Inactive

INTRODUCTION THIS IS NOT A SOLICITATION. The Department of Veterans Affairs (VA), Veterans Benefits Administration (VBA), is issuing this request for information (RFI)/sources sought solely for inform... INTRODUCTION THIS IS NOT A SOLICITATION. The Department of Veterans Affairs (VA), Veterans Benefits Administration (VBA), is issuing this request for information (RFI)/sources sought solely for information and planning purposes only and does not constitute a solicitation; therefore, do not submit a quote. There is no obligation for the Government to acquire any products or services described in this RFI/sources sought. No funds have been obligated for this effort. Information received will be for the purpose of determining whether or not to conduct a competitive procurement. The determination to conduct a competitive procurement based on responses to this RFI is solely within the discretion of the Contracting Officer. Interested parties are responsible for adequately marking proprietary, restricted or competition sensitive information contained in their response. Only electronic responses will be accepted, and the Government will not pay for any time expended or information submitted in response to this RFI. In accordance with the Federal Acquisition Regulations, responses to this RFI are not offers and cannot be accepted by the Government to form a binding contract. Eligibility in participating in a possible, future acquisition does not depend upon a response to this RFI. BACKGROUND The Modern Claims Processing (MCP) program is intended to provide a comprehensive modernization of the Disability Compensation Program, as well as, the programs supporting separating Servicemembers. The MCP program leverages computable medical data, mapped to regulatory criteria specific to the adjudication of claims. This data mapping eliminates the need for the myriad of laborious administrative functions that are currently undertaken by adjudicators in order to prepare a claim for a decision, ultimately delivering a decision to the Veteran/Servicemember more quickly. As VBA continues to modernize the claims process, the following three areas are central to that effort: To empower Veterans and Servicemembers to interact with VA in an online environment To leverage data in order to streamline and standardize the claims process To improve the quality and clarity of communication with the Veterans it serves CRITICAL CONSIDERATIONS FOR INTERESTED CONTRACTORS The Contractor shall be required to provide and accomplish ALL specific tasks, optional tasks, and deliverables described within the Performance Work Statement (PWS) listed below. NAICS: 541690 Other Scientific and Technical Consulting Services. Responses are solely treated as information for the Government to consider. Direct or Indirect costs incurred in response to this RFI are at the expense of the vendor, not the Government. In accordance with the Federal Acquisition Regulations, responses to this RFI are not offers and cannot be accepted by the Government to form a binding contract. It is requested and appreciated that all contractors interested in participating in this market research effort note their interest by responding to the areas identified in the, Company Details", and the, "Capabilities Statement , sections below. COMPANY DETAILS The page limit for responses to this section is three (3) pages. Provide company point(s) of contact information (name, email address, address, telephone, fax numbers and DUNS number) Identify if your company are any of the following business concern statuses (include all that apply): Service-Disabled Veteran-Owned Small Business (SDVOSB); Veteran-Owned Small Business (VOSB); Small Business (SB); Certified Small Business Administration (SBA) 8(a) firm; Small Disadvantaged Business (SDB); Economically Disadvantage Women-Owned Small Business (EDWOSB); Woman-Owned Small Business (WOSB); Historically Underutilized Business Zone (HubZone) Small Business; Large Business. (SDVOSBs and VOSBs must be verified in www.VIP.gov ) Provide contracting vehicles your company holds, such as GSA schedules. CAPABILITIES STATEMENT The page limit for responses to this section is seven (7) pages. Provide a brief narrative summary of your technical approach, with specific expertise and with ramp up time, to meet ALL of VA s requirements within the PWS. Provide an overview, detailing proof of your firm s capabilities to fulfill ALL the requirements within the PWS, to include: organizational; staff capability; and specific experience. Provide up to three (3) contracts that your company has performed for the same or similar requirement and of comparable size, complexity and scope. Describe scope, similarities, and differences, as pertinent. Again, this RFI/sources sought is NOT a request for competitive proposals. Parties may identify their interest, accompanied by supporting literature outlined above, to the Contracting Officer no later than April 19, 2019 by 12:00pm EST. Electronic submissions are acceptable via Mario.quilici@va.gov PERFORMANCE WORK STATEMENT (PWS) BACKGROUND The Modern Claims Processing (MCP) program is intended to provide a comprehensive modernization of the Disability Compensation Program, as well as the programs supporting separating Servicemembers. The MCP program leverages