VA118-13-I-0341-000
advertisement
FedBizOpps Sources Sought Notice CLASSIFICATION CODE * D Local Exchange Carrier (LEC) Services for Region 1 SUBJECT * GENERAL INFORMATION CONTRACTING OFFICE'S ZIP-CODE * SOLICITATION NUMBER * 07724 VA118-13-I-0341 RESPONSE DATE (MM-DD-YYYY) 06-10-2013 ARCHIVE 60 RECOVERY ACT FUNDS N DAYS AFTER THE RESPONSE DATE SET-ASIDE NAICS CODE 517110 * CONTRACTING OFFICE ADDRESS Department of Veterans Affairs Technology Acquisition Center 260 Industrial Way West Eatontown NJ DESCRIPTION * POINT OF CONTACT 07724 See Attachment * Eleanor Slocum Eleanor.Slocum@va.gov 732-440-9677 (POC Information Automatically Filled from User Profile Unless Entered) PLACE OF PERFORMANCE ADDRESS POSTAL CODE COUNTRY ADDITIONAL INFORMATION AGENCY'S URL URL DESCRIPTION AGENCY CONTACT'S EMAIL ADDRESS Eleanor.Slocum@va.gov EMAIL DESCRIPTION Eleanor.Slocum@va.gov * = Required Field FedBizOpps Sources Sought Notice Rev. March 2010 Local Exchange Carrier (LEC) Services for Region 1 Request for Information Questions/Industry Input Needed This is a Request for Information (RFI) to conduct market research solely for information and planning purposes; it does not constitute a Request for Proposal (RFP) or a promise to issue a RFP in the future. This request does not commit the Department of Veterans Affairs (VA) to contract for any supply or service whatsoever. VA is not, at this time, seeking proposals and will not accept unsolicited proposals. Responders are advised that VA will not pay for any information or administrative costs incurred in response to this RFI; all costs associated with responding to this RFI will be solely at the interested vendor's expense. Not responding to this RFI does not preclude participation in any future RFP, if any is issued. Any information submitted by respondents to this RFI is strictly voluntary. All submissions become Government property and will not be returned. Background/Requirements The mission of the Department of Veterans Affairs (VA), Office of Information & Technology (OIT), Service Delivery and Engineering (SDE) is to provide benefits and services to Veterans of the United States. In meeting these goals, OIT strives to provide high quality, effective, and efficient Information Technology (IT) services to those responsible for providing care to the Veterans at the point-of-care as well as throughout all the points of the Veterans’ health care in an effective, timely and compassionate manner. VA depends on Information Management/Information Technology (IM/IT) systems to meet mission goals. OIT Region 1 Telecommunications Office (R1 TBO) is responsible for management and procurement of Local Exchange Carrier services for VA Medical Centers, Community Based Outpatient Clinics (CBOC), field and program offices and other remote users that are geographically dispersed throughout OIT Region 1 catchment area in the states of Alaska (AK), Arizona (AZ), California (CA), Colorado (CO), Hawaii (HI), Idaho (ID), Kansas (KS), Montana (MT), Nebraska (NE), Nevada (NV), New Mexico (NM), North Dakota (ND), Oklahoma (OK), Oregon (OR), Texas (TX), Utah (UT), Washington (WA), and Wyoming (WY). Questions In support of this effort, VA is conducting market research to help further refine requirements and establish the best acquisition approach. A draft Performance Work Statement (PWS) and Addendum C VA Facility List is attached. Please note that requirements defined to date will likely change before a RFP is released. Please address the following questions: Name of Company: DUNS Number: Address: Point of Contact: Phone Number: Fax Numbers: Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 Email Address: (1) Could your company independently provide the entire range of services called for in the Performance Work Statement (PWS)? ____ YES ____ NO (2) If you answered NO to question (1), what services called for in the PWS could your company provide? (3) Does your company plan to be the prime contractor or subcontractor for this effort? (4) Please provide details regarding proposed joint ventures, teaming arrangements, strategic alliances or other business arrangements to satisfy requirements of the entire Region 1 PWS. Small businesses are encouraged to identify teams whereby each team member is considered small business based upon the proposed North American Industrial Classification System (NAICS) code of 517110 (small business size standard of 1,500 employees) to support set-aside considerations. (5) Is your company currently providing similar services to another government agency or other nongovernment customer? If so, please identify the agency or non-government customer. If you are unwilling to share your customers' identity, please address whether your company offers the same or similar services commercially (outside the federal government). (6) Please identify your company’s Small Business size status based upon the applicable NAICS code of 517110. The Small Business Size Standard for this NAICS code is 1,500 employees. For more information refer to http://www.sba.gov/. Large Business Concern Small Business Concern 8(a) Small Disadvantaged Business (SDB) Woman-owned Small Business Historically Underutilized Business Zone (HubZone) Veteran-Owned Small Business (VOSB) Service-Disabled Veteran-Owned Small Business (SDVOSB) (7) The Government has selected the applicable NAICS code for this effort based upon the significant services encompassing the entire range of Acquisition and Budget requirements as specified in the PWS. If in responding to this RFI you believe another NAICS code should be applicable, please identify the NAICS code you consider appropriate for this effort along with detailed supporting rationale. (8) Please provide positive or negative feedback regarding the PWS such as recommended changes, noted exceptions, ambiguities, etc. Page 3 of 53 Page 3 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 (9) Provide any other pertinent information as deemed necessary to demonstrate your and any proposed team member’s capabilities and prior experience as it relates to the requirements set forth in the PWS. (10) Is your firm currently registered in VA’s Vendor Information Pages (VIP) database? Yes ____ No ____ If you answered no, please ensure that your firm’s status as a SDVOSB / VOSB is accurately reflected in both the Central Contractor Registration (CCR) web page www.sam.gov and in VA’s VIP database web page http://www.vip.vetbiz.gov/. (11) Please provide comments on the draft PWS in the following table format: PWS Section/Paragraph Fully(F)/Partially change change comment/rationale reference (P) or Not (N) from to met (12) What is the vendor’s area of coverage relative to all VA Region 3’s Service Delivery Point (SDP)? Please note on attachment C VA R1 SDP which ones you can provide coverage for. Specifically state your coverage relative to Puerto Rico and the US Virgin Islands. (13) If the vendor cannot provide service to all R3 SDPs, what experience does the vendor have in partnering with other providers to either mitigate coverage gaps or deliver a more compelling Local Exchange Carrier (LEC) Services’ enterprise solution? Please provide details on advantages, disadvantages of partnering. (14) Do any existing laws or regulations prohibit a Incumbent Local Exchange Carrier (ILEC) from partnering with another ILEC or Competitive Local Exchange Carrier (CLEC) to provide coverage to all SDPs. Please provide details if the answer is yes. Submittal Instructions: All information and responses to this RFI shall be provided to Eleanor Slocum, Contract Specialist at Eleanor.Slocum@va.gov and Iris Farrell, Contracting Officer, at Iris.Farrell@va.gov, no later than 2:30pm ET on June 10, 2013. Submit questions in writing, regarding this RFI to Eleanor.Slocum@va.gov. The Government will try to answer all questions. Those questions and answers will be posted to this site as an attachment. Page 4 of 53 Page 4 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 PERFORMANCE WORK STATEMENT (PWS) DEPARTMENT OF VETERANS AFFAIRS Office of Information & Technology Local Exchange Carrier (LEC) Services for Region 1 Date: 6/02/2013 TAC-13-06211 PWS Version Number: 2.1.5 Page 5 of 53 Page 5 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 Contents 1.0 BACKGROUND .................................................................................................... 7 2.0 APPLICABLE DOCUMENTS ................................................................................ 7 3.0 SCOPE OF WORK ............................................................................................... 8 4.0 PERFORMANCE DETAILS .................................................................................. 8 4.1 CONTRACT TYPE............................................................................................. 8 4.2 PERFORMANCE PERIOD ................................................................................ 8 4.3 PLACE OF PERFORMANCE ............................................................................ 9 4.4 TRAVEL ........................................................................................................... 10 5.0 SPECIFIC TASKS AND DELIVERABLES .......................................................... 10 5.1 RECURRING VOICE AND DATA SERVICES ................................................. 10 5.2 ESTABLISHMENT OF SERVICES .................................................................. 12 5.3 SERVICE LEVEL AGREEMENT (SLA) ........................................................... 13 5.4 ADDITION OF FACILITIES .............................................................................. 15 5.5 MAINTENANCE AND RESTORATION ACTIVITIES ....................................... 15 6.0 GENERAL REQUIREMENTS ............................................................................. 17 6.1 POSITION/TASK RISK DESIGNATION LEVEL(S) AND CONTRACTOR PERSONNEL SECURITY REQUIREMENTS .................................................................................. 17 6.2 METHOD AND DISTRIBUTION OF DELIVERABLES ..................................... 20 6.3 PERFORMANCE METRICS ............................................................................ 20 6.4 FACILITY/RESOURCE PROVISIONS............................................................. 22 6.5 GOVERNMENT FURNISHED INFORMATION ............................................... 