Call +44 800 9755 164

Public tenders for business-consulting

Find all Consulting tenders in the world.
Finding business opportunities has never been easier.

Results for consulting. Make a new search!
Consultingbusiness consulting

Business Consulting/Change Management Services (TSPS Solution)

Office of the Superintendent of Financial Institutions | Published December 13, 2016  -  Deadline November 1, 2017

NOTICE OF PROPOSED PROCUREMENT (NPP)

SOLUTIONS Based Professional Services (TSPS) Requirement

Solicitation No.: 20161356

Contracting Authority: Isabelle Legault

Telephone No.: 613-990-6807

Fax No.: 613-990-0081 

E-mail Address: Contracting@osfi-bsif.gc.ca

This RFP is only for pre-qualified Suppliers for Category/Stream Business Consulting/Change Management Services Stream against TSPS SOLUTIONS Supply Arrangement E60ZN-15TSSB.

Solicitation Closes at 2:00 pm on January 11th, 2017.

List of Pre-Qualified Suppliers invited to bid:

  1. ALTRUISTIC INFORMATICS CONSULTING INC.
  2. BDO Canada LLP
  3. CORE Software Corp
  4. Deloitte Inc.
  5. Ernst & Young LLP
  6. Hay Group Limited
  7. HDP Group Inc
  8. Interis Consulting Inc.
  9. KPMG LLP
  10. McKinsey & Company Canada
  11. Pricewaterhouse Coopers LLP
  12. Raymond Chabot Grant Thornton Consulting Inc.
  13. Somos Consulting Group Ltd.
  14. Systemscope Inc.
  15. TDV Global inc.

DESCRIPTION OF REQUIREMENT:

OSFI requires the services of contractor to review and provide recommendations for improvement to the Risk Tolerance Framework and to develop a resource allocation model.

DURATION OF CONTRACT:

The duration of the contract is from January 23rd, 2017 to March 30th, 2017.

APPLICABLE TRADE AGREEMENTS:
NAFTA and AIT

SECURITY REQUIREMENTS

Security Requirement for Canadian Supplier: PWGSC File #Common-PS SRCL#9

  • The Contractor/Bidder must, at all times during the performance of the Contract/Standing Offer/Supply Arrangement, hold a valid Designated Organization Screening (DOS) with approved Document Safeguarding at the level of PROTECTED B, issued by the Canadian Industrial Security Directorate, Public Works and Government Services Canada.
  • The Contractor/Bidder personnel requiring access to PROTECTED information, assets or work site(s) must EACH hold a valid RELIABILITY STATUS, granted or approved by the Canadian Industrial Security Directorate (CISD), Public Works and Government Services Canada (PWGSC).
  • The Contractor MUST NOT utilize its Information Technology systems to electronically process, produce or store PROTECTED information until the CISD/PWGSC has issued written approval. After approval has been granted or approved, these tasks may be performed up to the level of PROTECTED B.
  • Subcontracts which contain security requirements are NOT to be awarded without the prior written permission of CISD/PWGSC.
  • The Contractor/Bidder must comply with the provisions of the:
    • Security Requirements Check List and security guide (if applicable), attached at Annex C;
    • Industrial Security Manual (Latest Edition).

NOTE: The Task and Solutions Professional Services (TSPS) Method of Supply is subject to quarterly refresh cycles. If you wish to find out how you can be a “Qualified SA Holder”, please contact SPTS.TSPS@TPSGC-PWGSC.GC.CA

Task and Solutions Professional Services

National Energy Board | Published December 14, 2016  -  Deadline April 1, 2017

The National Energy Board is seeking to establish a contract for the professional services as defined in the Business Consulting / Change Management Stream 2 (one senior) of the TSPS Supply Arrangement (S.A.) E60ZN-15TSSB.

The following SA Holders have been invited to submit a proposal.

2Keys Corporation

Accenture Inc.

ACF Associates Inc.

BDO Canada LLP

CGI Information Systems and Management Consultants Inc.

Deloitte Inc.

Emerion

Ernst & Young LLP

Fujitsu Consulting (CANADA) Inc./Fujitsu Conseil (Canada) Inc.

Interis Consulting Inc.

KPMG LLP

Modis Canada Inc.

Orbis Risk Consulting Inc.

QMR Staffing Solutions Incorporated

Samson & Associés CPA/Consultation Inc

Task and Solutions Professional Services

National Energy Board | Published December 9, 2016  -  Deadline May 1, 2017

The National Energy Board is seeking to establish a contract for the professional services as defined in the Business Consulting / Change Management Stream 2 and Project Management Services Stream 3 of the TSPS Supply Arrangement (S.A.) E60ZN-15TSSB.

The following SA Holders have been invited to submit a proposal.

Accenture Inc.

Auguste Solutions and Associates Inc

CGI Information Systems and Management Consultants Inc.

Colliers Project Leaders Inc

Eclipsys Solutions Inc

Ernst & Young LLP

HDR Corporation

KPMG LLP

LNW Consulting Inc

McKinsey & Company Canada

MGIS Inc., B D M K Consultants Inc IN JOINT VENTURE

Modis Canada Inc

QMR Staffing Solutions Incoporated, 3D Global Enterprises INC. in Joint Venture

Quallium Corporation

Sierra Systems Group Inc.

Stratos Inc

Tiree Facility Solutions Inc.

Business Continuity Consultant

National Energy Board | Published December 12, 2016  -  Deadline October 1, 2017

Task and Solutions Professional Services (TSPS) 84084-16-0250

The National Energy Board (NEB) is seeking to establish a contract to provide professional business continuity services of 2 resources as defined in the Business Consulting / Change Management Stream 2 of the TSPS Supply Arrangement E60ZN-15TSPS on an “as and when requested” basis in Calgary and at its regional offices located in Vancouver, Montreal and Yellowknife.

2.2 Business Continuity Consultant - Senior - 2 Resources

This requirement is only open to those Supply Arrangement Holders under E60ZN-15TSPS who qualified under “Tier 1”.

This requirement is for work in Security and Continuity Services and includes activities related to: business continuity management or related operational activities in a government environment, as defined in the Statement of Work and in the specific requirements of each Task Authorization.

The estimated level of work is 60 days during the initial two year contract period, and 30 days during each of the two - one year option periods.

