You are on page 1of 18

Na tio n a l Oc e a n ic a n d Atm o s p h e ric Ad m in is tra tio n Un ifie d Me s s a g in g S e rvic e P e rfo rm a n c e Wo rk S ta te m e n t

J a n u a ry 3, 2011

Page |1

OVERVIEW 1.1 General Information

This Performance Work Statement (PWS) outlines NOAAs requirements for a cloud-based Unified Messaging Service (UMS) to include e-mail, calendar, wireless mobile device synchronization, and collaboration services. This service will replace NOAAs existing in-house e-mail and calendar systems and BlackBerry server. 1.2 Background

The 2010 federal budget released by the administration calls for improving innovation, efficiency and effectiveness in federal information technology (IT). The Office of Management and Budget (OMB) recommended that IT managers across the Federal Government default to cloud-based solutions whenever a secure, reliable, cost-effective cloud option exists. NOAA is seeking new and innovative technology that would require minimal time from NOAA personnel, thus enabling the organization to focus on support of IT systems critical to NOAAs core mission. NOAAs email and calendar infrastructure supports approximately 20,000 to 25,000 mailboxes, and the Government anticipates possible growth up to 30,000 accounts due to organizational growth. Approximately 3,500 accounts are also accessed via BlackBerry phones. E-mail is currently backed up on tape. Backups only contain information on the mail servers, and do not include local mail folders. Recent regulations for e-discovery and handling litigation hold materials demands that NOAA implement a more effective process for email retention. Electronic messaging has evolved over the years into an integrated and collaborative environment. NOAAs current environment lacks the level of integrated features and functionality that are commercially available. NOAA personnel require greater use of these integrated messaging and collaborative tools to support its core science mission. Additionally, NOAA is seeking a solution that will reduce the Governments in-house system maintenance burden and provide users with timelier implementation of new features. 1.3 Scope

NOAA seeks a cloud based service to replace the current environment supporting email and calendar functions. The Contractor shall partner with a cloud service provider on this initiative. Cloud computing is defined by NIST at http://csrc.nist.gov/groups/SNS/cloud-computing/clouddef-v15.doc.The new service shall provide integrated email, calendar, collaboration tools and Blackberry/Smartphone integration and management with this service. The service must be fully compatible with Apple, Linux and Windows operating systems as well as fully compatible with popular clients including Outlook, Thunderbird, MacMail, Entourage, iCalendar, etc. The service shall provide these services for each member of the NOAA enterprise. The service shall be scalable to accommodate anticipated growth in increments of 100 and 500 mailboxes. The vendor shall provide continuous service to each account after it is established until NOAA terminates user access or until the task order is terminated. The vendor shall work with the

Page |2

Government at that time to transfer all data to the Governments chosen service and/or repository. The service must provide an end to end solution. Offerors must include any specialized software or devices required to migrate to or utilize the service in their proposals. NOAA does not intend to make any additional purchases outside of this task order to migrate to or use the service, beyond existing NOAA owned software and devices. Offers are cautioned not to make assumptions regarding existing NOAA software licenses. 1.4 Item 1.1 1.2 1.3 1.4 1.5 Additional References Document NOAA Security Policy DOC Security Policy Section 508 Compliance Federal Information Processing Standards (FIPS) 140-2
National Institute of Standards and Technology (NIST) Risk Management Framework methodologies and standards. Special Publication (SP) 800-37, Revision 1,

Table 1.0: Referenced Documents

Location/Link https://www.csp.noaa.gov/policies/ http://ocio.os.doc.gov/ITPolicyandPrograms/Polic y___Standards/DEV01_002681 http://www.section508.gov/ http://www.nist.gov/itl/upload/fips1402.pdf http://csrc.nist.gov/publications/nistpubs/800-37rev1/sp800-37-rev1-final.pdf

OBJECTIVES 2.1 Service

Replace the current e-mail and calendar systems (also referred to as email service herein) with cloud-based e-mail and collaboration services that are seamlessly integrated to improve business performance by providing NOAA users with expanded and new capabilities that reflect industry best practices. Accordingly, the solution shall achieve the following objectives: Provide e-mail, calendar, and collaboration services for up to 25,000 accounts and enable incremental expansion priced in increments of 100 and 500 accounts. Expand access to include state-of-the-art collaborative tools and capabilities (such as file sharing, resource reservations) that enhance NOAAs ability to conduct business; Ensure timely technology updates and/or enhancements that provide NOAA users access to current, commercially available service offerings; and Provide robust and rapid search (full text) capability to enable efficient e-discovery across email and calendar data.

