fax, the Government transmits the order to the Contractor's
fax number; or
(3)If
sent electronically, the Government either—
(i)Posts
a copy of the delivery order or task order to a Government document
access system, and notice is sent to the Contractor;
or
(ii)Distributes
the delivery order or task order via email to the Contractor's
email address.
(d)Orders
may be issued by methods other than those enumerated in this clause
only if authorized in the contract.
(End of clause)
52.216-19 Order Limitations (OCT 1995)
(a) Minimum
order. When the Government
requires supplies or services covered by this contract in an amount
of less than $10,000.00, the Government is not obligated to
purchase, nor is the Contractor obligated to furnish, those
supplies or services under the contract.
(b) Maximum
order. The Contractor is not
obligated to honor-
(1)
Any
order for a single item in excess of $50,000,000.00;
(2)
Any
order for a combination of items in excess of $50,000,000.00;
or
(3)
A series of orders from the same ordering office within 30 days
that together call for quantities exceeding the limitation in
paragraph (b)(1) or (2) of this section.
(c)If this is a requirements contract
(i.e., includes the Requirements clause at
subsection 52.216-21
of the Federal Acquisition Regulation
(FAR)), the Government is not required to order a part of any one
requirement from the Contractor if that requirement exceeds the
maximum-order limitations in paragraph (b) of this
section.
(d)
Notwithstanding paragraphs (b) and (c) of this section, the
Contractor shall honor any order exceeding the maximum order
limitations in paragraph (b), unless that order (or orders) is
returned to the ordering office within 30 days after issuance, with
written notice stating the
Page 31 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
Contractor’s
intent not to ship the item (or items) called for and the reasons.
Upon receiving this notice, the Government may acquire the supplies
or services from another source.
(End of clause)
52.216-22 Indefinite Quantity (Oct 1995)
(a)
This is an indefinite-quantity contract for the supplies or
services specified, and effective for the period stated, in the
Schedule. The quantities of supplies and services specified in the
Schedule are estimates only and are not purchased by this
contract.
(b) Delivery
or performance shall be made only as authorized by orders issued in
accordance with the Ordering clause. The Contractor shall furnish
to the Government, when and if ordered, the supplies or services
specified in the Schedule up to and including the quantity
designated in the Schedule as the “maximum.” The
Government shall order at least the quantity of supplies or
services designated in the Schedule as the
“minimum.”
(c) Except
for any limitations on quantities in the Order Limitations clause
or in the Schedule, there is no limit on the number of orders that
may be issued. The Government may issue orders requiring delivery
to multiple destinations or performance at multiple
locations.
(d) Any
order issued during the effective period of this contract and not
completed within that period shall be completed by the Contractor
within the time specified in the order. The contract shall govern
the Contractor’s and Government’s rights and
obligations with respect to that order to the same extent as if the
order were completed during the contract’s effective
period; provided, that the Contractor shall not be required to
make any deliveries under this contract after
4/28/2022.
(End of clause)
52.217-8 Option to Extend Services (NOV 1999)
The Government may require continued performance of any services
within the limits and at the 5rates specified in the contract.
These rates may be adjusted only as a result of revisions to
prevailing labor rates provided by the Secretary of Labor. The
option provision may be exercised more than once, but the total
extension of performance hereunder shall not exceed 6 months. The
Contracting Officer may exercise the option by written notice to
the Contractor within seven (7) days before contract
expiration.
(End of Clause)
52.217-9 Option to Extend the term of the Contract (MAR
2000)
(a)
The Government may extend the term of this contract by written
notice to the Contractor within seven (7) days before IDIQ contract
expiration; provided that the Government gives the Contractor a
preliminary written notice of its intent to extend at least
fourteen (14) days before IDIQ contract expiration. The preliminary
notice does not commit the Government to an extension.
Page 32 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
(b) If the Government exercises this option, the extended
contract shall be considered to include this option
clause.
(c) The total duration of this contract, including the
exercise of any options under this clause, shall not exceed 5
years.
52.219-14 Limitations on Subcontracting (Deviation 19-01) (Aug
2020)
(a)
This clause does not apply to the unrestricted portion of a partial
set-aside.
(b) Definition. “Similarly situated entity,” as used
in this clause, means a first-tier subcontractor, including an
independent contractor, that—
(1) Has the same small business program status as that which
qualified the prime contractor for the award (e.g., for a small
business set-aside contract, any small business concern, without
regard to its socioeconomic status); and
(2) Is considered small for the size standard under the
North American Industry Classification System (NAICS) code the
prime contractor assigned to the subcontract.
(c) Applicability.
This clause applies only to—
(1) Contracts that have been set aside for any of the small
business concerns identified in 19.000(a)(3);
(2) Part or parts of a multiple-award contract that have
been set aside for any of the small business concerns identified in
19.000(a)(3);
(3) Contracts that have been awarded on a sole-source basis
in accordance with subparts 19.8, 19.13, 19.14, and
19.15;
(4) Orders expected to exceed the simplified acquisition
threshold and that are— (i) Set aside for small business
concerns under multiple-award contracts, as described in 8.405-5
and 16.505(b)(2)(i)(F);or
(ii)
Issued directly to small business concerns under multiple-award
contracts as described in 19.504(c)(1)(ii);
(5) Orders, regardless of dollar value, that are— (i)
Set aside in accordance with subparts 19.8, 19.13, 19.14, or 19.15
under multiple-award contracts, as described in 8.405-5 and
16.505(b)(2)(i)(F); or
(ii)
Issued directly to concerns that qualify for the programs described
in subparts 19.8, 19.13, 19.14, or 19.15 under multiple-award
contracts, as described in 19.504(c)(1)(ii); and
(6) Contracts using the HUBZone price evaluation preference
to award to a HUBZone small business concern unless the concern
waived the evaluation preference.
Page 33 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
(d) Independent
contractors. An independent
contractor shall be considered a subcontractor.
(e) Limitations on
subcontracting. By submission
of an offer and execution of a contract, the Contractor agrees
that, in performance of a contract assigned a North American
Industry Classification System (NAICS) code
for—
(1) Services (except construction), it will not pay
more than 50 percent of the amount paid by the Government for
contract performance to subcontractors that are not similarly
situated entities. Any work that a similarly situated entity
further subcontracts will count towards the prime
contractor’s 50 percent subcontract amount that cannot be
exceeded. When a contract includes both services and supplies, the
50 percent limitation shall apply only to the service portion of
the contract;
(2) Supplies (other than procurement from a non-
manufacturer of such supplies), it will not pay more than 50
percent of the amount paid by the Government for contract
performance, excluding the cost of materials, to subcontractors
that are not similarly situated entities. Any work that a similarly
situated entity further subcontracts will count towards the prime
contractor’s 50 percent subcontract amount that cannot be
exceeded. When a contract includes both supplies and services, the
50 percent limitation shall apply only to the supply portion of the
contract;
(3) General construction, it will not pay more than 85
percent of the amount paid by the Government for contract
performance, excluding the cost of materials, to subcontractors
that are not similarly situated entities. Any work that a similarly
situated entity further subcontracts will count towards the prime
contractor’s 85 percent subcontract amount that cannot be
exceeded; or
(4) Construction by special trade contractors, it will
not pay more than 75 percent of the amount paid by the Government
for contract performance, excluding the cost of materials, to
subcontractors that are not similarly situated entities. Any work
that a similarly situated entity further subcontracts will count
towards the prime contractor’s 75 percent subcontract amount
that cannot be exceeded.
(f)
The Contractor shall comply with the limitations on subcontracting
as follows:
(1) For contracts, in accordance with paragraphs
(c)(1), (2), (3), and (6) of this clause –
Contracting
Officer check as appropriate.
___
By the end of the base term of the contract and then by the end of
each subsequent option period; or
___
By the end of the performance period for each order issued under
the contract.
(2) For orders, in accordance with paragraphs (c)(4)
and (5) of this clause, by the end of the performance period for
the order.
(g)
A joint venture agrees that, in the performance of the contract,
the applicable percentage specified in paragraph (e) of this clause
will be performed by the aggregate of the joint venture
participants.
Page 34 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
(End of clause)
52.222-19 Child Labor—Cooperation with Authorities and
Remedies. (DEVIATION 20-07)
(a)
Applicability. This clause does not apply to the extent that the
Contractor is supplying end products mined, produced, or
manufactured in—
(1) Israel,
and the anticipated value of the acquisition is $50,000 or
more;
(2) Mexico,
and the anticipated value of the acquisition is $83,099 or more;
or
(3) Armenia,
Aruba, Australia, Austria, Belgium, Bulgaria, Canada, Croatia,
Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany,
Greece, Hong Kong, Hungary, Iceland, Ireland, Italy, Japan, Korea,
Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Moldova,
Montenegro, Netherlands, New Zealand, Norway, Poland, Portugal,
Romania, Singapore, Slovak Republic, Slovenia, Spain, Sweden,
Switzerland, Taiwan, Ukraine, or the United Kingdom and the
anticipated value of the acquisition is $182,000 or
more.
(b)
Cooperation with Authorities. To enforce the laws prohibiting the
manufacture or importation of products mined, produced, or
manufactured by forced or indentured child labor, authorized
officials may need to conduct investigations to determine whether
forced or indentured child labor was used to mine, produce, or
manufacture any product furnished under this contract. If the
solicitation includes the provision 52.222-18, Certification
Regarding Knowledge of Child Labor for Listed End Products, or the
equivalent at 52.212-3(i), the Contractor agrees to cooperate fully
with authorized officials of the contracting agency, the Department
of the Treasury, or the Department of Justice by providing
reasonable access to records, documents, persons, or premises upon
reasonable request by the authorized officials.
(c)
Violations. The Government may impose remedies set forth in
paragraph (d) for the following violations:
(1) The
Contractor has submitted a false certification regarding knowledge
of the use of forced or indentured child labor for listed end
products.
(2) The
Contractor has failed to cooperate, if required, in accordance with
paragraph (b) of this clause, with an investigation of the use of
forced or indentured child labor by an Inspector General, Attorney
General, or the Secretary of the Treasury.
(3) The
Contractor uses forced or indentured child labor in its mining,
production, or manufacturing processes.
(4) The
Contractor has furnished under the contract end products or
components that have been mined, produced, or manufactured wholly
or in part by forced or indentured child labor. (The Government
will not pursue remedies at paragraph (d)(2) or paragraph (d)(3) of
this clause unless sufficient evidence indicates that the
Contractor knew of the violation.)
(d)
Remedies. (1) The Contracting Officer may terminate the
contract.
Page 35 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
(2) The
suspending official may suspend the Contractor in accordance with
procedures in FAR Subpart 9.4.
(3) The
debarring official may debar the Contractor for a period not to
exceed 3 years in accordance with the procedures in FAR Subpart
9.4.
(End of clause)
52.232-40 Providing Accelerated Payments to Small Business
Subcontractors (DEC 2013) (DEVIATION APR 2020)
(a)(1)
In accordance with 31 U.S.C. 3903 and 10 U.S.C. 2307, upon receipt
of accelerated payments from the Government, the Contractor shall
make accelerated payments to its small business subcontractors
under this contract in accordance with the accelerated payment date
established, to the maximum extent practicable and prior to when
such payment is otherwise required under the applicable contract or
subcontract, with a goal of 15 days after receipt of a proper
invoice and all other required documentation from the small
business subcontractor if a specific payment date is not
established by contract.
(2)The
Contractor agrees to make such payments to its small business
subcontractors without any further consideration from or fees
charged to the subcontractor.
(b)The
acceleration of payments under this clause does not provide any new
rights under the Prompt Payment Act.
(c)Include
the substance of this clause, including this paragraph (c), in all
subcontracts with small business concerns, including subcontracts
with small business concerns for the acquisition of commercial
items.
(End of clause)
52.244-2 Subcontracts (JUN 2020)
(a) Definitions. As used in this clause-
“Approved purchasing system” means a
Contractor’s purchasing system that has been reviewed and
approved in accordance with part 44
of the Federal Acquisition Regulation
(FAR).
“Consent
to subcontract” means the Contracting Officer’s written
consent for the Contractor to enter into a particular
subcontract.
Subcontract
means any contract, as defined in
FAR subpart
2.1, entered into by a subcontractor to furnish
supplies or services for performance of the prime contract or a
subcontract. It includes, but is not limited to, purchase orders,
and changes and modifications to purchase
orders.
Page 36 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
(b)
When this clause is included in a fixed-price type contract,
consent to subcontract is required only on unpriced contract
actions (including unpriced modifications or unpriced delivery
orders), and only if required in accordance with paragraph (c) or
(d) of this clause.
(c)
If the Contractor does not have an approved purchasing system,
consent to subcontract is required for any subcontract
that-
(1)
Is
of the cost-reimbursement, time-and-materials, or labor-hour type;
or
(2)
Is
fixed-price and exceeds-
(i) For
a contract awarded by the Department of Defense, the Coast Guard,
or the National Aeronautics and Space Administration, the greater
of the simplified acquisition threshold, as defined in FAR
2.101
on the date of subcontract award, or 5
percent of the total estimated cost of the contract;
or
(ii) For
a contract awarded by a civilian agency other than the Coast Guard
and the National Aeronautics and Space Administration, either the
simplified acquisition threshold, as defined in FAR
2.101
on the date of subcontract award, or 5
percent of the total estimated cost of the
contract.
(d)
If the Contractor has an approved purchasing system, the Contractor
nevertheless shall obtain the Contracting Officer’s written
consent before placing the following subcontracts:
Telecommunications technical support
In-building solutions
Mobile forensics engineering and support
Application development and support
Mobile Device Management Services and Tier 3 support
(e)
(1)
The Contractor shall notify the Contracting Officer reasonably in
advance of placing any subcontract or modification thereof for
which consent is required under paragraph (b), (c), or (d) of this
clause, including the following information:
(i) A
description of the supplies or services to be
subcontracted.
(ii)
Identification of the type of
subcontract to be used.
(xiii)
Identification of the proposed subcontractor.
(xiv)
The proposed subcontract price.
Page 37 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
(v) The
subcontractor’s current, complete, and accurate certified
cost or pricing data and Certificate of Current Cost or Pricing
Data, if required by other contract provisions.
(vi) The
subcontractor’s Disclosure Statement or Certificate relating
to Cost Accounting Standards when such data are required by other
provisions of this contract.
(xx) A
negotiation memorandum reflecting-
(A) The
principal elements of the subcontract price
negotiations;
(B) The
most significant considerations controlling establishment of
initial or revised prices;
(C) The
reason certified cost or pricing data were or were not
required;
(D) The
extent, if any, to which the Contractor did not rely on the
subcontractor’s certified cost or pricing data in determining
the price objective and in negotiating the final
price;
(E) The
extent to which it was recognized in the negotiation that the
subcontractor’s certified cost or pricing data were not
accurate, complete, or current; the action taken by the Contractor
and the subcontractor; and the effect of any such defective data on
the total price negotiated;
(F) The
reasons for any significant difference between the
Contractor’s price objective and the price negotiated;
and
(G) A
complete explanation of the incentive fee or profit plan when
incentives are used. The explanation shall identify each critical
performance element, management decisions used to quantify each
incentive element, reasons for the incentives, and a summary of all
trade-off possibilities considered.
(2)
The Contractor is not required to notify the Contracting Officer in
advance of entering into any subcontract for which consent is not
required under paragraph (b), (c), or (d) of this
clause.
(f)
Unless the consent or approval specifically provides otherwise,
neither consent by the Contracting Officer to any subcontract nor
approval of the Contractor’s purchasing system shall
constitute a determination-
(1)
Of
the acceptability of any subcontract terms or
conditions;
(2)
Of
the allowability of any cost under this contract; or
(3)
To
relieve the Contractor of any responsibility for performing this
contract.
(g) No subcontract or modification thereof placed
under this contract shall provide for payment on a
cost-plus-a-percentage-of-cost basis, and any fee payable under
cost-reimbursement type subcontracts shall not exceed the fee
limitations in FAR 15.404-4(c)(4)(i).
Page 38 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
(h) The
Contractor shall give the Contracting Officer immediate written
notice of any action or suit filed and prompt notice of any claim
made against the Contractor by any subcontractor or vendor that, in
the opinion of the Contractor, may result in litigation related in
any way to this contract, with respect to which the Contractor may
be entitled to reimbursement from the
Government.
(i) The
Government reserves the right to review the Contractor's purchasing
system as set forth in FAR subpart
44.3.
(j) Paragraphs
(c) and (e) of this clause do not apply to the following
subcontracts, which were evaluated during
negotiations
______________________________
______________________________
______________________________
(End of clause)
24.0 Homeland Security
Acquisition Regulation (HSAR)
Clauses
This
IDIQ incorporates one or more HSAR clauses by reference, with the
same force and effect as if they were given in full text. Upon
request, the CO will make their full text available. Also, the full
text of a clause may be accessed electronically at the following
web addresses:
httus://www.dhs.uov/publication/hsar
http://farsite.hill.afmil/vmhsara.htm
The
following clauses are incorporated by reference:
|
CLAUSE
|
|
DATE
|
|
MLE
|
||
|
3052.203-70
|
Instructions
for Contractor Disclosure of Violations
|
SEP 2012
|
|
3052 .205-70
|
Advertisements,
Publicizing Awards, and Release — Alternate I
|
SEP 2012
|
|
3052.222-70
|
Strikes
or Picketing Affecting Timely Completion of the Contract
Work
|
DEC 2003
|
|
3052.222-71
|
Strikes
or Picketing Affecting Access to a DHS Facility
|
DEC 2003
|
|
3052.228-70
|
Insurance
|
DEC 2003
|
|
3052.242-72
|
Contracting
Officer's Technical Representative
|
DEC 2003
|
HSAR 3052.204-71 Contractor Employee
Access (SEP
2012)
(a) Sensitive Information,
as used in this clause, means any
information, which if lost, misused, disclosed, or, without
authorization is accessed, or modified, could adversely affect the
national or homeland security interest, the conduct of Federal
programs, or the privacy to which individuals are entitled under
section 552a of title 5, United States Code (the Privacy Act), but
which has not been specifically authorized under criteria
established by an Executive Order or an Act of
Page 39 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
Congress
to be kept secret in the interest of national defense, homeland
security or foreign policy. This definition includes the following
categories of information:
(1)
Protected Critical Infrastructure Information (PCII) as set out in
the Critical Infrastructure Information Act of 2002 (Title II,
Subtitle B, of the Homeland Security Act, Public Law 107-296, 196
Stat. 2135), as amended, the implementing regulations thereto
(Title 6, Code of Federal Regulations, Part 29) as amended, the
applicable PCII Procedures Manual, as amended, and any
supplementary guidance officially communicated by an authorized
official of the Department of Homeland Security (including the PCII
Program Manager or his/her designee);
(2)
Sensitive Security Information (SSI), as defined in Title 49, Code
of Federal Regulations, Part 1520, as amended, “Policies and
Procedures of Safeguarding and Control of SSI,” as amended,
and any supplementary guidance officially communicated by an
authorized official of the Department of Homeland Security
(including the Assistant Secretary for the Transportation Security
Administration or his/her designee);
(3)
Information designated as “For Official Use Only,”
which is unclassified information of a sensitive nature and the
unauthorized disclosure of which could adversely impact a
person’s privacy or welfare, the conduct of Federal programs,
or other programs or operations essential to the national or
homeland security interest; and
(4)
Any information that is designated “sensitive” or
subject to other controls, safeguards or protections in accordance
with subsequently adopted homeland security information handling
procedures.
(b)
“Information Technology Resources” include, but are not
limited to, computer equipment, networking equipment,
telecommunications equipment, cabling, network drives, computer
drives, network software, computer software, software programs,
intranet sites, and internet sites.
(c)
Contractor employees working on this contract must complete such
forms as may be necessary for security or other reasons, including
the conduct of background investigations to determine suitability.
Completed forms shall be submitted as directed by the Contracting
Officer. Upon the Contracting Officer's request, the Contractor's
employees shall be fingerprinted, or subject to other
investigations as required. All Contractor employees requiring
recurring access to Government facilities or access to sensitive
information or IT resources are required to have a favorably
adjudicated background investigation prior to commencing work on
this contract unless this requirement is waived under Departmental
procedures.
(d)
The Contracting Officer may require the Contractor to prohibit
individuals from working on the contract if the Government deems
their initial or continued employment contrary to the public
interest for any reason, including, but not limited to,
carelessness, insubordination, incompetence, or security
concerns.
(e)
Work under this contract may involve access to sensitive
information. Therefore, the Contractor shall not disclose, orally
or in writing, any sensitive information to any person unless
authorized in writing by the Contracting Officer. For those
Contractor employees authorized access to sensitive information,
the Contractor shall ensure that these persons receive
training
Page 40 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
concerning
the protection and disclosure of sensitive information both during
and after contract performance.
(f)
The Contractor shall include the substance of this clause in all
subcontracts at any tier where the subcontractor may have access to
Government facilities, sensitive information, or
resources.
(End of clause)
Alternate I
(SEP 2012)
When
the contract will require Contractor employees to have access to
Information Technology (IT) resources, add the following
paragraphs:
(g) Before receiving access to IT resources under this contract the
individual must receive a security briefing, which the Contracting
Officer’s Technical Representative (COTR) will arrange, and
complete any nondisclosure agreement furnished by DHS.
(h) The Contractor shall have access only to those areas of DHS
information technology resources explicitly stated in this contract
or approved by the COTR in writing as necessary for performance of
the work under this contract. Any attempts by Contractor personnel
to gain access to any information technology resources not
expressly authorized by the IDIQ, other terms and conditions in
this contract, or as approved in writing by the COTR, is strictly
prohibited. In the event of violation of this provision, DHS will
take appropriate actions with regard to the contract and the
individual(s) involved.
(i) Contractor access to DHS networks from a remote location is a
temporary privilege for mutual convenience while the Contractor
performs business for the DHS Component. It is not a right, a
guarantee of access, a condition of the contract, or Government
Furnished Equipment (GFE).
(j) Contractor access will be terminated for unauthorized use. The
Contractor agrees to hold and save DHS harmless from any
unauthorized use and agrees not to request additional time or money
under the contract for any delays resulting from unauthorized use
or access.
(k)
Non-U.S. citizens shall not be authorized to access or assist in
the development, operation, management or maintenance of Department
IT systems under the contract, unless a waiver has been granted by
the Head of the Component or designee, with the concurrence of both
the Department’s Chief Security Officer (CSO) and the Chief
Information Officer (CIO) or their designees. Within DHS
Headquarters, the waiver may be granted only with the approval of
both the CSO and the CIO or their designees. In order for a waiver
to be granted:
(1)
There must be a compelling reason for using this individual as
opposed to a U. S. citizen; and
(2)
The waiver must be in the best interest of the
Government.
(l) Contractors shall identify in their proposals the names and
citizenship of all non-U.S. citizens proposed to work under the
contract. Any additions or deletions of non-U.S. citizens after
contract award shall also be reported to the contracting
officer.
Page 41 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
(End of clause)
3052.209-73 Limitation of future contracting (JUN
2006)
(a) The
Contracting Officer has determined that this acquisition may give
rise to a potential organizational conflict of interest.
Accordingly, the attention of the contractor is invited to FAR
Subpart 9.5--Organizational Conflicts of
Interest.
(b) The
nature of this conflict is [Applicable at the task order level, as
appropriate].
(c) The
restrictions upon future contracting are as
follows:
(1) If
the Contractor, under the terms of this contract, or through the
performance of tasks pursuant to this contract, is required to
develop specifications or statements of work that are to be
incorporated into a solicitation, the Contractor shall be
ineligible to perform the work described in that solicitation as a
prime or first-tier subcontractor under an ensuing DHS contract.
This restriction shall remain in effect for a reasonable time, as
agreed to by the Contracting Officer and the Contractor, sufficient
to avoid unfair competitive advantage or potential bias (this time
shall in no case be less than the duration of the initial
production contract). DHS shall not unilaterally require the
Contractor to prepare such specifications or statements of work
under this contract.
(2) To
the extent that the work under this contract requires access to
proprietary, business confidential, or financial data of other
companies, and as long as these data remain proprietary or
confidential, the Contractor shall protect these data from
unauthorized use and disclosure and agrees not to use them to
compete with those other companies.
The Contracting Officer’s determination
described above will be made at the task order level.
HSAR 3052.215-70
Key Personnel or Facilities (DEC 2003)
(a)
The
personnel or facilities specified below are considered essential to
the work being performed under this contract and may, with the
consent of the contracting parties, be changed from time to time
during the course of the contract by adding or deleting personnel
or facilities, as appropriate.
(b)
Before
removing or replacing any of the specified individuals or
facilities, the Contractor shall notify the Contracting Officer, in
writing, before the change becomes effective. The Contractor shall
submit sufficient information to support the proposed action and to
enable the Contracting Officer to evaluate the potential impact of
the change on this contract. The Contractor shall not remove or
replace personnel or facilities until the Contracting Officer
approves the change.
The Key Personnel or Facilities under this IDIQ
contract:
Program
Manager - See Section 9.4.2 of the Statement of
Requirements.
Page 42 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
All
other Key Personnel will be identified at the Order level, if
applicable.
(End
of clause)
HSAR 3052.225-70 Requirement for Use of Certain Domestic
Commodities (AUG 2009)
(a)
Definitions. As used in this clause--
(1)
Commercial," as applied to an item described in subsection (b) of
this clause, means an item of supply, whether an end product or
Component, that meets the definition of “commercial
item” set forth in (FAR) 48 CFR 2.101.
(2)
Component" means any item supplied to the Government as part of an
end product or of another Component.
(3)
End product" means supplies delivered under a line item of this
contract.
(4)
Non-commercial," as applied to an item described in subsections (b)
or (c) of this clause, means an item of supply, whether an end
product or Component, that does not meet the definition of
“commercial item” set forth in (FAR) 48 CFR
2.101.
(5)
Qualifying country" means a country with a memorandum of
understanding or international agreement with the United States
under which DHS procurement is covered.
(6)
United States" includes the possessions of the United
States.
(b)
The Contractor shall deliver under this contract only such of the
following commercial or noncommercial items, either as end products
or Components, that have been grown, reprocessed, reused, or
produced in the United States:
(1)
Clothing and the materials and Components thereof, other than
sensors, electronics, or other items added to, and not normally
associated with, clothing and the materials and Components thereof;
or
(2)
Tents, tarpaulins, covers, textile belts, bags, protective
equipment (such as body armor), sleep systems, load carrying
equipment (such as field packs), textile marine equipment,
parachutes or bandages.
(c)
The Contractor shall deliver under this contract only such of the
following non-commercial items, either as end products or
Components, that have been grown, reprocessed, reused, or produced
in the United States:
(1)
Cotton and other natural fiber products.
(2)
Woven silk or woven silk blends.
(3)
Spun silk yarn for cartridge cloth.
Page
43 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
(4)
Synthetic fabric or coated synthetic fabric (including all textile
fibers and yarns that are for use in such fabrics).
(5)
Canvas products.
(6)
Wool (whether in the form of fiber or yarn or contained in fabrics,
materials, or manufactured articles).
