Fill and Sign the Carefirst State of Maryland Claim Form Address 2011

A Statement of Work (SOW) is typically used when the task is well-known and can be described in specific terms. Statement of Objective (SOO) and Performance Work Statement (PWS) emphasize performance-based concepts such as desired service outcomes and performance standards. Whereas PWS/SOO's establish high-level outcomes and objectives for performance and PWS's emphasize outcomes, desired results and objectives at a more detailed and measurable level, SOW's provide explicit statements of work direction for the contractor to follow. However, SOW's can also be found to contain references to desired performance outcomes, performance standards, and metrics, which is a preferred approach. The Table of Content below is informational only and is provided to you for purposes of outlining the PWS/SOO/SOW. This sample is not all inclusive, therefore the reader is cautioned to use professional judgment and include agency specific references to their own PWS/SOO/SOW.    B.1 GENERAL DESCRIPTION............................................................................................................................. 4 B.2 ORDER TYPE ................................................................................................................................................. 4 B.3 SERVICES AND PRICES/COSTS.................................................................................................................. 4 B.3.1 BASE PERIOD ............................................................................................................................................ 4 B.4 INDIRECT/MATERIAL HANDLING RATE ................................................................................................ 5 B.5 INCREMENTAL FUNDING........................................................................................................................... 5 B.5.1 INCREMENTAL FUNDING LIMITATION OF GOVERNMENT’S OBLIGATION .............................. 5 C.1 PURPOSE ........................................................................................................................................................ 5 C.2 BACKGROUND .............................................................................................................................................. 6 C.2.1 AGENCY MISSION.................................................................................................................................... 6 C.3 SCOPE AND OBJECTIVES............................................................................................................................ 8 C.4 TASKS ............................................................................................................................................................. 8 C.4.1 TASK 1 – PROGRAM MANAGEMENT SUPPORT ................................................................................ 8 C.4.2 TASK 2 – ENTERPRISE ARCHITECTURE SUPPORT ......................................................................... 12 C.4.3 TASK 3 – CAPITAL PLANNING SUPPORT .......................................................................................... 15 C.4.4 TASK 4 – PROJECT MANAGEMENT SUPPORT ................................................................................. 17 C.4.5 TASK 5 – IT SECURITY SUPPORT........................................................................................................ 19 C.4.6 TASK 6 – CONFIGURATION AND CHANGE MANAGEMENT ......................................................... 22 C.4.7 TASK 7 – END-USER SUPPORT (eus) MANAGEMENT...................................................................... 22 C.4.8 TASK 8 – SYSTEMS ADMINISTRATION ............................................................................................. 24 C.4.9 TASK 9 – MAINTENANCE OF PRODUCTION APPLICATIONS AND DATABASES ..................... 30 C.4.10 C.5 TASK 10 – SYSTEMS DEVELOPMENT PROJECTS ........................................................................ 32 SECTION 508 COMPLIANCE REQUIREMENTS ......................................................................................39 Service Platform and Infrastructure _ IT Services Page 1 of 63 D.1 PRESERVATION, PACKAGING, PACKING, AND MARKING............................................................... 39 E.1 FAR CLAUSES INCORPORATED BY REFERENCE................................................................................ 40 E.2 PLACE OF INSPECTION AND ACCEPTANCE ........................................................................................ 40 E.3 SCOPE OF INSPECTION ............................................................................................................................. 40 E.4 BASIS OF ACCEPTANCE............................................................................................................................ 40 E.5 DRAFT DELIVERABLES ............................................................................................................................ 41 E.6 WRITTEN ACCEPTANCE/REJECTION BY THE GOVERNMENT ......................................................... 41 E.7 NON-CONFORMING PRODUCTS OR SERVICES ................................................................................... 41 F.1 FAR CLAUSES INCORPORATED BY REFERENCE................................................................................ 41 F.2 PERIOD OF PERFORMANCE ..................................................................................................................... 42 F.3 PLACE OF PERFORMANCE ....................................................................................................................... 42 F.4 DELIVERABLES .......................................................................................................................................... 42 F.5 PLACE(S) OF DELIVERY............................................................................................................................ 47 F.6 NOTICE REGARDING LATE DELIVERY/PROBLEM NOTIFICATION ................................................ 47 REPORT ........................................................................................................................................................ 47 G.1 CONTRACTING OFFICER’S REPRESENTATIVE ................................................................................... 47 G.2 INVOICE SUBMISSION............................................................................................................................... 47 G.2.1 INVOICE REQUIREMENTS.................................................................................................................... 48 G.3 CONTRACT ADMINISTRATION ............................................................................................................... 50 G.4 LIMITATION OF FUNDS ............................................................................................................................ 50 H.1 FAR CLAUSES INCORPORATED BY REFERENCE................................................................................ 50 H.2 KEY PERSONNEL ........................................................................................................................................ 51 H.2.1 PROGRAM MANAGER ........................................................................................................................... 51 H.2.2 PROJECT MANAGEMENT OFFICER .................................................................................................... 51 H.2.3 SOFTWARE DEVELOPMENT LEAD .................................................................................................... 52 H.2.4 INFRASTRUCTURE LEAD ..................................................................................................................... 