NikSoft Systems Corporation

Decision

Matter of:  NikSoft Systems Corporation

File:  B-415716.28; B-415716.33

Date:  July 12, 2019

DIGEST

Protest challenging agency’s evaluation of protester’s proposal under the technical experience evaluation factor is denied where the record shows that the evaluation was reasonable and consistent with the solicitation.

NikSoft Systems Corporation (NikSoft), a small business of Reston, Virginia, protests the exclusion of its proposal from the competition by the Department of the Air Force under request for proposals (RFP) No. FA8771-17-R-1000 for information technology (IT) services.  NikSoft argues that the agency unreasonably evaluated its proposal under the technical experience factor.

We deny the protest.

BACKGROUND

On September 28, 2017, the Air Force issued the Small Business Enterprise Application Solutions (SBEAS) RFP, which was set aside for small businesses, pursuant to the procedures of Federal Acquisition Regulation (FAR) part 15.  Agency Report (AR), Tab 4, RFP at 162.[1]  The solicitation contemplated the award of 40 indefinite-delivery, indefinite-quantity (IDIQ) contracts with a 5-year base and 5-year option ordering period.  Id. at 138-139, 162.  The scope of the SBEAS RFP included a “comprehensive suite of IT services and IT solutions to support IT systems and software development in a variety of environments and infrastructures.”  Id. at 130.  Additional IT services in the solicitation included, but were not limited to, “documentation, operations, deployment, cybersecurity, configuration management, training, commercial off-the-shelf (COTS) product management and utilization, technology refresh, data and information services, information display services and business analysis for IT programs.”  Id. 

Proposals were to be evaluated based on two factors, technical experience and past performance.[2]  Id. at 164.  The technical experience factor was comprised of ten technical elements and various sub-elements (each with a designated point value), and one non‑technical experience element.[3]  Id. at 165-171.  The past performance factor was comprised of the following three subfactors in descending order of importance:  life‑cycle software services, cybersecurity, and information technology business analysis.  Id. at 164.  Award was to be made on a past performance tradeoff basis among technically acceptable offerors, using the three past performance subfactors.  Id. at 162. 

Section L of the solicitation instructed offerors that “[t]he proposal shall be clear, specific, and shall include sufficient detail for effective evaluation and for substantiating the validity of stated claims.”  Id. at 142.  Offerors were instructed to not simply rephrase or restate requirements, but to “provide [a] convincing rationale [addressing] how the [o]fferor’s proposal meets these requirements.”  Id.  The RFP also instructed offerors to assume that the agency has no knowledge of the offeror’s facilities and experience, and would “base its evaluation on the information presented in the [o]fferor’s proposal.”  Id. 

The solicitation provided that offerors should submit their proposals in four volumes:  capability maturity model integration (CMMI) documentation, technical experience, past performance, and contract documentation.  Id. at 145.  As relevant to this protest, the technical volume was to contain a table of contents, a cross-reference matrix,[4] a glossary of terms, a self-scoring worksheet, and technical narratives (TNs).[5]  Id. at 149.  The RFP instructed offerors to describe, in their TNs, experience that supports the technical element points claimed in the self-scoring worksheet.  Id.

The solicitation stated that the agency intended to evaluate proposals and make awards without discussions to the offerors deemed responsible, and whose proposals conformed to the solicitation’s requirements and were judged, based on the evaluation factors, to represent the best value to the government.[6]  Id. at 162-163. 

Section M of the solicitation established a tiered evaluation process.  Id. at 163-164.  The first step of the evaluation was a CMMI appraisal, which required offerors to be certified at level 2 in CMMI.[7]  Id.  If an offeror passed the CMMI appraisal as level 2 certified, the agency would then evaluate an offeror’s technical experience using the self‑scoring worksheet and TNs provided by the offeror.  Id. at 164.  The solicitation provided that technical experience would receive an adjectival rating of acceptable or unacceptable.  Id. at 164-165.  A proposal would be considered acceptable when it attained 4,200 points per the self-scoring worksheet, and was “verified per the technical narratives.”  Id. at 165. 

