TRACS 4 LIFE User License

This is a combined synopsis/solicitation for commercial items prepared in accordance with the format in FAR Subpart 12.6 and FAR Part 13 Simplified Acquisition Procedures, as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; quotes are being requested and a written solicitation will not be issued. The solicitation number is W81K00-19-Q-0158 and is issued as a Request for Quote (RFQ). This solicitation document and incorporated provisions and clauses are those in effect through Federal Acquisition Circular 2005-68 and Defense Federal Acquisition Regulation Supplement Publication Notice (DPN) 20130710.This solicitation is for a TRACS 4 LIFE User License for San Antonio Military Medical Center, Fort Sam Houston, Texas. Period of Performance 01 September 2019 - 31 August 2020 plus four 12-month option years. The associated North American Industrial Classification System (NAICS) code for this procurement is 511210, with a

size standard of $38.5. This procurement is being conducted as Total Small Business Set-Aside. All eligible businesses may submit an offer, which will be considered.Quotes are due by 22 May 2019, at 10:00 AM, Central Standard Time. The point of contact is Marc A. Flores at marc.a.flores3.civ@mail.mil. Offers shall be submitted via e-mail. Questions shall be submitted via e-mail not later than 20 May 2019. No questions will be entertained after this date.  ITEM NO 0001 QUANTITY 1 EACH AMOUNTTRACS 4 LIFE User License FFPThe contractor shall provide 70 licenses for use, and provide maintenance and support for the Tracs4Life system in accordance with the Statement of Objectives. Vendor is required to address all evaluating factors on Addendum 52.212-2 to be considered.FOB: DestinationPURCHASE REQUEST NUMBER: 0011316715 PSC CD: R499ITEM NO 0002 QUANTITY 1 EACH AMOUNTContractor Manpower Report FFPContractor Manpower Reporting requirement in accordance the Statement of Objectives.FOB: DestinationITEM NO 1001 QUANTITY 1 EACH AMOUNTOPTION TRACS 4 LIFE User LicenseFFPThe contractor shall provide 70 licenses for use, and provide maintenance and support for the Tracs4Life system in accordance with the Statement of Objectives. FOB: DestinationPSC CD: R499ITEM NO 1002 QUANTITY 1 EACH AMOUNTOPTION Contractor Manpower ReportFFPContractor Manpower Reporting requirement in accordance the Statement of Objectives.FOB: DestinationITEM NO 2001 QUANTITY 1 EACH AMOUNTOPTION TRACS 4 LIFE User LicenseFFPThe contractor shall provide 70 licenses for use, and provide maintenance and support for the Tracs4Life system in accordance with the Statement of Objectives. FOB: DestinationPSC CD: R499ITEM NO 2002 QUANTITY 1 EACH AMOUNTOPTION Contractor Manpower ReportFFPContractor Manpower Reporting requirement in accordance the Statement of Objectives.FOB: DestinationITEM NO 3001 QUANTITY 1 EACH AMOUNTOPTION TRACS 4 LIFE User LicenseFFPThe contractor shall provide 70 licenses for use, and provide maintenance and support for the Tracs4Life system in accordance with the Statement of Objectives. FOB: DestinationPSC CD: R499ITEM NO 3002 QUANTITY 1 EACH AMOUNTOPTION Contractor Manpower ReportFFPContractor Manpower Reporting requirement in accordance the Statement of Objectives.FOB: DestinationITEM NO 4001 QUANTITY 1 EACH AMOUNTOPTION TRACS 4 LIFE User LicenseFFPThe contractor shall provide 70 licenses for use, and provide maintenance and support for the Tracs4Life system in accordance with the Statement of Objectives. FOB: DestinationPSC CD: R499ITEM NO 4002 QUANTITY 1 EACH AMOUNTOPTION Contractor Manpower ReportFFPContractor Manpower Reporting requirement in accordance the Statement of Objectives.FOB: Destination DELIVERY INFORMATIONCLIN DELIVERY DATE QUANTITY SHIP TO ADDRESS DODAAC /CAGE0001 POP 01-SEP-2019 TO 31-AUG-2020 N/A W2DN BROOKE ARMY MED CTR.WAREHOUSE RECEIVING DOCK BLDG 36003551 ROGER BROOKE DRIVEJBSA FT SAM HOUSTON TX 78234-4504FOB: Destination W81NWY0002 31-OCT-2020 1 (SAME AS PREVIOUS LOCATION)FOB: Destination W81NWY1001 POP 01-SEP-2020 TO 31-AUG-2021 N/A (SAME AS PREVIOUS LOCATION)FOB: Destination W81NWY1002 31-OCT-2021 1 (SAME AS PREVIOUS LOCATION)FOB: Destination W81NWY2001 POP 01-SEP-2021 TO 31-AUG-2022 N/A (SAME AS PREVIOUS LOCATION)FOB: Destination W81NWY2002 31-OCT-2022 1 (SAME AS PREVIOUS LOCATION)FOB: Destination W81NWY3001 POP 01-SEP-2022 TO 31-AUG-2023 N/A (SAME AS PREVIOUS LOCATION)FOB: Destination W81NWY3002 31-OCT-2023 1 (SAME AS PREVIOUS LOCATION)FOB: Destination W81NWY4001 POP 01-SEP-2023 TO 31-AUG-2024 N/A (SAME AS PREVIOUS LOCATION)FOB: Destination W81NWY4002 31-OCT-2024 1 (SAME AS PREVIOUS LOCATION)FOB: Destination W81NWY CLAUSES INCORPORATED BY REFERENCE52.212-4 Contract Terms and Conditions--Commercial Items OCT 2018 52.212-4 ADDENDUMThe non-FAR Part 12 discretionary FAR and DFARS clauses included herein are incorporated into this contract either by reference or in full text. If incorporated by reference, see clause 52.252-2 herein for locations where full text can be found.(End of Addendum)CLAUSES INCORPORATED BY REFERENCE52.204-9 Personal Identity Verification of Contractor Personnel JAN 201152.204-10 Reporting Executive Compensation and First-Tier OCT 2018Subcontract Awards52.204-18 Commercial and Government Entity Code Maintenance JUL 201652.209-6 Protecting the Government's Interest When Subcontracting OCT 2015With Contractors Debarred, Suspended, or Proposed forDebarment52.219-6 Notice Of Total Small Business Set-Aside NOV 201152.222-3 Convict Labor JUN 200352.222-21 Prohibition Of Segregated Facilities APR 201552.222-26 Equal Opportunity SEP 201652.222-50 Combating Trafficking in Persons JAN 201952.223-18 Encouraging Contractor Policies To Ban Text Messaging AUG 2011While Driving52.225-13 Restrictions on Certain Foreign Purchases JUN 200852.232-33 Payment by Electronic Funds Transfer--System for Award OCT 2018Management52.232-39 Unenforceability of Unauthorized Obligations JUN 201352.232-40 Providing Accelerated Payments to Small Business DEC 2013Subcontractors52.233-3 Protest After Award AUG 199652.233-4 Applicable Law for Breach of Contract Claim OCT 2004252.203-7000 Requirements Relating to Compensation of Former DoD SEP 2011Officials252.203-7002 Requirement to Inform Employees of Whistleblower Rights SEP 2013252.204-7000 Disclosure Of Information OCT 2016252.204-7003 Control Of Government Personnel Work Product APR 1992252.225-7048 Export-Controlled Items JUN 2013252.232-7003 Electronic Submission of Payment Requests and Receiving DEC 2018Reports252.232-7010 Levies on Contract Payments DEC 2006CLAUSES INCORPORATED BY FULL TEXT52.209-10 Prohibition on Contracting With Inverted Domestic Corporations. (NOV 2015)(a) Definitions. As used in this clause--Inverted domestic corporation means a foreign incorporated entity that meets the definition of an inverted domestic corporation under 6 U.S.C. 395(b), applied in accordance with the rules and definitions of6 U.S.C. 395(c).Subsidiary means an entity in which more than 50 percent of the entity is owned--(1) Directly by a parent corporation; or(2) Through another subsidiary of a parent corporation.(b) If the contractor reorganizes as an inverted domestic corporation or becomes a subsidiary of an inverted domestic corporation at any time during the period of performance of this contract, the Government may be prohibited from paying for Contractor activities performed after the date when it becomes an inverted domestic corporation or subsidiary. The Government may seek any available remedies in the event the Contractor fails to perform in accordance with the terms and conditions of the contract as a result of Government action under this clause.(c) Exceptions to this prohibition are located at 9.108-2.(d) In the event the Contractor becomes either an inverted domestic corporation, or a subsidiary of an inverted domestic corporation during contract performance, the Contractor shall give written notice to the Contracting Officer within five business days from the date of the inversion event.(End of clause) 52.217-8 OPTION TO EXTEND SERVICES (NOV 1999)The Government may require continued performance of any services within the limits and at the rates specified in the contract. These rates may be adjusted only as a result of revisions to prevailing labor rates provided by the Secretary of Labor. The option provision may be exercised more than once, but the total extension of performance hereunder shall not exceed 6 months. The Contracting Officer may exercise the option by written notice to the Contractor within 30 days before contract expires.(End of clause)52.217-9 OPTION TO EXTEND THE TERM OF THE CONTRACT (MAR 2000)(a) The Government may extend the term of this contract by written notice to the Contractor within 30 days before the contract expires; provided that the Government gives the Contractor a preliminary written notice of its intent to extend at least 60 days before the contract expires. The preliminary notice does not commit the Government to an extension.(b) If the Government exercises this option, the extended contract shall be considered to include this option clause.(c) The total duration of this contract, including the exercise of any options under this clause, shall not exceed 60 months.(End of clause)52.219-28 POST-AWARD SMALL BUSINESS PROGRAM REREPRESENTATION (JULY 2013)(a) Definitions. As used in this clause--Long-term contract means a contract of more than five years in duration, including options. However, the term does not include contracts that exceed five years in duration because the period of performance has been extended for a cumulative period not to exceed six months under the clause at 52.217-8, Option to Extend Services, or other appropriate authority.Small business concern means a concern, including its affiliates, that is independently owned and operated, not dominant in the field of operation in which it is bidding on Government contracts, and qualified as a small business under the criteria in 13 CFR part 121 and the size standard in paragraph (c) of this clause. Such a concern is ``not dominant in its field of operation'' when it does not exercise a controlling or major influence on a national basis in a kind of business activity in which a number of business concerns are primarily engaged. In determining whether dominance exists, consideration shall be given to all appropriate factors, including volume of business, number of employees, financial resources, competitive status or position, ownership or control of materials, processes, patents, license agreements, facilities, sales territory, and nature of business activity.(b) If the Contractor represented that it was a small business concern prior to award of this contract, the Contractor shall rerepresent its size status according to paragraph (e) of this clause or, if applicable, paragraph (g) of this clause, upon the occurrence of any of the following:(1) Within 30 days after execution of a novation agreement or within 30 days after modification of the contract to include this clause, if the novation agreement was executed prior to inclusion of this clause in the contract.(2) Within 30 days after a merger or acquisition that does not require a novation or within 30 days after modification of the contract to include this clause, if the merger or acquisition occurred prior to inclusion of this clause in the contract.(3) For long-term contracts--(i) Within 60 to 120 days prior to the end of the fifth year of the contract; and(ii) Within 60 to 120 days prior to the date specified in the contract for exercising any option thereafter.(c) The Contractor shall rerepresent its size status in accordance with the size standard in effect at the time of this rerepresentation that corresponds to the North American Industry Classification System (NAICS) code assigned to this contract. The small business size standard corresponding to this NAICS code can be found at http://www.sba.gov/content/table-small-business-size-standards.