22 Page 6 of 53 Page 6 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 1.0 BACKGROUND The Department of Veterans Affairs (VA), Office of Information & Technology (OIT), utilizes a variety of contracts to acquire Local Exchange Carrier (LEC) services and has recognized a need to reduce potentially duplicative, overlapping, and fragmented efforts. VA intends to establish outcome-oriented results by consolidating LEC management and services. This action aligns with Federal Government priority goals—otherwise referred to as crosscutting goals—as well as goals to improve management across the Federal Government. VA is focused on implementing these objectives by means of OIT Enterprise level management of LEC services. OIT is tasked to accomplish the goal of reducing overall telecommunications and data expenses with minimal time of implementation. OIT seeks improvement in support, reporting, auditing and invoicing to provide the level of care required for our Veterans. VA Region 1 Telephone Business Office (R1 TBO) has the overall business and management responsibilities for all Region 1 telephone services. The R1 TBO is currently responsible for the management of IT operational expenses for thirty-three (33) Medical Centers and the attached smaller satellite offices. Consistent with National and Region 1 OIT cost containment initiatives, Region 1 OIT will consolidate telephone services to all facilities within the Region 1 OIT catchment area. The proposed project will allow Region 1 OIT to centralize management of telephone services and accomplish its goal of reducing overall telecommunications expenses. 2.0 APPLICABLE DOCUMENTS In the performance of the tasks associated with this Performance Work Statement, the Contractor shall comply with the following (additional documents may be listed in individual Task Orders (TO) : 1. 44 U.S.C. § 3541, “Federal Information Security Management Act (FISMA) of 2002” 2. Federal Information Processing Standards (FIPS) Publication 140-2, “Security Requirements For Cryptographic Modules” 3. FIPS Pub 201, “Personal Identity Verification of Federal Employees and Contractors,” March 2006 4. 10 U.S.C. § 2224, "Defense Information Assurance Program" 5. 5 U.S.C. § 552a, as amended, “The Privacy Act of 1974” 6. 42 U.S.C. § 2000d “Title VI of the Civil Rights Act of 1964” 7. Department of Veterans Affairs (VA) Directive 0710, “Personnel Suitability and Security Program,” May 18, 2007 8. VA Directive 6102, “Internet/Intranet Services,” July 15, 2008 9. 36 C.F.R. Part 1194 “Electronic and Information Technology Accessibility Standards,” July 1, 2003 10. OMB Circular A-130, “Management of Federal Information Resources,” November 28, 2000 11. 32 C.F.R. Part 199, “Civilian Health and Medical Program of the Uniformed Services (CHAMPUS)” 12. An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, October 2008 Page 7 of 53 Page 7 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 13. Sections 504 and 508 of the Rehabilitation Act (29 U.S.C. § 794d), as amended by the Workforce Investment Act of 1998 (P.L. 105-220), August 7, 1998 14. Homeland Security Presidential Directive (12) (HSPD-12), August 27, 2004 15. VA Directive 6500, “Information Security Program,” August 4, 2006 16. VA Handbook 6500, “Information Security Program,” September 18, 2007 17. VA Handbook 6500.1, “Electronic Media Sanitization,” March 22, 2010 18. VA Handbook 6500.2, “Management of Security and Privacy Incidents,” June 17, 2008. 19. VA Handbook 6500.3, “Certification and Accreditation of VA Information Systems,” November 24, 2008. 20. VA Handbook, 6500.5, Incorporating Security and Privacy in System Development Lifecycle. 21. VA Handbook 6500.6, “Contract Security,” March 12, 2010 22. Technical Reference Model (TRM) (reference at http://www.va.gov/trm/) 23. National Institute Standards and Technology (NIST) Special Publications 24. VA Directive 6508, VA Privacy Impact Assessment, October 3, 2008 25. VA Directive 6300, Records and Information Management, February 26, 2009 26. VA Handbook, 6300.1, Records Management Procedures, March 24, 2010 27. GAO-12-620R GAO's Work Related to the Interim Crosscutting Priority Goals under the GPRA Modernization Act, dated May 31,2012 3.0 SCOPE OF WORK The Contractor shall provide and implement telephone services, as described in Section 5 of this PWS to all VA OIT Region 1 sites. These sites include VA Medical Centers (VAMC), Veteran Outreach Centers, Community Based Outpatient Clinics (CBOC) and other VA facilities on the Region 1 area. Addendum C contains a list of current locations in Region 1. The Contractor shall provide all labor, management, tools, material, and equipment to perform all requirements of individual TO’s. The effort shall be proposed on a Firm Fixed Price (FFP) basis. The tasks described in Section 5 of this PWS are intended to be a set of all inclusive requirements. Individual TO’s placed under this contract by VA may include some or all of these tasks. Specific requirement details and locations will be defined in each individual order. 4.0 PERFORMANCE DETAILS 4.1 CONTRACT TYPE This is an Indefinite Delivery/Indefinite Quantity (IDIQ) Single Award Task Order (SATO) contract. Individual TO’s shall be issued on a performance-based Firm-Fixed-Price (FFP) basis. 4.2 PERFORMANCE PERIOD The ordering period for the basic contract shall be a performance period of one-year with four option years from the date of award. Page 8 of 53 Page 8 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 Typical working hours at VA facilities are 8:00 AM to 4:30 PM, Monday through Friday, excluding Federal holidays. Work may be required outside of normal business hours due to system failures and other issues. There are 10 Federal holidays set by law (USC Title 5 Section 6103) that VA follows: Under current definitions, four are set by date: New Year's Day Independence Day Veterans Day Christmas Day January 1 July 4 November 11 December 25 If any of the above falls on a Saturday, then Friday shall be observed as a holiday. Similarly, if one falls on a Sunday, then Monday shall be observed as a holiday. The other six are set by a day of the week and month: Martin Luther King's Birthday Washington's Birthday Memorial Day Labor Day Columbus Day Thanksgiving Third Monday in January Third Monday in February Last Monday in May First Monday in September Second Monday in October Fourth Thursday in November 4.3 PLACE OF PERFORMANCE The place of performance will be identified in individual task orders (TO). Services shall be provided at VA facilities located in Region 1. Region 1 includes VA owned or managed facilities in the states of Alaska (AK), Arizona (AZ), California (CA), Colorado (CO), Hawaii (HI), Idaho (ID), Kansas (KS), Montana (MT), Nebraska (NE), Nevada (NV), New Mexico (NM), North Dakota (ND), Oklahoma (OK), Oregon (OR), Texas (TX), Utah (UT), Washington (WA), and Wyoming (WY). The Contractor shall provide and implement voice and data services as described in this section to the sites listed in Addendum C. Requirements for access to VA facilities shall include the following: Typical working hours at VA facilities are 8:00 AM to 4:30 PM except the Network Operations Center (NOC) which requires 24/7 coverage. Overtime or access after normal administrative hours shall be coordinated and approved with each site. Contractor Technicians will require escorts in VA facilities in accordance with Section 2.h (6) of VA Directive 0710 (see PWS section 6.1.1) A maximum of two escorts will be provided at each VA location. The intent is for escorts to be dedicated resources; however, there may be situations where escorts are diverted to other priorities Page 9 of 53 Page 9 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 If work must be conducted after normal working hours, pre-notification must be given to VA to coordinate VA escorts 4.4 TRAVEL Contractor travel is required for attendance at the Award, Post Award, and Kick Off Meeting in Eatontown, NJ. The total estimated number of trips in support of the program and related meetings for this effort is listed below. The number of participants for each meeting is estimated to be three (3) individuals. Purpose Number of trips Award, Post Award, and Kick Off 1 Duration of each trip (# of days) 1 day 5.0 SPECIFIC TASKS AND DELIVERABLES The Contractor shall perform the following as required by the individual task orders. 5.1 RECURRING VOICE AND DATA SERVICES The service type and details of the Government requirement will be detailed in the individual Task Orders (TO). The Contractor shall provide the following LEC services in areas where services either exist or is determined by the Government to be commercially available. This may include delivering, installing, and maintaining, or disconnecting the following services and features subject to Contractor facilities and capacity availability: 5.1.1 SERVICE TYPES AND FEATURES The Contractor shall provide the following LEC services in areas where services either exist or are determined by the Government to be commercially available. This may include delivering, installing, and maintaining, or disconnecting the following services and features subject to Contractor facilities and capacity availability: 5.1.1.1 POTS (Plain Old Telephone Service) shall be bi-directional, single pair, 600 ohms circuit with call progress tones such as dial tone, ring back tone, and capable of DTMF dialing. The REN (Ringer Equivalency Number) for each line shall be no less than 1.0. The POTS service shall be loop start service unless defined as ground-start circuit. 5.1.1.2 PRI (Primary Rate ISDN) service shall be delivered over T-1 format as 23B+D unless specifically modified under the individual task order. 5.1.1.3.1 Direct Inward Dialing (DID) two way, inbound/outbound 5.1.1.4 DID number blocks (phone numbers) Page 10 of 53 Page 10 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 5.1.1.5 5.1.1.6 5.1.1.7 5.1.1.8 5.1.1.9 5.1.1.10 5.1.1.11 5.1.1.12 5.1.1.13 5.1.1.14 5.1.1.15 5.1.1.16 5.1.1.17 5.1.1.18 5.1.1.19 5.1.1.20 5.1.1.21 5.1.1.22 5.1.1.23 5.1.1.24 5.1.1.25 5.1.1.26 5.1.1.27 DSL (Digital Subscriber Line) service shall be delivered where available. All telephone service should have caller ID capability. All telephone service will be installed up to the designated building demarcation point. The long-distance carrier for all voice services must be Qwest Networx Primary inter-LATA Carrier (PIC/LPIC 0432). 