In the event that technical experience was evaluated as acceptable, the agency would then evaluate the offeror’s past performance.  Id. at 164.  The agency would review the accompanying past performance narratives and evaluate each offeror’s past performance references for recency, relevancy, and quality.  Id. at 172.

NikSoft timely submitted its proposal in response to the solicitation.  On March 22, 2019, the agency notified NikSoft that its proposal was considered unacceptable under the technical experience factor and had been eliminated from further consideration because its proposal, having only received 3,600 points, did not receive the minimum required 4,200 points under the technical experience factor.  AR, Tab 9, NikSoft Notice of Removal from Competition, at 1.  On April 5, following its debriefing, NikSoft filed this protest with our Office.[8]

DISCUSSION

NikSoft challenges the agency’s exclusion of its proposal from the competition, asserting that the agency failed to properly evaluate its proposal under the technical experience factor.  The protester argues that the agency unreasonably deducted points under 12 sub-elements under six separate elements.[9] 

Our Office will examine an agency’s evaluation of an offeror’s technical experience only to ensure that it was reasonable and consistent with the stated evaluation criteria and applicable statutes and regulations.  See Shumaker Trucking & Excavating Contractors, Inc., B-290732, Sept. 25, 2002, 2002 CPD ¶ 169 at 3.  A protester’s disagreement with a procuring agency’s judgment, without more, is insufficient to establish that the agency acted unreasonably.  WingGate Travel, Inc., B-412921, July 1, 2016, 2016 CPD ¶ 179 at 4-5.  In addition, it is an offeror’s responsibility to submit an adequately written proposal with adequately detailed information which clearly demonstrates compliance with the solicitation requirements and allows a meaningful review by the procuring agency.  See International Med. Corps, B-403688, Dec. 6, 2010, 2010 CPD ¶ 292 at 8.  An offeror’s technical evaluation is dependent on the information furnished, and an offeror that fails to submit an adequately written proposal runs the risk of having its proposal downgraded.  LOGMET, B-400535, Oct. 30, 2008, 2008 CPD ¶ 199 at 3.

Because the solicitation provided that an offeror must score a minimum of 4,200 points to be rated technically acceptable, for the reasons discussed below, we need only address NikSoft’s challenges to the agency’s evaluation with regard to the elements and sub-elements discussed below.[10]

Life-Cycle Software Services Element

The life-cycle software services element was comprised of five sub-elements: developing/implementation; re-engineering; data or system migration; modernization; and COTS/GOTS/FOSS enterprise resource planning software systems.  RFP at 165‑166.  NikSoft challenges the agency’s evaluation of its proposal under the modernization sub‑element of this element.  Protest at 7-10; Comments at 2-4.  In this regard, NikSoft contends that the agency’s evaluation unreasonably ignored portions of NikSoft’s proposal that established the required experience.  Id.

To receive 300 points under the modernization sub-element (i.e., 1d), offerors were required to demonstrate experience modernizing a legacy information system during its life-cycle to include the conversion and code rewriting of a legacy system, software libraries and protocols to a modern programming language and porting the new information system to a new hardware platform.  RFP at 166, 185.  Further, the RFP advised that the agency would “not accept points claimed by the offeror if the experience does not identify the modernization of the [information system] and the hardware.”  Id. at 166. 

The agency’s evaluation concluded that NikSoft’s proposal did not demonstrate experience modernizing a legacy information system.  AR, Tab 8, NikSoft Technical Evaluation, at 6.  NikSoft contends that the agency improperly ignored relevant portions of its proposal that provided all of the information required under this sub-element.  In support of this assertion, NikSoft cited to sections of TNs 1, 2, and 3 of its proposal.  Protest at 9.  In response, the agency contends that the agency reasonably awarded NikSoft’s proposal no points under this sub-element because the proposal inadequately addressed the solicitation’s requirements.  COS/MOL at 11.  Based upon our review of the record, we find reasonable the agency’s determination that the protester failed to demonstrate experience in modernizing an information system.

