Statement of Work (SOW)
Title: Safety Data Sheets on-line
I. Background
The Phoenix Indian Medical Center (PIMC) is 125 bed facility located in Phoenix, AZ. This hospital provides direct patient care with an ICU, ED, Medical Surge unit, and outpatient services. This facility serve the Tribes in the greater Phoenix metropolitan and as the referring facility for all the Tribes in Arizona.
OSHA requires employees to have access to MSDS/SDS. An automated system would allow access from any available computer. It would also allow increased access from laptops and smart phones.
Purpose / General Description
A. Improve safety of staff and patients by ensuring increased access to the most current information on the hazards of the chemicals on hand at the Phoenix Service Unit (PSU). This information will be provided via a web based Material Safety Data Sheets (MSDS)/Safety Data Sheets (SDS) program that provides a multitude of services including managing MSDS/SDS and creating a custom labels that comply with Federal OSHA safety requirements for secondary containers.
B. Ensure regulatory compliance. Improve compliance with the OSHA Hazard
Communication Standard by managing SDS and Labeling of hazardous chemicals.
Environmental Rounds has identified these items to be deficient numerous times. Regulatory
requirements are being updated regarding the Hazard Communication Standard. The new
system is known as the Globally Harmonized System (GHS), will go into effect in 2015 and
2016. GHS requires all MSDS be replaced with SDS and a new labeling system be implemented
for secondary containers with hazardous chemicals. Several years ago, PSU listed all chemicals
in used by departments. This included NIH on the 5th floor. The list took about 6 months to
compile. Many of the chemicals listed were duplicates used in different departments. The
listing also included items like test strips, each color spray paint of the same manufacturer,
correction fluid, and pharmaceuticals that OSHA exempts (drugs that are in pill or final form).
The total number of items on this list exceeded 3000. Environmental Health and Safety along
with several other departments believes this inventory will be less than 1000 hazardous
chemicals when these other chemicals are removed. To comply with OSHA and manage this
new GHS system will be a daunting task for each department and will require hundreds of man hours.
Patient care and staffing related duties restricts Department Managers from devoting time
to update and manage their SDS for their departments. Updating and managing SDS requires
using multiple search engines or requesting updates from the individual manufacturers;
collecting them for binders in each department; indexing them; distributing them, backing them
up with scans or secondary binders; and ensuring employees have been trained. From a risk
management perspective, it is better that supervisors/managers with limited time available, focus
on working with staff using the most dangerous chemicals to ensure they are using them safely
than to spend time requesting and searching for updated SDS; updating binders; and archiving
old MSDS no longer used (OSHA requires maintaining these for 30 years). Additionally,
labeling of secondary containers will change with GHS implementation. Improper labeling of
products including labeling with a permanent marker, and lack of hazard warnings has been cited
during our environmental rounds. The new secondary labeling requirements will require name
product, signal word (Danger or Warning), pictograms, and precautionary statements. Being able
to conform to these requirements will require extensive time and may not be done adequately.
Therefore, having a system to simply create a custom label for secondary containers to print to
commonly used labeling systems like Avery would be cost and time effective while increasing.
II.Period of Performance / Place of Performance
The period of performance shall be a base period of 12 months plus four 12-month option periods as follows:
The primary place of performance is Phoenix, AZ.
The place of performance is at the Government’s site. No contractor personnel has the authority to work off-site under this contract, unless approved in advance by the Contracting Officer. In the event of Government closure or non-access to the Government site, due to weather, catastrophe, emergencies, lapse in appropriations, or force majeure, a determination will be made for continuation of performance at an alternate work location.
If there is a Government closure or non-access to the Government site for the reasons stated above, the Contractor shall submit written requests to the Contracting Officer Representative (COR) and the Contracting Officer of its intent to work at an alternative work location. The Contractor shall ensure continuity of performance by personnel performing work under this contract. Indian Health Service (IHS) staff do not supervise contractor employees and do not approve or monitor contractor employees. Only a IHS Contracting Officer has authority to approve off-site work arrangements on behalf of IHS.
Contractor personnel shall only use Government-Furnished Equipment (GFE) that has been properly configured for security by IHS Office of Information Technology (OIT) while performing on this contract. The Government shall provide maintenance and technical support for GFE used while performing off-site. All Contractor personnel’s use of GFE and government information shall be for contractual performance only, and shall be protected from unauthorized access, disclosure, sharing, transmission, or loss.
