Fortem Solutions, LLC

B-415716.39: Dec 17, 2019

Additional Materials:

Contact:

Ralph O. White
(202) 512-8278
WhiteRO@gao.gov

Kenneth E. Patton
(202) 512-8205
PattonK@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Fortem Solutions, LLC (Fortem), a small business of Vienna, Virginia, protests the exclusion of its proposal from the competition by the Department of the Air Force under request for proposals (RFP) No. FA8771-17-R-1000 for information technology (IT) services. Fortem argues that the agency unreasonably evaluated its proposal under the past performance factor.

We deny the protest.

DOCUMENT FOR PUBLIC RELEASE
The decision issued on the date below was subject to a GAO Protective Order. This redacted version has been approved for public release.

Decision

Matter of:  Fortem Solutions, LLC

File:  B-415716.39

Date:  December 17, 2019

Michael J. Gardner, Esq., Shomari B. Wade, Esq., and Danielle K. Muenzfeld, Esq., Greenberg Traurig LLP, for the protester.
Kevin P. Stiens, Esq., Alexis J. Bernstein, Esq., and Jonathan E. Carrol, Esq., Department of the Air Force, for the agency.
Evan C. Williams, Esq., and Amy B. Pereira, Esq., Office of the General Counsel, GAO, participated in the preparation of the decision.

DIGEST

Protest challenging the agency’s evaluation of protester’s proposal under the past performance evaluation factor is denied where the record shows that the evaluation was reasonable and consistent with the solicitation. 

DECISION

Fortem Solutions, LLC (Fortem), a small business of Vienna, Virginia, protests the exclusion of its proposal from the competition by the Department of the Air Force under request for proposals (RFP) No. FA8771-17-R-1000 for information technology (IT) services.[1]  Fortem argues that the agency unreasonably evaluated its proposal under the past performance factor.

We deny the protest.

BACKGROUND

On September 28, 2017, the Air Force issued the Small Business Enterprise Application Solutions (SBEAS) RFP, as a set-aside for small businesses, pursuant to the procedures of Federal Acquisition Regulation (FAR) part 15.  AR, Tab 6, RFP at 162.[2]  The solicitation contemplated the award of 40 indefinite-delivery, indefinite-quantity (IDIQ) contracts with a 5-year base and 5-year option ordering period.[3]  Id. at 138‑139, 162.  The scope of the SBEAS RFP included a “comprehensive suite of IT services and IT solutions to support IT systems and software development in a variety of environments and infrastructures.”  Id. at 130.  Additional IT services in the solicitation included, but were not limited to, “documentation, operations, deployment, cybersecurity, configuration management, training, commercial off-the-shelf (COTS) product management and utilization, technology refresh, data and information services, information display services and business analysis for IT programs.”  Id. 

Proposals were to be evaluated based on two factors, technical experience and past performance.  Id. at 164.  As relevant to this protest, the past performance factor was comprised of the following three subfactors in descending order of importance:  life‑cycle software services, cybersecurity, and IT business analysis.  Id.  Award was to be made on a past performance tradeoff basis among technically acceptable offerors, using the three past performance subfactors.[4]  Id. at 162. 

Section L of the solicitation instructed offerors that “[t]he proposal shall be clear, specific, and shall include sufficient detail for effective evaluation and for substantiating the validity of stated claims.”  Id. at 142.  Offerors were instructed to not simply rephrase or restate requirements, but to “provide [a] convincing rationale [addressing] how the [o]fferor’s proposal meets these requirements.”  Id.  The RFP also instructed offerors to assume that the agency has no knowledge of the offeror’s facilities and experience, and would “base its evaluation on the information presented in the [o]fferor’s proposal.”  Id. 

The past performance volume was to include the cross‑reference matrix,[5] past performance narratives (PPNs) for each of up to six contract references, and contractor performance assessment reports (CPARs) or past performance questionnaires.  Id. at 155-156.  The past performance narratives were to describe how the offeror’s past performance supported the three past performance subfactors.  Id. at 156-158. 

