Knight Point Systems, LLC

B-414183.3,B-414183.5: May 31, 2017

Additional Materials:

Contact:

Ralph O. White
(202) 512-8278
WhiteRO@gao.gov

Kenneth E. Patton
(202) 512-8205
PattonK@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Knight Point Systems, LLC, of Reston, Virginia, protests the issuance of blanket purchase agreements (BPAs) to three vendors under request for quotations (RFQ) No. HSHQDC-16-Q-00195 issued by the Department of Homeland Security (DHS) for agency-wide enterprise computing services and cloud computing services. Knight Point challenges the agency's evaluation of its technical quotation.

We sustain the protest.

DOCUMENT FOR PUBLIC RELEASE
The decision issued on the date below was subject to a GAO Protective Order. This version has been approved for public release.

Decision

Matter of:  Knight Point Systems, LLC

File:  B-414183.3; B-414183.5

Date:  May 31, 2017

Francis E. Purcell Jr., Esq., Thomas O. Mason, Esq., and Joseph R. Berger, Esq., Thompson Hine LLP, and Amy S. Josselyn, Esq., Cooley LLP, for the protester.
David S. Cohen, Esq., John J. O’Brien, Esq., Laurel A. Hockey, Esq., David Strouse, Esq., and Amy J. Spencer, Esq., Cohen Mohr LLP, for Four Points Technology; James C. Fontana, Esq., David B. Dempsey, Esq., L. James D’Agostino, Esq., and Jeffry R. Cook, Esq., Dempsey Fontana, PLLC, for Govplace Inc.; and William A. Shook, Esq., The Law Offices of William A. Shook PLLC, for InfoReliance Corporation, the intervenors.
James C. Richardson Jr., Esq., and Peter G. Hartman, Esq., Department of Homeland Security; Michael J. Noble, Esq., General Services Administration, for the agencies.Elizabeth Witwer, Esq., and Jennifer D. Westfall-McGrail, Esq., Office of the General Counsel, GAO, participated in the preparation of the decision.

DIGEST

Protest challenging agency’s technical evaluation is sustained where the agency failed to evaluate whether the services proposed by the protester fell within the scope of its General Services Administration Federal Supply Schedule contract.

DECISION

Knight Point Systems, LLC, of Reston, Virginia, protests the issuance of blanket purchase agreements (BPAs) to three vendors[1] under request for quotations (RFQ) No. HSHQDC-16-Q-00195 issued by the Department of Homeland Security (DHS) for agency-wide enterprise computing services and cloud computing services.  Knight Point challenges the agency’s evaluation of its technical quotation.

We sustain the protest.

BACKGROUND

On June 24, 2016, DHS issued the RFQ, which was limited to vendors holding General Services Administration’s (GSA) Federal Supply Schedule Contract 70, General Purpose Commercial Information Technology, Equipment, Software and Services.  Memorandum of Law (MOL) at 1‑2; RFQ at 3.  The Special Identification Numbers (SINs) applicable to this acquisition were SIN 132-52, Electronic Commerce and Subscription Services, and SIN 132-40, Cloud Computing Services.  RFQ at 3.  The purpose of the acquisition was to provide DHS components with the ability to acquire commercial, commodity-based Infrastructure-as-a-Service (IaaS) cloud services[2] and to access these “cloud services, either directly from Cloud Service Providers (CSP) or through their Resellers.”[3]  RFQ at 6.  

The solicitation contemplated the award of three to five BPAs and envisioned that task orders issued under the BPAs would be fixed-price, time and material, or a combination of the two.  RFQ at 13, 64.  Each BPA would have a 5-year term comprised of five 12‑month ordering periods.  RFQ at 34-35.  The solicitation provided that the maximum value of all task orders to be issued under the BPAs would be $1.6 billion.  RFQ at 13.