For purposes of accelerated implementation of off-site performance under this contract, the Contracting Officer may immediately elect to authorize off-site work upon concurrence from the
COR. The Contracting Officer will execute a formal contract modification within 30 calendar days from issuance of this authorization. If the Contracting Officer and COR determine that off-site work has adversely affected contract performance, the Contracting Officer may immediately suspend/terminate this authorization upon written notification to the Contractor.
Core Days and Hours of Operation
Monday through Friday between 6:00 AM and 6:00 PM.
For days worked that exceed 6 hours, a 30-minute uncompensated lunch break shall be included. Overtime will not be authorized.
Since this service is web-based, access to the platform must 24 hours a day 365 days a year regardless of holidays and weekends.
When the contractor provides services No services or deliverables shall be provided on Saturdays, Sundays, Federal Government Holidays, or any other day as set forth by Presidential Executive Order, or any other Federal Government closures.
The following Federal Government holidays are established by law (5 U.S.C. 6103)
• New Year’s Day (January 1)
•Birthday of Martin Luther King, Jr. (Third Monday in January)
•Inauguration Day(January 20) *(every 4 years)
•Washington's Birthday(Third Monday in February)
•Memorial Day(Last Monday in May)
•Juneteenth National Independence Day (June 19)
•Independence Day(July 4)
•Labor Day(First Monday in September)
•Columbus Day(Second Monday in October)
•Veterans Day(November 11)
•Thanksgiving Day(Fourth Thursday in November)
•Christmas Day(December 25)
III.Tasks
Task 1: Federal Records Management.
The contractor shall manage and maintain Federal records, including electronic records, ensuing from this contract in accordance with all applicable records management laws and regulations, including but not limited to the Federal Records Act (44 U.S.C. Chapters. 21, 29, 31, 33); 36 CFR § 1236.20. What are appropriate recordkeeping systems for electronic records? & 1236.22 What are the additional requirements for managing electronic mail records? (http://www.ecfr.gov/cgi-bin/text- idx?rgn=div5&node=36:3.0.10.2.25); NARA Bulletin 2013-02, August 29, 2013, Guidance on a New Approach to Managing Email Records (https://www.archives.gov/records-mgmt/bulletins/2013/2013-
02.html); and NARA Bulletin 2010-05 September 08, 2010 (
http://www.archives.gov/records- mgmt/bulletins/2010/2010-05.html), Guidance on Managing Records in Cloud ComputingEnvironments..
Managing the records includes, maintaining records to retain functionality and integrity throughout the records' full lifecycle including: (1) maintenance of links between records and metadata, and (2) categorization of records to manage retention and disposal, either through transfer of permanent records to NARA or deletion of temporary records in accordance with NARA-approved retention schedules.
Task 2: Records Management Training
Records Management Training: The contractor (and/or subcontractor) shall ensure that all employees having access to (1) Federal information or a Federal information system, or (2) personally identifiable information (PII), complete the HHS Records Management Training before performing work under this contract, and thereafter completing the annual refresher course during the life of the contract. The training is located at https://humancapital.learning.hhs.gov/courses/recordsmanagement/index.html. At the end of the Records Management training, the “Congratulations" slide is considered your certificate of completion. Please send the completion certificates to the Contracting Officer Representative (COR) of the contract. The listing of completed training shall be included in the first progress report. Any revisions to this listing as a result of staffing changes shall be submitted with next required progress report.
Task 3: Software
The contractor shall:
A.Scope of project includes developing a web based MSDS/SDS Management Subscription Program for3 years covering the PSU that includes Phoenix Indian Medical Center campus and the Aztec Building. System must not involve software installation or maintenance related to software.
B.The contractor will build a web based electronic MSDS/SDS library (eBinder) and index for 2000hazardous chemicals used at the PSU the first year. PSU will provide an inventory list by Departmentto the vendor in an Excel spreadsheet format. The inventory list provided shall have the manufacturerand product name for each product. Where different concentrations of the same product exist,additional information such as product code, concentration, grade, CAS#, and material form may berequested from and provided to the contractor for assistance in finding the MSDS/SDS.
C.PSU will provide the facility groups (e.g., departments) their own spreadsheet to complete theirdepartment’s inventory. Each department will be allowed no less than seven folders to identify specialchemicals and categories (e.g., hazardous waste; chemicals labeled “DANGER” under GHS, NIOSHhazardous drugs; categories of chemicals such as corrosive, oxidizers or flammable, etc). PSU willprovide at least four points of contact as primary account administrators (Environmental Health andSafety, departments with large numbers of MSDS/SDS in their inventory).