Section M of the solicitation established a tiered evaluation process.  Id. at 163-164.  The first step of the evaluation was a Capability Maturity Model Integration (CMMI) appraisal, which required offerors to be certified at level 2 in CMMI.[6]  Id.  If an offeror passed the CMMI appraisal as level 2 certified, the agency would then evaluate an offeror’s technical experience using the self‑scoring worksheet and TNs provided by the offeror.  Id. at 164.  The solicitation provided that technical experience would receive an adjectival rating of acceptable or unacceptable.  Id. at 164-165. 

In the event that technical experience was evaluated as acceptable, the agency would then evaluate the offeror’s past performance.  Id. at 164.  The agency would review the past performance volume and evaluate each offeror’s past performance references for recency, relevancy, and quality.  Id. at 172.  The agency would first review the past performance references for recency.[7]  Next, the agency would use the PPNs to evaluate relevancy.  Id.  Each past performance subfactor would receive a relevancy rating of very relevant, relevant, somewhat relevant or not relevant depending on whether the offeror demonstrated past performance regarding certain Statement of Objectives (SOO) sections identified for each past performance subfactor.  Id. at 176. 

The agency would then assess “all past performance information collected” and assign a performance quality rating of acceptable or unacceptable for each subfactor.  Id. at 173.  The solicitation provided that in making this quality assessment the agency would review the PPQs and/or CPARs it received, “as well as other relevant CPARs available to the Government.”  Id.  

These ratings would then be rolled up into a performance confidence assessment rating for each subfactor of substantial confidence, satisfactory confidence, neutral confidence, limited confidence, or no confidence.  Id. at 177.  The RFP provided that each offeror must receive a confidence rating of “[s]atisfactory or higher” for each past performance subfactor in order to be eligible for award.[8]  Id. at 164.  The solicitation stated that to receive a satisfactory confidence rating at the subfactor level, an offeror’s past performance must be recent, relevant and of acceptable quality.  Id. at 178.

Fortem timely submitted its proposal in response to the solicitation.  On August 2, 2019, the agency notified Fortem that, while it received an acceptable rating under the technical experience factor, it was not eligible for award based on the agency’s evaluation of its past performance.  AR, Tab 10, Fortem Notice of Removal from Competition, at 2.  Under the past performance factor, Fortem’s proposal received a rating of limited confidence under each of the three subfactors:  life-cycle software services; cybersecurity; and information technology business analysis.  Id. at 2.  In accordance with the solicitation, the limited confidence ratings rendered Fortem’s proposal ineligible for award.  Id.; RFP at 164.   

On August 23, following its debriefing, Fortem filed an agency-level protest alleging the agency failed to reasonably evaluate its proposal under all three past performance subfactors.  AR, Tab 13, Fortem Agency-Level Protest.  On August 30, the agency denied Fortem’s agency-level protest.  On September 9, Fortem filed this protest with our Office.

DISCUSSION

Fortem challenges the agency’s exclusion of its proposal from the competition, arguing that the agency failed to properly evaluate its proposal under the past performance factor.  In this regard, Fortem contends that the agency ignored portions of its proposal that established the past performance required by the RFP under all three of the past performance subfactors.  Although we do not address each of the protester’s arguments, we have considered them and find that none provides a basis to sustain the protest.[9] 

While Fortem protests the agency’s evaluation of its proposal under all three of the past performance subfactors, the RFP provided that a rating below satisfactory in any one of the past performance subfactors would render an offeror’s proposal ineligible for award.  RFP at 164.  Therefore, for the reasons discussed below, we need only address the agency’s evaluation of Fortem’s proposal with regard to the IT business analysis subfactor.

IT Business Analysis Subfactor

The IT business analysis subfactor instructed offerors to describe their past performance in two areas:  IT business analysis and functional business area expertise; and service desk, field and technical support (SOO section 3.2.3).  Id. at 159.  In the area of service desk, field and technical support, the agency would evaluate an offeror’s past performance in “[s]ervice desk, field and technical support to include access management, event management, incident management, problem management, and request fulfillment.” [10]  Id. at 175. 

In order to receive a rating of “very relevant” under this subfactor, offerors were required to demonstrate past performance in at least two functional business areas of expertise and SOO section 3.2.3.  Id. at 176.  To receive a rating of “relevant,” offerors were required to demonstrate past performance with one functional business area of expertise and SOO section 3.2.3.  Id.  To receive a rating of “somewhat relevant,” offerors were required to demonstrate past performance in one functional business area of expertise, or SOO section 3.2.3.  Id.  Finally, a rating of “not relevant” was for offerors that failed to demonstrate past performance in at least one functional business area of expertise or SOO section 3.2.3.  Id.

