Government and Military Certification Systems, Inc.

B-411261: Jun 26, 2015

Additional Materials:

Contact:

Ralph O. White
(202) 512-8278
WhiteRO@gao.gov

Kenneth E. Patton
(202) 512-8205
PattonK@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Government and Military Certification Systems, Inc. (GMCS), a small business of Washington, D.C., protests the terms of request for quotations (RFQ) No. N66604-15-Q-0515, issued by the Department of Navy, Naval Sea Systems Command, for third-party audits of the environmental management system at the Naval Undersea Warfare Center Division Newport (NUWCDIVNPT). GMCS contends that the solicitation does not include sufficient information for it to submit a quotation and argues that certain provisions are unduly restrictive of competition.

We deny the protest.

Decision

Matter of: Government and Military Certification Systems, Inc.

File: B-411261

Date: June 26, 2015

Leigh Brand, for the protester.
Emilia Muche Thompson, Esq., Department of the Navy, for the agency.
Young S. Lee, Esq., and Noah B. Bleicher, Esq., Office of the General Counsel, GAO, participated in the preparation of the decision.

DIGEST

1. Protest that agency failed to provide information necessary to permit the protester to submit a competitive quotation is denied where the agency provided sufficient details in the solicitation and three subsequent amendments to allow vendors to compete intelligently and on a relatively equal basis.

2. Protest that certain solicitation requirements are unduly restrictive of competition is denied where the requirements are reasonably related to the agency’s needs in choosing a contractor that will best serve the government’s interests.

3. Protest that past performance relevancy criteria is overly restrictive is denied where the agency reasonably limited relevant past performance to those references that relate directly to the services being acquired under the solicitation.

DECISION

Government and Military Certification Systems, Inc. (GMCS), a small business of Washington, D.C., protests the terms of request for quotations (RFQ) No. N66604‑15-Q-0515, issued by the Department of Navy, Naval Sea Systems Command, for third-party audits of the environmental management system at the Naval Undersea Warfare Center Division Newport (NUWCDIVNPT). GMCS contends that the solicitation does not include sufficient information for it to submit a quotation and argues that certain provisions are unduly restrictive of competition.

We deny the protest.

BACKGROUND

In 1997, NUWCDIVNPT began efforts to implement an environmental management system (EMS) that conformed to International Organization for Standardization (ISO) 14001--an international EMS standard established by the ISO. RFQ at 30. The agency received its first ISO 14001 registration in May 2000, with re‑registrations granted in May 2003, 2006, 2009, and 2012. Id. To accomplish ISO 14001 registration and subsequent re‑registrations, an external third-party auditor or certifying body, audits the organization’s EMS. See id. The agency’s goal is to remain registered to ISO 14001 by an ISO 14001 accredited third-party auditor. Id. The agency’s next re‑registration date is May 2015. Id.

The RFQ was issued on February 24, 2015, under the commercial item acquisition and simplified acquisition procedures of Federal Acquisition Regulation (FAR) part 12 and subpart 13. Id. at 1. The solicitation sought quotations from small business vendors to perform two types of EMS audits--surveillance audits and the 2015 re‑registration audit--for the agency’s conformance with ISO 14001. The RFQ required the vendor to conduct document reviews, site visits, interviews, and audits of the agency to determine conformance to ISO 14001 requirements. Id. at 3.

The solicitation contemplated the award of a purchase order to the vendor that submitted the best value quotation based upon the following three evaluation factors: technical capability/personnel, past performance, and price. Id. at 6-8. Non-price factors, when combined, were significantly more important than price. Id. at 8.

Under the technical approach factor, the solicitation required a vendor to describe the firm’s staffing plan; provide proof of accreditation as an ISO 14001 third-party auditor;[1] and submit an audit approach that addressed how documents, records, and interviewees will be selected. Id. at 6. The solicitation explained that a vendor’s written audit approach should describe how the firm’s approach will increase the quality of the ISO 14001 surveillance and re-registration audits; detail the number of work days required to accomplish the audits; and provide a sample list of the types of documents and records that will be reviewed for both audits. Id. at 7. In addition, of relevance here, the RFQ’s statement of work (SOW) provided minimum levels of effort for both types of audits: an audit duration of no less than 64 hours for the re-registration audit and no less than 32 hours for surveillance audits. Id. at 31‑32.