D.PSU will provide a government letterhead authorizing the contractor to request MSDS/SDS on PSU’sbehalf. The OSHA Hazard Communication Standard allows companies using their hazardouschemicals to request MSDS/SDS and the company must comply with this request. This letterheadallows the vendor to request on our (PSU) behalf to develop a current database.
E.The contract will allow for unlimited MSDS/SDS online data base searches and views by users. Endusers can request that a MSDS/SDS be added by direct contact to the primary account administratorsat the PSU. Primary account administrators can make additions to the eBinder
F.Employees will have access to the MSDS/SDS data base from their work sites 24/7. PSU isresponsible for allowing web based access to use this system.
G.A back-up system to be provided if web-based system is down to retrieve MSDS/SDS. Back-upsystem can be in the form of CD, computer hard drive or shared drive. The Primary AccountAdministrator is responsible for downloading these data bases to these devices periodically.
H.Contractor will provide technical and customer support at no extra charge. Live Web based trainingwill be provided to the Primary Cccount Administrators; training materials such as PowerPoint andhandouts will be made available to the chemical uses at PSU.
I.The contractor will index fields from the MSDS/SDS for NFPA, HMIS and GHS ratings/pictograms.
J.Contractor will provide desktop icon to PIMC ITT Department for installation on desktops of chemicalusers. This icon will allow direct access to the MSDS/SDS data base. MSDS/SDS can be accessedfrom a smart phone via a web link that provides direct access to the account. No log in is required forend user, only for primary account administrators.
K.System must meet OSHA requirements for Hazard Communication Standard throughout the period ofthe contract and if OSHA amends portions of this standard
Task 4: Software access.
The contractor shall:
A.Web-based program accessible to employees using IHS web services for MSDS/SDS and labels forhazardous products used at PSU in the performance of their duties as required by OSHA under theHazard Communication Standard.
B.System that allows for Primary Account Administrators to download back-up MSDS/SDS foremployee use.
C.A system that provides excellent technical and customer support and training of primary account usersand training materials for department managers and staff using this system.
D.A system shown to have been successful at IHS facilities and major healthcare corporations.
A.Transmittal/Delivery/Accessibility Web based MSDS/SDS Management System accessible at desktopfor users. Allows for folders and subfolders by department, hazards, specialty areas (RCRA wastes,hazardous drugs, etc.)
B.System that provides current MSDS/SDS to users as required by OSHA.
C.System to produce labels complying with the OSHA Hazard Communication System
D.Technical support; training to Primary Account Administrators; training materials for users
E.System that will accept accurate inventory lists with name of product, manufacturer, and otherinformation to contractor to ensure proper MSDS/SDS is obtained.
F.System that allows Primary Account Administrators to download files of MSDS/SDS simply only CD,thumb drives, hard drives and shared drives
User friendly system that can be accessed from any desktop computer using simple icon
Task 5: On-site SDS input.
A.Contractor will come on-site to upload the various chemicals used at PIMC
B.Contractor shall submit all the Safety Data Sheets on to the web-based system.
C.This shall be performed on-site at Phoenix Indian Medical Center.
D.Contractor shall complete the entering the safety data sheets within 60 days after the contract isawarded.
Task 6: Baseline Security
Security Requirements
1)Applicability. The requirements herein apply whether the entire contract or order (hereafter“contract”), or portion thereof, includes either or both of the following:
a.Access (Physical or Logical) to Government Information: A Contractor (and/or anysubcontractor) employee will have or will be given the ability to have, routine physical(entry) or logical (electronic) access to government information.
b.Operate a Federal System Containing Information: A Contractor (and/or any subcontractor)will operate a federal system and information technology containing data that supports theHHS mission. In addition to the Federal Acquisition Regulation (FAR) Subpart 2.1definition of “information technology” (IT), the term as used in this section includescomputers, ancillary equipment (including imaging peripherals, input, output, and storagedevices necessary for security and surveillance), peripheral equipment designed to becontrolled by the central processing unit of a computer, software, firmware and similarprocedures, services (including support services), and related resources.