The following SA Holders have been invited to submit a proposal.

Accenture Inc.
ADGA Group Consultants Inc.
ADRM Technology Consulting Group Corp, operating as ADRMTEC
ARTEMP PERSONNEL SERVICES INC
Deloitte Inc.
Eagle Professional Resources Inc.
Ernst & Young LLP
Fujitsu Consulting (CANADA) Inc./Fujitsu Conseil (Canada) Inc.
KPMG LLP
Lansdowne Technologies Inc.
Maplesoft Consulting Inc
Pricewaterhouse Coopers LLP
Samson & Associés CPA/Consultation Inc
S.i. Systems Ltd.
Stratos Inc

99--Professional Service Schedule

General Services Administration, Federal Acquisition Service (FAS) | Published January 9, 2017
Notice is hereby provided that the standing solicitation for Multiple Award Schedule 00CORP - Professional Services Schedule (PSS) has been refreshed.
The new solicitation number FCO00CORP0000C, Refresh #25 replaces solicitation number FCO00CORP0000C, Refresh #24, posted on February 04, 2016 and includes updated SIN descriptions, clauses and provisions. The Transactional Data Reporting (TDR) Pilot will be implemented under the Professional Services Schedule (PSS) via the issuance of a stand alone solicitation refresh on January 13, 2017. For more information on the PSS TDR Pilot, please visit https://interact.gsa.gov/document/important-update-gsa-launch-transactional-data-reporting-tdr-pilot-continues-refreshed-2
The Professional Services Schedule (PSS) enables Federal agencies to procure total professional service solutions using a single Multiple Award Schedule. PSS contractors possess expertise related to an array of professional services, including; business consulting & program support services, financial consulting solutions, environmental services, engineering services, advertising and integrated marketing services, logistics support and language services.
PSS Special Item Numbers (SINs) are organized into the following SIN series:
Financial and Business Solutions (previously Schedule 520)
Advertising & Integrated Marketing Solutions (previously Schedule 541)
Language Services (previously Schedule 738 II)
Professional Engineering Services (previously Schedule 871)
Business Consulting & Program Support Services (previously Schedule 874 - MOBIS)
Logistics Services (previously Schedule 874 V - LOGWORLD)
Environmental Services (previously Schedule 899)
PSS contractors can offer information technology related professional services, human resource services, energy management planning & strategies, energy auditing, resource efficiency management (REM) and energy consulting services under complementary PSS SINs when those services are ancillary to the provision of a total professional services solution. Under no circumstances can the complementary PSS SINs be used on a stand-alone basis.
Offerors interested in providing IT, Human Resource and energy-related services on a stand-alone basis are directed to the following solicitations:
Schedule 03FAC Facilities Maintenance and Management Solicitation # 6FEC-E6-030292-B
Schedule 70 General Purpose Commercial Information Technology Equipment, Software & Services Solicitation # FCIS-JB-980001-B
Schedule 738X Human Resources and Equal Employment Opportunity Services Solicitation # 2FYA-AR-060004-B
NOTICE: The GSA Multiple Award Schedule (MAS) program continues to experience a significant and sustained increase in new offers. Due to the large number of new offers currently in process, it may take up to 12 months or longer before an offer is evaluated. Historically, GSA's practice was to evaluate offers in the order in which they were received. GSA now processes offers in the manner that is determined to be most effective, considering strategic or tactical priorities, customer requirements, available resources, complexity and/or quality of the offers received, and other factors of relevance to the MAS program. To facilitate the timely review of all offers, we highly encourage offerors to ensure that their offer fully complies with solicitation Part IV-Evaluation Factors for Contract Award. Please be advised that all offerors will receive a system generated New Offer Welcome Letter via email with details regarding the processing of their offer.
This solicitation is open continuously with no closing date. The resultant contracts are awarded as Indefinite Delivery, Indefinite Quantity; Fixed Price with Economic Price Adjustment. Contract periods commence on the Date of Award through a 5-year base period with three 5-year option periods. Agency ordering procedures for services and further information on the GSA Multiple Award Schedules program may be found at www.gsa.gov/schedules.
GSA is only issuing this solicitation/request for proposal through the FedBizOpps internet site, GSA will not provide paper copies of this solicitation. Interested parties may access the solicitation at www.fedbizopps.gov.
All responsible sources may submit an offer which shall be considered by this agency.
PLEASE NOTE: ALL RESPONSES SHALL BE SUBMITTED ELECTRONICALLY AS EOFFERS (http://eoffer.gsa.gov). NO HARD COPY RESPONSES WILL BE ACCEPTED UNDER THIS REFRESH.
PLEASE NOTE: GSA WILL ONLY ACCEPT MODIFICATION REQUESTS SUBMITTED ELECTRONICALLY AS EMODS (http://eoffer.gsa.gov).
For guidance on utilizing the eOffer and eMod systems and obtaining digital certificates please go to www.eoffer.gsa.gov.
For additional information regarding the Professional Services Schedule, please visit www.gsa.gov/psschedule. A list of PSS contractors is available at the GSA Schedules E-Library website, www.gsaelibrary.gsa.gov.
If you have further questions please contact the National Customer Service Center at 1-800-488-3111 or e-mail ncsccustomer.service@gsa.gov.

Formative Evaluation of the Project Support to Health Zones in the Kinshasa province

Foreign Affairs, Trade And Development (Department Of) | Published December 7, 2016  -  Deadline March 1, 2017

TASK Based Professional Services (TSPS) Requirement

This requirement is for the Department of Foreign Affairs, Trade and Development (DFATD).

It is open only to the Supply Arrangement Holders for Task Based Professional Services under E60ZN-15TSPS/ who qualified under “ 1 ” = $0-$2M stream for Business Consulting / Change Management Stream.

This requirement is open only to the invited TSPS Supply Arrangement Holders who qualified under the stream for: 2.12 Evaluation Services Consultant.

The following SA Holders have been invited to submit a proposal:

Adecco Employment Services Limited/Services de placement Adecco Limited

Calian Ltd.

Edward T. Jackson & Associates Ltd.

Excelsa Technologies Consulting Inc.

Gelder, Gingras & Associates Inc.

Goss Gilroy Inc.