The agency evaluated the past performance narratives provided in Fortem’s proposal as responding to this subfactor.  First, the agency concluded that Fortem’s proposal demonstrated past performance providing IT business analysis, and functional business area expertise in one area.  AR, Tab 9, Agency Evaluation of Fortem’s Proposal, at 51.  Second, the agency found that while Fortem’s proposal demonstrated past performance related to incident management, its proposal failed to demonstrate past performance in the following elements:  access management, event management, problem management, and request management.  Id. at 52.  Based upon these findings, the agency assigned Fortem’s proposal a relevancy rating of somewhat relevant, and a performance confidence assessment rating of limited confidence.  Id. at 55-56.

Our Office will examine an agency’s evaluation of an offeror’s past performance only to ensure that it was reasonable and consistent with the stated evaluation criteria and applicable statutes and regulations.  Kiewit Infrastructure West Co., B-415421, B‑415421.2, Dec. 28, 2017, 2018 CPD ¶ 55 at 8.  A protester’s disagreement with a procuring agency’s judgment, without more, is insufficient to establish that the agency acted unreasonably.  WingGate Travel, Inc., B-412921, July 1, 2016, 2016 CPD ¶ 179 at 4-5.  Moreover, it is an offeror’s responsibility to submit an adequately written proposal; this includes adequate information relating to the offeror’s past performance.  Wolf Creek Federal Servs., Inc., B-409187 et al., Feb. 6, 2014, 2014 CPD ¶ 61 at 8.  An offeror failing to submit an adequately written proposal runs the risk that its proposal will be evaluated unfavorably.  Id.

Access Management

The RFP defined access management as follows:

The process of granting authorized users the right to use a service while preventing access to non-authorized users. The process provides the ability to control and track who has access to data and services (who may be another system, service, or process, as well as an individual).  It contributes to achieving the appropriate confidentiality, availability, and integrity of the command's data and includes levels of access to the service catalog for requesting services, access to data, and access to facilities.

RFP at 215.

Fortem challenges the agency’s determination that its proposal did not demonstrate access management with respect to the service desk, field and technical support (SOO section 3.2.3) requirement.  Protest at 32-34; Comments at 8-10.  Specifically, Fortem contends that its proposal demonstrated access management in past performance narrative 1 (PPN 1).[11]  Protest at 33-34.  According to the protester, PPN 1 involved granting authorized users the right to use a service while preventing access to non‑authorized users, demonstrating access management as required by the RFP.  Id.  Additionally, Fortem claims that its past performance creating accounts related to CIRCUITS demonstrated another example of performing access management.  Id.at 33-34.

In response, the agency maintains that it reasonably evaluated Fortem’s proposal with respect to access management because the proposal did not adequately demonstrate past performance with a process of granting authorized users the right to use a service while preventing access to non-authorized users.  COS at 53-54.  For this reason, the agency argues that Fortem’s contentions amount to mere disagreement with the agency’s evaluation.  MOL at 19-21. 

We find no basis to question the agency’s evaluation of Fortem’s proposal under the access management element of the service desk, field and technical support requirement.  As stated above, to demonstrate past performance providing access management, offerors were to demonstrate “[t]he process of granting authorized users the right to use a service while preventing access to non-authorized users.”  RFP at 215.  Further, the solicitation clearly instructed offerors that proposals “shall be clear, specific, and shall include sufficient detail for effective evaluation and for substantiating the validity of stated claims.”  Id. at 142. 

Here, the agency found that while the proposal asserts that it supported “access requests,” it does not demonstrate the offeror’s past performance with an access management process.  AR, Tab 9, Agency Evaluation of Fortem’s Proposal, at 52.  As the agency points out, Fortem’s proposal only generally mentions that a process was used, but the proposal does not provide any description of the process itself.  COS at 53-54 citing AR, Tab 7, Fortem Proposal, Vol. III, Past Performance, at 14-15.  Additionally, in its filings with our Office, Fortem has failed to provide an explanation of how its proposal demonstrates the process it utilized when providing access management.  Rather, Fortem references certain page numbers from its proposal, and asserts that the required past performance has been demonstrated.  Protest at 33-34; Comments at 8‑10.  Thus, we find no basis to question the agency’s finding that Fortem failed to provide the information required in sufficient detail so that the agency could determine that it had past performance providing access management, as the term is defined in the solicitation. 