(7)
Any item of individual equipment manufactured from or containing
any of the fibers, yarns, fabrics, or materials listed in this
paragraph (c).
(d)
This clause does not apply--
(1)
To items listed in (FAR) 48 CFR 25.104, or other items for which
the Government has determined that a satisfactory quality and
sufficient quantity cannot be acquired as and when needed at United
States market prices;
(2)
To incidental amounts of cotton, other natural fibers, or wool
incorporated in an end product, for which the estimated value of
the cotton, other natural fibers, or wool is not more than 10
percent of the total price of the end product; or
(3)
To items that are eligible products per (FAR) 48 CFR Subpart
25.4.
(End of clause.)
25.0 DHS Special Clause Class Deviation 15-01
25.1 INFORMATION TECHNOLOGY
SECURITY AND PRIVACY TRAINING (MAR 2015)
(a)
Applicability. This clause applies to the Contractor, its
subcontractors, and Contractor employees (hereafter referred to
collectively as “Contractor”). The Contractor shall
insert the substance of this clause in all
subcontracts.
(b)
Security Training Requirements.
(1) All users of Federal information systems are
required by Title 5, Code of Federal Regulations, Part 930.301,
Subpart C, as amended, to be exposed to security awareness
materials annually or whenever system security changes occur, or
when the user’s responsibilities change. The Department of
Homeland Security (DHS) requires that Contractor employees take an
annual Information Technology Security Awareness Training course
before accessing sensitive information under the contract. Unless
otherwise specified, the training shall be completed within thirty
(30) days of contract award and be completed on an annual basis
thereafter not later than October 31st of each year. Any new
Contractor employees assigned to the contract shall complete the
training before accessing sensitive information under the contract.
The training is accessible at http://www.dhs.gov/dhs-security-and-training-requirements-contractors.
The Contractor shall maintain copies of training certificates for
all Contractor and subcontractor employees as a
record
Page 44 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
of compliance. Unless otherwise specified, initial training
certificates for each Contractor and subcontractor employee shall
be provided to the Contracting Officer’s Representative (COR)
not later than thirty (30) days after contract award. Subsequent
training certificates to satisfy the annual training requirement
shall be submitted to the COR via e-mail notification not later
than October 31st of each year. The e-mail notification shall state
the required training has been completed for all Contractor and
subcontractor employees.
(2) The DHS Rules of Behavior apply to every DHS employee,
Contractor and subcontractor that will have access to DHS systems
and sensitive information. The DHS Rules of Behavior shall be
signed before accessing DHS systems and sensitive information. The
DHS Rules of Behavior is a document that informs users of their
responsibilities when accessing DHS systems and holds users
accountable for actions taken while accessing DHS systems and using
DHS Information Technology resources capable of inputting, storing,
processing, outputting, and/or transmitting sensitive information.
The DHS Rules of Behavior is accessible at http://www.dhs.gov/dhs-security-and-training-requirements-contractors.
Unless otherwise specified, the DHS Rules of Behavior shall be
signed within thirty (30) days of contract award. Any new
Contractor employees assigned to the contract shall also sign the
DHS Rules of Behavior before accessing DHS systems and sensitive
information. The Contractor shall maintain signed copies of the DHS
Rules of Behavior for all Contractor and subcontractor employees as
a record of compliance. Unless otherwise specified, the Contractor
shall e-mail copies of the signed DHS Rules of Behavior to the COR
not later than thirty (30) days after contract award for each
employee. The DHS Rules of Behavior will be reviewed annually, and
the COR will provide notification when a review is
required.
(c) Privacy Training Requirements. All Contractor and subcontractor
employees that will have access to Personally Identifiable
Information (PII) and/or Sensitive PII (SPII) are required to take
Privacy at DHS: Protecting Personal Information before accessing
PII and/or SPII. The training is accessible at http://www.dhs.gov/dhs-security-and-training-requirements-contractors.
Training shall be completed within thirty (30) days of contract
award and be completed on an annual basis thereafter not later than
October 31st of each year. Any new Contractor employees assigned to
the contract shall also complete the training before accessing PII
and/or SPII. The Contractor shall maintain copies of training
certificates for all Contractor and subcontractor employees as a
record of compliance. Initial training certificates for each
Contractor and subcontractor employee shall be provided to the COR
not later than thirty (30) days after contract award. Subsequent
training certificates to satisfy the annual training requirement
shall be submitted to the COR via email notification not later than
October 31st of each year. The e-mail notification shall state the
required training has been completed for all Contractor and
subcontractor employees.
(End of clause)
25.2 SAFEGUARDING OF SENSITIVE INFORMATION (MAR 2015)
(a)
Applicability. This clause applies to the Contractor, its
subcontractors, and Contractor employees (hereafter referred to
collectively as “Contractor”). The Contractor shall
insert the substance of this clause in all
subcontracts.
Page 45 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0 (b) Definitions. As used in
this clause—
“Personally
Identifiable Information (PII)” means information that can be
used to distinguish or trace an individual's identity, such as
name, social security number, or biometric records, either alone,
or when combined with other personal or identifying information
that is linked or linkable to a specific individual, such as date
and place of birth, or mother’s maiden name. The definition
of PII is not anchored to any single category of information or
technology. Rather, it requires a case-by-case assessment of the
specific risk that an individual can be identified. In performing
this assessment, it is important for an agency to recognize that
non-personally identifiable information can become personally
identifiable information whenever additional information is made
publicly available—in any medium and from any
source—that, combined with other available information, could
be used to identify an individual.
PII
is a subset of sensitive information. Examples of PII include, but
are not limited to: name, date of birth, mailing address, telephone
number, Social Security number (SSN), email address, zip code,
account numbers, certificate/license numbers, vehicle identifiers
including license plates, uniform resource locators (URLs), static
Internet protocol addresses, biometric identifiers such as
fingerprint, voiceprint, iris scan, photographic facial images, or
any other unique identifying number or characteristic, and any
information where it is reasonably foreseeable that the information
will be linked with other information to identify the
individual.
“Sensitive
Information” is defined in HSAR clause 3052.204-71,
Contractor Employee Access, as any information, which if lost,
misused, disclosed, or, without authorization is accessed, or
modified, could adversely affect the national or homeland security
interest, the conduct of Federal programs, or the privacy to which
individuals are entitled under section 552a of Title 5, United
States Code (the Privacy Act), but which has not been specifically
authorized under criteria established by an Executive Order or an
Act of Congress to be kept secret in the interest of national
defense, homeland security or foreign policy. This definition
includes the following categories of information:
(1)
Protected Critical Infrastructure Information (PCII) as set out in
the Critical Infrastructure Information Act of 2002 (Title II,
Subtitle B, of the Homeland Security Act, Public Law 107-296, 196
Stat. 2135), as amended, the implementing regulations thereto
(Title 6, Code of Federal Regulations, Part 29) as amended, the
applicable PCII Procedures Manual, as amended, and any
supplementary guidance officially communicated by an authorized
official of the Department of Homeland Security (including the PCII
Program Manager or his/her designee);
(2)
Sensitive Security Information (SSI), as defined in Title 49, Code
of Federal Regulations, Part 1520, as amended, “Policies and
Procedures of Safeguarding and Control of SSI,” as amended,
and any supplementary guidance officially communicated by an
authorized official of the Department of Homeland Security
(including the Assistant Secretary for the Transportation Security
Administration or his/her designee);
(3)
Information designated as “For Official Use Only,”
which is unclassified information of a sensitive nature and the
unauthorized disclosure of which could adversely impact a
person’s privacy or welfare, the conduct of Federal programs,
or other programs or operations essential to
Page 46 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0 the national or homeland
security interest; and
(4)
Any information that is designated “sensitive” or
subject to other controls, safeguards or protections in accordance
with subsequently adopted homeland security information handling
procedures.
“Sensitive
Information Incident” is an incident that includes the known,
potential, or suspected exposure, loss of control, compromise,
unauthorized disclosure, unauthorized acquisition, or unauthorized
access or attempted access of any Government system, Contractor
system, or sensitive information.
“Sensitive
Personally Identifiable Information (SPII)” is a subset of
PII, which if lost, compromised or disclosed without authorization,
could result in substantial harm, embarrassment, inconvenience, or
unfairness to an individual. Some forms of PII are sensitive as
stand-alone elements. Examples of such PII include: Social Security
numbers (SSN), driver’s license or state identification
number, Alien Registration Numbers (A-number), financial account
number, and biometric identifiers such as fingerprint, voiceprint,
or iris scan. Additional examples include any groupings of
information that contain an individual’s name or other unique
identifier plus one or more of the following elements:
(1) Truncated SSN (such as last 4 digits)
(3) Date of birth (month, day, and year)
(4) Citizenship or immigration status
(5) Ethnic or religious affiliation
(2) Sexual orientation
(3) Criminal History
(4) Medical Information
(5) System authentication information such as mother’s
maiden name, account passwords or personal identification numbers
(PIN)
Other
PII may be “sensitive” depending on its context, such
as a list of employees and their performance ratings or an unlisted
home address or phone number. In contrast, a business card or
public telephone directory of agency employees contains PII but is
not sensitive.
(c) Authorities. The Contractor shall follow all
current versions of Government policies and guidance accessible
at http://www.dhs.gov/dhs-security-and-training-requirements-contractors,
or available upon request from the
Contracting Officer, including but not limited
to:
(1) DHS Management Directive 11042.1 Safeguarding Sensitive
But Unclassified (for Official Use Only) Information
(2) DHS Sensitive Systems Policy Directive
4300A
(3) DHS 4300A Sensitive Systems Handbook and
Attachments
(4) DHS Security Authorization Process Guide
(5) DHS Handbook for Safeguarding Sensitive Personally
Identifiable Information
(6) DHS Instruction Handbook 121-01-007 Department of
Homeland Security Personnel Suitability and Security
Program
Page 47 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
(7) DHS Information Security Performance Plan (current
fiscal year)
(8) DHS Privacy Incident Handling Guidance
(9) Federal
Information Processing Standard (FIPS) 140-2 Security Requirements
for Cryptographic Modules accessible at http://csrc.nist.gov/groups/STM/cmvp/standards.html
(3) National
Institute of Standards and Technology (NIST) Special Publication
800-53 Security and Privacy Controls for Federal Information
Systems and Organizations accessible at http://csrc.nist.gov/publications/PubsSPs.html
(4) NIST
Special Publication 800-88 Guidelines for Media Sanitization
accessible at http://csrc.nist.gov/publications/PubsSPs.html
(d)
Handling of Sensitive Information. Contractor compliance with this
clause, as well as the policies and procedures described below, is
required.
(1)
Department
of Homeland Security (DHS) policies and procedures on Contractor
personnel security requirements are set forth in various Management
Directives (MDs), Directives, and Instructions. MD 11042.1,
Safeguarding Sensitive But Unclassified (For Official Use Only)
Information describes how Contractors must handle sensitive but
unclassified information. DHS uses the term “FOR OFFICIAL USE
ONLY” to identify sensitive but unclassified information that
is not otherwise categorized by statute or regulation. Examples of
sensitive information that are categorized by statute or regulation
are PCII, SSI, etc. The DHS Sensitive Systems Policy Directive
4300A and the DHS 4300A Sensitive Systems Handbook provide the
policies and procedures on security for Information Technology (IT)
resources. The DHS Handbook for Safeguarding Sensitive Personally
Identifiable Information provides guidelines to help safeguard SPII
in both paper and electronic form. DHS Instruction Handbook
121-01-007 Department of Homeland Security Personnel Suitability
and Security Program establishes procedures, program
responsibilities, minimum standards, and reporting protocols for
the DHS Personnel Suitability and Security Program.
(2)
The
Contractor shall not use or redistribute any sensitive information
processed, stored, and/or transmitted by the Contractor except as
specified in the contract.
(3)
All
Contractor employees with access to sensitive information shall
execute DHS Form 110006, Department of Homeland Security
Non-Disclosure Agreement (NDA), as a condition of access to such
information. The Contractor shall maintain signed copies of the NDA
for all employees as a record of compliance. The Contractor shall
provide copies of the signed NDA to the Contracting Officer’s
Representative (COR) no later than two (2) days after execution of
the form.
(4)
The
Contractor’s invoicing, billing, and other recordkeeping
systems maintained to support financial or other administrative
functions shall not maintain SPII. It is acceptable to maintain in
these systems the names, titles and contact information for the COR
or other Government personnel associated with the administration of
the contract, as needed.
(e)
Authority to Operate. The Contractor shall not input, store,
process, output, and/or transmit sensitive information within a
Contractor IT system without an Authority to Operate (ATO) signed
by the Headquarters or Component CIO, or designee, in consultation
with the Headquarters or Component Privacy Officer. Unless
otherwise specified in the ATO letter, the ATO is valid
for
Page 48 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
three
(3) years. The Contractor shall adhere to current Government
policies, procedures, and guidance for the Security Authorization
(SA) process as defined below.
(1)
Complete the Security Authorization process. The SA process shall
proceed according to the DHS Sensitive Systems Policy Directive
4300A (Version 11.0, April 30, 2014), or any successor publication,
DHS 4300A Sensitive Systems Handbook (Version 9.1, July 24, 2012),
or any successor publication, and the Security Authorization
Process Guide including templates.
(i)
Security Authorization Process Documentation. SA documentation
shall be developed using the Government provided Requirements
Traceability Matrix and Government security documentation
templates. SA documentation consists of the following: Security
Plan, Contingency Plan, Contingency Plan Test Results,
Configuration Management Plan, Security Assessment Plan, Security
Assessment Report, and Authorization to Operate Letter. Additional
documents that may be required include a Plan(s) of Action and
Milestones and Interconnection Security Agreement(s). During the
development of SA documentation, the Contractor shall submit a
signed SA package, validated by an independent third party, to the
COR for acceptance by the Headquarters or Component CIO, or
designee, at least thirty (30) days prior to the date of operation
of the IT system. The Government is the final authority on the
compliance of the SA package and may limit the number of
resubmissions of a modified SA package. Once the ATO has been
accepted by the Headquarters or Component CIO, or designee, the
Contracting Officer shall incorporate the ATO into the contract as
a compliance document. The Government’s acceptance of the ATO
does not alleviate the Contractor’s responsibility to ensure
the IT system controls are implemented and operating
effectively.
(ii)
Independent Assessment. Contractors shall have an independent third
party validate the security and privacy controls in place for the
system(s). The independent third party shall review and analyze the
SA package, and report on technical, operational, and management
level deficiencies as outlined in NIST Special Publication 800-53
Security and Privacy Controls for Federal Information Systems and
Organizations. The Contractor shall address all deficiencies before
submitting the SA package to the Government for
acceptance.
(iii)
Support the completion of the Privacy
Threshold Analysis (PTA) as needed. As part of the SA process, the
Contractor may be required to support the Government in the
completion of the PTA. The requirement to complete a PTA is
triggered by the creation, use, modification, upgrade, or
disposition of a Contractor IT system that will store, maintain and
use PII, and must be renewed at least every three (3) years. Upon
review of the PTA, the DHS Privacy Office determines whether a
Privacy Impact Assessment (PIA) and/or Privacy Act System of
Records Notice (SORN), or modifications thereto, are required. The
Contractor shall provide all support necessary to assist the
Department in completing the PIA in a timely manner and shall
ensure that project management plans and schedules include time for
the completion of the PTA, PIA, and SORN (to the extent required)
as milestones. Support in this context includes responding timely
to requests for information from the Government about the use,
access, storage, and maintenance of PII on the Contractor’s
system, and providing timely review of relevant compliance
documents for factual accuracy. Information on the DHS privacy
compliance process, including PTAs, PIAs, and SORNs, is accessible
at http://www.dhs.gov/privacy-compliance.
(2)
Renewal of ATO. Unless otherwise specified in the ATO letter, the
ATO shall be renewed every three (3) years. The Contractor is
required to update its SA package as part of the ATO
Page 49 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
renewal
process. The Contractor shall update its SA package by one of the
following methods: (1) Updating the SA documentation in the DHS
automated information assurance tool for acceptance by the
Headquarters or Component CIO, or designee, at least 90 days before
the ATO expiration date for review and verification of security
controls; or (2) Submitting an updated SA package directly to the
COR for approval by the Headquarters or Component CIO, or designee,
at least 90 days before the ATO expiration date for review and
verification of security controls. The 90-day review process is
independent of the system production date and therefore it is
important that the Contractor build the review into project
schedules. The reviews may include onsite visits that involve
physical or logical inspection of the Contractor environment to
ensure controls are in place.
(3)
Security Review. The Government may elect to conduct random
periodic reviews to ensure that the security requirements contained
in this contract are being implemented and enforced. The Contractor
shall afford DHS, the Office of the Inspector General, and other
Government organizations access to the Contractor’s
facilities, installations, operations, documentation, databases and
personnel used in the performance of this contract. The Contractor
shall, through the Contracting Officer and COR, contact the
Headquarters or Component CIO, or designee, to coordinate and
participate in review and inspection activity by Government
organizations external to the DHS. Access shall be provided, to the
extent necessary as determined by the Government, for the
Government to carry out a program of inspection, investigation, and
audit to safeguard against threats and hazards to the integrity,
availability and confidentiality of Government data or the function
of computer systems used in performance of this contract and to
preserve evidence of computer crime.
(4)
Continuous Monitoring. All Contractor-operated systems that input,
store, process, output, and/or transmit sensitive information shall
meet or exceed the continuous monitoring requirements identified in
the Fiscal Year 2014 DHS Information Security Performance Plan, or
successor publication. The plan is updated on an annual basis. The
Contractor shall also store monthly continuous monitoring data at
its location for a period not less than one year from the date the
data is created. The data shall be encrypted in accordance with
FIPS 140-2 Security Requirements for Cryptographic Modules and
shall not be stored on systems that are shared with other
commercial or Government entities. The Government may elect to
perform continuous monitoring and IT security scanning of
Contractor systems from Government tools and
infrastructure.
(5)
Revocation of ATO. In the event of a sensitive information
incident, the Government may suspend or revoke an existing ATO
(either in part or in whole). If an ATO is suspended or revoked in
accordance with this provision, the Contracting Officer may direct
the Contractor to take additional security measures to secure
sensitive information. These measures may include restricting
access to sensitive information on the Contractor IT system under
this contract. Restricting access may include disconnecting the
system processing, storing, or transmitting the sensitive
information from the Internet or other networks or applying
additional security controls.
(6)
Federal Reporting Requirements. Contractors operating information
systems on behalf of the Government or operating systems containing
sensitive information shall comply with Federal reporting
requirements. Annual and quarterly data collection will be
coordinated by the
Page 50 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
Government.
Contractors shall provide the COR with requested information within
three (3) business days of receipt of the request. Reporting
requirements are determined by the Government and are defined in
the Fiscal Year 2014 DHS Information Security Performance Plan, or
successor publication. The Contractor shall provide the Government
with all information to fully satisfy Federal reporting
requirements for Contractor systems.
(f)
Sensitive Information Incident Reporting Requirements.
(1)
All known or suspected sensitive information incidents shall be
reported to the Headquarters or Component Security Operations
Center (SOC) within one hour of discovery in accordance with 4300A
Sensitive Systems Handbook Incident Response and Reporting
requirements. When notifying the Headquarters or Component SOC, the
Contractor shall also notify the Contracting Officer, COR,
Headquarters or Component Privacy Officer, and US-CERT using the
contact information identified in the contract. If the incident is
reported by phone or the Contracting Officer’s email address
is not immediately available, the Contractor shall contact the
Contracting Officer immediately after reporting the incident to the
Headquarters or Component SOC. The Contractor shall not include any
sensitive information in the subject or body of any e-mail. To
transmit sensitive information, the Contractor shall use FIPS 140-2
Security Requirements for Cryptographic Modules compliant
encryption methods to protect sensitive information in attachments
to email. Passwords shall not be communicated in the same email as
the attachment. A sensitive information incident shall not, by
itself, be interpreted as evidence that the Contractor has failed
to provide adequate information security safeguards for sensitive
information or has otherwise failed to meet the requirements of the
contract.
(2)
If a sensitive information incident involves PII or SPII, in
addition to the reporting requirements in 4300A Sensitive Systems
Handbook Incident Response and Reporting, Contractors shall also
provide as many of the following data elements that are available
at the time the incident is reported, with any remaining data
elements provided within 24 hours of submission of the initial
incident report:
(i)
Data Universal Numbering System (DUNS);
(
)
Contract numbers affected unless all contracts by the company are
affected;
(i)
Facility CAGE code if the location of the event is different than
the prime contractor location;
(ii)
Point of contact (POC) if different than the POC recorded in the
System for Award Management (address, position, telephone,
email);
(iii)
Contracting Officer POC (address, telephone, email);
(iv)
Contract clearance level;
(v)
Name of subcontractor and CAGE code if this was an incident on a
subcontractor network;
(vi)
Government programs, platforms or systems involved;
(vii)
Location(s) of incident;
(viii)
Date and time the incident was discovered;
(ix)
Server names where sensitive information resided at the time of the
incident, both at the Contractor and subcontractor
level;
(x)
Description of the Government PII and/or SPII contained within the
system;
Page 51 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
(xiii) Number of people
potentially affected and the estimate or actual number of records
exposed and/or contained within the system; and
(xiv) Any additional
information relevant to the incident.
(g)
Sensitive Information Incident Response Requirements.
(1)
All determinations related to sensitive information incidents,
including response activities, notifications to affected
individuals and/or Federal agencies, and related services (e.g.,
credit monitoring) will be made in writing by the Contracting
Officer in consultation with the Headquarters or Component CIO and
Headquarters or Component Privacy Officer.
(2)
The Contractor shall provide full access and cooperation for all
activities determined by the Government to be required to ensure an
effective incident response, including providing all requested
images, log files, and event information to facilitate rapid
resolution of sensitive information incidents.
(3)
Incident response activities determined to be required by the
Government may include, but are not limited to, the
following:
(i)
Inspections,
(ii)
Investigations,
(iii) Forensic
reviews, and
(iv) Data analyses
and processing.
(4)
The Government, at its sole discretion, may obtain the assistance
from other Federal agencies and/or third-party firms to aid in
incident response activities.
(h)
Additional PII and/or SPII Notification Requirements.
(1)
The Contractor shall have in place procedures and the capability to
notify any individual whose PII resided in the Contractor IT system
at the time of the sensitive information incident not later than 5
business days after being directed to notify individuals, unless
otherwise approved by the Contracting Officer. The method and
content of any notification by the Contractor shall be coordinated
with, and subject to prior written approval by the Contracting
Officer, in consultation with the Headquarters or Component Privacy
Officer, utilizing the DHS Privacy Incident Handling Guidance. The
Contractor shall not proceed with notification unless the
Contracting Officer, in consultation with the Headquarters or
Component Privacy Officer, has determined in writing that
notification is appropriate.
(2)
Subject to Government analysis of the incident and the terms of its
instructions to the Contractor regarding any resulting
notification, the notification method may consist of letters to
affected individuals sent by first class mail, electronic means, or
general public notice, as approved by the Government. Notification
may require the Contractor’s use of address verification
and/or address location services. At a minimum, the notification
shall include:
(i)
A brief description of the incident;
(ii)
A description of the types of PII and SPII involved;
Page 52 of 53
70RTAC21D00000001
DHS-Wide
Cellular Wireless Managed Services 2.0
(iii) A statement as
to whether the PII or SPII was encrypted or protected by other
means;
(iv) Steps
individuals may take to protect themselves;
(v)
What the Contractor and/or the Government are doing to investigate
the incident, to mitigate the incident, and to protect against any
future incidents; and
(vi)
Information identifying who individuals may contact for additional
information.
(i)
Credit Monitoring Requirements. In the event that a sensitive
information incident involves PII or SPII, the Contractor may be
required to, as directed by the Contracting Officer:
(1)
Provide notification to affected individuals as described above;
and/or
(2)
Provide credit monitoring services to individuals whose data was
under the control of the Contractor or resided in the Contractor IT
system at the time of the sensitive information incident for a
period beginning the date of the incident and extending not less
than 18 months from the date the individual is notified. Credit
monitoring services shall be provided from a company with which the
Contractor has no affiliation. At a minimum, credit monitoring
services shall include:
(i)
Triple credit bureau monitoring;
(ii)
Daily customer service;
(iii) Alerts
provided to the individual for changes and fraud; and
(iv)
Assistance to the individual with enrollment in the services and
the use of fraud alerts; and/or
(3)
Establish a dedicated call center. Call center services shall
include:
(i)
A dedicated telephone number to contact customer service within a
fixed period;
(ii)
Information necessary for registrants/enrollees to access credit
reports and credit scores;
(iii) Weekly
reports on call center volume, issue escalation (i.e., those calls
that cannot be handled by call center staff and must be resolved by
call center management or DHS, as appropriate), and other key
metrics;
(iv)
Escalation of calls that cannot be handled by call center staff to
call center management or DHS, as appropriate;
(v)
Customized FAQs, approved in writing by the Contracting Officer in
coordination with the Headquarters or Component Chief Privacy
Officer; and
(vi)
Information for registrants to contact customer service
representatives and fraud resolution representatives for credit
monitoring assistance.
(j)
Certification of Sanitization of Government and
Government-Activity-Related Files and Information. As part of
contract closeout, the Contractor shall submit the certification to
the COR and the Contracting Officer following the template provided
in NIST Special Publication 800-88 Guidelines for Media
Sanitization.