52 H.2.5 INFORMATION ASSURANCE LEAD.................................................................................................... 52 H.2.6 KEY PERSONNEL SUBSTITUTION ...................................................................................................... 53 H.3 GOVERNMENT FURNISHED PROPERTY (GFP)..................................................................................... 53 H.4 GOVERNMENT FURNISHED INFORMATION (GFI) .............................................................................. 53 H.5 SECURITY REQUIREMENTS ..................................................................................................................... 54 H.5.1 SECURITY STANDARDS ....................................................................................................................... 54 H.5.2 SECURITY AND BACKGROUND CHECK ........................................................................................... 54 H.5.3 INTERCONNECTIONS TO FACILITIES AND/OR INFORMATION TECHNOLOGY SYSTEMS ... 55 H.5.4 TERMINATION OF AN INDIVIDUAL FROM THE CONTRACT SERVICE ...................................... 55 H.6 H.6.1 ORGANIZATIONAL CONFLICT OF INTEREST AND NON-DISCLOSURE REQUIREMENTS.......... 55 ORGANIZATIONAL CONFLICT OF INTEREST .................................................................................. 55 Service Platform and Infrastructure _ IT Services Page 2 of 63 H.6.2 NON DISCLOSURE REQUIREMENTS .................................................................................................. 55 H.7 CONTRACTOR’S PURCHASING SYSTEMS ............................................................................................ 56 H.8 EARNED VALUE MANAGEMENT ............................................................................................................ 56 H.9 TRAVEL ........................................................................................................................................................ 57 H.9.1 TRAVEL REGULATIONS ....................................................................................................................... 57 H.9.2 TRAVEL AUTHORIZATION REQUESTS ............................................................................................. 57 H.9.3 TRIP REPORTS ........................................................................................................................................ 58 H.10 ODC AND TOOLS .................................................................................................................................... 58 H.11 TRANSFER OF HARDWARE/SOFTWARE MAINTENANCE AGREEMENTS ................................. 58 H.12 AWARD FEE ............................................................................................................................................ 59 H.12.1 ESTABLISHMENT AND DETERMINATION OF AWARD FEE ..................................................... 59 H.12.2 PROVISIONAL AWARD FEE PAYMENTS ...................................................................................... 59 H.12.3 AWARD FEE DETERMINIATION PLAN (AFDP) ............................................................................ 59 H.12.4 DISTRIBUTION OF AWARD FEE ..................................................................................................... 60 H.13 TRANSITION IN ...................................................................................................................................... 60 H.14 TRANSITION OUT................................................................................................................................... 60 H.15 PRIVACY ACT ......................................................................................................................................... 60 H.16 DATA RIGHTS ......................................................................................................................................... 60 H.17 WORK HOURS ......................................................................................................................................... 61 H.18 TASK ORDER CLOSEOUT ..................................................................................................................... 61 H.19 PAST PERFORMANCE INFORMATION ............................................................................................... 61 H.20 RATE REOPENER.................................................................................................................................... 61 I.1 FEDERAL ACQUISITION REGULATION (48 CFR CHAPTER 1) SOLICITATION CLAUSES (http://www.arnet.gov/far/) .......................................................................................................................................... 62  Service Platform and Infrastructure _ IT Services Page 3 of 63 STATEMENT OF WORK PROJECT NAME & ID: ______________ May 1, 2011 NOTE: Section B of the contractor’s Alliant Contract is applicable to this Task Order and is hereby incorporated by reference. In addition, the following applies: B.1 GENERAL DESCRIPTION The work shall be performed in accordance with all sections of this task order and the Offeror’s Basic Contract, under which the resulting task order will be placed. B.2 ORDER TYPE The contractor shall perform the effort required by this task order on a Cost Plus Award Fee (CPAF) basis for CLINs 0001, 0002, 0003, and a Not to Exceed (NTE) basis for CLINs 0004, 0005, 0006, and 0007. B.3 SERVICES AND PRICES/COSTS The following abbreviations are used in this price schedule: • CLIN: Contract Line Item Number • CPAF: Cost Plus Award Fee • NTE: Not To Exceed • ODC: Other Direct Cost B.3.1 BASE PERIOD LABOR CLINs CLIN 0001 CLIN 0002 Description Estimated Cost Award Fee Total Estimated Cost Plus Award Fee Estimated Cost Award Fee Total Estimated Cost Plus Award Fee General Labor (Tasks 1–8) Description Business App. Maintenance Labor (Task 9) Service Platform and Infrastructure _ IT Services Page 4 of 63 CLIN 0003 Description Estimated Cost Total Estimated Cost Plus Award Fee Award Fee Systems Development Labor (Task 10) TRAVEL, TOOLS and ODCs CLINs CLIN Description 0004 Travel Including Indirect Handling Rate 0005 Tools Including Indirect Handling Rate NTE 0006 ODCs Including Indirect Handling Rate NTE 0007 Contract Access Fee NTE B.4 Total Ceiling Price NTE INDIRECT/MATERIAL HANDLING RATE Travel, Tools, and ODC costs incurred may be burdened with the contractor’s indirect/material handling rate if one is entered in the contractor’s basic contract (contractor to enter amount, but not to exceed the ceiling rate of the basic contract) and such indirect/material handling rate is not included in the fully burdened labor rate. B.5 INCREMENTAL FUNDING B.5.1 INCREMENTAL FUNDING LIMITATION OF GOVERNMENT’S OBLIGATION Incremental funding for CLINs 0001 through 0007 is currently allotted and available for payment by Government. Additional incremental funding for these CLINs will be allotted and available for payment by Government as the funds become available. The estimated period of performance the Government covered by the allotments for the mandatory CLINs is from award through xxx, unless otherwise noted in Section B.4. The task order will be modified to add funds incrementally up to the maximum of xxxxx over the performance period of this TO. These allotments constitute the estimated cost for the purpose of FAR Clause 52.232-22, Limitation of Funds, which applies to this task order on a CLIN-by-CLIN basis. SECTION C – PERFORMANCE BASED STATEMENT OF WORK NOTE: Section C of the contractor’s Alliant Contract is applicable to this Task Order and is hereby incorporated by reference. In addition, the following applies: C.1 PURPOSE The purpose of this acquisition is to procure Information Technology (IT) services to support the mission of an agency of the United States. Government requires the full range of IT services in order to develop and deliver new products, support high employee productivity, develop