Page |3

2.2

Migration

Conduct a seamless and expedited migration from the current e-mail and calendar systems to cloud-based services with minimal disruption to business operations while ensuring data integrity. Therefore, users will find the migration transparent and will not be required to move files or complete other work in preparation for migration of data; they will be able to seamlessly begin using their new email and calendar systems upon completion of migration. Users will be without service less than 6 hours while their new email and calendar services are being established and where practical that time without service shall be outside standard working hours (M-F 6AM to 6PM). The provider shall provide online documentation and interactive tutorials for the customers technical personnel to assist with migration.

Plan and conduct an expedited migration from the current environment to the new environment within the first 6 months of performance (or as required by the schedule) and develop an exit strategy that would allow transition to another solution should this become necessary in the future; and Establish a plan to interface with NOAA help desk and other designated technical teams to conduct the migration, daily operations and maintenance after migration, and preparations for move to another solution. Management, Staffing and Reporting

2.3

As part of the proposal, Offerors shall provide a Management and Staffing plan and a Performance Management and Reporting plan. 3 ASSUMPTIONS, AND CONSTRAINTS In developing the technical approach and solution, the Offeror shall work under the following Government requirements, assumptions and constraints: 3.1 Place of Performance

All work will be performed from the Service Providers location, with the exception of on-site training at or near NOAA offices including those in Silver Spring, MD, Washington, D.C., and possibly other NOAA sites in the contiguous United States. 3.2 Government Furnished Equipment/Government Furnished Information

The Government shall not provide any Government Furnished Equipment (GFE) as part of this solution. The Government shall provide nomenclature, user accounts, and access to existing email and calendar content for the purpose of successfully accessing the current e-mail environment and conversion of data to the new solution. The Government will however, provide equipment associated with the Live Test Demonstration as listed in the Instructions to Offerors. 3.3 Proposal Preparation and Live Demonstration Presentation

The Government will not pay Offerors for the preparation of the proposal and Live Demonstration or any other costs incurred during the process of seeking contract award. The Offerors must complete proposal preparation and other activities associated with the proposal process at their own expense.

Page |4

3.4

Current Email Volume

Current daily email message volume (approximate average) is 2.5 million messages (3 million peak per day). This includes filtered messages. Approximately 50 TB of data currently exists on the existing email systems. This data must be migrated to the new service. 3.5 Current Mobile Devices

Currently NOAA has 3500 supported mobile devices. Service must scale to support anticipated growth to as much as 5000 mobile devices over the life of this task order. Blackberry is the current NOAA standard. 3.6 Email Conversion

Any email conversion must take place using industry accepted formats and mechanisms such that no loss of data or tracking occurs. For email the End-To-End routing must remain. For documents, all original properties must be retained. 3.7 Background Checks and Non Disclosure Agreements

All personnel with access to NOAA data must have passed a background check, per NOAA and Department of Commerce security and IT security policies. Standard Non Disclosure Agreements (NDAs) shall be completed as required for all personnel performing system administration with access to Government data in the performance of this contract. 3.8 Confidentiality, Security, and Privacy

In accordance with the Federal Acquisitions Regulations (FAR) clause 52.2391(http://fedgovcontracts.com/pe04-4.htm), the Offeror shall be responsible for the following privacy and security safeguards: The Offeror shall not publish or disclose in any manner, without the Contracting Officers written consent, the details of any safeguards used by the Provider under the resulting contract or otherwise provided by or for the Government. For purposes of inspection to safeguard against threats and hazards to the security, integrity, and confidentiality of any non-public Government data collected and stored by the Provider, the Provider shall afford the Government access to facilities, installations, technical capabilities, operations, documentation, records, and databases. If new or unanticipated threats or hazards are discovered by either the Government or the Provider, or if existing safeguards have ceased to function, the discoverer shall immediately bring the situation to the attention of the other party. The Offeror's solution must comply with the applicable NOAA IT Security Policies and Procedures as required for a Moderate Impact system. Data migration cannot begin until conditions to achieve Authority to Operate are met. Work on this project may require or allow Provider personnel access to Privacy Information. Personnel shall adhere to the Privacy Act, Title 5 of the U.S. Code, Section 552a and applicable agency rules and regulations. All data at rest will reside within the United States or Territories of the United States, with a minimum of two data center facilities at two different and distant geographic locations.