The solicitation provided for award on a best-value basis, considering price and the following four non-price evaluation factors, in descending order of importance:  (1) breadth of IaaS cloud services solutions offered; (2) cloud service solutions experience; (3) customer service approach; and (4) past performance.  RFQ at 64‑65.  The non-price factors, when combined, were significantly more important than price.  RFQ at 65.  As the non-price ratings become more equal, however, the solicitation stated that price would become more important in the award determination.  Id.  In the event that the agency found two or more quotations to be technically equal, the agency reserved the right to award a BPA to the vendor that provided the greatest discount from its GSA schedule pricing.  Id.

Relevant to the protest, under technical factor 1 (breadth of IaaS cloud services solutions offered), vendors were instructed to list the IaaS cloud systems being offered.  RFQ at 49, 51.  The solicitation provided that all IaaS services offered “must be authorized by Federal Risk Authorization and Management Program (FedRAMP), as demonstrated by FedRAMP Provisional Authorization to Operate (PATO) or Agency Authorization to Operate (ATO).”[4]  RFQ at 6.  See also RFQ at 8, 49 (requiring listed cloud systems to be FedRAMP authorized).

Also relevant here, the solicitation permitted vendors to structure their quotations as either a GSA Multiple Award Schedules (MAS) Contractor Teaming Arrangement or as a GSA Prime Contractor/Subcontractor arrangement.  RFQ at 54.  If a vendor opted for the latter arrangement, which Knight Point did, the solicitation provided as follows:

If a GSA Prime Contractor / Subcontractor Arrangement(s) is proposed, only the Prime Contractor must have a GSA Schedule 70 IT contract.  GSA authorized subcontractors may fulfill requirements under the Prime Contractor’s GSA Contract number and pricing table.  The Prime may not delegate responsibility for performance to subcontractors.  The Prime cannot contract to offer services for which it does not hold a Schedule contract.

Id. (emphasis added).  The proper interpretation and application of the final sentence in this provision is the crux of this protest. 

DHS received 18 quotations in response to the solicitation.  Contracting Officer’s Statement (COS) at 2.  On November 30, DHS announced BPA awards to Knight Point and three other vendors, Four Points, Govplace, and InfoReliance.  Id. at 3.  The results of the technical evaluation of these four vendors’ quotations were as follows:

 

Breadth of IaaS Cloud Solutions

Cloud Service Solutions Experience

Customer Service Approach

Past Performance

Four Points

Exceptional

Exceptional

Exceptional

Exceptional

GovPlace

Exceptional

Exceptional

Exceptional

Very Good

InfoReliance

Exceptional

Exceptional

Exceptional

Very Good

Knight Point

Exceptional

Exceptional

Exceptional

Very Good


Agency Report (AR), Tab 12, Initial Award Decision, at 4.  Following protests of these awards before our Office, DHS announced that it would take corrective action by conducting a new evaluation and making a new source selection determination.  Id.

On February 13, 2017, DHS announced awards to three vendors:  Four Points, Govplace, and InfoReliance.  COS at 3.  Knight Point did not receive a BPA award in the reevaluation.  The results of the reevaluation of the vendors’ technical quotations were as follows:

 

Breadth of IaaS Cloud Solutions

Cloud Service Solutions Experience

Customer Service Approach

Past Performance

Four Points

Exceptional

Exceptional

Exceptional

Exceptional

GovPlace

Exceptional

Exceptional

Exceptional

Very Good

InfoReliance

Exceptional

Exceptional

Exceptional

Very Good

Knight Point

Satisfactory

Very Good

Very Good

Very Good


AR, Tab 16, Final Award Decision, at 4.  The downgrading of Knight Point’s technical quotation was due to the agency’s conclusion that the majority of the services Knight Point offered were not on its GSA schedule contract.  AR, Tab 13, Final Technical Evaluation Report, at 14. 

As permitted by the solicitation, Knight Point indicated that its solution was structured as a GSA Prime/Subcontractor arrangement.  AR, Tab 7b, Knight Point Business and Price Quote, Vol. II, Tab B, at 1.  Additionally, in its technical quotation, under factor 1 (breadth of IaaS cloud services solutions offered), Knight Point offered [DELETED] FedRAMP authorized IaaS cloud service solutions.  AR, Tab 7a, Knight Point Technical Quote, Vol. I, Tab B & Table A.  One of the offerings, Cloudseed, is a cloud system owned by Knight Point.  Id., Table A, at 1.  The remaining [DELETED] offerings are cloud systems offered by Knight Point’s subcontractors.  Id. at 2-17.