and maintain new IT systems, and design, deploy, and maintain the underlying infrastructure for aforementioned activities. The IT services required are those consistent with the mission of the Office of Chief Information Officer, they include: • Enterprise architecture support • Capital planning support • IT project management support • IT security support Service Platform and Infrastructure _ IT Services Page 5 of 63 • Configuration and change management support • End-User Support Services (EUSS) • Infrastructure Management • Systems administration (hardware and Commercial-Off-the-Shelf (COTS) software for end-user equipment, local area network, wide area network, hosting servers, database systems administration) • Data center management (primary and secondary sites) • IT asset procurement and management • Maintenance of COTS and developed applications, to include reconfiguration and minor changes arising from environment or program changes • System development projects (formulating, planning, and implementing integrated solutions of hardware, software, databases, procedures, documentation and training) • Program and Portfolio Management support The Contractor shall assist Government in transforming the crop insurance program into a broad-based safety net for producers to assure that American agriculture remains solid, solvent, and globally competitive. C.2 BACKGROUND This section provides background regarding agency’s mission, organization, and current IT support. It is intended to acquaint the reader with the agency. It is not intended to be prescriptive as to service approaches or solutions. C.2.1 AGENCY MISSION Government's mission is to promote, support, and regulate sound risk management solutions to preserve and strengthen the economic stability of America's agricultural producers. As a part of this mission, the agency operates and manages the Federal Crop Insurance Corporation (FCIC). The Administrator serves as the manager of the FCIC Board of Directors. The CIO provides innovative, integrated IT solutions to support agency’s mission. These solutions utilize COTS platforms to the greatest possible extent, to minimize the need for application coding, maximize performance and flexibility, and lower maintenance cost. IT planning, budgeting, and support are centralized under the CIO, who reports to the agency head. The CIO has instituted various controls, to include: • Creating enterprise IT policies and procedures and enforcing these via designated monitors • Maintaining separation of duties, strict internal controls, audit trails, documentation requirements • Enforcing controls so only approved hardware and software are added into the IT inventory and environments • Formalizing Change Control Boards (CCBs) and utilizing Change Management (CM) procedures and software • Enforcing use of standardized COTS platforms, development tools, utilities, and coding languages • Using industry standards and best practices and Conducting centralized IT project management Service Platform and Infrastructure _ IT Services Page 6 of 63 The concept of operations is simple: • Build and maintain the enterprise architecture (EA) and strategic plan • Continuously analyze the EA to identify new requirements and plans in accordance with management priorities • Use these plans to develop projects within the investment portfolio • Seek approval and funding support through the federal CPIC process • Execute projects to implement improvements and mandated changes • Control and maintain the IT environment for optimal operations • Support the End-Users through training and assistance on how to use the technology effectively The contractor shall support and promulgate this vision at all times. C.2.1.1 CURRENT GOVERNMENT WORKLOAD The information below provides sample workload data to include Help Desk ticket workload statistics for field offices (not Washington DC support). • Historical data is representative but is not a guarantee of future workload demands • The specific data provided is a sample, not a complete inventory of the workload • Some of the data are estimates rather than exact counts • From January 1, 2007-December 31, 2008 HelpDesk had 17,985 tickets. These include everything from requests for equipment, requests for software, requests for assistance with specific software, password resets, to more complex requests for 2nd and 3rd tier support • From January 1, 2009-December 31, 2009 HelpDesk had 18,557 tickets • From January 1, 2007-December 31, 2008 Change Control Board had 481 requests to change the Agency Infrastructure • From January 1, 2009-December 31, 2009 Change Control Board had 263 requests to change the Agency Infrastructure • From January 1, 2009-December 31, 2009 Change Control Board had 1075 requests to change the Agency’s Business Systems • From January 1, 2008-December 31, 2008 Change Control Board had 1206 requests to change the Agency’s Business Systems • From January 1, 2007-December 31, 2007 Change Control Board had 1119 requests to change the Agency’s Business Systems • All systems, even those classified as Steady State, are subject to ongoing maintenance and other modifications Service Platform and Infrastructure _ IT Services Page 7 of 63 C.3 SCOPE AND OBJECTIVES This is a performance-based task order that will be managed by Government through the use of Service Level Agreements and an overarching incentive structure (See Section H.12) to maximize successful contractor performance. Using Industry best practices, the standards described in the SOW and elsewhere in this solicitation, the contractor shall develop applications under the Project Phase III to replace legacy financial application systems. The contractor shall operate and maintain the infrastructure, to include End-User (helpdesk and desktop) support, throughout the life of the Task Order. The contractor shall provide support at the following locations: Government Site Washington, DC Kansas City, MO 10 Regional Offices (RSOs) 6 Compliance Offices Tarleton Univ. Number of Government Personnel 100-120 170-180 15-19 per office 12-18 per office 1 The contractor shall provide on-site support in the Kansas City and Washington DC offices. On-site support shall be supplied to field offices, Eagan, MN, and other sites as needed. The contractor shall also support teleworking. C.4 TASKS The Contractor shall perform the following tasks: • Task 1 Program Management Support • Task 2 Enterprise Architecture Support • Task 3 Capital Planning Support • Task 4 Project Management Support • Task 5 IT Security and Audit Support • Task 6 Configuration and Change Management • Task 7 End–User Support Management • Task 8 Systems Administration • Task 9 Maintenance of Production Applications and Databases • Task 10 System Development Projects C.4.1 TASK 1 – PROGRAM MANAGEMENT SUPPORT The contractor shall provide program management support under this Task Order. This includes the management and oversight of all activities performed by contractor personnel, including subcontractors, to satisfy the requirements identified in this Statement of Work (SOW). The contractor shall identify a Program Manager (PM) by name, who shall provide management, direction, administration, quality assurance, and leadership of the execution of this task order. C.4.1.1 SUBTASK 1 – COORDINATE A PROJECT KICKOFF MEETING The contractor shall schedule and coordinate a Project Kick-Off Meeting at the location approved by Government. The meeting will provide an introduction between the contractor personnel and Government personnel who will be involved with the task order. The meeting will provide the opportunity to discuss technical, management, and security issues, and travel authorization and reporting procedures. At a minimum, the attendees shall include vital Service Platform and Infrastructure _ IT Services Page 8 of 63 contractor personnel, relevant Government personnel, and Contracting Officer’s Representative (COR). The contractor shall provide the following at the kickoff meeting: • Roles and responsibilities • Government-furnished information • Monthly meeting dates • POCs • Performance metrics/SLAs • Security requirements • Task order transitioning process and timeframes • Prioritization of contractor activities The contractor shall prepare a Contract Kick-off Agenda that includes at a minimum the above referenced items. C.4.1.2 SUBTASK 2 – PREPARE A MONTHLY STATUS REPORT (MSR) The contractor Task Order Program Manager shall provide a Monthly Status Report (MSR) that briefly summarizes the following information by task utilizing the specified format. The contractor shall deliver the MSR by the 10th of each month via electronic mail to the COR. The MSR shall include the following: • Number of hours billed for the task for that month • Deviation of SPI or CPI from established (10%) threshold from baseline from budget and ceiling • If (10%) deviation occurs plans for correction/reduction in coming months • CRs Completed • CRs Still in Progress • Notable accomplishments • Cost savings (with specific examples) • Efficiencies gained (with specific examples - i.e., reduced lines of code, streamlined operations scripts, eliminated database redundancies, and the systems/processes in which they occurred) • Significant problems resolved • Significant problems unresolved • Upcoming activities of note Format: • One page coversheet • No more than 3 pages per task • Moderate margins • 12 pt. Arial Service Platform and Infrastructure _ IT Services Page 9 of 63 Status Report may have the following attachments as needed: • Detailed list of tools and ODC’s purchased during the reporting period • Proposals for Consideration C.4.1.3 SUBTASK 3 – PREPARE AND UPDATE PROGRAM MANAGEMENT PLANS The contractor shall develop and deliver a Draft and Final Program Management Plan (PMP) that is based on the contractor’s proposed solution. Upon Government approval, the Contractor shall execute the PMP. The contractor shall provide PMP Updates throughout the task order performance period as changes in management items occur. The contractor shall update all appropriate sections of the PMP that are affected by these changes. At all times, the Contractor shall operate under a Government-approved PMP. The PMP shall address both operational (Help Desk, Network Operations, system maintenance, operational IT Security, infrastructure, etc.) and developmental (EITA, CIMS, other software development, IT Security for system development, etc.) tasks. The PMP shall address the WBS and other topics for operational tasks at a suitable summary level. The PMP shall address all topics for developmental tasks in detail. EVM measures apply to developmental tasks; the contractor shall use operational analysis methods to track the performance of operational tasks. The PMP shall conform to the specifications in the PMBOK and shall incorporate the following elements and subordinate plans: • Project Charter (provided as Government Furnished Information [GFI]) • Description of the project management approach – summary of subordinate plans • Scope Statement (GFI) • WBS • Detailed cost estimates, schedule start dates, and responsibility assignments • Major milestones and their target dates and project network diagram • Key staff • Key risks • Subsidiary Management Plans, including… • Scope Management Plan* • Cost Management Plan* • Schedule Management Plan* • Quality Management Plan • Staff Management Plan* • Risk Management Plan • Communications Management Plan • Subcontracting Procurement Management Plan (including small business)* • Training Plan *Some PMP elements may be GFI, excerpts from the TOR or Technical Proposal, or from some other source. Service Platform and Infrastructure _ IT Services Page 10 of 63 Note: The Government tracks each CPIC investment with a separate set of PM documents (FMS, CIIS, SDA, IMST, EITA & CIMS). The contractor shall provide the PMP and its subordinate plans in a format suitable for use in CPIC-investment specific PMPs, as jointly agreed by the Government and contractor after award. C.4.1.4 SUBTASK 4 – CONDUCT Program review BRIEFINGS The contractor shall prepare a quarterly Program Review Briefing to present to the Government. The Program Review Briefing is focused on a high-level presentation of information already discussed and presented in other reports. The contractor briefing shall contain, but is not limited to, the following: • Current Task Order financial status • Progress toward milestones • Changes in support during the period • Issues and risks • Status towards SLAs and performance metrics C.4.1.5 SUBTASK 5 – PREPARE Meeting and review minutes At the discretion of the Government, the contractor shall prepare and deliver Meeting and Review Minutes for all meetings and reviews in which the Government requires the contractor’s attendance. At a minimum the minutes shall contain the following: • Date and place • Attendees • Purpose of meeting/review • Brief description of items discussed • Results • Action items C.4.1.6 SUBTASK 6 – PREPARE TRIP REPORTS All contractor travel shall be preapproved by the COR. The Government will identify the need for a Trip Report (if required) when the request for travel is submitted. The contractor shall keep a summary of all long-distance travel, to include, at a minimum: • Dates of travel • Persons traveling • Purpose of travel • Expenses associated with travel • Supporting Documentation • Results • Action items Service Platform and Infrastructure _ IT Services Page 11 of 63 C.4.1.7 SUBTASK 7 - PREPARE PROBLEM NOTIFICATION REPORTS The contractor shall be responsible for bringing to the attention of the COR any problems or potential problems in performing assigned tasks. Subsequent to verbal notification, a written Problem Notification Report (PNR) shall be submitted within three work days after identification of the problem. C.4.1.8 SUBTASK 8 - PROVIDE TRANSITION PLANNING SUPPORT The contractor shall prepare a Transition-In Plan update for inclusion in the monthly Status Report, until such time as all tasks have been transitioned over to this Task Order. The Transition-In Plan is due NLT 5 work days after Task Order award. The contractor shall also provide a plan for transitioning out upon completion of this Task Order. The TransitionOut Plan shall be due NLT 90 calendar days prior to the end of the task order. Upon Government approval, the contractor shall implement its Transition-Out Plan. C.4.2 TASK 2 – ENTERPRISE ARCHITECTURE SUPPORT The Contractor shall perform all tasks in conjunction with CIO Enterprise Architecture Office staff. The contractor shall develop and maintain Business Process architecture through the following tasks: • Gather information through interviews of functional area stakeholders • Decompose functions into process diagrams • Identify gaps with those processes and document options on how to improve them through defining requirements and validating process diagrams • Identify which processes are supported by an application, what data support a process, and what technology infrastructure is in place to support a process • Relate organizational units to business processes, and validate business architecture with subject matter experts. In support of the efforts, the Contractor shall produce the following deliverables, according to the schedule defined in the Government-approved Project Plan: • Business process diagrams with narrative descriptions • Process-to-application matrix • Data-to-process matrix • Technology-to-process and organization-to-process matrix. The contractor shall develop and maintain Information Architecture through the following tasks: • Create data inventory (data dictionary) • Create entity relationship diagrams (ERD) (or UML class diagram) • Relate entities to the business processes • Relate entities to organizations and validate information architecture with subject matter