Page |5

All NOAA data in the system (including, but not limited to, email messages, calendar meetings, resources, contacts, email addresses, and resource names) remains the property of NOAA for life of contract and will transition to any follow-on service at end of contract period without loss of data. Data may not be accessed or used in any manner inconsistent with this agreement. Period of Performance

3.9

The period of performance shall be for one (1) base year with two (2) one-year follow-on option periods. The base year will consist of service implementation, conversion, migration from the current email service to the new email service and operation of the new service during the remainder of the period. The option periods will consist of continuing operation of the new service. The price proposal shall show pricing for the base year and for each option year. 4 REQUIREMENTS Functional requirements must be met as part of the minimal solution offering. The Offeror shall propose a solution that achieves these functional requirements. Proposals will be evaluated on technical approach, past performance and price to determine the best value for NOAA. These functional requirements, at a minimum include the following:

4.1 Factor 1 Technical Requirements


4.1(a) Security, Anti-Virus, and Filtering The solution must meet NOAA and Department of Commerce (DOC) policies for Certification and Accreditation (C&A).The solution must adhere to National Institute of Standards and Technology (NIST) Risk Management Framework methodologies and standards applicable for systems categorized at the moderate impact level. Offerors proposals must demonstrate capability to achieve NOAA moderate level Authorization within 90 days of the award. The solution must provide features that protect data confidentiality and integrity as well as protect the end-user from inappropriate or malicious messages and attachments and provide those protections for outbound messages as well. All cryptographic modules and their validation as conforming to requirements of Federal Information Processing Standards (FIPS) 140-2 must be identified.
Item Title Specific Required Features and Capabilities

4.1a.01

Encryption

Web and client based access shall be over Secure Sockets Layer (SSL)/Transport Layer Security (TLS) session supporting FIPS 140-2 as specified in section 4.1(a). The solution shall provide the capability for all traffic to be over a SSL/TLS session supporting FIPS 140-2 as specified in section 4.1(a). Security for e-mail services shall support encryption as specified in section 4.1(a). The solution shall provide spam filtering, anti-virus/anti-malware protection, Antiphishing, and screening of inbound and outbound messages. United States Computer Emergency Readiness Team (US-CERT) reportable security events must be reported directly to the NOAA Computer Incident Response Team (N-CIRT) within 15 minutes of detection. The solution shall report all security events to NOAA. The solution shall provide the ability to block specific file types, for example [exe, zip, etc.]. Describe how the solution blocks and reports this activity.

4.1a.02

Encryption

4.1a.03

Filtering

4.1a.04

Blocking

Page |6

Item

Title

Specific Required Features and Capabilities

4.1a.05

Blocking

The solution shall provide the ability to block messages due to a variety of security criteria, for example [subject title, or content] All aspects of the solution shall be available to the user via a single sign-on process. The solution shall integrate with NOAAs Lightweight Directory Access Protocol (LDAP)-based directory services to securely authenticate and authorize users. Describe the method of directory access and security used. All aspects of the solution shall be available to the user via a single sign-on process. The solution shall integrate with NOAAs future Active Directory services to securely authenticate and authorize users. Describe the method of directory access and security used. The solution shall support authentication via Common Access Card (CAC) for all NOAA personnel. The solution shall protect NOAAs data from unauthorized access. Describe the solutions mechanism for providing data protection. The e-mail solution shall support various forms of message and file security. Describe the solutions capabilities for providing security measures such as: (spam filtering, anti-virus/anti-malware protection, anti-phishing, screening outbound messages, limiting auto-forwarding, etc.) These kinds of message and file security functions should be part of the normal operation conducted by the Offeror. The solution shall support the ability to permanently remove an e-mail or document from all internal accounts and from the service providers systems. Describe how, and in what time frame the solution will permanently remove data from the service providers systems. The solution shall provide a means to lock specific user accounts within 30 minutes of notification. The solution must provide a means for change control, configuration management, notification and governance processes with regard to proactive and requested changes. Describe the process for managing change control.