In its initial evaluation, DHS gave Knight Point credit for all [DELETED] IaaS cloud service solutions, and rated its quotation exceptional under factor 1 (breadth of IaaS cloud services solutions offered).  AR, Tab 9, Initial Technical Evaluation Report, at 14.  In the reevaluation, the agency’s evaluators gave Knight Point credit for only one cloud system‑‑the cloud system owned by Knight Point.[5]  AR, Tab 13, Final Technical Evaluation Report, at 14.  With respect to the other [DELETED] cloud systems offered by Knight Point, the evaluators concluded as follows:

Although the quote identified [DELETED] [cloud service providers], [DELETED] of the [DELETED] [cloud service providers] were available through subcontracting.  In accordance with the instructions in the solicitation, no credit for these [DELETED] [cloud service providers] was given . . . as they were not on the quoter[’s] GSA schedule contract[.]”

Id.  On February 13, the agency notified Knight Point that it was not selected for award.  This protest followed.

DISCUSSION

Knight Point challenges DHS’s technical evaluation.  Specifically, Knight Point challenges DHS’ conclusion that the [DELETED] cloud systems offered by Knight Point had to be listed by brand name on its GSA schedule contract.  Comments at 1.  Knight Point contends that such a requirement is not set forth in the solicitation, nor is it consistent with prior decisions of our Office.  Id. at 14-21.  We sustain Knight Point’s protest for the reasons discussed below.  We deny the remainder of Knight Point’s allegations.[6]

The evaluation of quotations is a matter within the discretion of the procuring agency.  Innovative Mgmt. & Tech. Approaches, Inc., B-413084, B‑413084.2, Aug. 10, 2016, 2016 CPD ¶ 217 at 4.  Our Office does not independently evaluate quotations; rather we review the agency’s evaluation to ensure that it is consistent with the terms of the solicitation and applicable statutes and regulations.  Id.  A vendor’s disagreement with the agency’s judgment, by itself, is not sufficient to establish that the agency acted unreasonably.  Id.

When a concern arises that a vendor is offering services outside the scope of its schedule contract, the relevant inquiry is whether the services offered are actually included on the vendor’s contract, as reasonably interpreted.  KPMG et al., supra, at 7.  In this regard, our Office will consider whether the function being sought under a particular solicitation is the same as the function covered under a vendor’s schedule contract.  Id.  Here, as we explain below, we sustain the protest because the record demonstrates that DHS did not reasonably consider whether the cloud services offered by Knight Point through its subcontractors were within the scope of Knight Point’s GSA schedule contract.  Rather, the agency considered only whether the cloud systems offered by Knight Point were listed by brand name on Knight Point’s GSA schedule contract, which was not a requirement of the solicitation.

It is undisputed that Knight Point’s GSA schedule contract does not list, by brand name, the [DELETED] cloud systems offered by Knight Point’s subcontractors.  See AR, Tab 7c, Knight Point GSA Pricing Schedule, Vol. III, Tab B, 49-54.  See also Protest at 2 (Knight Point’s “GSA schedule contract does not define its cloud service on a brand-name basis[.]”).  Although Knight Point recognizes that some schedule holders offer the services of FedRAMP authorized cloud service providers by brand name, Knight Point does not structure its approach in this manner.  Comments at 15 n.3.  Rather, as Knight Point explained in its quotation, it adopts a “[DELETED]” approach, which allows “[DELETED].”  AR, Tab 7b, Knight Point Business and Price Quote, Vol. II, Tab C, at 1.  In other words, Knight Point’s schedule contract includes [DELETED].  AR, Tab 7a, Knight Point Technical Quote, Vol. I, Sec. 2.3, at 2. 