411 (directory service) and 900/976 or similar must be blocked Telephone Service Priority (TSP) E-911 PS/ALI (Public Switch / Automatic Location Information Private Line Service Data transport circuits (Digital Signal DS0 up to Optical Carrier OC768) Point to point data circuits or Tie lines Metro E Service metropolitan-area Ethernet, Ethernet MAN, or metro Ethernet network (MOE) Synchronous Optical Networking (SONET) Call Forwarding Call Waiting Voicemail Conference calling Call Blocking Call Hunting Integrated Services Digital Network (ISDN) Centrex service Basic Rate Interface (BRI) Frame Relay Asynchronous Transfer Mode (ATM) Digital Channelized Services (DCS) 5.1.2 LOCAL TELECOMMUNICATION FEATURES The Contractor shall provide local voice telecommunication features as needed. Features that are not commercially available must be noted in the TO response. This may include call forwarding, call waiting, voice mail, conference calling, and call blocking as examples. 5.1.3 TELECOMMUNICATION AVAILABILITY The Contractor shall provide telecommunication services at each facility 24 hours per day, 7 days per week, and 365 days per year inclusive of holidays. Contractor shall follow all Public Utilities Commission Agreements that regulate the area of service. The Public Utilities Commission (PUC) will be the primary ombudsman for regulated services. Government LEC services requirements and conditions maybe more stringent than PUC regulations and both may apply. The LEC service provider must also have a published tariff rates and USOC (Uniform Service Order Code) listing published with the PUC in the area of service. State PUC regulated or tariffed services for the exclusive use of the Government shall be provided by regulated service providers recognized by the Page 11 of 53 Page 11 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 local PUC in the area that the Contractor offers service. Best Effort Service and PUC unregulated service will not be accepted. Service providers and services that are not regulated by the PUC in the area of requirement will not be accepted except in cases where no Contractor can meet the Government requirement. Service providers that change service platforms or company status to that which is not regulated by the PUC in the area of service shall also give the Government cause to terminate service without consideration unless mutually agreed by the Contracting Officer (CO) and the Contractor. 5.1.4 E-911 PS/ALI AVAILABILITY The Contractor shall comply with all applicable local and FCC regulatory requirements including Local Number Portability (LNP), directory assistance, and emergency services (911 or E911) requirements to identify the location of an originating station and route them to the appropriate Public Safety Answering Point (PSAP). 5.2 ESTABLISHMENT OF SERVICES The Contractor shall establish telecommunication services (to include all materials, equipment, and labor) for the locations specified in Addendum C. Specific locations within Addendum C will be identified in individual Task Orders. Establishment of services includes all non-recurring charges specific to each facility. Service that is provided under a fixed period service pricing plan may be changed in speed or capacity, or may be converted to another service, without incurring a discontinuance charge, provided all the following conditions are met: 1. Both the existing and the new services are provided solely by the Contractor; 2. The order to discontinue the existing service and the order to establish the new service are received by the Contractor at the same time; 3. The total value of the new service pricing plan, excluding any special construction charges and any other nonrecurring charges, is equal to and transitioned to this agreement in like for like or the value of the new TO is greater than the total value of the existing plan for the remaining months of that plan; 4. The new service installation must take place within 30 calendar days of the disconnection of the existing service, unless an installation delay is caused by the Contractor. Build out or special construction charges by the Government for a TO will not be included in this agreement and shall be quoted separately from installation cost. The Government requirement of separate funding for build out or special construction charges will not be included in the timelines identified in section 5 of this PWS. The LEC services provided under this PWS shall be both provided to the network interface and be maintained by the Contractor. The Government will not rearrange, disconnect, remove or attempt to repair any facilities installed by the Contractor to the network interface. The Contractor shall seek permission via local Point of Contact (POC) to enter the Government facility at any reasonable hour for the purpose of installing, inspecting or repairing the facilities, or, upon termination of the service, Page 12 of 53 Page 12 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 for the purpose of removing Contractor facilities. Different LEC services may either have the same or different service points, according to local circumstances. 5.3 SERVICE LEVEL AGREEMENT (SLA) The Contractor shall ensure services they provide conform to Service Level Agreement (SLA) parameters defined in Sections 5.3 through 5.3.8. All references to SLA in this PWS shall include the requirements set forth in Section 5. The Government will utilize a Quality Assurance Surveillance Plan (QASP) throughout the life of the contract to ensure that the Contractor is performing the services required by this PWS in an acceptable manner. The Government reserves the right to alter or change the surveillance methods in the QASP at its own discretion. 5.3.1 CONTRACTOR CUSTOMER SUPPORT The Contractor shall provide technical help desk support. Technical help desk support is required 24 hours a day, 7 days a week, and 365 days a year for the remainder of the contract following installation. A toll free number shall be designated as the primary help number for VA to call. Technical support responsiveness is measured by number of calls placed to the Help Desk from VA. Technical support starts at the point the call is logged by the Help Desk and continues to the point where the technician has resolved the problem. 5.3.2 SUPPORT RESPONSE TIME The Contractor shall provide technical support/resolution during established business hours to assist VA with issues pertaining to the LEC Services set forth in Section 5.1 through 5.1.4. Response times begin when the Contractor receives a support request from VA. The Contractor shall respond to the VA’s support requests according to the following Severity Levels. 5.3.3 SEVERITY LEVEL A – MAJOR IMPACT A Major Impact means a business impacting function or service is not available such as loss of dial tone, inability to dial 911, or inability to receive a call on the circuit due to service outages. This also includes the inability to receive or transmit data or access critical medical systems due to circuit impairment. The Contractor shall respond to all Severity Level A problems within four business hours. Notifications shall be provided to VA local point of contact as identified by TO, at a minimum every business day via telephone or more frequently as time permits. Service must be restored or minimized to Severity Level B within 24 hours of the notification of major impact and not return to major impact for seven days or it will be considered a continuation of the original service impact. 5.3.4 SEVERITY LEVEL B – MINOR IMPACT A Minor Impact means VA’s workflow is not seriously affected or limited as defined in 5.3.3. The Contractor shall respond to all Severity Level B problems within one business day. Notification shall be delivered either by telephone or via email to the appropriate VA local point of contact and COR as identified by TO. This includes all telephone service and deregulated broadband service. Service must be restored or minimized to Severity Level C within 72 hours of the notification of minor impact Page 13 of 53 Page 13 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 and not return to minor or major impact for seven days or it will be considered a continuation of the original service impact. 5.3.5 SEVERITY LEVEL C – NO IMPACT Response times may vary for Severity Level C support depending on the project work associated with the request not to exceed 14 days. These should be reported to the appropriate VA point of contact as identified by TO. 5.3.6 EXCEPTIONS During scheduled maintenance of the voice system, the Contractor shall notify VA within three days of the maintenance window and describe in detail how long and to what level degraded service is to be expected. The Contractor shall obtain approval in advance from the appropriate VA point of contact as identified by TO before scheduled maintenance occurs. The voice service shall not be considered to be unavailable for any outage that results from any maintenance performed by the Contractor as defined by the following three exceptions: 5.1.1.28 VA is notified at least three days in advance of outage or service degradation; 5.1.1.29 During the installation period prior to the due date; and 5.1.1.30 Trouble beyond the demarcation point or Network Interface (NI) not caused by the Contractor. 5.3.7 EFFECTIVE DATE The Critical Dates monitored by the Government and PUC for the purposes of calculating effective date are as follows: 1. Application Date (APP): The date the Government provides a TO and sufficient information to the Contractor for order placement. The APP Date is the date the contract service provider enters the order into their order distribution system(s). This is sometimes referred to as the order date. 2. Design Layout Report Date (DLRD): The date the Design Layout Report which contains the design for the service(s) ordered is forwarded to the Government. 3. Plant Test Date (PTD): The date acceptance testing is performed with the Government. 