4.1a.06

LDAP

4.1a.07

Active Directory Verified Access Data Protection

4.1a.08 4.1a.09

4.1a.10

General Security

4.1a.11

Deletion

4.1a.12

Account Manageme nt Governanc e

4.1a.13

4.1(b) Messaging and Personal Productivity Services This service shall provide messaging and personal productivity services as defined below: e-mail the Internet Message Access Protocol Server (IMAPS) compliant service provided to the customer that allows authorized end-users to create, send, receive, organize, manage and store e-mail messages. calendar the service provided to the customer that allows authorized end-users to create, organize, and manage events and meetings. contacts the service provided to the customer that allows authorized end-users to create, organize, and manage contacts and associated information listed in a personal and/or organizational wide registry or directory.

Page |7

Item

Title

Specific Required Features and Capabilities

4.1b.01

Domain

The solution shall provide e-mail, calendar, and contact functionality for all personnel with a [noaa.gov] e-mail account The solution shall accommodate the existing e-mail address naming convention (i.e. first.last@noaa.gov and first.middle.last@noaa.gov) and not require existing e-mail addresses to change. The solution shall not require multiple e-mail addresses for any individual NOAA personnel. The solution shall provide the ability to expand to additional accounts in increments of 100 and 500. Describe the process, limitations, and timeliness of expanding to additional accounts. The solution shall be accessible via web browsers commonly used at NOAA, (Item 4.1f.04). Identify which browsers (including mobile devices) are currently supported, any browser plug-ins required, and describe the release management procedures for future browser support. The solution shall be IMAPS (IMAP over SSL) compliant and provide interoperability with existing NOAA and DOC applications requiring IMAPS for communication. Access via insecure protocols such as Post Office Protocol (POP) must be blocked. Describe any limitations of the solution with regard to IMAPS compatibility. The solution shall support attachments up to 35 MB per message. The solution shall provide a minimum of a 25 GB mailbox per account and must be scalable. Describe how the solution will enable the scaling of mailbox sizes above 25 GB. The solution shall provide individuals with the capability to share the access and/or control of objects (such as mailboxes, calendars, schedules, contacts, tasks, etc.) with specific other users (i.e. administrative assistants). The solution shall support and allow for the use of multiple domains (e.g. doc.gov, noaa.gov). The solution shall support authenticated access to shared mailboxes. Describe how the solution provides authenticated access to shared mailboxes. The solution shall provide the ability to establish and maintain mailing lists of internal and external e-mail addresses. Describe this functionality, including any capability for a list to contain other mailing lists (nested lists). Describe any capabilities or limitations for the maintenance of lists and the means by which these lists can be administered and delegated to users not holding system administration privileges. Describe the mechanism to prevent unauthorized users from sending messages to specific e-mail lists. The solution shall provide integrated calendar functionality. The features shall include appointment and meeting scheduling, updating, meeting notification, and shared calendars. This capability shall provide (two-way) synchronization with mobile accounts. Describe how the e-mail solution reacts when a user has exceeded the assigned storage limits for their mailbox and how this will be managed.