The agency reviewed the TNs cited in NikSoft’s proposal and found that NikSoft’s proposal failed to meet the minimum requirement to identify the new hardware platform to which it ported[11] the new information system.  AR, Tab 8, NikSoft Technical Evaluation, at 6.  NikSoft’s protest alleged that it explicitly addressed this requirement in TN 3, wherein it discussed migrating applications onto numerous applications servers.  Protest at 9 citing AR, Tab 5, NikSoft Proposal, Vol. II, Technical Experience, at 26-27.[12]  In response to the protest, the agency asserted that TN 3--which was not cited in its proposal as demonstrating experience under this sub-element--failed to describe any actions related to porting a new information system to a new hardware platform, as required by the solicitation.  COS/MOL at 19-20.  The protester’s comments, however, do not respond to the agency’s argument regarding NikSoft’s failure to demonstrate porting to a new hardware platform.  Compare Protest at 9 with Comments at 2-4.  In fact, the protester’s comments contain no discussion of TN 3 with respect to this sub‑element.  Comments at 2-4.  As a result, we view NikSoft’s arguments with respect to porting a new information system and identifying a hardware platform under this sub‑element to be abandoned.  enrGies, Inc., supra.

As stated above, the RFP warned offerors that the agency would “not accept points claimed by the offeror if the experience does not identify the modernization of the [information system] and the hardware.”  RFP at 166.  While NikSoft advances other challenges to the agency’s evaluation under this sub-element, because we find the protester to have abandoned its arguments in response to the agency’s determination that the protester failed to identify the new hardware platform to which the information system was ported, we need not address the protester’s other arguments with regard to this sub-element.  Even if the protester were to prevail on its challenges to the agency’s evaluation regarding modernization, the protester could not receive the points available under this sub-element.  Accordingly, this protest ground is denied.

Vulnerabilities and Threats Sub-element of Cybersecurity Element

NikSoft next challenges the agency’s evaluation of its proposal under the vulnerabilities and threats sub-element (i.e., 2a) of the cybersecurity element.  Protest at 5.  In order to receive the 300 points available under this sub-element, the offeror was required to “describe its knowledge and experience in providing services to assess software application vulnerabilities and threats using the Risk Management Framework (RMF).”  RFP at 151, 186.  The solicitation provided that the agency would evaluate offerors’ “demonstrated knowledge and experience” with the requirements stated above.  Id. at 167.  As relevant here, regarding the definition of terms in the technical element criteria, the solicitation stated the following:

Offerors shall utilize the Definition of Terms provided in Section J, Attachment 7 of this solicitation, the Risk Management Framework (RMF) and DoD [Department of Defense] Information Assurance Certification and Accreditation Process (DIACAP) standards to help form a better understanding of the Government’s use and definition of specific technical terms.

RFP at 150. 

The protester challenges the agency’s evaluation, arguing that the agency unreasonably ignored portions of its proposal that addressed the solicitation’s requirements.  Protest at 10-13.  NikSoft further contends that the agency’s evaluation was unreasonable because the RFP did not require offerors to provide specific details regarding their experience performing the RMF process.  Comments at 4-5.  The agency responds that NikSoft’s proposal failed to demonstrate experience providing services to assess software application vulnerabilities and threats, as required by the solicitation.  AR, Tab 8, NikSoft Technical Evaluation, at 8.  Specifically, the agency maintains that NikSoft’s proposal did not demonstrate the required experience assessing software application vulnerabilities and threats using the RMF, which the solicitation defined as including the following steps:

The six-step RMF includes security categorization, security control selection, security control implementation, security control assessment, information system authorization, and security control monitoring. 