2)Safeguarding Information and Information Systems. In accordance with the FederalInformation Processing Standards Publication (FIPS)199, Standards for Security Categorizationof Federal Information and Information Systems, the Contractor (and/or any subcontractor) shall:
a.Protect government information and information systems in order to ensure:
•Confidentiality, which means preserving authorized restrictions on access anddisclosure, based on the security terms found in this contract, including means forprotecting personal privacy and proprietary information;
•Integrity, which means guarding against improper information modification ordestruction, and ensuring information non-repudiation and authenticity; and
•Availability, which means ensuring timely and reliable access to and use of information.
b.Provide security for any Contractor systems, and information contained therein, connected toan HHS network or operated by the Contractor on behalf of HHS regardless of location. Inaddition, if new or unanticipated threats or hazards are discovered by either the agency orcontractor, or if existing safeguards have ceased to function, the discoverer shallimmediately, within one (1) hour or less, bring the situation to the attention of the otherparty.
c.Adopt and implement the policies, procedures, controls, and standards required by the HHSInformation Security Program to ensure the confidentiality, integrity, and availability ofgovernment information and government information systems for which the Contractor isresponsible under this contract or to which the Contractor may otherwise have access underthis contract. Obtain the HHS Information Security Program security requirements, outlinedin the HHS Information Security and Privacy Policy (IS2P), by contacting the CO/COR oremailing fisma@hhs.gov.
d.Comply with the Privacy Act requirements and tailor FAR clauses as needed.
3)Protection of Sensitive Information. For security purposes, information is or may be sensitivebecause it requires security to protect its confidentiality, integrity, and/or availability. TheContractor (and/or any subcontractor) shall protect all government information that is or may besensitive in accordance with OMB Memorandum M-06-16, Protection of Sensitive AgencyInformation by securing it with a FIPS 140-2 validated solution.
4)Confidentiality and Nondisclosure of Information. Any information provided to thecontractor (and/or any subcontractor) by HHS or collected by the contractor on behalf of HHSshall be used only for the purpose of carrying out the provisions of this contract and shall not bedisclosed or made known in any manner to any persons except as may be necessary in theperformance of the contract. The Contractor assumes responsibility for protection of theconfidentiality of Government records and shall ensure that all work performed by its employeesand subcontractors shall be under the supervision of the Contractor. Each Contractor officer oremployee or any of its subcontractors to whom any HHS records may be made available ordisclosed shall be notified in writing by the Contractor that information disclosed to such officeror employee can be used only for that purpose and to the extent authorized herein.
The confidentiality, integrity, and availability of such information shall be protected inaccordance with HHS and IHS policies. Unauthorized disclosure of information will besubject to the HHS/IHS sanction policies and/or governed by the following laws andregulations:
a.18 U.S.C. 641 (Criminal Code: Public Money, Property or Records);
b.18 U.S.C. 1905 (Criminal Code: Disclosure of Confidential Information); and
c.44 U.S.C. Chapter 35, Subchapter I (Paperwork Reduction Act).
See the HHS Standard for the Definition of Sensitive Information, for additional information in defining and protecting sensitive information.
5)Contractor Non-Disclosure Agreement (NDA). Each Contractor (and/or any subcontractor)employee having access to non-public government information under this contract shallcomplete the IHS non-disclosure agreement. A copy of each signed and witnessed NDA shall besubmitted to the Contracting Officer (CO) and/or CO Representative (COR) prior to performingany work under this acquisition.
•Training
1)Mandatory Training for All Contractor Staff. All Contractor (and/or any subcontractor)employees assigned to work on this contract shall complete the applicable HHS/IHS ContractorInformation Security Awareness, Privacy, and Records Management training (provided uponcontract award) before performing any work under this contract. Thereafter, the employees shallcomplete HHS/IHS Information Security Awareness, Privacy, and Records Managementtraining at least annually, during the life of this contract. All provided training shall becompliant with HHS training policies.
2)Role-based Training. All Contractor (and/or any subcontractor) employees with significantsecurity responsibilities (as determined by the program manager) must complete role-basedtraining annually commensurate with their role and responsibilities in accordance with HHSpolicy and the HHS Role-Based Training (RBT) of Personnel with Significant SecurityResponsibilities Memorandum.
3)Training Records. The Contractor (and/or any subcontractor) shall maintain training recordsfor all its employees working under this contract in accordance with HHS policy. The trainingrecords shall be provided to the CO and/or COR within 30 days after contract award andannually thereafter or upon request.
•Rules of Behavior
1)The Contractor (and/or any subcontractor) shall ensure that all employees performing on thecontract comply with the HHS Information Technology General Rules of Behavior, the IHSInformation Technology Rules of Behavior (included in the IHS Information Security andPrivacy Awareness Training), and any applicable system-level rules of behavior.