experts Service Platform and Infrastructure _ IT Services Page 12 of 63 In support of the efforts, the Contractor shall produce the following deliverables, according to the schedule defined in the Government-approved Project Plan: • Data dictionary • ERD • Business process-to-data CRUD matrix • Organization-to-data-matrix • Guidance documents for data standards The contractor shall develop and maintain Application Architecture through the following tasks: • Develop an application inventory • Develop an application interface inventory • Develop application/system architecture diagrams • Relate applications to business processes and entities • Relate organizations to applications and validate the application architecture with subject matter experts. In support of the efforts, the Contractor shall produce the following deliverables, according to the schedule defined in the Government-approved Project Plan: • Catalog of existing information products, applications, software, and databases • Application architecture diagrams (current and target) • Matrices cross-referencing business process to applications, data usage by application, and organization units to applications The contractor shall develop and maintain Infrastructure architecture through the following tasks: • Document the technology inventory/standards profile, networks and servers • Relate applications to servers and servers to networks • Assess the technology architecture and validate the infrastructure architecture with subject matter experts In support of the efforts, the Contractor shall produce the following deliverables, according to the schedule defined in the Government-approved Project Plan: • Technology inventory with standards profile • Application-to-server/technology matrix • Server and network inventories • Server network connectivity matrix C.4.2.1 SUBTASK 1 - PROGRAM SUPPORT The contractor shall support the drafting of Enterprise Architecture standards and procedures IAW OMB’s FEA Guidelines (www.whitehouse.gov/omb/e-gov/fea/) and the following EA reference models: Service Platform and Infrastructure _ IT Services Page 13 of 63 • Performance Reference Model • Business Reference Model • Service Component Reference Model • Data Reference Model • Technical Reference Model The contractor shall support Business Process analysis, modeling, and artifact development with approved EA tools (MEGA). The contractor shall develop and maintain EA SharePoint Sites. The contractor shall support applicable standards that include any official updates promulgated by the FEA program management office over the life of this Task Order. The contractor shall serve as a Technical Writer in drafting Enterprise Architecture standards and procedures; C.4.2.2 SUBTASK 2 - TECHNICAL OPERATIONS AND SUPPORT The contractor shall develop SDLC artifacts (i.e. SDLC documents, models/database schemas, data dictionary, etc.) by phase in accordance with the agency SDLC The contractor shall import SDLC artifacts from their native format into the agency EA Development repository following each SDLC Phase Gate Review and ensuring accuracy and completeness of imports; The contractor shall support agency’s efforts to integrate its SDLC, EA practices with the CPIC planning process. The contractor shall prepare and submit existing and current state architecture or baseline inventory artifacts in format suitable for import into the agency EA repositories. The Contractor shall maintain existing artifacts in the MEGA tool. While serving as a Data Architect performing Data Management and Administration activities, the contractor shall update and maintain the Business Technology Manager application and content, and applying FEA Data Reference Model approach to Data Description, Data Context, and Data Sharing when developing data artifacts (i.e. data entities, data dictionaries, data models, database models) and leveraging existing data assets to increase information sharing opportunities The contractor shall apply the FEA Technical Reference Model approach for reuse and standardization of technology and Service Components; and Service Platform and Infrastructure _ IT Services Page 14 of 63 The contractor shall maintain and upgrade EA tools and repository software (MEGA) during the lifecycle of this task order. C.4.2.3 SUBTASK 3 - REVIEWS • The contractor shall review information architecture artifacts; i.e., systems, data, databases, applications, etc. and technical architecture artifacts; i.e., network, telecommunications, desktop, etc. • The contractor shall assure EA best practices are utilized and EA Principles and CIO standards are followed in the design, construction, testing and implementation of business, information and technical architectures. • The contractor shall ensure that its activities, whether related to contractor management, architecture, operations, or business systems do not result in negative audit findings due to contractor non-adherence to known agency CIO policies and procedures or due to deviation from generally accepted EA and IT practices and principals. • The contractor shall ensure that existing IT systems and newly developed IT systems for RMA conform to agency standards and To-Be Enterprise Architecture and data naming standards. C.4.3 TASK 3 – CAPITAL PLANNING SUPPORT The contractor shall support all facets of Capital Planning during all phases of the CPIC process by providing artifacts, metrics, updates, and costs regarding Agency systems and Investments on key delivery dates. Due to schedules outside of the Agency’s control, the contractor may be asked to provide support in an abbreviated timeframe. Failure to provide items timely, or the submission of poor quality products may result in the Agency being placed on a Watch List, receiving a poor score on public rating websites, or having part or all of the budget supporting task order activities being rejected, reduced, or otherwise negatively impacted. Artifacts, metrics, costs, and updates shall be appropriately vetted through agency’s Deputy CIO and responsible CIO management official (for example, security artifacts shall be cleared through the security officer) prior to delivery. In the event an artifact or other deliverable has not changed since the previous reporting cycle, the document shall be updated with the current delivery date on any cover sheet and an internal review log that reflects that date and the point of contact who signed off on the review. The contractor shall provide the following deliverables by the prescribed due date: XXXX 15th of Each Year: • Security Plan by Investment; • Certification & Accreditation by Investment • Privacy Impact Assessment by Investment XXXX 15th of Each Year: • Alternatives Analysis by Investment • Operational Analysis by Investment Service Platform and Infrastructure _ IT Services Page 15 of 63 XXXX 1st of Each Year: • Spreadsheet of all hardware licenses and the projected cost for the BY+2 (ex: in 2010, 2012 data will be provided) • Spreadsheet of all software licenses and the projected cost for the BY+2 • Spreadsheet of all service agreements and the projected cost for the BY+2 • Spreadsheet of all projected labor costs by system for the BY+2 • Spreadsheet of all projected labor costs by infrastructure activity for the BY+2 • Spreadsheet of all projected hosting costs for the BY+2 • Spreadsheet of all anticipated lifecycle replacement items and costs for the BY+2 XXXX 15th of Each Year: • Telecommunications Plan • Telecommunications Operational Requirements • Telecommunications Services Diagram • Telecommunications Diagram • Telecommunications Costs • General Telecommunications Requirements • Telecom To Be Diagram • Telecom As Is Diagram XXXX 15th of Each Year: • AAR Table A Acquisition Categories by System, by Investment for BY+1 (ex: in 2010, 2011 data will be provided) • AAR Detailed HW SW List by System, by Investment for BY+1 • Spreadsheet of all hardware licenses and the