COS/MOL at 21-22 citing RFP at 221.  In this regard, the agency states that NikSoft’s proposal did not discuss in any detail its experience going through the process of utilizing the RMF.  Id. at 23.  According to the agency, NikSoft’s proposal merely contained conclusory assertions that it ensures continuous assessment and monitoring of software vulnerabilities and threats, but did not satisfy the RFP’s requirement that offerors “include sufficient detail for effective evaluation and for substantiating the validity of its stated claims.”  Id. at 23 citing RFP at 142. 

NikSoft’s proposal listed TN 3 as demonstrating experience under this sub-element.  The agency’s evaluation of TN 3 found that while NikSoft’s proposal described its knowledge of the RMF and experience providing RMF guidance, oversight and strategies, the proposal did not demonstrate NikSoft’s experience assessing software applications for vulnerabilities and threats using the RMF.  AR, Tab 8, NikSoft Technical Evaluation, at 8.  The protester challenges this finding, arguing that TN 3 clearly demonstrates the required experience.  In this regard, the protester emphasizes that TN 3 described its performance ensuring applications followed standards, such as NIST [National Institute of Standards and Technology] Special Publication 800-53.  Protest at 11-12.  Thus, the protester contends that its proposal’s reference to the continuous monitoring strategy contained in this publication sufficiently demonstrated the required experience. 

As noted above, the RFP instructed offerors that proposals “shall be clear, specific, and shall include sufficient detail for effective evaluation and for substantiating the validity of stated claims.”  RFP at 142.  While we acknowledge that TN 3 of NikSoft’s proposal identifies, by reference, standards that it claims it ensured were met, we find reasonable the agency’s determination that NikSoft’s proposal does not provide sufficient information demonstrating its experience actually assessing software application vulnerabilities and threats using the RMF.  Offerors are responsible for submitting well‑written proposals with adequately-detailed information that allows for a meaningful review by the procuring agency.  Microwave Monolistics, Inc., B-413088, Aug. 11, 2016, 2016 CPD ¶ 220 at 6.  Here, rather than explaining how the information included in its proposal demonstrated the required experience, NikSoft now seeks to rely on outside documents referenced in its proposal as a substitute for a well-written proposal.  Consequently, we find that the agency reasonably determined that TN 3 failed to demonstrate the required experience under this sub-element.  See Decypher Technologies, Ltd., B-415716.15, Jan. 9, 2019, 2019 CPD ¶ 90 at 6. 

In its protest, NikSoft also argues that TN 2 of its proposal adequately explained its experience assessing software vulnerabilities and threats.  Protest at 12-13.  In this regard, TN 2 stated, in pertinent part:

We provide support for the IT system security analysis and current operational procedures to determine compliance gaps; monitors and reports on POAM (Plan of Action and Milestones) and CAP (Corrective Action Plan) resolution status; collect information requested by internal and external auditors; assist in developing narrative to support security documentation; and monitor operational procedure compliance through collection of evidentiary documentation. To support the Threat Analysis and Vulnerability Assessment for cargo processing and ACE [Automated Commercial Environment], we apply analytical techniques to the collection, summary and analysis of information concerning enterprise, program and project issues and applying those skills to developing draft plans and recommendations to enhance project-level security programs for management evaluation.

AR, Tab 5, NikSoft Proposal, Vol. II, Technical Experience, at 22.  According to NikSoft, this information demonstrated its experience assessing software vulnerabilities and threats.  Protest at 12-13.  In response to this protest, the agency first contends that NikSoft is attempting to rewrite its proposal by citing to a section of its proposal that was only listed as being relevant to a different sub-element, and therefore was not evaluated under this sub-element.  COS/MOL at 24.  The agency further argues that even if it had evaluated this section of NikSoft’s proposal under the vulnerabilities and threats sub‑element, it would have found that the proposal did not demonstrate the experience the protester claims.  Id.  In this regard, the agency asserts that while NikSoft’s proposal demonstrated experience performing tasks related to oversight and documentation compliance, these activities did not demonstrate experience with the six-step RMF process for assessing vulnerabilities and threats.  Id. citing RFP at 221. 