(End of clause)
Page 53 of 53
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
DEPARTMENT OF HOMELAND SECURITY (DHS)
STATEMENT OF WORK (SOW)
FOR
Cellular Wireless Managed Services (CWMS)
November 25, 2020
Page 1 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
1.0
GENERAL 8
1.1 Background 8
1.2 Scope 8
1.3 Objective 9
2.0 REQUIREMENTS 9
2.1 Core Services 10
2.1.1 Cellular Wireless Management
Portal 10
2.1.2 Workflow 11
2.1.3 Portal Data Field
Requirements 12
2.1.4 Device Management via the
Portal 13
2.1.5 Continuity of
Operations 13
2.1.6 Training 13
2.2 Program Management
(Core) 13
2.2.1 Program Management Support Services (IDIQ
Contract Level) 14
2.2.2 Program Management
Plan 14
2.2.3 Performance Management Program
(Core) 15
2.2.4 Performance Management and Accountability
Plan (PMAP) 15
2.3 Agreements 17
2.4 Startup/Transition-In and Transition-Out
Services (Core) 17
2.4.1 Transition-In
Services 17
2.4.1.1 Provide IDIQ Contract and Order level
TMPs 18
2.4.1.2 Provide Services by the Service Acceptance
Date 18
2.4.1.3 Data Transfer Capabilities
18
2.4.1.4 Transition Billing and
Services 18
2.4.1.5 Minimize Carrier Initiated
Impacts 18
2.4.1.6 Maintain Cellular Wireless Service
Provider Relationships 18
2.4.1.7 Coordinate and Gather all Relevant
Infrastructure Service and Asset Data 19
2.4.1.8 Obtain Operational and Security
Authorizations 19
2.4.1.9 Implement and Manage the Web
Portal 19
2.4.1.10 Ensure No Service
Interruptions 19
2.4.2 Transition-Out
Services 19
2.4.2.1 Develop a Transition-Out
Plan 19
2.4.2.2 Implement a Transition-Out
Plan 19
2.4.2.3 Deliver all Transition-Related Agency
Wireless Account Data 20
2.4.2.4 Complete Other Transition-Related
Component Order-Specific Requirements 20
2.4.2.5 Continue to Support DHS through Final
Contract Resolution 20
2.4.3 Transition Management
Plan 20
2.4.3.1 Describe Transition-Related Knowledge
Transfer Objectives 20
2.4.3.2 Identify Transition-Related
Risks 20
2.4.3.3 Quantify Transition-Related
Risks 20
2.4.3.4 Develop a Recommended Transition
Schedule 21
2.4.3.5 Develop and Manage the Integrated Master
Schedule (IMS) 21
2.5 Service Support Program
(Core) 21
2.5.1 Service
Desk 21
2.5.1.1 Invoice, Billing and Service
Reports 21
2.5.2 Remote Help Desk Support – Tier 1
(Core) 22
Page 2 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
2.5.3 Ticketing System
Interface 22
2.5.4 Servicing, Refurbishing, or Recycling
Devices 22
2.5.5 Supplemental Warranty Service
Program 22
2.5.5.1 VIP Program 23
2.5.5.2 Issue Resolution 23
2.6 Telecommunications Management Services (TMS)
(Core) 23
2.6.1 Ordering & Procurement
Services: 23
2.6.1.1. Ordering Process Workflow
management 23
2.6.1.2 Portal Ordering
Capability 23
2.6.2 Contract Services 23
2.6.2.1 Prime/Sub Arrangement Administration
Services: 24
2.6.2.1.1 Key Events
Monitoring 24
2.6.2.1.2 Monitor Measurable
Indicators 24
2.6.2.1.3 Resolve Wireless Service Provider
Contract Issues 24
2.6.2.1.4 Monitor Wireless Telecommunications
Technology for Contract Impacts 24
2.6.2.2 Dispute Recovery
Services 24
2.6.2.2.1 Research
Disputes 25
2.6.2.2.2 Discover and Manage Credits Due to the
Government 25
2.6.2.2.3 Prepare and Submit Necessary
Information 25
2.6.2.2.4 Resolve all
Disputes 25
2.6.2.2.5 Prepare and Provide Monthly Dispute
Claim Status Reports 25
2.6.2.2.6 Manage and Apply Recovered
Funds 25
2.6.2.3 Rate Plan Optimization
Services 25
2.6.2.3.1 Rationalize and Optimize Services and
Costs 25
2.6.2.3.2 Provide Optimization
Recommendations 26
2.6.2.4 Contract Optimization
Services: 26
2.6.2.4.1 Benchmarks and Best
Practices 26
2.6.2.4.2 Rationalization 26
2.6.2.4.3 Optimization
Recommendations 26
2.6.2.4.4 Savings 26
2.6.2.4.5 Discounts 27
2.6.3 Asset and Inventory Management
Services 27
2.6.3.1 Inventory Management
Services: 27
2.6.3.1.1 Monthly Asset Management
Report 27
2.6.3.1.2 Monthly Inventory
Report 27
2.6.3.2 Device Disposition, Replacement, Recycling
and Disposal Services: 28
2.6.3.3 Technology
Refresh 28
2.6.4 Financial Management
Services 29
2.6.4.1 Invoice Management and Audit
Services: 29
2.6.4.1.1 Manage and Report Order
Allocations 30
2.6.4.1.2 Wireless Usage
Report 30
2.6.4.1.3 Monthly Wireless Service Provider
Audits 30
2.6.4.1.4 Audit Reports 30
2.6.4.1.5 Audit Analyses 30
2.6.4.1.6 Monthly Error
Reports 30
2.6.4.1.7 Monthly Procurement, Inventory, and
Invoice Integration 31
Page 3 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
2.6.4.1.8 Traceability 31
2.6.4.1.9 Formats 31
2.6.4.1.10
Recommendations 31
2.6.4.2 Bill Payment
Services 31
2.6.4.2.1 General 31
2.6.4.2.2
Consolidated Billing 31
2.6.4.2.3 Full Chargeback Management and
Tracking 32
2.6.4.2.4 Section 508 Accessible
Formats 32
2.6.4.2.5 Accuracy 32
2.6.4.2.6 Standardized
Reporting 32
2.6.4.2.7 Account and Invoice
Consolidation 32
2.6.5 Provisioning
Services 32
2.6.6 Local International
Service 32
2.7 Optional Services 33
2.7.1 General: 33
2.7.2 Mobile Device Management/Mobile Application
Management /Mobile Security (Optional) 33
2.7.3 Cellular Wireless Devices, Accessories and
Service (Optional) 34
2.7.3.1 Acquisition: 34
2.7.3.2 Carrier Service and
Plans: 34
2.7.3.3 Cellular Wireless and Voice Plan Service
Options 35
2.7.3.4 Licenses 36
2.7.3.5 Cellular (Cell) Phone and Smartphone
Device and Service 36
2.7.3.5.1 Cell Phone Equipment and Related
Accessories 36
2.7.3.5.2 Smart Phones 36
2.7.3.5.3 Cellular/Wireless Data Devices, Pagers,
and Internet of Things Devices 37
2.7.3.6 Satellite Phones
(Unsecure): 37
2.7.3.7 Tablets/Laptops: 37
2.8 Wireless Security 38
2.9 Optional Warranty
Services 39
2.10 Enhanced Products and Services:
39
2.11 Cellular Wireless Service
Plans: 39
2.12 Standards of
Service: 40
2.13 On-site Support
(Optional) 40
2.14 Unique web portal modifications
(Optional) 41
2.15 Surge Support
(Optional) 41
2.16 Executive Travel Support
(Optional) 41
2.17 Special Requirements
(Optional) 41
2.18 In-Building Cellular Wireless
(Optional) 41
3.0 Meetings, Reports, and Deliverables or
Outputs 42
3.1 Required Meetings 42
3.2 Post Award Conference and Kick off
Meeting 43
3.3 Progress Meetings 43
3.4 General Report/Deliverable
Requirements 43
3.5 Acceptance of
Deliverables 44
3.6 Table of Deliverables: Meetings, Plans,
Reports, and Processes 44
3.7 Performance Status
Report 48
Page 4 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
3.8 Contract Management Status Report
(CMSR) 48
3.9 Downtime and Incident
Reporting 48
3.10 Service Catalog Reporting:
48
3.11 Business Continuity
Plan 49
3.12 Strategic Sourcing
Report 50
3.13 Interrelationships of
Contractors 50
4.0 GOVERNMENT FURNISHED
RESOURCES 51
4.1 On-site Support 51
4.2 Government Furnished Equipment
(GFE) 51
4.3 Contractor Furnished
Property 51
5.0 APPLICABLE DOCUMENTS 51
6.0 IDIQ CONTRACT CORE SERVICE
LEVELS 52
6.1 SLA 1 - Device Asset Management
(CORE) 52
6.2 SLA 2 Cellular Wireless Managed Services Web
Portal (CORE) 54
6.3 SLA 3 - Deliverables (including
invoices) 56
6.4 SLA 4 - Customer Satisfaction
Survey 57
7.0 Service Desk Service
levels 59
7.1 Service Desk SLA 1 –Call Response Time
(Speed to Answer) 59
7.2 Service Desk SLA 2 - Call Abandonment
Rate 60
8.0 IDIQ Contract Other
Conditions 62
8.1 Ordering Period 62
8.2 Place of Performance 62
8.2.1 As-needed and Travel only staff
support 62
8.2.2 Logistical support: 62
8.3 Hours
of Operation 62
8.3.1 Cellular Wireless Management Portal
Availability 63
8.4 Type
of Contract 63
8.5 Inspection and Acceptance 63
9.0 Travel 63
10.0 Contractor Personnel 64
10.2 Observance of Legal Holidays and Excused
Absence 64
10.3 Continuity of
Support 65
10.4 Qualified Personnel 66
10.4.1 Key Personnel 66
10.4.2 Program Manager 66
10.4.3 Employee Identification 66
10.4.3.1 66
10.4.3.2 66
10.5 Employee Conduct 67
10.6 Removing Employees for Misconduct or Security
Reasons 67
10.7 Disclosure of “Official Use Only”
Information Safeguards 67
10.8 Training 68
11.0 Additional
Requirements 68
Page 5 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
11.1 Interoperability and Functionality
Services 68
11.2 Data Security and
Safeguards: 68
11.2.1 68
11.2.2 68
11.2.3 69
11.2.4 69
11.2.5 69
11.2.6 69
11.2.7 69
11.2.7.1 69
11.2.7.2 69
11.3 Compliance with DHS Security
Policy 69
11.4 Encryption
Compliance 69 11.5 Access
to Unclassified Facilities, Information Technology Resources, and
Sensitive Information Requirement 70
11.6 Security Review 70
11.7 Interconnection Security
Agreements 70
11.8 Required Protections for DHS Systems Hosted
in Non-DHS Data Centers 71
11.8.1 Security
Authorization 71
11.9 Enterprise Security
Architecture 71
11.10 Continuous
Monitoring 72
11.11 Specific
Protections 72
11.11.1 Security
Operations 72
11.11.2 Computer Incident Response
Services 72
11.11.4 Intrusion Detection Systems and
Monitoring 72
11.11.5 Physical and Information Security and
Monitoring 73
11.11.6 Vulnerability
Assessments 73
11.11.7 Anti-malware (e.g., virus,
spam) 73
11.11.8 Patch Management 73
11.11.9 Log Retention 73
11.12 Personal Identification Verification (PIV)
Credential Compliance 74
11.13 DHS Governance 74
11.13.1 74
11.13.2 74
11.13.3 75
11.14 Intellectual Property Records and Data
Rights 75
11.14.1 Protection of
Information 76
12.0 SECTION 508
COMPLIANCE 76
12.1 Section 508 Requirements Accessibility
Standards 76
12.2 Additional Accessibility
Requirements 78
Page 6 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
12.3 Department of Homeland Security Accessibility
Requirements 78
12.3.1 Compatibility with Assistive
Technology 79
12.3.2 Accessible
Functions 79
12.3.3 Hardware Devices that Contain Digital
Windows (If Applicable) 80
12.3.4 Documentation in Accessible
Formats 80
12.4 Guidelines for Technical Support and
Assistance 81
Page 7 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
1.0 GENERAL
1.1 Background
The
primary purpose of this Statement of Work (SOW) is to establish a
single-award Indefinite Delivery, Indefinite Quantity (IDIQ)
contract for Cellular Wireless Managed Services (CWMS) for the
Department of Homeland Security (DHS) and its Components. CWMS
includes managed services; a web portal for device ordering and
management; cellular wireless equipment and devices; cellular and
data service; Mobile Device Management (MDM); project management;
services to enhance in-building cellular coverage; service desk
services and other optional services. The CWMS IDIQ contract will
provide a comprehensive commercial cellular wireless managed
services solution. The IDIQ contract will enable access to multiple
commercial cellular wireless carriers that include but not limited
to: Verizon, T-Mobile, AT&T, and Sprint, as well as local and
regional providers to ensure maximum coverage. The web portal will
be a tool for wireless program management. It will be customized
for each Component and will allow each Component to access and
manage their wireless accounts with access to inventory management,
equipment management and reporting capabilities. Together, these
services will provide DHS and its Components with streamlined
invoicing, billing, payment, ordering, delivery processes,
standardized reporting and a robust means of providing wireless
devices and services to its employees. The ultimate goal of these
services will be to reduce wireless costs and find program
efficiencies across the Department.
1.2 Scope
The
Department of Homeland Security (DHS) is comprised of the
Headquarters (HQ) and the following Components (Hereafter referred
to DHS and its Components or DHS Components):
●
U.S.
Customs and Border Patrol (CBP)
●
U.S.
Citizenship and Immigration Service (USCIS)
●
U.S.
Coast Guard (USCG)
●
Federal
Emergency Management DHS (FEMA)
●
Immigration
and Customs Enforcement (ICE)
●
U.S.
Secret Service (USSS)
●
Transportation
Security Administration (TSA)
●
Office
of Biometric Identity Management (OBIM)
●
Federal
Protective Service (FPS)
●
Federal
Air Marshall Service (FAMS)
●
Science
and Technology Directorate (S&T)
The
contractor shall provide comprehensive commercial cellular wireless
managed services to include: managed services; a web portal for
device ordering and management; cellular wireless equipment and
devices to include multiple mobile solutions and associated
licenses; cellular, satellite and data service; Mobile Device
Management (MDM); project management; services to enhance
in-building cellular coverage; service desk services and other
optional services. The services shall include contractor initiated
and DHS authorized access to multiple carriers to include Verizon,
T-Mobile, AT&T, Sprint, local regional providers, enterprise
services and server licenses via existing government contracts. The
contractor shall
Page 8 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
also
offer services and hardware capable of processing classified
information, as required, in accordance with section 10.1.1
Instructions Regarding Security Requirements for Contract/Orders
section.
DHS
has an estimated 80,000 lines of service under its current
Telecommunications Expense Management Services (TEMS), CWMS, or
similar services.
The
area of support and coverage for this effort shall include the
contiguous United States (CONUS), and selected OCONUS locations
that are mission-driven and determined on an as-needed
basis.
1.3 Objective
DHS
requires contractor support to provide Cellular Managed Wireless
Services (CWMS). DHS seeks to establish an IDIQ contract as a
DHS-wide contract vehicle for CWMS to include the services
described in 1.2 Scope above. The Contractor shall provide DHS with
streamlined invoicing, billing and payment services, device
ordering and delivery processes, standardized reporting and a
robust means of providing wireless devices and services to its
employees. In addition, these services will enable DHS to reduce
wireless costs and find program efficiencies.
Within
DHS cellular wireless services has been procured incrementally,
resulting in decentralized management and operational costs. While
DHS and its Components’ wireless services have continued to
improve, there are still requirements at the department level for
oversight and monitoring of DHS assets, inventory control, and
device disposition.
DHS’s
current wireless services consist of devices and services from the
following wireless service providers: Verizon, T-Mobile, AT&T,
and several local/regional wireless vendors. The goals of this SOW
are to: (a) allow for improved cost, schedule, performance, risk
management, and warranties required to deliver effective and
affordable cellular wireless services; (b) maintain clear
government visibility into program cost, schedule, technical
performance, and risk; (c) and ensure services are provided within
scope, committed service levels, and designated
procedures.
This
SOW is comprehensive and represents requirements from DHS and its
Components. Ordering will be decentralized and Components will be
able to manage their programs independently to meet dynamic
operational needs.
2.0 REQUIREMENTS
The
requirements are grouped into two categories: Core services and
Optional services. Core services shall be provided as a single
suite of services. Core Services shall be provided to all
Components who issue an order under the IDIQ contract. Optional
services shall be available to all Components. Listed below are the
services that shall be provided for the Core Services and Optional
Services:
Core services:
●
Cellular
wireless management portal
●
Program
management
●
Performance
management and accountability
●
Transition
in/out services
Page 9 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
●
Service
support program
●
Telecommunications
management services
Optional services:
●
Wireless
devices and accessories
●
Mobile
device management
●
Mobile
Application
●
Mobile
Threat Protection
●
Cellular
wireless and Satellite devices accessories and service
●
Onsite
support
●
Unique
web portal modifications
●
Surge
support
●
Executive
support
●
Special
requirements
●
In-Building
wireless
2.1 Core Services
2.1.1 Cellular Wireless Management Portal
The
contractor shall provide a cellular wireless management portal
which shall be available for use DHS wide. All Components will use
the portal as indicated below. The objective is to provide a
centrally managed and accessible web portal (consolidated with
access to all data) that has decentralized Component specific
operating locations and Component specific managed web
interfaces.
No
later than sixty calendar (60) days after IDIQ contract award, the
contractor shall provide a single web-based, network carrier
agnostic secure socket layer (SSL) order management system/portal
that shall be capable of establishing DHS Component specific
instances or acceptable areas that will maximize Component specific
management while maintaining a single web portal for DHS to control
and manage its cellular wireless program across the department.
This portal shall allow all wireless-related transactions to be
executed within the portal environment including device and service
requests, provider plan look-up, order tracking, account request
(i.e. number porting and deactivation), and management approval.
The contractor shall ensure that this web-based system is a
comprehensive and centralized information repository, with
decentralized management and support for Component specific
requirements. The time frame for establishing the DHS Component
instances of the web portal will be determined at the order
level.
The
web-based portal shall support Component specific instances where
the data, content, access, workflow, management, and general access
to services can be segmented or compartmentalized. The contractor
shall enable the Component specific instances to be modified,
configured, and customized to meet Component Order level
requirements. Minor modifications shall be available to Components
at no additional cost to the Government. Unique or Major
customization/modification after acceptance of the Component
specific portal shall be available as an optional
service.
Page 10 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
The
portal shall be Section 508 compliant and Federal Information
Processing Standards (FIPS) 140-2 certified, FIPS 140-2 compliance
may not be required for the portal itself, but the Secure Socket
Layer (SSL) will require FIPS 140-2 certification. Costs associated
with establishing a properly certified web portal that is FISMA and
FIPS compliant is the responsibility of the contractor. At a
minimum, the portal shall provide:
●
Asset
tracking and inventory management services (to include devices,
applications, licenses, and accessories)
●
Equipment
history of assignment and service
●
Billing
and usage information
●
Service
and contract management
●
Efficient
reporting and accountability
●
Expense
management
●
Policy
management and enforcement (to include sign off)
●
Performance
reporting and management
●
Analysis
and optimization of plans, service, and utilization
●
Flexible/Dynamic
agency-controlled information fields
●
Account
Hierarchy Code at a minimum of the 50 character level
(AHC)
●
Automated
Notifications
●
Provisioning
services
●
Redundancy
of data and service
●
Usage
and cost monitoring and reporting
●
Monitoring,
reporting, and coordination of emergency telecommunication
services
●
Management
Suspension Requirements (until notified to reinstate)
●
Support
Wireless Priority Services (WPS) and Government Emergency
Telecommunications Services (GETS)
●
Management
of airtime services allowing roaming via all carrier
networks
●
Management
of moves, adds, changes, and disconnect (MACD)
services
●
Management
of a technology refresh program
●
Portal
and/or Data information downloads to multiple formats (.cvs, .txt,
.xls, xlsx, etc.)
●
Capability
to perform a DHS authorized and approved data transfer between the
portal and applicable DHS financial, inventory, or contracting
information systems used as a data source
●
Tracking
and reporting on all activities requested, changed, and completed
within the portal
2.1.2 Workflow
The
web-based portal shall have workflow to allow assignment of
customizable ordering and role-based permissions to comply with
government policies and procedures and to ensure accountability for
devices and accessories. The portal shall have workflow to enable
authorized staff to receive requests for devices, service and,
accessories, make approvals and forward the approved request to the
contractor for action. IDIQ orders will not be awarded through the
portal; the portal is for requests only.
The
web portal shall interface with Component specific asset and
inventory management systems (the specific asset management systems
shall be identified in the Component level order). At a minimum the
web portal shall be able to interface with for example asset and
inventory management systems and
Page 11 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
service
management systems used at DHS. The interface may come in the form
of a data dump, batch data transfer, or direct connection
(e-bonding).
2.1.3 Portal Data Field Requirements
The
following data fields are required:
●
User
Full Name
●
Device
assigned location
●
Organization/Component
to include Account Hierarchy Code (AHC) structure and site
location
●
End
user email address
●
End
user shipping address
●
End
user work address
●
Status:
Pending Approval, Disapproved, Transferred, Closed
●
Device
Make
●
Device
Model
●
Serial
Number
●
International
Mobile Equipment Identity (IMEI) number
●
Asset
Tag
●
Type
of Device
●
Customize
by Carrier Upgrade Eligibility
●
Date
activated
●
Date
de-activated (when applicable)
●
Warranty
Expiration Date
●
Date
Upgraded (when original device is replaced with newer
model)
●
Device
Phone Number
●
Service
Management Options and comment
●
Device
Received Date (user acceptance)
●
Account
Names
●
Point
of contact(s)
●
Line(s)
of Accounting
●
Remarks/Comments
●
Document
attachment
●
Account
Owner (differs from User)
●
Account
Owner Address
●
Service
Delivery Point Address
●
Invoice
Address
●
POC
●
Agency
Service Request Number or Agency Order Number
●
Component
IDIQ Order Number
The
contractor is encouraged to include additional data fields to meet
the government’s requirements. Each task order may contain
additional portal data field requirements specific to their program
requirements.
Page 12 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
2.1.4 Device Management via the Portal
The
web portal shall enable the government to track the following:
MACDs; WPS enabled handheld devices; details concerning the type,
location, amount and distribution of equipment (Component sites);
and distribution of services by carrier. The portal shall provide
dashboards and customizable reporting to facilitate device
management.
The
web portal shall provide automated notifications tied to events
such as changes, modifications, adjustments, processes, or
procedures. The contractor shall recommend automated notifications
as part of their proposed solution. Examples of automated
notifications include:
●
Exceeding
service plan thresholds
●
Work
Flow approval
●
Modification
to system availability (down times, outages, service
availability)
2.1.5 Continuity of Operations
All
portal functions shall have redundancy in accordance with
government policies to include Continuity of Operations, Management
Directive 9300.1 - Continuity of Operations Programs, and
Continuity of Government Functions.
2.1.6 Training
The
contractor shall provide training to DHS staff authorized to use
the portal. The staff to be trained will be identified at the Order
level. Training shall include but not be limited to computer-based
training, Web based training, instructor led training, and train
the trainer sessions. All training shall include training materials
consistent with the most recent and Component specific version of
the portal. The training may be held at the government site,
offsite, or web based. Training may be required initially and
throughout the lifecycle of this requirement based upon Component
needs.
2.2 Program Management (Core)
The
contractor shall provide program and project management to assist
with the performance of technical, security, and enterprise support
for Component initiatives.
Program
Management shall include those services and activities required to
coordinate resources and provide management and performance
reporting at the IDIQ contract level and across all IDIQ orders
under the IDIQ contract. Program management includes services
necessary to coordinate resources, ensure performance, support
Component initiatives, and service delivery for a defined task.
Project reporting, including Integrated Master Schedule (IMS), Work
Breakdown Structure (WBS), and resource allocation shall be
channeled through the Program Manager and presented as part of the
Program Management Plan. Program management services shall be an
integral part of and inherent to the performance of all orders
under this IDIQ contract. Program management requirements will be
specified in Component statements of work at the Order level. All
services provided by the contractor shall comply with the terms and
conditions of the IDIQ contract.
Page 13 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
2.2.1 Program Management Support Services (IDIQ Contract
Level)
The
contractor shall provide program management support services that
include program information, project schedules, performance
matrices, position papers, procurement of equipment and services
through deployment, transfer, replacement, collection, engineering,
management and operation of the program. The contractor shall
provide all the reporting, optimization, inventory control and
invoicing management services provided for under the managed
service for devices. Program management support shall include but
not be limited to:
●
Updating
and maintaining a database of Wireless points of contact to
include; Wireless Account Custodians (WACs), Commercial Service
Providers, wireless assets, accounts, contract types, field
location codes and account hierarchies.
●
Managing,
tracking, and coordinating the activities of contractor resources
as well as those of any partners
and subcontractor used to successfully fulfill the requirements of
the IDIQ contract.
●
Supporting
the DHS Information Security Support Officer (ISSO) during meetings
and conference calls with IT security matters related to the web
portal.
●
Developing
program documentation for government review and approval to
include: broadcast emails, presentation materials, whitepapers, and
meeting minutes on daily activities, status, trend, etc. for
distribution to DHS personnel as requested.
●
Developing
a comprehensive strategic plan (Program Management Plan) for
government review and approval that outlines centralization efforts
for commercial wireless operations and management under
DHS.
●
Supporting
project management meetings with the IDIQ Contract level
Contracting Officer’s Representative (COR) and Component
Order level COR to respond to issues and to report on key
performance measures.
●
Summarizing
progress against the implementation schedule, ceiling amount, order
funding burns, and status towards achieving key project management
goals and performance quality against project level performance
metrics.
2.2.2 Program Management Plan
The
contractor shall prepare an IDIQ contract level draft Program
Management Plan (PMP) as stated in Deliverable Numbers 5 and 6 of
Section 3.6 Table of Deliverables: Meetings, Plans, Reports, and
Processes. The draft IDIQ contract level PMP shall be due five (5)
calendar days after award at the Post Award Conference. An IDIQ
Contract level PMP shall be due thirty (30) calendar days after
contract award. Government review of the IDIQ contract level PMP
shall be completed within ten (10) calendar days after receipt.
After receipt of Government comments, the contractor will have
fifteen (15) calendar days to incorporate comments and changes and
receive final IDIQ contract level PMP approval.
Upon
issuance of a Task Order, the IDIQ contract level PMP shall be
updated to include Component specific plans and details. The
Component Order level PMP template and outline shall be due fifteen
(15) calendar days after Order award at the Component Level Order
Kick off Meeting. A final Component Order updated PMP shall be due
thirty (30) calendar days after Component Level Order award, which
shall be subject to a ten (10) calendar day government comment
period followed by a fifteen (15) calendar day contractor response
time to incorporate comments and changes. During the transition
period for each task
Page 14 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
order,
the updated PMP with Order level details shall incorporate
information and data learned during the transition period. The
Component Level Order PMP shall include:
●
At
the IDIQ contract level, methods for managing key elements of the
technical approach, resources, communication, assumptions, risk,
and schedule
●
At
the Component Order level, methods for managing Component level
activities, deliverables, critical dependencies, and
milestones
●
At
the Component Order level, a description of the data to be
collected to support service level and performance management and
how often that data will be collected; and
●
At
the Component Order level, a discussion and proposed resolutions
for anticipated performance problems, trends and disputes that
could arise in an environment with multiple orders.
2.2.3 Performance Management Program (Core)
Performance
management and accountability through service level management and
metrics analysis is an integral part of this IDIQ contract. In
addition to any applicable inspection clauses or other related
terms and conditions contained in the IDIQ contract, performance
and service level management shall serve as a primary tool for
inspection and acceptance of services as facilitated by the
Contracting Officer’s Representative (COR), or Component
Program Office (PO). Evaluation of the contractor’s overall
performance will be in accordance with the performance standards
set forth in Attachment A and B, Service Levels, and will be
conducted by the COR/PO. The Service Levels will constitute a
material aspect of the resulting IDIQ contract and will not be
changed or otherwise modified after award unless mutually agreed
upon by both parties through a signed modification issued by the
CO.
The
Performance Management Program shall be presented via the
Performance Management and Accountability Plan (PMAP). The PMAP
shall include the examination of all service level activities on an
on-going basis (contractor analysis), monthly basis (DHS
organizational reviews), quarterly basis (DHS program review), and
annual basis (DHS CO). The contractor shall examine all service
levels against developed metrics; create electronic dashboard views
of metrics; and contribute metrics data to the DHS SharePoint
Performance Management and Metrics site for the collection,
analysis, and monitoring of SLA compliance; and generate and
present reports based on the service levels and
metrics.
