Syneren Technologies Corporation
B-415058,B-415058.2: Nov 16, 2017
- Full Report:
Syneren Technologies Corporation, of Arlington, Virginia, protests the Department of the Navy's rejection of the proposal Syneren submitted in response to request for proposal (RFP) No. N00039-16-R-0033 to provide various information technology (IT) services. Syneren challenges the agency's determination that its proposal was unacceptable.
We deny the protest.
DOCUMENT FOR PUBLIC RELEASE
The decision issued on the date below was subject to a GAO Protective Order. This redacted version has now been approved for public release.
Matter of: Syneren Technologies Corporation
File: B-415058; B-415058.2
Date: November 16, 2017
Protest challenging the agency’s determination that protester’s proposal was technically unacceptable is denied where agency reasonably determined that protester’s proposal failed to adequately address the solicitation’s requirements.
Syneren Technologies Corporation, of Arlington, Virginia, protests the Department of the Navy’s rejection of the proposal Syneren submitted in response to request for proposal (RFP) No. N00039-16-R-0033 to provide various information technology (IT) services. Syneren challenges the agency’s determination that its proposal was unacceptable.
We deny the protest.
On February 10, 2016, the agency issued RFP No. N00039-16-R-0033, seeking proposals to provide support for the Sea Warrior Program in the “design, development, implementation and sustainment of IT systems and software supporting enterprise business services, personnel and pay, position management, recruiting and accessions, workforce development, and distance support.” PWS at 5.
The solicitation contemplated award, on a best-value basis, of multiple indefinite-delivery, indefinite-quantity (IDIQ) contracts for 5-year base performance periods and three 1-year option periods, and established the following evaluation factors: (1) software development experience; (2) first sample task (net recruiting placement and alignment (NetRPA)development/modernization); (3) second sample task (Department of Defense (DOD) IT portfolio repository/database management system sustainment); (4) cost; and (5) past performance. RFP at 140‑47. The solicitation provided that the agency intended to make award on the basis of initial proposals without conducting discussions, and advised the offerors that:
The Government will evaluate each Offeror’s understanding of the Government’s requirements and ability to perform the work on the basis of its proposal. It is the Offeror’s responsibility to provide information and evidence that clearly demonstrates its ability to satisfactorily respond to the solicitation requirements.[]
RFP at 115.
On or before the April 11, 2016 closing date, proposals were submitted by 20 offerors, including Syneren, and were thereafter evaluated. With regard to the second most important evaluation factor, the NetRPA sample task, offerors were required to propose delivery of “a fully functioning and deployable NetRPA package that the Government can use in standing up the NetRPA from a Government facility.” AR, exh. 4, PWS for NetRPA, at 3. Because the work is to be performed at a government facility and involves DOD and Department of Navy information, the RFP required compliance with various DOD and Navy cybersecurity policies, specifically including various software accreditation requirements. See RFP at 32-35; PWS at 5, 8, 9, 13, 35-36, 54-60. In responding to the NetRPA requirements, Syneren’s proposal stated that it would provide a [redacted], AR, exh. 10, Syneren NetRPA Technical Approach, at 4, and repeatedly referenced its reliance on [redacted] software. Id. at 1, 3, 8, 10, 11. For example, Syneren’s proposal stated:
[W]e will ensure that by using [redacted] software, we provide [redacted]. . . .
. . . We will use [redacted]
Id. at 11.
The [redacted] software referenced in Syneren’s proposal is not accredited for use at the Navy datacenter under the competed contract. See Protest at 7-11. Nonetheless, Syneren’s proposal offered no meaningful explanation as to how accreditation of the software would be achieved. Id. at 4‑20.
In evaluating Syneren’s proposal, the agency assessed various weaknesses in its proposed technical approach and assessed a deficiency related to Syneren’s proposal of the unaccredited [redacted] software. AR, exh. 12, Technical Evaluation Team (TET) Report, at 307‑08, 312-13. Specifically, the TET referred to Syneren’s proposal to “use [redacted],” noting that “[redacted] is not accredited” and further noting that Syneren’s proposal did not include any specific plan to achieve accreditation. Id. at 312-13. Accordingly, the TET rated Syneren’s proposal as unacceptable under the NetRPA evaluation factor.
On July 21, Syneren was advised that its proposal had been rejected. Following a debriefing on August 3, Syneren filed this protest.
Syneren protests various aspects of the agency’s evaluation and source selection process, primarily complaining that the agency should not have evaluated its proposal as unacceptable. In this regard, Syneren asserts: “There was no requirement for Syneren to address the accreditation process prior to award or to explain in its proposal how it would attain accreditation.” Protester’s Comments on AR, Sept. 11, 2017, at 4.