projected cost for the BY+1 • Spreadsheet of all software licenses and the projected cost for the BY+1 • Spreadsheet of all service agreements and the projected cost for the BY+1 • Spreadsheet of all projected labor costs by system for the BY+1 • Spreadsheet of all projected labor costs by infrastructure activity for the BY+1 • Spreadsheet of all projected hosting costs for the BY+1 • Spreadsheet of all anticipated lifecycle replacement items and costs for the BY+1 XXXX 15th of Each Year: • Spreadsheet of all hardware licenses and the actual cost for the PY (for the prior year or FY that just closed in September) • Spreadsheet of all software licenses and the actual cost for the PY Service Platform and Infrastructure _ IT Services Page 16 of 63 • Spreadsheet of all service agreements and the actual cost for the PY • Spreadsheet of all actual labor costs by system for the PY • Spreadsheet of all actual labor costs by infrastructure activity for the PY • Spreadsheet of all actual hosting costs for the PY Due to the nature of capital planning reporting, ALL IT costs must be accounted for in any given reporting cycle. Costs for Task 1, Program Management shall be linked to one or more investments. On Demand (As Requested by Oversight Agencies or Required by CPIC Phase): • Section 508 Review • Justifications and metrics to support technical and business decisions • Converting technical information into user friendly non-technical formats for dissemination to executives in and out of the agency • 4-6 random data calls each year from Congressional Committees, OMB, OCIO, and GAO on a variety of topics (past requests have included: Number of contractors on duty; names of prime and sub-contractor companies in use; lines of code in use; number of web applications in use; number of public facing applications; etc.) • Cost Benefit Analysis by Investment In the event any artifacts, metrics, costs, or updates provided by the contractor are rejected by OCIO, OMB, or other oversight entity, they will be returned to the contractor for corrective action. The contractor shall perform the prescribed corrective actions before the due date established by the oversight entity. C.4.4 TASK 4 – PROJECT MANAGEMENT SUPPORT The contractor shall be responsible for keeping all contractor project plans developed during the course of the task order resource loaded, up-to-date, and stored in Project Server repository. The contractor shall also be responsible for: • Supporting government staff to ensure that project plans are current and up-to-date in the Project Server repository • Assuring that team members update task status weekly in Project Server • Managing, tracking, and controlling projects such that the CPI and SPI indicators for all first and second level WBS tasks and milestones fall within 0.91 to 1.09 • Proposing management actions to correct deviations and tracking status via a Corrective Action Report (CAR) should project metrics veer out of the approved thresholds • Assuring all contractors and subcontractors use agency approved project policies and procedures and templates for project artifacts • Assuring project activities are ANSI-748 compliant; • Supporting Program Management Office (PMO) in compliance with ANSI-748 for all investments Service Platform and Infrastructure _ IT Services Page 17 of 63 • Supporting the PMO Team in maintaining the Organizational ANSI-748 certification for Major Investments reporting EVMS These task order activities are critical. Due to schedules outside of the Agency’s control, the contractor may be asked to provide support in an abbreviated timeframe. Failure to provide items timely, or to turn in poor quality products may result in the Agency being placed on a Watch List, receiving a poor score on public facing websites, or project being suspended, losing their budget, or otherwise being placed under scrutiny or external controls. The contractor shall provide deliverables on dates agreed to in the Government approved Project Plan or as PMO policies and procedures direct (refer to agency SDLC guidance). Monthly (For all active DM&E Projects by the 3rd Business Day of Each Month): • Component Project EVM e.g. Detailed EVM metrics by Investment • Integrated Master Schedule (IMS) e.g. Aggregate EVM metrics by Investment • Fully Resource and Dependency Loaded .mpp File for the preceding Month by Investment • Work Measures; (Task % Complete, Actuals, SV%, and CV%) • Work Measurement (budgets for discrete work packages) • Cost Account (CA) Budgets • Corrective Action Report (CAR) (only if the SPI, CPI, or BAC is outside agency’s tolerance) At Project Onset or if the BAC or other Significant Component Changes: • IBR Document • IBR Form • IBR CIO Signoff • Rebaseline Proposals • Rebaseline Approvals • Project Schedule (Level 3 Gantt) • Organization Chart • Organizational Breakdown Structure (OBS) • Proposed Work Breakdown Structure (WBS) • Project Budget (showing WBS ID and budget for each control account) • Project Plan (cost and time phased baselined Integrated Master Schedule (IMS)); • Performance Measurement Plan (PMP) • Risk Inventory/Risk Assessment (Risk Matrix List with Mitigation Plan); • Work Authorization Document (WAD) • Responsibility Assignment Matrix (RAM) Service Platform and Infrastructure _ IT Services Page 18 of 63 For All Investments with DM&E Activity on xxxxx: • ANSI-748 Checklist for compliance assessments on ALL 32 Guidelines; Non-compliance with one of the 32 ANSI-Std Guidelines requires justification and approval from RMA PMO • OCIO EVM Compliance and Surveillance document • Project Schedule (Level 3 Gantt) • Contractor Organization Chart • Organizational Breakdown Structure (OBS) • Proposed Level 3 Work Breakdown Structure (WBS) • Project Plan (cost and time phased baselined Integrated Master Schedule (IMS)) • Performance Measurement Plan (PMP) • Risk Inventory/Risk Assessment (Risk Matrix List with Mitigation Plan); • Work Authorization Document (WAD); • Responsibility Assignment Matrix (RAM) • Indirect Cost Management • WBS/OBS Integration • Work Authorization Document (WAD) • Work Measures In the event any artifacts, metrics, costs, or updates provided by the contractor are rejected by OCIO, OMB, or other oversight entity, they will be returned to the contractor for corrective action. The contractor shall perform the prescribed corrective actions by the due date established by the oversight entity. The contractor) shall provide access to all records and data requested by the COR. Access is to permit Government surveillance to ensure that the EVMS conforms, and continues to conform to the performance criteria referenced in the first paragraph of this section. The contractor shall support audits by various entities, including, but not limited to, the Government Accountability Office, the agency Inspector General, OCIO, OMB, and independent auditors. C.4.5 TASK 5 – IT SECURITY SUPPORT C.4.5.1 SUBTASK 1 - PROGRAM SUPPORT The Contractor shall be responsible for: • Developing Certification and Accreditation (C&A) documentation (following NIST requirements) • Developing detailed security standard operating procedures that implement agency security policy • Complying with FISMA, OMB A-123, and the Privacy Act. This involves working cooperatively with other organizations (including other contractors) that support agency IT operations and initiatives In support of the efforts, the Contractor shall produce the following deliverables, according to the schedule defined in the Government-approved Project Plan: Service Platform and Infrastructure _ IT Services Page 19 of 63 • Updated Security Plans and control descriptions in CSAM for affected systems on an as needed basis, but no less than annually • Updated security procedures (procedures reviewed on an annual basis C.4.5.2 SUBTASK 2 - TECHNICAL AND SECURITY OPERATIONS SUPPORT The Contractor shall be responsible for: • Evaluating and recommending security controls