4.1b.02

Addresses

4.1b.03

Scalability

4.1b.04

Accessibility

4.1b.05

Client Access

4.1b.06 4.1b.07

Attachments Mailbox Limits

4.1b.08

Delegation

4.1b.09 4.1b.10

Domains Shared Mailboxes

4.1b.11

Mailing lists

4.1b.12

Calendar

4.1b.13

Mailbox Limits

Page |8

Item

Title

Specific Required Features and Capabilities

4.1b.14

Contacts

The solution shall allow users to find other NOAA account contact information, and shared mailing lists within the enterprise. The solution shall include importing existing accounts (user ID creation and transfer of e-mail, calendar and contact information) from the existing system. The solution must also include the transfer of current litigation hold archives and be capable of transferring current and other archived e-mail data to the target system. The solution allows users to create Out of Office notifications/replies. Describe the interval in which the out of office notification is sent. The solution shall provide the capability for individual users of the e-mail solution to set up rules for filtering (blocking), forwarding, or diverting e-mail traffic into managed objects/locations via web interface. Describe any capability to automate e-mail management actions based on message characteristics. While the majority of system administration is anticipated to be a function of the Offeror, certain NOAA personnel will need administrative capability which shall include provisioning/de-provisioning of users, account creation, alias and mailing list creation/management, mailbox and e-mail size constraints, and end-user feature management. Describe the process for managing shared administration. Describe any additional administrative functions which will be available to NOAA personnel. The solution shall include e-mail and calendar data migration. Describe the migration approach for server to cloud and for locally stored e-mail and calendar.

4.1b.15

Importing Accounts

4.1b.16

E-mail Rules

4.1b.17

E-mail Rules

4.1b.18

Administration

4.1b.19

Migration

4.1(c) Mobile Messaging Services This service shall provide centralized remote management and full device synchronization of NOAA owned mobile communication devices. This service will replace NOAAs currently owned Blackberry Enterprise Server (BES).
Item Title Specific Required Features and Capabilities

4.1c.01

Secure Synchronization Device Compatibility

The solution shall provide encrypted (as specified in section 4.1(a)) synchronization to NOAA Blackberry devices to support full synchronization of e-mails, calendars, contacts, etc. Name any smart phone or mobile device operating system in addition to Blackberry that the solution supports and describe how it is deployed. Describe any limitations in integration (such as pushing data, syncing, presence, attachments, and security). Describe the process, limitations, and timeliness of expanding support to additional mobile access accounts and additional mobile device operating systems. The solution shall provide centralized mobile device management with applicable NOAA policy enforcement such as remote wipe capability for stolen or lost devices and password enforcement.

4.1c.02

4.1c.03

Administration

4.1c.04

Security

Page |9

4.1(d) Remote or Intermittent Access Services This service shall provide a method by which users can access their messaging services by means other than from their stationary work site. This includes NOAA ships that currently use onboard mail servers and custom Mail Transfer Agents (MTAs) for communication and synchronization to shore for local messaging when disconnected from the Internet.
Item Title Specific Required Features and Capabilities

4.1d.01

Remote Access

The solution shall support offline capabilities such as availability through connection aware web interfaces and/or non-web based clients. Describe any specific capability the solution may offer for offline activities (reading, writing, and storing). Describe the solutions capability to support objects (such as e-mail, calendar, contact list, task, and/or other features) in this mode. The solution shall support sites with low bandwidth capabilities and/or intermittent access capabilities. Describe how the offeror will support these locations, including offline internal shipboard e-mail. (Internal shipboard e-mail is currently provided via on-board mail servers and custom MTAs). The Offeror may leverage this existing infrastructure or propose an alternative.)

4.1d.02

Intermittent or Limited Access Support

4.1(e) Collaboration Services This service shall provide features that allow users to work concurrently with their co-workers on project teams, across line offices and throughout the enterprise, sharing files and reserving and managing resources such as conference space and equipment, using a unified interface as defined below:
Resource reservations service provided to NOAA that allows authorized endusers to identify, reserve, organize, and manage resources such as conference rooms and audio visual equipment; Functional accounts IMAPS compliant service provided to the customer that allow authorized end-users to create, send, receive, organize, manage and store e-mail messages for a functional role which may be assigned to one or more individuals; and Enterprise distribution lists e-mail feature where lists of e-mail addresses are used to e-mail everyone on the list at once for one way communication and not for coordinating a discussion.

P a g e | 10

Item

Title

Specific Required Features and Capabilities

4.1e.01 4.1e.02 4.1e.03 4.1e.04

Resource Scheduling Document Repository Version Control Unified Interface

The solution shall provide a capability for users to schedule resources (such as conference rooms, phone and web conference slots, communications equipment, etc.) The solution shall provide the capability for users to share and collaborate on documents with internal users and authenticated external customers. Describe the solutions ability to maintain version control (what has changed, who has changed it, and when it was changed.) The solution must provide a unified interface to all collaboration tools. Describe capabilities the solution provides for a single interface to any collaboration tools. The calendar shall provide a mechanism for NOAA personnel to view other NOAA personnels calendars. Describe how the solution will provide this capability and any other calendar features that the solution offers (such as viewing or sharing calendars with external users). Service shall retain original file formats and meta data. Describe additional features, functions and any limitations of the proposed collaboration offering including but not limited to file sharing, instant messaging, web-conferencing, etc.