Knight Point further explains its GSA schedule contract as follows: “[DELETED][.]”  Protest at 15.  As a result, “[DELETED].”  AR, Tab 7c, Knight Point GSA Pricing Schedule, Vol. III, Tab B, at 49.  In this regard, “[DELETED].”  Protest at 16.  Knight Point asserts that this flexible approach enables it to include all [DELETED] FedRAMP authorized cloud systems provided by its subcontractors while obviating the need to make constant updates to its GSA schedule contract.[7]  AR, Tab 7a, Knight Point Technical Quote, Vol. I, Sec. 2.3, at 2; Protest at 1.  

With respect to the subject acquisition, Knight Point contends that the services and functions offered by its proposed subcontractors fall within the item numbers and categories on its schedule contract.  Comments at 15.  As noted above, the solicitation sought commercial, commodity-based IaaS cloud computing services.  RFQ at 6; MOL at 3-4.  Knight Point points out that its schedule contract lists generic product names and descriptions of cloud computer services that include the services the agency solicits here, such as:  bandwidth to customer; data transfer; public IP; LAN to LAN IPSEC Tunnel; Gb storage; a la carte CPU and a la carte RAM; bundled compute resources; installation services, etc.  Comments at 15.  For this reason, Knight Point represents that the services and functions it offers in this acquisition are the same as those included on its schedule contract.  Id. at 15-16.

In response, the agency does not dispute that the relevant inquiry is whether the services offered--as opposed to the brand names--are included on the vendor’s contract.  Supp. MOL at 7 (“It is not a question of brand name, but more critically a review of the types of services that Knight Point is permitted to offer on their GSA Schedule contract.”); id. at 6 (“The specific inquiry by the Agency in this protest is not the brand name, but as provided in KMPG, a review of the GSA Schedule contract to determine if ‘the services offered are actually included on the vendor’s contract, as reasonably interpreted.’”) (citing KPMG et al., supra, at 7).  The agency then contends, without further explanation, that its technical evaluation was reasonable because “Knight Point’s proposed subcontractor cloud services that are not offered on their schedule contract.”  Supp. MOL at 6 (citing COS at 12). 

Despite the agency’s contention, the record reflects that DHS failed to determine, or failed to document its determination of, whether the proposed subcontractors’ cloud services are within the scope of Knight Point’s schedule contract.  Rather, the agency’s evaluators merely examined whether the [DELETED] cloud systems offered by Knight Point and its subcontractors were listed by brand name on Knight Point’s schedule contract, and, finding that they were not, the evaluators declined to credit Knight Point for [DELETED] of its [DELETED] FedRAMP authorized IaaS cloud systems.[8]  AR, Tab 13, Final Technical Evaluation Report, at 14 (concluding that “no credit for these [DELETED] [cloud service providers] was given under the factor for [cloud service providers], as they were not on the quoter[’s] GSA schedule contract[.]”).

To the extent that the agency is contending that “services” in the context of cloud computing services should be defined not as services, but rather as discrete brand name cloud systems, we note that the agency does not explicitly make this argument.  Nor does the agency provide any authority for viewing cloud computing services in this manner.  Moreover, we could not identify any support for defining cloud computing services in this manner in the solicitation.[9]  Importantly, GSA also does not make this argument, despite providing input on three occasions regarding this matter.[10]  See AR, Tab 17, Email from GSA Sr. Contracting Officer, Dec. 16, 2016; Tab 23, Email from GSA Sr. Contracting Officer, Mar. 23, 2017; Tab 24, GSA Comments, May 11, 2017.[11]

We sustain the protest because the agency has failed to identify any requirement--either within the solicitation or otherwise--that would restrict a vendor’s use of IaaS cloud systems to those systems that were listed by brand name on the vendor’s GSA schedule contract.  Instead, the agency simply assumes, without support, that in order for a GSA schedule holder to offer services through a subcontractor, it must include the brand name of the subcontractor’s services on its schedule contract.  We have previously explained, however, that the relevant inquiry is whether the services offered are actually included on the vendor’s contract, as reasonably interpreted.  KPMG et al., supra, at 7. The record here does not demonstrate that the DHS evaluators undertook this analysis. 