Interis Consulting Inc.

Labelle Lise D.

Le Groupe Conseil Bronson Consulting Group

Le Groupe-conseil baastel ltée

Maplesoft Consulting Inc.

MaxSys Staffing & Consulting Inc.

Performance Management Network Inc.

Pricewaterhouse Coopers LLP

Research Power (N.S.) Inc.

S.i. Systems Ltd.

Science-Metrix Inc.

Systemscope Inc., LNW Consulting Inc., Perfortics Consulting Inc., VK Computer Systems Inc., Lansdowne Technology Services Inc., IN JOINT VENTURE

The Institute on Governance

The Universalia Management Group Ltd.

Other TSPS Supply Arrangement Holders who qualified under the stream for 2.12 Evaluation Services Consultant, that have not been invited to submit a proposal may contact the contracting authority to receive the bidding document and submit a proposal.

Description of the requirement

The Department of Foreign Affairs, Trade and Development requires the professional services of a (1) intermediary evaluator to perform a Formative Evaluation of the Project Support to Health Zones in the Kinshasa province.

WORKING LANGUAGE OF THE PROJECT

French is the working language for this assignment. The language proficiency level required for the Evaluation Team Leader is level 4 + advanced professional proficiency in French, as specified in the Bid Solicitation document.

Bidders should note that fluency in French is a condition of contract award. The Bidder should propose an Evaluation Team Leader that satisfies the mandatory requirements at the Intermediate Level in accordance with the TSPS Flexible Grid and the language requirement. The Evaluation Team Leader will have to travel to the Democratic Republic of Congo and will be conducting interviews and questionnaires in French. Furthermore, all deliverables must be presented in French.

Security Requirement

There is no security requirement. .

Proposed period of contract

The proposed contract period shall be for seven (7) months from the date of the contract signature.

File Number: 2017-A-031843-4-1-

Contracting Authority: Gisèle Chaput

Phone Number: 343 203-1322

E-Mail address: gisele.chaput@international.gc.ca

NOTE: The Task and Solutions Professional Services (TSPS) Method of Supply is subject to quarterly refresh cycles. If you wish to find out how you can be a “Qualified SA Holder”, please contact SPTS.TSPS@TPSGC-PWGSC.GC.CA

Mid-term Evaluation of the project to Support the Haitian government in generating fiscal revenue

Foreign Affairs, Trade And Development (Department Of) | Published January 19, 2017  -  Deadline February 13, 2017

TASK Based Professional Services (TSPS) Requirement

This requirement is for the Department of Foreign Affairs, Trade and Development (DFATD).

REISSUE OF A BID SOLICITATION

This bid solicitation cancels and supersedes previous bid solicitation number 2017-A-033349-1 dated November 22, 2016 with a closing of January 4, 2017 at 2 P.M. (DST).

It is open only to the Supply Arrangement Holders for Task Based Professional Services under E60ZN-15TSPS/ who qualified under “ 1 ” = $0-$2M stream for Business Consulting / Change Management Stream.

This requirement is open only to the invited TSPS Supply Arrangement Holders who qualified under the stream for: 2.12 Evaluation Services Consultant.

The following SA Holders have been invited to submit a proposal:

3056058 Canada inc. (C.L.A. Personnel)

Agriteam Canada Consulting Ltd.

Altis Human Resources (Ottawa) Inc.

Auguste Solutions and Associates Inc.

Deloitte Inc.

Donna Cona Inc.

Econotec inc.

Edward T. Jackson & Associates Ltd.

Goss Gilroy Inc.

Hickling, Arthurs, Low Corporation

Icegate Solutions Inc.

IDS Systems Consultants Inc.

KPMG LLP

Le Groupe-conseil baastel ltée

MGIS Inc., B D M K Consultants Inc IN JOINT VENTURE

Project Services International (PBJRT) Inc

Raymond Chabot Grant Thornton Consulting Inc.

SALASAN Consulting Inc.

Samson & Associés CPA/Consultation Inc

The Universalia Management Group Ltd.

Other TSPS Supply Arrangement Holders who qualified under the stream for 2.12 Evaluation Services Consultant, that have not been invited to submit a proposal may contact the contracting authority to receive the bidding document and submit a proposal.

Description of the requirement

The Department of Foreign Affairs, Trade and Development (DFATD) requires the professional services of an evaluation team composed of an Evaluation Team Leader meeting the TSPS Flexible Grid at the intermediate level and capacity-building / organizational change / and other specialists.

French is the working language for this assignment. The language proficiency level required for the Team Leader is level 4 – advanced professional proficiency in French, as specified in the Bid Solicitation document.

Bidders should note that fluency in French is a condition of contract award. The Bidder should propose a Chief Evaluator that satisfies the mandatory requirements at the Intermediate Level in accordance with the TSPS Flexible Grid and the language requirement. The Chief Evaluator will have to travel to Haiti and will be conduct interviews and questionnaires in French. Furthermore, all deliverables must be presented in French.

Security Requirement

No security requirement is needed for this contract.

Proposed period of contract

The proposed contract period shall be for six (6) months from the date of the contract signature.

WORKING LANGUAGE OF THE PROJECT

The working language for this requirement is specified in the Bid Solicitation document.

File Number: 2017-A-033349-2

Contracting Authority: Diane Lefebvre

Phone Number: 343 203-5481

E-Mail address: diane.lefebvre@international.gc.ca

NOTE: The Task and Solutions Professional Services (TSPS) Method of Supply is subject to quarterly refresh cycles. If you wish to find out how you can be a “Qualified SA Holder”, please contact SPTS.TSPS@TPSGC-PWGSC.GC.CA

PWGSC Innovation Lab Project

Public Works and Government Services Canada | Published January 17, 2017  -  Deadline January 30, 2017

Task and Solution Professional Services (TSPS) Supply Arrangement (SA) Requirement

This requirement is for: Public Works Government Services Canada

This requirement is open only to those invited against the TSPS SA holders who qualified under The Business Consulting and Project Management against Streams 2 and 3 for the following:

Three (3) Senior Business Consultants

One (1) Senior Project Leader/Executive and

One (1) Junior Project Monitor.

One contract will be awarded.

The following SA Holders have been invited to submit a proposal.