(d) The small business size standard for a Contractor providing a product which it does not manufacture itself, for a contract other than a construction or service contract, is 500 employees.(e) Except as provided in paragraph (g) of this clause, the Contractor shall make the representation required by paragraph (b) of this clause by validating or updating all its representations in the Representations and Certifications section of the System for Award Management (SAM) and its other data in SAM, as necessary, to ensure that they reflect the Contractor's current status. TheContractor shall notify the contracting office in writing within the timeframes specified in paragraph (b) of this clause that the data have been validated or updated, and provide the date of the validation or update.(f) If the Contractor represented that it was other than a small business concern prior to award of this contract, the Contractor may, but is not required to, take the actions required by paragraphs (e) or (g) of this clause.(g) If the Contractor does not have representations and certifications in SAM, or does not have a representation in SAM for the NAICS code applicable to this contract, the Contractor is required to complete the following rerepresentation and submit it to the contracting office, along with the contract number and the date on which the rerepresentation was completed: The Contractor represents that it ( ) is, ( ) is not a small business concern under NAICS Code 511210 - assigned to contract number W81K00-19-Q-0158.(Contractor to sign and date and insert authorized signer's name and title). (End of clause)52.222-36 EQUAL OPPORTUNITY FOR WORKERS WITH DISABILITIES (JUL 2014)(a) Equal opportunity clause. The Contractor shall abide by the requirements of the equal opportunity clause at 41 CFR 60-741.5(a), as of March 24, 2014. This clause prohibits discrimination against qualified individuals on the basis of disability, and requires affirmative action by the Contractor to employ and advance in employment qualified individuals with disabilities.(b) Subcontracts. The Contractor shall include the terms of this clause in every subcontract or purchase order in excess of $15,000 unless exempted by rules, regulations, or orders of the Secretary, so that such provisions will be binding upon each subcontractor or vendor. The Contractor shall act as specified by the Director, Office of Federal Contract Compliance Programs of the U.S. Department of Labor, to enforce the terms, including action for noncompliance. Such necessary changes in language may be made as shall be appropriate to identify properly the parties and their undertakings.(End of clause) 52.252-2 CLAUSES INCORPORATED BY REFERENCE (FEB 1998)This contract incorporates one or more clauses by reference, with the same force and effect as if they were given in full text. Upon request, the Contracting Officer will make their full text available. Also, the full text of a clause may be accessed electronically at this/these address(es):https://www.acquisition.gov/(End of clause)52.252-6 AUTHORIZED DEVIATIONS IN CLAUSES (APR 1984)(a) The use in this solicitation or contract of any Federal Acquisition Regulation (48 CFR Chapter 1) clause with an authorized deviation is indicated by the addition of "(DEVIATION)" after the date of the clause.(b) The use in this solicitation or contract of any 52.252-6, DoD FAR Supplement (48 CFR Chapter 2) clause with an authorized deviation is indicated by the addition of "(DEVIATION)" after the name of the regulation.(End of clause)252.204-7012 SAFEGUARDING COVERED DEFENSE INFORMATION AND CYBER INCIDENT REPORTING (OCT 2016)(a) Definitions. As used in this clause--Adequate security means protective measures that are commensurate with the consequences and probability of loss, misuse, or unauthorized access to, or modification of information.Compromise means disclosure of information to unauthorized persons, or a violation of the security policy of a system, in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object, or the copying of information to unauthorized media may have occurred.Contractor attributional/proprietary information means information that identifies the contractor(s), whether directly or indirectly, by the grouping of information that can be traced back to the contractor(s) (e.g., program description, facility locations), personally identifiable information, as well as trade secrets, commercial or financial information, or other commercially sensitive information that is not customarily shared outside of thecompany.Controlled technical information means technical information with military or space application that is subject to controls on the access, use, reproduction, modification, performance, display, release, disclosure, or dissemination. Controlled technical information would meet the criteria, if disseminated, for distribution statements B through F using the criteria set forth in DoD Instruction 5230.24, Distribution Statements on TechnicalDocuments. The term does not include information that is lawfully publicly available without restrictions.Covered contractor information system means an unclassified information system that is owned, or operated by or for, a contractor and that processes, stores, or transmits covered defense information.Covered defense information means unclassified controlled technical information or other information, as described in the Controlled Unclassified Information (CUI) Registry at http://www.archives.gov/cui/registry/category- list.html, that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Governmentwide policies, and is--(1) Marked or otherwise identified in the contract, task order, or delivery order and provided to the contractor by or on behalf of DoD in support of the performance of the contract; or(2) Collected, developed, received, transmitted, used, or stored by or on behalf of the contractor in support of the performance of the contract.Cyber incident means actions taken through the use of computer networks that result in a compromise or an actual or potentially adverse effect on an information system and/or the information residing therein.Forensic analysis means the practice of gathering, retaining, and analyzing computer-related data for investigative purposes in a manner that maintains the integrity of the data.Information system means a discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.Malicious software means computer software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of an information system. This definition includes a virus, worm, Trojan horse, or other code-based entity that infects a host, as well as spyware and some forms of adware.Media means physical devices or writing surfaces including, but is not limited to, magnetic tapes, optical disks, magnetic disks, large-scale integration memory chips, and printouts onto which covered defense information is recorded, stored, or printed within a covered contractor information system.Operationally critical support means supplies or services designated by the Government as critical for airlift, sealift, intermodal transportation services, or logistical support that is essential to the mobilization, deployment, or sustainment of the Armed Forces in a contingency operation.Rapidly report means within 72 hours of discovery of any cyber incident.Technical information means technical data or computer software, as those terms are defined in the clause at DFARS 252.227-7013, Rights in Technical Data--Noncommercial Items, regardless of whether or not the clause is incorporated in this solicitation or contract. Examples of technical information include research and engineering data, engineering drawings, and associated lists, specifications, standards, process sheets, manuals, technical reports, technical orders, catalog-item identifications, data sets, studies and analyses and related information, and computer software executable code and source code.(b) Adequate security. The Contractor shall provide adequate security on all covered contractor information systems. To provide adequate security, the Contractor shall implement, at a minimum, the following information security protections:(1) For covered contractor information systems that are part of an information technology (IT) service or system operated on behalf of the Government, the following security requirements apply:(i) Cloud computing services shall be subject to the security requirements specified in the clause 252.239-7010, Cloud Computing Services, of this contract.(ii) Any other such IT service or system (i.e., other than cloud computing) shall be subject to the security requirements specified elsewhere in this contract.(2) For covered contractor information systems that are not part of an IT service or system operated on behalf of the Government and therefore are not subject to the security requirement specified at paragraph (b)(1) of this clause, the following security requirements apply:(i) Except as provided in paragraph (b)(2)(ii) of this clause, the covered contractor information system shall be subject to the security requirements in National Institute of Standards and Technology (NIST)Special Publication (SP) 800-171, ``Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations'' (available via the internet at http://dx.doi.org/10.6028/NIST.SP.800-171) in effect at the time the solicitation is issued or as authorized by the Contracting Officer.(ii)(A) The Contractor shall implement NIST SP 800-171, as soon aspractical, but not later than December 31, 2017. For all contracts awarded prior to October 1, 2017, the Contractor shall notify the DoD Chief Information Officer (CIO), via email at osd.dibcsia@mail.mil, within 30 days of contract award, of any security requirementsspecified by NIST SP 800-171 not implemented at the time of contract award.(B) The Contractor shall submit requests to vary from NIST SP 800-171 in writing to the Contracting Officer, for consideration by the DoD CIO. The Contractor need not implement any security requirement adjudicated by an authorized representative of the DoD CIO to be nonapplicable or to have an alternative, but equally effective, security measure that may be implemented in its place.(C) If the DoD CIO has previously adjudicated the contractor's requests indicating that a requirement is not applicable or that an alternative security measure is equally effective, a copy of that approval shall be provided to the Contracting Officer when requesting its recognition under this contract.(D) If the Contractor intends to use an external cloud service provider to store, process, or transmit any covered defense information in performance of this contract, the Contractor shall require and ensure that the cloud service provider meets security requirements equivalent to those established by the Government for the Federal Riskand Authorization Management Program (FedRAMP) Moderate baseline (https://www.fedramp.gov/resources/documents/) and that the cloud service provider complies with requirements in paragraphs (c) through (g) of this clause for cyber incident reporting, malicious software, media preservation and protection, access to additional information and equipment necessary for forensic analysis, and cyber incident damage assessment.(3) Apply other information systems security measures when the Contractor reasonably determines that information systems security measures, in addition to those identified in paragraphs (b)(1) and (2)of this clause, may be required to provide adequate security in a dynamic environment or to accommodate special circumstances (e.g., medical devices) and any individual, isolated, or temporary deficiencies based on an assessed risk or vulnerability. These measures may be addressed in a system security plan.(c) Cyber incident reporting requirement.