Competitive Prejudice

Prejudice is an essential element of a viable protest.  MicroTechnologies, LLC, B‑413091, B‑413091.2, Aug. 11, 2016, 2016 CPD ¶ 219 at 15.  Here, the agency has not undertaken the required analysis to determine whether the services proposed by Knight Point are within the scope of its GSA schedule contract.  We note, however, that the agency initially issued a BPA to Knight Point based upon its [DELETED] IaaS cloud system offerings.  Accordingly, were the agency to conclude that the services offered by Knight Point fall within the scope of Knight Point’s schedule contract, there is a substantial chance that Knight Point may receive an award of a BPA.  In any event, we resolve doubts regarding competitive prejudice in favor of the protest; where, as here, the protester has shown a reasonable possibility that it was prejudiced by the agency’s action, we will sustain its protest.  SRA Int’l, Inc., B‑410973, B‑410973.2, Apr. 8, 2015, 2015 CPD ¶ 32 at 8.

RECOMMENDATION

For the reasons discussed above, we conclude that DHS’s technical evaluation of Knight Point’s quotation was unreasonable.  We further conclude that Knight Point was prejudiced by this evaluation.  We recommend that DHS conduct and document a new technical evaluation and prepare a new source selection decision.  We also recommend that the agency reimburse the protester’s reasonable costs associated with filing and pursuing its protest, including attorneys’ fees.  Bid Protest Regulations, 4 C.F.R. § 21.8(d).  The protester’s certified claims for costs, detailing the time expended and costs incurred, must be submitted to the agency within 60 days after the receipt of this decision.  4 C.F.R. § 21.8(f).

The protest is sustained.

Susan A. Poling
General Counsel



[1] These vendors are:  (1) Four Points Technology, LLC, of Chantilly, Virginia; (2) Govplace Inc., of Reston, Virginia; and (3) InfoReliance Corporation, of Fairfax, Virginia.

[2]  Infrastructure-as-a-Service provides an agency the capability to provision processing, storage, networks, and other fundamental computing resources and to run its own software, including operating systems and applications.  Cloud  Computing, GAO‑16‑325, at 4‑5 (April 2016).  The agency does not manage or control the underlying infrastructure, but controls and configures operating systems, storage, deployed applications, and possibly selected networking components, such as host firewalls.  Id.

[3]  The solicitation defined cloud service providers as “private industry suppliers or resellers providing cloud offerings and solutions to government and commercial customers.”  RFQ at 5.

[4]  FedRAMP is a government-wide program intended to provide a standardized approach to security assessment, authorization, and continuous monitoring for cloud computing products and services.  SRA Int’l, Inc., B-409993, Sept. 2, 2014, 2014 CPD ¶ 264 at 1.  See also Cloud Computing, GAO‑16-325, at 7; FedRAMP About Us, available at https://www.fedramp.gov/about-us/about/ (last visited May 30, 2017).  All federal agencies must meet FedRAMP requirements when using cloud services and the cloud service providers must implement the FedRAMP security requirements in their cloud environment.  Cloud Computing, GAO‑16-325, at 7. 

[5]  This cloud system was listed by brand name on Knight Point’s GSA schedule contract.  AR, Tab 7c, Knight Point GSA Pricing Schedule, Vol. III, Tab B, at B-54.

[6]  For instance, Knight Point also challenges the agency’s reliance upon the GSA MAS Desk Reference book to support its conclusion that Knight Point could not subcontract for services not listed by brand name on its GSA schedule contract.  Supp. Protest at 2.  Knight Point contends that, in relying upon this reference, the agency employed an undisclosed evaluation criterion.  Id.  We disagree.  The portion of this reference cited by the agency mirrors the language in the solicitation that provides that a prime contractor “cannot contract to offer services for which it does not hold a Schedule contract.”  Compare AR, Tab 18, GSA Reference book, at 5 with RFQ at 54.  Moreover, this language merely explains the state of applicable law regarding prime/subcontractor arrangements, see e.g., KPMG et al., B‑412732 et al., May 23, 2016, 2016 CPD ¶ 149 at 7, which neither the agency nor Knight Point is free to ignore. 