computable medical data, mapped to regulatory criteria specific to the adjudication of claims. This data mapping eliminates the need for the myriad of laborious administrative functions that are currently undertaken by adjudicators in order to prepare a claim for a decision, ultimately delivering a decision to the Veteran/Servicemember more quickly. As VBA continues to modernize the claims process, the following three areas of central to that effort: To empower Veterans and Servicemembers to interact with VA in an online environment To leverage data in order to streamline and standardize the claims process To improve the quality and clarity of communication with the Veterans it serves To that end, this contract seeks specifically to: Provide automation tools to Disability Compensation Adjudicators in order to simplify the claims process for Separating Servicemembers. Provide improved reporting based on medical database queries associated with Hospitalization, Aid & Attendance (A&A), Convalescence, and others. Expand upon previously started data-mapping work in support VASRD modernization and Disability Benefits Questionnaires (DBQs). Support the VBA with improving the processing of claims for benefits by automating processes through data gathering, processing, and analysis. APPLICABLE DOCUMENTS The Contractor shall comply with the following documents, in the performance of this effort: Veteran Information System (VIS) and VA Department of Defense Identity Repository (VADIR) Documentation VBA Benefit Process Flows as provided and directed by VA Leadership Technical Reference Manual http://www.va.gov/TRM/VAStandardPage.asp?tid=5176&lob=1 VA Enterprise Cloud (VAEC) Technical Reference Guide http://vistaadaptivemaintenance.info/va-cloud/VA_Cloud-Technical_Reference-2017.pdf VA Handbook 6500; VA INFORMATION SECURITY PROGRAM and NIST SP 800-53 https://www.va.gov/vapubs/viewPublication.asp?Pub_ID=793&FType=2 VIP Process Guide https://www.va.gov/DIGITALSTRATEGY/docs/VIP_Guide_1_0_v14.pdf The contractor, their personnel, and their subcontractors shall be subject to the Federal laws, regulations, standards, and VA Directives and Handbooks regarding information and information system security as delineated in this contract. SCOPE OF WORK The contractor will provide services under the following work areas and tasks: Provide automation tools to Disability Compensation Adjudicators in order to simplify the claims process for Separating Servicemembers. Specifically, a Proof of Concept Adjudicator Portal. A Working Prototype of the Adjudicator Portal integrated into the VBA-approved application platform user interface (via additional tab) and integrated with the VBA, VHA, and DoD systems needed to collect relevant data from and provide relevant data to those systems in order to speed up and improve the consistency of the adjudication process for Separating Servicemembers. All development and implementation work to comply with current VA/VBA/OI&T security and architecture policies and procedures in order to allow deployment within the VA Enterprise Cloud (VAEC) FedRAMP environment, as currently structured. Provide VBA Compensation with improved reporting based on VA medical database queries against the Corporate Data Warehouse (CDW) and VBA CorpDB - associated with Hospitalization, Aid & Attendance (A&A), Convalescence, and other claims areas that do not solely rely on verifying medical conditions other than a Veteran s existing status as having a Service Connected Disability (SCD). Expand upon previously started data-mapping work in support of VASRD modernization and Disability Benefits Questionnaires (DBQs). This work will initially focus on the mapping of each of the DBQs back to specific VASRD codes and the individual compensation claims as submitted by the Veteran for Adjudication. Support the VBA with improving the processing of claims for benefits by automating processes through data gathering, processing, and analysis. The contractor will also assist VBA, where needed, with improving the claims process itself to leverage the automation improvements implemented in the tasks above. APPLICABILITY This PWS is within the scope of paragraph(s) 5.1 Program/Program Management Support, 5.2 User/Human Centered Design (UCD/HCD) and 5.3 Technical Assistance. Optional Tasks will be elected and executed as required, according to Order Type requirements. ORDER TYPE Firm Fixed Price (FFP), GSA Task Order PERFORMANCE DETAILS PERFORMANCE PERIOD The Contract Period of Performance (PoP) shall consist of a Base Year PLACE OF PERFORMANCE Efforts under this TO shall be performed at Contractor facilities. The Contractor shall identify the Contractor s place of performance in their Task Execution Plan submission. Program Management and Requirements gathering tasks shall be performed on-site at 1800 G. Street NW, Washington, District of Columbia. TRAVEL OR SPECIAL REQUIREMENTS The Government does not anticipate travel under this effort to perform the tasks associated with the effort, including program-related meetings or conferences throughout the period of performance.  