Name of invited SA Holder

1 Adirondack Information Management Inc, The AIM Group (joint venture)

2 BP & M Consulting

3 BurntEdge Inc.

4 MHPM Project Managers Inc (Colliers Project Leaders Inc.)

5 Confluence Consulting Inc.

6 Deloitte Inc.

7 Ernst & Young LLP

8 Foursight Consulting Group Inc.

9 Halo Management Consulting Inc.

10 Orbis Risk Consulting Inc.

11 Mindwire Systems Ltd.

12 Pricewaterhouse Coopers LLP

13 Samson & Associés CPA/Consultation Inc.

14 RainMakers Consulting Services Inc.

15 TPG Technology Consulting Ltd.

Request for proposal (RFP) documents will be e-mailed directly from the contracting officer to the qualified SA holders who are invited to bid on this requirement. Bidders are advised that BuyandSell.gc.ca is not responsible for the distribution of the solicitation documents.
Security requirement: Reliability level (or higher) at bid receipt.
Description of the requirement:

PWGSC, Innovation Lab Project is seeking the services of a various level of Consultants to support their program which are focused on identifying potential digital based services with the aim of improving the service experience for users with a client-centric focus, and to achieve improved operational service performance.

The PWGSC Innovation Lab has targeted three PWGSC service lines (target groups) to explore the potential for digital solutions and improve service experience for users through business process redesign, service offering redesign, and services integration (also known as bundling of complementary services).

Proposed period of contract:
The proposed initial period of contract shall be from contract award to March 31, 2017 and April 1, 2017 to April 26, 2017.
There is an irrevocable option to extend the term of the Contract by up to eleven (11) additional months under the same terms and conditions. Starting from April 27, 2017 to March 31, 2018.
Inquiries regarding this RFP are to be submitted to the Contracting Authority listed below.

File Number: 10053681

Contracting Authority:  Céline Chartrand

Phone Number: 819-420-1773

E-Mail: celine.chartrand@pwgsc-tpsgc.gc.ca 

NOTE: Method of Supply is refreshed on an annual basis. If you wish to find out how you can be a “Qualified SA Holder”, please contact spts.tsps@tpsgc-pwgsc.gc.ca

Federal Priority Exercise 2018

Public Safety and Emergency Preparedness Canada | Published December 12, 2016  -  Deadline April 1, 2017

TASK Based Professional Services (TSPS) Requirement

This requirement is for: Public Safety Canada

This requirement is open only to those Supply Arrangement Holders under E60ZN-15TSPS who qualified under Tier 1 under the following category:

Stream 2 Business Consulting/Change Management Stream

Category 2.2 Business Continuity Consultant – Senior Level

The following SA Holders have been invited to submit a proposal.

1. Accenture Inc.

2. Adecco Employment Services Limited/Services de placement Adecco Limited

3. ADGA Group Consultants Inc.

4. Altis Human Resources Inc.

5. CAE Inc.

6. Calian Ltd.

7. CGI Information Systems and Management Consultants Inc.

8. Dare Human Resources Corporation

9. Deloitte Inc.

10. Ernst & Young LLP

11. Excel Human Resources Inc.

12. Foursight Consulting Group Inc.

13. Fujitsu Consulting (Canada) Inc./Fujitsu Conseil (Canada) Inc.

14. Groupe Alithya Inc./Alithya Group Inc.

15. Halo Management Consulting Inc.

16. IBM Canada Ltd.

17. Koroc Consulting Inc., Isheva Inc. in JOINT VENTURE

18. KPMG LLP

19. Lansdowne Technologies Inc.

20. Modis Canada Inc.

21. Orbis Risk Consulting Inc.

22. Pricewaterhouse Coopers LLP

23. Procom Consultants Group Ltd.

24. Risk Sciences International Inc.

Description of the Requirement:

PS requires three (3) Category 2.2 Senior Business Continuity resources to assist with the overall design and development of the Federal Priority Exercise 2018. It is intended to result in the award of up to three contracts to end on March 31, 2017, plus one (1), irrevocable option allowing Canada to extend the term of the contracts.

Level of Security Requirement:
Company Minimum Security Level Required
Canada
NATO
Foreign
 Protected A
 NATO Unclassified
 Protected A
 Protected B
 NATO Restricted
 Protected B
 Protected C
 NATO Confidential
 Protected C
 Confidential
 NATO Secret
 Confidential
× Secret
 Cosmic Top Secret
 Secret
 Top Secret
 Top Secret
 Top Secret (SIGINT)
 Top Secret (SIGINT)
Resource Minimum Security Level Required
Canada
NATO
Foreign
× Protected A
 NATO Unclassified
 Protected A
× Protected B
 NATO Restricted
 Protected B
× Protected C
 NATO Confidential
 Protected C
× Confidential
 NATO Secret
 Confidential
× Secret
 Cosmic Top Secret
 Secret
 Top Secret
 Top Secret
 Top Secret (SIGINT)
 Top Secret (SIGINT)
Applicable Trade Agreements:

The requirement is subject to the provisions of the North American Free Trade Agreement (NAFTA), the Canada-Chile Free Trade Agreement (CCFTA), the Agreement on Internal Trade (AIT), the Canada-Peru Free Trade Agreement (CPFTA), the Canada-Columbia Free Trade Agreement (CColFTA), the Canada-Panama Free Trade Agreement (CPanFTA), the Canada-Honduras Free Trade Agreement and World Trade Organization-Agreement on Government Procurement (WTO-AGP).

Associated Documents:
None
Proposed period of contract:
The proposed period of the contract(s) shall be from the date of contract award to March 31, 2017 with a further 12 month option period.
Estimated Level of Effort:

The estimated level of effort of the contract will be for:

Initial Contract Period: Category 2.2 Business Continuity Consultant Level 3 – Quantity 3 resources x 50 days each.

Optional Contract Period: Category 2.2 Business Continuity Consultant Level 3 – Quantity 2 resources x 152 days each.