2.2.4 Performance Management and Accountability Plan
(PMAP)
The
PMAP, as stated in Deliverable Number 7 of Section 3.6 Table of
Deliverables: Meetings, Plans, Reports, and Processes, shall be the
plan for managing performance, service level compliance, effective
analysis, and timely and accurate reporting for all services. At a
minimum the plan shall include:
●
The
Contractor’s overall approach for quality
assurance
●
The
procedures, documentation and methods for tracking the proposed
service levels including communicating with the Government,
handling corrective actions and implementing
improvements.
●
All
proposed service levels
●
Performance
standards
●
Acceptable
Quality Levels (AQLs).
Page 15 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
●
Quality
Assurance Surveillance Plan (QASP) as stated in Deliverable Number
9 of Section 3.6 Table of Deliverables: Meetings, Plans, Reports,
and Processes.
●
Proposed
credits when an SLA is not met.
The
PMAP shall be initially included as part of the Transition
Management Plan (TMP) to be executed, reviewed, and approved during
the transition period. The PMAP shall be updated following award of
each IDIQ order, as stated in Deliverable Number 8 of Section 3.6
Table of Deliverables: Meetings, Plans, Reports, and Processes. All
Service Levels shall include details necessary to make them
manageable and supportable for both the Government and Contractor.
The required Service Levels shall include:
●
Collection
Methodology – The contractor shall articulate the tools,
techniques and frequency with which relevant data supporting each
SLA shall be collected.
●
Formulas
– The contractor shall provide the relevant formulas that
will be used to measure SLA performance.
●
Qualifying
Factors – The contractor shall submit, for consideration,
exceptions relevant to each SLA where performance may be negatively
impacted by factors outside the Contractor’s control and
where the inclusion of such could negatively impact the
Government’s objectives.
●
Proposed
disincentives (credits) for not meeting service level
agreements.
●
Process
to automatically credit the Government when credits are owed due to
failure to comply with an SLA. The details of individual monthly
credits shall be included in the Performance Status Report for the
Government review and approval.
●
Process
for increasing the credit amounts if the contractor fails to comply
with the same SLA for two (2), three (3), four (4), or more
consecutive months
Upon
award of the IDIQ contract, the service levels, with government
approval will become Service Level Agreements (SLAs) and
incorporated into the IDIQ contract. These SLAs will become the
baseline for Component task orders. Components may negotiate
additional SLAs if required. Any and all Service Level Agreements
resulting from award of the IDIQ contract or task order shall be
subject to semi-annual suitability reviews. The Government will, at
its discretion, request changes to SLAs. These changes will
include:
●
Increases
or decreases to specific performance levels of existing
SLAs,
●
The
addition of new SLAs,
●
The
deletion of specific existing SLAs.
The
Government will provide all proposed changes to the contractor for
review and comment prior to execution. The contractor shall have
ten (10) business days to respond with comments and/or changes. The
Government will review the contractor’s responses within ten
(10) business days and make any such determinations as is necessary
to enact those changes within the IDIQ contract. The Government
will have at its discretion the choice to modify the Service Levels
based on the best interests of the Government.
The
Service Levels shown under Attachments A and B are DHS’s IDIQ
contract level required service levels; Contractors are encouraged
to recommend improvements to the proposed required service levels
and incorporate additional Service Levels to effectively achieve a
complete CWMS program based on past experience.
Page 16 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
2.3 Agreements
The
contractor shall obtain organizational level agreements,
partnership agreements, memoranda of agreement, or memoranda of
understanding with other contractors, vendors, or service providers
to ensure no gaps in service or coverage occur between contracts
where services may be impacted or coordination between contracts
impact service delivery, service performance, or contractual
compliance. All agreements shall be examined and modified on an
annual basis to ensure compliance.
2.4 Startup/Transition-In and
Transition-Out Services (Core)
Orders
under this IDIQ contract shall include a transition-in and
transition-out period. The transition-in period at the IDIQ
contract level will be sixty (60) calendar days from IDIQ contract
award. The transition-in period at the task order level will be
established by the components for a period not to exceed sixty (60)
calendar days from order award date. The transition-out period at
the IDIQ contract level is defined as ninety (90) calendar days
prior to the IDIQ contract expiration. The transition-out period at
the task order level will be (90) calendar days or the period
specified in the order. In the event of IDIQ contract or task order
termination, the transition-out period will be ninety (90) calendar
days from a termination notice, unless specified otherwise by the
Contracting Officer.
The
contractor shall submit a Transition Management Plan (TMP), as
stated in Deliverable Number 10 of Section 3.6 Table of
Deliverables: Meetings, Plans, Reports, and Processes, initially
documenting IDIQ contract level Transition-In and Transition-Out
steps with updates to the TMP occurring during task order awards to
capture Component transition requirements. The TMP shall include
but not be limited to:
IDIQ
Contract Level
●
Performance
Management and Accountability Plan
●
Program
Management Plan
●
Integrated
Master Schedule
●
Training
Plan
Order
level
●
order
updated Performance Management and Accountability Plan
●
order
updated Program Management Plan
●
order
updated Training Plan
The
draft TMP shall be submitted at the kickoff meeting.
2.4.1 Transition-In Services
Transition-In
shall be deemed complete as of the first business day immediately
following the service transition completion (“Service
Acceptance Date”) as specified in the TMP. A TMP will be
required at the IDIQ contract level and at the Order level. Each
Component will manage its own transition once it issues its task
order. The government will confirm acceptance with a written notice
accepting transition-in completion. As of the Service Acceptance
Date, the contractor shall have successfully completed
implementation and deployment of all required TMP activities to
DHS’s satisfaction specified in this SOW.
Page 17 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
The
contractor shall also have all service management resources and
support services in place and in full compliance with the IDIQ
contract operational requirements.
As
of the Service Acceptance Date, the measurement and reporting of
the contractor’s performance will begin in accordance with
the Performance Management Plan criteria.
The
following startup/transition-in services shall be provided at the
IDIQ contract level and the Order level. The contractor
shall:
2.4.1.1
Provide IDIQ Contract and Order level TMPs
When task
orders are placed, the IDIQ contract level TMP shall be updated to
address each CLIN and/or task. The update shall clearly detail the
steps to be performed and information the government requires from
the contractor. The IDIQ contract level and Order level TMPs shall
include a projected schedule and timeline for each activity leading
to the service acceptance date. The final TMP shall be delivered
NLT seven (7) calendar days following Government
review.
2.4.1.2 Provide Services by the Service Acceptance
Date
Take any and
all actions necessary to complete the startup tasks as defined in
the TMP and begin providing the services required by the IDIQ
contract by the “service acceptance date” as documented
in the IDIQ contract.
2.4.1.3 Data Transfer Capabilities
As stated in
Deliverable Number 36, Section 3.6 Table of Deliverables: Meetings,
Plans, Reports, and Processes, the contractor shall successfully
test and/or demonstrate any electronic data transfer capabilities
between the contractor’s portal and all of DHS financial,
inventory, or contracting information systems being used as a data
source.
2.4.1.4 Transition Billing and Services
Transition
billing and services while ensuring no interruption in service or
adverse impact upon DHS business activities and
employees.
2.4.1.5 Minimize Carrier Initiated Impacts
Minimize
carrier-initiated impacts to service through aggressive
coordination and continuous communication with DHS and third
parties.
2.4.1.6 Maintain Cellular Wireless Service Provider
Relationships
Actively
maintain cellular wireless service provider relationships to ensure
no loss of service for DHS both during the transition and over the
life of the Order.
Page 18 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
2.4.1.7 Coordinate and Gather all Relevant Infrastructure Service
and Asset Data
Coordinate
with the DHS IDIQ contract level and Order level TM to gather all
relevant infrastructure and cellular wireless service and asset
data to upload into the contractor’s web portal database to
accomplish any initial optimization analyses. The contractor
designated program manager shall maintain daily contact with the
DHS IDIQ contract level or Order level COR during the transition
period to ensure timely communication with the agency and to
resolve any problems or issues.
2.4.1.8 Obtain Operational and Security Authorizations
Successfully
obtain Authority to Operate (ATO) per DHS 4300 and (DHS)
Information Security Program Information Security Management Act
system security authorization to obtain approval for the DHS wide
web portal. The web portal will be given interim ATO upon IDIQ
contract award. The expected timeline for the final ATO is up to
twelve (12) months after the award. The contractor shall
successfully demonstrate and test all required electronic data or
user interfaces to designated DHS staff to include the IDIQ level
COR.
2.4.1.9 Implement and Manage the Web Portal
Successfully
demonstrate, test, and place into operations, with Single Sign-On
access at the Order level, the Component specific instance of the
web portal with all required updates, modifications, and structure
to support Component level requirements within the Component
designated transition-in period.
2.4.1.10 Ensure No Service Interruptions
Ensure
no service interruptions or adverse impact upon DHS business
activities and employees occur due to changes made without
government review and approval or contractor’s
negligence.
2.4.2 Transition-Out Services
The
contractor shall plan for and provide a transition-out period not
to exceed ninety (90) calendar
days.
Transition-out shall be available at the end of the base and each
option period of each task order at
the
Government’s direction. At a minimum, transition out services
shall include the following:
2.4.2.1 Develop a Transition-Out Plan
Developing
a transition-out plan for transferring service responsibility to
another provider or back to DHS and its Components. The
transition-out plan shall identify what actions the contractor and
DHS and its Components must perform to smoothly transfer
information, data, government furnished property and any management
responsibility to another party. The transition-out plan shall
address any known risks, foreseeable problems, and shall identify
the additional resources and cost, if any, required to mitigate
these risks and ensure a successful transfer of
responsibility.
2.4.2.2 Implement a Transition-Out Plan
Page 19 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
Carrying
out the tasks in the transition-out plan and managing the
completion of those tasks to ensure successful transfer of all
responsibilities by the agreed upon transition service acceptance
date as specified in the order.
2.4.2.3 Deliver all Transition-Related Agency Wireless Account
Data
Delivering
to DHS and its Components all agency wireless account, inventory,
invoice, and other data resident in the contractor’s data
system necessary to enable another provider, or DHS and its
Components, to assume service responsibility. As stated in
Deliverable Number 34, Section 3.6 Table of Deliverables: Meetings,
Plans, Reports, and Processes, this information shall include a
listing of the names, phone numbers and e-mail addresses of all
wireless service provider points of contact (POCs) that the
contractor works with to manage the agency’s accounts and
invoices. All data shall be delivered, available, and accessible to
DHS and its Components in electronic format to enable electronic
transfer into other data systems. The specific format(s) for the
data will be specified at both the IDIQ contract level and Order
level during transition. This information will be referred to as
Agency Transition Data.
2.4.2.4 Complete Other
Transition-Related Component Order-Specific Requirements
Other Component specific requirements
as stated in individual Component Orders. 2.4.2.5 Continue to Support DHS
through Final Contract Resolution
Upon
expiration of the IDIQ contract and the task orders, as part of its
close-out responsibilities IAW FAR Part 4.8, the contractor shall
continue to support DHS and its Components in handling and tracking
disputes filed with wireless service providers on or before the
IDIQ contract and the Order expiration date through final
resolution, or for six (6) months after expiration, whichever is
less. (These are not contract claims as defined in FAR Part 33,
which will be handled by a warranted CO.)
2.4.3 Transition Management Plan
As
stated in Deliverable Number 10, Section 3.6 Table of Deliverables:
Meetings, Plans, Reports, and Processes, the final TMP shall be
delivered NLT seven (7) calendar days following the Government
review. The TMP shall include the PMAP, the PMP and the Training
Plan in addition to the following:
2.4.3.1 Describe Transition-Related Knowledge Transfer
Objectives
A
description of how knowledge will be communicated to achieve
transition objectives (e.g. briefings, training sessions, standard
operating procedures, reference guides, etc.).
2.4.3.2 Identify Transition-Related Risks
Identification
of any known risks, foreseeable problems, and identification of
additional resources and/or cost, if any, that will be required to
mitigate those risks and ensure a successful transfer of
responsibility.
2.4.3.3 Quantify Transition-Related Risks
Page 20 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
Quantification
of risk in days or weeks of delay and the most likely outcome for
the program considering identified risks.
2.4.3.4 Develop a Recommended Transition Schedule
Identification
of current task orders being performed, the priority and schedule
of each order (include descriptions), original due dates, and a
recommended schedule to transition CWMS activities.
2.4.3.5 Develop and Manage the Integrated Master Schedule
(IMS)
As
stated in Deliverable Number 12 of Section 3.6 Table of
Deliverables: Meetings, Plans, Reports, and Processes, the
contractor shall provide an Integrated Master Schedule (IMS) no
later than thirty (30) calendar days after IDIQ contract award and
ten (10) calendar days after each subsequent order award. The IMS
shall identify all orders currently being performed and activities
to be performed. The schedule shall detail the priority of
transition tasks, a brief write-up identifying the history and
purpose of each task, pending actions of current and planned tasks
and activities (to include descriptions), original due date, and a
recommended schedule for transition. The contractor shall update
the IMS after award of each order and develop and maintain the IMS
by logically networking detailed program activities (include
planned events and milestones, accomplishments, exit criteria, and
activities from IDIQ contract award to the completion of the final
order).
2.5 Service Support Program (Core)
The
contractor shall establish a service support program (staff and
support structure), to include service desk for all authorized DHS
staff requesting service related to CWMS. The core hours of Service
desk are Monday through Friday between the hours of 7:00 a.m.
– 6:00 p.m. Support hours shall correspond to the applicable
time zone (example: Eastern Time (ET) 7 am to 6 pm). Through the
service support program, the contractor shall assist DHS Staff with
requests for service related to all services ordered by the
respective Component. The contractor may be requested to travel
within the CONUS to support DHS mission requirements, this level of
support shall be identified at the Order level.
Additional
hours beyond the stated core hours of service, and limited after
hours support shall be provided as an optional service under
Section 2.7 and/or Section 2.13, which will be identified at the
Order level. The web portal shall not be used as a service request
ticket management point of entry for service. All requests for
service shall be directed through the respective Component service
desk to the CWMS Service Desk as identified under Section 2.5.1.
The process, methodology, and procedures for generating, routing,
handling, and distributing request for services will be identified
at the order level.
2.5.1 Service Desk
The
contractor shall provide service desk support for all services
offered within the scope of the IDIQ contract. Request for service
may begin from a Component specific service desk and transfer or
migrate to the contractor’s service desk. Response times and
level of service shall be determined at the Order
level.
2.5.1.1 Invoice, Billing and Service Reports
Page 21 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
The
contractor shall provide Invoice and Billing support Monday through
Friday between the hours of 7:30 a.m. – 5:30 p.m. ET to
answer billing and invoicing questions. The contractor shall
prepare, submit, and present a weekly service request report that
captures the number of requests, requests completed, and requests
pending resolution. This service shall be included with the overall
service desk services as stated in Section 2.5.1. Individual order
level reporting may vary in frequency and detail based upon
individual Component requirements.
2.5.2 Remote Help Desk Support – Tier 1 (Core)
The
contractor shall provide and establish processes and procedures for
providing Help Desk
Support.
Help Desk Support requirements will be defined at the Order level
(see section 2.13). Tasks to
be
performed as the Help Desk Support shall include but are not
limited to:
o
Serve
as the first point of contact for customers seeking technical
assistance with mobile devices over the phone, email, or ticketing
system
o
Perform
remote troubleshooting through diagnostic techniques and pertinent
questions
o
Walk
the customer through the problem-solving process
o
Provide
accurate information on mobile information technology products or
services
o
Record
events and problems and their resolution in the maintenance
system
o
Follow-up
and update customer status and information
o
Identify
and suggest possible improvements on procedures
2.5.3 Ticketing System Interface
The
contractor shall provide a service request ticketing system which
shall interface or be able to communicate directly or indirectly
with the Component service request ticketing system.
2.5.4 Servicing, Refurbishing, or Recycling Devices
The
contractor shall assess malfunctioning devices to determine if
initial triage (re-boot, battery removal, charging) will resolve
customer reported issues. A malfunctioning device that is out of
warranty and cannot be repaired shall be wiped (e.g. all data
removed per DHS Component Policy, replaced and either returned to
the carrier (warranty service) or properly disposed of (per DHS
Component Policy for device disposal) if not
repairable.
When
applicable, devices shall be refurbished and returned to inventory
for use. When a device receives warranty repair and can be returned
to service, that device shall be returned to inventory for use.
Specific processes and procedures for processing and wiping,
cleansing, and sanitizing malfunctioning devices or devices
designated for disposal will be provided by the Component at the
Order level.
2.5.5 Supplemental Warranty Service Program
In
conjunction with the device warranties provided by the device
manufacturer, the contractor shall propose a supplemental warranty
service program that shall include the delivery, return,
distribution, and inventory management of devices that require in
warranty and out of warranty service. The contractor’s
warranty
Page 22 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
services
shall cover devices, parts and accessories, and include overnight
shipment of equipment to remedy all issues.
2.5.5.1 VIP Program
The
contractor shall establish a program for VIP customers that will
provide emergency device repair or replacement /issue resolution
response and when necessary replacement and shipping. The specific
details for this program will be provided at the Order
level.
2.5.5.2 Issue Resolution
For
all other customers, the contractor shall provide a minimum
twenty-four (24) hour issue resolution and no more than five (5)
calendar days for equipment replacement and shipping, unless
otherwise specified at the Order level.
2.6 Telecommunications Management Services (TMS)
(Core)
The
contractor shall provide Telecommunications Management Services
(TMS). TMS includes Ordering and Procurement Services, Contract
Services, Asset and Inventory Management Services, and Financial
Management Services as described below. These services shall be
provided through the contractor’s portal.
2.6.1 Ordering & Procurement Services:
The
contractor shall provide ordering and procurement services through
its portal solution. Ordering and procurement services shall
include the ability to provide order status, order and change
request tracking, and ensure adequate controls exist to prevent
fraud, waste, and abuse. The contractor shall provide:
2.6.1.1. Ordering Process Workflow management
An
ordering process that uses workflow management with multiple
approval hierarchies for multiple functional or business units.
Individual Component level requirements will be specified at the
order level.
2.6.1.2 Portal Ordering Capability
As stated in Deliverable Number 33, Section 3.6
Table of Deliverables: Meetings, Plans, Reports, and
Processes, the contractor shall
provide a web portal ordering capability that ensures that only
government approved devices and accessories can be ordered through
the portal. The contractor shall reconfigure its portal / systems
to accommodate different standard equipment sets as they change and
as they are approved by the government’s
COR.
2.6.2 Contract Services
Contract
services consist of wireless service contracts, agreements,
administration services, dispute recovery services, rate plan
optimization services, and contract optimization services. The
contractor shall
Page 23 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
manage
all wireless service provider contracts including service plan
selection based on budget, user profiles, and data gathering.
Individual Component level requirements will be specified at the
Order level.
2.6.2.1 Prime/Sub Arrangement Administration Services:
The
Contractor may provide a total solution through a prime/sub
arrangement(s), when required supplies are not available on its own
contract. The contractor shall maintain accurate and current copies
of all wireless service agreements, contracts, and other records
related to the DHS CWMS with wireless service providers that
specify the pricing, terms and conditions of provided wireless
services. This information shall be maintained and viewable by DHS
and its Components in the portal. Individual requirements will be
specified at the order level.
2.6.2.1.1 Key Events Monitoring
Monitor
key events associated with wireless service contracts and
agreements including: expiration dates, annual review dates,
thresholds for additional discounts, notification deadlines for
various contract or agreement options, etc. The contractor shall
also provide the COR a list of the upcoming key events with
potential recommended actions on a monthly basis unless otherwise
directed by the COR. If any event results in a disruption of
service, the contractor shall coordinate and distribute
communications to the affected users as directed by the Department
or Component. This information shall be included in the Contract
Management Status Report (CMSR) (see Deliverable Number 17, Section
3.6 Table of Deliverables: Meetings, Plans, Reports, and
Processes).
2.6.2.1.2 Monitor Measurable Indicators
Monitor
and report DHS spending levels, service line counts, or other
measurable indicators. This information shall be reported in the
monthly CMSR.
2.6.2.1.3 Resolve Wireless Service Provider Contract
Issues
Meet
monthly with DHS designated personnel to develop strategies and
guidance for resolving wireless service provider contract issues,
achieving optimal pricing or service terms, and methods to maximize
negotiation strength with wireless service providers.
2.6.2.1.4 Monitor Wireless Telecommunications Technology for
Contract Impacts
Advise
DHS and its Components on how its wireless contracts or agreements
might be impacted by changes in the wireless telecommunications
industry or by new wireless service offerings and assist with
developing strategies to include new or terminate old, technical
services into the contracts or agreements.
2.6.2.2 Dispute Recovery Services
The
contractor shall collect and prepare information necessary to
resolve billing and accounting errors with the wireless service
providers and maintain this information in the portal. The
contractor shall also manage and track all claims through final
resolution. Individual requirements will be specified at the order
level. The contractor shall:
Page 24 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
2.6.2.2.1 Research Disputes
Research,
review, dispute, and track all potential billing and accounting
errors.
2.6.2.2.2 Discover and Manage Credits Due to the
Government
When
errors are discovered and credits are due to the government, the
contractor shall apply those credits to the service line level to
ensure they are correctly applied to the Component, individual,
and/ or project chargeback codes.
2.6.2.2.3 Prepare and Submit Necessary Information
Collect,
prepare, and submit any information necessary to identify and
recover any audit savings from the wireless service
providers.
2.6.2.2.4 Resolve all Disputes
Manage
and track all disputes through final resolution.
2.6.2.2.5 Prepare and Provide Monthly Dispute Claim Status
Reports
As
stated in Deliverable Number 27, 3.6 Table of Deliverables:
Meetings, Plans, Reports, and Processes, the contract shall prepare
a monthly Dispute Claim Status Report detailing the status of
claims filed with the wireless service providers and billing
accuracy rates for individual wireless service
providers.
2.6.2.2.6 Manage and Apply Recovered Funds
Apply
recovered funds to the specific wireless service being
credited.
2.6.2.3 Rate Plan Optimization Services
As
stated in Deliverable Number 14 of Section 3.6 Table of
Deliverables: Meetings, Plans, Reports, and Processes, the
contractor shall perform an initial rate plan analysis of existing
wireless service agreements to identify immediate savings within
thirty (30) calendar days after the service activation date. After
the initial review, the contractor shall conduct quarterly reviews,
at a minimum, to identify cost savings and price reductions for
products and services. Individual requirements will be specified at
the order level. The contractor shall:
2.6.2.3.1 Rationalize and Optimize Services and Costs
Provide
recommendations to rationalize rate plan types, the number of
service lines with each wireless service provider, the total number
of wireless service providers, and other opportunities that might
lower total cost while maintaining or improving the quality of
wireless service provided to DHS users. Calculate costs to DHS
based on actual monthly usage patterns of users and determine where
individual account and rate plan changes should be made to lower
future costs. The analysis shall be based on a
three-month
Page 25 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
usage period. This applies primarily to voice and
data usage. All other featured usage shall be monitored and
addressed based on current month usage. As stated in Deliverable
Number 19 of Section 3.6 Table of Deliverables: Meetings, Plans,
Reports, and Processes, this information shall be reported in the
Section 3.8
Contract Management Status Report (CMSR).
2.6.2.3.2 Provide Optimization Recommendations
Provide
optimization recommendations to DHS designated representatives that
can, upon approval, implement the optimization recommendations and
changes as specified.
2.6.2.4 Contract Optimization Services:
As
stated in Deliverable Number 15 of Section 3.6 Table of
Deliverables: Meetings, Plans, Reports, and Processes, the
contractor shall perform an initial contract optimization analysis
of existing wireless service agreements to identify immediate
savings within thirty (30) calendar days after service activation.
The contractor shall perform and report, on a quarterly basis,
comprehensive assessments of all existing wireless service
contracts and agreements to identify improvements and cost savings
opportunities. Component-specific requirements will be described at
the Order level. The contractor shall provide:
2.6.2.4.1 Benchmarks and Best Practices
Benchmark
DHS’s existing pricing, service terms and conditions across
the department with those of other federal and commercial customers
and accepted “Best Practices” to identify recommended
change(s). This shall be reported in the CMSR.
2.6.2.4.2 Rationalization
Make
specific recommendations for rationalization of rate plan types,
migration of service lines between specific wireless service
providers, changing the number of total wireless service providers,
changes in contract terms and conditions, and other opportunities
that would lower total cost while maintaining or improving the
quality of wireless service provided to DHS’s users. These
recommendations shall be reported in the CMSR.
2.6.2.4.3 Optimization Recommendations
As
stated in Deliverable Number 24, 3.6 Table of Deliverables:
Meetings, Plans, Reports, and Processes, the contractor shall
submit for DHS or Component approval and assist with the
implementation of contract optimization recommendations, changes,
and sourcing/competitive bidding among Wireless service providers
to lower overall costs.
2.6.2.4.4 Savings
Track
and report savings derived from contract optimization efforts. At
the IDIQ contract level this information shall be included in the
Initial Contract Optimization Analysis thirty (30) calendar days
after award and Quarterly Report (with updates). Additional
frequency and method of reporting shall be determined at the Order
level.
Page 26 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
2.6.2.4.5 Discounts
Ensure
any additional discounts provided to any DHS Component more
advantageous than the IDIQ contract established rates and discounts
shall be applied to the IDIQ contract in its entirety from that
date forward.
2.6.3 Asset and Inventory Management Services
As
part of Asset and Inventory Management Services the contractor
shall provide inventory management. Inventory management includes
the accountability and distribution of devices and accessories to
all authorized DHS staff and locations as specified in Component
orders. Individual requirements will be specified at the Component
Order level.
2.6.3.1 Inventory Management Services:
As a feature of Section 2.1.1 Cellular Wireless
Management Portal and as part
of Section 2.1.3 Portal Data Field
Requirements and, as stated in
Deliverable Number 37, 3.6 Table of Deliverables: Meetings, Plans,
Reports, and Processes, the contractor shall establish and maintain
an accurate web-based master inventory of all wireless devices,
licenses, and services at a date to be established in the Component
order and provide inventory accountability from order through
disposal. Unless specified at the order level all wireless devices
will be initially received at the contractor site from the carrier
to record inventory data, asset tag, and then be re-shipped to the
location specified in the order. The inventory shall be updated at
the increment specified in the order. The contractor shall be
prepared to: exchange wireless inventory data to and from DHS asset
or property management systems; perform asset tagging of devices;
and generate and deliver inventory reports. As part of web-based
device management, the contractor shall establish an automated
process to accommodate Moves, Adds, Changes, and Deletions (MACDs)
of service lines in order to maintain an accurate master inventory
of wireless service lines and wireless devices and accessories from
time of award. This process shall support and include a DHS master
inventory and a Component, units, office, directorates, or
designated sub-units and organizations of DHS inventory structure
and division. Specific inventory requirements will be indicated at
the Order level. The contractor shall provide:
2.6.3.1.1 Monthly Asset Management Report
As
stated in Deliverable Number 29 of Section 3.6 Table of
Deliverables: Meetings, Plans, Reports, and Processes, the
contractor shall prepare a Monthly Asset Management Report which
provides accurate information for all wireless devices to include
device identifiers, service options, and end-user information
(organization, user name, supervisor name, phone numbers, email
address, and office location.)