Contractor are only expected to travel within the local commuting area and will not be reimbursed. Face-to-face meetings, code integration and planning sessions may be requested on an as-needed basis. Should contractor and the Government determine that such travel is required it shall be estimated and reimbursed under this contract as Other Direct Costs (ODCs) on a task-by-task basis. No reimbursement shall be paid unless the travel itself and an estimate of total costs is approved in writing by the contract COR. Location: Washington D.C. CONTRACT MANAGEMENT All specifications of this Performance Work Statement (PWS) apply to this effort. This PWS shall be addressed in the Contractor s Project Management Plan (PMP) as set forth in this contract. The Contractor shall design an adjudicator portal application to assist VBA Adjudicators complete rating-related tasks more quickly and efficiently. Work will include Human-Centered Design for UX strategy, UI and visual design, rapid prototyping, and front-end engineering. The Contractors shall also provide VBA business logic related to Hospitalization Reports to OIT staff for operational implementation and assist VBA with updating related operational business rules. Contractors shall liaise with VA designated technical teams at VA IT to implement any approved proof of concept technology. GOVERNMENT FURNISHED PROPERTY The Government has multiple remote access solutions available to include Citrix Access Gateway (CAG), Site-to-Site Virtual Private Network (VPN), and RESCUE VPN. The Government s issuance of Government Furnished Equipment (GFE) is limited to Contractor personnel requiring direct access to the network to: development environments; install, configure and run Technical Reference Model (TRM) approved software and tools (e.g., Oracle, Fortify, Eclipse, SoapUI, WebLogic, LoadRunner); upload/download/ manipulate code, run scripts, and apply patches; configure and change system settings; check logs, troubleshoot/debug, and test/QA. When necessary, the Government will furnish desktops or laptops, for use by the Contractor to access VA networks, systems, or applications to meet the requirements of this PWS. Additionally, when needed, the Government will transfer responsibility of contractor GFE, previously sponsored by another COR, to be associated with the COR of this contract. The overarching goal is to determine the most cost-effective approach to providing needed access to the VA environment coupled with the need to ensure proper Change Management principles are followed. Contractor personnel shall adhere to all VA system access requirements for on-site and remote users in accordance with VA standards, local security regulations, policies and rules of behavior. GFE shall be approved by the COR and Program Manager on a case-by-case basis prior to issuance. The Government will not provide IT accessories including but not limited to Mobile Wi-Fi hotspots/wireless access points, additional or specialized keyboards or mice, laptop bags, extra charging cables, extra Personal Identity Verification card readers, peripheral devices, or additional Random Access Memory (RAM). The Contractor is responsible for providing these types of IT accessories in support of the TO as necessary and any VA installation required for these IT accessories shall be coordinated with the COR. The Contractor will also receive access to a SharePoint site containing historical documentation of data mapping and methodology documents associated with the past deliverables specific to this project. SECURITY AND PRIVACY All Contractors and Contractor personnel shall be subject to the same Federal security and privacy laws, regulation, standards and VA polices and VA, including the Privacy Act, 5 U.S.C. §552a, and VA personnel, regarding information and information system security. Contractors must follow policies and procedures outlined in VA Directive 6500, Information Security Program; and VA Handbook 6500.6, Contract Security which are available at http://www.1.va.gov/vapubs and its handbooks to ensure appropriate security controls are in place. All Contractor employees and subcontractor employees requiring access to VA information and systems shall complete the following before being granted access to VA information and its systems: 1.  Sign and acknowledge (either manually or electronically) understanding of and responsibilities for compliance with the Contractor Rules of behavior, Appendix E relating to access to VA information and information systems. 2.  Successfully complete the VA 10176, VA Privacy and Information Security Awareness and Rules of Behavior training and annually complete required security training; 3.  Successfully complete the appropriate VA privacy training and annually complete required privacy training 4.  Successfully complete any additional cyber security or privacy training as VA personnel with equivalent information or system access, as required. Contractor Employee Training: All employees of the Contractor and assigned to work on this project shall complete annual Cyber Security training and Privacy Training using the Talent Management System (TMS) Certificate of Completion: The Contractor shall provide copies of training certificates and certification of the employee signing the Contractor Rules of Behavior within 5 days of working on this contract and annually thereafter.  