File Number: 201704390

Contracting Authority: Larry Hotte

Phone Number: 613-993-1418

Fax Number: 613-954-1871

E-Mail: ps.contractunit-unitedecontrats.sp@canada.ca

NOTE: The Task and Solutions Professional Services (TSPS) Method of Supply is subject to quarterly refresh cycles. If you wish to find out how you can be a “Qualified SA Holder”, please contact SPTS.TSPS@TPSGC-PWGSC.GC.CA

System Log Correlation Software and Support Services

Department of Health and Human Services, National Institutes of Health | Published January 12, 2017  -  Deadline January 27, 2017
This is a combined synopsis/solicitation for commercial items prepared in accordance with the format in Subpart 12.6, as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; proposals are being requested and a written solicitation will not be issued. This solicitation is being issued as Request for Quotations (RFQ) NIHLM2017935MAH. The resultant order will be a firm-fixed price contract.
In accordance with FAR Parts 12 and 13.5, the National Institutes of Health (NIH) intends to procure System Log Correlation Software and Support Services for NIH's Business System (NBS). This acquisition is Full and Open. The North American Industry Classification System (NAICS) Code is 541511 - Custom Computer Programming Services.
Background Information
The National Institutes of Health (NIH) is comprised of the Office of the Director (OD) and 27 Institutes and Centers. The OD is the central office at NIH. The OD is responsible for setting policy for NIH and for planning, managing, and coordinating the programs and activities of all the NIH components.
The NIH Business System (NBS) Program is committed to fostering NIH's mission through the following provisions:• Secure, accurate, and timely business transaction capabilities that enable the NIH scientific community and supporting organizations to acquire needed assets, goods and services;• Accurate source information that facilitates knowledgeable decision making by the NIH management community regarding budgets, finance, acquisitions, supply/replenishment, property, grants, and travel; and• Improving transparency and accountability of all NBS accounting data.
The NBS software applications are currently comprised of the following:• Oracle e-Business Suite (Federal Administrator, General Ledger, Payables, i-Procurement, Purchasing, Receivables, Order Management, Warehouse Management, Inventory, i-Supplier (internal and external facing), and Project Accounting (Costing and Billing);• Oracle Governance, Risk and Compliance (GRC) suite which includes the Access Application Controls Governor (AACG), Configuration Controls Governor (CCG), Preventative Controls Governor (PCG), Transaction Controls Governor (TCG), and GRC Manager and Intelligence for NIH-wide Enterprise Risk Assessment;• Kofax invoice document management application;• Sunflower Asset Management application;• Compusearch PRISM contract management module;• GSA e-Travel System - Concur (CGE) Web-Based Travel Manager application;• NIH Patient Travel Module;• SmartPay II Purchase Card Module;• Inter/Intra Agency Agreements and Reimbursable Agreements;• Interfaces, including Web interfaces that enable sharing or exchange of data with other business systems; and• Rapid eSuite.
The NBS also includes special purpose peripheral devices employed for data capture or output, such as hand-held scanners and wireless printers, and supporting tools and modules that facilitate operations, maintenance and support, such as AppWorx production operations scheduler. The scope of the NBS Program includes the following:• Operations support and maintenance of the following NBS components: Federal Administrator, Finance, Acquisitions, Supply, Property, Travel (employee, patient and sponsored travel), i-Supplier, Project Accounting, Grants Integration, and other NBS Web interfaces, Foreign and Federal Grants, Fellowship Pay, Animal Procurement, and Service and Supply Fund;• Enhancement or upgrade of NBS functionality in response to demands that arise from Congressional, Office of Management and Budget (OMB), DHHS initiatives/requirements, mandatory policies, the user community, from findings during ongoing operations, from the software contractors, and other authorities which require system and data security and privacy;• Compliance with the DHHS Enterprise Performance Life Cycle (EPLC) Framework and NBS specific tailoring of EPLC project activities and documentation as approved by the NBS Contracting Officer's Technical Representative (COTR) for NBS O&M Projects;• Business consulting, communication, job aids and training to NIH Institutes and Centers with respect to NBS functionality, i.e., acquisition, logistics, budget, finance, and travel;• Operations support and maintenance of community portals on the NIH intranet that are designed to communicate with various segments of the NBS user community; and• Coordination and compliance with NIH Enterprise Architecture requirements.
Contractor Requirements
Independently, and not as an agent of the Government, the Contractor shall furnish all necessary labor, materials, supplies, equipment, and services necessary to provide all work and deliverables stated in the attached Statement of Work (SOW). All work performed under this procurement shall be monitored by the Contracting Officer's Representative (COR).
Contractor TasksTASK 1 - Tenable Log Correlation Engine Licensing The Contractor shall provide the government one (1) commercial off-the-shelf perpetual application Security Information and Event Management (SIEM) known as Tenable Log Correlation Engine license and services the following:
Quantity Description1 LCE - On Premise - 1TB - Perpetual LicensesTASK 2 - Annual Maintenance ServiceThe Contractor shall provide annual maintenance and support services as follows:
Quantity Description1 LCE - On Premise - 1TB Annual Maintenance Support Services
• Provide Major product and technology releases• Provide updates, fixes, security alerts, data fixes, and critical patch updates during the contract term with immediate download passwords• Provide software license replacement for accidently damaged or malfunctioning hardware keys (Not including lost keys)• Provide certification that licenses are capable with most new COTS application products• Provide 24x7 Technical SupportTASK 3 - Requirements AnalysisThe Contractor shall conduct activities including, but not limited to, performing detailed Requirements Analysis to determine complete scope and solution to implement the Tenable Log Correlation Engine application within the NBS enterprise infrastructure and provide all of the reports, alerts, and enhancements for the security events listed in Table 1. Each of the security events shall be included in a daily report for NBS security team, and optionally, a real-time alert. There shall be a mechanism for recording acknowledgement of the report by any of several methods. The acknowledgment shall include the date, time, ID of the user, and a pointer to the report. Acceptable methods include a hypertext link, SharePoint workflow, reply email to a central account, or other similar.