2.6.3.1.2 Monthly Inventory Report
As
stated in Deliverable Number 18 of Section 3.6 Table of
Deliverables: Meetings, Plans, Reports, and Processes, the
contractor shall prepare for the IDIQ contract level and Component
level Orders CORs standard Monthly Inventory Reports as well as
custom-designed ad hoc reports (as agreed-upon) at both a summary
level and at various organizational or inventory account levels,
depending on the level of detail
Page 27 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
and
information requested. The contractor shall be able to provide
custom-designed reports to address any data related to and
encompassed by Section 2.6 Telecommunications Management Services
(TMS).
2.6.3.2 Device Disposition,
Replacement, Recycling and Disposal Services:
The contractor shall provide at the IDIQ contract
and Order level for government approval a wireless device
disposition, replacement, sale, exchange, reimbursement, and
disposal program that is auditable and complies with Title 40 of
United States Code and the Federal Management Regulation (41 CFR
chapter 102). This report will be provided at the IDIQ contract
level on a quarterly basis. The individual components will
establish the report submission date at the order level. The
disposition of devices includes refurbishing and recycling of
devices. The disposition and disposal process shall integrate with
the contractor’s inventory management system and be tracked
through the portal. The government may oversee this process. All
actions concerning disposition, replacement, and disposal shall
receive prior government approval. Specific device disposition,
replacement, and disposal service requirements and process approval
shall be indicated and approved by the Component at the Order
level. The contractor shall provide opportunities and solutions for
DHS Components at the Order level to receive reimbursement for
recycling and refurbishing wireless equipment. The solutions
offered by the contractor will be reviewed and approved by the
respective Component at the Order level. Additional requirements
and guidance for disposition, replacement, and disposal will be
provided at the Component Order level. As stated in Deliverable
Number 38, Section 3.6 Table of Deliverables: Meetings, Plans,
Reports, and Processes,
the contractor shall provide a monthly
detailed report of cost savings associated with the recycling and
refurbishing of wireless equipment of the corresponding orders.
This report information shall be incorporated into Section 3.8
Contract Management Status Report (CMSR) of this
SOW.
2.6.3.3 Technology Refresh
The
contractor shall replace end of life devices and those devices
designated as authorized replacement of a device “technology
refresh” at no additional charge outside of cost for device
and device services. Technology refresh shall be managed and
include refresh plans, processes, procedures, and logistics to
maximize efficiency, minimize disruption, and optimize cost
savings. This technical refresh shall be not separately priced and
shall occur within mutually agreed upon timeframes or upon
notification from DHS at an interval from the original activation
date of each deployed wireless device. The contractor shall
negotiate the technology refresh eligibility dates with the
appropriate wireless carriers and the product providers to provide
the best price for equipment refresh. Technology refresh intervals
and rates will be determined at the Order level. Data concerning
the devices being refreshed shall be available via the portal and
contained in the Disposition/Exchange/Sales status report and the
inventory reports shall be updated as necessary to reflect the new
devices.
Technology
refresh shall include making technology upgrades available to the
Government as they are made commercially available during the life
of the order. Notification, which may be via email, along with
procedures to upgrade or replace older technology, shall be
provided to the DHS COR/PMO within thirty (30) calendar days of
commercial release. Technology refresh may be used to replace
malfunctioning, broken, destroyed, or otherwise defective devices
if the device is out of warranty.
All
solutions and services shall meet DHS Enterprise Architecture
policies, standards, and procedures. Specifically, the contractor
shall comply with the following HLS EA requirements:
Page 28 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
●
All
developed solutions and requirements shall be compliant with the
HLS EA.
●
All
IT hardware and software shall be compliant with the HLS EA
Technical Reference Model (TRM) Standards and Products
Profile.
●
Description
information for all data assets, information exchanges and data
standards, whether adopted or developed, shall be submitted to the
Enterprise Data Management Office (EDMO) for review, approval and
insertion into the DHS Data Reference Model and Enterprise
Architecture Information Repository.
●
Development
of data assets, information exchanges and data standards will
comply with the DHS Data Management Policy MD 103-01 and all
data-related artifacts will be developed and validated according to
DHS data management architectural guidelines.
●
Applicability
of Internet Protocol Version 6 (IPv6) to DHS-related components
(networks, infrastructure, and applications) specific to individual
acquisitions shall be in accordance with the DHS Enterprise
Architecture (per OMB Memorandum M-05-22, August 2, 2005)
regardless of whether the acquisition is for modification, upgrade,
or replacement. All EA-related component acquisitions shall be IPv6
compliant as defined in the U.S. Government Version 6 (USGv6)
Profile (National Institute of Standards and Technology (NIST)
Special Publication 500-267) and the corresponding declarations of
conformance defined in the USGv6 Test Program.
2.6.4 Financial Management Services
The
contractor shall provide financial management services to include
invoice management, audit services, and bill payment services.
Individual requirements will be specified at the Order
level.
2.6.4.1 Invoice Management and Audit Services:
The
contractor shall collect and process paper and electronic invoices
received from multiple wireless service providers in multiple
billing formats and consolidate into one invoice per Component. The
invoice shall be validated against ordering records, and the
wireless contract or service agreement terms maintained in the
contractor’s data system. At the Order level, the contractor
shall provide one monthly invoice(s) to the respective Component
and pay the wireless invoices in a timely manner. Prior to
submission of the invoice, a service plan & feature review will
be conducted to ensure the plans within the device inventory match
carrier records. Any discrepancies will be disputed and details
provided to the Government as part of the invoice reconciliation.
The DHS Component will then process the contractor’s invoice.
The consolidated invoice shall reflect all Component wireless
carriers. The invoice shall differentiate between voice and data
usage and clearly show usage levels for each. The invoice with
summary information shall also report monthly service, equipment
and accessory charges incurred by each office against the data in
the TEM system to identify any discrepancies, code for chargeback
(all lines of business to include individual, projects, and
Components), and payment of invoices upon receipt of agency
designated funding for commercial wireless services and products
(i.e. purchase orders and/or purchase cards). The contractor shall
retain the original invoices from the various wireless service
providers for a period of twelve (12) months after the end of the
order period. The contractor shall supply the original wireless
service provider invoices to the Government. Additional invoice
management and audit service requirements will be specified at the
task Order level. The contractor shall:
Page 29 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
2.6.4.1.1 Manage and Report Order Allocations
As
stated in Deliverable Number 25, 3.6 Table of Deliverables:
Meetings, Plans, Reports, and Processes, the contractor shall
allocate, by Component, cost information from the wireless service
provider invoices to the appropriate DHS organizational units or
financial accounts to provide visibility and accuracy for cost and
spend management functions. Organizational information will be
provided at the order level. This information shall be reported in
the CMSR.
2.6.4.1.2 Wireless Usage Report
Prepare a Wireless Usage Report. The Wireless
Usage Report shall include the current fixed unit prices for voice
and data service plans, the account hierarchy code, the charges
incurred for each category of DHS wireless device, (e.g., cellular
phone, smart phones, cellular data device, satellite phone), the
charges and users associated with each device, devices that exceed
established thresholds, and devices with suspected fraudulent or
excessive usage. This report is represented by Deliverable Number
20 of Section 3.6 Table of Deliverables: Meetings, Plans, Reports,
and Processes and shall be reported as a part of Section
3.8 Contract
Management Status Report (CMSR) of this SOW.
2.6.4.1.3 Monthly Wireless Service Provider Audits
Audit
all wireless service provider invoices monthly in an effort to
realize potential cost savings.
2.6.4.1.4 Audit Reports
As
stated in Deliverable Number 26, 3.6 Table of Deliverables:
Meetings, Plans, Reports, and Processes, the contractor shall
prepare audit reports. The frequency and content for Component
level reports will be specified at the Order level. The IDIQ
contract level audit report shall be provided quarterly. At a
minimum, the IDIQ contract and order level Invoice Management Audit
Report shall include:
●
Validation
of account ownership and service existence
●
Verification
of rates, charges, and discounts
●
Verification
of correct account numbers and phone numbers associated with
accounts
●
Identification
and recovery of missing wireless service provider
invoices
●
Analysis
of invoices for abuse, misuse & fraud
●
Audit
savings statistics
2.6.4.1.5 Audit Analyses
Perform
custom and pre-determined audits and monitor usage trends to
prevent unauthorized usage, suspected fraudulent usage, or
excessive usage. Provide alerts to DHS designated staff and or
Components if device usage exceeds thresholds established by the
COR or average monthly amounts. The COR will provide additional
direction after receipt of report. This information shall be
reported in the CMSR.
2.6.4.1.6 Monthly Error Reports
Page 30 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
As
stated in Deliverable Number 31 of Section 3.6 Table of
Deliverables: Meetings, Plans, Reports, and Processes, the
contractor shall prepare monthly reports identifying billing and
invoicing errors for agency claim and dispute submittal. This
information shall be contained in the Billing & Invoice Error
Report. Maintain a log of all errors. Errors shall be tracked until
fully mitigated. All errors shall be maintained on file during the
life of the order.
2.6.4.1.7 Monthly Procurement, Inventory, and Invoice
Integration
Integrate
monthly invoice data with contractor procurement and inventory
management data records to enable and support spend, inventory, and
usage analysis by the contractor and to assist analysis performed
by DHS and its Components. As stated in Deliverable Number 31 of
Section 3.6 Table of Deliverables: Meetings, Plans, Reports, and
Processes, the Contractor’s analysis shall be contained in
the monthly spend management, inventory, and wireless usage
reports. The spend management analysis shall include cost variance
to assist the government in determining trends.
2.6.4.1.8 Traceability
As
stated in Deliverable Number 31 of Section 3.6 Table of Deliverables: Meetings, Plans, Reports,
and Processes, the contractor shall provide reports or data feeds
that provide sufficient data to ensure expenditures can be traced
to the individual user. Expenditure reporting (spend management)
includes spending levels and trends by wireless service provider,
regions, business units, service lines and service types and shall
be reported in the CMSR.
2.6.4.1.9 Formats
Prepare and
provide necessary monthly electronic reports or formatted data
feeds to the contractor’s internal payment
system.
2.6.4.1.10 Recommendations
Provide
recommendations to DHS and its Components on areas for improvement
and savings regarding the invoice process (e.g. where invoice
consolidation with major wireless service providers would improve
business processes). This information shall be reported in the
monthly CMSR.
2.6.4.2 Bill Payment Services
2.6.4.2.1 General
The contractor
shall provide the following bill payment services. Individual
Component bill payment requirements will be specified at the
Component Order level. The contractor shall:
2.6.4.2.2 Consolidated
Billing
Provide
consolidated billing. DHS and its Components will pay all carrier
invoices through the contractor. The contractor shall facilitate
payments directly with the carriers. DHS will pay the contractor
after receipt
Page 31 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
of
consolidated billing. DHS cellular wireless services shall not be
terminated if payment delinquencies occur between the contractor
and the cellular carriers.
2.6.4.2.3 Full Chargeback Management and Tracking
As stated in Deliverable Number 32, Section 3.6
Table of Deliverables: Meetings, Plans, Reports, and
Processes, the contractor shall
provide services that receive, validate, code for chargeback,
invoice, and pay (upon receipt of DHS funding designated for
payment) all wireless service provider invoices. All processes and
procedures for managing bill payment shall be incorporated within
the web portal with the appropriate work flow for approval,
reporting, and dash boards for review.
2.6.4.2.4 Section 508 Accessible Formats
Provide
information and data in an accessible (Section 508 compliant)
electronic format as necessary to request DHS funding to pay
wireless service provider invoices and to update DHS’s
general ledger and financial management system with the correct
chargeback information.
2.6.4.2.5 Accuracy
Provide
on-going support services as necessary to update and maintain the
accuracy and currency of applicable account lists, supplier, and
agency information in the contractor’s data and payment
systems.
2.6.4.2.6 Standardized Reporting
As
stated in Deliverable Number 22, 3.6 Table of Deliverables:
Meetings, Plans, Reports, and Processes, the contractor shall
provide electronic standard monthly management reports (Invoice
Payment and Status Reports) identifying the payment status of
invoices, balance of any Government funds held by the contractor
for payment of invoices, and any received invoices awaiting payment
or affected by a dispute or claim in an accessible (Section 508
compliant) format.
2.6.4.2.7 Account and Invoice Consolidation
Provide
services to identify opportunities and facilitate account and
invoice consolidation efforts with individual wireless service
providers and DHS supported Components and agencies to streamline
payment processes.
2.6.5 Provisioning Services
The
contractor shall propose a program that will effectively and
efficiently provision devices in a timely manner. Provisioning
shall occur in a manner that minimizes cost associated with service
activation prior to utilization while maximizing real time or just
in time delivery with associated service activation.
2.6.6 Local International Service
The
contractor shall research and present written recommendations to
the government as available or required for local wireless devices
and carrier services available in international locations for DHS
and
Page 32 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
Component personnel on permanent OCONUS duty
station. The contractor shall provide invoicing to DHS Components
at the Component order level for available local wireless devices
and carrier services at international localities in U.S. Dollars.
The contractor shall use the Financial Management Service of the
Bureau of the United States Department of the Treasury
“Treasury Reporting Rate of Exchange” found at
https://www.fiscal.treasury.gov/,
and shall charge DHS and its
Components at the Component Order level the exchange rate
identified on that site effective as of the date of the
Contractor’s transaction or payment to the overseas
carrier.
2.7 Optional Services
2.7.1
General:
DHS
and its Components may require additional services to support its
mission requirements. These services will be acquired separately
from the Core services at the discretion of the Component and will
be incorporated at the Order level. These services include mobile
device management; wireless devices, accessories and service;
additional On-site support; unique web portal modifications; surge
support; executive travel support; special requirements; and
in-building wireless Services. All optional services are listed
below.
2.7.2 Mobile Device Management/Mobile Application Management
/Mobile Security (Optional)
The
contractor shall provide the following tiered MDM support options.
A higher level tier includes all requirements of previous tiers in
addition to its own specific requirements that will be provided at
the Order level in Component statements of work. Any required labor
rates will be specified at the order level based on a
component’s statement of work.
1.
Tier 1: Basic Helpdesk Support (Offsite)
a. Core
hours: Monday through Friday between 7:00 am and 6:00 pm
ET
b. Support multiple client device platforms i.e.
Android OS, iOS, and Microsoft
c. Device
installation support after a user has been provided a PIN/token for
enrollment or work with Tier 2 directly for the
PIN/token.
d. Troubleshooting requirements for a
component’s On-Prem or Cloud based MDM
solution.
2. Tier
2: Advanced Helpdesk Support (Offsite unless specified in a
component’s task order)
a. Provisioning of Devices (may include adding to
Active Directory and/or sending a PIN/token for
enrollment)
b. Core
hours: Monday through Friday between 7:00 am and 6:00 pm
ET
c. Enable
policy-based device management and
configurations
d. Enforce security policies and encrypt data over
the air and at rest
e. Push/pull (install, remove)
applications
f. Control devices i.e. turn off WIFI, camera, GPS,
Bluetooth, etc.
g. Remote
wiping
h. Deliver software, patches, and files to the
devices
i. Enable
FIPS 140-2 certification security
j. Support the NIST SP 800-126 Security Content
Automation Protocol (SCAP)
Page 33 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
3. Tier
3: Engineering and Deployment Support (quoted at task order level
utilizing labor cost)
a. Core
Hours: Monday through Friday between 7:00 am and 5:00 pm
ET
b. Assist
with engineering and deployment of new MDM
solutions.
c. Provide ongoing configuration and adjustment
support.
Analyze
various MDM solutions and recommend the solution that best meets a
component’s needs.
2.7.3 Cellular Wireless Devices, Accessories and Service
(Optional)
The contractor shall be able to provide
commercially a wide range of wireless devices and accessories that
reflect the current commercial marketplace, as instructed in the
RFP, section 14, Other Direct Costs
(ODCs) .
The
contractor shall provide a minimum of three (3) wireless carrier
providers to allow for adequate rate optimization throughout the
life of the IDIQ contract. The contractor shall demonstrate their
relationship with the carriers through letters from the wireless
carriers confirming an established working relationship. The
contractor shall provide DHS and its Components a continuously
updated list of wireless devices in each device category identified
below that reflects current market offerings. This information
shall be contained in the contractor’s initial PMP, as stated
in Deliverable Number 5, Section 3.6 Table of Deliverables:
Meetings, Plans, Reports, and Processes, and updates shall be
reflected in each project performance status report update to the
PMP. All DHS approved devices, service plans, rates, and
capabilities shall be captured in the DHS Service Catalog and the
Website/Portal. All devices and technology upgrades are subject to
DHS security review and approval. All approved devices require DHS
software and hardware security and technology review and approval.
Specific requirements for integrating and receiving approval for
devices shall be provided at the Component Order level. The
contractor shall categorize the device offerings into levels
(example: basic, mid-level, management, executive).
2.7.3.1 Acquisition:
The
contractor shall incorporate processes and procedures to establish
their organization as the source for device purchasing. The
contractor shall purchase all devices and accessories and bill DHS
directly using consolidated billing in accordance with Section
2.6.4.2.2. The purchase of all devices, software, licenses,
accessories, and services offered shall be through authorized
government contracts and approved by authorized DHS employees. The
contractor shall identify and facilitate access to all government
contracts supporting this acquisition strategy.
2.7.3.2 Carrier Service and Plans:
The
contractor shall ascertain the most cost-effective plans and
service for all devices. The plans should consider unlimited use,
pooling, specific data plans, etc. The evaluation of plan
availability and the resulting savings shall be presented to DHS
with recommendations on a quarterly basis.
Page 34 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
2.7.3.3 Cellular Wireless and Voice Plan Service
Options
The
contractor shall:
Obtain
Wireless Service plans (both voice and data) to support the devices
provided. The type of plans, based on savings to the government,
can be fixed unit price or rate plan pooling with active
optimization, or another methodology as proposed. Wireless Service
Plans cost shall effectively accommodate high volume users as well
as low volume users (example: 1 GB, 1000 minutes, unlimited data
and voice plans). The wireless airtime service cost shall include
strategy that shall minimize DHS’s wireless airtime service
costs.
Research
and present written recommendations for available wireless voice
and data service plans from all existing carriers to the Government
and add new ones as required to which the Government will provide
written acceptance or rejection. Accepted plans will be available
for ordering. Service plans shall include:
●
Option
to purchase wireless devices and other equipment for use with
voice, data (e.g., smartphone), paging, and any other services
provided on the IDIQ contract.
●
Option
to lease pagers or accommodate existing leases for pagers. It is
estimated that DHS has 1300 pagers.
●
Ability
to install additional software and upgrades (e.g. security,
internal applications) on the device. This includes but is not
limited to smart phones, and any other applicable device managed
under the IDIQ contract.
●
Option
for Wireless Priority Service (WPS), Group Calling, and
Push-to-Talk. Note: DHS and its Components add the WPS but the
contractor tracks and monitors its billing.
●
Option
for Satellite phones/service
●
Option
for cellular/wireless enabled laptops or
tablets/services
Ensure
wireless voice and data service coverage includes an option for
international dialing to international locations. As part of the
research the Contractor shall provide DHS and its Components with
information related to international wireless service coverage and
usage charges. DHS and its Components will restrict access to this
option by default and approve feature/price plan as appropriate.
Wireless Service Coverage shall include international coverage to
worldwide locations where commercial services are
available.
Provide
international wireless services with a description of the
international service, equipment and usage charges. The contractor
shall provide coverage maps for specific countries and/or locations
within those maps. The international service shall include coverage
in the following countries: Argentina, Armenia, Australia, Austria,
Azerbaijan, Belgium, Belize, Bermuda, Bolivia, Bosnia and
Herzegovina, Brazil, Bulgaria, Cameroon, Canada, Chile, China,
Colombia, Democratic Republic of Congo, Costa Rica, Croatia, Cuba,
Cyprus, Czech Republic, Denmark, Djibouti, Ecuador, Egypt, El
Salvador, Eritrea, Estonia, Ethiopia, Fiji, France, Germany, Ghana,
Greece, Guatemala, Guyana, Hungary, India, Indonesia, Ireland,
Israel, Italy, Jamaica, Japan, Kenya, South Korea, Kuwait,
Kyrgyzstan, Laos, Latin America, Latvia, Lebanon, Libya,
Liechtenstein, Luxembourg, Macedonia, Malaysia, Mexico, Moldova,
Morocco, Namibia, Nepal, Netherlands, New Zealand, Nicaragua,
Nigeria, Norway, Pakistan, Palestinian Authority, Panama, Papua New
Guinea, Paraguay, Peru, Philippines, Poland, Portugal, Qatar,
Romania, Russia, Scandinavia, Sierra Leone, Singapore, Slovenia,
South Africa, Spain, Sri Lanka, Suriname, Sweden, Syria, Taiwan,
Thailand, Turkey, Uganda, Ukraine, United Arab Emirates, United
Kingdom, Uruguay, Venezuela, Yemen, Yugoslavia (Serbia and
Montenegro), Zambia and Zimbabwe.
Page 35 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
2.7.3.4 Licenses
The
contractor shall ensure all required licenses are included for all
devices requiring a license. If a new technology or software is
offered as part of this IDIQ contract, DHS requests all required
licenses be included when these technologies and software are
incorporated. The Contractor shall provide a copy of the license of
proposed devices for DHS’s review, which must be conducted
before the DHS ordering office places an order.
2.7.3.5 Cellular (Cell) Phone and Smartphone Device and
Service
The
contractor shall acquire carrier equipment and services from
commercial sources or through existing Government contracts where
available. Throughout the life of the IDIQ contract the contractor
shall research and present written recommendations for newly
available equipment and related services when new equipment becomes
available to which the Government will provide written notice of
acceptance or rejection. The Government may reject the
contractor’s choice of equipment, model, or configuration
based on Government engineering or security equipment concerns and
coverage. Costs for equipment and carrier services shall be passed
through to DHS and its Components.
The
contractor shall provide all accessories to support the wireless
program as required for government review and approval. The
Government may reject the contractor’s choice of equipment,
model, or configuration based on Government engineering or security
equipment concerns and coverage.
2.7.3.5.1 Cell Phone Equipment and Related Accessories
The
contractor shall:
Research
and present written recommendations for commercially available
cellular equipment and accessories to the Government to which the
Government will provide written acceptance or rejection. DHS and
its Components will use the recommended options to designate a
standard set of options that meets the basic needs of the user.
Those options will include at least a wall charger/desktop charger,
car charger, belt clips, earpiece, headpiece, text messaging,
security features, push–to-talk, international roaming, and
GPS navigations. Some devices may also require or include assistive
technologies supporting use by people with
disabilities.
Ensure
that the recommended devices and services support a broad range of
commercially available features including: call waiting, call
forwarding, conferencing, voice mail, caller id, SMS, hands free
and vibrate mode.
2.7.3.5.2 Smart Phones
The
Contractor shall:
Research
and present written recommendations for commercially available
smart phones, and accessories to the Government to which the
Government will provide written acceptance / rejection. From the
options
Page 36 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
available,
DHS and its Components will designate a standard smart phone with a
set of options that meets the basic needs of the user but may
supplement those options with different equipment or features to
address any expanded set of requirements. Those options will
include at least the same set of features specified for cell phones
and include cases, spare batteries, and tethered modems. Ordering
of approved devices shall be limited to the standard set of phones
and accessories. Contractor shall reconfigure its portal to
accommodate different standard equipment sets as they change and
are approved over time.
Ensure
the device and or service allows for the installation of additional
software (e.g. security, internal applications).
Provide
DHS with recommendations with respect to new technology as it
becomes available.
2.7.3.5.3 Cellular/Wireless Data Devices, Pagers, and Internet of
Things Devices
The
contractor shall:
Research
and present to the government written recommendations for available
air card, wireless modems, and pagers. The Government will provide
written acceptance or rejection. Accepted items will be available
for ordering.
Provide
mobile or wireless modems generally referred to air cards, modems,
hot-spots, and other embedded devices that will support Internet of
Things. The available mobile card options shall include an
integrated GPS receiver.
Provide
one way, two way and one and half way pagers from multiple
carriers. The one-way pager shall only receive a message consisting
of a few digits. The two-way pagers shall have the ability to send
and receive email, numeric pages, and SMS messages. The one and
half way pagers receive messages and allow the transmittal of
pre-defined responses.
2.7.3.6 Satellite Phones (Unsecure):
The
contractor shall provide satellite communications devices. In the
event of a disaster, satellite communications may be one of the few
avenues available to DHS’s most critical customers. DHS
requires global, easy-to-use, reliable satellite devices, including
devices supporting Section 508 compliant assistive technology. All
equipment failures shall be resolved using the industry’s
standard warranty agreements.
Access
to authorized DHS Satellite Phones will require coordination and
acquisition from Defense Information Systems Satellite Phone
contracts.
2.7.3.7 Tablets/Laptops:
The
Contractor shall provide tablet devices. DHS will review proposed
offerings and approve the devices to be available for ordering. The
tablets are a mobile device capable of connecting to a cellular
carrier network as well as connect to a network via a Wi-Fi
(wireless network) connection. The devices will be used to augment
the DHS mobile workforce. Tablets shall be ordered as a Wi-Fi
device, data only, or voice and data device. Tablets shall come
with manufacturer warranties.
Page 37 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
2.8 Wireless Security
The
Contractor shall:
Ensure
that wireless communications services comply with equivalent
industry practices and standards. If encryption is required, the
following methods are acceptable for encrypting sensitive
information:
o
Products
Advanced Encryption Standard (AES) algorithms that have been
validated under FIPS 140-2.
o
National
Security Agency (NSA) Type 2 or Type 1 encryption.
o
Public
Key Infrastructure (PKI) (see paragraph 5.5.2.1 of the Department
of Homeland Security (DHS) IT Security Program Handbook (DHS
Management Directive (MD) 4300A) for Sensitive
Systems).
Make
available security features and procedures to prevent electronic
serial number cloning and fraudulent use of cloned equipment and
services. As new security enhancements for cellular services are
developed, the contractor shall present written recommendations for
those enhancements to the Government to which the Government will
provide written acceptance / rejection.
Ensure
that, due to the unique nature of the DHS mission, certain commonly
available features on wireless devices shall be disabled prior to
deployment in accordance with DHS policy and COR direction. New
technologies and handset features must be pre-approved by DHS prior
to deployment. DHS will review configuration of individual devices
and provide guidance on which features the contractor shall disable
prior to distribution. The contractor shall test a statistically
significant sampling of devices to ensure that proper procedures
are being followed.