(1) When the Contractor discovers a cyber incident that affects a covered contractor information system or the covered defense information residing therein, or that affects the contractor's ability to perform the requirements of the contract that are designated as operationally critical support and identified in the contract, the Contractor shall--(i) Conduct a review for evidence of compromise of covered defense information, including, but not limited to, identifying compromised computers, servers, specific data, and user accounts. This review shall also include analyzing covered contractor information system(s) that were part of the cyber incident, as well as other information systems on the Contractor's network(s), that may have been accessed as a result of the incident in order to identify compromised covered defense information, or that affect the Contractor's ability to provide operationally critical support; and(ii) Rapidly report cyber incidents to DoD at http://dibnet.dod.mil.(2) Cyber incident report. The cyber incident report shall be treated as information created by or for DoD and shall include, at a minimum, the required elements at http://dibnet.dod.mil.(3) Medium assurance certificate requirement. In order to report cyber incidents in accordance with this clause, the Contractor or subcontractor shall have or acquire a DoD-approved medium assurance certificate to report cyber incidents. For information on obtaining a DoD-approved medium assurance certificate, see http://iase.disa.mil/pki/eca/Pages/index.aspx.(d) Malicious software. When the Contractor or subcontractors discover and isolate malicious software in connection with a reported cyber incident, submit the malicious software to DoD Cyber Crime Center(DC3) in accordance with instructions provided by DC3 or the Contracting Officer. Do not send the malicious software to the Contracting Officer.(e) Media preservation and protection. When a Contractor discovers a cyber incident has occurred, the Contractor shall preserve and protect images of all known affected information systems identified in paragraph (c)(1)(i) of this clause and all relevant monitoring/packet capture data for at least 90 days from the submission of the cyber incident report to allow DoD to request the media or decline interest.(f) Access to additional information or equipment necessary for forensic analysis. Upon request by DoD, the Contractor shall provide DoD with access to additional information or equipment that is necessary to conduct a forensic analysis.(g) Cyber incident damage assessment activities. If DoD elects to conduct a damage assessment, the Contracting Officer will request that the Contractor provide all of the damage assessment information gathered in accordance with paragraph (e) of this clause.(h) DoD safeguarding and use of contractor attributional/proprietary information. The Government shall protect against the unauthorized use or release of information obtained from the contractor (or derived from information obtained from the contractor) under this clause that includes contractor attributional/proprietary information, including such information submitted in accordance with paragraph (c). To the maximum extentpracticable, the Contractor shall identify and mark attributional/proprietary information. In making an authorized release of such information, the Government will implement appropriate procedures to minimize the contractor attributional/proprietary information that is included in such authorized release, seeking to include only that information that is necessary for the authorized purpose(s) for which the information is being released.(i) Use and release of contractor attributional/proprietary information not created by or for DoD. Information that is obtained from the contractor (or derived from information obtained from the contractor) under this clause that is not created by or for DoD is authorized to be released outside of DoD--(1) To entities with missions that may be affected by such information;(2) To entities that may be called upon to assist in the diagnosis, detection, or mitigation of cyber incidents;(3) To Government entities that conduct counterintelligence or law enforcement investigations;(4) For national security purposes, including cyber situational awareness and defense purposes (including with Defense Industrial Base (DIB) participants in the program at 32 CFR part 236); or(5) To a support services contractor (``recipient'') that is directly supporting Government activities under a contract that includes the clause at 252.204-7009, Limitations on the Use or Disclosure of Third-Party Contractor Reported Cyber Incident Information.(j) Use and release of contractor attributional/proprietary information created by or for DoD. Information that is obtained from the contractor (or derived from information obtained from the contractor) under this clause that is created by or for DoD (including the information submitted pursuant to paragraph (c) of this clause) is authorized to be used and released outside of DoD for purposes and activities authorized by paragraph (i) of this clause, and for any other lawful Government purpose or activity, subject to all applicable statutory, regulatory, and policy based restrictions on the Government's use and release of such information.(k) The Contractor shall conduct activities under this clause in accordance with applicable laws and regulations on the interception, monitoring, access, use, and disclosure of electronic communications and data.(l) Other safeguarding or reporting requirements. The safeguarding and cyber incident reporting required by this clause in no way abrogates the Contractor's responsibility for other safeguarding or cyber incident reporting pertaining to its unclassified information systems as required by other applicableclauses of this contract, or as a result of other applicable U.S. Government statutory or regulatory requirements.(m) Subcontracts. The Contractor shall--(1) Include this clause, including this paragraph (m), in subcontracts, or similar contractual instruments, for operationally critical support, or for which subcontract performance will involve covered defense information, including subcontracts for commercial items, without alteration, except to identify the parties. TheContractor shall determine if the information required for subcontractor performance retains its identity as covered defense information and will require protection under this clause, and, if necessary, consult with the Contracting Officer; and(2) Require subcontractors to--(i) Notify the prime Contractor (or next higher-tier subcontractor) when submitting a request to vary from a NIST SP 800-171 security requirement to the Contracting Officer, in accordance with paragraph (b)(2)(ii)(B) of this clause; and (ii) Provide the incident report number, automatically assigned by DoD, to the prime Contractor (or next higher-tier subcontractor) as soon as practicable, when reporting a cyber incident to DoD as required in paragraph (c) of this clause.(End of clause) 252.204-7015 NOTICE OF AUTHORIZED DISCLOSURE OF INFORMATION FOR LITIGATION SUPPORT (MAY 2016)(a) Definitions. As used in this clause--Computer software means computer programs, source code, source code listings, object code listings, design details, algorithms, processes, flow charts, formulae, and related material that would enable the software to be reproduced, recreated, or recompiled. Computer software does not include computer data bases or computer software documentation.Litigation support means administrative, technical, or professional services provided in support of the Government during or in anticipation of litigation.Litigation support contractor means a contractor (including its experts, technical consultants, subcontractors, and suppliers) providing litigation support under a contract that contains the clause at 252.204-7014, Limitations on the Use or Disclosure of Information by Litigation Support Contractors.Sensitive information means controlled unclassified information of a commercial, financial, proprietary, or privileged nature. The term includes technical data and computer software, but does not include information that is lawfully, publicly available without restriction.Technical data means recorded information, regardless of the form or method of the recording, of a scientific or technical nature (including computer software documentation). The term does not include computer software or data incidental to contract administration, such as financial and/or management information.(b) Notice of authorized disclosures. Notwithstanding any other provision of this solicitation or contract, the Government may disclose to a litigation support contractor, for the sole purpose of litigation support activities, any information, including sensitive information, received-(1) Within or in connection with a quotation or offer; or(2) In the performance of or in connection with a contract.(c) Flowdown. Include the substance of this clause, including this paragraph (c), in all subcontracts, including subcontracts for commercial items.(End of clause) 252.244-7000 SUBCONTRACTS FOR COMMERCIAL ITEMS (JUN 2013) (a) The Contractor is not required to flow down the terms of any Defense Federal Acquisition Regulation Supplement (DFARS) clause in subcontracts for commercial items at any tier under this contract, unless so specified in the particular clause.(b) While not required, the Contractor may flow down to subcontracts for commercial items a minimal number of additional clauses necessary to satisfy its contractual obligation.(c) The Contractor shall include the terms of this clause, including this paragraph (c), in subcontracts awarded under this contract, including subcontracts for the acquisition of commercial items.(End of clause) WIDE AREA WORKFLOW PAYMENT INSTRUCTIONS (DEVIATION 2018-A0001) (DEC 2017)(a) Definitions. As used in the clause -(1) "Department of Defense Activity Address Code (DoDAAC)" is a six position code that uniquely identifies a unit, activity, or organization.(2) "Document type" means the type of payment request or receiving report available for creation in Wide Are WorkFlow (WAWF).(3) "Local processing office (LPO)" is the office responsible for payment certification when payment certification is done external to the entitlement system.(b) Electronic invoicing. The WAW system is the method to electronically process vendor payment requests and receiving reports, as authorized by DFARS 252.232-70003, Electronic Submission of Payment Requests and Receiving Reports (DEVIATION 2018-A0001) (DEC 2017).(1) The WAWF system shall be used to electronically process vendor payment requests and receiving reports, in accordance with paragraph (c) through (g) of this clause; or(2) The General Fund Business Enterprise System (GFEBS) Supplier Self-Services (SUS) system shall be used, in accordance with paragraph (h) of this clause, if the Contractor is an authorized participant in GFEBS SUS invoicing pilot program.(c) WAWF access. To access WAWF, the Contractor shall -(1) Have a designated electronic business point of contact in the System for Award Management at https://www.acquisition.gov; and(2) Be registered to use WAWF at https://wawf.eb.mil following the step-by-step procedures for self- registration available at this web site.(d) WAWF training. The Contractor should follow the training instructions of the WAWF Web-Based Training Course and use the Practice Training Site before submitting payment requests through WAWF. Both can be accessed by selecting the "Web Based Training" link on the WAWF home page at https://wawf.eb.mil(e) WAWF methods of document submission. Document submissions may be via web entry, Electronic Data Interchange, or File Transfer Protocol.