B-410665,B-410665.3: Jan 21, 2015
- Full Report:
Sevatec, Inc., of Fairfax, Virginia, protests the Department of Defense, Defense Health Agency's (DHA) award of a task order to SeKon Enterprises, Inc., of Herndon, Virginia, under request for task order proposals (RFP) No. C-30687-A/HT0011-14-R-0025, for engineering support services for the program executive office. Sevatec challenges the evaluation of its proposal.
We deny the protest.
DOCUMENT FOR PUBLIC RELEASE
The decision issued on the date below was subject to a GAO Protective Order. This redacted version has been approved for public release.
Matter of: Sevatec, Inc.
File: B-410665; B-410665.3
Date: January 21, 2015
1. Protest that agency unreasonably evaluated protester’s technical proposal is denied where protester does not demonstrate that the evaluation was unreasonable or failed to adhere to the solicitation requirements.
2. Protest that agency held discussions with awardee, but not protester, is denied where agency obtained information related to awardee’s personnel through clarifications, not discussions.
Sevatec, Inc., of Fairfax, Virginia, protests the Department of Defense, Defense Health Agency’s (DHA) award of a task order to SeKon Enterprises, Inc., of Herndon, Virginia, under request for task order proposals (RFP) No. C-30687-A/HT0011-14-R-0025, for engineering support services for the program executive office. Sevatec challenges the evaluation of its proposal.
We deny the protest.
The solicitation sought support services for the program executive offices of the defense healthcare management systems, including the following associated program management offices: Defense Healthcare Management Systems Modernization (DHMSM), Defense Medical Information Exchange (DMIX), and the Department of Defense/Veterans Affairs (DOD/VA) interagency program office.
DHA issued the RFP to holders of the National Institutes of Health Information Technology Acquisition and Assessment Center’s indefinite-delivery/indefinite- quantity government-wide acquisition contract for small businesses, CIO-SP3 SB. The solicitation, which is set aside for 8(a) firms, provided that a task order would be issued on a best-value basis based on an evaluation of the following factors: technical approach (with elements that were not separately rated for understanding the requirement, feasibility of approach, and completeness of approach); management approach (with subfactors for quality control/methodology, and key personnel and staffing); past performance; and cost. RFP at 7-9. The non-cost factors were to be assigned an adjectival rating. Cost was to be evaluated for realism and completeness. Id. at 9.
Four offerors responded to the RFP. Following proposal evaluation Sevatec was rated unacceptable for technical approach, good for management approach, and acceptable for past performance. Sevatec’s evaluated cost was $71,807,247. Award Decision Memo at 16. SeKon, with an evaluated cost of $75,603,463, was rated outstanding for technical approach, good for management approach, and acceptable for past performance. Id. at 13. SeKon, which submitted the only proposal that was evaluated as acceptable under the technical approach factor, and thus was the only offeror considered eligible for award, was selected for award. Id. at 20. This protest followed.
Sevatec challenges the agency’s conclusion that its proposal was unacceptable under the technical approach factor. In this regard, proposals were to be evaluated under the technical approach factor to determine the extent to which they demonstrated a clear understanding of all features involved in meeting or exceeding the requirements of the performance work statement (PWS); provided a workable approach with the relevant expertise to meet or exceed the requirement; and proposed methods that adequately and completely considered, defined and satisfied the solicitation’s requirements. RFP at 7. The PWS detailed the following seven tasks for which offerors would be responsible: data governance/data management support; configuration management support; cybersecurity support; synthetic test data support; systems engineering support services; process and software tool support; and enterprise and solutions architecture. Agency Report (AR), Tab 3, PWS, at 17-30. The agency evaluators assessed Sevatec’s proposal as deficient in several of the PWS task areas. These were data governance/data management support; configuration management support; cybersecurity support; process and software tool support; and enterprise and solutions architecture tasks. Sevatec challenges each of the deficiencies it was assigned.
It is an offeror’s responsibility to submit a proposal that responds to, and demonstrates a clear understanding of, the solicitation requirements; where an offeror fails to do so, the offeror runs the risk that the agency will evaluate its proposal unfavorably. United Contracting, LLC, B-408279, June 25, 2013, 2013 CPD ¶ 150 at 3; International Med. Corps, B-403688, Dec. 6, 2010, 2010 CPD ¶ 292 at 7. In reviewing protests of alleged improper evaluations, our Office examines the record to determine whether the agency’s judgment was reasonable and in accord with the stated evaluation criteria and applicable procurement laws. CACI Techs., Inc., B-296946, Oct. 27, 2005, 2005 CPD ¶ 198 at 5. A protester’s disagreement with an agency’s evaluative judgments is insufficient to establish that the agency acted unreasonably. See VT Griffin Servs., Inc., B-299869.2, Nov. 10, 2008, 2008 CPD ¶ 219 at 4; Citywide Managing Servs. of Port Washington, Inc., B-281287.12, B-281287.13, Nov. 15, 2000, 2001 CPD ¶ 6 at 10-11. Here, we have reviewed Sevatec’s challenges to the evaluation and find no basis to question the technical approach rating of unacceptable. We discuss several examples below.