Failure to Comply: Failure to comply with the mandatory initial and annual training and signing the Contractor Rules of Behavior within the timeframe required is grounds for suspension r termination of all physical or electronic access privileges and removal from work on the contract until such time as the training and documents are complete. The Contractor shall notify the program manager and COR assigned to this contract for VA within 24 hours of the discovery or disclosure of successful exploits of the vulnerability which can compromise the security of the Systems (including the confidentiality or integrity of its data and operations, or the availability of the system). Such issues shall be remediated as quickly as follows: a. Critical Must be remediated immediately. b. High Must be remediated within 60 days. c. Medium Must be remediated within 90 days. d. Low Must be remediated according to the timeframe established by the system owner. Typical in the next release or no longer than 120 days. Security Investigation: The term security incident means an event that has, or could have, resulted in unauthorized access to, loss or damage to VA assets, or sensitive information, or an action that breaches VA security procedures. The contractor/subcontractor shall immediately notify the COR and the COR will notify the designated ISO and Privacy Officer for the contract of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information, including that contained in system(s) to which the contractor/subcontractor has access. Security Violations: To the extent known by the contractor/subcontractor, the contractor/subcontractor s notice to VA shall identify the information involved, the circumstances surrounding the incident (including to whom, how, when, and where the VA information or assets were placed at risk or compromised), and any other information that the contractor/subcontractor considers relevant. Data Breach: With respect to unsecured protected health information, the business associate is deemed to have discovered a data breach when the business associate knew or should have known of a breach of such information. Upon discovery, the business associate must notify the covered entity of the breach. Notifications need to be made in accordance with the executed business associate agreement. Theft or Break-In: In instances of theft or break-in or other criminal activity, the contractor/subcontractor must concurrently report the incident to the appropriate law enforcement entity (or entities) of jurisdiction, including the VA OIG and Security and Law Enforcement. The contractor, its employees, and its subcontractors and their employees shall cooperate with VA and any law enforcement authority responsible for the investigation and prosecution of any possible criminal law violation(s) associated with any incident. The contractor/subcontractor shall cooperate with VA in any civil litigation to recover VA information, obtain monetary or other compensation from a third party for damages arising from any incident, or obtain injunctive relief against any third party arising from, or related to, the incident. Notice of Security Incident: The contractor/subcontractor shall provide notice to VA of a security incident as set forth in the Security Incident Investigation section above. Upon such notification, VA must secure from a non-Department entity or the VA Office of Inspector General an independent risk analysis of the data breach to determine the level of risk associated with the data breach for the potential misuse of any sensitive personal information involved in the data breach. The term 'data breach' means the loss, theft, or other unauthorized access, or any access other than that incidental to the scope of employment, to data containing sensitive personal information, in electronic or printed form, that results in the potential compromise of the confidentiality or integrity of the data. Contractor shall fully cooperate with the entity performing the risk analysis. Failure to cooperate may be deemed a material breach and grounds for contract termination. Liquidated Damages for Data Breach: Consistent with the requirements of 38 U.S.C. § 5725, a contract may require access to sensitive personal information. If so, the Contractor is liable to VA for liquidated damages in the event of a data breach or privacy incident involving any SPI the contractor/subcontractor processes or maintains under this contract. Notice of Security Incident: The contractor/subcontractor shall provide notice to VA of a security incident as set forth in the Security Incident Investigation section above. Upon such notification, VA must secure from a non-Department entity or the VA Office of Inspector General an independent risk analysis of the data breach to determine the level of risk associated with the data breach for the potential misuse of any sensitive personal information involved in the data breach. The term 'data breach' means the loss, theft, or other unauthorized access, or any access other than that incidental to the scope of employment, to data containing sensitive personal information, in electronic or printed form, that results in the potential compromise of the confidentiality or integrity of the data. Contractor shall fully cooperate with the entity performing the risk analysis. Failure to cooperate may be deemed a material breach and grounds for contract termination. Security Risk Analysis: Each risk analysis shall address all