Under the past performance factor, the solicitation stated that the vendor’s references should reflect relevant experience demonstrating the ability to handle the “scope and breadth” of the statement of work. Id. at 7. The solicitation advised that vendors should include, if available, past performance references to demonstrate familiarity with Department of Defense (DOD) policy as it applies to EMSs at U.S. government facilities. The solicitation additionally specified that familiarity with DOD/government audits was limited to participation in ISO 14001 audits at DOD government facilities. Id. at 7.

On February 25, GMCS sent an email to the contract specialist to ask questions with regard to the terms of the solicitation. GMCS, an accredited auditor, also recommended a number of changes to the solicitation’s terms. AR, Tab 2, GMCS E-mail (Feb. 25, 2015), at 1. After receiving the agency’s answers to its questions, GMCS requested more information with regard to the agency’s audit complexity category, which GMCS alleged it needed in order to respond to the RFQ; challenged the agency’s decision to include minimum audit duration requirements; argued that the RFQ’s references to ISO 19011 had to be removed or modified; and contended that the agency’s past performance evaluation criteria was overly restrictive. Id.; Protest (Apr. 24, 2015), attach. 4, GMCS E‑mail (Mar. 11, 2015 at 1:55 p.m.) at 1; GMCS E-mail (Mar. 14, 2015 at 5:08 p.m.) at 1.

In an attempt to address and resolve GMCS’s concerns, the Navy issued three amendments to the RFQ. See AR, Tab 6, Amendment 0001, at 2; Tab 4, Amendment 0002, at 2-6; Tab 7, Amendment 0003, at 2-3. These amendments informed vendors that the EMS audits to be performed would be limited to the NUWCDIVNPT campus, which has approximately 5,000 employees located on-site; provided vendors with the campus’ normal hours of operations; provided the total dollar value of the previously-awarded EMS audit contract; explained that the RFQ’s minimum audit duration requirements were based on 14 years of prior audit history; and indicated that the business sector that best aligned with the work performed at NUWCDIVNPT was “technical testing and laboratories.” AR, Tab 6, Amendment 0001, at 2; Tab 4, Amendment 0002, at 3; Tab 7, Amendment 0003, at 2. The Navy also released a copy of its most recent ISO 14001 certificate of conformance, which it received under its prior EMS audit contract. See AR, Tab 5, Certificate of Conformance, at 1.

In addition, the Navy explained that it intended to only consider a vendor’s prior experience with ISO 14001 for the past performance evaluation factor, rather than expanding its review to also include a vendor’s prior experience with ISO 9001, as requested by GMCS. AR, Tab 4, Amendment 0002, at 2. In this regard, the agency explained that the two standards focus on different aspects of an organization: “ISO 9001 . . . provide[s] a systematic approach to meeting customer objectives, whereas ISO 14001 is only used to provide an organization a systematic approach to measuring and improving their environmental impact and performance.” Id. With regard to the RFQ’s reference to ISO 19011, the agency explained that the solicitation did not require that a vendor be accredited to the ISO 19011 standard, but rather that a vendor’s accreditation must have been performed in accordance with ISO 19011. Id.

Because GMCS concluded that the agency’s answers and amendments did not resolve its concerns related to the terms of the solicitation, it filed a protest with our Office prior to the closing date for receipt of quotations.

DISCUSSION

GMCS contests certain terms of the Navy’s RFQ and raises four primary challenges. The protester first alleges that the RFQ fails to provide enough information to allow vendors to compete intelligently. Additionally, GMCS argues that the solicitation’s minimum audit duration requirements should be removed and that the RFQ’s references to ISO 19011 should either be deleted or modified. Finally, the protester contends that the solicitation’s past performance evaluation criteria are overly restrictive because the agency plans to only consider prior experience related to ISO 14001. Based upon our review of the record, we find that the RFQ includes sufficient information for vendors to submit intelligently-written quotations, and that the solicitation’s terms are not overly restrictive.