4.1e.05

Calendars

4.1e.06 4.1e.07

File Integrity Features

4.1(f) Compatibility (Operating Systems, Browser, Desktop Client Applications) The service shall be compatible with operating systems, browsers and client applications commonly in use at NOAA currently.
Item Title Specific Required Features and Capabilities

Compatibility 4.1f.01 Compatibility 4.1f.02 Compatibility 4.1f.03 Compatibility 4.1f.04

The solution shall be compatible with various operating systems, including Red Hat Linux 5, MAC OS 10.6, and Windows XP and Windows 7. Describe how the solution shall be compatible with these operating systems. Additionally describe compatibility with any other operating systems. The solution shall be compatible with various calendar clients, including Outlook 2007, Outlook 2010, and iCalendar. Describe how the solution shall be compatible with these clients. Additionally describe compatibility with any other calendar clients. The solution shall be compatible with various e-mail clients, including Outlook, Thunderbird 3.0, Mac Mail, and Entourage. Describe how the solution shall be compatible with these e-mail clients. Additionally describe compatibility with any other e-mail clients. The solution shall be compatible with various web browsers, including Internet Explorer 7.0 & 8.0, Firefox 3.x, and Safari. Describe how the solution shall be compatible with these browsers. Additionally describe compatibility with any other web browsers.

4.1(g) Archive Solution Offeror shall propose as a separately priced item, an e-mail archive solution. The solution must be independent of the cloud Service Providers infrastructure. The archive is desired as a definitive repository for all NOAA e-mail and calendar data and must comply with all security and data ownership parameters set forth in this acquisition. Messages caught by

P a g e | 11

the e-mail spam filter (see Section 4.1(a)) are not required to be archived. Upon request, with 5 days notice to the Provider, or upon contract end, all data in the archive must be returned to NOAA or, at NOAAs discretion, migrated to a follow on contract Provider. Data must be returned in a format approved by NOAA that retains all metadata as well as actual e-mail and calendar entries. Note, this optional item is separate from the requirements listed in 4.2a. If this option is exercised, it will be an additional level of archive capability not a replacement for the requirements listed in 4.2a.

4.2 Factor 2 Management Approach


4.2(a) Data Retention, and e-Discovery Services

This service shall provide a method of retaining e-mail messages, calendar, and contacts to comply with the Freedom of Information Act (FOIA), State and Federal retention requirements, the Health Insurance Portability and Accountability Act (HIPAA) and agency-specific requirements. The service shall provide e-discovery defined as the ability to search stored e-mail (including encrypted messages where contingency/recovery keys are available) based on specific criteria to provide information for legal and public records requests. Search is the ability to scan e-mails based on specific criteria such as sender, date, subject, content, etc. and produce results for review. Searches for the purpose of compliance with Federal Rules of Civil Procedure, public record requests, court ordered production of electronic records, Inspector General, or internal investigations must support various levels of complexity, across software utilities and their underlying databases.
Item Title Specific Required Features and Capabilities

4.2a.01

Litigation Hold

The solution shall include the ability, upon request, to create a repository for all data and files without affecting the ability of the individual user to manage their data or files. Effectively there is an immutable copy of the account maintained while the individual continues to function normally. The solution shall include an eDiscovery (search and retrieval) capability across archived and active files, which can be executed by select government employees as part of their administrator rights across all accounts. Describe the types of data/files and the robust nature of the search capabilities that the solution can support. Describe any capability the solution may have for individual users and administrators to label electronic documents for retention. Describe any capability to use eDiscovery tools on retained documents and any capability to export these documents as a selected group in a recognized open data format. The solution shall provide retention period in accordance with National Archives and Records Administration (NARA) guidance.