4. Service Date (DD): The date the service is due to be made available to the Government. This is sometimes referred to as the Due Date. The anticipated time between APP and DD shall be less than 60 days in all cases. The Government shall be notified within 45 days after APP if the DLRD cannot be provided or if the Contractor’s facilities cannot support the TO. Also the Contractor shall notify the Government prior to the 60 th day the results of the PTD. The Contractor shall identify any exception to the effective date and furnish a written plan with a new due date and anticipated additional cost to install. The Government COR may approve exceptions up to 60 days from the APP. If not approved by the COR or the exception is greater than 60 days, the issue will be raised to the CO for additional action. The Government shall Page 14 of 53 Page 14 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 not pay for any cost associated with a TO prior to DD or any charges associated with the TO if cancelled prior to the DD. The effective date for Contractor performance meeting SLA measures shall begin no later than seven calendar days after the Contractor and VA agree that circuit installation and Test and Turn-Up actions are complete. The Contractor shall communicate circuit installation and Test and Turn-Up completion no later than 24 hours after the Contractor concludes that the technical work has been completed. 5.3.8 TELECOMUNICATIONS SERVICE PRIORITY The Contractor shall comply with the assignment of a Telecommunications Service Priority (TSP) to all circuits ordered. TSP is a program that authorizes national security and emergency preparedness (NS/EP) organizations to receive priority treatment for vital voice and data circuits or other telecommunications services as a result of hurricanes, floods, earthquakes, and other natural or manmade disasters. The TSP Program requires service vendors to prioritize requests by identifying those services critical to NS/EP based on the Federal Communications Commission (FCC) mandate (REF: 88-341). A TSP assignment ensures that it shall receive priority attention by the service vendor before any all non TSP service. Website: http://tsp.ncs.gov 5.4 ADDITION OF FACILITIES The Contractor shall complete TO circuit installation, Test and Turn-Up, and operation requirements for the location(s) specified in the TO and as identified by VA within the master list of VA facilities spelled out in Addendum C. VA reserves the right to modify the master list of VA facilities, as noted by Service Delivery Point (SDP) addresses, during the period of performance. 5.5 MAINTENANCE AND RESTORATION ACTIVITIES The Contractor shall maintain service availability to the standards established in this PWS, and ensure no loss of telecommunications services during all service requests, and provide maintenance activities to the Contractor’s network. For example, remediation of major system failures using redundant resources or other resources may be necessary to maintain performance standards. 5.5.1 DOWNTIME The Contractor shall obtain the approval of the COR and VA Facility Telecommunications Manager prior to starting any work that may cause any downtime. Refer to Section 5.3.6. If work is needed to be performed outside of normal business hours, the Contractor shall notify the COR and VA Facility Telecommunications Manager a minimum of three business days before the work is to begin (except in the case of emergencies, major impact or prior to effective date. Refer to Section 5.3.3 and to Section 5.3.7). Page 15 of 53 Page 15 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 5.5.2 ONSITE WORK The Contractor shall clean up all work areas after completing work in VA facilities, including removal and disposal of defective equipment. 5.5.3 INTRUSIVE TESTING The Contractor shall receive approval from the VA Facility Telecommunications Manager prior to commencement of intrusive testing. 5.5.4 NOTIFICATION OF SERVICE OR REPAIR COMPLETION The Contractor shall notify VA when any service request, repair, or maintenance is completed by sending an email to a VA email group(s) designated by the COR or a phone call to the Facility Telecom Manager. The service request, repair, or maintenance is not considered complete until a VA Facility Telecommunications Manager confirms that the completion of service is acceptable. 5.5.5 RESOLUTION OF ISSUES The Contractor shall use an Escalation Process to resolve customer service issues and provide a single point of contact for each issue or dispute. The Contractor shall provide the COR an Escalation Process 14 days After Receipt of Order (ARO) outlining the specific steps taken to resolve customer service issues. The process shall include a full escalation list that provides resolution if necessary at the Contractor’s senior executive level. Deliverable: A. Escalation Process 5.5.6 CUSTOMER SUPPORT ORGANIZATION CHART The Contractor shall provide the COR a Customer Support Organization Chart containing Contractor employee names, email addresses, and direct phone numbers. Deliverable: A. Customer Support Organization Chart 5.5.7 CUSTOMER SERVICE RECORDS The Contractor shall provide Customer Service Records (CSRs) for each new reoccurring service by the first billing cycle and each billing cycle afterwards. Each record shall include the delivery service point, an itemized list of service types provided, and the price associated with each service. 5.5.8 MOVES, ADDS, CHANGES, AND DELETES (MACD) Page 16 of 53 Page 16 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 The ability for VA to process MACDs shall be included within the contract account management system. The information must include the date of MACD request, current status, and prorated cost based on date of the MACD request. The Government requires telephone service portability and that established telephone numbers be retained. Moves made under portability provisions are subject to facility availability and requirements set forth in section 5.2 Establishment of Services. The Government may choose to move either a portion of or the entire existing service. 6.0 GENERAL REQUIREMENTS 6.1 POSITION/TASK RISK DESIGNATION LEVEL(S) AND CONTRACTOR PERSONNEL SECURITY REQUIREMENTS The Contractor(s) shall comply with all personnel security requirements included in this contract and local level organization security requirements described in each individual task order. Contractor Technicians will require escorts in VA facilities in accordance with Section 2.h (6) of VA Directive 0710 (see PWS section 6.1.1) 6.1.1 VA DIRECTIVE 0710 PERSONNEL SECURITY AND SUITABILITY PROGRAM 1. PURPOSE AND BACKGROUND. This directive describes the purpose, responsibilities, requirements, and procedures of VA’s Personnel Security and Suitability Program, applicable to Federal applicants, appointees, employees, contractors and affiliates who have access to departmental operations, facilities, information, or information technology systems. a. The Personnel Security and Suitability Program has three main purposes: (1) To provide a basis for determining a person’s suitability to work for or on behalf of the government, (2) To provide a basis for VA to determine whether a Federal employee should be granted a security clearance, and (3) To implement certain Personal Identity Verification requirements of Federal Information Processing Standards (FIPS-201). b. The Federal government mandates by law, executive order, Presidential Directives, regulations, and guidance that all applicants, appointees, employees, contractors, and others are suitable for employment or assignment to work for or on behalf of the Federal government. c. Personnel Security and Suitability Programs were established in 1953 by Executive Order (EO) 10450, Security Requirements for Government Employment, as amended and enhanced in 1995 by EO 12968, Access to Classified Information, as amended. These orders set the standards for suitability and security clearance processes for the Federal government. The processes were reformed in 2008 by EO 13467, Reforming Processes Related to Suitability for Government Employment, Fitness for Contractor Employees, and Eligibility for Access to Classified National Security Information. Page 17 of 53 Page 17 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 d. EO 13467, Reforming Processes Related to Suitability for Government Employment, Fitness for Contractor Employees, and Eligibility for Access to Classified National Security Information, was issued June 30, 2008. This EO reformed the use of reciprocity across the Federal government to ensure cost-effective, timely, and efficient protection of national interests. e. Office of Personnel Management (OPM) revised Title 5, Code of Federal Regulations (CFR), 731, Suitability in April 2008 and again in November 2008. These regulations are the framework for the Department of Veterans Affairs (VA’s) Personnel Security and Suitability Program. f. EO 13488, Granting Reciprocity on Excepted Service and Federal Contractor Employee Fitness and Reinvestigating Individuals in Positions of Public Trust, was issued on January 16, 2009. This EO requires a reinvestigation on all individuals in positions of public trust to ensure that they remain suitable for continued employment. g. The Intelligence Reform and Terrorism Prevention Action of 2004 (IRTPA), Public Law No. 108458 (2004) (codified at 50 U.S.C. 435b) sets goals and timelines for granting clearances, ensuring reciprocity, and establishing an integrated database for completed background investigations. 2. POLICY a. VA is required to establish criteria and procedures for making suitability determinations and taking suitability actions involving applicants for and appointees to covered positions. Suitability determinations are based on a person’s character or conduct that may have an impact on the integrity or efficiency of the service. Determining suitability for Federal employment will be consistent with 5 Part CFR 731. Determining fitness for contractor employees will be based on criteria equivalent to that used for Federal employees. Determinations made under this category are distinct from determinations of eligibility for assignment to, or retention in, sensitive national security positions. b. Some positions are also subject to sensitivity considerations relating to national security and access to classified information. Eligibility for access to classified information shall be granted in accordance with EO 12968, as amended. Eligibility determinations will be made using the standards set forth in the “Adjudicative Guidelines for Determining Eligibility for Access to Classified Information.” c. VA must implement policies and maintain records demonstrating that VA employs reasonable methods to ensure adherence to Office of Personnel Management (OPM) and other regulatory issuances in determining suitability for employment. Facilities are required to establish local policies and procedures to ensure that required background screenings are accomplished and documented. d. This directive requires Administrations and staff offices to collaborate, participate, and recognize the shared, related, and