We need not determine whether the agency was required to evaluate TN 2 under this sub-element because even assuming the agency was required to evaluate TN 2, NikSoft cannot demonstrate that it was competitively prejudiced by the agency’s evaluation.  Competitive prejudice is an essential element of a viable protest; where a protester fails to demonstrate that, but for the agency’s actions, it would have had a substantial chance of receiving the award, these is no basis for finding prejudice, and our Office will not sustain the protest, even if deficiencies in the procurement are found.  DynCorp Int’l LLC, B-411465, B-411465.2, Aug. 4, 2015, 2015 CPD ¶ 228 at 12-14.

Here, as stated above, the agency asserts that had it evaluated this section of NikSoft’s proposal, it did not demonstrate experience assessing software application vulnerabilities and threats.  COS/MOL at 24.  Based upon our review of the record, we agree with the agency that although TN 2 of NikSoft’s proposal contains general assertions that it performed threat analysis and vulnerability assessment, the proposal failed to specifically address NikSoft’s experience using the RMF process.  Additionally, we reject the protester’s argument that proposals were not required to address the RMF process.  As stated above, the solicitation instructed offerors to use the RFP’s definition of terms in the context of their technical proposals.  RFP at 150.  Further, the solicitation stated that the agency’s evaluation under this sub-element would consider an offeror’s knowledge and experience assessing vulnerabilities and threats “using the [RMF].”  RFP at 167.  As a result, we find no basis to sustain this protest ground.

Risk Management Sub-element of Cybersecurity Element

Under the cybersecurity element, NikSoft also challenges the agency’s evaluation of its proposal under the risk management sub-element (i.e., 3a) of the cybersecurity element.  Protest at 13-15.  In order to receive the 500 points available under this sub‑element the offeror was required to:

[D]escribe its knowledge and experience in incorporating risk management principles and information security requirements to prevent the loss of data Confidentiality, Integrity, and Availability using the following three (3) preventative technical controls; Authentication, Authorization, and Accountability (Nonrepudiation).

RFP at 151, 186.  The solicitation provided that the agency would evaluate offerors’ “demonstrated knowledge and experience” with the requirements stated above and it would not accept points claimed by the offeror if the offeror did not address “all 3 risk management principles (Confidentiality, Integrity and Availability),” as well as “all 3 preventative technical controls (Authentication, Authorization and Accountability).”  Id. at 167.  The agency’s evaluation concluded that NikSoft’s proposal did not demonstrate experience incorporating all of the risk management principles and preventative technical controls to prevent the loss of data.  AR, Tab 8, NikSoft Technical Evaluation, at 9.

In its protest, NikSoft argues that the agency unreasonably determined that its proposal failed to meet the requirements of this sub-element.  In this regard, the protester contends that TN 3 of its proposal identified its experience incorporating confidentiality, integrity, availability, authentication, authorization and accountability, as the terms are defined in the solicitation.  Protest at 13-15.  In response, the agency maintains that it considered the full contents of NikSoft’s proposal, and reasonably determined that the proposal did not demonstrate its experience using the information security requirements to prevent the loss of data confidentiality, integrity and availability.  COS/MOL at 25-32. 

The agency evaluated TN 3, which discussed NikSoft’s performance on a contract in which it claimed to have acted as the “provider of independent security risk and mitigation planning, implementation, and assessment for 16 legacy [systems delivery division] applications migrating to the Capacity Services (CS) enterprise model as well as post-migration risk support.”  AR, Tab 5, NikSoft Proposal, Vol. II, Technical Experience, at 27.  In its evaluation, the agency explained that while NikSoft’s proposal provided extensive background material and details of its experience, it failed to demonstrate experience actually executing the preventive technical controls, which are required by the solicitation.  AR, Tab 8, NikSoft Technical Evaluation, at 9.  In response to this protest, the agency further explains that NikSoft’s proposal also failed to demonstrate its experience preventing the loss of data confidentiality, integrity, or availability.  COS/MOL at 33.