(f) WAWF payment instructions. The Contractor must use the following information when submitting payment requests and receiving reports in WAWF for this contract/order:(1) Document type. The Contractor shall use the following document type(s).Invoice and Receiving Report (COMBO)(2) Inspection / acceptance location. The Contractor shall select the following inspection/acceptance location(s) in WAWF, as specified by the Contracting Officer.Not Applicable(3) Document routing. The Contractor shall use the information in the Routing Data Table below only to fill in applicable fields in WAWF when creating payment requests and receiving reports in the system.Routing Data Table*Field Name in WAWF Data to be entered in WAWFPay Official DoDDAC HQ0490Issue By DoDAAC W81NWYAdmin DoDAAC W81NWYInspect By DoDAAC W81NWYShip To Code W81NWYShip From Code N/AMark For Code N/AService Approver (DoDAAC) N/AService Acceptor (DoDAAC) N/AAccept at Other DoDAAC N/ALPO DoDAAC N/ADCAA Auditor DoDAAC N/AOther DoDAAC(s) N/A(4) Payment request and supporting documentation. The Contractor shall ensure a payment request includes appropriate contract line item and subline item descriptions of the work performed or supplies delivered, unit price/cost per unit, fee (if applicable), and all relevant back-up documentation as defined in DFARS Appendix F, (e.g. timesheets) in support of each payment request.(5) WAWF Email notification. The Contractor shall enter the e-mail address identified below in the "Send Additional Email Notifications" field of WAWF once a document is submitted in the system.(Contracting Officer: Insert applicable email addresses or "Not applicable.")(g) WAWF Point of contact.(1) The Contractor may obtain clarification regarding invoicing in WAWF from the following contracting activity's WAWF point of contact.(Contracting Officer: Insert applicable information or "Not applicable.")(2) For technical WAWF help, contact the WAWF helpdesk at 866-618-5988.(h) GFEBS SUS.(1) Access. SUS access is obtained by logging into WAWF at http://wawf.eb.mil/ and entering the SUS Pay Official DoDAAC HQ0678 as shown on the signature page of this contract. Contractors authorized to participate in the GFEBS SUS pilot program will be seamlessly routed to the SUS vendor portal.(2) Training. SUS Contractors participating in the GFEBS SUS invoicing pilot program shall be trained by the Army by obtaining training material and guidance at the time of initial contrac award.(3) Payment Instructions. The Contractor will be provided in SUS the purchase order (PO) with the awarded contract information needed for use in submitting receiving report information and payment requests. In the event of a conflict between this contract and the PO displayed in SUS, the contract text takes precedence. The Contractor shall identify all such conflicts to the Contracting Officer promptly in writing upon discovery.(i) Upon receipt of the award, the Contractor shall log into SUS and verify that the SUS PO matches the awarded document or modification. The Contracting office shall be notified of any corrections needed immediately prior to time of invoice. Failure to notify the Contracting Officer in a timely manner in SUS and to ensure action is taken may result in the Contractor being unable to submit a request for payment. When the obligation data cannot be posted or corrected timely, the Contractor may submit a paper invoice and/or receiving report data to the assigned Government acceptor. This submission will serve as the official start of the Prompt Payment Act period for purposes of timely payment and interest calculation. The acceptor will notify both the Contracting Office and Accounts Payable office. Once the error is resolved, the Contractor can submit an invoice in SUS, which will post in GFEBS. To correctly calculate any due interest, a GFEBS Invoice Processor will manually update the invoice baseline date to the invoice submission date on the paper invoice, and attach it for reference.(ii) The Contractor shall submit receiving report information as an "Advanced Ship Notice (ASN)" for supplies or a "Confirmation" for services.(iii) The ASN or Confirmation will be reviewed for acceptance by the designated Contracting Officer's Representative (COR).(iv) The Contractor shall submit the payment request as an invoice created from the associated ASN or Confirmation.(4) Manual transmission. In the event submission of receiving report data or an invoice in SUS is unavailable, the Contractor may submit a receiving report using the DD Form 250 or an invoice to the COR via facsimile or conventional mail.(5) Points of contact.(i) The Contractor may obtain clarification regarding invoicing in SUS from the contracting activity's SUS point of contact.(ii) For technical SUS help, the GFEBS helpdesk may contacted via e-mail at armv.gfebs.helpdesk@mail.mil or by phone at 866-757-9771.(End of clause)52.212-5 CONTRACT TERMS AND CONDITIONS REQUIRED TO IMPLEMENT STATUTES OR EXECUTIVE ORDERS-COMMERCIAL ITEMS (DEVIATION 2018-O0021) (JAN 2019) (a) Comptroller General Examination of Record. The Contractor shall comply with the provisions of this paragraph(a) if this contract was awarded using other than sealed bid, is in excess of the simplified acquisition threshold, and does not contain the clause at 52.215-2, Audit and Records-Negotiation.(1) The Comptroller General of the United States, or an authorized representative of the Comptroller General, shall have access to and right to examine any of the Contractor's directly pertinent records involving transactions related to this contract.(2) The Contractor shall make available at its offices at all reasonable times the records, materials, and other evidence for examination, audit, or reproduction, until 3 years after final payment under this contract or for any shorter period specified in FAR Subpart 4.7, Contractor Records Retention, of the other clauses of this contract. If this contract is completely or partially terminated, the records relating to the work terminated shall be made available for 3 years after any resulting final termination settlement. Records relating to appeals under the disputes clause or to litigation or the settlement of claims arising under or relating to this contract shall be made available until such appeals, litigation, or claims are finally resolved.(3) As used in this clause, records include books, documents, accounting procedures and practices, and other data, regardless of type and regardless of form. This does not require the Contractor to create or maintain any record that the Contractor does not maintain in the ordinary course of business or pursuant to a provision of law.(b)(1) Notwithstanding the requirements of any other clauses of this contract, the Contractor is not required to flow down any FAR clause, other than those in this paragraph (b) (1) in a subcontract for commercial items. Unless otherwise indicated below, the extent of the flow down shall be as required by the clause-(i) 52.203-13, Contractor Code of Business Ethics and Conduct (Oct 2015) (41 U.S.C. 3509).(ii) 52.203-19, Prohibition on Requiring Certain Internal Confidentiality Agreements or Statements (Jan 2017) (section 743 of Division E, Title VII, of the Consolidated and Further Continuing Appropriations Act, 2015 (Pub. L. 113-235) and its successor provisions in subsequent appropriations acts (and as extended in continuing resolutions)).(iii) 52.204-23, Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab and Other Covered Entities (Jul 2018) (Section 1634 of Pub. L. 115-91).(iv) 52.219-8, Utilization of Small Business Concerns (Oct 2018) (15 U.S.C. 637(d)(2) and (3)), in all subcontracts that offer further subcontracting opportunities. If the subcontract (except subcontracts to small business concerns) exceeds $700,000 ($1.5 million for construction of any public facility), the subcontractor must include 52.219-8 in lower tier subcontracts that offer subcontracting opportunities.(v) 52.222-17, Nondisplacement of Qualified Workers (MAY 2014) (E.O. 13495). Flow down required in accordance with paragraph (l) of FAR clause 52.222-17.(vi) 52.222-21, Prohibition of Segregated Facilities (APR 2015).(vii) 52.222-26, Equal Opportunity (Sept 2016) (E.O. 11246).(viii) 52.222-35, Equal Opportunity for Veterans (Oct 2015) (38 U.S.C. 4212). (ix) 52.222-36, Equal Opportunity for Workers with Disabilities (July 2014) (29 U.S.C. 793).(x) 52.222-37, Employment Reports on Veterans (FEB 2016) (38 U.S.C. 4212).(xi) 52.222-40, Notification of Employee Rights Under the National Labor Relations Act (Dec 2010) (E.O. 13496). Flow down required in accordance with paragraph (f) of FAR clause 52.222-40.(xii) 52.222-41, Service Contract Labor Standards (Aug 2018) (41 U.S.C. chapter 67).(xiii)(A) 52.222-50, Combating Trafficking in Persons (Mar 2015) (22 U.S.C. chapter 78 and E.O. 13627).(B) Alternate I (Mar 2015) of 52.222-50 (22 U.S.C. chapter 78 and E.O. 13627).(xiv) 52.222-51, Exemption from Application of the Service Contract Act to Contracts for Maintenance, Calibration, or Repair of Certain Equipment-Requirements (May 2014) (41 U.S.C. chapter 67).(xv) 52.222-53, Exemption from Application of the Service Contract Act to Contracts for Certain Services- Requirements (May 2014) (41 U.S.C. chapter 67).(xvi) 52.222-54, Employment Eligibility Verification (Oct 2015) (E.O. 12989).(xvii) 52.222-55, Minimum Wages Under Executive Order 13658 (Dec 2015).(xviii) 52.222-62 Paid Sick Leave Under Executive Order 13706 (Jan 2017) (E.O. 13706). (xix)(A) 52.224-3, Privacy Training (JAN 2017) (5 U.S.C. 552a).(B) Alternate I (JAN 2017) of 52.224-3.(xx) 52.225-26, Contractors Performing Private Security Functions Outside the United States (Oct 2016) (Section 862, as amended, of the National Defense Authorization Act for Fiscal Year 2008; 10 U.S.C. 2302 Note).(xxi) 52.226-6, Promoting Excess Food Donation to Nonprofit Organizations (May 2014) (42 U.S.C. 1792). Flow down required in accordance with paragraph (e) of FAR clause 52.226-6.(xxii) 52.247-64, Preference for Privately Owned U.S.-Flag Commercial Vessels (Feb 2006) (46 U.S.C. Appx. 1241(b) and 10 U.S.C. 2631). Flow down required in accordance with paragraph (d) of FAR clause 52.247-64.(2) While not required, the contractor may include in its subcontracts for commercial items a minimal number of additional clauses necessary to satisfy its contractual obligations.(End of clause)  STATEMENT OF OBJECTIVESSoftware License, Support, and MaintenanceScope The Contractor shall provide 70 licenses for use, and provide maintenance and support for the Tracs4Life system (hereafter referred to as software) used in support of the Transfusion Services at San Antonio Military Medical Center (SAMMC) Joint Base San Antonio, TX 78234 (hereafter referred to as Government).Software License Requirements Software user licenses: Vendor shall provide role-based access to software for up to 70 discrete users at any time during the period of performance.Software Maintenance Requirements Software Updates and Upgrades:o Vendor shall provide software updates and upgrades released during the term of the maintenance and support period.o Government will receive any software updates and upgrades released by Vendor as scheduled.o All updates and upgrades will be coordinated with Government prior to implementation.o Government is also entitled to receive documentation and minor enhancements as Vendor makes them available during the term of this software maintenance and support period. Implementation Services and Upgrades:o Vendor shall ensure that Government receives services to implement the software effectively following Updates and/or Upgrades.o Services may include but are not limited to user training, administrator training, software programming and project management. The Vendor shall obtain approval from the Government Contracting Officer prior to incurring any additional cost to the Government.Software Support Requirements Software Support:o Vendor shall provide support between the hours of 8:00 a.m. to 5:00 p.m. Central Time Monday through Friday (excluding holidays).o Vendor shall diagnose and resolve any issues concerning the software via telephone, email, and/or fax support. Telephone help support shall be provided when Government requests assistance.o The Government shall determine if the request for vendor support requires an Emergency or Non- emergency response based on mission impact. Emergency Support:o Emergency support is provided between the hours of 8:00 a.m. to 5:00 p.m. Central Time Monday through Friday (excluding holidays). An