for the Network Infrastructure; e.g., routers and firewalls, Windows and Solaris environments to affected areas and ISSPM (Information Systems Security Program Manager) • Evaluating and recommending controls over the Web and application development environment(s) • Monitoring the Intrusion Detection/Prevention Systems, Firewalls, Security Event Manager, and other tools as necessary • Developing and maintaining security and network architecture that implements relevant security laws, regulations, and policies • Evaluating and recommending technical security controls on desktops and mobile devices • Maintaining the Public Key Infrastructure (PKI) architecture • Monitoring physical security and environmental conditions • Implementing capability to research and investigate possible security breaches and incidents. • Documenting exceptions to security profiles and policies, where the exceptions were applied • approximate length exception will be necessary In support of the efforts, the Contractor shall produce the following deliverables, according to the schedule defined in the Government-approved Project Plan: • Vulnerability Scan reports from all contractor managed systems and networks on a monthly basis • Daily reviews of IDS, SEIM, etc. Logs will be reviewed on a random basis, but no less than weekly by the Government • Incident reports as necessary based off of anomalous reports from monitored systems, but NLT 12 hours from discovery • Updated security architecture. The architecture shall be updated as needed, but no less than annually • Reports from anomalous events regarding physical and environmental conditions in RMA server and equipment rooms, NLT 12 hours after occurrence • On a monthly basis, a detailed list of exceptions to security, enterprise architecture, and/or configuration management requirements, the reason for the exception, compensating controls (if any), and approximate time the exception will no longer be necessary (if known) Service Platform and Infrastructure _ IT Services Page 20 of 63 C.4.5.3 SUBTASK 3 - APPLICATION SECURITY SUPPORT The Contractor shall be responsible for: • Recommending approval or rejection of proposed business system security design • Recommending alternative approaches to system developers to address security issues • Ensuring that security best practices are utilized in the design, implementation, and testing of business systems In support of the efforts, the Contractor shall produce the following deliverables, according to the schedule defined in the Government-approved Project Plan: • Reports as necessary or upon request showing design testing results and recommendations. C.4.5.4 SUBTASK 4 - BUSINESS CONTINUITY PROGRAM SUPPORT The Contractor shall be responsible for: • Developing and maintaining IT Contingency Plans in the USDA Living Disaster Recovery Planning System (LDRPS) • Developing exercise plans for IT Contingency plans • Providing technical support in the development of IT Contingency Plans • Upon initiation of the Disaster Recovery Plan by RMA, the contractor shall provide support in accordance with the approved Disaster Recovery Plan and IT Contingency Plan In support of the efforts, the Contractor shall produce the following deliverables, according to the schedule defined in the Government-approved Project Plan: • Updated disaster recovery or IT contingency plans as required but no less than an annual basis. • Updated test plans for DR/ITCP efforts on an annual basis • DR/Contingency Plans for contractor operations supporting the Government, updated on an annual basis C.4.5.5 SUBTASK 5 - INDEPENDENT AUDIT SUPPORT As a Federal Corporation, the agency is independently audited each year. The Government typically requires support in collecting information and answering questions regarding many broad IT areas including, but not limited to: security management controls, access controls, configuration management, segregation of duties, contingency planning, application security, business process controls, interface controls, and data management system controls. In support of the agency’s response to security audits, the Contractor shall be responsible for: • Working in conjunction with independent auditors to install auditor software to extract selected metrics • Supplying auditor requested documents or system extracts. Typical requests include: log samples; standard operating procedures; proof of successful backup and recovery; current asset inventory; security documentation for specific users; security configuration/settings for specific infrastructure or business system components; security profiles across a given component, etc. Service Platform and Infrastructure _ IT Services Page 21 of 63 • Making contractor technicians and technical leads available for interviews with audit personnel • Following up on requests for information made during audit interviews • Assisting the Government in drafting responses, including technical rational, for or against changes proposed by auditors • C.4.6 Providing ongoing status of audit remediation activities TASK 6 – CONFIGURATION AND CHANGE MANAGEMENT The Contractor shall be responsible for: • Analysis of change request impacts, including defining the associated scope, cost and schedule • Providing assurances that all infrastructure and business system changes and project documents are developed and tracked under the complete control of the agency CM tool from the beginning to end of the SDLC process. The contractor shall follow the Change Control Board process and all related procedures • Providing estimates (in hours) for proposed Change Requests (CR’s) before work commences • Providing actual hours burned upon completion of a CR In support of the efforts, the Contractor shall produce the following deliverables, according to the schedule defined in the Government-approved Project Plan: • Weekly Configuration Item (CI) Status reports for each build and release to the CIO Configuration Management Specialist. The CI Status report contents are described in the Agency Configuration Management Plan • Weekly CM Metrics reports for each build and release to the CIO Configuration Management Specialist. The purpose of CM metrics is to measure CM and program performance and to identify problems and inefficiencies in products and processes. The CM Metrics report contents are described in the Agency Configuration Management Plan • Weekly CI Listing reports for each build and release to the CIO Configuration Management Specialist. The purpose of a CI listing is to provide an accurate record of the contents of CM controlled libraries, baselines, and releases. The CI Listing report contents are described in the Agency Configuration Management Plan • Monthly CI History reports for each build and release to the CIO Configuration Management Specialist throughout the project life cycle. The CI History report contents are described in the Agency Configuration Management Plan C.4.7 TASK 7 – END-USER SUPPORT (EUS) MANAGEMENT C.4.7.1 SUBTASK 1 - SERVICE DESK SUPPORT The contractor shall provide full service support to all users, contractors, and customers for all government-owned equipment and software. These services shall conform to Microsoft Operations Framework (MOF) practices. The contractor shall provide support in accordance with the SLAs identified herein. Service Platform and Infrastructure _ IT Services Page 22 of 63 The agency personnel contact the help desk via telephone, fax, or e-mail to report problems. The contractor shall assign a priority level to each report received, i.e., urgent, high, medium, or low (defined below): • Urgent Priority – The customer’s productivity is down and inoperable (multiple users down for the same problem). All work has stopped and the situation is causing a critical impact to the customer’s’ business operations. No work around is available • High Priority – The customer’s productivity is severely limited or degraded. The