4.2a.02

eDiscovery

4.2a.03

Retention by Users Retention

4.2a.04

P a g e | 12

Item

Title

Specific Required Features and Capabilities

4.2a.05

Records Management

Describe the solutions compatibility and any limitations with commercially available Electronic Document /record Management Systems (EDMS)

4.2(b) Service Availability and Disaster Recovery The service shall provide a guaranteed level of availability at 99.9% and allow the users across the organization to continue to work during and/or soon after a disaster with minimal impact to end-user productivity. Vendor proposals shall include a description of how availability is calculated.
Item Title Specific Required Features and Capabilities

4.2b.01

Availability

Service shall provide at a minimum 99.9% guaranteed availability (including scheduled downtime) for all offered features and functions. The solution shall be kept current throughout the performance period. Describe the solutions approach to updates, patches, and maintenance, as well as, options for administrative control in determining when or if software releases are automatically performed. Describe the solutions notification policy and methodology. The solution must provide mechanisms for disaster recovery and continuity of operations. Describe the approach to disaster recovery and continuity of operations.

4.2b.02

Quality

4.2b.03

Disaster Recovery

4.2(c) Data Restoration Services This service shall provide mechanisms to restore lost or accidentally deleted data.
Item Title Specific Required Features and Capabilities

4.2c.01

Data Restoration

The solution shall provide mechanisms to restore lost or accidentally deleted data. Describe the process, limitations, and timeliness of the solutions capability.

4.2(d) Help Desk Services The service shall provide a help desk that allows NOAA to submit requests for administrative and/or technical support. This service will actively track submitted requests until completion, and provide summary statistics of all help desk activities.

P a g e | 13

Item

Title

Specific Required Features and Capabilities

4.2d.01

24x7 Support

Technical and administrative support for the solution shall be available to NOAA staff on a twenty-four hour, seven day a week (24x7) basis. This shall include trouble shooting service for inquiries, outages, issue resolutions, etc. Describe response times, methods for users to submit requests for assistance, follow up communication processes and proposed interactions with existing NOAA support staffs. Describe additional end user support services provided. Describe the interaction between the provider/vendor helpdesk and NOAA help desks, and what administrative functions will be available to NOAA personnel. The solution must provide mechanisms to validate users are authorized to make certain requests. Describe the process for validating requests are from appropriately authorized NOAA personnel given the nature of the request.

4.2d.02

Policy & Procedure Policy & Procedure

4.2d.03

4.2(e) Migration Strategy and Training The Offeror shall provide a migration strategy. The strategy must ensure minimal end user disruption. The service shall also provide online documentation and interactive tutorials for the customers technical personnel and end users. The documentation and tutorials shall be made available to all customer personnel prior to and after implementation. The documentation shall be kept up to date to encompass changed or new features of the service.
4.2(f) Customer Engagement Policy and Communications Plan

The Offeror shall provide a customer engagement policy and communications plan.
4.2(g) Data Ownership and Export NOAA retains ownership of all data. NOAA data may not be used by the Service Provider for any purpose except for providing service associated with the proposed solution and related reporting to NOAA. Upon termination of this agreement and any time during this agreement, with 5 days notice to the Provider, all data shall be transferred to a NOAAspecified system, in an industry-standard format that is acceptable to NOAA. Upon final data transfer, after verification and validation of data integrity, all data residing on the Providers systems shall be deleted. Confirmation of deletion shall be provided to NOAA upon request.
Item Title Specific Required Features and Capabilities

4.2g.01

Export

The solution shall support the ability to export all NOAA data into a recognized open data format. Describe the formats which will be supported and any limitations.

4.2(h) Performance Management and Reporting

The Offeror shall provide proposed service level agreements (SLAs). The SLAs must be measurable and relevant to ensuring NOAAs requirements are met. The Offeror shall also provide a description of proposed reports including frequency of

P a g e | 14

report delivery and general outline of contents. (Final report formats and SLAs will be negotiated with the Government.)
4.2(i) Program Management and Staffing Plan

