Notice Type: Special Notice
Posted Date: 20-FEB-14
Office Address: Office of Personnel Management; Boyers Contracting Group; 1137 Branchton Road Boyers PA 18018
Subject: OPM Data Center Hosting Expansion
Classification Code: D - Information technology services, including telecommunications services
Solicitation Number: OPM1514N0001
Contact: Leslie L. Henderson, Contract Specialist, Phone (724) 794-7172, Fax (724) 794-7199, Email email@example.com
Place of Performance (address): 1137 Branchton RoadBoyers, PA
Place of Performance (zipcode): 16018
Place of Performance Country: US
Description: Office of Personnel Management
Boyers Contracting Group
Boyers Contracting Group
NOTICE OF INTENT TO AWARD ON A SOLE-SOURCE BASIS: THIS IS NOT A SOLICITATION FOR PROPOSALS, AN INVITATION FOR BIDS, OR A REQUEST FOR QUOTATIONS. FURHTERMORE, IT DOES NOT REPRESENT A COMMITMENT BY THE GOVERNMENT TO PAY FOR COSTS INCURRED IN PREPARATION AND SUBMISSION OF DATA OR ANY OTHER COSTS INCURRED IN RESPONSE TO THIS ANNOUNCEMENT. Pursuant of FAR 6.302-1 the U.S. Office of Personnel Management (OPM) intends to award a sole-source order for data center hosting services in support of its operations located in Boyers Pennsylvania. Our market research indicates that Iron Mountain National Underground Storage, Incorporated is the only available responsible source able to satisfy OPM's needs. The North American Standard Industrial Classification System (NAICS) Code for this action is 518210 - Data Processing, Hosting, and Related Services and this procurement is unrestricted, allowing both large and small business. This is not a solicitation for offers, but rather a notice of the Agency's intent to make a sole-source award to Iron Mountain National Underground Storage Incorporated. There will be no solicitation issued or available. This notice is for information only and may represent the only official notice for this action. To participate in Federal procurement and some other programs, you must register your firm in the Federal government's System for Award Management (SAM). On July 29, 2012, SAM replaced the Central Contractor Registration (CCR) and the Online Representations and Certifications Application (ORCA), with which you may be familiar. Please visit www.sam.gov for more information and to register or update your registration which SAM carried over from CCR. If you require assistance with SAM, contact the Federal Service Desk or call 1-866-606-8220. You must register at least one NAICS code, but can include more, in your SAM profile. You may email questions regarding this notice to the issuing office at: Leslie.Henderson@opm.gov or fax to: 724.794.7199 Attention: Leslie Henderson.
BACKGROUND The United States Office of Personnel Management (OPM) has organizational components such as the Federal Investigative Service (FIS) and Retirement and Insurance Service (RIS) located in Boyers, Pennsylvania. These components are supported by the Office of the Chief Information Officer (CIO) which has identified a need for additional/expanded data center hosting services from the current level, presently fulfilled by Iron Mountain National Underground Storage Incorporated, to a Tier III+ class data center.
SPECIFICATIONS: Data Center Hosting (DCH) Services This statement of work details the requirements to improve OPM's Boyers, PA IT systems into a Tier III+ class data center. The vendor will provide IT white space, power, air conditioning, and network cross-connects to OPM's IT equipment. Network connectivity will be provided by OPM however the vendor will need to provide cross-connections from the onsite DMARC. OPM's IT Systems need to remain in their current Iron Mountain National Underground Storage Incorporated location, separate and physically isolated from other equipment located in the vendor's facility. While the requested hosting services will provide OPM the opportunity to migrate those systems to a more advanced, redundant, and recoverable location. OPM will maintain full control of the space required to host its equipment. PHYSICAL SECURITY DCH shall have the ability to maintain physical security policy standards as per required specifications of OPM, FISMA High Accredited NIST 800-53(a), and ISO 20000:2011 certification. DATA CENTER CHARACTERISTICS Tier III+ level of availability (as defined by the Uptime institute) for power and cooling, a fully redundant power grid system with feeds from a minimum of two power substations, back-up generator and fuel with fuel replenishment, power consumption and tracking as specified with additional power available going forward, redundant HVAC system, adequate floor space and white space free of IT equipment, compliance with Green Initiative such as Energy Star Efficiency/Certification and LEED and/or geothermal or comparable cooling solutions, power and air conditioning to meet Service Level Agreements (SLA) requirement with 99.999% uptime, capability to support OPM SCIF space compliant with ICD 705 requirements, documented procedures for; security, escalation, and disaster recovery, facility operating at a 1.3 or better PUE as defined by the Green Grid, ability to fully contain OPM IT equipment in a cold aisle containment system with aisle doors and a curtain containment system, overhead power bus such as Star line Bus or comparable solution, Single-Mode Fiber connectivity from its existing location to the new facility during the migration period, secure location to physically store and receive incoming OPM IT equipment with OPM controlled access. GEOGRAPHIC REQUIREMENTS DCH shall have the ability to provide these