The deliverable of this phase shall be a detailed Requirements Document.TASK 4 - Implementation, Deployment, and IntegrationUpon approval of the Requirements Document, the Contractor shall provide the services to implement, deploy, and integrate the resulting reports, alerts and enhancements.
1. Custom reports/alerts/enhancements to the Log Correlation Engine Application - Provide consulting services onsite for the following:
a. LCE Project Schedule - The Contractor shall provide a proposed Project schedule for implementations. The schedule shall include the following: i) Estimated time range for Implementation, Deployment, and Integration; andii) Pricing and payment terms for yearly maintenance.
b. LCE General Architecture - the Contractor shall provide a general architecture document that shall include monitoring of all NBS desktops, servers, databases, major applications, and existent security platforms. The architecture shall include forwarding logs to NIH Incident Response Team (IRT) and HHS. The architecture shall consider disaster recovery capabilities, local storage for 30 days of correlated events for on-demand queries, as well as secured network storage for long term storage of logs (i.e. minimum 12 months).
c. The integrated product requires collecting, analyzing, and monitoring specific events on the internal NIH Business system network. The events listed in Table 1 shall be collected, analyzed, monitored, and stored.
d. Integration of LCE - the Contractor shall work with CIT Server hosting Group and CIT Desktop Support Group to deploy Tenable LCE Clients on all NBS' endpoints (i.e. desktops and servers). The Contractor shall collaborate with CIT Networking Group to direct and allow traffic through internal firewalls from all NBS endpoints to the LCE.
e. Configure - All Services, efforts, functionality, and documentation shall be deemed to be "Solution Support Materials": The Contractor shall ensure that initial configuration eliminates or reduces the level of false positives alerts generated by LCE. The Contractor shall ensure the configuration integrates with other existent security platforms including endpoint security, vulnerability scanning tools, and firewalls. The initial configuration shall be comprised by enabling default rules and policies as well as custom rules and policies based on NBS-specific requirements.
f. Provide Installation Scripts - The Contractor shall provide NBS with installation scripts and instructions on how to execute the scripts to install the enhancements into NIH's existing enterprise system environment.
g. Provide Initial Installation Support - The Contractor shall provide NIH with remote support for NIH's execution of the Installation Scripts in an initial Tenable LCE test environment. This remote support shall be provided on a single day.
h. NBS Testing Support - The Contractor shall conduct User Acceptance Testing. The user testing may last up to 30 days, after the conclusion of the execution of the installation scripts in the initial Tenable LCE test environment. The contractor must remediate any testing failure with the 30 days' requirement.
i. Migration Support - The Contractor shall provide remote support for NBS's migrations (after the installation of Tenable LCE application into the NBS infrastructure test environment) for up to two (2) additional environments (Initial Test to Stage, Stage to Production) over one (1) day per environment. The Migration support shall be provided in the same timeframe as the NIH Testing Support.
j. Go-Live Support - The Contractor shall provide remote support for the initial use of the enhancements outlined herein in a production environment at NIH. This remote support shall be provided for up to five (5) business days immediately following the migrating of the enhancements into the Production environment. The Contractor shall provide 508 compliant documentations such as design document, requirements traceability matrix, system codes, configuration management, user and operation and maintenance documentation.
Documentation - The contractor must provide the government with knowledge transfer and standard operation documentation 14 days after deployment.
k. The Contractor shall provide a Stabilization Period of 30 days from Go-Live date.
TASK 5 - System Configuration Activities
The Contractor shall perform all activities as describe in the Tenable Log Correlation Engine 4.4 Administration and User Guide as follows:
• LCE Agents install for servers and Desktops (Unix, Linux, Solaris and Windows) • Basic Configuration• Storage Configuration• IDS Configuration • Load Balancing Configuration • Configuring the Primary LCE Server• Advanced Configuration Options Storage• LCE Web Server • Sensor Names• Clients• User Tracking• Host Discovery and Vulnerabilities • Statistical Alerts• Resource Usage and Performance • DNS Caching• Data Forwarding• Sending Syslog Messages to Other Hosts• Syslog Compliant Messages• Content of Forwarded syslog Messages • Checksum Forwarding• TCP Syslog• Correlation• TASL and Plugins • Excluding TASL Files• Excluding PRM Files• TASL Parameters• Event Rules• Email Syntax• Syslog Syntax• Custom Command Syntax• LCE Rule Filters• LCE Shell Command Options• Email/Alerting/Execution• Debugging• Debug Mode • Storing All Logs with "save-all"• Different File System • Multiple Plugin Matches per Log File "multiple-matches"• Quick Example • SSH Keys • Service Control • Feed Settings • Feed Registration• Plugin Update • Updating Plugins (PRM Files) and TASL Scripts• Automatic Plugin (PRM Files) and TASL Updates• Updating Individual PRM Files• Offline Updates• Web Proxy• Open required port for Solaris servers syslogs to audit loggingTASK 6 - Log Correlation Engine audit Logging REPORTS
The Contractor shall ensure that the following report categories can be generated from software application:
Categories• Accounts, Authentication & Password Audits• Advanced Persistent Threats & Malicious Software• Botnets• Center for Internet Security• Configuration & Patch Auditing• Data Leakage & File Sharing• Exploits & Attack Paths• File Integrity Monitoring• FISMA/NIST SP800-53 Rev4 or most current version at time of the deployment.• Logging, Monitoring, & Intrusion Detection• Mobile Devices, USB Devices & Wireless• Nessus Scan Monitoring• Network Monitoring• SANS• Software & IT Technology• Vulnerability Metrics• Vulnerability Reporting• Web Application SecurityTASK 7 - Auditable Events
The Contractor shall create scripts for the following auditable events.
NIH Security Event Logging Policy AU:Audit Logging EventsEach information system shall generate audit records for the following events:Account Logon Events:• Logon Success• Logon Failure (Failed User Authentication - Unknown user name or bad password; Multiple Login Attempts / Logon Failures: Account Locked Out)• Logoff
Account Management:• Account Created• Account Deleted• Account Disabled• Account Expired• Password Changed
Directory Service:• Object (user, machine, etc.) Added to Domain / Directory• Object Removed from Domain / Directory• Domain Policy Change• Filesystem Events:• Directory Created• Directory Deleted• Directory Read• Directory Write• Directory Permissions Changed• File Created• File Deleted• File Read• File Write• File Permissions Changed• Object Access