In addition, we reject Fortem’s argument that PPN 1’s reference to account creation demonstrated past performance providing access management.  While it may be possible that providing account creation could qualify as an example of providing access management, the protester provides no basis to question the agency’s finding that Fortem’s proposal failed to adequately describe a process of granting users the right to use the service while preventing access to non-authorized users.  In this regard, even though Fortem’s proposal states that the support in PPN 1 included account creation, the proposal does not discuss the process or processes used to perform account creation. [12]  See AR, Tab 7, Fortem Proposal, Vol. III, Past Performance, at 14.  Therefore, we find Fortem’s arguments amount to disagreement with the agency’s evaluation, which, without more, is insufficient to establish that the agency’s evaluation under access management was unreasonable.  OSC-NDF, LLC, B-415716.21, Apr. 10, 2019, 2019 CPD ¶ 235 at 8. 

Because we find reasonable the agency’s conclusion that the protester failed to demonstrate past performance providing access management, we need not address the protester’s arguments with regard to the other elements of the service desk, field and technical support requirement, or Fortem’s allegations regarding the IT business analysis and functional business area expertise requirement.  That is, even if the protester were to prevail on its challenges to the agency’s evaluation regarding event management, problem management, and request management, and its allegation that it should have been found to have demonstrated IT business analysis and functional business area expertise in more than one area, the protester could not receive a rating of relevant under this sub-factor.  RFP at 176 (“To receive a rating of ‘relevant,’ offerors were required to demonstrate past performance in SOO Section 3.2.3 and one Functional Business Area of Expertise.”).  Further, as stated above, the solicitation required an offeror to receive a relevant rating in order to receive a satisfactory confidence rating under this sub-factor.  Id. at 178.  Accordingly, this protest ground is denied. 

Fortem also challenges the reasonableness of the agency’s evaluation of its past performance under the life-cycle and cybersecurity subfactors of the past performance factor.  As stated above, the RFP provided that a rating below satisfactory in any one of the past performance subfactors would render an offeror’s proposal ineligible for award.  Id. at 164.  Thus, given our conclusion that the agency reasonably evaluated Fortem’s proposal under the IT business analysis subfactor as providing limited confidence, and given that a performance confidence assessment rating lower than satisfactory confidence in any subfactor rendered the proposal ineligible for award, we need not address Fortem’s allegations regarding the life-cycle software services or cybersecurity subfactors.

The protest is denied.

Thomas H. Armstrong
General Counsel

 

[1] Fortem is a joint venture between VSolvit, LLC, and OST, Inc. (d/b/a Optimal Solutions and Technologies).  Agency Report (AR), Tab 7, Fortem Proposal, Vol. III, Past Performance, at 6.

[2] Citations to the RFP are to the conformed copy provided by the agency.  AR, Tab 6, RFP.

[3] The estimated value for the SBEAS contract is a maximum of $13.4 billion over the possible ten year ordering period of the contract.  Contracting Officer’s Statement (COS) at 3.

[4] The solicitation stated that pursuant to “10 U.S.C. § 2305(a)(3)(C), as amended by Section 825 of the National Defense Authorization Act (NDAA) for Fiscal Year 2017, the Government will not evaluate cost or price for the IDIQ contract.  Cost or price to the Government will be considered in conjunction with the issuance of a task or delivery order under any contract awarded hereunder.”  RFP at 162.

[5] The cross-reference matrix was required to demonstrate “traceability” between the contract references.  An offeror’s cross-reference matrix was required to show “which contract references [were] used to satisfy each technical element and past performance sub-factor.”  Id. at 146.

[6] CMMI is a process level improvement training and appraisal program that is administered by the CMMI Institute.

[7] The RFP defines recent contracts to be any contract that was ongoing or completed within three years of the date of the issuance of the present solicitation.  Id. at 147.