2)All Contractor employees performing on the contract must read and adhere to the Rules ofBehavior before accessing Department data or other information, systems, and/or networks thatstore/process government information, initially at the beginning of the contract and at leastannually thereafter, which may be done as part of annual IHS Information Security AwarenessTraining. If the training is provided by the contractor, the signed ROB must be provided as aseparate deliverable.
•Incident Response
FISMA defines an incident as “an occurrence that (1) actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or (2) constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies. The HHS Policy for IT Security and Privacy Incident Reporting and Response further defines incidents as events involving cybersecurity and privacy threats, such as viruses, malicious user activity, loss of, unauthorized disclosure or destruction of data, and so on.
A privacy breach is a type of incident and is defined by Federal Information Security Modernization Act (FISMA) as the loss of control, compromise, unauthorized disclosure, unauthorized acquisition, or any similar occurrence where (1) a person other than an authorized user accesses or potentially accesses personally identifiable information or (2) an authorized user accesses or potentially accesses personally identifiable information for an other than authorized purpose. The HHS Policy for IT Security and Privacy Incident Reporting and Response further defines a breach as “a suspected or confirmed incident involving PII”.
In the event of a suspected or confirmed incident or breach, the Contractor (and/or any subcontractor), the Contractor (and/or any subcontractor) shall:
1)Protect all sensitive information, including any PII created, stored, or transmitted in theperformance of this contract so as to avoid a secondary sensitive information incident with FIPS
140-2 validated encryption.
2)NOT notify affected individuals unless so instructed by the Contracting Officer or designatedrepresentative. If so instructed by the Contracting Officer or representative, the Contractor shallsend notifications to affected individuals as expeditiously as practicable, without unreasonabledelay, and in accordance with applicable law.
3)Report all suspected and confirmed information security and privacy incidents and breaches tothe IHS Security Operations Center (SOC), COR, CO, IHS SOP (or his or her designee), andother stakeholders, including incidents involving PII, in any medium or form, including paper,oral, or electronic, as soon as possible and without unreasonable delay, no later than one
(1)hour, and consistent with the applicable IHS and HHS policy and procedures, NISTstandards and guidelines, as well as US-CERT notification guidelines. The types of informationrequired in an incident report must include at a minimum: company and point of contactinformation, contract information, impact classifications/threat vector, and the type ofinformation compromised. In addition, the Contractor shall:
a.cooperate and exchange any information, as determined by the Agency, necessary toeffectively manage or mitigate a suspected or confirmed breach;
b.not include any sensitive information in the subject or body of any reporting e-mail; and
c.encrypt sensitive information in attachments to email, media, etc.
4)Comply with OMB M-17-12, Preparing for and Responding to a Breach of PersonallyIdentifiable Information, HHS, and IHS incident response policies when handling PIIbreaches.
5)Provide full access and cooperate on all activities as determined by the Government to ensure aneffective incident response, including providing all requested images, log files, and eventinformation to facilitate rapid resolution of sensitive information incidents. This may involvedisconnecting the system processing, storing, or transmitting the sensitive information from theInternet or other networks or applying additional security controls.
•Position Sensitivity Designations
All Contractor (and/or any subcontractor) employees must obtain a background investigation commensurate with their position sensitivity designation that complies with Parts 1400 and 731 of Title 5, Code of Federal Regulations (CFR). The following position sensitivity designation levels apply to this solicitation/contract:
•Homeland Security Presidential Directive (HSPD)-12
The Contractor (and/or any subcontractor) and its employees shall comply with Homeland Security Presidential Directive (HSPD)-12, Policy for a Common Identification Standard for Federal Employees and Contractors; OMB M-05-24; FIPS 201, Personal Identity Verification (PIV) of Federal Employees and Contractors; HHS HSPD-12 policy; and Executive Order 13467, Part 1 §1.2.
Roster. The Contractor (and/or any subcontractor) shall submit a roster by name, position, e-mail address, phone number and responsibility, of all staff working under this acquisition where the Contractor will develop, have the ability to access, or host and/or maintain a government information system(s). The roster shall be submitted to the COR, with a copy to the Contracting Officer, within 14 days of the effective date of this contract. Any revisions to the roster as a result of staffing changes shall be submitted within 14 days of the change. The COR will notify the Contractor of the appropriate level of investigation required for each staff member.
If the employee is filling a new position, the Contractor shall provide a position description and the Government will determine the appropriate suitability level.