interdependent responsibility to provide effective and efficient personnel security services to the department. e. Designating Position Risk and Sensitivity Levels (1) Agencies are required by 5 CFR, 731, Suitability, to designate the position risk level for all covered positions at Low, Moderate or High as determined by the position’s potential to adversely impact the efficiency and integrity of the service. High and Moderate Risk level positions are designated as Public Trust positions. (2) All positions must also be given a sensitivity designation. National security positions are those that involve activities that are concerned with the protection of the United States from foreign aggression or espionage, the preservation of the Nation’s military strength, and the regular use of, or access to, classified information. The sensitivity designations are Special-Sensitive, Critical-Sensitive, or Page 18 of 53 Page 18 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 Noncritical-Sensitive. This designation is complimentary to the risk designation, and may have an effect on the position’s investigative requirement. (3) All VA administrations and staff offices must use the Position Designation System and Automated Tool (PDAT) for designating position risk and sensitivity levels for all positions. The position designation process is used to determine the appropriate level of investigation for positions covered by 5 CFR, parts 731, Suitability, and 732, National Security Positions. (4) The PDAT will be used by Contracting Officers and Contracting Officer Technical Representative to appropriately designate the statement of work or other written description of the assignment, with the proper risk or sensitivity level for the contract employees. Information Security Officers (ISO) should be consulted when access to VA information systems and data is involved to ensure appropriate risk levels are assigned for contractors. f. Electronic Questionnaire for Investigations Processing (E-QIP). The use of E-QIP is mandated by the Office of Management and Budget (OMB) and OPM pursuant to the E-Government Act of 2002, P.L. 107-347. E-QIP allows applicants to electronically enter, update, and transmit their personal investigative data over a secure Internet connection to their employing agency for review and approval. E-QIP must be used for all investigative types for employees, contractors, affiliates, volunteers and other designated individuals who will need a background investigation. g. Personal Identity Verification (PIV). FIPS 201-1 requires that at a minimum National Agency Check with Inquiries (NACI) be initiated prior to the issuance of a Personal Identity Verification (PIV) compliant card. Agencies can issue an electronically distinguishable identity credential on the basis of a completed FBI National Criminal History Check (fingerprint check) while the NACI is pending. OPM conducts Special Agreement Checks (SAC) which cover FBI criminal history. VA facilities must use electronic fingerprint equipment to submit SAC requests to OPM. All individuals who work for or at VA, whether they are paid or unpaid, with access to VA information or information systems, will be subject to background investigations pursuant to VA Directive 0735, “Personal Identity Verification (PIV) of Federal Employees and Contractors.” h. Exemptions (1) OPM has by regulation exempted the following positions from the investigative requirements of Executive Order (EO) 10450, Security Requirements for Government Employment, as amended. (a) Low Risk/Nonsensitive positions that are temporary, intermittent, per diem, or seasonal not to exceed an aggregate of 180 days in either a single continuous appointment or series of appointments; and (b) Positions filled by aliens outside the United States. (2) Administrations and staff offices must conduct such checks as appropriate to ensure that the employment or retention of such individuals in these positions is consistent with the interests of national security. (3) In accordance with National Institute of Standards and Technology (NIST) guidance, background screenings commensurate with the risk involved with the position will be conducted for any positions that require access to VA information systems. (4) All individuals who work at or for VA, whether they are paid or unpaid, with access to VA information systems, will be subject to background screenings prior to being granted such access. (5) By agreement with OPM, the investigative requirements as set forth in EO 10450 will not apply to the following categories of employees: Page 19 of 53 Page 19 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 (a) Consultants or experts appointed to Low Risk/Nonsensitive positions for a period 1 year or less and not to be reappointed; and experts or consultants appointed for a period of more than 1 year or reappointed after a year with no break in service, provided the service does not exceed more than 30 days in any one calendar year. (b) Physicians appointed under 38 U.S.C. 7406 to Low Risk/Nonsensitive positions as medical residents, provided they do not exceed 1 year of continuous service at a VA facility, regardless of the duration of the residency program. (c) Purchase and hire employees appointed to Low Risk/Nonsensitive positions appointed for six months or less. (6) Contract personnel assigned to Low Risk/Nonsensitive positions for 180 days or less under a single contract or a series of contracts. (7) Any additional exemptions to the investigative requirements of EO 10450 must be approved by OPM, upon the request of the Secretary. Administrations and staff offices may submit requests for additional exemptions or modifications of existing exemptions through the Office of the Operations, Security, and Preparedness (OSP) for approval and submission to OPM. i. Background Screening. VA requires that all personnel be subject to an appropriate background screening (Special Agreement Check (SAC)) prior to permitting access to VA information and information systems. This includes applicants, appointees, employees, contractors, affiliates and other individuals who require physical and/or logical access to VA information or information system 6.2 METHOD AND DISTRIBUTION OF DELIVERABLES The Contractor shall deliver documentation in electronic format, unless otherwise directed in Section B of the solicitation/contract. Acceptable electronic media include: Microsoft (MS) Word, MS Excel, and Adobe Postscript Data Format (PDF). 6.3 PERFORMANCE METRICS The table below defines the Performance Standards and Acceptable Performance Levels for Objectives associated with this effort. Additional metrics may be required as defined in the individual TO. Performance Objective Performance Standard Acceptable Performance Levels Voice and Data Services (5.1) The Contractor shall provide LEC services in areas where services either exist or is determined by the Government to be commercially available Contractor complies with Service Level Agreement (5.3) Telecommunication Availability (5.1.3) 24 hours per day, 7 days per week, and 365 days per year inclusive of holidays Contractor shall follow all Public Utilities Commission Agreements that regulate the area of service. E-911 Services (5.1.4) Identify the location of an originating station and route them to the appropriate Public Safety Answering Point (PSAP) The Contractor shall comply with all applicable local and FCC regulatory requirements. Page 20 of 53 Page 20 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 Establishment of Services (5.2) Contractor Customer Support (5.3.1) Major Impact Response Time (5.3.3) Minor Impact Response Time (5.3.4) Effective Date (5.3.7) Telecommunications Service Priority (5.3.8) Downtime (5.5.1) Onsite Work (5.5.2) Intrusive Testing (5.5.3) Notification (5.5.4) Resolution of Issues (5.5.5) Customer Support Organization Chart (5.5.6) Customer Service Records (5.5.7) Moves, Adds, Changes, and Deletes (5.5.8) The Contractor shall establish telecommunication services (to include all materials, equipment, and labor) for the locations specified in Addendum C. Technical help desk support is provided 24 hours a day, 7 days a week, and 365 days a year for the remainder of the contract following installation. The Contractor shall respond to all Severity Level A problems within four business hours The Contractor shall respond to all Severity Level B problems within one business day. The time between APP and DD should be less than 60 days TSP assignment ensures that it will receive priority attention by the service vendor before any all non TSP service Contractor shall obtain the approval of the COR and VA Facility Telecommunications Manager prior to starting any work that will cause any downtime The Contractor shall clean up all work areas after completing work in VA facilities, including removal and disposal of defective equipment The Contractor shall receive approval from the VA Facility Telecommunications Manager prior to commencement of intrusive testing Contractor shall notify VA when any service request, repair, or maintenance is completed Contractor shall provide the COR an Escalation Process outlining the specific steps taken to resolve customer service issues Chart containing Contractor employee names, email addresses, and direct phone numbers The CSRs shall include the delivery service point, an itemized list of service types provided, and the price associated with each service The Government requires telephone service portability and that established telephone numbers be retained No discontinuance charge, provided all conditions are met Contractor shall follow all Public Utilities Commission Agreements that regulate the area of service. Service must be restored or minimized to Severity Level B within 24 hours of the notification Service must be restored or minimized to Severity Level C within 72 hours of the notification Orders are completed within 60 days Contractor to comply with Federal Communications Commission (FCC) mandate (REF: 88-341) Contractor shall notify the COR and VA Facility Telecommunications Manager a minimum of three business days before the work is to begin 100% of the time 100% of the time Confirmation or acceptable service by Facility Telecom Manager 14 days After Receipt of Order 14 days After Receipt of Order By the first billing cycle and each billing cycle afterwards 100% of the time Page 21 of 53 Page 21 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 A Performance Based Service Assessment Survey will be used in combination with the QASP to assist the Government in determining acceptable performance levels. 