Emergency Support call is authorized when the software fails to operate in accordance with the system's specifications, and the failure is of such a nature as to prevent the continuation of the day-to-day business operations of Government, and for which no immediate workaround is available.o Vendor shall make efforts to assist the Government in becoming operational and shall reply to all Emergency Support calls within one (1) hour following receipt of the call. Non-Emergency Support:o Vendor shall reply to Government for Non-Emergency support calls within four (4) hours following receipt of the call. Business-to-Business agreementso Vendor shall maintain proficiency on all Business-to-Business (B2B) agreements with the Government.o Vendor shall comply with all Department of Defense security requirements referenced in the B2B agreement.Contractor Manpower Reporting The Office of the Assistant Secretary of the Army (Manpower & Reserve Affairs) operates and maintains a secure Army data collection site where the contractor will report ALL contractor manpower (including subcontractor manpower) required for performance of this contract. The contractor is required to completely fill in all the information in the format using the following web address: https://contractormanpower.army.pentagon.mil. The required information includes:(1) Contracting Office, Contracting Officer, Contracting Officer's Technical Representative;(2) Contract number, including task and delivery order number;(3) Beginning and ending dates covered by reporting period;(4) Contractor name, address, phone number, e-mail address, identity of contractor employee entering data;(5) Estimated direct labor hours (including sub-contractors);(6) Estimated direct labor dollars paid this reporting period (including sub- contractors);(7) Total payments (including sub-contractors);(8) Predominant Federal Service Code (FSC) reflecting services provided by contractor (and separate predominant FSC for each sub-contractor if different);(9) Estimated data collection cost;(10) Organizational title associated with the Unit Identification Code (UIC) for the Army Requiring Activity (the Army Requiring Activity is responsible for providing the contractor with its UCI for the purposes of reporting this information);(11) Locations where contractor and subcontractors perform the work) specified by zip code in the United States and nearest city, country, when in an overseas location, using standardized nomenclature provided on website);(12) Presence of deployment or contingency contract language; and(13) Number of contractor and sub-contractor employees deployed in theater this reporting period (by country).As part of its submission, the contractor will also provide the estimated total cost (if any) incurred to comply with this reporting requirement. Reporting period will be the period of performance not to exceed 12 months ending 30 September of each government fiscal year and must be reported by 31 October of each calendar year. Contractors may use a direct XML data transfer to the database server or fill in the fields on the website. The XML direct transfer is a format for transferring files from a contractor's systems to the secure web site without the need for separate data entries for each required data element at the web site. The specific formats for the XML direct transfer may be downloaded from the web site.(END)HIPAANon-Defense Health Agency (Non-DHA) Health Insurance Portability and Accountability Act (HIPAA) Business Associate Agreement (BAA) (7 July 2014)IntroductionIn accordance with 45 CFR 164.502(e)(2) and 164.504(e) and paragraph C.3.4.1.3 of DoD 6025.18-R, "DoD Health Information Privacy Regulation," January 24, 2003, this document serves as a BAA between the signatory parties for purposes of the HIPAA and the "HITECH Act" amendments thereof, as implemented by the HIPAA Rules and DoD HIPAA Issuances (both defined below). The parties are a DoD Military Health System (MHS) component, acting as a HIPAA covered entity, and a DoD contractor, acting as a HIPAA business associate. The HIPAA Rules require BAAs between covered entities and business associates. Implementing this BAA requirement, the applicable DoD HIPAA Issuance (DoD 6025.18-R, paragraph C3.4.1.3) provides that requirements applicable to business associates must be incorporated (or incorporated by reference) into the contract or agreement between the parties.(a) Catchall Definition. Except as provided otherwise in this BAA, the following terms used in this BAA shall have the same meaning as those terms in the DoD HIPAA Rules: Data Aggregation, Designated Record Set, Disclosure, Health Care Operations, Individual, Minimum Necessary, Notice of Privacy Practices (NoPP), Protected Health Information (PHI), Required By Law, Secretary, Security Incident, Subcontractor, Unsecured Protected Health Information, and Use.- Breach means actual or possible loss of control, unauthorized disclosure of or unauthorized access to PHI or other PII (which may include, but is not limited to PHI), where persons other than authorized users gain access or potential access to such information for any purpose other than authorized purposes, where one or more individuals will be adversely affected. The foregoing definition is based on the definition of breach in DoD Privacy Act Issuances as defined herein.- Business Associate shall generally have the same meaning as the term "business associate" in the DoD HIPAA Issuances, and in reference to this BAA, shall mean [insert name of Business Associate signatory to this BAA].- Agreement means this BAA together with the documents and/or other arrangements under which the Business Associate signatory performs services involving access to PHI on behalf of the MHS component signatory to this BAA.- Covered Entity shall generally have the same meaning as the term "covered entity" in the DoD HIPAA Issuances, and in reference to this BAA, shall mean [insert name of MHS component signatory to this BAA].- DHA Privacy Office means the DHA Privacy and Civil Liberties Office. The DHA Privacy Office Director is the HIPAA Privacy and Security Officer for DHA, including the National Capital Region Medical Directorate (NCRMD).- DoD HIPAA Issuances means the DoD issuances implementing the HIPAA Rules in the DoD Military Health System (MHS). These issuances are DoD 6025.18-R (2003), DoDI 6025.18 (2009), and DoD 8580.02-R (2007).- DoD Privacy Act Issuances means the DoD issuances implementing the Privacy Act, which are DoDD 5400.11 (2007) and DoD 5400.11-R (2007).- HHS Breach means a breach that satisfies the HIPAA Breach Rule definition of breach in 45 CFR 164.402.- HIPAA Rules means, collectively, the HIPAA Privacy, Security, Breach and Enforcement Rules, issued by theU.S. Department of Health and Human Services (HHS) and codified at 45 CFR Part 160 and Part 164, Subpart E (Privacy), Subpart C (Security), Subpart D (Breach) and Part 160, Subparts C-D (Enforcement), as amended by the 2013 modifications to those Rules, implementing the "HITECH Act" provisions of Pub. L. 111-5. See 78 FR 5566- 5702 (Jan. 25, 2013) (with corrections at 78 FR 32464 (June 7, 2013)). Additional HIPAA rules regarding electronic transactions and code sets (45 CFR Part 162) are not addressed in this BAA and are not included in the term HIPAA Rules.- Service-Level Privacy Office means one or more offices within the military services (Army, Navy, or Air Force) with oversight authority over Privacy Act and HIPAA privacy compliance.I. Obligations and Activities of Business Associate(a) The Business Associate shall not use or disclose PHI other than as permitted or required by the Agreement or as required by law.(b) The Business Associate shall use appropriate safeguards, and comply with the DoD HIPAA Rules with respect to electronic PHI, to prevent use or disclosure of PHI other than as provided for by the Agreement.(c) The Business Associate shall report to Covered Entity any Breach of which it becomes aware, and shall proceed with breach response steps as required by Part V of this BAA. With respect to electronic PHI, the Business Associate shall also respond to any security incident of which it becomes aware in accordance with any Information Assurance provisions of the Agreement. If at any point the Business Associate becomes aware that a security incident involves a Breach, the Business Associate shall immediately initiate breach response as required by part V of this BAA.(d) In accordance with 45 CFR 164.502(e)(1)(ii)) and 164.308(b)(2), respectively), as applicable, the Business Associate shall ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to the Business Associate with respect to such PHI.(e) The Business Associate shall make available PHI in a Designated Record Set, to the Covered Entity or, as directed by the Covered Entity, to an Individual, as necessary to satisfy the Covered Entity obligations under 45 CFR 164.524.(f) The Business Associate shall make any amendment(s) to PHI in a Designated Record Set as directed or agreed to by the Covered Entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy Covered Entity's obligations under 45 CFR 164.526.(g) The Business Associate shall maintain and make available the information required to provide an accounting of disclosures to the Covered Entity or an individual as necessary to satisfy the Covered Entity's obligations under 45 CFR 164.528.(h) To the extent the Business Associate is to carry out one or more of Covered Entity's obligation(s) under the HIPAA Privacy Rule, the Business Associate shall comply with the requirements of HIPAA Privacy Rule that apply to the Covered Entity in the performance of such obligation(s); and (i) The Business Associate shall make its internal practices, books, and records available to the Secretary for purposes of determining compliance with the HIPAA Rules.II. Permitted Uses and Disclosures by Business Associate(a) The Business Associate may only use or disclose PHI as necessary to perform the services set forth in the Agreement or as required by law. The Business Associate is not permitted to de-identify PHI under DoD HIPAA issuances or the corresponding 45 CFR 164.514(a)-(c), nor is it permitted to use or disclose de-identified PHI, except as provided by the Agreement or directed by the Covered Entity.(b) The Business Associate agrees to use, disclose and request PHI only in accordance with the HIPAA Privacy Rule "minimum necessary" standard and corresponding DHA policies and procedures as stated in the DoD HIPAA Issuances.(c) The Business Associate shall not use or disclose PHI in a manner that would violate the DoD HIPAA Issuances or HIPAA Privacy Rules if done by the Covered Entity, except uses and disclosures for the Business Associate's own management and administration and legal responsibilities or for data aggregation services as set forth in the following three paragraphs.(d) Except as otherwise limited in the Agreement, the Business Associate may use PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate. The foregoing authority to use PHI does not apply to disclosure of PHI, which is covered in the next paragraph.(e) Except as otherwise limited in the Agreement, the Business Associate may disclose PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate, provided that disclosures are required by law, or the Business Associate obtains reasonable assurances from the person to whom the PHI is disclosed that it will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.(f) Except as otherwise limited in the Agreement, the Business Associate may use PHI to provide Data Aggregation services relating to the Covered Entity's health care operations.III. Provisions for Covered Entity to Inform Business Associate of Privacy Practices and Restrictions(a) The Covered Entity shall provide the Business Associate with the notice of privacy practices that the Covered Entity produces in accordance with 45 CFR 164.520 and the corresponding provision of the DoD HIPAA Issuances.