situation is causing a significant impact to certain portions of the customer’s business operations and productivity. No work around is available • Medium Priority – The customer’s productivity is slightly limited or degraded. The situation has impaired operations, but most business operations continue. A work around or alternate configuration is available • Low Priority – The customer’s productivity is not affected. Customer has informational inquiries, documentation issues, upgrade requests, requests for new feature/function, requires additional information, etc. The contractor shall handle Level 1 and 2 service desk support as defined below: Level 1: • Answer and record all incoming calls • Take ownership of problems until full resolution • Provide solutions as practicable over the telephone • Provide follow-up to the user on the status of the problem until resolution • Verify problem resolution prior to closure • Escalate the problem as required Level 2: • Provide advanced problem resolution for Level 1 problems as escalated • Determine the functional area of the problem being reported, e.g. hardware, software, telecommunications • Provide detailed analysis of the problem • Determine if equipment is warranted and arrange appropriate resolution under warranty • When special or unique situations warrant – contact the appropriate vendors • Make site visits as required The contractor shall record operations performed after the hours of operation using the problem management system no later than the next business day. The contractor shall record business day calls and responses within one hour. The contractor shall record all calls in the problem management system. The contractor shall extract data from the automated tracking system and submit a report to the Government by the 15th of each month. This report shall document the contractor’s performance with respect to the service level agreements (SLAs) specified herein. Service Platform and Infrastructure _ IT Services Page 23 of 63 C.4.7.2 SUBTASK 2 - ASSISTANCE AND TRAINING IN USE OF COTS SOFTWARE Through the Service Desk, federal employees may request assistance in using the features and capabilities of agency-licensed COTS software. The contractor shall provide direct assistance to employees in an effort to enhance the productivity of the workforce. Examples of such assistance include helping a user: create and/or modify a SharePoint site; set up a team calendar and share it; format a Word document, make use of Excel Services, use advanced features on spreadsheets or slide shows, etc. The contractor shall also provide ad hoc training to individuals and small groups on COTS features and capabilities, as appropriate. All incidences of user assistance and ad hoc training shall be recorded in the Service Desk management system – Magic – and reported in the Monthly Status Report, along with recommendations for group and enterprise level training. Through evaluation trouble tickets and assistance request, the contractor will formulate proposals for agency-wide IT training to improve overall productivity of the workforce. Large scale training will be accomplished through remote training capabilities using the expertise and services of an IT training company. C.4.8 TASK 8 – SYSTEMS ADMINISTRATION C.4.8.1 SUBTASK 1 - END-USER EQUIPMENT SUPPORT The contractor shall provide configuration management, hardware management, operating system and system software support, and platform operations support for all agency-owned IT and IT-related End-User equipment. The contractor shall provide on-call (pager or cell phone) system operations support 24 hours/day, 7 days/week. The contractor shall respond, either in person or by phone, to all calls within two hours. The contractor shall record off-hour calls and responses using the problem management system no later than the next business day. C.4.8.2 SUBTASK 2 - HOSTING SUPPORT C.4.8.2.1 • HOSTING OPERATIONS The contractor shall provide configuration management, hardware management, operating system and system software support, and platform operations support for all application hosts. • The contractor shall provide on-call (e.g., pager or cell phone) system operations support 24 hours/day, 7 days/week. The contractor shall respond, either in person or by phone, to all calls within two hours. The contractor shall record off-hour calls and responses using the problem management system no later than the next business day. • The Government uses Web technologies for information transfer. The contractor shall support e-commerce, encryption over the Internet, intra and inter agency transfer of funds and information, and emerging technologies. The contractor shall maintain and administer applications host environments and peripheral support functions to allow the agency and its customers to fully use the applications. The contractor shall provide support for Internet, Intranet, and Extranet environments. • The contractor shall be capable of administering software within the Microsoft Environment. Service Platform and Infrastructure _ IT Services Page 24 of 63 • The contractor shall operate and maintain the application systems and data bases before and after the application systems are re-engineered in accordance with the SLAs. The contractor and Government will baseline and document response time, turnaround time, and throughput after task order award. The Government-provided SLAs will be revised to reflect these results. The contractor shall ensure that these performance criteria are met. The contractor shall perform the following in support of application software and databases: • The contractor shall control production runs of batch applications in accordance with agency-provided operating procedures, including the procedures and any additional procedures provided during the life of the Task Order as new and updated application systems are deployed in production. The contractor shall also monitor and control the operation of non-batch applications following agency procedures. • Production Control, including operator initiated systems, applications that run automatically such as backup, and both routine daily and cyclical periodic (monthly, quarterly, annually, etc.) job schedules. The contractor shall support ad hoc job execution as requested by users or systems staff. • The contractor shall operate subsystems (data base management systems, servers infrastructure, operating system, dispatchers, and other system software) such that both interactive and batch applications are accessible for production use at all times. The contractor shall operate these subsystems to provide development, test, quality control, and acceptance of new and updated applications in accordance with schedule agreements. Development and test environments shall be available at all times, except as otherwise agreed by the contractor and the Government. • The contractor shall ensure reliable system performance on servers and other system facilities within its direct control. The contractor shall monitor the performance of services that impact the network and report any negative findings to the Government. • The contractor shall test new and updated application systems, including performance testing, as provided elsewhere in the Task Order. The contractor and Government shall assess the performance impacts of any new or updated systems and agree to any revisions to system performance level requirements (response time, turnaround time, throughput). Final revision decisions are the Government’s. The Government will modify the SLAs accordingly. • The contractor and Government will assess performance impacts of new hardware and system software, as otherwise provided in the Task Order, and shall agree to any enhanced performance level requirements or other revisions. Final revision decisions are the Government’s. The contractor and Government will assess the performance impacts of increased tra