6.4 FACILITY/RESOURCE PROVISIONS The Contractor shall contact the COR for Government documentation needed and which is not available by other means. The Contractor shall not transmit, store or otherwise maintain sensitive data or products in Contractor systems (or media) within the VA firewall IAW VA Handbook 6500.6 dated March 12, 2010. All VA sensitive information shall be protected at all times in accordance with local security field office System Security Plans (SSP’s) and Authority to Operate (ATO)’s for all systems/LAN’s accessed while performing the tasks detailed in this PWS. For detailed Security and Privacy Requirements refer to Page 22 of 53 Page 22 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 ADDENDUM A and ADDENDUM B. 6.5 GOVERNMENT FURNISHED INFORMATION Government site plans, manuals, and drawings are applicable to this acquisition and will be provided to the Contractor at the TO level as required for performance. All Government furnished information shall be returned at the competition of the contract. Page 23 of 53 Page 23 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 ADDENDUM A A1.0 Cyber and Information Security Requirements for VA IT Services The Contractor shall ensure adequate LAN/Internet, data, information, and system security in accordance with VA standard operating procedures and standard PWS language, conditions, laws, and regulations. The Contractor’s firewall and web server shall meet or exceed VA minimum requirements for security. All VA data shall be protected behind an approved firewall. All security violations or attempted violations shall be reported to the VA Program Manager and VA Information Security Officer as soon as possible. The Contractor shall follow all applicable VA policies and procedures governing information security, especially those that pertain to certification and accreditation. Contractor supplied equipment, PCs of all types, equipment with hard drives, or other technology items for contract services must meet all security requirements that apply to Government Furnished Equipment (GFE) and Government Owned Equipment (GOE). Security Requirements include: a) VA Approved Encryption Software must be installed on all laptops or mobile devices before placed into operation, b) Bluetooth equipped devices are prohibited within VA; Bluetooth must be permanently disabled or removed from the device, c) VA approved anti-virus and firewall software, d) Equipment must meet all VA sanitization requirements and procedures before disposal. The COR, CO, the Project Manager, and the Information Security Officer (ISO) must be notified and verify all security requirements have been adhered to. Each documented initiative under this contract incorporates the VA Handbook 6500.6, “Contract Security,” March 12, 2010 by reference as though fully set forth therein. The VA Handbook 6500.6, “Contract Security” shall also be included in every related agreement, contract or order. The VA Handbook 6500.6, Appendix C, is included in this document as Addendum B. Training requirements: The Contractor shall complete all mandatory training courses on the current VA training site, the VA Talent Management System (TMS), and will be tracked therein. The TMS may be accessed at https://www.tms.va.gov. If you do not have a TMS profile, go to https://www.tms.va.gov and click on the “Create New User” link on the TMS to gain access. Contractor employees shall complete a VA Systems Access Agreement if they are provided access privileges as an authorized user of the computer system of VA. A2.0 VA Enterprise Architecture Compliance The applications, supplies, and services furnished under this contract must comply with One-VA Enterprise Architecture (EA), available at http://www.ea.oit.va.gov/index.asp in force at the time of issuance of this contract, including the Program Management Plan and VA's rules, standards, and guidelines in the Technical Reference Model/Standards Profile (TRMSP). The VA reserves the right to assess contract deliverables for EA compliance prior to acceptance. A2.1. VA Internet and Intranet Standards: Page 24 of 53 Page 24 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 The Contractor shall adhere to and comply with VA Directive 6102 and VA Handbook 6102, Internet/Intranet Services, including applicable amendments and changes, if the Contractor’s work includes managing, maintaining, establishing and presenting information on VA’s Internet/Intranet Service Sites. This pertains, but is not limited to: creating announcements; collecting information; databases to be accessed, graphics and links to external sites. Internet/Intranet Services Directive 6102 is posted at (copy and paste the following URL to browser): http://www1.va.gov/vapubs/viewPublication.asp?Pub_ID=409&FType=2 Internet/Intranet Services Handbook 6102 is posted at (copy and paste following URL to browser): http://www1.va.gov/vapubs/viewPublication.asp?Pub_ID=410&FType=2 A3.0 Notice of the Federal Accessibility Law Affecting All Electronic and Information Technology Procurements (Section 508) On August 7, 1998, Section 508 of the Rehabilitation Act of 1973 was amended to require that when Federal departments or agencies develop, procure, maintain, or use Electronic and Information Technology, that they shall ensure it allows Federal employees with disabilities to have access to and use of information and data that is comparable to the access to and use of information and data by other Federal employees. Section 508 required the Architectural and Transportation Barriers Compliance Board (Access Board) to publish standards setting forth a definition of electronic and information technology and the technical and functional criteria for such technology to comply with Section 508. These standards have been developed are published with an effective date of December 21, 2000. Federal departments and agencies shall develop all Electronic and Information Technology requirements to comply with the standards found in 36 CFR 1194. Section 508 – Electronic and Information Technology (EIT) Standards: The Section 508 standards established by the Architectural and Transportation Barriers Compliance Board (Access Board) are incorporated into, and made part of all VA orders, solicitations and purchase orders developed to procure Electronic and Information Technology (EIT). These standards are found in their entirety at: http://www.section508.gov and http://www.accessboard.gov/sec508/standards.htm. A printed copy of the standards will be supplied upon request. The Contractor shall comply with the technical standards as marked: _x_§ 1194.21 Software applications and operating systems _x_§ 1194.22 Web-based intranet and internet information and applications _x_§ 1194.23 Telecommunications products _x_§ 1194.24 Video and multimedia products _x_§ 1194.25 Self-contained, closed products _x_§ 1194.26 Desktop and portable computers _x_§ 1194.31 Functional Performance Criteria _x_§ 1194.41 Information, Documentation, and Support Page 25 of 53 Page 25 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 The standards do not require the installation of specific accessibility-related software or the attachment of an assistive technology device, but merely require that the EIT be compatible with such software and devices so that it can be made accessible if so required by the agency in the future. A4.0 Physical Security & Safety Requirements: The Contractor and their personnel shall follow all VA policies, standard operating procedures, applicable laws and regulations while on VA property. Violations of VA regulations and policies may result in citation and disciplinary measures for persons violating the law. 1. The Contractor and their personnel shall wear visible identification at all times while they are on the premises. 2. The VA does not provide parking spaces at the work site; the Contractor must obtain parking at the work site if needed. It is the responsibility of the Contractor to park in the appropriate designated parking areas. The VA will not invalidate or make reimbursement for parking violations of the Contractor. 3. Smoking is prohibited inside/outside any building other than the designated smoking areas. 4. Possession of weapons is prohibited. 5. The Contractor shall obtain all necessary licenses and/or permits required to perform the work, with the exception of software licenses that need to be procured from a Contractor or vendor in accordance with the requirements document. The Contractor shall take all reasonable precautions necessary to protect persons and property from injury or damage during the performance of this contract. A5.0 Confidentiality and Non-Disclosure The Contractor shall follow all VA rules and regulations regarding information security to prevent disclosure of sensitive information to unauthorized individuals or organizations. The Contractor may have access to Protected Health Information (PHI) and Electronic Protected Health Information (EPHI) that is subject to protection under the regulations issued by the Department of Health and Human Services, as mandated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA); 45 CFR Parts 160 and 164, Subparts A and E, the Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”); and 45 CFR Parts 160 and 164, Subparts A and C, the Security Standard (“Security Rule”). Pursuant to the Privacy and Security Rules, the Contractor must agree in writing to certain mandatory provisions regarding the use and disclosure of PHI and EPHI. 1. The Contractor shall have access to some privileged and confidential materials of VA. These printed and electronic documents are for internal use only, are not to be copied or released without permission, and remain the sole property of VA. Some of these materials are protected by the Privacy Act of 1974 (revised by PL 93-5791) and Title 38. Unauthorized disclosure of Privacy Act or Title 38 covered materials is a criminal offense. 2. The VA Contracting Officer will be the sole authorized official to release in writing, any data, draft deliverables, final deliverables, or any other written or printed materials pertaining to this contract. The Contractor shall release no information. Any request for Page 26 of 53 Page 26 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 information relating to this contract presented to the Contractor shall be submitted to the VA Contracting Officer for response. 