[7]  Knight Point refers to this approach as its Horizon solution.  Protest at 1.  It explains that Horizon is “[DELETED].”  Id. at 13.  The record reflects that Knight Point’s GSA schedule contract was modified to include its Horizon solution.  AR, Tab 7c, Knight Point GSA Pricing Schedule, Vol. III, Tab B, at 1.  During the pendency of this protest, GSA also confirmed that the scope of Knight Point’s schedule contract includes its Horizon solution and that Knight Point accurately described its solution as a portfolio of services and product offerings that can be combined into a single, unified solution.  GSA Comments, May 11, 2017, at 2; Tab 23, Email from GSA Sr. Contracting Officer, Mar. 23, 2017, at 1.

[8] DHS also argues that Knight Point’s quotation did not adequately explain the applicability of its [DELETED] approach because the quotation did not specifically identify the approach by name, i.e., Horizon.  MOL at 14, 15.  This argument is flawed for two reasons.  First, whether Knight Point referred to its approach by its proprietary name is irrelevant because Knight Point described its approach in significant detail in all three volumes of its quotation.  See AR, Tab 7a, Knight Point Technical Quote,  Vol. I, § 2.3, at 1-2; Tab 7b, Knight Point Business and Price Quote, Vol. II, Tab C, at 1; Tab 7c, Knight Point GSA Pricing Schedule, Vol. III, Tab B, at 49-51.  Second, we note for the record that volume III of its quotation, which includes Knight Point’s GSA schedule pricing, does identify and discuss the approach by name.  See Tab 7c, Knight Point GSA Pricing Schedule, Vol. III, Tab B, at 49.  More fundamentally, however, this argument does not impact our decision here because, regardless of the overall approach Knight Point takes in providing cloud computing services, the agency is still required to compare the services being offered to those on the vendor’s schedule contract.

[9]  In fact, the solicitation appears to support Knight Point’s position.  In this regard, the RFQ distinguishes between a cloud “system” or “solution” and the “services” or “items” that are contained within that solution.  See e.g., RFQ, Table A, at 51 (distinguishing between the FedRAMP authorized cloud system (column 1) and the corresponding “[d]escription of Associated FedRAMP Services/Products/Tools” within that system (column 2)); RFQ, Table B, at 52 (same).

[10]  The first two exchanges with GSA were initiated by the agency.  We reviewed the responses provided by GSA in response to the agency’s inquires and found them to be ambiguous.  Accordingly, we requested further clarification from GSA during the pendency of the protest.  We note, however, that despite the ambiguity regarding some of the issues relevant to the protest, at no time did GSA expressly state that the cloud systems offered by the cloud service providers needed to be included on the vendor’s GSA schedule contract.

[11]  In its final comments, which were submitted at the request of our Office, GSA confirmed that Knight Point’s schedule contract includes its Horizon solution, which allows it to make cloud solutions “[DELETED]” and provides flexibility because it is not “[DELETED].”  AR, Tab 24, GSA Comments, May 11, 2017, at 1-2.  GSA also confirmed that Knight Point’s proposed pricing methodology conforms to its schedule pricing.  Id. at 2.  Finally, with respect to “whether the services offered by Knight Point’s proposed subcontractors actually fall within the parameters of Knight Point’s performance based Schedule Contract,” GSA represented that “this is a matter beyond the ability of GSA’s Contract Specialist to evaluate.”  Id.  We interpret GSA’s response to indicate that the procuring agency must consider whether the offered subcontractor services fall within the scope of the vendor’s schedule contract.

Oct 18, 2017

Oct 17, 2017

Oct 13, 2017

Oct 12, 2017

Oct 11, 2017

  • Daekee Global Company, Ltd.
    We dismiss the protest because the protester has not established that it is an interested party.
    B-414899,B-414899.2

Oct 10, 2017

Looking for more? Browse all our products here