[8] According to the solicitation, a past performance confidence rating of neutral is considered lower than satisfactory.  RFP at 164.  We note that the agency’s treatment of neutral in the RFP differs from the definition of neutral contained in the FAR, which states that a neutral rating will not be considered either favorable or unfavorable.  See FAR § 15.305(2)(iv). 

[9] For example, the protester argues repeatedly that the agency was required to consider, or should have considered, its CPARs to validate the relevancy of its claimed past performance.  Protest at 11 n. 3, 12, 15 n. 5, 16 n. 6, 21 n. 8, 24 n. 9, 27 n. 10, 31 n. 11, 32, 37 n. 13; see 4 C.F.R. § 21.2 (a)(1).  We dismiss this protest ground as an untimely challenge to the terms of the solicitation, which stated that PPNs would be used to evaluate relevancy and that CPARs would be evaluated to “determine the overall quality of the [o]fferor’s [p]ast [p]erformance as it relates to each sub-factor.”  RFP at 173.  Thus, to the extent Fortem believed that the agency was required to use CPARs to validate an offeror’s claims of relevant past performance, it was required to protest this apparent conflict in the terms of the solicitation before the receipt of proposals.  See Segue Technologies, Inc., B-415716.18, Mar. 21, 2019, 2019 CPD ¶ 157 at 9.  We also dismiss Fortem’s allegations of unequal treatment of offerors because the protester has failed to set forth a detailed statement of the legal and factual grounds of its allegation.  Protest at 41-42; see 4 C.F.R. §§ 21.1 (c)(4) and (f).  Additionally, we dismiss Fortem’s allegations that the agency committed several errors when deciding to deny its agency-level protest where the challenges raised do not allege a violation of procurement statute or regulation that resulted in competitive prejudice.  Protest at 42‑44; see 4 C.F.R. § 21.5(f).

[10] In its protest, Fortem asserted that it was not required to address all five elements of access management, event management, incident management, problem management, and request fulfillment because the solicitation did not explicitly require offerors to do so.  Protest at 40.  In responding to an agency report, protesters are required to provide a substantive response to the arguments advanced by the agency. enrGies, Inc., B-408609.9, May 21, 2014, 2014 CPD ¶ 158 at 4.  Where an agency provides a detailed response to a protester’s argument and the protester fails to rebut or respond to the agency’s argument in its comments, the protester provides our Office with no basis to conclude that the agency’s position with respect to the issue in question is unreasonable.  IntegriGuard, LLC d/b/a HMS Federal--Protest and Recon., B‑407691.3, B-407691.4, Sept. 30, 2013, 2013 CPD ¶ 241 at 5.  Here, in response to the protest, the agency argued that the terms of the RFP clearly and unambiguously required offerors to demonstrate past performance in each of the five elements under the service desk, field and technical support area.  Memorandum of Law (MOL) at 20‑22.  The protester did not respond to the agency’s argument in its comments.  We therefore dismiss this aspect of Fortem’s protest as abandoned.  See 4 C.F.R. § 21.3(i)(3)

[11] PPN 1 described Fortem’s past performance providing full system life-cycle and program management support for the Naval Facilities Engineering Command in connection with more than 24 mission critical systems, to include work on the Comprehensive Utilities Information Tracking System (CIRCUITS).  AR, Tab 7, Fortem Proposal, Vol. III, Past Performance, at 7.

[12] Fortem also appears to argue that its use of the Information Technology Infrastructure Library (ITIL) demonstrated access management performance.  Protest at 33, 37; Comments at 8-10.  The protester describes the ITIL as “a set of detailed practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business.”  Protest at 33 n. 12.  Thus, according to the protester, its proposal’s reference to this industry standard sufficiently demonstrated the access management performance required by the RFP.  Protest at 33, 37; Comments at 8-10.  As noted above, the solicitation instructed offerors that proposals “shall be clear, specific, and shall include sufficient detail for effective evaluation and for substantiating the validity of stated claims.”  RFP at 142.  Here, neither Fortem’s proposal nor its filings with our Office provide sufficient information explaining how its use of the ITIL demonstrated a process of granting users the right to use the service while preventing access to non‑authorized users.  As a result, Fortem’s general reliance on its claimed compliance with an industry standard provides no basis to sustain this aspect of the protest.