Lack of Information

First, the protester contends that the agency has not provided vendors with sufficient information to prepare quotations. Specifically, GMCS argues that in order for it to determine the level of effort necessary to conduct the audits, and thus submit a quotation, it must know the “[c]omplexity [c]ategory” assigned to the agency by the incumbent auditor. Protest (Mar. 20, 2015) at 2. In this regard, the protester explains that third‑party EMS audits are subject to requirements and standards identified in a document known as International Accreditation Forum (IAF) Mandatory Document (MD) 5.[2] See AR, Tab 9, IAF MD 5, at 5. According to IAF MD 5, an auditor determines EMS audit durations primarily based on two factors: the number of personnel at the organization being audited and the complexity of the work being performed by the organization.[3] Id. at 7. With respect to the complexity of the work being performed, IAF MD 5 identifies five complexity categories--high, medium, low, limited, or “[s]pecial [c]ases”--that auditors assign to organizations based, in part, on the organization’s business sector.[4] Id. at 17-20. GMCS contends that it needs to know the complexity category assigned to NUWCDIVNPT in order to determine the level of effort necessary to perform the contract.

A solicitation must contain sufficient information to allow offerors to compete intelligently and on an equal basis. See Tennier Indus., Inc. , B-299624, July 12, 2007, 2007 CPD ¶ 129 at 2. However, there is no legal requirement that a solicitation contain such detail to completely eliminate all risk or remove all uncertainty from the mind of every prospective offeror. Tennier Indus., Inc., supra; Triple P Servs., Inc., B-271629.3, July 22, 1996, 96-2 CPD ¶ 30 at 5 n.2.

Here, we find no basis to sustain the protester’s argument that the Navy’s failure to provide the agency’s complexity category prevents the firm from submitting a quotation. The Navy maintains that it cannot disclose the complexity category because it does not have that information.  AR, Tab 4, Amendment 0002, at 2-3, Contracting Officer (CO) Statement (Apr. 17, 2015) at 6.  In this regard, the Navy’s predecessor contract did not require that the auditor provide the organization’s complexity category.[5] See AR, Tab 13, Current Contract SOW, at 21‑24.  The agency explains that it cannot compel the incumbent auditor to provide the agency’s complexity category, and any attempt to obtain it will result in additional costs to the agency.  CO Supplement (May 11, 2015) at 2.

The Navy instead provided vendors with information about the type of work performed at NUWCDIVNPT, so potential vendors could make their own assessments about the complexity of these audits. Specifically, in amendment 3, the agency advised vendors that the business sector that “best aligns” with NUWCDIVNPT’s work was “technical testing and laboratories.” AR, Tab 7, Amendment 0003, at 2. Pursuant to IAF MD 5, an organization that engages in technical testing and laboratories is usually assigned a medium complexity rating. See AR, Tab 9, IAF MD 5, at 18. In addition, the agency informed vendors that the audits would be limited to NUWCDIVNPT’s campus (which has approximately 5,000 employees), and provided the campus’ normal hours of operation; the record shows that these elements inform audit durations under IAF MD 5. See Id. at 7-8. The agency also disclosed the dollar value of the prior EMS audit contract; identified the minimum number of hours expected for each type of audit (based on 14 years of prior audit history); and released a copy of the most recent certificate of conformance issued to NUWCDIVNPT. RFQ at 31-32; AR, Tab 6, Amendment 0001, at 2; Tab 4, Amendment 0002, at 2‑6; Tab 7, Amendment 0003, at 2-3; Tab 5, Certificate of Conformance, at 1.

Moreover, although GMCS argues that it received complexity category information under other solicitations for audit services, the protester has not established that the absence of NUWCDIVNPT’s complexity category, in this particular instance, prevents the firm from competing intelligently and on a relatively equal basis.[6] This is especially true in light of the other information provided to vendors by the agency.

In sum, because the Navy does not have the complexity category information being requested by the protester, and because the agency provided vendors with additional information about the organization, we find that the RFQ, including information disclosed in subsequent amendments, contains sufficient information to allow vendors to compete intelligently. Although the protester would have preferred that the agency provide vendors with even more information, GMCS’s complaints fail to provide a basis to sustain the protest.

Restrictive Specifications

Next, GMCS contends that the solicitation contains restrictive terms that limit competition. In this regard, the protester asserts that the agency should remove the solicitation’s minimum audit duration requirements because an audit’s duration should not be dictated by the organization being audited. GMCS also argues that any requirement that vendors “be ‘accredited’ to ISO 19011” should be deleted from the solicitation because no third‑party auditor can meet this standard. Protest (Mar. 20, 2015) at 3. We have considered the protester’s objections and find no basis to sustain the protest.