The
contractor’s solution shall be in accordance with OMB
Memoranda M-09-32, M-08-27, M-08-05 and M08-16 that require
agencies to reduce and consolidate the number of external access
points, including Internet connections into the DHS’s
network. The Trusted Internet Connections (TIC) initiative requires
that all external connections are routed through an OMB-approved
TIC. This high level security requirement drives the following
lower level requirements for GFE mobile devices:
Cellular
wireless data traffic shall not transmit from the trusted mobile
device to the agency’s data
connection
across the open Internet unencrypted, but use a Virtual Private
Network tunnel.
Cellular
wireless data traffic shall pass through the agency’s TIC for
inbound and outbound connections to the Internet.
Management
of the mobile devices shall not be performed across the open
Internet unencrypted, but use a Virtual Private Network
tunnel.
The
physical location of the Mobile Device Management (MDM) system
which enforces the mobile device’s security policy shall
comply with NIST SP 800-53 physical security controls for medium
impact systems based on FIPS 199.
Page 38 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
Under
Public Law 107-347, the Federal Information Security Management Act
(FISMA), the Confidentiality, Integrity, and Availability Impact
Levels are Moderate for the MDM system which enforces the mobile
device’s security policy.
2.9 Optional Warranty Services
The
Contractor shall provide other warranty options of interest
including extended coverage for devices, and batteries, “no
question” coverage and independent coverage for breakage,
theft, loss etc.
2.10 Enhanced Products and Services:
All
commercial wireless devices capable of connecting to a wireless
carrier telecommunication proprietary network shall be considered
in scope with this IDIQ contract. The contractor may introduce and
/ or coordinate with wireless service carrier representatives to
brief DHS and its Components on commercial wireless products and
services deemed beneficial to the successful achievement of the
objectives set forth in this SOW.
2.11 Cellular Wireless Service Plans:
The
contractor shall obtain Wireless Service plans (both voice and
data) to support the devices provided. The type of plans, based on
savings to the government, can be fixed unit price or rate plan
pooling with active optimization, or another methodology, as
proposed. Wireless Service Plans cost shall effectively accommodate
high volume users as well as low volume users (example: 1 GB, 1000
minutes, unlimited data and voice plans). The wireless airtime
service cost shall include a strategy that shall minimize
DHS’s wireless airtime service costs.
Carrier
Terms and Conditions:
The
contractor shall ensure proper arrangement with all carriers (e.g.,
procurement off Federal Supply Schedule, subcontracting, etc.) to
meet or exceed all the current terms and conditions on
GSA
Schedule.
All carrier charges shall be passed through to the Government. At a
minimum the following terms and conditions shall be explicitly
addressed and included in the carriers’
offerings:
●
Carrier
Services
o
Voice
plans shall include unlimited, pooled, and add a line service
offering for both domestic and international service
plans
●
Peak
hours defined for add a line plans shall include:
●
Free
nights and weekend minutes
●
Free
mobile to mobile minutes
●
Free
friends and family minutes
●
No
charges for domestic roaming agreements
o
Data
plans shall include metered and unlimited service offerings for
both domestic and international service plans
o
Provide
a reduced cost for all suspended devices
●
Carrier
Features
o
Feature
plans shall include hotspot/tethering, Push to Talk (PTT), and
visual voicemail.
Page 39 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
■ Device
Offerings
o
No
early termination fees
o
All
warranty and device exchanges will not be returned to the
carrier
o
At
a minimum the following terms and conditions shall be explicitly
addressed
■
10
to 18 month refresh schedule
o
Provide
a low or zero cost smartphone device. Device must be no older than
1 iteration behind the current manufacturer device
offerings
2.12 Standards of Service:
The
contractor shall make all wireless devices standards of service
available for use. At a minimum, standards shall be equivalent to
3G/4G/5G Cellular Wireless standards:
●
General
Packet Radio Service (GPRS)
●
Code
Division Multiple Access (CDMA)
●
Wideband
Code Division Multiple Access (WCDMA)
●
Time
Division Multiple Access (TDMA)
●
Long
Term Evolution (LTE)
●
Personal
Communication Service (PCS)
●
Global
System for Mobile Communications (GSM)
●
Integrated
Digital Enhanced Network (iDEN)
●
Worldwide
Interoperability for Microwave Access (WiMAX)
●
Ultra
Wideband
The
contractor shall provide wireless devices with access to all
functionalities offered with the devices. The authorization and use
of the functionalities shall be subject to DHS approval procedures
and policies. This service shall receive prior coordination and
approval for all models of wireless devices offered to DHS
Components and staff.
2.13 On-site Support (Optional)
The
contractor shall provide and establish processes and procedures for
providing on-site
support.
Detailed on-site support requirements other than those described
above will be defined at the Component level and will be procured
with specifics such as the amount of staff, type of service, level
of service, and frequency of service will be determined based on
the individual Component requirements, service levels, and desired
service On-site support shall include the following:
●
Help
Desk Support – Tier 2
●
Staff
to support operations and services
●
Limited
after hours support (beyond core hours of support) that
include:
o
Collecting
and Distributing cellular wireless devices
o
Providing
one on one initial training on the use of a device
o
Performing
initial troubleshooting for a reported broken or malfunctioning
device
o
Receipt
of broken or malfunctioning devices
Page 40 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
o
Maintenance
and accountability for locally stored devices for quick
provisioning
●
Support
for emergencies and Continuity of Operations (COOP) type
activities
2.14 Unique web portal modifications (Optional)
The
contractor shall provide customizations for the web portal
interface; enable additional functionality, performance, or service
to accommodate extra features or capabilities beyond what is
available as part of the core service offering. Detailed
requirements will be specified by the Component at the Order
level.
2.15 Surge Support (Optional)
The
contractor shall provide the service and / or support required to
meet operational and staff increases in response to designated DHS
events. Examples of incidents that may require surge support are
natural disasters, acts of terrorism, or other such increases in
staff support and services required due to a significant event.
Surge requirements will be specified by the Components at the order
level.
2.16 Executive Travel Support (Optional)
The
contractor shall provide services and support to DHS or Component
designated Executive Level staff. Executive travel support may be
based out of the contractor’s location or on-site at the
government’s location. The support and services shall ensure
executive staff have continuous, secure, and complete cellular
wireless service support. Specific details concerning this support,
to include the definition of executive level, will be provided by
the Component at the order level.
2.17 Special Requirements (Optional)
Special
requirements are those activities or events that require support
services that are within the scope of the IDIQ contract but not
explicitly stated in this SOW. A special requirement may be a need
for a subject matter expert in a very specific field of cellular
wireless services who services are needed for establishing new
encryption technologies. It is anticipated that orders under this
task will be small in number and of a short duration. Detailed
requirements will be specified by the Component order
level.
2.18 In-Building Cellular
Wireless (Optional)
The
contractor shall provide in-building cellular wireless service
solutions that will improve wireless and cellular coverage for DHS
buildings and campuses. The In-Building Cellular service shall
provide affordable and available wireless support for cellular,
PCS, two-way radio, land mobile radio (LMR), micro cell coverage,
near field communication, Smartphones and/or Wi-Fi that is
reliable, provides quality service, and optimum performance. Only
carrier approved solutions will be accepted. In-Building Cellular
Wireless services shall include:
●
Assessments
to determine technical requirements
●
Specification
development
●
Coordination
with vendors for establishment of cost for
implementation
●
Asset
Management
●
Project
Management
Page 41 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
●
Warranty
and License Management
3.0 Meetings, Reports, and Deliverables or Outputs
3.1 Required Meetings
The Government requires coordination to ensure
successful performance. The contractor shall attend Government
sponsored meetings as described below an as stated in Deliverable
Number 4 of Section 3.6 Table of Deliverables: Meetings, Plans,
Reports, and Processes. The purpose is to ensure effective and
efficient distribution of information, reveal any possible
coordination issues, and to facilitate communication related to
this procurement. The contractor is expected to
coordinate as necessary with other contractors to resolve any
problems or issues identified in all meetings. The meetings shall include:
1. Daily Operations
Meetings. These meetings will
occur on business days and include contractors representing various
DHS IT projects. The contractor shall participate in a daily
operations meeting with the Government via teleconference to
discuss IT service related activities, provide a status on
outstanding risks and issues, and coordinate services with both
government and contractor staff.
2. Weekly Meetings.
These meetings will occur weekly and
include contractors representing various DHS IT projects. The
contractor shall meet weekly with designated government staff to
discuss engineering, operational, service, and/or project related
status or issues. Service related details to be discussed include
performance compliance, service levels, and metrics analysis
related to service delivery.
3. Monthly Meetings.
These meetings will occur monthly and
include contractors representing various DHS IT projects. The
contractor shall attend a monthly meeting with the
Government’s COR/PMO/Management to discuss service delivery,
engineering, programmatic issues, and service level compliance.
Monthly reports as required by the IDIQ contract’s SOW may be
discussed as determined by the Government.
4. Quarterly Program Review
Meetings. These meetings will
occur quarterly and include contractors representing various DHS IT
projects. The contractor shall plan and facilitate quarterly
program review meetings with the Government COR/PMO/Management.
Topics for discussion will include: contract financial status,
contract performance metrics, mitigation plans for underperforming
areas, and the status of other risks, issues, problems, and
concerns and proposed solutions. The briefing shall be a high-level
presentation of information already discussed in previous meetings
and presented in other reports. The contractor shall provide the
government with presentation materials for review three (3)
business days prior to the briefing.
5. Quarterly Contractor
Meetings. The contractor shall
participate in a quarterly executive level meeting to coordinate
and communicate executive-level program issues with
the
Government.
Participants should be contractor program or project managers at
the discretion of the contractor and will be attended by various
contractors providing IT services to DHS OCIO. Each contractor
shall discuss issues relevant to service delivery, service quality,
recommended changes and the potential impact of those changes to
services with other DHS IT contractors.
Page 42 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
6. Ad Hoc Meetings.
The Government may require the
contractor to participate in ad hoc meetings to discuss any
contract related service, activities, issues, or concerns. These
meetings may be with Government representatives only or may be
attended by other contractors providing IT services to DHS
OCIO.
3.2 Post Award Conference and Kick off Meeting
A
Post Award Conference will be required no later than five (5)
calendar days after award of the IDIQ contract, as stated in
Deliverable Number 1 of Section 3.6 Table of Deliverables:
Meetings, Plans, Reports, and Processes, and shall be attended by
the IDIQ contract level CO, COR, Program Office, and the
contractor. The contractor shall provide the meeting agenda and
prepare and deliver a draft PMP to describe the activities and
deliverables required to perform cross-project coordination tasks
required to meet the requirements of this SOW and to ensure
conformance with all related service level agreements
(SLAs).
Kick-Off
Meetings will be required at the Order level for all Component
orders. As stated in Deliverable Number 2 of 3.6 Table of
Deliverables: Meetings, Plans, Reports, and Processes, Order level
Kick-Off Meetings will be held no later than fifteen (15) calendar
days after Order award. The IDIQ contract level CO, COR, Program
Office, and contractor shall attend the initial Order level post
award conferences and kick off meetings in addition to the required
Component attendees.
For the Component Order level Kick off Meetings,
the contractor will prepare and deliver a draft PMP for the order
that conforms to all related SLAs and that outlines the activities
and deliverables required to perform cross-project coordination
tasks required to meet the requirements of this SOW. Outlines shall
encompass but need not be limited to review of project management
tasks, work assignments, roles, responsibilities, performance
management and accountability plan, and the contractor schedule for
startup and program activities. The IDIQ contract Post Award
Conference and the initial Order-level Kick off meetings will be
held at the Government’s facility, located at
7th
and D Street, SW, Washington, DC.
Subsequent Order-level Kick off meetings will be held at the
Government’s facility, located at 7th
and D Streets, SW, Washington, DC,
unless otherwise mutually agreed in writing between the Order-level
COR and the contractor.
3.3 Progress Meetings
The
contractor’s Program Manager shall be responsible for keeping
the CO/COR or designated government officials informed about
contractor progress throughout the IDIQ contract’s period of
performance, ensure contractor activities are aligned with DHS
objectives, meet designated performance measures, service levels,
and designated metrics. At a minimum, the Program Manager shall
review the status and results of contractor performance with the
COR or designated government official (s) on a weekly, monthly, and
quarterly basis as stated in Deliverable Number 3 of Section 3.6
Table of Deliverables: Meetings, Plans, Reports, and
Processes.
3.4 General Report/Deliverable Requirements
It
is the objective of DHS to obtain complete, compiled, prepared, and
delivered standard reports to government representatives, COR, and
the CO. Delivery of reports shall be facilitated by a
web-based
Page 43 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
“download
and save” capability through a reporting portal.
Preconfigured reports shall be available; the COR should not have
to configure the reports. Reporting is intended to assist DHS
managers to provide answers to ad hoc queries against data and
information collected. As stated in Deliverable Number 35, Section
3.6 Table of Deliverables: Meetings, Plans, Reports, and Processes,
the contractor shall provide all written reports in Section 508
compliant electronic formats with read/write capability using
applications that are compatible with the Microsoft Office Suite of
programs using applications that are compatible with DHS
workstations (Microsoft Windows and Microsoft Office
Applications).
Each
order issued under the IDIQ contract may include specific
requirements for meetings, plans, reports and other deliverables.
The contractor shall submit reports, deliverables or outputs as
further described below to the task order COR. All reporting shall
provide the capability to generate custom-designed and ad hoc
reports at both a summary and organizational or financial account
levels that capture DHS level consolidated reporting down to the
lowest Component operational level reports. The reporting process
shall prepare and provide necessary monthly electronic reports or
formatted data feeds to DHS and or supported agency’s
designated systems.
All
reports and other deliverables shall be in the English
language.
3.5 Acceptance of Deliverables
The
COR is designated to inspect and receive deliverables for
conformance to the requirements specified in the IDIQ contract and
subsequent Component level orders. Upon receipt of any deliverables
the COR will have ten (10) business days to review, comment and
either accept or reject deliverables. Any rejection will: (i) be in
writing; (ii) state the basis of the rejection; (iii) include a
specific reference to the Section with which the deliverable does
not conform; and (iv) identify the corrective action or rework
required.
If
the COR determines that there are omissions, errors, or
deficiencies, comments shall describe the nature of the
deficiencies and necessary actions. The contractor shall make the
necessary corrections and modifications to make the deliverable
acceptable. The contractor shall rework and return any rejected
deliverable within five (5) business days. When the contractor
returns the reworked deliverable, clearly identifying changes, the
COR will re-inspect the deliverable within five (5) business days
or a mutually agreed upon date of receipt and provide a
response.
Deliverables
shall not be marked “FINAL” without prior DHS
authorization and neither will they be automatically
accepted.
3.6 Table of Deliverables: Meetings, Plans, Reports, and
Processes
The
information in this section represents the range of meetings, plans
and reports that may be required as part of the IDIQ contract or
via Component level orders. See the respective SOW section for
additional report details. Reporting dates, additional
deliverables, and the individuals receiving the deliverables will
be specified at the order level.
Page 44 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
|
Number
|
Deliverable
|
Section/Page
|
Delivery
Date
|
Deliver
to
|
|
1
|
IDIQ
Contract Level Post Award Conference
|
3.2,
p. 44
|
5
calendar days after IDIQ Contract award
|
CO/COR
|
|
2
|
Project
(TO) Level Kick Off Meeting
|
3.2,
p. 44
|
15
calendar days after TO award
|
CO/COR
|
|
3
|
Progress
Meetings
|
3.3,
p. 44
|
As
requested
|
COR
|
|
4
|
Routine
and ad hoc meetings
|
3.1,
p. 43-44
|
As
requested
|
COR
|
|
|
Plans
|
|||
|
5
|
IDIQ
Contract level Program Management Plan (PMP)
|
2.2.2,
p. 15
|
Draft
submitted 5 calendar days after award at the IDIQ Contract Level
Post Award Conference
Final
30 calendar days after IDIQ contract award date
|
COR
|
|
6
|
Component
Order level Program Management Plan (PMP) Updates
|
2.2.2,
p. 15-14
|
Draft
submitted 15 calendar days after Component level Order award at the
TO Level Kick Off Meeting
Final
30 calendar days after Component level Order award
|
COR
|
|
7
|
IDIQ
contract level
Performance
Management and Accountability Plan (PMAP)
|
2.2.4,
p. 16-17
|
(Part
of the TMP)
Draft
5 calendar days after award
|
COR
|
|
8
|
Component
Order level Performance Management and Accountability Plan (PMAP)
Updates
|
2.2.4,
p. 16-17
|
(Part
of the TMP Updates)
Final
7calendar days following Government review
|
COR
|
|
9
|
Quality
Assurance Surveillance Plan (QASP)
|
2.2.4,
p. 17
|
IDIQ
contract level Draft: 5 calendar days after IDIQ contract
award
Component
level Order: 15 calendar days after the kick off
meeting
|
COR
|
Page 45 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
|
Number
|
Deliverable
|
Section/Page
|
Delivery
Date
|
Deliver
to
|
|
10
|
Transition
Management Plan (TMP)
(Includes
PMAP, PMP, Training Plan)
|
2.4,
p. 17
|
Draft
(IDIQ contract level): no later than 5 calendar days after award at
the post award conference
Draft
(Task Order level): no later than 15 calendar days after award at
the Post Award Conference
Final
(Both IDIQ contract and Task Order levels): 7 calendar days after
the Government review
|
COR
|
|
11
|
Business
Continuity Plan (BCP)
|
3.11,
p. 50
|
45
business days after award
|
COR
|
|
|
Reports
|
|
||
|
12
|
Integrated
Master Schedule
|
2.4.3.5,
p. 22
|
No
later than thirty (30) calendar days after IDIQ contract award and
ten (10) calendar days after each subsequent order
award
|
COR
|
|
13
|
Strategic
Sourcing Report
|
3.12,
p. 51
|
5th
calendar day of each quarter
|
COR
|
|
14
|
Rate
Plan Analysis
|
2.6.2.3,
p. 26
|
30
calendar days after service activation
|
COR
|
|
15
|
Initial
Contract Optimization Analysis
|
2.6.2.4,
p. 27
|
30
calendar days after service activation date
|
COR
|
|
16
|
Performance
Status Report (PSR)
|
3.7,
p. 49
|
Monthly
as specified in the Component order
|
COR
|
|
17
|
Contract
Management Status Report (CMSR)
|
3.8,
p. 49
|
15th
calendar day of the month following the month of
performance
|
COR
|
|
18
|
-
Inventory Reports
(Standardized)
|
2.6.3.1.2,
p. 28
|
Monthly
as specified in the Component order
|
COR
|
|
19
|
-
Rate Plan Optimization
Recommendation
|
2.6.2.3.2,
p. 27
|
Monthly
as specified in the Component order
|
COR
|
Page 46 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
|
Number
|
Deliverable
|
Section/Page
|
Delivery
Date
|
Deliver
to
|
|
|
- Wireless Usage Reports
(Standardized)
|
2.6.4.1.2,
p. 31
|
Monthly
as specified in the Component order
|
COR
|
|
21
|
- Billing & Invoice Error
Report
|
2.6.4.1.6,
p. 31
|
Monthly
as specified in the Component order
|
COR
|
|
22
|
- Invoice Payment and Status Reports (or electronic
record feed)
|
2.6.4.2.6,
p. 33
|
Monthly
as specified in the Component order
|
COR
|
|
23
|
- Audit Reports
|
2.6.4.1.4,
p. 31
|
Quarterly
at the IDIQ
contract level and as specified in the Component
order
|
COR
|
|
24
|
- Contract Optimization Services
Report
|
2.6.2.4.3,
p. 27
|
Quarterly
at the IDIQ contract level
Monthly
or as specified in the Component order
|
COR
|
|
25
|
- Allocation of Cost Information
|
2.6.4.1.1,
p. 31
|
Monthly
as specified in the Component order
|
COR
|
|
26
|
- Invoice Management Audit
Report
|
2.6.4.1.4,
p. 31
|
Quarterly
at the IDIQ contract level
Monthly
as specified in the Component order
|
COR
|
|
27
|
- Dispute Claim Status Report
|
2.6.2.2.5,
p. 26
|
Monthly
as specified in the Component order
|
COR
|
|
28
|
- Disposition/Exchange/Sales Status
Report
|
2.6.3.2,
p. 29
|
Monthly
as specified in the Component order
|
COR
|
|
29
|
- Asset Management Report
|
2.6.3.1.1,
p. 28
|
Monthly
as specified in the Component order
|
COR
|
|
30
|
- Service Report (Downtime and
Incident Reporting)
|
3.9,
p. 49
|
Monthly
as specified in the Component order
|
COR
|
|
31
|
Spend
Management Reports (Custom/Ad Hoc)
|
2.6.4.1.6,
p. 32
2.6.4.1.7,
p. 32
2.6.4.1.8,
p. 32
|
As
Requested
|
COR
|
|
32
|
Savings
Recommendations
|
2.6.4.1.10,
p. 32
|
Monthly
|
COR
|
|
|
Process
|
|
||
|
33
|
Web-based
Ordering Portal Capability
|
2.6.1.2,
p. 24
|
NLT
45 business Days after award
|
COR
|
|
34
|
Agency
Transition Data
|
2.4.2.3,
p. 21
|
As
Requested
|
COR
|
|
35
|
Section
508 Compliance
|
3.4,
p. 44-45
|
NLT
30 business days after award
NLT
30 business days before new device models are deployed
|
COR
|
Page 47 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
|
Number
|
Deliverable
|
Section/Page
|
Delivery
Date
|
Deliver
to
|
|
|
Demonstration
of electronic data transfer capabilities
|
2.4.1.3,
p. 19
|
NLT
5 business days after Web Portal Acceptance
|
COR
|
|
37
|
MACD
Automated Process
|
2.6.3.1,
p. 28
|
NLT
5 business days after Web Portal Acceptance
|
COR
|
|
38
|
Device
Disposition/Disposal Services Process
|
2.6.3.2,
p. 29
|
NLT
5 business days after Web Portal Acceptance
|
COR
|
|
|
|
|
|
|
3.7 Performance Status Report
As
stated in Deliverable Number 16 of Section 3.6 Table of
Deliverables: Meetings, Plans, Reports, and Processes, the
Contractor shall provide a Performance Status Report (PSR) to the
CO and COR/PO via electronic mail or in person during a designated
meeting. The contractor shall present deliverables, discuss
progress, exchange information and resolve emergent problems and
issues. These meetings shall take place at the Government's
facility and/or via teleconference. Specific details for the
reportable items will be provided at the order level.
3.8 Contract Management Status Report (CMSR)
The CMSR is the primary report to the Government
concerning all activities and actions related to the execution of
the requirements of the IDIQ contract. The contents of the CMSR are
also addressed in Section 2.6.2.1.1 and are referenced throughout
this SOW. At a minimum the report shall contain the following
information: Key contract and agreement events and dates, rate plan
optimization recommendations, results and savings, contract
optimization recommendations, results and savings. As stated in
Deliverable Number 17 of Section 3.6 Table of Deliverables:
Meetings, Plans, Reports, and Processes, the due date of the CMSR
will be not later than the fifteenth (15th)
calendar day of the month following the month of
performance.
3.9 Downtime and Incident Reporting
As stated in Deliverable Number 30, 3.6 Table of
Deliverables: Meetings, Plans, Reports, and Processes, the
contractor shall provide standard reports which shall include
information/data on all applicable wireless services provided and
any “downtimes” or incidents affecting service in a
Department standardized template. This template will define details
of the incident or outage by organizational breakdown and reporting
structure. Additionally, the contractor shall provide an after
action report (AAR) for any and all incidents causing service
interruptions. This information shall be contained in
Section 3.8
Contract Management Status Report (CMSR) as part of the SOW.
3.10 Service Catalog
Reporting:
Page 48 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
The
contractor shall update and contribute cellular wireless device
data and service plans to a Service Catalog. These updates shall
correspond to the release of a new service catalog, but the
interval will be determined by the Government. Updates and
distribution will be determined by the Components at the Order
level.
3.11 Business Continuity Plan
The contractor shall prepare and submit a Business
Continuity Plan (BCP) to the Government. As stated in Deliverable
Number 11 of Section 3.6 Table of Deliverables: Meetings, Plans,
Reports, and Processes, the BCP shall be due forty-five (45)
business days after the date of award, and will be updated on an
annual basis or as requested by the OCIO COOP POC. The BCP shall
document Contractor plans and procedures to maintain support during
an emergency,
including natural disasters and acts
of terrorism. The BCP shall include the
following:
●
A
description of the contractor’s emergency management
procedures and policy
●
Website/Portal
disaster recovery plan
●
Designate
a key person as an Emergency Relocation Group member who will
participate in any training or exercise conducted by
DHS
●
Establish
a call tree for all personnel working within the scope of this IDIQ
contract along with methodology in which primary and alternate
contacts may contact them
●
A
description of how the contractor will account for their employees
during an emergency
●
How
the contractor will communicate with the Government during
emergencies
●
A
list of primary and alternate contractor points of contact, each
with primary and alternate:
o
Telephone
numbers
o
E-mail
addresses
Individual
BCPs shall be activated immediately after determining that an
emergency or incident has occurred, shall be operational within
four (4) hours of activation or as directed by the Government based
on the incident or event, and shall be sustainable until the
emergency situation is resolved and normal conditions are restored
or the IDIQ contract is terminated, whichever occurs first. In case
of a life-threatening emergency, the COR shall be immediately
contacted by the contractor's Program Manager to ascertain and
present the status of any contractor personnel who were located in
Government controlled space affected by the emergency. When any
disruption of operations occurs, the contractor Program Manager and
the COR shall promptly open an effective means of communication and
verify:
●
Key
points of contact (Government and contractor)
●
Temporary
work locations (alternate office spaces, telework, virtual offices,
etc.)
●
Means
of communication available under the circumstances (e.g. email,
webmail, telephone, FAX, courier, etc.)
●
Essential
Contractor work products expected to be continued, by
priority
●
Participate
in any necessary bridges stood up by DHS
The Government and contractor Program Manager
shall make use of the resources and tools available to continue
contracted functions to the maximum extent possible under emergency
circumstances. The Government will provide the contractor with three
(3) DHS Government Emergency Telecommunication
Page 49 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
Service
(GETS) cards for use at the contractor’s Help Desk facility
in support of all DHS Components. A GETS card allows the holder to
communicate over existing paths with a high likelihood of call
completion during the most severe conditions of high-traffic
congestion and disruption. Use of the Government provided GETS
cards by the contractor’s Help Desk shall be limited to calls
made to carriers and equipment providers on behalf of DHS
Components only. The contractor is prohibited from using the DHS
issued GETS Cards in support of its own corporate or personal use.
The Government provided GETS cards must be returned to DHS HQ upon
the completion of the last period of performance under the IDIQ
contract.
The
three (3) DHS GETS cards will be issued and assigned to the three
separate personnel. The contractor’s Program Manager is
responsible for ensuring that the three DHS GETS cards are
maintained and stored securely by the assigned personnel. The
contractor shall notify the CWMS IDIQ contract level CO and COR
within five (5) business days whenever one of the DHS GETS cards is
re-assigned to other personnel. The notification shall include the
name, title, and phone number of the personnel the card is being
re-assigned.