Logging Event:• Event Log Full• Event Log Overwritten
Network Events:• ACL Changed• Traffic Blocked at Firewall
Policy Change• All
Privilege Use: Privilege Escalation (i.e., Sudo) Privileged Object or Service Called Object Accessed by Privileged Account
Process Tracking:• Process Executed• Process Terminated• Scheduled Event Executed• Scheduled Event Failed
System Events:• Service Started• Service Stopped• System Startup• System Shutting Down• Session Disconnected
FISCAM AUDITABLE EVENTS
• Privileged Use Events
Note: Database Layer monitoring refers to all Oracle and Microsoft databases managed by NBS. Application Layer refers to all major applications managed by NBS including but not limited to Oracle EBusiness Suite (EBS), Prism, Sunflower, Markview, CAPS, etc.
FISCAM Auditable Events
HHS OCIO, Policy for Information Systems Security and Privacy Handbook, which adopted NIST SP 800-53 Revision 4, Recommended Security Controls for Federal Information Systems, specifically:AU-2 Auditable EventsControl: The organization:a. Determines, that the information system is capable of auditing the following events: • Server alerts and error messages• User log-on and log-off (successful or unsuccessful)• System administration activities;• Modification of privileges and access• Start up and shut down• Modifications to the application• Application alerts and error messages• Configuration changes• Account creation, modification, or deletion• (Moderate and High only) Read access to sensitive information• (Moderate and High only) Modification to sensitive information• (Moderate and High only) Printing sensitive information• Coordinates the security audit function with other organizational entities requiring audit related information to enhance mutual support and to help guide the selection of auditable events;• Provides a rationale for why the list of auditable events are deemed to be adequate to support after-the-fact investigations of security incidents; and• Determines, that the following events are to be audited within the information system at least weekly:• Unsuccessful log-on attempts that result in a locked account/node;• Attempts to Access the Database at Unusual Hours• Attempts to Access the Database with Non-Existent Users• Check for Users Sharing Database Accounts• Failed and Successful Logon Attempts• Multiple Access Attempts for Different Users from the Same Terminal• People Accessing APPS/MARKVIEW/LOFTWARE Schema in the Last 24 Hours• Check for individuals Logging in as SYSADMIN or SYSDBA• Unauthorized Database Table changes• Unauthorized FileConfig changes• Configuration changes;• Application alerts and error messages;• System administration activities;• Modification of privileges and access; and• Account creation, modification, or deletion.
TASK 9 - TRAINING
Tenable LCE and Security Information and Event Management (SIEM) Training - The Contractor shall provide a hands-on, instructor-led course on Tenable LCE and Security Information and Event Management (SIEM) which shall cover the operational use of the Log Correlation Engine (LCE) integration with SecurityCenter. Participants shall learn about the deployment strategies for LCEs, the Installation and configuration of LCEs, and LCE clients. The course shall be for up to five (5) attendees. Attendees shall also gain knowledge of LCE performance parameters, analysis of event data, and reporting. Each student shall have access to individual systems in order to complete the lab materials. The course shall cover the following additional topics:
• Introduction to Log Correlation Engine (LCE)• LCE Architecture• LCE Server Installation Configuration and connecting to SecurityCenter• LCE Clients Installation Types • LCE Server Performance Parameters• LCE Server Maintenance• Event Analysis• Vulnerability Analysis• SecurityCenter Reports• SecurityCenter Dashboard• SecurityCenter Alerts and TicketingTargeted IDS - Incident Response
Optional Contractor TasksAll optional tasks shall only be implemented by express written authority of the Contracting Officer.
ENHANCEMENTS OF THE Log Correlation Engine Application - Provide additional consulting services (Yearly Maintenance). Services may be provided remotely or onsite.
Additional licenses - Due to unknown and changing variables, additional licenses may be required to meet the NBS requirements.
Deliverables and Delivery Schedule
The Contractor shall provide the following enhancement deliverables for review and acceptance by the COR:
DELIVERABLE SECTION TIMEFRAME FOR DELIVERYProvide license for the Tenable LCE product Within 15 days after award.Install and configure the LCE product for the NBS Environment and perform unit and integrated tests to ensure proper functioning of the tool. Within 15 days after award.Requirements Document for Task 3 30 days after awardSoftware Products for Task 4 90 days after awardTraining 90 days after award.Quality Assurance Plan a. Submitted with the Technical Proposal. b. Ten (10) days after updates are finalized. Final Contract Transition Plan Six (6) months before the end of the contractStatus Reports Weekly until completion of installation and training.Other documentation, meeting minutes, presentation materials, scripts, and source code Varies As required by the COR and/or the Federal Project Manager(s)/Lead(s)
EPLC Stage Gate Review Documentation As required by the NBS Project Management OfficerDocumentation required for NBS Initiatives Legend: (P) = Preliminary; (FD) = Final Draft; (F) = FinalInitiation:• Business Needs Statement (F)Concept:• Project Charter (F)• Project Mgmt. Plan w/ components (P)• Design Document (P)• Functional Specification (P) • Technical Specification (P)Planning:• Enterprise Architecture (EA) Assessment (F)• Project Mgmt. Plan w/ components (F)• Privacy Impact Assessment (F)• Project Process Agreement (F)• Kick-off Meeting Requirements Analysis:• Requirements Doc w/ components (F)• Functional Specification (F)• Data Conversion Analysis (F)• Capacity Planning Analysis (FD)• Stakeholder Analysis (F)• Business Process Analysis (F)• Organizational Risk Assessment (F)• Leadership Strategy (F)• Workforce Impact Assessment (F)Design:• Capacity Planning Analysis (F)• Technical Specification with components (Architectural & detailed elements) (F)• Computer Match Agreement (F)• Test Plan (FD)• Design Document (F)• Contingency/Disaster Recovery (FD)• System of Record Notice (FD)Development:• Test Plan (F)• Operation & Maintenance Manual (FD)• Systems Security Plan (FD)• Training Plan (FD)• Training Materials (FD)• Training Delivery (FD)• Security Risk Assessment (FD)• User Manual (FD)• Business Product (FD)Test: • Implementation Plan (F)• Test Reports (F)• Capacity Planning Analysis (F)• Go/No-Go Decision (F)Implementation:• Authority to Operate w/ components (F)• System of Record Notice (F)• Operations & Maintenance Manual (F)• Systems Security Plan (F)• Training Plan (F)• Training Materials (F)• Training Delivery (F) • Security Risk Assessment (F)• User Manual (F)• Business Product (F) • Project Completion Report (F) • Contingency/Disaster Recovery (F)• Business Process Control (F)• Finalize Business Process Policy and Procedure Documentation (F) • Knowledge Management Transfer to NBS O&M (F)Operations & Maintenance:• Annual Operational Assessment (F) • Disposition Plan (F)Disposition:• Project Archives (F) As determined by the approved dates included in the governing documentation (i.e., Project Management Plan) by COTR and/or the Federal Project Manager(s)/Lead(s)Other documentation, meeting minutes, presentation materials, scripts, and source code As required by the COTR and/or the Federal Project Manager(s)/Lead(s)