Where a protester challenges a specification or requirement as unduly restrictive of competition, the procuring agency has the responsibility of establishing that the specification or requirement is reasonably necessary to meet the agency’s needs. See Total Health Res., B-403209, Oct. 4, 2010, 2010 CPD ¶ 226 at 3. We examine the adequacy of the agency’s justification for a restrictive solicitation provision to ensure that it is rational and can withstand logical scrutiny. SMARTnet, Inc., B‑400651.2, Jan. 27, 2009, 2009 CPD ¶ 34 at 7. The determination of a contracting agency’s needs, including the selection of evaluation criteria, is primarily within the agency’s discretion and we will not object to the use of particular evaluation criteria so long as they reasonably relate to the agency’s needs in choosing a contractor that will best serve the government’s interests. SML Innovations, B-402667.2, Oct. 28, 2010, 2010 CPD ¶ 254 at 2.

The Navy justifies the inclusion of minimum audit duration requirements--which were based on its 14 years of prior audit history--as being necessary to protect the agency from vendors that might calculate audit durations that are insufficient or unsuitable for conducting the EMS audits required here. CO Supplement (May 11, 2015) at 4. Indeed, GMCS’s own allegations substantiate the agency’s justification. In this regard, the protester states that based on its own experience, “many [third-party auditors] do not follow the requirements stated in IAF MD 5.” Protest (Apr. 24, 2015) at 3. GMCS further warns that in such circumstances, auditors who fail to follow these requirements “put their accreditation and their client’s certification at risk.” Id. In addition, while IAF MD 5 provides that third-party auditors ultimately determine audit durations, IAF MD 5 does not expressly preclude an organization being audited from deciding on minimum levels of effort, as NUWCDIVNPT did here.

On these facts, we find reasonable the agency’s justification of including minimum audit duration requirements as a tool to protect the agency’s re‑registration status. Moreover, the protester has failed to establish that such minimum requirements are improper or otherwise objectionable. Thus, the agency has established that the RFQ requirements at issue reasonably relate to the Navy’s needs in choosing a contractor that will best serve its interests. See SML Innovations, supra.

Next, with regard to the protester’s position that the RFQ’s references to ISO 19011 must be removed, the agency explains that the RFQ does not actually require that the auditor “be accredited to the ISO 19011 standard”; rather the RFQ merely requires that an auditor’s accreditation have been conducted in accordance with ISO 19011 guidelines.[7] CO Statement at 8. In this respect, the RFQ plainly states that “[a]ccreditation must be in accordance with . . . ISO 19011:2011.” RFQ at 6. In amendment 2, the Navy further clarified that it was not requiring the vendor “to be accredited to the ISO 19011 standard,” and the agency reiterated in amendment 3 that vendors would not have “to perform the audits in accordance with ISO 19011:2011.” AR, Tab 4, Amendment 0002, at 2; Tab 7, Amendment 0003, at 2

Notwithstanding the protester’s objections, the plain language of the RFQ and the explanations provided in two subsequent amendments makes clear that the agency is not requiring that vendors be accredited to ISO 19011. Moreover, the record confirms that the agency is not requiring the third-party auditor to perform an ISO 19011 audit of NUWCDIVNPT. Accordingly, we find no merit to the protester’s complaint.

Based upon our review of the record, we find that the solicitation terms are not improperly restrictive, and are reasonably necessary to meet the agency’s needs.

Past Performance Evaluation Criteria

Finally, the protester contends that the agency improperly is restricting competition by limiting its consideration of past performance to the vendor’s prior experience with ISO 14001. GMCS argues that the agency should expand its past performance evaluation to also include experience with ISO 9001 audits because, according to the protester, the underlying requirements of ISO 9001 are similar to ISO 14001. GMCS asserts that the agency should also consider the firm’s ISO 9001 past performance projects to obtain a complete picture of the firm’s ability to meet the RFQ requirements.

An agency is required to consider, determine and document the similarity and relevance of an offeror’s past performance information as part of its past performance evaluation. The Emergence Group, B-404844.5, B-404844.6, Sept. 26, 2011, 2012 CPD ¶ 132 at 6; see FAR § 15.305(a)(2). As a general matter, since an agency is responsible for defining its needs and the best method for accommodating them, the evaluation of an offeror’s past performance, including the agency’s determination of the relevance and scope of an offeror’s performance history to be considered, is a matter within the discretion of the contracting agency. MFM Lamey Group, LLC, B-402377, Mar. 25, 2010, 2010 CPD ¶ 81 at 10.