Performance Work Statement § 5.1
Sevatec challenges the evaluation of its proposal as deficient under section 5.1 of the PWS, which concerns data governance and data management support, relating to the policies and principles associated with managing data. With respect to data governance, the contractor is required to assist the government to update, refine and document the Program Executive Office Defense Healthcare Management System (PEO DHMS) data governance activities. Among other things, the contractor is required to identify risks and issues, and develop mitigation plans, with respect to the PEO DHMS, associated program management offices, and the DOD/VA interagency program management office. PWS § 5.1.1.
With respect to the solicitation’s risk mitigation requirement, the agency found that Sevatec proposed to meet with stakeholders to collect their concerns, but not indicate what the firm would do to identify, document, and develop mitigation plans for those risks. As a result, the evaluators concluded that Sevatec’s role was limited to note taking. In the evaluator’s view, this did not demonstrate a feasible plan for risk mitigation. Declaration of TEB Chair at ¶ 8.
Sevatec disagrees with the agency’s evaluation. According to Sevatec, its proposal indicated that it would work with the DOD and VA to integrate and update the integrated master schedule with governance board meetings and priorities. Sevatec further explains that its proposal stated that the firm would assist with the review and verification of the “as-is” and “to-be” exchanges, data storage requirements, and meta-data standards, and based on this review, identify opportunities for reuse and develop plans to standardize the associated strategies, governance plans, and artifacts. Sevatec argues that this goes beyond note taking, and therefore, the agency’s assignment of a deficiency under this PWS section was unreasonable. Comments at 34. However, while the proposed approach might go beyond note taking in meeting the general requirement for data governance support, we find reasonable the agency’s assessment that these efforts did not meet the solicitation’s requirement to identify risks in this area. Nor does Sevatec point to anything in its proposal that specifically indicates how it would develop risk mitigation plans, another solicitation requirement. Accordingly, we find no basis to question the evaluators’ decision to assign Sevatec’s proposal this deficiency.
Another requirement under PWS § 5.1 was to provide electronic health record (EHR) technical data subject matter experts to update/review the IBM Jazz suite, system architecture, dynamic object oriented requirements system (DOORS), entity relationship diagram (ERD), and semantic open source software (SEMOSS) for the PEO DHMS Enterprise. PWS § 5.1. The agency explains that it would be a significant problem if the contractor does not understand these important software tools because it will cause significant delays while the contractor learns them. Declaration of TEB Chair at ¶ 9.
Sevatec was assigned a deficiency because it did not reference subject matter experts to apply these software tools, and thus did not demonstrate the existence of qualified available subject matter experts. Id. While the protester generally asserts that it addressed the requirement in its proposal, Sevatec has not pointed to any place in its proposal where it identified subject matter experts that it would use for this function. As the solicitation specifically required offerors to provide subject matter experts for this task, we have no basis to question the agency’s assignment of this deficiency.
Performance Work Statement § 5.3.
Sevatec also challenges the evaluation of its proposal under § 5.3 of the PWS, which concerns cybersecurity support. Among other things, the contractor is required to assist the information system security manager (ISSM) in developing and maintaining a cybersecurity program that identifies cybersecurity architecture, cybersecurity requirements, cybersecurity objectives and policies, cybersecurity personnel, and cybersecurity processes and procedures. PWS § 5.3.10. The solicitation also requires the contractor to assist the ISSM in, among other things, verifying that users and system support personnel have appropriate security clearances before they are granted access to information systems; developing reporting procedures for security violations and ensuring that the violations are properly reported; and verifying that audit trails are reviewed periodically and audit records are archived and maintained for future reference. Id.
Sevatec’s proposal was assigned a deficiency under PWS § 5.3.10 because it did not articulate an approach to the support functions of the ISSM. Specifically, with respect to PWS § 5.3.10, Sevatec’s proposal generally stated:
Our approach for ensuring cybersecurity program effectiveness includes providing security oversight and incident response. We will promote operations and incident response within a cybersecurity approach that starts with analyzing detection components to identify and verify incident occurrence; containing the effects by stopping the incident from spreading or causing additional damage; documenting actions performed during the response; then running available eradication tools and processes to quickly record and restore affected systems. . . .
Sevatec Technical Proposal at 18. Sevatec asserts that this deficiency was unreasonably assigned because the cybersecurity requirements for PWS § 5.3 are overlapping and require a holistic approach to delivering services, including program support services. However, while Sevatec cites to general statements elsewhere in its proposal (discussing PWS § 5.3.3 (policy and portfolio management) and § 5.3.5 (cybersecurity)) concerning its “comprehensive approach,” id. at 16, neither these statements nor its response to PWS § 5.3.10 address the specific requirements of PWS § 5.3.10’s ISSM support tasks, including, for example, verifying audit trails. Declaration of TEB Chair at ¶ 16. Accordingly, we have no basis to question the agency’s decision to assign Sevatec’s proposal a deficiency here.