Period of Performance
One (1) Base Year (12-months) with Four (4) 12-month Option Years
PROMOTING EFFICIENT GOVERNMENT SPENDING
On September 21, 2011, the Office of Management and Budget issued Memorandum M-11-35 , entitled, "Eliminating Conference Spending and Promoting Efficiency in Government," emphasizing the President's priority to ensure that the Government operates with the utmost efficiency and eliminates unnecessary or wasteful spending. This was followed by the Executive Order on Delivering an Efficient, Effective, and Accountable Government (EO 13576 ) and the Executive Order on Promoting Efficient Spending ( EO 13589 ). On January 3, 2012, the Department of Health and Human Services (DHHS) issued the memorandum "HHS Policy on Promoting Efficient Spending: Use of Appropriated Funds for Conferences and Meetings, Food, Promotional Items, and Printing, and Publications" (See http://www.hhs.gov/asfr/ogapa/acquisition/effspendpol_memo.html ).
In support of these administrative directives, the NIH issued a January 30, 2012 Memorandum entitled "NIH Guidance Related to the HHS Policies on Promoting Efficient Spending: Use of Appropriated Funds for Conferences, Conference Grants and Meetings, Food, Promotional Items, and Printing and Publications." (See http://oamp.od.nih.gov/ )
Any contract awarded as a result of this solicitation will:
• Specifically prohibit the use of contract funds for the provision of food for meals, light refreshments and beverages for any NIH funded meeting or conference; and• Limit the procurement of meeting space, promotional items, printing, and publications.TECHNICAL EVALUATION CRITERIA (Total Points - 100)Factor 1 - Service Level of Quality - 50The Offeror shall be evaluated on how well the proposal meets the NBS project objectives, stated tasks, considerations, and constraints, and complies with NIH IT standards and guidelines, as well as industry's best practices. This factor includes the following items:1. Turn-around time in providing maintenance. - 10 points2. Ability to identify, diagnose and repair software defects - 10 points3. Ability to provide software patching - 10 points4. Terms of maintenance services - 10 points5. Ability to guarantee services - 10 pointsFactor 2 - Technical experience - 30Technical Qualifications, Knowledge, Skills, and CertificationsThe Offeror will be evaluated on its ability to demonstrate it will implement, for this requirement, a team of personnel and facilitators with a minimum of three (3) years of experience working in the Federal Government, or organizations of similar size and scope, supporting design, analysis configuration and, implementation activities necessary to perform the work as described within the SOW.Factor 3 - Past Performance - 20 PointsThe evaluation of this factor will provide an indication of the Offeror's ability to staff and manage activities similar in function, scope and complexity to the NBS requirements, and will indicate the likelihood of the Offeror's success. This factor will be evaluated on the basis of:
1. Past Performance and Experience: The relevant past performance and working experience of the Offeror and any proposed teaming partners will be evaluated to assess the Offeror's approach to and retaining a fully qualified workforce, while minimizing turnover. The evaluation of this factor will include an evaluation of the quality of the Offeror's past products and services, its timeliness of performance, success in controlling costs, and the experience of its personnel. The Government prefers an Offeror who shows a trend of successful past performance and experience in: (1) managing service support activities. The evaluation shall include an assessment of the Offeror's ability to successfully manage complex, time sensitive operations; and (2) the likelihood the Offeror will be successful in executing the NBS requirement. Offerors shall provide relevant current or past performance (within the last three years) information sufficient for the Government to assess.
2. Customer Satisfaction: A determination of customer satisfaction based upon information received from the Offeror's past customers on work performed during the last 3 years. The Government shall review and assess relevant customer satisfaction using the Past Performance Information Retrieval System (PPIRS), other Federal databases, and/or by contacting current or previous customers.
FEDERAL ACQUISITION REGULATION (FAR) CLAUSESThe following provisions and clauses apply to this acquisition and are incorporated by reference. Full text may be found at https://www.acquisition.gov/Far
FAR 52.212-1 Instructions to Offerors-Commercial ItemsFAR 52.212-2 Evaluation-Commercial ItemsFAR 52.212-3 Offeror Representations and Certifications-Commercial ItemsFAR 52.212-4 Contract Terms and Conditions-Commercial ItemsFAR 52.212-5 Contract Terms and Conditions Required to Implement Statutes and Executive ordersFAR 52.227-19 Commercial Computer Software Licensesince
Proposal Instructions
All interested parties shall submit electronic responses to Mario Henriquez at Mario.henriquez@nih.gov and Sally Boakye at boakyes@mail.nih.gov. Responses must be received no later than 2:00 P.M. EST on Friday, January 27, 2017 and shall not exceed 20 single-sided pages in length, exclusive of the cover page and letter, table of contents, appendices, and resumes. Please reference solicitation number NIHLM2017935MAH on all correspondence to this notice. Inquiries regarding this notice shall be submitted electronically to Mario.henriquez@nih.gov and boakyes@mail.nih.gov by no later than 10:00 A.M. EST on Tuesday, January 17, 2017.
The proposal submitted in response to this RFQ shall be prepared in two (2) parts and be clearly identified as a "Technical Proposal" and "Business Proposal." Proposals shall be in sufficient detail to permit proper evaluation, negotiation and/or acceptance thereof. The technical proposal must not contain reference to price; however, resource information (such as data concerning labor hours and categories, materials, subcontracts, etc.) must be contained in the technical proposal so that the Contractor's understanding of the Statement of Work may be evaluated.
In order to receive an award, Contractors must have valid registration and certification in the Central Contractor Registration (CCR) and the Online Representations and Certifications Application (ORCA) through the System of Award Management (SAM) www.sam.gov.
  • 1