Despite the fact that NikSoft’s proposal discussed the risk management process that it used in TN 3, we find no basis to question the agency’s determination that the protester failed to adequately discuss its experience with respect to the terms identified in the solicitation.  First, we note that NikSoft’s proposal does not specifically address the preventative technical controls of authentication, authorization, and accountability.  In addition, other than a conclusory statement, NikSoft’s proposal does not substantively discuss how its risk management process prevented the loss of data, confidentiality, or availability.  See AR, Tab 5, NikSoft Proposal, Vol. II, Technical Experience, at 28 (“This process was used for risk management and to prevent the loss of data Confidentiality, Integrity, and Availability using; Authentication, Authorization, and Accountability (Nonrepudiation).”).  Moreover, NikSoft’s filings with our Office fail to establish that the agency improperly ignored relevant information in its proposal.  We therefore find reasonable the agency’s conclusion that NikSoft’s proposal failed to demonstrate the required experience under this sub-element.

IT Business Analysis Element

The IT business analysis element was comprised of the following four sub-elements: requirements analysis; testing, validation and verification; service desk/help desk; and functional business area expert.  RFP at 167-168.  In its protest, NikSoft challenges the agency’s evaluation of its proposal under the testing, validation and verification sub‑element (i.e.,3b) of this element.  In order to receive the 150 points available under this sub-element, offerors were required to demonstrate experience providing testing, validation and verification as a life-cycle software service in all areas defined below:

Obtaining, verifying, or providing data for any of the following: the performance, operational capability, and suitability of systems, subsystems, components, or equipment items; or vulnerability and lethality of systems, subsystems, components, or equipment items [Testing];

Evaluating a system or software component, in the development process to determine whether the item satisfies specified requirements [Validation];  and  

Confirming a system element meets design-to or build-to specifications  [Verification].

RFP at 167-168,186; COS/MOL at 39.  The RFP also advised offerors that the agency would not accept points claimed by the offeror if the offeror’s experience does not address all of the following:  testing, validation, and verification.  Id. at 168.  The agency found that NikSoft’s proposal demonstrated experience in testing, but failed to demonstrate experience providing validation and verification as a life-cycle software service.  AR, Tab 8, NikSoft Technical Evaluation, at 12.

NikSoft argues that its proposal demonstrated the required experience under this sub‑element, and that the agency improperly sought a description of all of the validation and verification steps completed.  Protest at 20-22.  In this regard, the protester contends that the agency ignored the following description of its performance in TN 2 of its proposal:

As described above, NikSoft used the [DELETED] process to manage the software testing.  As part of our testing support, we follow the [DELETED] procedures and policies and the [DELETED] process for Testing, Validation and Verification.  We developed test data for functional testing and created the test environment that replicated the production environment.  Our test cycles include [DELETED].  For each testing stage, the test results were documented and tracked to identify defects and resolve them.  We used automated testing as part of our continuous integration.

Id. at 21 quoting AR, Tab 5, NikSoft Proposal, Vol. II, Technical Experience, at 20.  The agency responds that NikSoft’s unsupported statement that it followed certain procedures, policies and processes for validation and verification was insufficient to warrant credit under this sub-element.  In support of its argument, the agency notes the “stark contrast” between the details provided by the protester with respect to testing, and the mere assertions made regarding validation and verification.  COS/MOL at 41. 