(b) The Covered Entity shall notify the Business Associate of any changes in, or revocation of, the permission by an Individual to use or disclose his or her PHI, to the extent that such changes affect the Business Associate's use or disclosure of PHI.(c) The Covered Entity shall notify the Business Associate of any restriction on the use or disclosure of PHI that the Covered Entity has agreed to or is required to abide by under 45 CFR 164.522, to the extent that such changes may affect the Business Associate's use or disclosure of PHI.IV. Permissible Requests by Covered EntityThe Covered Entity shall not request the Business Associate to use or disclose PHI in any manner that would not be permissible under the HIPAA Privacy Rule or any applicable Government regulations (including without limitation, DoD HIPAA Issuances) if done by the Covered Entity, except for providing Data Aggregation services to the Covered Entity and for management and administrative activities of the Business Associate as otherwise permitted by this BAA.V. Breach Response(a) In general.In the event of a breach of PII/PHI held by the Business Associate, the Business Associate shall follow the breach response requirements set forth in this Part V, which is designed to satisfy both the Privacy Act and HIPAA as applicable. If a breach involves PII without PHI, then the Business Associate shall comply with DoD Privacy Act Issuance breach response requirements only; if a breach involves PHI (a subset of PII), then the Business Associate shall comply with both Privacy Act and HIPAA breach response requirements. A breach involving PHI may or may not constitute an HHS Breach. If a breach is not an HHS Breach, then the Business Associate has no HIPAA breach response obligations. In such cases, the Business Associate must still comply with breach response requirements under the DoD Privacy Act Issuances.If the DHA Privacy Office determines that a breach is an HHS Breach, then the Business Associate shall comply with both the HIPAA Breach Rule and DoD Privacy Act Issuances, as directed by the DHA Privacy Office, regardless of whether the breach occurs at DHA or at one of the Service components. If the DHA Privacy Office determines that the breach does not constitute an HHS Breach, then the Business Associate shall comply with DoD Privacy Act Issuances, as directed by the applicable Service-Level Privacy Office. The Business Associate shall contact the Covered Entity for guidance when the incident is not an HHS Breach.This Part V is designed to satisfy the DoD Privacy Act Issuances and the HIPAA Breach Rule as implemented by the DoD HIPAA Issuances. In general, for breach response, the Business Associate shall report the breach to the Covered Entity, assess the breach incident, notify affected individuals, and take mitigation actions as applicable. Because DoD defines "breach" to include possible (suspected) as well as actual (confirmed) breaches, the Business Associate shall implement these breach response requirements immediately upon the Business Associate's discovery of a possible breach.(b) Government Reporting ProvisionsThe Business Associate shall report the breach within one hour of discovery to the Covered Entity and to the US Computer Emergency Readiness Team (US CERT) -the other parties as deemed appropriate by the Covered Entity. The Business Associate is deemed to have discovered a breach as of the time a breach (suspected or confirmed) is known, or by exercising reasonable diligence would have been known, to any person (other than the person committing it) who is an employee, officer or other agent of the Business Associate.The Business Associate shall submit the US-CERT report using the online form at https://forms.us-cert.gov/report/. Before submission to US-CERT, the Business Associate shall save a copy of the on-line report. After submission, the Business Associate shall record the US-CERT Reporting Number. Although only limited information about the breach may be available as of the one hour deadline for submission, the Business Associate shall submit the US- CERT report by the deadline. The Business Associate shall e-mail updated information as it is obtained, following the instructions at http://www.us-cert.gov/pgp/email.html. The Business Associate shall provide a copy of the initial or updated US-CERT report to the -Covered Entity and the applicable Service-Level Privacy Office, if requested by either. Business Associate questions about US-CERT reporting shall be directed to the Covered Entity or Service- Level Privacy Office, not the US-CERT office.The additional US Army and the US Army Medical Command (MEDCOM) reporting requirements are addressed in the PII Breach Reporting and Notification Policy. The latest version of this policy can be obtained from the Covered Entity or the MEDCOM Privacy Act/Freedom of Information Act (FOIA) Office at: usarmy.jbsa.medcom.list.medcom-foia-users@mail.mil . If multiple beneficiaries are affected by a single event or related set of events, then a single reportable breach may be deemed to have occurred, depending on the circumstances. The Business Associate shall inform the Covered Entity as soon as possible if it believes that "single event" breach response is appropriate; the Covered Entity will determine how the Business Associate shall proceed and, if appropriate, consolidate separately reported breaches for purposes of Business Associate report updates, beneficiary notification, and mitigation.When a Breach Report initially submitted is incomplete or incorrect due to unavailable information, or when significant developments require an update, the Business Associate shall submit a revised form or forms, stating the updated status and previous report date(s) and showing any revisions or additions in red text. Examples of updated information the Business Associate shall report include, but are not limited to: confirmation on the exact data elements involved, the root cause of the incident, and any mitigation actions to include, sanctions, training, incident containment, follow-up, etc. The Business Associate shall submit these report updates promptly after the new information becomes available. Prompt reporting of updates is required to allow the Covered Entity to make timely final determinations on any subsequent notifications or reports. The Business Associate shall provide updates to the same parties as required for the initial Breach Report. The Business Associate is responsible for reporting all information needed by the Covered Entity to make timely and accurate determinations on reports to HHS as required by the HHS Breach Rule and reports to the Defense Privacy and Civil Liberties Office as required by DoD Privacy Act Issuances.In the event the Business Associate is uncertain on how to apply the above requirements, the Business Associate shall consult with the Covered Entity (or the Service-Level Privacy Office, which will consult with the DHA Privacy Office as appropriate) when determinations on applying the above requirements are needed.(c) Individual Notification ProvisionsIf the DHA Privacy Office determines that individual notification is required, the Business Associate shall provide written notification to individuals affected by the breach as soon as possible, but no later than 10 working days after the breach is discovered and the identities of the individuals are ascertained. The 10 day period begins when the Business Associate is able to determine the identities (including addresses) of the individuals whose records were impacted. The Business Associate's proposed notification to be issued to the affected individuals shall be submitted to the parties to which reports are submitted under paragraph V (a) for their review, and for approval by the DHA Privacy Office. Upon request, the Business Associate shall provide the DHA Privacy Office with the final text of the notification letter sent to the affected individuals. If different groups of affected individuals receive different notification letters, then the Business Associate shall provide the text of the letter for each group. (PII shall not be included with the text of the letter(s) provided.) Copies of further correspondence with affected individuals need not be provided unless requested by the Privacy Office. The Business Associate's notification to the individuals, at a minimum, shall include the following:- The individual(s) must be advised of what specific data was involved. It is insufficient to simply state that PII has been lost. Where names, Social Security Numbers (SSNs) or truncated SSNs, and Dates of Birth (DOBs) are involved, it is critical to advise the individual that these data elements potentially have been breached.- The individual(s) must be informed of the facts and circumstances surrounding the breach. The description should be sufficiently detailed so that the individual clearly understands how the breach occurred.- The individual(s) must be informed of what protective actions the Business Associate is taking or the individual can take to mitigate against potential future harm. The notice must refer the individual to the current Federal Trade Commission (FTC) web site pages on identity theft and the FTC's Identity Theft Hotline, toll-free: 1-877-ID- THEFT (438-4338); TTY: 1-866-653-4261.- The individual(s) must also be informed of any mitigation support services (e.g., one year of free credit monitoring, identification of fraud expense coverage for affected individuals, provision of credit freezes, etc.) that the Business Associate may offer affected individuals, the process to follow to obtain those services and the period of time the services will be made available, and contact information (including a phone number, either direct or toll- free, e-mail address and postal address) for obtaining more information.Business Associates shall ensure any envelope containing written notifications to affected individuals are clearly labeled to alert the recipient to the importance of its contents, e.g., "Data Breach Information Enclosed," and that the envelope is marked with the identity of the Business Associate and/or subcontractor organization that suffered the breach. The letter must also include contact information for a designated POC to include, phone number, email address, and postal address.If the Business Associate determines that it cannot readily identify, or will be unable to reach, some affected individuals within the 10 day period after discovering the breach, the Business Associate shall so indicate in the initial or updated Breach Report. Within the 10 day period, the Business Associate shall provide the approved notification to those individuals who can be reached. Other individuals must be notified within 10 days after their identities and addresses are ascertained. The Business Associate shall consult with the DHA Privacy Office, which will determine which media notice is most likely to reach the population not otherwise identified or reached. The Business Associate shall issue a generalized media notice(s) to that population in accordance with Privacy Office approval.The Business Associate shall, at no cost to the government, bear any costs associated with a breach of PII/PHI that the Business Associate has caused or is otherwise responsible for addressing.Breaches are not to be confused with security incidents (often referred to as cyber security incidents when electronic information is involved), which may or may not involve a breach of PII/PHI. In the event of a security incident not involving a PII/PHI breach, the Business Associate shall follow applicable DoD Information Assurance requirements under its Agreement. If at any point the Business Associate finds that a cyber security incident involves a PII/PHI breach (suspected or confirmed), the Business Associate shall immediately initiate the breach response procedures set forth here. The Business Associate shall also continue to follow any required cyber security incident response procedures to the extent needed to address security issues, as determined by DoD/DHA.VI. Termination(a) Termination. Noncompliance by the Business Associate (or any of its staff, agents, or subcontractors) with any requirement in this BAA may subject the Business Associate to termination under any applicable default or other termination provision of the Agreement.