The agency responds by pointing out that the solicitation specifically identified the government data center in New Orleans as the primary location for performance of the NetRPA requirements and, because performance will occur in a government facility and involve DOD and Navy data, the solicitation provided that the contractor’s system must comply with multiple cybersecurity requirements. See RFP at 32-35; PWS at 5, 8‑9, 13, 35-36, 54‑60; PWS for NetRPA at 4-5, 13. The agency further responds that, in evaluating Syneren’s proposal, the TET specifically considered Syneren’s reliance on [redacted] software, noting that the software did not meet the solicitation’s cybersecurity requirements and, more importantly, that Syneren’s proposal failed to address in any meaningful way how compliance would be achieved. Finally, the agency states that, based on the above, it concluded that Syneren’s proposal failed to reflect an adequate understanding of both the time and costs associated with Syneren’s successful contract performance, specifically including compliance with the solicitation’s cybersecurity requirements. AR, Memorandum of Law/Contracting Officer’s Statement (MOL/COS) at 25-32; AR, exh. 8, Declaration of Agency’s Information Technology Specialist, at 1-3; AR, exh. 18, Declaration of TET Member, at 1-4.
It is a fundamental principle that a proposal failing to conform to a material solicitation requirement is technically unacceptable and cannot form the basis for award. See, e.g., Wyle Laboratories, Inc., B‑413964, B‑412964.3, May 27, 2016, 2016 CPD ¶ 144 at 7-8. In reviewing protests challenging an agency’s evaluation of proposals, we do not reevaluate proposals, but rather we examine the record to determine whether the agency’s judgment was reasonable and in accordance with the stated evaluation criteria and applicable procurement laws and regulations. Id.
Here, Syneren does not dispute the fact that the [redacted] software referenced throughout its proposal does not comply with the solicitation’s cybersecurity requirements, nor does Syneren identify any portion of its proposal that meaningfully discussed how the required accreditation would be achieved. Rather, Syneren asserts that “[t]here was no requirement for Syneren to address the accreditation process prior to award or to explain in its proposal how it would attain accreditation.” Protester’s Comments on AR, Sept. 11, 2017, at 4.
Contrary to Syneren’s assertion, the solicitation clearly put offerors on notice as to the cybersecurity requirements; stated that proposals must demonstrate the offeror’s “understanding of the Government’s requirements and ability to perform the work”; advised that it was “the Offeror’s responsibility to provide information and evidence that clearly demonstrates its ability to satisfactorily respond to the solicitation requirements”; and warned that the agency “may judge a proposal to be unacceptable” if it failed to “clearly reveal the Offeror’s proposed approach.” RFP at 115. On this record, we find no basis to question the reasonableness of the agency’s determination that Syneren’s proposal failed to adequately address how it would successfully comply with the solicitation’s cybersecurity requirements and, accordingly, that its proposal was unacceptable.
The protest is denied.
Susan A. Poling
 The Sea Warrior Program encompasses “a complex portfolio of systems that enable the Navy to perform Human Resource (HR) and other non-tactical business operations ashore and afloat.” Agency Report (AR), exh. 2, Performance Work Statement (PWS), at 4.
 The total ceiling value for the procurement is $300 million. AR, exh. 1, RFP, at 2.
 Of relevance to this protest, the solicitation states that “[t]he NetRPA application is the Navy’s primary market research tool utilized for making decisions concerning the placement of personnel, the setting of recruiting goals, and the alignment of Zone, Station, and Zone Improvement Program (ZIP) Codes at the Navy Recruiting Districts.” AR, exh. 4, PWS for NetRPA, at 3.
 The solicitation provided that factors 1 through 4 were listed in descending order of importance; that factors 1 through 3 would be rated under an adjectival rating system of good, acceptable, marginal and unacceptable; and that factor 5 (past performance) would be evaluated on a pass/fail basis. RFP at 141-47.
 The solicitation added that proposals must “contain all pertinent information in sufficient detail so that the government evaluators are able to meaningfully evaluate the Offeror’s proposal without discussions” and must demonstrate that the offeror “has valid and practical solutions for all requirements.” RFP at 115. Finally, offerors were warned that the agency “may judge a proposal to be unacceptable” if it failed to “clearly reveal the Offeror’s proposed approach.” Id.
 The solicitation provided that the primary performance location for the NetRPA task order would be the government data center in New Orleans, Louisiana. AR, exh. 4, PWS for NetRPA, at 4-5.
 The agency explains that “[r]igorous cybersecurity requirements are applied to DOD and Department of the Navy (DON) systems . . . because of their potential impact on national security,” adding that “[c]ybersecurity requirements are heightened when . . . personally identifiable information (PII) data is present, particularly for members of the armed forces.” AR, exh. 8, Declaration of Agency’s Information Technology Specialist, Aug. 31, 2017, at 1.
 The solicitation defined [redacted]. AR, exh. 11, NetRPA Functional Requirements Document, at 103.
 Indeed, it appears that Syneren did not know whether the [redacted] software met the solicitation’s cybersecurity requirements when it submitted its proposal. Specifically, the record contains an email from a Syneren representative to an account executive for the [redacted] software developer that was sent 5 months after Syneren submitted its proposal, stating: “I understand that [redacted] on open internet is not secure. But we intend to use it on Navy datacenter. Is it secure if we use it on Navy datacenter?” Email from Syneren to Software Developer, Sept. 11, 2017.
 In responding to this protest, the agency explains that accreditation of Syneren’s proposed software could take as long as 24 months. AR, exh. 18, Declaration of TET Member, Sept. 1, 2017, at 2.