Based on our review of the record, we find reasonable the agency’s evaluation of NikSoft’s proposal under this sub-element.  The record demonstrates that the agency reasonably determined that the protester failed to demonstrate its experience providing validation and verification as a life-cycle software service, as required by the solicitation.  RFP at 167-168.  As the agency pointed out in its evaluation documents, NikSoft’s proposal included a detailed description of its experience conducting testing services.  See AR, Tab 8, NikSoft Technical Evaluation, at 12.  However, we agree with the agency that, in contrast, NikSoft’s proposal did not include a sufficient description of its experience performing validation or verification services.  In this regard, NikSoft’s proposal failed to demonstrate the experience required by the solicitation because it only included a general statement that it followed certain procedures, policies and processes for validation and verification.  See AR, Tab 5, NikSoft Proposal, Vol. II, Technical Experience, at 20.  Although NikSoft generally contests the agency’s evaluation, we find its arguments amount to disagreement with agency’s evaluation which, by itself, is not sufficient to establish that the evaluation was unreasonable.  Ben‑Mar Enters., Inc., B‑295781, Apr. 7, 2005, 2005 CPD ¶ 68 at 7.  Therefore, we deny this protest ground.

Platforms/Environments Element

NikSoft next challenges the agency’s evaluation of its proposal under the Defense Information Systems Agency (DISA) Enterprise Computing Center (DECC) or DoD Computing Facility sub-element (i.e., 6d) of the platform/environments element.  In order to receive the 200 points available under this sub-element, an offeror was required to demonstrate that it had “experience developing or modifying an existing [information system] to operate within a DISA DECC or DoD computing facility.”  RFP at 170, 188.  The agency found that NikSoft’s proposal failed to demonstrate the experience required under this sub-element.  AR, Tab 8, NikSoft Technical Evaluation, at 23.

In its protest, NikSoft alleges the agency unreasonably failed to assign it points under this sub-element.  Protest at 25.  Specifically, NikSoft contends that its proposal, in TN 3, explicitly discussed the creation of scripts and modifying an existing information system to operate within a DISA DECC or DoD facility.  Id.  The protester further argues, in its comments, that the agency’s evaluation acknowledged NikSoft’s experience in this regard, but nevertheless found its explanation insufficient because it did not include a “step-by-step” description of the work performed.  Comments at 8 citing AR, Tab 8, NikSoft Technical Evaluation, at 23.

In response, the agency contends that while TN 3 of NikSoft’s proposal generally described its experience providing an advisory and engineering role, it did “not provide any details about the actions performed by the offeror to actually develop or modify” the information system in question.  COS/MOL at 48.  In this regard, the agency argues that NikSoft’s proposal did not provide sufficient details for the agency to effectively evaluate or substantiate the offeror’s claimed experience.  Id.

Based on our review of the record, the agency reasonably evaluated NikSoft’s proposal under this sub-element because its proposal failed to include adequate detail regarding NikSoft’s actions performing development or modification of an information system to operate within a DISA DECC or DoD facility.  While NikSoft’s proposal states that it “provide[s] an understanding of the DISA DECC architectures” and “ensure[s] that all applications leverage the security improvements afforded by the DISA hosted infrastructure,” NikSoft’s proposal is devoid of discussion of how these actions demonstrated the development or modification of an information system.  AR, Tab 5, NikSoft Proposal, Vol. II, Technical Experience, at 29.  Even though the solicitation did not require offerors to provide “step-by-step” descriptions of their experience, offerors were responsible for providing proposals that were “clear, specific, and [ ] include[d] sufficient detail for effective evaluation and for substantiating the validity of [the] stated claims.”  RFP at 142.  Accordingly, we find that NikSoft’s argument that it provided adequate detail, amounts simply to disagreement with the evaluation and is insufficient to establish that the agency’s evaluation was unreasonable.  Ben-Mar Enters., Inc. supra.

Server Operating Systems Element

Finally, NikSoft challenges the agency’s evaluation of its proposal under the server operating systems element (i.e., 9).  Protest at 26-29.  To receive the 300 points available under this element, an offeror was required to demonstrate experience providing life-cycle services to support the efficient operations of an information system for any of the following distribution servers:  Windows Server, Red Hat enterprise Linux, SUSE (Software and Systems Development), UBUNTU.  RFP at 171,188.  The RFP further advised that the agency would not accept points claimed if the offeror did not identify one of the distribution servers previously listed, with which they have experience.  Id. at 171.