(b) Effect of Termination.(1) If the Agreement has records management requirements, the Business Associate shall handle such records in accordance with the records management requirements. If the Agreement does not have records management requirements, the records should be handled in accordance with paragraphs (2) and (3) below. If the Agreement has provisions for transfer of records and PII/PHI to a successor Business Associate, or if DHA gives directions for such transfer, the Business Associate shall handle such records and information in accordance with such Agreement provisions or DHA direction. (2) If the Agreement does not have records management requirements, except as provided in the following paragraph (3), upon termination of the Agreement, for any reason, the Business Associate shall return or destroy all PHI received from the Covered Entity, or created or received by the Business Associate on behalf of the Covered Entity that the Business Associate still maintains in any form. This provision shall apply to PHI that is in the possession of subcontractors or agents of the Business Associate. The Business Associate shall retain no copies of the PHI.(3) If the Agreement does not have records management provisions and the Business Associate determines that returning or destroying the PHI is infeasible, the Business Associate shall provide to the Covered Entity notification of the conditions that make return or destruction infeasible. Upon mutual agreement of the Covered Entity and the Business Associate that return or destruction of PHI is infeasible, the Business Associate shall extend the protections of the Agreement to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as the Business Associate maintains such PHI.VII. Miscellaneous(a) Survival. The obligations of Business Associate under the "Effect of Termination" provision of this BAA shall survive the termination of the Agreement.(b) Interpretation. Any ambiguity in the Agreement shall be resolved in favor of a meaning that permits the Covered Entity and the Business Associate to comply with the HIPAA Rules and the DoD HIPAA Rules.(End of HCAA Local Clause 5001)  CLAUSES INCORPORATED BY REFERENCE 52.212-1 (Dev) Instructions to Offerors - Commercial Items. (DEVIATION 2018-O0018)OCT 201852.212-1 ADDENDUMVolume I. Administrative.All offerors shall provide the following items:• Completed SF 1449: Blocks 12, 17 (to include CAGE code and DUNS number), 30A - C• Completed SF 30: Blocks 8, 15A - C (for all amendments issued, if any)• Point of Contact Information (Name, Telephone Number, Fax Number, and Email)• Statement that the offeror will hold its quote firm for at least 90 days from the due date for receipt of quotes, subject to any changes that may occur as a result of discussions (if applicable).• Completed provisions, as listed in the solicitation. Alternately, complete all provisions in SAM and provide confirmation of completion and accuracy with offer.Potential contractors must be registered in the System for Award Management (SAM) to be eligible for award. The SAM website is http://www.sam.gov.Volume II. Technical CapabilityTechnical Capability. These parts of the technical proposal shall be addressed in sufficient written detail for the Government to determine if the offeror understands this aspect of the Government's requirement. Statements that the offeror understands, can or will comply with all specifications, or statements paraphrasing the specifications of parts thereof, or phrases such as "standard procedures will be used" or "well-known techniques will be used" will be considered unacceptable. Insufficient explanations may result in your offer receiving an UNACCEPTABLE rating. Volume III. PricePrice. The offeror shall submit a unit price for each CLIN, as well as the extended price (i.e., unit price multiplied by quantity) in column F. A unit price shall be submitted for each line item, as well as the extended price (i.e., unit price multiplied by quantity). Travel costs are subject to Federal Acquisition Regulation (FAR) part 31.205-46 and 52.212-4. The non-FAR Part 12 discretionary FAR, DFARS, AFARS, and LOCAL provisions included herein are incorporated into this solicitation either by reference or in full text. If incorporated by reference, see provision 52.252-1 herein for locations where full text can be found.(End of Addendum)CLAUSES INCORPORATED BY REFERENCE52.204-7 System for Award Management OCT 201852.204-16 Commercial and Government Entity Code Reporting JUL 2016CLAUSES INCORPORATED BY FULL TEXT52.209-2 PROHIBITION ON CONTRACTING WITH INVERTED DOMESTIC CORPORATIONS-- REPRESENTATION (NOV 2015)(a) Definitions. Inverted domestic corporation and subsidiary have the meaning given in the clause of this contract entitled Prohibition on Contracting with Inverted Domestic Corporations (52.209-10).(b) Government agencies are not permitted to use appropriated (or otherwise made available) funds for contracts with either an inverted domestic corporation, or a subsidiary of an inverted domesticcorporation, unless the exception at 9.108-2(b) applies or the requirement is waived in accordance with the procedures at 9.108-4.(c) Representation. The Offeror represents that--(1) It [] is, [] is not an inverted domestic corporation; and(2) It [] is, [] is not a subsidiary of an inverted domestic corporation.(End of provision) 52.209-11 REPRESENTATION BY CORPORATIONS REGARDING DELINQUENT TAX LIABILITY OR A FELONY CONVICTION UNDER ANY FEDERAL LAW (FEB 2016)(a) As required by sections 744 and 745 of Division E of the Consolidated and Further Continuing Appropriations Act, 2015 (Pub. L. 113-235), and similar provisions, if contained in subsequent appropriations acts, the Government will not enter into a contract with any corporation that--(1) Has any unpaid Federal tax liability that has been assessed, for which all judicial and administrative remedies have been exhausted or have lapsed, and that is not being paid in a timely manner pursuant to an agreement with the authority responsible for collecting the tax liability, where the awarding agency is aware of the unpaid tax liability, unless an agency has considered suspension or debarment of the corporation and made a determination that suspension or debarment is not necessary to protect the interests of the Government; or(2) Was convicted of a felony criminal violation under any Federal law within the preceding 24 months, where the awarding agency is aware of the conviction, unless an agency has considered suspension or debarment of the corporation and made a determination that this action is not necessary to protect the interests of the Government.(b) The Offeror represents that--(1) It is [ ] is not [ ] a corporation that has any unpaid Federal tax liability that has been assessed, for which all judicial and administrative remedies have been exhausted or have lapsed, and that is not being paid in a timely manner pursuant to an agreement with the authority responsible for collecting the tax liability; and(2) It is [ ] is not [ ] a corporation that was convicted of a felony criminal violation under a Federal law within the preceding 24 months.(End of provision) 52.252-1 SOLICITATION PROVISIONS INCORPORATED BY REFERENCE (FEB 1998)This solicitation incorporates one or more solicitation provisions by reference, with the same force and effect as if they were given in full text. Upon request, the Contracting Officer will make their full text available. The offeror is cautioned that the listed provisions may include blocks that must be completed by the offeror and submitted with its quotation or offer. In lieu of submitting the full text of those provisions, the offeror may identify the provision by paragraph identifier and provide the appropriate information with its quotation or offer. Also, the full text of a solicitation provision may be accessed electronically at this/these address(es):https://www.acquisition.gov/(End of provision)52.252-5 AUTHORIZED DEVIATIONS IN PROVISIONS (APR 1984)(a) The use in this solicitation of any Federal Acquisition Regulation (48 CFR Chapter 1) provision with an authorized deviation is indicated by the addition of"(DEVIATION)" after the date of the provision.(b) The use in this solicitation of any DoD FAR Supplement (48 CFR Chapter 2) provision with an authorized deviation is indicated by the addition of "(DEVIATION)" after the name of the regulation.(End of provision)252.203-7005 REPRESENTATION RELATING TO COMPENSATION OF FORMER DOD OFFICIALS (NOV2011)(a) Definition. Covered DoD official is defined in the clause at 252.203-7000, Requirements Relating to Compensation of Former DoD Officials.(b) By submission of this offer, the offeror represents, to the best of its knowledge and belief, that all covered DoD officials employed by or otherwise receiving compensation from the offeror, and who are expected to undertake activities on behalf of the offeror for any resulting contract, are presently in compliance with all post-employment restrictions covered by 18 U.S.C. 207, 41 U.S.C. 2101-2107, and 5 CFR parts 2637 and 2641, including Federal Acquisition Regulation 3.104-2.(End of provision)  252.204-7008 COMPLIANCE WITH SAFEGUARDING COVERED DEFENSE INFORMATION CONTROLS (OCT 2016)(a) Definitions. As used in this provision--Controlled technical information, covered contractor information system, covered defense information, cyber incident, information system, and technical information are defined in clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting.(b) The security requirements required by contract clause 252.204-7012 shall be implemented for all covered defense information on all covered contractor information systems that support the performance of this contract.(c) For covered contractor information systems that are not part of an information technology service or system operated on behalf of the Government (see 252.204-7012(b)(2))--(1) By submission of this offer, the Offeror represents that it will implement the security requirements specified by National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, ``Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations'' (see http://dx.doi.org/10.6028/NIST.SP.800-171) that are in effect at the time the solicitation is issued or as authorized by the contracting officer not later than December 31, 2017.(2)(i) If the Offeror proposes to vary from any of the security requirements specified by NIST SP 800-171 that are in effect at the time the solicitation is issued or as authorized by the Contracting Officer, the Offeror shallsubmit to the Contracting Officer, for consideration by the DoD Chief Information Officer (CIO), a written explanation of-(A) Why a particular security requirement is not applicable; or(B) How an alternative but equally effective, security measure is used to compensate for the inability to satisfy a particular requirement and achieve equivalent protection.(ii) An authorized representative of the DoD CIO will adjudicate offeror requests to vary from NIST SP 800-171 requirements in writing prior to contract award. Any accepted variance from NIST SP 800-171 shall be incorporated into the resulting contract.(End of provision) 52.212-2 EVALUATION--COMMERCIAL ITEMS (OCT 2014)(a) See 52.212-2 Addendum(b) Options. The Government will evaluate offers for award purposes by adding the total price for all options to the total price for the basic requirement. The Government may determine that an offer is unacceptable if the option prices are significantly unbalanced. Evaluation of options shall not obligate the Government to exercise the option(s).