Sevatec also argues that the agency conducted discussions with SeKon without furnishing Sevatec a similar opportunity to address evaluated deficiencies in its proposal. In this regard, in its technical proposal SeKon included a diagram which listed, by name and employment category (e.g., systems engineer, subject matter expert for cybersecurity), proposed key personnel, members of its management team, subject matter experts, support staff, and a reach back team. SeKon Proposal Figure 25. The chart did not specifically identify whether the personnel were employees of SeKon or its subcontractor, Deloitte. In its cost proposal, SeKon listed, as required, proposed off-site and on-site rates for different labor categories for both SeKon and Deloitte.
In conducting the cost realism evaluation, the cost analyst considered whether the employees were SeKon or Deloitte employees. Supp. AR at 15-16. To confirm her conclusions in this regard, she requested the contracting officer to ask SeKon to indicate whether the employees worked for the prime or subcontractor, the employee’s skill category, and the applicable on-site and off-site rates. Id. at 17. The agency specifically advised SeKon that this was not an opportunity to revise, change or modify its proposal. Agency Email from Agency to SeKon, Sept. 18, 2014. SeKon responded with the requested information. SeKon Response to email, Sept. 18, 2014.
Sevatec asserts that SeKon’s initial proposal did not indicate how the management team would be divided between SeKon and Deloitte. According to Sevatec, this amounted to a material deficiency which the agency allowed SeKon to correct through discussions. Sevatec asserts that since the agency held discussions with SeKon, it was obligated to hold discussions with Sevatek and allow it to correct the deficiencies in its proposal.
Federal Acquisition Regulation § 15.306 describes a range of exchanges that may take place between an agency and an offeror during negotiated procurements. Clarifications are limited exchanges between an agency and an offeror for the purpose of clarifying certain aspects of a proposal, and do not give the offeror the opportunity to revise or modify its proposal. Discussions, on the other hand, occur when an agency communicates with an offeror with the intent to obtain proposal revisions and include bargaining, give and take, persuasion, and alteration of assumptions and positions. iGov et al., B-408128.24 et al, Oct. 31, 2014, 2014 CPD ¶ 329 at 10. When an agency holds discussions with one offeror it must hold them with all offerors in the competitive range. Booz Allen Hamilton, Inc., B‑405993, B-405993.3, Jan. 19, 2012, 2012 CPD ¶ 30 at 10. Communications that do not permit an offeror to revise or modify its proposal, but rather permit the offeror to explain what it has already proposed to do, are clarifications, not discussions. Id.
The agency argues, and we agree, that the information SeKon provided regarding personnel was the result of clarifications, not discussions. In this regard, the agency did not undertake the exchange with the intent of allowing SeKon to revise its proposal, and, in fact, specifically advised SeKon that it would not be permitted to do so. Rather, the agency asked for the information so that it could confirm the conclusions it reached while performing its cost evaluation. In this regard, both the names of the employees and the rates were included in the proposal, and the agency merely sought to ensure that it had correctly mapped the cost proposal to the technical proposal. Further, we note that, contrary to Sevatec’s allegations, the information was not sought or used to evaluate SeKon’s technical proposal. Since SeKon was not permitted to materially revise its proposal, and the information was not needed to determine that SeKon’s proposal was acceptable, the communications did not constitute discussions.
The protest is denied.
Susan A. Poling
 Ratings for the technical and management approach factors were outstanding, good, acceptable or unacceptable. Ratings for past performance were acceptable, unacceptable or unknown.
 Since the value of the task order is approximately $75.6 million, this procurement falls within our jurisdiction to hear protests related to the issuance of task orders under multiple-award indefinite-delivery/indefinite-quantity (ID/IQ) contracts valued in excess of $10 million. 10 U.S.C. § 2304c(e)(1)(B).
 A single deficiency could render a proposal unacceptable. RFP at 10. Since, as set forth below, we find several of the assigned deficiencies to be reasonable, we need not address each deficiency identified by the agency.
 Sevatec also protested that, due to SeKon’s relationship with its subcontractor, Deloitte Consulting, the contracting officer should have requested the Small Business Administration (SBA) to determine whether SeKon was violating the ostensible subcontractor rule, see 13 C.F.R. § 121.103(h)(4) (2014), and thus did not qualify as an eligible small business. The SBA has filed a size status protest with respect to SeKon. See SBA E-mail to GAO, Jan. 12, 2014. Accordingly, we will not address this issue. In addition, Sevatec has challenged the evaluation of SeKon’s past performance, asserting that SeKon relied on the past performance of its subcontractor Deloitte. However, even if SeKon had no past performance and was unable to rely on the past performance of its subcontractor, SeKon would be rated neutral for past performance. Since SeKon would still be eligible for award, and since we have concluded that the agency reasonably evaluated Sevatec’s proposal as unacceptable, Sevatec is not an interested party to challenge the evaluation of SeKon’s past performance. See 4 C.F.R. § 21.0(a) (2014).
 Sevatec further asserts in this regard that in its initial proposal SeKon offered a current Deloitte employee as its technical program manager, and only in response to the agency’s email request indicated that the employee was being offered as a direct SeKon employee. Contrary to Sevatec’s allegation, however, the solicitation did not require offerors to provide a letter of intent that identified the intended employer of proposed personnel. See RFP at 4. Accordingly, we disagree that SeKon’s response to the agency email was the result of discussions.