•Contract Initiation and Expiration
1)General Security Requirements. The Contractor (and/or any subcontractor) shall comply withinformation security and privacy requirements, Enterprise Performance Life Cycle (EPLC)processes, HHS Enterprise Architecture requirements to ensure information is appropriatelyprotected from initiation to expiration of the contract. All information systems development orenhancement tasks supported by the contractor shall follow the IHS EPLC framework andmethodology (https://sharepoint.IHS.gov/oo/oit/dcppm/pmo/Shared Documents/z_Old PMOArchives/Documents.aspx) and in accordance with the HHS Contract Closeout Guide (2012).
2)System Documentation. Contractors (and/or any subcontractors) must follow and adhere toNIST SP 800-64, Security Considerations in the System Development Life Cycle, at a minimum,
The requiring activity representative, in conjunction with Personnel Security, shall use the OPM Position Sensitivity Designation automated tool (https://www.opm.gov/investigations/) to determine the sensitivity designation for background investigations. After making those determinations, include all applicable position sensitivity designations.
For additional information, see HSPD-12 policy at: https://www.dhs.gov/homeland-security- presidential-directive-12)
HHS EA requirements may be located here: https://www.hhs.gov/ocio/ea/documents/proplans.html
for system development and provide system documentation at designated intervals (specifically, at the expiration of the contract) within the EPLC that require artifact review and approval.
3)Sanitization of Government Files and Information. As part of contract closeout and atexpiration of the contract, the Contractor (and/or any subcontractor) shall provide all requireddocumentation to the CO and/or COR to certify that, at the government’s direction, all electronicand paper records are appropriately disposed of and all devices and media are sanitized inaccordance with NIST SP 800-88, Guidelines for Media Sanitization.
4)Notification. The Contractor (and/or any subcontractor) shall notify the CO and/or COR andsystem ISSO within 10 days before an employee stops working under this contract.
5)Contractor Responsibilities Upon Physical Completion of the Contract. The contractor(and/or any subcontractors) shall return all government information and IT resources (i.e.,government information in non-government-owned systems, media, and backup systems)acquired during the term of this contract to the CO and/or COR. Additionally, the Contractorshall provide a certification that all government information has been properly sanitized andpurged from Contractor-owned systems, including backup systems and media used duringcontract performance, in accordance with HHS and/or IHS policies.
6)The Contractor (and/or any subcontractor) shall perform and document the actions identified inthe IHS Contractor Employee Separation Checklist when an employee terminates work underthis contract within 10 days of the employee’s exit from the contract. All documentation shall bemade available to the CO and/or COR upon request.
IV.Schedule of Deliverables
Regardless of format, all digital content or communications materials produced as a deliverable under this contract, must conform to applicable Section 508 standards to allow federal employees and members of the public with disabilities to access information that is comparable to information provided to persons without disabilities. Remediation of any materials that do not comply with the applicable requirements as set forth below, shall be the responsibility of the vendor.
HHS guidance regarding accessibility of documents can be found at http://www.hhs.gov/web/section- 508/making-files-accessible/index.html.
The contractor shall submit the following deliverables as identified in the tasks listed in the SOW and in the quantities stipulated and during the periods listed below.
Item
Description
Quantity
Due Date
Submit To
1
Provide documentation on maintaining Federal Records to include Records Management Schedule and
Disposition Plan
1
Due Date 30 Days after Award
Email in Word Format
to: clinton.pope@ihs.gov
2
Provide Records Management training completion certificates
1 for each staff
within 7 days after contract award and upon new staff
onboarding.
Submit copy of completed training certificate to: clinton.pope@ihs.gov
3
Software
1
At the beginning of the contract
Report shall be provided to:
clinton.pope@ihs.gov
4
Software access
1
At the beginning of the contract
Report of completed access shall be provided to: clinton.pope@ihs.gov
5
On-site inputting of SDS
1
30 days after contract award
Report of completed access shall be provided to: clinton.pope@ihs.gov
5
Contractor Employee Non-Disclosure Agreement NDA. (Section IV, Task 6).
1 for each employee.
Prior to contractor performance.
Report shall be submitted as a pdf document.
Sent via email to: clinton.pope@ihs.gov
6
Incident Report (Section IV, Task 6).
As incidents or breaches occur.
As soon as possible and without reasonable delay but no later than 1 hour of discovery.
Report shall be submitted as a word document.
Sent via email to: clinton.pope@ihs.gov
V.Payment Schedule
This is a firm fixed contract where payment would be delivered after completion of services. For the on-site deliverable of entering the SDS the government will use GSA rates for traveling to PIMC.