(c) A written notice of award or acceptance of an offer, mailed or otherwise furnished to the successful offeror within the time for acceptance specified in the offer, shall result in a binding contract without further action by either party. Before the offer's specified expiration time, the Government may accept an offer (or part of an offer), whether or not there are negotiations after its receipt, unless a written notice of withdrawal is received before award.(End of provision)52.212-2 ADDENDUMAward will be made using the lowest price technically acceptable (LPTA) source selection process. Award will be made to the responsible offeror on the basis of the lowest evaluated price of proposals meeting or exceeding the acceptability standards for non-cost factors. Award may be made without discussions with offerors (except communications conducted for the purpose of minor clarification). Therefore, each initial offer should contain the offeror's best terms from a technical and price standpoint. However, the Government reserves the right to conduct discussions if it is later determined by the contracting officer to be necessary.Paragraph (a) is hereby replaced with the following: Technical acceptability and Price1. Technical acceptability: Explain your firm's capability, to include any processes currently in place, that will ensure the specification identified in Performance Work Statement, are met. Statements that the offeror understands, can or will comply with all specifications, or statements paraphrasing the specifications of parts thereof, or phrases such as "standard procedures will be used" or "well-known techniques will be used", will be considered insufficient.The Government will award a contract resulting from this solicitation to the responsible offeror whose offer conforming to the solicitation is Lowest Price, Technically Acceptable (LPTA). Award will be made on all or nothing basis. The following evaluation factors shall be used to evaluate offers:Technical Acceptability: The following adjectival ratings will be used in evaluating the offeror's technical quote:Acceptable - To receive this rating, the offerors product shall meet each of the performance objectives set forth in the solicitation.Unacceptable - An unacceptable rating will be assessed on any offeror that presents items that demonstrate any of the following:   requirementa) Failure to meet each of the performance objectives set forth in the solicitation.b) Failure to qualify the "yes" or "no" response of each performance objectives in sufficient detail for the Government to determine whether the offer satisfactorily meets the requirements of this solicitation.c) Failure to provide capability statement supporting thisBidder must meet the following evaluating factors:Evaluation Factors:Factor 1 - Technical CapabilitySubfactor 1A. - System RequirementsSubfactor 1B. Statement of Objectives complianceEvaluation Criteria:Subfactor 1A. - System Requirements1. System must be capable of tracking and bi-directional traceability of all implantable products from initial order, through receipt, implant, and any adverse reactions or recalls with UID Complaint Tracking and Tracing.2. System must provide for a minimum of 70 licenses for use within the facility. System must be web-based, with technical support and software updates included in the price of the subscription.3. System must be able to support multi-departmental involvement in tissue management to provide an audit trail for Joint Commission surveys and other reports.4. System must have automatic data entry, such as through barcode scanning (i.e., no manual entry).5. System must be able to link medical records with the implanted product.Subfactor 1B. - Statement of Objectives complianceOfferors must explain in detail how your firm intends to the meet the Government's requirements as outlined in the Statement of Objectives. Scheduled Services, Unscheduled Services, Software updates and Administrative Controls shall be addressed in detail.This part of the technical capability shall be addressed in sufficient written detail for the Government to determine using independent judgment if the offeror understands this aspect of the Government's requirement. Statements that the offeror understands, can or will comply with all specifications, or statements paraphrasing the specifications of parts thereof, or phrases such as "standard procedures will be used" or "well-known techniques will be used" will result in the Subfactor being rated UNACCEPTABLE. Insufficient explanations may result in your offer receiving an UNACCEPTABLE rating. The technical proposal shall not exceed 20 pages.Factor 2 - PriceOnly those quotes that have received a Technically Acceptable rating on Technical Capability, Past Performance, and Subcontracting Plans will be evaluated on Price. A proposal unrealistically low in price may be grounds for eliminating a proposal and will be determined by the Government to be indicative of failure to be consistent with the offeror's written technical capability approach and/or indicative of a failure to comprehend the complexity and risks of the proposed contractual requirement. Price will beevaluated using various price analysis techniques and procedures IAW FAR 15.404-1(b) including, but not limited to, comparison of proposed price received in response to the solicitation with a comparison to the Independent Government Cost Estimate (IGCE).A. Pricing will be reviewed to determine fairness and reasonableness.B. Options. The Government will evaluate offers for award purposes by adding the total price for all options to the total price for the basic requirement. The Government may determine that an offer is unacceptable if the option prices are significantly unbalanced. Evaluation of options shall not obligate the Government to exercise the option(s).C. FAR 52.217-8 Extension of Services. Given that FAR 52.217-8 Option to Extend Services, provides that the government may exercise the Option to Extend Services at the rates specified in the contract (i.e., the rates in effect when the Extension of Services option is exercised), for purposes of evaluating the Option to Extend Services, the Contracting Officer will consider the prices submitted for the base year and each option year, since those are the binding prices should the Option to Extend Services beexercised.Vendor must submit their quotes to the following address:Regional Health Contracting Office - Central MCAA-S Attn: Marc Flores3551 Roger Brooke Drive, Room L31-9VFort Sam Houston, TX 78234-6200Proposals must be submitted on time to the mailing address above, or by fax to (210)221-3365 Attn: Marc Flores or by e-mail to marc.a.flores3.civ@mail.milEvaluation Process: All quotes will be evaluated on their prices and technical acceptability. The award decision will be based on the lowest priced technically acceptable quote.Potential contractor must be registered in the System for Award Management (SAM) to be eligible for award. The SAM website is https://www.sam.gov.(End of provision)CLAUSES INCORPORATED BY FULL TEXT52.212-3 OFFEROR REPRESENTATIONS AND CERTIFICATIONS--COMMERCIAL ITEMS (OCT 2018) ALTERNATE I (OCT 2014)The Offeror shall complete only paragraph (b) of this provision if the Offeror has completed the annual representations and certification electronically in the System for Award Management (SAM) accessed through https://www.sam.gov. If the Offeror has not completed the annual representations and certifications electronically, the Offeror shall complete only paragraphs (c) through (u)) of this provision.(a) Definitions. As used in this provision--"Economically disadvantaged women-owned small business (EDWOSB) concern" means a small business concern that is at least 51 percent directly and unconditionally owned by, and the management and daily business operations of which are controlled by, one or more women who are citizens of the United States and who are economically disadvantaged in accordance with 13 CFR part 127. It automatically qualifies as a women-owned small business eligible under the WOSB Program."Forced or indentured child labor" means all work or service-(1) Exacted from any person under the age of 18 under the menace of any penalty for its nonperformance and for which the worker does not offer himself voluntarily; or(2) Performed by any person under the age of 18 pursuant to a contract the enforcement of which can be accomplished by process or penalties."Highest-level owner" means the entity that owns or controls an immediate owner of the offeror, or that owns or controls one or more entities that control an immediate owner of the offeror. No entity owns or exercises control of the highest level owner."Immediate owner" means an entity, other than the offeror, that has direct control of the offeror. Indicators of control include, but are not limited to, one or more of the following: Ownership or interlocking management, identity of interests among family members, shared facilities and equipment, and the common use of employees."Inverted domestic corporation," means a foreign incorporated entity that meets the definition of an inverted domestic corporation under 6 U.S.C. 395(b), applied in accordance with the rules and definitions of 6 U.S.C. 395(c)."Manufactured end product" means any end product in product and service codes (PSCs) 1000-9999, except-(1) PSC 5510, Lumber and Related Basic Wood Materials;(2) Product or Service Group (PSG) 87, Agricultural Supplies;(3) PSG 88, Live Animals;(4) PSG 89, Subsistence;(5) PSC 9410, Crude Grades of Plant Materials;(6) PSC 9430, Miscellaneous Crude Animal Products, Inedible;(7) PSC 9440, Miscellaneous Crude Agricultural and Forestry Products;(8) PSC 9610, Ores;(9) PSC 9620, Minerals, Natural and Synthetic; and(10) PSC 9630, Additive Metal Materials."Place of manufacture" means the place where an end product is assembled out of components, or otherwise made or processed from raw materials into the finished product that is to be provided to the Government. If a product is disassembled and reassembled, the place of reassembly is not the place of manufacture."Restricted business operations" means business operations in Sudan that include power production activities, mineral extraction activities, oil-related activities, or the production of military equipment, as those terms are defined in the Sudan Accountability and Divestment Act of 2007 (Pub. L. 110-174). Restricted business operations do not include business operations that the person (as that term is defined in Section 2 of the Sudan Accountability and Divestment Act of 2007) conducting the business can demonstrate-(1) Are conducted under contract directly and exclusively with the regional government of southern Sudan;(2) Are conducted pursuant to specific authorization from the Office of Foreign Assets Control in the Department of the Treasury, or are expressly exempted under Federal law from the requirement to be conducted under such authorization;(3) Consist of providing goods or services to marginalized populations of Sudan;(4) Consist of providing goods or services to an internationally recognized peacekeeping force or humanitarian organization;(5) Consist of providing goods or services that are used only to promote health or education; or(6) Have been voluntarily suspended. "Sensitive technology"-(1) Means hardware, software, telecommunications equipment, or any other technology that is to be used specifically-(i) To restrict the free flow of unbiased information in Iran; or(ii) To disrupt, monitor, or otherwise restrict speech of the people of Iran; and (2) Does not include information or informational materials the export of which the President does not have the authority to regulate or prohibit pursuant to section 203(b)(3) of the International Emergency Economic Powers Act (50 U.S.C. 1702(b)(3))."Service-disabled veteran-owned small business concern"-(1) Means a small business concern-(i) Not less than 51 percent of which is owned by one or more service-disabled veterans or, in the case of any publicly owned business, not less than 51 percent of the stock of which is owned by one or more ser