Contractors
shall obtain approval from the CO prior to incurring costs over and
above those allowed for under the terms of the IDIQ contract.
Regardless of order type, and or work location, contractors
performing work in support of authorized tasks within the scope of
their order shall charge those hours accurately in accordance with
the terms of the order.
3.12 Strategic Sourcing Report
The DHS Strategic Sourcing Program Office (SSPO)
tracks actual spend and savings on all Department-wide vehicles. In
order to be more efficient in this reporting, SSPO is developing
reporting standards for all new Department-wide vehicles. As stated
in Deliverable Number 13 of Section 3.6 Table of Deliverables:
Meetings, Plans, Reports, and Processes, this report shall be
submitted to the IDIQ contract level CO, the IDIQ contract level
COR and the SSPO at sspo@dhs.gov
on a quarterly basis. The format will
be agreed upon by both the IDIQ contract level CO, SSPO
representative and the contractor.
3.13 Interrelationships of Contractors
(a) The
Government has entered into other contractual relationships in
order to provide technical support services in the conduct of
studies, analyses and engineering activities separate from the work
to be performed under this IDIQ contract, yet having links and
interfaces to them. Further, the Government may extend these
existing relationships or enter into new relationships. The
Contractor may be required to coordinate with other Contractor(s)
through the life of the CWMS IDIQ contract in providing suitable,
non-conflicting technical interfaces and in avoidance of
duplication of effort. By suitable tasking, other Contractor(s) may
be requested to assist the Government in the technical review of
the Contractor’s technical efforts. Information on reports
provided under this IDIQ contract may, at the discretion of the
Government, be provided to other Contractor(s) for the purpose of
such review.
(b) A
Non-Disclosure Agreement (NDA), DHS Form 11000-6, shall be signed
by all Contractor employees assigned to perform services under a
task order prior to any work commencing on the task
order.
Page 50 of 81
|
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
|
|
4.0 GOVERNMENT FURNISHED RESOURCES
4.1 On-site Support
The
Government will provide the workspace, equipment and supplies
necessary to perform the on-site portion of Contractor services
required in the IDIQ contract, unless specifically stated otherwise
at the order level.
The
Contractor shall use Government furnished information, data and
documents only for the performance of work under this IDIQ
contract, and shall be responsible for returning all Government
furnished information, data, and documents to the Government at the
end of the task order period of performance. The Contractor shall
not release Government furnished information, data, and documents
to outside parties without the prior and explicit consent of the
Contracting Officer.
4.2 Government Furnished Equipment (GFE)
GFE
will be determined at the Order level. For on-site support staff
the Government will provide DHS approved computers and software
that is required for access to the DHS network. At the Order level
the Contractor shall be responsible for the support of the existing
cellular wireless devices, which are considered Government
Furnished Equipment (GFE). The table below is provided as a guide
and will be completed in the Component level orders.
|
|
Device
Type
Estimated Number of Devices
|
|
Smart
Phones
|
|
Cell
Phones
|
|
Pagers
|
|
Data
Devices
|
|
Total
Devices
|
|
4.3 Contractor Furnished Property
The
contractor shall furnish all facilities, materials, equipment
(cellular devices) and services necessary to fulfill the
requirements of this IDIQ contract, except for the Government
Furnished Resources specified in SOW sections 4.1 and
4.2.
5.0 APPLICABLE DOCUMENTS
5.1 Basic Documentation and Reference Material
Federal
Information Security Modernization Act of 2014
https://csrc.nist.gov/Topics/Laws-and-Regulations/laws/FISMA
Computer
Security Act of 1987 (40 U.S.C. 1441 et seq.)
https://www.congress.gov/bill/100th-congress/house-bill/145
NIST FIPS 201 ―Personal Identity
Verification (PIV) of Federal Employees and Contractors
https://csrc.nist.gov/publications/detail/fips/201/2/final
Page 51 of 81
|
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
NIST
SP 800-63 ―Electronic Authentication Guideline
https://www.nist.gov/itl/tig/projects/special-publication-800-63
Title
49, Code of Federal Regulations, Part 1520, as amended,
“Policies and Procedures of Safeguarding and Control of
SSI,” as amended
https://www.ecfr.gov/cgi-bin/text-idx?tpl=/ecfrbrowse/Title49/49cfr1520_main_02.tpl
Title
6, Code of Federal Regulations, Part 29 as amended
https://www.ecfr.gov/cgi-bin/text-
idx?SID=0eed70ebf0ce6caa25bb81436bdfa7a4&mc=true&node=pt6.1.29&rgn=div5
HSPD-12 ―Policies for a Common
Identification Standard for Federal Employees and
Contractors https://www.dhs.gov/homeland-security-presidential-directive-12#1
Section
552a of title 5, United States Code (the Privacy Act)
https://www.justice.gov/opcl/privacy-act-1974
OMB Circular
A-130
https://www.whitehouse.gov/sites/whitehouse.gov/files/omb/circulars/A130/a130revised.pdf
OMB M-10-15 ―FY
2010 Reporting Instructions for the Federal Information Security
Management Act and Agency Privacy
Management
https://www.whitehouse.gov/sites/whitehouse.gov/files/omb/memoranda/2010/m10-15.pdf
OMB M-11-11 "Continued
Implementation of Homeland Security Presidential Directive (HSPD)
12– Policy for a Common Identification Standard for Federal
Employees and Contractors https://www.whitehouse.gov/sites/whitehouse.gov/files/omb/memoranda/2011/m11-11.pdf
OMB M-06-16
―Acquisition of Products and Services for Implementation of
HSPD-12 https://www.whitehouse.gov/sites/whitehouse.gov/files/omb/memoranda/2006/m06-16.pdf
The
Federal Acquisitions Regulations (FAR)
https://www.acquisition.gov
http://farsite.hill.af.mil
Homeland
Security Acquisition Regulation (HSAR)
http://farsite.hill.af.mil/vmhsara.htm
Section
508 of the Rehabilitation Act
https://www.section508.gov/
6.0 IDIQ CONTRACT CORE SERVICE LEVELS
6.1 SLA 1 - Device Asset Management (CORE)
|
1. SLA SUMMARY
|
|||
|
1A. SLA NAME
|
Device Asset Management
|
1B. PERFORMANCE CATEGORY
|
Quality
|
Page 52 of 81
DHS Cellular Wireless Managed Services
IDIQ No. 70RTC21D00000001 Attachment 1 Statement of
Work
Page 53 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
6.2 SLA 2 Cellular Wireless Managed Services Web Portal
(CORE)
Page 54 of 81
DHS Cellular Wireless Managed Services
IDIQ No. 70RTC21D00000001 Attachment 1 Statement of
Work
Page 55 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
|
5B. NOTES AND COMMENTS
|
This
service level does not apply to any network or device related
services not managed by the contractor
|
6.3 SLA 3 - Deliverables (including
invoices)
Page 56 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
6.4 SLA 4 - Customer Satisfaction Survey
Page 57 of 81
DHS Cellular Wireless Managed Services
IDIQ No. 70RTC21D00000001 Attachment 1 Statement of
Work
|
3. SLA METRICS
|
|
|
3A. MEASUREMENT
INTERVAL
|
The
Measurement Interval is 6 months for first year and then every 12
months thereafter.
|
|
3B. MEASUREMENT
PERIOD
|
The
Measurement Period begins at 00:01 on the first day of the month
and ends at 24:00 on the last day of the month.
|
|
3E. SOURCE
OF MEASUREMENT DATA
|
Data will be collected from management surveys
containing satisfaction criteria specified by DHS that are either
developed internally by DHS personnel or by a DHS -selected
impartial 3rd
party.
|
|
3F. METHOD
OF SURVEILLANCE
|
Random Sampling.
DHS will issue service satisfaction
surveys to designated key DHS stakeholders and survey responses
will be tabulated to determine overall satisfaction with Contractor
delivery management of IT Services.
|
|
3C. TIMING
OF MEASUREMENT
|
Measurements
are taken within 5 days of the end of the Measurement
Period.
|
|
3D. EXCEPTIONS
|
Field
left blank intentionally.
|
|
4. SLA MEASUREMENT
|
|
|
4A. CALCULATION
|
The
number of users who were Satisfied, More Than Satisfied, or Very
Satisfied divided by the total number of completed surveys
returned. At least 30 Government personnel must complete and return
surveys for the results to have at least a 90% confidence factor
with a 5% error rate.
|
|
4B. TARGET
CRITERIA
|
≥
90% of all survey respondents are Satisfied, More Than Satisfied,
or Very Satisfied with Contractor delivery management of all DHS IT
services.
(This
criteria will be applicable following the first 6 months of the
IDIQ contract period following the transition period)
|
|
4C. MINIMUM
ACCEPTABLE
|
≥
85% of all survey respondents are Satisfied, More Than Satisfied,
or Very Satisfied with Contractor delivery management of all DHS IT
services.
(This
criteria will be applicable following the first 6 months of the
IDIQ contract period following the transition period)
|
|
4D. DEFINITIONS
|
None.
|
|
4E.
INCENTIVE/DISINCENTIVE
|
Percentage
of Customer Satisfaction
(>)
90.00% = no reduction in costs
(<)
90.00% and (>) 85.00% = 1% reduction in the total line service
cost for the current billing cycle (CLIN X001).
(<)
85.00% = 5% reduction in the total line service cost for the
current billing cycle (CLIN X001).
If
the Team fails to provide acceptable Customer Satisfaction (90.00%
or greater) for two consecutive months or more, shall increase the
credit percentage by 1% for each additional month that the SLA/SLA
is not met.
|
Page 58 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
|
5. SLA ADMINISTRATION
|
|
|
6A. REPORTING FREQUENCY
|
● Reporting to commence upon IDIQ contract award and
continue throughout the Period of Performance.
Monthly
reporting of SLA attainment for periods surveyed. Quarterly survey
reporting from DHS during first year, semi-annual
thereafter.
|
|
6B. NOTES AND COMMENTS
|
None.
|
7.0 Service Desk Service levels
7.1 Service Desk SLA 1 –Call Response Time (Speed to
Answer)
Page 59 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
7.2 Service Desk SLA 2 - Call Abandonment Rate
Page 60 of 81
DHS Cellular Wireless Managed Services
IDIQ No. 70RTC21D00000001 Attachment 1 Statement of
Work
|
2B. PERFORMANCE PERIOD
|
This
SLA is in effect on a continuous basis without interruption
throughout the IDIQ contract Period of Performance.
|
|
3. SLA METRICS
|
|
|
3A. MEASUREMENT
INTERVAL
|
Compiled
weekly and reported monthly.
|
|
3B. MEASUREMENT
PERIOD
|
The
Measurement Period begins at 00:01 on the first day of the month
and ends at 24:00 on the last day of the month.
|
|
3E. SOURCE
OF MEASUREMENT DATA
|
Automated
Call Distribution (ACD) Service Desk Trouble Ticket System Call
Management System
|
|
3F. METHOD
OF SURVEILLANCE
|
Provided
automated report from ACD system/Phone System/ or Call Management
System, and review service desk tickets.
|
|
3C. TIMING
OF MEASUREMENT
|
Measurement
will be collected on a continuous basis and commence upon
completion of transition
|
|
3D. EXCEPTIONS
|
None
|
|
4. SLA MEASUREMENT
|
|
|
4A. CALCULATION
|
Total
number of calls abandoned divided by the total number of
calls
|
|
4B. TARGET
CRITERIA
|
<
3%
(This
criteria will be applicable following the first 6 months of the
IDIQ contract
period
less the transition period)
|
|
4C. MINIMUM
ACCEPTABLE
|
<
5%
(The
minimum acceptable criteria will be applicable during the first 6
months of
the
IDIQ contract period less the transition period)
|
|
4D. DEFINITIONS
|
Based
on a per call rate
|
|
4E. INCENTIVE/DISINCENTIVE
|
Target
Criteria: > 3% = 1% reduction in the total service desk value
per the current billing cycle (CLIN X001)
Minimum
Acceptable: > 5% = 3% reduction in the total service desk value
per the current billing cycle (CLIN X001)
|
|
5. SLA ADMINISTRATION
|
|
|
5A. REPORTING
FREQUENCY
|
Weekly
collection of data, monthly reporting of SLA attainment for periods
surveyed. Quarterly reporting from DHS during first year,
semi-annual thereafter. Period of reportable data is monthly (ex.
October = 31 days)
Reporting
to commence upon completion of the IDIQ contract transition and
continue through IDIQ contract award, IDIQ contract termination, or
IDIQ contract completion.
|
|
5B. NOTES
AND COMMENTS
|
None.
|
Page 61 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
ADDITIONAL REQUIREMENTS
8.0 IDIQ Contract Other Conditions
8.1 Ordering Period
The
IDIQ contract will have a 12-month base ordering period from date
of IDIQ contract award, with four (4) 12-month optional ordering
periods.
Task
orders may be issued at any time during the IDIQ contract’s
ordering period. The period of performance will be specified in the
individual orders.
8.2 Place of Performance
DHS
requires that primary services be performed primarily off-site at
the contractor’s facilities. On-site services shall include
as-needed and travel only staff support and logistical support. The
specific place of performance for these locations will be
determined at the Order level. The contractor shall recommend and
provide sufficient staff to maintain all levels of performance and
service support.
The
place of performance for in-building wireless services shall
include DHS facilities within the continental United States. The
OCONUS support will be provided remotely for wireless services
offering and trouble shooting effort over the phone.
8.2.1 As-needed and Travel only staff support
The
as-needed and travel only service is intended to provide occasional
on-site support. The as-needed and travel only support will be
based on pre-approved COR or CO authorization. The locations of the
service will be determined at the Order level.
8.2.2 Logistical support:
The
storage, inventory, distribution, and accountability of all
cellular wireless devices from staging areas is authorized for
supporting the shipping and receiving of equipment from contractor
provided and staffed DHS approved locations. The logistic support
locations may include the use of DHS facilities as forward staging
areas to facilitate shipping and receiving of equipment. The
location and facilities will be determined at the Order
level.
8.3 Hours of
Operation
Per
Section II, paragraph 2.5, Service Support Program, the contractor
shall establish a service support program (staff and support
structure), to include service desk and on-site support, for all
authorized DHS staff requesting service related to CWMS. The core
hours of support are Monday through Friday between the hours of
7:00 a.m. – 8:00 p.m. ET. Limited after hours support shall
be available from 8:00 p.m. to 7:00 a.m. ET. The overall hours of
support may vary by Component order and will be specified at the
Order level.
Page 62 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
8.3.1 Cellular Wireless Management Portal Availability
The
Web Site/Portal shall be available 24X7X365 per year. Specific
requirements for downtime due to maintenance shall be negotiated
and approved by the government prior to implementation. The portal
shall have a backup and redundancy capability and
service.
8.4 Type
of Contract
The
IDIQ contract will allow for Firm Fixed Price (FFP), Time and
Materials (T&M), Labor Hour (LH) type orders, and a hybrid mix
of any of these order types.
8.5 Inspection
and Acceptance
Inspection
and acceptance of products and services shall be performed by a
duly authorized Government representative identified in the IDIQ
contract in accordance with the Inspection and Acceptance clauses
in the IDIQ contract and as further defined in the
Order.
All
deliverables will be inspected for content, completeness, accuracy
and conformance to the IDIQ contract requirements by the IDIQ
contract level COR or as detailed in individual Component level
Orders. Inspection may include validation of information or
software through the use of automated tools for the deliverables,
as specified in the IDIQ and subsequent orders.
Performance
management and accountability through service level management and
metrics analysis is an integral part of this IDIQ contract. In
addition to any applicable inspection clauses or other related
terms and conditions contained in the IDIQ contract, performance
and service level management shall serve as a primary tool for
inspection and acceptance of services as facilitated by the
Contracting Officer’s Representative (COR), or Component
Program Office (PO).
FAR
Clause Inspection Reference:
FAR
52.246-6 Inspection Time-and-Material and Labor-Hour (May
2001)
9.0 Travel
The
Contractor may be required to travel to support the order
requirements. All travel required by the Government, when the
travel destination is beyond a 50 miles radius of the
Contractor’s primary work location (either the assigned DHS
onsite facility or the Contractor’s corporate office) will be
reimbursed to the Contractor in accordance with the Federal Travel
Regulations and FAR 31.205-46. The contractor shall be responsible
for obtaining advance COR approval (electronic mail is acceptable)
for all reimbursable travel in advance of each travel event. The
travel requirement will be either in the contiguous United States
(CONUS) or outside the contiguous United States
(OCONUS).
Page 63 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
10.0 Contractor Personnel
10.1 Security
Contractor
access to unclassified, but Security Sensitive Information may be
required under this SOW. Contractor employees shall safeguard this
information against unauthorized disclosure or
dissemination.
10.1.1 Instructions regarding
Security Requirements for Contract/Orders See IDIQ Terms and Conditions, Section 18.
Security Requirements
Federal
Acquisition Regulation (FAR) Subpart 4.4, 52.204-1 Safeguarding
Classified Information Within Industry
This
IDIQ contract supports orders from Unclassified to Secret with Top
Secret /Sensitive Compartmented Information (SCI) access control
during the overall period of performance for the IDIQ contract.
Contract Security Classification Specification, DD Form 254 will be
incorporated at time of task order award for security requirements
and classification guidance, as applicable. The Contract awardee
must be able to acquire a Top Secret Facility Clearance Level
within one (1) year after contract award Failure to meet this
requirement may result in contract termination.
The
Contract employees, performing work in support of this award shall
have been granted at a minimum “Top Secret” security
clearance from the Defense Industrial Security Clearance Office.
The contract employees will only have access to SECRET level
information until Defense Security Service has granted a full TS to
the Contractor Facility.
Note:
Interim TS is not accepted by DHS for access to Top Secret
information.
*
This can only apply if SECRET level work is available until a Final
Facility Level Clearance at TS is granted. Not all contract
personnel may require access at the full TS/SCI level. This is
determined by the CO/PM on the 1125 form sent to Personnel Security
for Suitability/Onboarding. The contract employees will only have
access to SECRET level information until Defense Security Service
has granted a full TS to the Contractor Facility.
10.2 Observance of Legal
Holidays and Excused Absence
(a)
The Government hereby provides notification that Government
personnel observe the following listed days as Federal
holidays:
1) New
Year’s Day
2) Martin
Luther King’s Birthday
3) President’s Day
4) Memorial Day
5) Independence Day
Page 64 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
6) Labor
Day
7) Columbus Day
8) Veteran’s Day
9) Thanksgiving Day
10) Christmas Day
(b)
In addition to the days designated as Federal holidays, the
Government observes the following days:
(1) Any
day designated by Federal Statute
(2) Any
day designated by Executive Order
(3) Any
day designated by the President’s
Proclamation
(c)
It is understood and agreed between the Government and the
Contractor that observance of such days by Government personnel
shall not otherwise be a reason for an additional period of
performance, or entitlement of compensation except as set forth
within the contract. In the event the Contractor’s personnel
work during the holiday, they may be reimbursed by the Contractor,
however, no form of holiday or other premium compensation will be
reimbursed either as a direct or indirect cost, other than their
normal compensation for the time worked. This provision does not
preclude reimbursement for authorized overtime work if applicable
to this contract.
(d)
When governmental entities grant excused absence to its employees,
assigned Contractor personnel may also be dismissed. The Contractor
agrees to continue to provide sufficient personnel to perform
critical tasks already in operation or scheduled, and shall be
guided by the instructions issued by the COR.
(e)
If Government personnel are furloughed, the Contractor shall
contact the CO or the COR to receive direction. It is the
Government’s decision as to whether the IDIQ contract
price/cost will be affected. Generally, the following situations
apply:
1) Contractor personnel that are able to continue
performance (either on-site or at a site other than their normal
work station) shall continue to work and the order price shall not
be reduced or increased.
2) Contractor personnel that are not able to continue
performance (e.g., support functions) may be asked to cease their
work effort.
(f) In
those situations that furloughed Government personnel are
reimbursed, the Contractor may not invoice for their employees
working during the Government furlough until such time as the
special legislation affecting Government personnel is signed into
law by the President of the United States.
10.3 Continuity of Support
The
Contractor shall ensure that the contractually required level of
support for this requirement is maintained at all times. The
Contractor shall ensure that all contract support personnel are
present
Page 65 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
for
all hours of the workday. If for any reason the Contractor staffing
levels are not maintained due to vacation, leave, appointments,
etc., and replacement personnel will not be provided, the
Contractor shall provide e-mail notification to the COR prior to
employee absence. Otherwise, the Contractor shall provide a fully
qualified replacement.
10.4 Qualified
Personnel
The
Contractor shall provide qualified personnel to perform all
requirements specified in this SOW.
10.4.1 Key Personnel
Before
replacing any individual designated as Key by the Government, the
Contractor shall notify the Contracting Officer no less than
fifteen (15) business days in advance, submit written justification
for replacement, and provide the name and qualifications of any
proposed substitute(s). All proposed substitutes shall possess
qualifications equal to or superior to those of the Key person
being replaced. The Contractor shall not replace Key Contractor
personnel without acknowledgment from the Contracting Officer. The
position of Program Manager is identified as Key Personnel for this
requirement at the IDIQ contract level. All Order level Key
Personnel will be identified by the ordering activity.
10.4.2 Program Manager
The
Contractor shall provide a Program Manager (PM) who shall be
responsible for all Contractor work performed under this SOW. The
PM shall be a single point of contact for the Contracting Officer
and the COR. The name of the PM, and the name(s) of any
alternate(s) who shall act for the Contractor in the absence of the
PM, shall be confirmed at the time of award based on the proposal
submitted. The PM is further designated as Key by the Government.
During any absence of the PM, only one alternate shall have full
authority to act for the Contractor on all matters relating to work
performed under this IDIQ contract. The PM and all designated
alternates shall be able to read, write, speak and understand
English. Additionally, the contractor shall not replace the PM
without prior acknowledgement from the Contracting
Officer.
The
PM shall be available to the COR via telephone and or email. The PM
shall respond to a request for discussion or resolution of all
performance, service, delivery, and technical inquiries or problems
within 2 hours of notification.
10.4.3 Employee Identification
10.4.3.1
Visiting
Contractor employees shall comply with all Government escort rules
and requirements. All Contractor employees shall identify
themselves as Contractors when their status is not readily apparent
and display all identification and visitor badges in plain view
above the waist at all times.
10.4.3.2
Page 66 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
Contractor
employees working on-site at Government facilities shall wear a
Government issued identification badge. All Contractor employees
shall identify themselves as Contractors when their status is not
readily apparent (in meetings, when answering Government
telephones, in e-mail messages, etc.) and display the Government
issued badge in plain view above the waist at all
times.
10.5 Employee Conduct
Contractor’s
employees shall comply with all applicable Government regulations,
policies and procedures (e.g., fire, safety, sanitation,
environmental protection, security, “off limits” areas,
wearing of parts of DHS uniforms, and possession of weapons) when
visiting or working at Government facilities. The Contractor shall
ensure Contractor employees present a professional appearance at
all times and that their conduct shall not reflect discredit on the
United States or the Department of Homeland Security. The Program
Manager shall ensure Contractor employees understand and abide by
Department of Homeland Security established rules, regulations and
policies concerning safety and security.
10.6 Removing Employees for Misconduct or Security
Reasons
The
Government may, at its sole discretion (via the Contracting
Officer), direct the contractor to remove any contractor employee
from DHS facilities for misconduct or security reasons. Removal
does not relieve the Contractor of the responsibility to continue
providing the services required under the IDIQ contract or
Component order. The Contracting Officer will provide the
Contractor with a written explanation to support any request to
remove an employee.
10.7 Disclosure of “Official Use Only” Information
Safeguards
Any
Government information made available or to which access is
provided, and which is marked or should be marked “Official
Use Only”, shall be used only for the purpose of carrying out
the provisions of this IDIQ contract and shall not be divulged or
made known in any manner to any person except as may be necessary
in the performance of the IDIQ contract. Disclosure to anyone other
than an officer or employees of the Contractor or Subcontractor at
any tier shall require prior written approval of the Contracting
Officer. Requests to make such disclosure should be addressed to
the Contracting Officer.
Each
officer or employee of the Contractor or Subcontractor at any tier
to whom “Official Use Only” information may be made
available or disclosed shall be notified in writing by the
Contractor that “Official Use Only” information
disclosed to such officer or employee can be used only for a
purpose and to the extent authorized herein, and that further
disclosure of any such “Official Use Only” information,
by any means, for a purpose or to an extent unauthorized herein,
may subject the offender to criminal sanctions imposed by 18 U.S.C.
Sections 641 and 3571. Section 641 of 18 U.S.C. provides, in
pertinent part, that whoever knowingly converts to his use or the
use of another, or without authority sells, conveys, or disposes of
any record of the United States or whoever receives the same with
the intent to convert it to his use or gain, knowing it to have
been
converted,
shall be guilty of a crime punishable by a fine or imprisoned up to
ten years or both.
Page 67 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
10.8 Training
The
Government will not allow costs, nor reimburse costs associated
with the Contractor training employees in an effort to attain
and/or maintain minimum personnel qualification requirements of
this SOW.
11.0 Additional Requirements
This
is information the Contractor will need and/or requirements the
Contractor will need to accomplish in the performance of the
SOW.
11.1 Interoperability and Functionality Services
Assist
in the resolution of interoperability problems and testing new
functionality prior to deploying new Wireless Devices, to include
testing for Section 508 compliance in coordination with the DHS
Office of Accessible Systems & Technology (OAST).
All
wireless devices/equipment/models/configurations being provided to
DHS under this contract shall first be reviewed and approved by DHS
prior to deployment. Documentation on their interoperability,
requirements compliance, and compliance with Section 508
requirements must be provided by the Contractor thirty days before
a new model of device is deployed. Section 508 compliance must be
established for the contractor’s initial device offerings by
the service acceptance date.
11.2 Data Security and Safeguards:
Any
cellular telecommunications services and devices provided through
this contract shall comply with equivalent industry practices and
standards. Encryption, when specified, shall be provided as
follows:
11.2.1
Minimum
security for these devices will be FIPS 140-2 Level 2 compliant,
utilizing Advanced Encryption Standard (AES) software or hardware
encryption. The devices will utilize at a minimum triple DES
128-bit hardware only encryption. Device and services shall meet or
exceed FIPS certification or be in process thereof.
11.2.2
The
Contractor shall provide or engage authorized device and services
IDIQ contract awardees to provide security features and procedures
to prevent electronic serial number cloning and fraudulent use of
cloned equipment and service. As new security enhancements for
cellular services are developed, DHS shall be offered the option of
incorporating those enhancements into the order. As policies change
or are finalized, the Contractor will be requested to respond to
the ability to meet policy requirements in a timely fashion to the
Government.
Page 68 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
11.2.3
Due
to the unique nature of DHS’s missions, certain commonly
available features on wireless devices must be disabled/locked
down/ or removed prior to deployment (Videocast, Bluetooth, Wi-Fi,
Infrared, Games, instant messaging, and/or Vcast). The Contractor
shall recommend methodologies, such as mobile device management
(MDM) software to achieve this task. The Government retains the
right to approve any solution provided under this IDIQ
contract.
