Request for Information

Information Security Program Support (ISPS)

VA-21-00005107
1. Introduction

This RFI is for planning purposes only and shall not be considered an Invitation for Bid,
Request for Task Execution Plan, Request for Quotation or a Request for Proposal.
Additionally, there is no obligation on the part of the Government to acquire any
products or services described in this RFI. Your response to this RFI will be treated
only as information for the Government to consider. You will not be entitled to payment
for direct or indirect costs that you incur in responding to this RFI. This request does
not constitute a solicitation for proposals or the authority to enter into negotiations to
award a contract. No funds have been authorized, appropriated or received for this
effort. Interested parties are responsible for adequately marking proprietary, restricted
or competition sensitive information contained in their response. The Government does
not intend to pay for the information submitted in response to this RFI.

The North American Industry Classification System (NAICS) for this requirement is
541512 with a size standard of $30 million.

2. Organizational Conflict of Interest (OCI)

Due to the scope of the requirements for the ISPS procurement, it is anticipated that
there will be a significant OCI associated with both current and future contracts/orders
that support VA’s Office of Information and Technology (OIT) Office of Information
Security (OIS).  Specifically, ISPS’s mission is to provide benefits and services to
Veterans of the United States. In meeting these goals, OIT strives to provide high
quality, effective, and efficient Information Technology (IT) services to those responsible
for providing care to the Veterans at the point-of-care as well as throughout all the
points of the Veterans’ health care in an effective, timely and compassionate manner.
VA depends on Information Management/Information Technology systems to meet
mission goals. The vision of VA, OIT, the Office of Information Security (OIS), and ISPS
is to advance the overall cyber security posture through enhanced visibility and with
leading edge guidance, support and tools, while ensuring VA and its mission partners’
information systems, practices, policies, processes and procedures comply with federal
mandates. This vision requires accountability, a focus on results, and a customer-
centric approach in order to achieve success.

ISPS will provide program/project administrative support to include monitoring, portfolio

management, budget and strategic planning support services to VA ISPS for the
planning, monitoring, tracking, recording and reporting on all ISPS projects.
Program/Project and portfolio administrative support will consist of SharePoint portal
and master activities calendar support, weekly status report and dashboard support,
portfolio management support, meeting administrative support, future capabilities and
emerging functional requirement support, and strategic and management support.
The OIS team is challenged with collecting, analyzing, aggregating, and disseminating
the information necessary to provide situational awareness to OIS management, as well
as the necessity of making risk- based decisions with organizational impacts. In order to
achieve this goal, OIS requires Contractor support to navigate through the challenges
inherent in an organization the size of VA, specifically working with OI&T organizations
to encourage conformance to security requirements and to build collaboration across
the enterprise to create a vigilant and IT security-aware culture.
ISPS is composed of five lines of business or Directorates, as well as executive
leadership, that require support. These include:
 Enterprise Cybersecurity Strategy Program
 Information Security Policy & Compliance
 Cybersecurity Technology and Metrics
 Enterprise Security Architecture
 Systems Security Support
Any vendors that are currently providing any services (program and project
management, administrative support, strategic and management support, etc.) will likely
have an OCI that will preclude it from bidding on this effort as the scope of this work
includes program/project administrative support to provide monitoring and portfolio
management, budget and strategic planning support services to VA ISPS for the
planning, monitoring, tracking, recording and reporting on all ISPS and OIS projects. In
addition, any vendors that intend to bid on future work associated with these portfolios
should consider that the successful awardee of the ISPS procurement will likely be
excluded from bidding on that work as part of the scope of this effort is monitoring,
management support services and reporting for the portfolios’ future states.

3. Submittal Information:

All responsible sources may submit a response in accordance with the below
information.

There is a page limitation for this RFI of 15 pages. The Government will not review any
other information or attachments included, that are in excess of the 15-page limit. NO
MARKETING MATERIALS ARE ALLOWED AS PART OF THIS RFI. Generic
capability statements will not be accepted or reviewed. Your response must address
capabilities specific to the services required in the attached PWS and must include the
following:

a. Interested Vendors shall at a minimum, provide the following information in the

initial paragraph of the submission:

Name of Company
 Address
Point of Contact
Phone Number
Fax Number
Email address
Company Business Size and Status
For VOSB and SDVOSBs, proof of verification in VIP.
NAICS code(s)
Socioeconomic data
Data Universal Numbering System (DUNS) Number
Existing Contractual Vehicles (GWAC, FSS, or MAC)

b. Provide a summary of your capability to meet the requirements contained within

the draft PWS for the following areas:

 Provide a summary of your technical capability to meet the PWS

requirements.

 Include relevant information demonstrating your experience and

expertise in Federal IT Investment Portfolio Management, Federal
Government Budget Planning and Reconciliation and Federal IT
Strategic Planning in organizations similar in size and complexity to
VA.

c. Corporate experience or expertise in performing these services and specific

examples or references. Specific examples or references provided must include
the agency, point of contact, dollar value, and contract number.

d. Your company’s intent and ability to meet the set aside requirement in
accordance with VAAR 852.219-10 (NOV 2020) (DEVIATION) VA Notice of Total
SDVOSB and 13 CFR §125.6, which states the contractor will not pay more than
50 percent of the amount paid by the Government to it to firms that are not
SDVOSBs. Your response shall include information as to available personnel
and financial resources; full names of proposed team members and the PWS
requirements planned to be subcontracted to them, which must include the prime
planned percentage or the names of the potential team members that may be
used to fulfill the set aside requirement.

e. Has the draft PWS provided sufficient detail to describe the technical
requirements that encompass the software development and production
operations support services to be performed under this effort.

______ YES _______ NO (if No, answer question f)

 f. If “NO”, please provide your technical comments/recommendations on elements
of the draft PWS that may contribute to a more accurate proposal submission
and efficient, cost effective effort.
Responses are due no later than 10:00 AM EST, July 12, 2021 via email to Sarah Bach
Contract Specialist at Sarah.Bach@va.gov and Cara Varricchio, Contracting Officer at
Cara.Varricchio@va.gov. Please note “Information Security Program Support (ISPS)” in
the subject line of your response. Mark your response as “Proprietary Information” if the
information is considered business sensitive. The email file size shall not exceed 5 MB.