Here, we find that it was reasonable and within the agency’s discretion to restrict relevant past performance to efforts involving only ISO 14001 audits. As discussed above, the agency is acquiring EMS audit services to determine NUWCDIVNPT’s conformance to ISO 14001 specifically. RFQ at 1. The Navy asserts that it limited its evaluation of a vendor’s past performance to experience with ISO 14001 audits because ISO 14001 encompasses several areas that ISO 9001 does not cover. AR, Tab 4, Amendment 0002, at 2; CO Statement at 12. For example, the Navy explains that ISO 14001 covers “crucial elements of NUWCDIVNPT’s operations such as: environmental policy; compliance with federal, state, and local environmental laws and regulations; emergency preparedness and response; and external communication procedures,” and ISO 9001 does not cover these activities. AR, Tab 4, Amendment 0002, at 2.

The agency concedes that there are similarities between ISO 9001 and ISO 14001, but explains that because ISO 9001 does not cover all of the same elements as ISO 14001, it determined that a vendor’s experience with ISO 9001 would not be relevant to this solicitation. CO Statement at 12-13. Although GMCS repeatedly argues that the two standards have similarities that require the agency to evaluate prior experience and contracts related to ISO 9001, the protester does not contest the documented differences between the two standards, nor does it challenge the agency’s decision to account for such differences. As such, GMCS has not established that the agency’s decision to limit its past performance evaluation solely to a vendor’s prior experience with ISO 14001 was unreasonable.

The protest is denied.

Susan A. Poling
General Counsel



[1] The solicitation required that the auditor’s accreditation be “in accordance with” both ISO/IEC 17201:2011--conformity assessment (requirements for bodies providing audit and certification of management systems)--and ISO 19011:2011--guidelines for quality and/or EMS auditing. RFQ at 6.

[2] The agency does not dispute the applicability of IAF MD 5 to the audit services being procured under the RFQ. IAF MD 5 refers to the entity performing the conformance assessment of a client, i.e., the audit, as “[c]onformity [a]ssessment [b]odies.” AR, Tab 9, IAF MD 5, at 2. The protester and the agency also refer to the conformity assessment body as the certification body or the third-party auditor. This decision refers to the entity performing the conformance assessment as a third‑party auditor.

[3] IAF MD 5 does not mandate specific audit timeframes. Instead, it provides a “framework that shall be utilized within a [third-party auditor’s] documented procedures to determine appropriate audit duration, taking into account the specifics of the client to be audited.” AR, Tab 9, IAF MD 5, at 5. In addition, IAF MD 5 provides that audit durations be “adjusted based on any significant factors that uniquely apply to the organization to be audited.” Id. at 8.

[4] For example, an organization engaged in the hazardous waste processing business sector would normally be assigned a high complexity category rating, while an organization engaged in the hotel or restaurant business sector would normally be assigned a low complexity category rating. See AR, Tab 9, IAF MD 5, at 17‑18.

[5] While GMCS argues that it is “typical” within the industry for third-party auditors to list an organization’s complexity category on the organization’s certificate of conformance, Protest (Apr. 24, 2015) at 1, the record shows that the certificate of conformance here does not identify the complexity category. See AR, Tab 5, Certificate of Conformance, at 1.

[6] In its protest, GMCS provided a letter from a quality assurance manager from the International Accreditation Service (IAS), an accrediting body. Protest (May 14, 2015), attach. 12, IAS Letter, at 1. The IAS quality assurance manager’s letter states that it is “reasonable to expect” an organization seeking audit services to provide all parties with “any known and/or previously established [c]omplexity [c]ategory.” Id. While this may be true, it does not establish that knowledge of an organization’s complexity category is essential for an auditor to determine an audit’s duration or to submit a quotation here.

[7] ISO 19011 contains a section devoted to the competence and evaluation of auditors. Protest (Apr. 24, 2015), attach. 8, ISO 19011, at 27-38. That guidance provides a process for evaluating auditors and audit team leaders. Id. at 34.

Oct 23, 2017

Oct 19, 2017

Oct 18, 2017

Looking for more? Browse all our products here