services in OPM's current Iron Mountain National Underground Storage Incorporated location and shall provide services to physically re-locate existing OPM IT equipment from its current location in Iron Mountain to the location of the requested services. CO-LOCATION SPACE REQUIREMENTS DCH shall provide Adequate IT White space to efficiently power and cool up to 200 42U 4-post IT Racks with a standard 25 square feet per rack, on-site cubical or office space with power and network connectivity for 1-2 permanent local OPM personnel, temperature and humidity monitoring and controls, method for prevention of overheating in event of utility power outage. TELECOMMUNICATIONS REQUIREMENTS DCH shall have access to multiple carriers (Level3, Sprint MPLS, and/or Verizon) for networking already established, the DMARC shall be secured within the facility with limited access security, a DMARC extension utilizing redundant dual path fiber optic cabling shall be proved, and industry standard state-of-the-art cable management design for connecting devices via fiber and copper Cat6 that will be used to interconnect OPM devices. MANAGEMENT REQUIREMENTS DCH shall provide 24/7 labor services for: weekly generator testing, quarterly preventative maintenance and reporting on all facility equipment, support of all facility power and cooling equipment, available facility maintenance and janitorial personnel. SECURITY REQUIREMENTS DCH must have undergone Federal Information Security Management Act (FISMA) review by an independent entity within the last 12 months without identification of significant deficiencies. If significant deficiencies were found, the plan for correcting them must be submitted/open to review to/by OPM and an exception must be put in place and signed by the OPM Security Officer. The DCH must have an independent FISMA audit performed annually to audit for compliance to NIST 800-53 security control compliance and certified at a minimum level of FISMA High and available for review by OPM or other Federal entities such as FedRamp. DCH providers shall comply with NIST controls as outlined in NIST publication 800-53 Rev3 as applicable. Compliance shall be documented within the facility Security Plan. Any weaknesses associated with compliance shall be managed and remediated within a Plan of Action and Milestone list. All DCHs contractually commit to using labor, hardware, software, and telecommunications services that are within the Continental U.S. The DCH shall document how the controls related to physical access are applied, who will be responsible for their application (OPM or DCH), and how an ongoing interaction will work so that the derived configuration remains transparent and change in the risk profile can be assessed. All OPM related DCH data, logs and related information must be stored and contained within the boundaries of a private, government approved space. This also mandates that all data, logs and related information be stored and contained within systems and storage devices located in the Continental U.S. The DCH shall comply with the OPM requirements for the protection of Personally Identifiable Information (PII) in accordance with the Privacy Act of 1974 and Office of Management and Budget (OMB) PII requirements identified since then through Executive Orders and OMB bulletins. Specifically, PII information provided by the U.S. Government or other U.S. Government subcontractors for use in the execution of work under this contract must be protected in accordance with the Department of Energy Privacy Program (OPM Order 206.1), the Physical Security Manual, the Information Security Manual and Cyber Security Manuals. DCH must require the use of HSPD-12 compliant identification cards to manage physical access of authorized personnel to OPM TICAP facilities. DISASTER RECOVERY REQUIREMENTS DCH shall provide a documented and tested contingency plan. The contingency plan will be tested, verified, and demonstrated annually. The contingency plan must also be approved and acceptable to OPM to recover infrastructure supporting OPM. The facility shall have redundant fire suppression systems. SERVICE LEVEL REQUIREMENTS The DCH provider shall guarantee a measured level of service as represented through established SLAs. The DCH shall propose penalties associated with missed SLAs targets. Provider SLAs must at a minimum incorporate the following target areas and is desired to be at a 99.999% for Data Center and Infrastructure uptime as defined by the Uptime Institute; Power Delivery performance, Air Conditioning performance, Physical access to the site (controlled by OPM), DMARC extensions within 3 business days of request, single DCH POC acknowledging any request within 1 hour, loading dock access, SLA Performance and Service Availability, outage management, monthly measurement and billing of defined uptime of the total external availability, communication protocols and tiered response times for service outages, technical issues, and security issues, additional SLAs may or may not be proposed by OPM annually. The DCH shall report any security incidents to the OPM Situation Room within 15 minutes of suspected detection (See Standard procurement clause) REPORTING REQUIREMENTS The DCH shall provide quarterly maintenance reports for all supporting facility equipment, monthly reports detailing: monthly costs and energy usage, and compliance to the SLAs, and real time report of security incidents DCH will provide all security documentation related to FISMA auditing and COOP testing, to be made available upon request and within 4 business days.