3. Contractor personnel recognize that in the performance of this effort, Contractor personnel may receive or have access to sensitive information, including information provided on a proprietary basis by carriers, equipment manufacturers and other private or public entities. Contractor personnel agree to safeguard such information and use the information exclusively in the performance of this contract. Contractor shall follow all VA rules and regulations regarding information security to prevent disclosure of sensitive information to unauthorized individuals or organizations as enumerated in this section and elsewhere in this Contract and its subparts and appendices. 4. Contractor shall limit access to the minimum number of personnel necessary for contract performance for all information considered sensitive or proprietary in nature. If the Contractor is uncertain of the sensitivity of any information obtained during the performance this contract, the Contractor has a responsibility to ask the VA Contracting Officer. 5. Contractor shall train all of their employees involved in the performance of this contract on their roles and responsibilities for proper handling and nondisclosure of sensitive VA or proprietary information. Contractor personnel shall not engage in any other action, venture or employment wherein sensitive information shall be used for the profit of any party other than those furnishing the information. The sensitive information transferred, generated, transmitted, or stored herein is for VA benefit and ownership alone. 6. Contractor shall maintain physical security at all facilities housing the activities performed under this contract, including any Contractor facilities according to VA-approved guidelines and directives. The Contractor shall ensure that security procedures are defined and enforced to ensure all personnel who are provided access to patient data must comply with published procedures to protect the privacy and confidentiality of such information as required by VA. 7. Contractor must adhere to the following: a. The use of “thumb drives” or any other medium for transport of information is expressly prohibited. b. Controlled access to system and security software and documentation. c. Recording, monitoring, and control of passwords and privileges. d. All terminated personnel are denied physical and electronic access to all data, program listings, data processing equipment and systems. VA, as well as any Contractor (or Subcontractor) systems used to support development, provide the capability to cancel immediately all access privileges and authorizations upon employee termination. e. Contractor PM and VA PM are informed within twenty-four (24) hours of any employee termination. f. Acquisition sensitive information shall be marked "Acquisition Sensitive" and shall be handled as "For Official Use Only (FOUO)". g. Contractor does not require access to classified data. 8. Regulatory standard of conduct governs all personnel directly and indirectly involved in procurements. All personnel engaged in procurement and related activities shall conduct business in a manner above reproach and, except as authorized by statute or regulation, Page 27 of 53 Page 27 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 with complete impartiality and with preferential treatment for none. The general rule is to strictly avoid any conflict of interest or even the appearance of a conflict of interest in VA/Contractor relationships. Page 28 of 53 Page 28 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 ADDENDUM B APPLICABLE PARAGRAPHS TAILORED FROM: THE VA INFORMATION AND INFORMATION SYSTEM SECURITY/PRIVACY LANGUAGE, VA HANDBOOK 6500.6, APPENDIX C, MARCH 12, 2010 GENERAL Contractors, Contractor personnel, Subcontractors, and Subcontractor personnel shall be subject to the same Federal laws, regulations, standards, and VA Directives and Handbooks as VA and VA personnel regarding information and information system security. ACCESS TO VA INFORMATION AND VA INFORMATION SYSTEMS a. A Contractor/Subcontractor shall request logical (technical) or physical access to VA information and VA information systems for their employees, Subcontractors, and affiliates only to the extent necessary to perform the services specified in the contract, agreement, or TO. b. All Contractors, Subcontractors, and third-party servicers and associates working with VA information are subject to the same investigative requirements as those of VA appointees or employees who have access to the same types of information. The level and process of background security investigations for Contractors must be in accordance with VA Directive and Handbook 0710, Personnel Suitability and Security Program. The Office for Operations, Security, and Preparedness is responsible for these policies and procedures. c. Contract personnel who require access to national security programs must have a valid security clearance. National Industrial Security Program (NISP) was established by Executive Order 12829 to ensure that cleared U.S. defense industry contract personnel safeguard the classified information in their possession while performing work on contracts, programs, bids, or research and development efforts. The Department of Veterans Affairs does not have a Memorandum of Agreement with Defense Security Service (DSS). Verification of a Security Clearance must be processed through the Special Security Officer located in the Planning and National Security Service within the Office of Operations, Security, and Preparedness. d. Custom software development and outsourced operations must be located in the U.S. to the maximum extent practical. If such services are proposed to be performed abroad and are not disallowed by other VA policy or mandates, the Contractor/Subcontractor must state where all nonU.S. services are provided and detail a security plan, deemed to be acceptable by VA, specifically to address mitigation of the resulting problems of communication, control, data protection, and so forth. Location within the U.S. may be an evaluation factor. e. The Contractor or Subcontractor must notify the Contracting Officer immediately when an employee working on a VA system or with access to VA information is reassigned or leaves the Page 29 of 53 Page 29 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 Contractor or Subcontractor’s employ. The Contracting Officer must also be notified immediately by the Contractor or Subcontractor prior to an unfriendly termination. VA INFORMATION CUSTODIAL LANGUAGE 1. Information made available to the Contractor or Subcontractor by VA for the performance or administration of this contract or information developed by the Contractor/Subcontractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of VA. This clause expressly limits the Contractor/Subcontractor's rights to use data as described in Rights in Data - General, FAR 52.22714(d) (1). 2. VA information should not be co-mingled, if possible, with any other data on the Contractors/Subcontractor’s information systems or media storage systems in order to ensure VA requirements related to data protection and media sanitization can be met. If co-mingling must be allowed to meet the requirements of the business need, the Contractor must ensure that VA information is returned to VA or destroyed in accordance with VA’s sanitization requirements. VA reserves the right to conduct onsite inspections of Contractor and Subcontractor IT resources to ensure data security controls, separation of data and job duties, and destruction/media sanitization procedures are in compliance with VA directive requirements. 3. Prior to termination or completion of this contract, Contractor/Subcontractor must not destroy information received from VA, or gathered/created by the Contractor in the course of performing this contract without prior written approval by VA. Any data destruction done on behalf of VA by a Contractor/Subcontractor must be done in accordance with National Archives and Records Administration (NARA) requirements as outlined in VA Directive 6300, Records and Information Management and its Handbook 6300.1 Records Management Procedures, applicable VA Records Control Schedules, and VA Handbook 6500.1, Electronic Media Sanitization. Self-certification by the Contractor that the data destruction requirements above have been met must be sent to the VA Contracting Officer within 30 days of termination of the contract. 4. The Contractor/Subcontractor must receive, gather, store, back up, maintain, use, disclose and dispose of VA information only in compliance with the terms of the contract and applicable Federal and VA information confidentiality and security laws, regulations and policies. If Federal or VA information confidentiality and security laws, regulations and policies become applicable to VA information or information systems after execution of the contract, or if NIST issues or updates applicable FIPS or Special Publications (SP) after execution of this contract, the parties agree to negotiate in good faith to implement the information confidentiality and security laws, regulations and policies in this contract. 5. The Contractor/Subcontractor shall not make copies of VA information except as authorized and necessary to perform the terms of the agreement or to preserve electronic information stored on Contractor/Subcontractor electronic storage media for restoration in case any electronic equipment or data used by the Contractor/Subcontractor needs to be restored to an operating state. If copies are Page 30 of 53 Page 30 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 made for restoration purposes, after the restoration is complete, the copies must be appropriately destroyed. 6. If VA determines that the Contractor has violated any of the information confidentiality, privacy, and security provisions of the contract, it shall be sufficient grounds for VA to withhold payment to the Contractor or third party or terminate the contract for default or terminate for cause under Federal Acquisition Regulation (FAR) part 12. 7. If a VHA contract is terminated for cause, the associated Business Associate Agreement (BAA) must also be terminated and appropriate actions taken in accordance with VHA Handbook 1600.01, Business Associate Agreements. Absent an agreement to use or disclose protected health information, there is no business associate relationship. 