REQUEST FOR INFORMATION Electronic Capital Planning and Investment Control System Support Services The purpose of this Sources Sought Notice is to search for qualified service-disabled Veteran-owned small business and Veteran-owned small business vendors capable of meeting the requirements for support services for the Electronic Capital Planning and Investment Control (eCPIC) system. This is a Request for Information (RFI) only and shall not be considered an Invitation for Bids, Request for Quotations, or a Request for Proposals. This market research is issued for information and planning purposes only and does not constitute a solicitation nor does it restrict the Government as to the ultimate acquisition approach. It is based upon the best information available and is subject to future modification. This request does not commit VA to contract for any supply or service whatsoever. VA is not, at this time, seeking proposals and will not accept unsolicited proposals. Responders are advised that VA will not pay for any information or administrative costs incurred in response to this RFI; all costs associated with responding to this RFI will be solely at the responder s expense. Not responding to this RFI does not preclude participation in any future RFP, if any is issued. Any information submitted by respondents to this RFI is strictly voluntary. Responders are fully responsible for adequately marking proprietary, restricted, or competition sensitive information contained in their response. All submissions become Government property and will not be returned. Overview: VA intends on entering into an Interagency Agreement (IAA) with the General Services Administration (GSA) to provide program management, technical support and training, system enhancements, maintenance and unlimited use of the electronic Capital Planning and Investment Control (eCPIC) application. The eCPIC effort is a voluntary Federal initiative entitled Corporate Information Technology (IT), IT Resource Management. GSA is the lead agency for this initiative. eCPIC is a web-based tool, Government-owned technology solution that principally automates capital planning and investment control practices. This application enables agencies ease and automation of the complex process surrounding the select, control and evaluation of IT investments and investment portfolios including an integrated set of tools supporting the creation and electronic submission of the Office of Management and Budget (OMB) Exhibit 300A (Capital Asset Plan and Business Case Summary) and Exhibit 53 (VA IT Investment Portfolio). Also see below for a description of the services VA requires. How to Respond: Interested parties are encouraged to reply to this RFI no later than (9:00 AM Eastern Time, February 14, 2017, by email to Peter Lewandowski, [email protected]. Capability Statement No more than 10 pages. Please describe current capabilities related to the requirements discussed above. Please include the following descriptive information in your capability statements: name of company, point of contact, telephone number, email address; company address, size of business, and GSA schedules if any. Comments and Feedback no more than 10 pages. Interested parties are encouraged to respond to this RFI with their comments, concerns, questions and overall feedback. Additionally, please indicate whether the requirement is sufficiently detailed and clear for your comprehensive response. If not, propose your suggested changes. Acquisition of Support Services for the Electronic Capital Planning and Investment Control (eCPIC) System Roles and Responsibilities of the Servicing Agency/Vendor Provide: Unlimited use of the eCPIC system; Administrative rights and permissions to manage test and production environments; Rights and permissions to customize test and production instances (via the administrator module); Membership and voting rights in the Federal eCPIC Steering Committee (FESCOM); A process to submit requests for system enhancements; Unlimited use of eCPIC job aids and training materials for administrators and users. Help Desk Support Hosting Services System enhancements based upon priorities established by the FESCOM Periodic training opportunities Technical support services for improving proficiency with the eCPIC system System status information Program management support List of Services to be Provided: Program Management Operation of the eCPIC program management office with a dedicated program manager; Manage the support services contract for the delivery of services under this agreement; Share information in a timely manner electronically by managing and distributing information and artifacts via the FESCOM Wiki on the Max site operated by the Office of Management and Budget; Conduct regular meetings of the FESCOM to inform and obtain feedback from its members on matters relating to the enhancement and support of the eCPIC system; Provide reports to the Department of Veterans Affairs quarterly that lists all significant work performed during the quarter; and Conduct an annual assessment by collecting feedback on the level of satisfaction on the services provided under this agreement from all requesting agencies. Help Desk Support Provide help desk support (tier 2 & 3): 8 AM 5 PM ET, Monday through Friday, except federal holidays: Tier 2 Support: Install all eCPIC system releases and assist with user management when the Managing Agency hosts the eCPIC system; Tier 3 Support: Technical assistance using eCPIC functionality, Resolving problems with eCPIC operation, technical assistance with submissions to the Federal IT Dashboard; Six days of extended help desk support (tier 2 & 3): 6 AM to Midnight; Respond to 95 percent of requests (email and phone) within one hour; Identify 95 percent of solutions within four hours when VA hosts the eCPIC system; and Implement 95 percent of solutions within four hours when Managing Agency hosts eCPIC system. Hosting Services Provide a secure shared-services computing environment that includes virtual test and production instances with controlled access; Obtain Authority to Operate (ATO) the hosted environment at the moderate level of IT security as defined by the National Institute of Standards and Technology; see Section VIII for specific security procedures; Provide database backup and recovery services full backups conducted on Saturdays and incremental backups conducted daily. In case of catastrophic failure, the Managing Agency/vendor will rebuild and transfer the virtual environment to new servers as necessary. The system may be unavailable for several business days to complete; Network availability: 99.9 percent per month; and Server availability: 99.9 percent per month. Enhancements Provide functional enhancement based upon submitted change requests as prioritized by the Change Control Board; Provide timely enhancements based upon OMB Circular A-11 Guidelines and policies for reporting data within release by OMB; Implement enhancements based upon requirements; Ensure the system and all enhancements are Section 508 compliant; and Technical Support and Training: Provide technical support to improve the use of the eCPIC system; Provide periodic training opportunities; Provide materials developed for classroom training; and Provide job aids. Security Requirements and Procedures Configure the eCPIC system and obtain the authority to operate (ATO) at the moderate security level as defined by the National Institute of Standards and Technology (NIST) Guideline 800-53 (as amended); Protect information transmitted between users of VA and eCPIC using the Federal Information Processing Standard 140-2 validated encryption mechanisms; Upon written request, provide VA with access to review of the eCPIC security authorization package (security plan, security assessment report and POA&M), and contingency plan, incident response plan, and privacy impact assessment at a time and location designated by the Managing Agency/vendor; Complete Annual Security Control Test Perform vulnerability scans (quarterly at minimum). Critical and high vulnerabilities detected shall be mitigated within 30 days, medium within 60 days, and low within 90 days. Track and manage all POA&Ms for the eCPIC system and provide VA with progress as requested; Test the eCPIC contingency plan and incident response plan annually and share the test results with VA as requested; Notify VA of IT security incidents relating to its eCPIC virtual environment; Timely respond to all written requests by VA for information and documentation related to the eCPIC system; and Delete designated data upon written request by VA. VA will provide additional funding if required to perform this action.

Bid Protests Not Available