The RFP defined life-cycle services as “[t]he scope of activities associated with a system, encompassing the system’s initiation, development, implementation, operation and maintenance, and ultimately its disposal that instigates another system initiation.”  Id. at 216.

The agency’s evaluation concluded that NikSoft’s proposal did not demonstrate experience providing services to support the efficient operations of an information system using one of the distribution servers identified in the solicitation.  AR, Tab 8, NikSoft Technical Evaluation, at 30.  In its protest, Niksoft challenges the agency’s evaluation under this element, arguing that the agency ignored information set forth in TN 3 of its proposal that demonstrated its experience with respect to the solicitation’s requirements.  Protest at 26-29; Comments at 9-10.  First, citing an excerpt from TN 3, NikSoft contends that its experience providing engineering expertise support consisting of numerous operating systems sufficiently addressed the solicitation’s requirements, and was improperly ignored.  Protest at 29.  Citing another section of TN 3, NikSoft argues the agency also disregarded its discussion of its work defining the applicable architecture, engineering plans, systems requirements documents, design documents, and implementing the applications through operating systems.  Id.  Thus, according to the protester, had the agency reasonably considered these two sections of TN 3, NikSoft would have been awarded points under this element.

In response, the agency contends that it reasonably considered the entire contents of TN 3 when it determined that NikSoft’s proposal failed to demonstrate the required experience.  COS/MOL at 54.  Specifically, the agency argues that neither section of NikSoft’s proposal identified in its protest demonstrates experience providing life-cycle services through the life cycle of an information system.  In this regard, the agency relies heavily on the solicitation’s definition of life-cycle services, and asserts that NikSoft’s proposal failed to provide clear and specific details regarding its experience performing “initiation, development, implementation, operation and maintenance, and disposal.”  Id. at 58 citing RFP at 216.

Based upon the record before us, we find reasonable the agency’s evaluation of NikSoft’s proposal under the server operating systems element.  As an initial matter, the record demonstrates that the agency considered TN 3 of NikSoft’s proposal as the agency’s technical evaluation itself quotes relevant excerpts from TN 3.  AR, Tab 8, NikSoft Technical Evaluation, at 30 quoting AR, Tab 5, NikSoft Proposal, Vol. II, Technical Experience, at 28-29.  The record also demonstrates that the agency reasonably determined that the protester failed to provide adequate details to demonstrate experience providing life-cycle services to support efficient operations of an information system.  In this regard, the agency noted NikSoft’s claimed experience providing engineering support with respect to applications being migrated through operating systems.  AR, Tab 8, NikSoft Technical Evaluation, at 30.  However, the agency concluded that NikSoft’s proposal lacked details explaining how its performance demonstrated experience providing life-cycle services, as the term is defined in the solicitation.  RFP at 216. 

In addition, the agency’s evaluation acknowledged that while NikSoft’s proposal stated it provided services related to the migration of 16 applications, the proposal did not explain how this migration effort related to providing services to support the efficient operations of an information system.  AR, Tab 8, NikSoft Technical Evaluation, at 30.  As noted above, offerors are responsible for submitting well-written proposals with adequately detailed information that allows for a meaningful review by the procuring agency.  Government Telecomms., Inc., B-299542.2, June 21, 2007, 2007 CPD ¶ 136 at 5.  In sum, based upon our review of the record, we find no basis to sustain this protest ground.[13]

Given our conclusions above, we need not address the protester’s other challenges to the agency’s evaluation because even if NikSoft were to prevail with regard to its remaining challenges, its proposal would remain technically unacceptable.  As stated above, a proposal was required to receive a score of at least 4,200 points to receive a technical score of acceptable, and NikSoft’s technical proposal received a score of 3,600 points.  Thus, even if our Office agreed with NikSoft regarding its other alleged evaluation errors, this would only afford NikSoft an additional 550 points, for a total technical score of 4,150, which is 50 points below the score necessary for a technically acceptable score.[14]

The protest is denied.

Thomas H. Armstrong
General Counsel

 

---