11.2.4
All
data will be protected by no less than Triple DES encryption for
wireless transfers.
11.2.5
The
portal, devices, service, and operations shall comply with the DHS
Security Policy for Wireless
devices/services
(this information can be found in DHS MD 4300, link provided in
section III subsection 5.1).
11.2.6
Handheld
policy controls shall be available to maintain security protocols
(password policies, encryption key updates, etc.).
11.2.7
Power
on password protection with enforcement, to include password
length, complexity, frequency of change, history, and disabling of
user overrides.
11.2.7.1
No
inbound firewall ports shall be opened.
11.2.7.2
Mobile
Device Management Server administration is restricted to authorized
contract staff and government selected authorized personnel only.
The does not include user account administration, password resets,
or other traditional service desk functions.
11.3 Compliance with DHS Security Policy
All
hardware, software, and services provided under this order must be
compliant with DHS 4300A DHS Sensitive System Policy and the DHS
4300A Sensitive Systems Handbook.
11.4 Encryption Compliance:
The
following methods are acceptable for encrypting sensitive
information:
Page 69 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
●
FIPS
197 (Advanced Encryption Standard (AES)) 256 algorithm and
cryptographic modules that have been validated under FIPS
140-2.
●
National
Security Agency (NSA) Type 2 or Type 1 encryption.
●
Public
Key Infrastructure (PKI) (see paragraph 5.5.2.1 of the Department
of Homeland Security (DHS) IT Security Program Handbook (DHS
Management Directive (MD) 4300A) for Sensitive
Systems).
11.5 Access to Unclassified Facilities, Information Technology
Resources, and Sensitive Information Requirement
The
assurance of the security of unclassified facilities, Information
Technology (IT) resources, and sensitive information during the
acquisition process and contract performance are essential to the
DHS mission. DHS Management Directive (MD) 11042.1 Safeguarding
Sensitive But Unclassified (For Official Use Only) Information,
describes how contractors must handle sensitive but unclassified
information. DHS 4300A Information Technology Systems Security and
the DHS 4300B DHS Sensitive Systems Handbook prescribe policies and
procedures on security for IT resources. Contractors shall comply
with these policies and procedures, any replacement publications,
or any other current or future DHS policies and procedures covering
contractors specifically for all Service Orders that require access
to DHS facilities, IT resources or sensitive information.
Contractors shall not use or redistribute any DHS information
processed, stored, or transmitted by the contractor, except as
specified in the service order.
11.6 Security Review
The
Government may elect to conduct periodic reviews to ensure that the
security requirements contained in this contract are being
implemented and enforced. The Contractor shall afford DHS,
including the organization of the DHS Office of the Chief
Information Officer, the Office of the Inspector General,
authorized Contracting Officer’s Representative (COR), and
other government oversight organizations, access to the
Contractor’s facilities, installations, operations,
documentation, databases and personnel used in the performance of
this contract. The Contractor will contact the DHS Chief
Information Security Officer to coordinate and participate in the
review and inspection activity of government oversight
organizations external to the DHS. Access shall be provided to the
extent necessary for the government to carry out a program of
inspection, investigation, and audit to safeguard against threats
and hazards to the integrity, availability and confidentiality of
DHS data or the function of computer systems operated on behalf of
DHS, and to preserve evidence of computer crime.
11.7 Interconnection Security Agreements
Interconnections
between DHS and non-DHS IT systems shall be established only
through controlled interfaces and via approved service providers.
The controlled interfaces shall be accredited at the highest
security level of information on the network. Connections with
other Federal agencies shall be documented based on interagency
agreements; memoranda of understanding, service level agreements or
interconnect service agreements.
Page 70 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
11.8 Required Protections for DHS Systems Hosted in Non-DHS Data
Centers
Contractors
are fully responsible and accountable for ensuring compliance with
all Federal Information Security Management Act (FISMA), National
Institute of Standards and Technology (NIST) Federal Information
Processing Standard (FIPS), Federal Risk and Authorization
Management Program (FedRAMP) and related DHS security control
requirements (to include configuration guides, hardening guidance,
DHS Security Policy, Procedures, and Architectural guidance). The
contractor security procedures shall be the same or greater than
those that are provided by DHS Enterprise Data
Center(s).
11.8.1 Security Authorization
A Security Authorization of any infrastructure
directly in support of the DHS information system shall be
performed as a general support system (GSS) prior to DHS occupancy
to characterize the network, identify threats, identify
vulnerabilities, analyze existing and planned security controls,
determine likelihood of threat, analyze impact, determine risk,
recommend controls, perform remediation on identified deficiencies,
and document the results. The Security Authorization shall be
performed in accordance with the DHS Security Policy and the
controls provided by the hosting provider shall be equal to or
stronger than the FIPS 199 (https://csrc.nist.gov/csrc/media/publications/fips/199/final/documents/fips-pub-199-final.pdf)
security categorization of the DHS
information system.
On
a periodic basis, the DHS and its Components, including the DHS
Office of Inspector General, may choose to evaluate any or all of
the security controls implemented by the contractor under these
standards and policies. Evaluation could include, but is not
limited to vulnerability scanning. The DHS and its Components
reserve the right to conduct audits at their discretion. With ten
working days’ notice, at the request of the Government, the
contractor shall fully cooperate in and facilitate a
Government-sponsored security control assessment at each location
wherein DHS information is processed or stored, or information
systems are developed, operated, maintained, or used on behalf of
DHS, including those initiated by the Office of the Inspector
General. The government may conduct a security control assessment
on shorter notice (to include unannounced assessments) determined
by DHS in the event of a security incident.
11.9 Enterprise Security Architecture
The
contractor shall utilize and adhere to the DHS Enterprise Security
Architecture. Areas of consideration shall include any or all of
the following:
1) Use of
multi-tier design (separating web, application and data base) with
policy enforcement between tiers
2) Compliance with DHS Identity Credential Access
Management (ICAM)
3) Security reporting to DHS central control points
(i.e. the DHS Security Operations Center (SOC)) and integration
into DHS Security Incident Response
Page 71 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
4)
Integration into DHS Change Management (for example, the
Infrastructure Change Control Board (ICCB) process)
11.10 Continuous Monitoring
The
contractor shall participate in DHS’ Continuous Monitoring
Strategy and methods or shall provide a Continuous Monitoring
capability that the DHS determines acceptable. The DHS Chief
Information Security Officer (CISO) issues annual updates to its
Continuous Monitoring requirements via the Annual Information
Security Performance Plan. At a minimum, the contractor shall
implement the following processes:
11.11 Specific Protections
Specific
protections that shall be provided by the contractor include, but
are not limited to the following:
11.11.1 Security Operations
The
Contractor shall support regular reviews with the DHS Information
Security Office to coordinate and synchronize the security posture
of the contractor hosting facility with that of the DHS Data
Centers. The contractor staff shall also analyze the information
generated by the devices for security events, respond to real-time
events, correlate security device events, and perform continuous
monitoring. It is recommended that the contractor staff shall also
support and contribute to the DHS service request and trouble
ticketing systems in which incidents and outages are recorded. In
the event of an incident, the contractor shall adhere to the
incident response plan.
11.11.2 Computer Incident Response Services
The
Contractor shall provide Computer Incident Response Team (CIRT)
services. The contractor shall adhere to the standard Incident
Reporting process as determined by the Component and is defined by
a DHS-specific incident response plan that adheres to DHS policy
and procedure for reporting incidents. The contractor shall conduct
Incident Response Exercises to ensure all personnel are familiar
with the plan. The contractor shall notify the DHS SOC of any
incident in accordance with the Incident Response Plan and work
with DHS throughout the incident duration.
11.11.4 Intrusion Detection Systems and Monitoring
The
Contractor shall provide the design, configuration, implementation,
and maintenance of the sensors and hardware that are required to
support the Network Intrusion Detection System (NIDS) solution. The
contractor is responsible for creating and maintaining the NIDS
rule sets. The NIDS solution should provide real-time alerts. These
alerts and other relevant information shall be located in a central
repository. The NIDS shall operate 24x7x365. A summary of alerts
shall be reported to DHS COR in weekly status reports.
If
Page 72 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
an
abnormality or anomaly is identified, the contractor shall notify
the appropriate DHS point of contact in accordance with the
incident response plan.
11.11.5 Physical and Information Security and
Monitoring
The
Contractor shall provide a facility using appropriate protective
measures to provide for physical security. The facility will be
located within the United States and its territories. The
contractor shall maintain a process to control physical access to
assets. DHS IT Assets shall be monitored 24x7x365. A summary of
unauthorized access attempts shall be reported to the appropriate
DHS security office.
11.11.6 Vulnerability Assessments
The
Contractor shall provide all information from any managed device to
DHS, as requested, and shall assist, as needed, to perform periodic
vulnerability assessments of the network, operating systems, and
applications to identify vulnerabilities and propose mitigations.
Vulnerability assessments shall be included as part of compliance
with the continuous monitoring of the system.
11.11.7 Anti-malware (e.g., virus, spam)
The
Contractor shall design, implement, monitor and manage to provide
comprehensive anti-malware service. The contractor shall provide
all maintenance for the system providing the anti-malware
capabilities to include configuration, definition updates, and
comply with DHS’ configuration management / release
management requirements when changes are required. A summary of
alerts shall be reported to DHS COR in weekly status reports. If an
abnormality or anomaly is identified, the contractor shall notify
the appropriate DHS point of contact in accordance with the
incident response plan.
11.11.8 Patch Management
The
Contractor shall provide patch management services for cellular
wireless devices. The contractor shall push patches that are
required by vendors and the DHS system owner. This is to ensure
that the infrastructure and applications that directly support the
DHS information system are current in their release and that all
security patches are applied. The contractor shall be informed by
DHS which patches that are required by DHS through the Information
Security Vulnerability Management bulletins and advisories. Core
applications, the ones DHS utilizes to fulfill their mission, shall
be tested by DHS. However, the contractor shall be responsible for
deploying patches as directed by DHS. It is recommended that all
other applications (host-based intrusion detection system (HIDS),
network intrusion detection system (NIDS), Anti-malware, and
Firewall) shall be tested by the contractor prior to deployment in
a test environment.
11.11.9 Log Retention
Page 73 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
Log
files for all infrastructure devices, physical access, and
anti-malware should be retained online for 180 days and offline for
three (3) years.
11.12 Personal Identification Verification (PIV) Credential
Compliance
Authorities:
●
HSPD-12 ―Policies for a Common
Identification Standard for Federal Employees and
Contractors
●
OMB M-11-11 Continued Implementation of
Homeland Security Presidential Directive (HSPD) 12– Policy
for a Common Identification Standard for Federal Employees and
Contractors
●
OMB M-06-16 ―Acquisition of Products and
Services for Implementation of HSPD-12
●
NIST FIPS 201 ―Personal Identity Verification
(PIV) of Federal Employees and Contractors
●
NIST
SP 800-63 ―Electronic Authentication Guideline
●
OMB
M-10-15 ―FY 2010 Reporting Instructions for the Federal
Information Security Management Act and Agency Privacy
Management
Procurements
for products, systems, services, hardware, or software involving
controlled facility or information system shall be PIV-enabled by
accepting HSPD-12 PIV credentials as a method of identity
verification and authentication.
Procurements
for software products or software developments shall be compliant
by PIV by accepting PIV credentials as the common means of
authentication for access for federal employees and
contractors.
PIV-enabled
information systems must demonstrate that they can correctly work
with PIV credentials by responding to the cryptographic challenge
in the authentication protocol before granting access.
If
a system is identified to be non-compliant with HSPD-12 for PIV
credential enablement, a remediation plan for achieving HSPD-12
compliance shall be required for review, evaluation, and approval
by the CISO.
11.13 DHS Governance
To
comply with DHS Governance policies and procedures, the contractor
shall:
11.13.1
Support
and comply with all DHS governance process and procedures.
Governance is continuous and shall be applied to all operation
activities.
11.13.2
Comply
with governance process and procedures that include the DHS System
Engineer Life Cycle, Integrated Change Control Board (ICCB),
Software Exception Requirements (SER), Hardware Exception
Requirements (HER), and Technical Resource Manual
(TRM)
Page 74 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
compliance
and any Component specific project management, change management,
or configuration management procedures. Component level compliance
information and related meeting requirements will be presented at
the Order level.
11.13.3
Ensure
the introduction of all technologies and service shall be subject
to DHS Governance processes and procedures.
11.14 Intellectual Property Records and Data Rights
Records
and data shall be documented in deliverable reports
(electronically). Any databases/codes shall that reside on DHS
equipment shall be delivered electronically and become the sole
property of the United States Government.
The
Contractor shall maintain, transmit, retain in strictest
confidence, and prevent the unauthorized duplication, use, and
disclosure of personnel information. The Contractor agrees to
assume responsibility for protecting the confidentiality of
Government records, which are not public information. Each
Contractor or employee of the Contractor to whom information may be
made available or disclosed shall be notified in writing by the
Contractor that such information may be disclosed only for a
purpose and to the extent authorized by this SOW.
Performance
of this effort may require the Contractor to access and use
Government contractor proprietary data and information whose
dissemination or use, other than for the intended performance of
this effort, would be adverse to the interests of the
DHS.
Contractor
personnel shall not divulge or release data or information
developed or obtained in performance of this effort, until made
public by the DHS, except to authorize government personnel or upon
written approval from DHS COR. The Contractor shall not use,
disclose, or reproduce proprietary data that bears a restrictive
legend, other than as required in the performance of this
effort.
This
IDIQ contract does preclude the use of any data independently
acquired by the Contractor without such limitations or prohibits an
agreement at no cost to DHS between the Contractor and the data
owner that provides for greater rights to the
Contractor.
DHS,
for itself and such others as it deems appropriate, will have
unlimited rights under this IDIQ contract and subsequent orders to
all information and material developed under this order and
furnished to the Agency and documentation thereof, reports and
listing, and all other items pertaining to the work and services
pursuant to this agreement including any copyright. Unlimited
rights under this IDIQ contract and subsequent orders are rights to
use, duplicate, or disclose data, and information, in whole or part
in any manner and for any purpose whatsoever without compensation
to or approval from the Contractor.
DHS
will at all reasonable times have the right to inspect the work and
will have access to and the right to make copies of the above
mentioned items. All digital files and data, and other
products
Page 75 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
processed,
evaluated, loaded, and/or created as a result of this order, shall
become the sole property of the DHS unless specific exception is
granted by the Contracting Officer.
11.14.1 Protection of Information
Contractor
access to proprietary information is required under this IDIQ
contract. Contractor employees shall safeguard this information
against unauthorized disclosure or dissemination in accordance with
DHS MD 11042.1, Safeguarding Sensitive But Unclassified (For
Official Use Only) Information. The Contractor shall ensure that
all Contractor personnel having access to business or procurement
sensitive information sign a non-disclosure agreement (DHS Form
11000-6). The Contractor shall in the act of transferring and or
purging data be in compliance with NIST Special Publication 800-88
(Guidelines for Media Sanitization).
12.0 SECTION 508 COMPLIANCE
12.1 Section 508 Requirements Accessibility Standards
The
Department of Homeland Security considers accessibility to
Electronic and Information Technology (EIT) a priority for all
employees and external customers, including people with
disabilities. DHS requires that EIT procured, developed,
maintained, or utilized meets the accessibility requirements under
Section 508 of the Rehabilitation Act of 1973, as amended. This is
to ensure the accessibility of its programs and activities to
people with disabilities, specifically its obligation to acquire
accessible EIT.
The
EIT that is covered under the Section 508 Accessibility Standards
includes any equipment or interconnected system or subsystems of
equipment that is used in the creation, conversion, or duplication
of data or information. The term EIT includes, but is not limited
to, software applications and operating systems, telecommunications
products, websites and web browsers, video, multimedia, and office
equipment (e.g., desktops and notebook computers).
Telephones
and peripheral equipment supplied under this IDIQ contract shall be
manufactured in accordance with Federal Communication Commission
hearing aid compatibility technical standards contained in Section
68.316 and the Telecommunication Act of 1996 and Section 508 of the
Rehabilitation Act of 1973, as amended.
The
Contractor shall comply with the Section 508, Subpart B, and
Technical Standards. Additional documentation related to Section
508 and DHS’s application of Section 508 and product
accessibility standards can be provided by OAST.
All
EIT deliverables within this work statement shall comply with the
applicable technical and functional performance criteria of Section
508 unless exempt. Specifically, the following applicable standards
have been identified:
|
Title
|
Description
|
|
36
CFR
|
Software
Applications and Operating Systems, applies to all EIT software
applications
|
|
1194.21
|
and
operating systems procured or developed under this work statement
including but
|
Page 76 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
|
Title
|
Description
|
|
|
not
limited to GOTS and COTS software. In addition, this standard is to
be applied to
|
|
|
Web-based
applications when needed to fulfill the functional performance
criteria. This standard also applies to some Web based applications
as described within 36 CFR
|
|
|
1194.22.
|
|
36
CFR
|
Web-based
Intranet and Internet Information and Applications, applies to all
Web-
|
|
1194.22
|
based
deliverables, including documentation and reports procured or
developed under this work statement. When any Web application uses
a dynamic (non-static) interface, embeds custom user control(s),
embeds video or multimedia, uses proprietary or technical
approaches such as, but not limited to, Flash or Asynchronous
JavaScript and XML (AJAX) then “1194.21 Software”
standards also apply to fulfill functional performance
criteria.
|
|
36
CFR
|
Telecommunications
Products, applies to all telecommunications products
including
|
|
1194.23
|
end-user
interfaces such as telephones and non-end-user interfaces such as
switches, circuits, etc. that are procured, developed or used by
the Federal Government.
|
|
36
CFR
|
Self-Contained,
Closed Products, applies to all EIT products such as printers,
copiers,
|
|
1194.25
|
fax
machines, kiosks, etc. that are procured or developed under this
work statement.
|
|
36
CFR
|
Desktop
and Portable Computers, applies to all desktop and portable
computers,
|
|
1194.26
|
including
but not limited to laptops and personal data assistants (PDA) that
are procured or developed under this IDIQ contract.
|
|
36
CFR
|
Functional
Performance Criteria applies to all EIT deliverables regardless of
delivery
|
|
1194.31
|
method.
All EIT deliverable shall use technical standards, regardless of
technology, to fulfill the functional performance
criteria.
|
|
36
CFR
|
Information
Documentation and Support, applies to all documents, reports, as
well as
|
|
1194.41
|
help
and support services. To ensure that documents and reports fulfill
the required
|
|
|
“1194.31
Functional Performance Criteria”, they shall comply with the
technical standard associated with Web-based Intranet and Internet
Information and
|
|
|
Applications
at a minimum. In addition, any help or support provided in this
work statement that offer telephone support, such as, but not
limited to, a help desk shall have the ability to transmit and
receive messages using TTY.
|
Exceptions
for this work statement have been determined by DHS and only the
exceptions described herein may be applied. Any request for
additional exceptions shall be sent to the COR and determination
will be made in accordance with DHS MD 4010.2. DHS has identified
the following exceptions that may apply:
|
Title
|
Description
|
|
36
CFR 1194.2(b) – (COTS/GOTS products),
|
When
procuring a product, each agency shall procure products which
comply with the provisions in this part when such products are
available in the commercial marketplace or when such products are
developed in response to a Government solicitation. Agencies cannot
claim a product as a whole is not commercially available because no
product in the marketplace meets all the standards. If products
are
|
Page 77 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
|
|
commercially
available that meet some but not all of the standards, the agency
must procure the product that best meets the
standards.
|
|
|
When
applying this standard, all procurements of EIT shall have
documentation of market research that identify a list of products
or services that first meet the agency business needs, and from
that list of products or services, an analysis that the selected
product met more of the accessibility requirements than the
non-selected products as required by FAR 39.2. Any selection of a
product or service that meets less accessibility standards due to a
significant difficulty or expense shall only be permitted under an
undue burden claim and requires approval from the DHS Office
of
|
|
|
Accessible
Systems and Technology (OAST) in accordance with DHS MD
4010.2.
|
|
36
CFR
|
Incidental
to Contract, all EIT that is exclusively owned and used by the
Contractor to
|
|
1194.3(b)
|
fulfill
this work statement does not require compliance with Section 508.
This exception does not apply to any EIT deliverable, service or
item that will be used by any Federal employee(s) or member(s) of
the public. This exception only applies to those contractors
assigned to fulfill the obligations of this work statement and for
the purposes of this requirement, are not considered members of the
public.
|
12.2 Additional Accessibility Requirements
The
DHS Office of Accessible Systems & Technology considers
accessibility to Electronic and Information Technology (EIT) a
priority for all employees and external customers, including people
with disabilities. All proposed EIT products and/or services must
allow DHS to support its obligations under Section 508 of the
Rehabilitation Act of 1973.
The
specific EIT products under this solicitation include the
telecommunications equipment (phones, PDAs, air cards, etc.) with a
user interface or keys and those products that support said
interface. DHS objective is to acquire/provide a solution for
designated users that require Assistive Technology (AT).
Telecommunication and desktop Components shall not be included for
non-AT users due to their potential security risks to the
Agency’s current network infrastructure.
12.3 Department of Homeland Security Accessibility
Requirements
In
addition to meeting the Section 508 EIT Standards, DHS has
developed a number of accessibility requirements that are needed to
ensure that the hardware/software procured is natively accessible
(self-contained) or compatible with the Assistive Technologies (AT)
used by DHS employees with disabilities. AT is designed primarily
to ensure accessibility to hardware and software functionality for
people with disabilities, e.g., hearing impaired, visually impaired
and mobility impaired. This includes compatibility with their
current hardware and software devices and workstation
configurations. Compatible means that the devices/software performs
to all contractual specifications and that all software integrates
properly within the DHS operating environment. Working with these
assistive technologies enables the product to meet the appropriate
Section 508 standards. The Contractor shall comply with these
Assistive Technology requirements, as described below.
Page 78 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
12.3.1 Compatibility with Assistive Technology
Designated
Contractor-provided EIT shall be compatible with the following AT
Hardware devices:
●
Specialized
headsets
●
Handsets
●
Signaling
devices
●
Switches
●
Amplifiers
●
TTY’s
●
Internal
modem
●
Analog
line
●
CapTel
phone
All
Contractor-provided desktop related EIT shall be compatible with
the following AT Software:
●
TTY
software
●
Screen
reader software (currently JAWS Version 9.X screen reading
software)
●
Magnification
software (currently MAGIC Version 9 screen magnification
software)
●
Speech
to text software (currently Dragon Naturally Speaking Professional
voice recognition software)
If
the Contractor’s solution to Section 508 requirements
involves coding, scripting, add-ons, etc. to the Assistive
Technologies utilized at DHS, the contractor shall provide
maintenance and updates for the life of the contract whenever there
is a change in the operating system and/or a change in the JAWS,
MAGIC or Dragon software.
12.3.2 Accessible Functions
●
The
Contractor shall provide adjustable volume controls for output,
product interface with hearing technologies, and the usability of
keys and controls by people who may have impaired vision or limited
dexterity or motor control.
●
The
Contractor shall provide visual message and ring indicators that
comply with Section 508 standards.
To
support compliance with the applicable Section 508 standards the
Contractor shall over the life of this IDIQ contract:
●
Provide
products and services that comply with Titles II, III, and IV of
the Americans with Disabilities Act of 1990, Sections 251 and 255
of the Telecommunications Act of 1996, and Section 508 of the
Workforce Investment Act of 1998.
●
Provide
a designated point of contact for resolution of accessibility
complaints. This person shall be designated in the
contract.
●
Insure
calls that are forwarded to the voice mail system permit callers to
leave a TTY message. Contractor shall provide a caller the
capability to toggle between voice and TTY prompting. Contractor
shall explain if this capability can be used with one phone
number.
Page 79 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
●
Ensure
that visually impaired or blind persons are able to get voice
access to the same information that a sighted person would see by
looking at the phone’s alphanumeric and LED
display.
o
Audible
caller ID
o
Audible
message waiting indication
o
Caller
ID functions such as: message waiting lamp, lines on hold
indicators; lines available indicators
o
Call
forwarding functionality
●
Provide interface capability to Federal Video
Relay Services (FedVRS) Centers using H.323 and ISDN PRI/Basic Rate
Interface (BRI) connections for video-based, sign-language
communications with hearing-impaired individuals using the FedVRS
video relay service. More details on the FedVRS service can be
obtained at the FedVRS web site at https://www.federalrelay.us/.
●
Allow
DHS the right to perform testing on any proposed products prior to
their implementation within DHS’s EIT environments to
determine their compliance with the applicable Section 508 and DHS
accessibility requirements. Products provided for testing purposes
must be equivalent to the final commercially available release
version in terms of functionality and features. Prototype (e.g.,
Demonstration, Trial, “Beta”, etc.) versions of
products will not be considered for testing purposes. The
Contractor shall provide these products for testing purposes at no
expense to the Government.
●
The
Contractor’s solution shall provide accessible use matching
the following requirements as a minimum:
o
Login/logoff
capabilities
o
Full
feature integrated within the Agency desktop Windows
applications
o
Ability
to display the dialed number, and display the caller Automatic
Number Identification (ANI) if ANI information is available to the
system
o
Employee
will have complete control of the system including login and
logout
o
Ability
to make and receive phone calls manually
o
Standard
features such as call on hold, transfer and redirect are
available.
o
Individual
and group voice mail.
o
Complete
administrative control of each user.
o
Administrator
capabilities, e.g., agent supervisor, administrative assistant and
service representative.
o
Administrator
functions and features including agent administration.
12.3.3 Hardware Devices that Contain Digital Windows (If
Applicable)
Any
hardware device must provide an audible response for information
displayed in a visual only format (i.e., digital message window)
either through software or firmware. If not contained within the
hardware device (self-contained), it must be compliant with
assistive technology software products such as screen reading
software, magnification software, and voice recognition
software.
12.3.4 Documentation in Accessible Formats
Page 80 of 81
DHS
Cellular Wireless Managed Services
IDIQ
No. 70RTC21D00000001 Attachment 1 Statement of Work
For
any form of documentation (i.e., training manual, user guides,
etc.) DHS requires the contractor to provide documentation in an
electronic, accessible format. The documents must be provided in
one of the following formats: Text, Rich Text Format (RTF),
properly “tagged” Portable Document Format (PDF),
Microsoft Word or Hyper Text Markup Language (HTML) format.
Properly tagged PDF’s can be verified by using Adobe
Acrobat’s Accessibility Checker. Documentation delivered in a
manner that is interactive (e.g., table of contents, Index, Search,
etc.) must be keyboard navigable, move focus to selected items (or
have a keyboard alternative) and be comparable in keyboard access
to mouse usage.
12.4 Guidelines for Technical Support and Assistance
Support
and technical assistance shall accommodate the communication needs
of end users with disabilities, and shall be provided in one or
both of the following formats:
●
A
toll-free telephone number that is accessible to all Government
staff and provide TTY access for staff that may require assistance
for the hearing-impaired.
●
An
internet-based web page meet all of the requirements of Section 508
1194.22.
Page 81 of 81