relevant information concerning the data breach, including the following: Nature of the event (loss, theft, unauthorized access) Description of the event, including: Date of occurrence Data elements involved, including any PII, such as full name, social security number, date of birth, home address, account number, disability code; Number of individuals affected or potentially affected; Names of individuals or groups affected or potentially affected; Ease of logical data access to the lost, stolen or improperly accessed data in light of the degree of protection for the data, e.g., unencrypted, plain text; Amount of time the data has been out of VA control; The likelihood that the sensitive personal information will or has been compromised (made accessible to and usable by unauthorized persons); Known misuses of data containing sensitive personal information, if any; Assessment of the potential harm to the affected individuals Data breach analysis as outlined in 6500.2 Handbook, Management of Security and Privacy Incidents as appropriate and Whether credit protection services may assist record subjects in avoiding or mitigating the results of identity theft based on the sensitive personal information that may have been compromised. Reimbursement: Based on the determinations of the independent risk analysis, the Contractor shall be responsible for paying to the VA liquidated damages in the amount of $37.50 per affected individual to cover the cost of providing credit protection services to affected individuals consisting of the following: Notification; One year of credit monitoring services consisting of automatic daily monitoring of at least 3 relevant credit bureau reports; Data breach analysis; Fraud resolution services, including writing dispute letters, initiating fraud alerts and credit freezes, to assist affected individuals to bring matters to resolution; One year of identity theft insurance with $20,000.00 coverage at $0 deductible and; Necessary legal expenses the subjects may incur to repair falsified or damaged credit records, histories or financial affairs. Liquidated Damages: This PWS is further subject to the statutory requirement to assess liquidated damages against Contractors and/or subcontractors under 38 U.S.C. §5725 in the event of a breach of Sensitive Personal Information (SPI)/Personally Identifiable Information (PII). Said liquidated damages shall be assessed at $37.50 per affected Veteran or Claimant. A breach in this context includes the unauthorized acquisition, access, use or disclosure of VA SPI which compromises not only the information s security or privacy but that of the Veteran or beneficiary as well as the potential exposer or wrongful disclosure of such information as a result of a failure to follow proper data security controls and protocols. When the Security Fixes involve installing third party patches (such as Microsoft OS patches or Adobe Acrobat), the Contractor will provide written notice to VA that the patch has been validated as not affecting the Systems within 10 working days. When the Contractor is responsible for operations or maintenance of the Systems, they shall apply the Security Fixes within 90 days. POSITION/TASK RISK DESIGNATION LEVEL(S) All contract employees who require access to the VA site(s) and/or access to the VA local area network (LAN) system shall be subject of a background investigation and must receive a favorable adjudication from the VA Security and Investigations Center (SIC). These requirements are applicable to all subcontractor personnel requiring the same level of Background Investigation. In accordance with VA Handbook 0710, Personnel Security and Suitability Program, the position sensitivity and the level of background investigation commensurate with the required level of access for the following tasks within the PWS are: Task Number Tier1 / Low Risk Tier 2 / Moderate Risk Tier 4 / High Risk 5.1 5.2 5.3 5.4 5.5 5.6 The Tasks identified above and the resulting Position Sensitivity and Background Investigation requirements identify, in effect, the Background Investigation requirements for Contractor individuals, based upon the tasks the particular Contractor individual will be working. The submitted Contractor Staff Roster must indicate the required Background Investigation Level for each Contractor individual based upon the tasks the Contractor individual will be working, in accordance with their submitted proposal. SPECIFIC TASKS AND DELIVERABLES The Contractor shall perform the following: PROGRAM/PROJECT MANAGEMENT SUPPORT CONTRACTOR PROGRAM/PROJECT MANAGEMENT PLAN The Contractor shall deliver a Project Management Plan (PMP) that lays out the Contractor s approach, timeline and tools to be used in execution of this effort.  The P/PMP should take the form of both a narrative and graphic format that displays the integrated master schedule, milestones, risks and required contractor resource support.  