The Offeror shall provide a brief description of the proposed program management and staffing plan.
4.2(j) Billing and Administrative Account Management Offeror shall propose as a separately priced item, a service to provide tracking of accounts by line office with the ability to generate invoices by line office. Proposals should include options for monthly, quarterly and annual invoice cycles. 5 MODIFICATIONS TO SERVICE LEVEL AGREEMENTS Since this contract has a potential life span of three years, changes in operations and capabilities are anticipated. Modifications to the Service Providers Service Level Agreements may be made and be mutually agreed upon by both the Government and the Service Provider. Either party may propose modifications to the SLAs for consideration. Approved modified SLAs will become part of the task order and form the basis for future performance standards. 6 GOVERNMENT ROLES AND RESPONSIBILITIES The following personnel shall oversee and coordinate surveillance activities. Contracting Officer (CO) The CO will ensure performance of all necessary actions for effective contracting, compliance with the task order terms, and will safeguard the interests of the United States in the contractual relationship. The CO shall also assure that the Service Provider receives impartial, fair, and equitable treatment under this task order. The CO (and COTR) are responsible for monitoring adequacy of the Service Providers performance. Assigned CO: Anthony S. Kram Organization or Agency: US Department of Commerce NOAA E-mail: Anthony.S.Kram@noaa.gov The CO or designee will coordinate a pre-proposal conference approximately one week after solicitation release. Offerors are encouraged to participate in the pre-proposal conference. Contracting Officers Technical Representative (COTR) The COTR is responsible for technical administration of the task order and will assure proper Government surveillance of the Service Providers performance. The COTR provides technical direction to the Provider within the scope of the task order. The COTR will keep a quality assurance file. This file will show how the Service Providers performance has been tracked and detail any anomalies or issues in the course of the task order execution. When an operational issue has been identified, upon option year renewal,

P a g e | 15

and at conclusion of the task order, or when requested by the CO, the COTR will provide documentation to the CO. The COTR is not empowered to make any contractual commitments or to authorize any contractual changes on the Governments behalf. The Service Provider shall refer any changes that may affect task order price, terms, or conditions to the CO for action. Assigned COTR: Cliff Schoenberger E-mail: Cliff.Schoenberger@noaa.gov

Government Task Lead A Government task lead will be assigned at task order award to work closely with the successful offeror to coordinate schedules, plan the migration and training and provide oversight. 7 DELIVERABLES
Table 2.0: Deliverables

Item

Deliverable Description

Due Date (Days Postaward)

Delivered To

2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8

Risk Management Plan Quality Assurance Plan (QAP) Migration Plan End user training (via web interface) available Technical training documents Continuity of Operations and Disaster Recovery plan Final Security Accreditation documents Security and performance reports

15 calendar days 30 calendar days 30 calendar days 45 calendar days 45 calendar days 60 calendar days 90 calendar days 3rd day of each month

CO/COTR/Government Task Lead CO/COTR/Government Task Lead CO/COTR/Government Task Lead COTR/Government Task Lead COTR/Government Task Lead COTR/Government Task Lead COTR/Government Task Lead COTR/Government Task Lead

P a g e | 16

OPTIONAL SERVICES DELIVERABLES The following deliverables are associated with proposed optional services 4.1g and 4.2j. In the event optional services are selected, optional service deliverables associated with the options selected shall be in force.
Table 3.0: Optional Service Deliverables

Item

Deliverable Description

Due Date (Days Postaward)

Delivered To

3.1(a)

Archive technical design Applicable to optional requirement 4.1g Archive implementation planApplicable to optional requirement 4.1g Billing and Administrative Account Management Plan Applicable to optional requirement 4.2j

30 calendar days

COTR/Government Task Lead COTR/Government Task Lead COTR/Government Task Lead

3.1(b)

60 calendar days

3.2

60 calendar days

P a g e | 17

Appendix A - Acronyms

Acronyms BES C&A CIO CO COTR DOC FAR FIPS FOIA GFE HIPAA IMAPS IT MTA NIST NOAA OMB PRS PWS QASP SLA TB UMS BlackBerry Enterprise Server Certification & Accreditation Chief Information Officer Contracting Officer Contracting Offices Technical Representative Department of Commerce Federal Acquisition Regulation Federal Information Processing Standard Freedom of Information Act Government Furnished Equipment Health Insurance Portability and Accountability Act Internet Message Access Protocol over Secure Sockets Information Technology Mail Transfer Agent National Institute of Standards and Technologies National Oceanic and Atmospheric Administration Office of Management and Budget Performance Requirements Summary Performance Work Statement Quality Assurance Surveillance Plan Service Level Agreement Terabyte Unified Messaging Service

P a g e | 18

You might also like