The P/PMP shall also include how the Contractor shall coordinate and execute planned, routine, and ad hoc data collection reporting requests as identified within the PWS. The initial baseline P/PMP shall be concurred upon and updated in accordance with Section B of the Contract. The Contractor shall update and maintain the VA Program Manager (PM) approved P/PMP throughout the Contract Period of Performance (PoP). Deliverable: Program/Project Management Plan MONTHLY PROGRESS REPORT The Contractor shall provide the Contract Officer Representative (COR) with Progress Reports, monthly, in an electronic form using appropriate formats. The report shall include detailed instructions/explanations for each required data element, to ensure that data is accurate and consistent. These reports shall reflect data as of the last day of the preceding period. The Progress Reports shall cover all work completed during the reporting period and work planned for the subsequent reporting period for each project. The report shall also identify any problems that arose and a description of how the problems were resolved. If problems have not been completely resolved, the Contractor shall provide an explanation including its plan and timeframe for resolving the issue. The report shall also include an itemized list of all documents and electronic deliverables. The Contractor shall monitor performance against the P/PMP and report any deviations. The Contractor shall keep in communication with VA so that issues that arise are transparent to both parties to prevent escalation of outstanding issues. Deliverable: Monthly Progress Report (MPR) SPRINT REVIEW REPORT Once development has begun (Task 5.7 Adjudicator Portal Proof of Concept Application), the Contractor shall provide the Contract Officer Representative (COR) with Sprint Completion Reports, at the agreed-to development sprint cadence, in an electronic form using appropriate formats. The report shall include detailed outcomes for issues originally included in the Sprint Planning Meeting as well as the completion, delay, or movement to a subsequent sprint, etc. These reports shall reflect data as of the last day of the preceding period. The Sprint Review Report may be delivered via Government access to the implemented issue management tool (e.g. Jira). Deliverable: Recurring Sprint Review Report TECHNICAL KICKOFF MEETING The Contractor shall hold a technical kickoff meeting within 10 days after contract award. The Contractor shall present, for review and approval by the Government, the details of the intended approach, work plan, and project schedule for the effort. The Contractor shall specify dates, locations (can be virtual), agenda (shall be provided to all attendees at least five (5) calendar days prior to the meeting), and meeting minutes (shall be provided to all attendees within three (3) calendar days after the meeting). The Contractor shall invite the Contracting Officer (CO), Contract Specialist (CS), COR, and the VA PM. Deliverable: Technical Kickoff Meeting ONBOARDING The Contractor shall manage the onboarding of its staff. Onboarding includes steps to obtain a VA network and email account, complete training, initiate background investigations, and gain physical and logical access, which may include elevated privileges to the necessary configuration and test environments for the various systems to be enhanced. A single Contractor Onboarding contact shall be designated, by the Contractor, who tracks the onboarding status of all Contractor personnel. The Contractor Onboarding contact shall be responsible for accurate and timely submission of all required VA onboarding paperwork to the COR. The Contractor shall be responsible for tracking the status of all onboarding activities and report the status at the staff level during onboarding status meetings. The Contractor shall provide an Onboarding Status Report weekly for any staff with outstanding onboarding requests for review by the COR and VA Project Manager. Deliverable: Onboarding Status Report USER-/HUMAN-CENTERED DESIGN (UCD/HCD) The Contractor shall be prepared execute a point-forward strategy that will focus on improving and enhancing VBA s claims processing systems, while integrating with existing VA systems at contract initiation, while keeping the VBA Adjudicators and Veterans at the center of the design and requirements process (i.e., user interviews, user stories and continual feedback, etc.). The contractor shall create requirements and design wire frames from them that help people easily complete the desired tasks. UCD/HCD work will include such UCD/HCD techniques and tools as shall be needed to implement the UX strategy, UI and visual design, rapid prototyping, and front-end engineering. APPLICATION NEEDS ELABORATION AND SCOPING The contractor shall design digital services that help people easily complete the desired tasks utilizing User-Centered Design. Work will include UX strategy, UI and visual design, rapid prototyping, and front-end engineering. Contractors shall implement the UCD methodology as a default for work performed. The contractor shall design digital services that help people easily complete the desired tasks and are designed to optimize the Veteran s experience of the overall process. Work will include (but is not limited to) such tools and techniques as: Veteran interviews, adjudicator interviews, developing user personas, card sorting, requirements development and priority setting, UX strategy, UI and visual design, rapid prototyping, and front-end engineering. Contractors shall implement the agreed-to design and functionality called for in the final UCD/HCD outputs. Deliverable: High level Application Technical Needs Review...