8. The Contractor/Subcontractor must store, transport, or transmit VA sensitive information in an encrypted form, using VA-approved encryption tools that are, at a minimum, FIPS 140-2 validated. 9. The Contractor/Subcontractor’s firewall and Web services security controls, if applicable, shall meet or exceed VA minimum requirements. VA Configuration Guidelines are available upon request. 10. Except for uses and disclosures of VA information authorized by this contract for performance of the contract, the Contractor/Subcontractor may use and disclose VA information only in two other situations: (i) in response to a qualifying order of a court of competent jurisdiction, or (ii) with VA prior written approval. The Contractor/Subcontractor must refer all requests for, demands for production of, or inquiries about, VA information and information systems to the VA contracting officer for response. 11. Notwithstanding the provision above, the Contractor/Subcontractor shall not release VA records protected by Title 38 U.S.C. 5705, confidentiality of medical quality assurance records and/or Title 38 U.S.C. 7332, confidentiality of certain health records pertaining to drug addiction, sickle cell anemia, alcoholism or alcohol abuse, or infection with human immunodeficiency virus. If the Contractor/Subcontractor is in receipt of a court order or other requests for the above mentioned information, that Contractor/Subcontractor shall immediately refer such court orders or other requests to the VA contracting officer for response. 12. For service that involves the storage, generating, transmitting, or exchanging of VA sensitive information but does not require C&A or a Memorandum of Understanding-Interconnection Service Agreement (MOU-ISA) for system interconnection, the Contractor/Subcontractor must complete a Contractor Security Control Assessment (CSCA) on a yearly basis and provide it to the COR. INFORMATION SYSTEM DESIGN AND DEVELOPMENT 1. Information systems that are designed or developed for or on behalf of VA at non-VA facilities shall comply with all VA directives developed in accordance with FISMA, HIPAA, NIST, and related VA security and privacy control requirements for Federal information systems. This includes standards for the protection of electronic PHI, outlined in 45 C.F.R. Part 164, Subpart C, information Page 31 of 53 Page 31 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 and system security categorization level designations in accordance with FIPS 199 and FIPS 200 with implementation of all baseline security controls commensurate with the FIPS 199 system security categorization (reference Appendix D of VA Handbook 6500, VA Information Security Program). During the development cycle a Privacy Impact Assessment (PIA) must be completed, provided to the COR, and approved by the VA Privacy Service in accordance with Directive 6508, VA Privacy Impact Assessment. 2. The Contractor/Subcontractor shall certify to the COR that applications are fully functional and operate correctly as intended on systems using the VA Federal Desktop Core Configuration (FDCC), and the common security configuration guidelines provided by NIST or VA. This includes Internet Explorer 7 configured to operate on Windows XP and Vista (in Protected Mode on Vista) and future versions, as required. 3. The standard installation, operation, maintenance, updating, and patching of software shall not alter the configuration settings from the VA approved and FDCC configuration. Information technology staff must also use the Windows Installer Service for installation to the default “program files” directory and silently install and uninstall. 4. Applications designed for normal end users shall run in the standard user context without elevated system administration privileges. 5. The security controls must be designed, developed, approved by VA, and implemented in accordance with the provisions of VA security system development life cycle as outlined in NIST Special Publication 800-37, Guide for Applying the Risk Management Framework to Federal Information Systems, VA Handbook 6500, Information Security Program and VA Handbook 6500.5, Incorporating Security and Privacy in System Development Lifecycle. 6. The Contractor/Subcontractor is required to design, develop, or operate a System of Records Notice (SOR) on individuals to accomplish an agency function subject to the Privacy Act of 1974, (as amended), Public Law 93-579, December 31, 1974 (5 U.S.C. 552a) and applicable agency regulations. Violation of the Privacy Act may involve the imposition of criminal and civil penalties. 7. The Contractor/Subcontractor agrees to: a. Comply with the Privacy Act of 1974 (the Act) and the agency rules and regulations issued under the Act in the design, development, or operation of any system of records on individuals to accomplish an agency function when the contract specifically identifies: i. The Systems of Records (SOR); and ii. The design, development, or operation work that the Contractor/Subcontractor is to perform; Page 32 of 53 Page 32 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 b. Include the Privacy Act notification contained in this contract in every solicitation and resulting subcontract and in every subcontract awarded without a solicitation, when the work statement in the proposed subcontract requires the redesign, development, or operation of a SOR on individuals that is subject to the Privacy Act; and c. Include this Privacy Act clause, including this subparagraph (3), in all subcontracts awarded under this contract which requires the design, development, or operation of such a SOR 8. In the event of violations of the Act, a civil action may be brought against the agency involved when the violation concerns the design, development, or operation of a SOR on individuals to accomplish an agency function, and criminal penalties may be imposed upon the officers or employees of the agency when the violation concerns the operation of a SOR on individuals to accomplish an agency function. For purposes of the Act, when the contract is for the operation of a SOR on individuals to accomplish an agency function, the Contractor/Subcontractor is considered to be an employee of the agency. a. “Operation of a System of Records” means performance of any of the activities associated with maintaining the SOR, including the collection, use, maintenance, and dissemination of records. b. “Record” means any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, education, financial transactions, medical history, and criminal or employment history and contains the person’s name, or identifying number, symbol, or any other identifying particular assigned to the individual, such as a fingerprint or voiceprint, or a photograph. c. “System of Records” means a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual. 9. The vendor shall ensure the security of all procured or developed systems and technologies, including their subcomponents (hereinafter referred to as “Systems”), throughout the life of this contract and any extension, warranty, or maintenance periods. This includes, but is not limited to workarounds, patches, hot fixes, upgrades, and any physical components (hereafter referred to as Security Fixes) which may be necessary to fix all security vulnerabilities published or known to the vendor anywhere in the Systems, including Operating Systems and firmware. The vendor shall ensure that Security Fixes shall not negatively impact the Systems. 10. The vendor shall notify VA within 24 hours of the discovery or disclosure of successful exploits of the vulnerability which can compromise the security of the Systems (including the confidentiality or integrity of its data and operations, or the availability of the system). Such issues shall be remediated as quickly as is practical, based upon the severity of the incident. 11. When the Security Fixes involve installing third party patches (such as Microsoft OS patches or Adobe Acrobat), the vendor will provide written notice to VA that the patch has been validated as not Page 33 of 53 Page 33 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 affecting the Systems within 10 working days. When the vendor is responsible for operations or maintenance of the Systems, they shall apply the Security Fixes based upon the severity of the incident. 12. All other vulnerabilities shall be remediated as specified in this paragraph in a timely manner based on risk, but within 60 days of discovery or disclosure. Exceptions to this paragraph (e.g. for the convenience of VA) shall only be granted with approval of the contracting officer and the VA Assistant Secretary for Office of Information and Technology. INFORMATION SYSTEM HOSTING, OPERATION, MAINTENANCE, OR USE a. For information systems that are hosted, operated, maintained, or used on behalf of VA at nonVA facilities, Contractors/Subcontractors are fully responsible and accountable for ensuring compliance with all HIPAA, Privacy Act, FISMA, NIST, FIPS, and VA security and privacy directives and handbooks. This includes conducting compliant risk assessments, routine vulnerability scanning, system patching and change management procedures, and the completion of an acceptable contingency plan for each system. The Contractor’s security control procedures must be equivalent, to those procedures used to secure VA systems. A Privacy Impact Assessment (PIA) must also be provided to the COR and approved by VA Privacy Service prior to operational approval. All external Internet connections to VA network involving VA information must be reviewed and approved by VA prior to implementation. b. Adequate security controls for collecting, processing, transmitting, and storing of Personally Identifiable Information (PII), as determined by the VA Privacy Service, must be in place, tested, and approved by VA prior to hosting, operation, maintenance, or use of the information system, or systems by or on behalf of VA. These security controls are to be assessed and stated within the PIA and if these controls are determined not to be in place, or inadequate, a Plan of Action and Milestones (POA&M) must be submitted and approved prior to the collection of PII. c. Outsourcing (Contractor facility, Contractor equipment or Contractor staff) of systems or network operations, telecommunications services, or other managed services requires certification and accreditation (authorization) (C&A) of the Contractor’s systems in accordance with VA Handbook 6500.3, Certification and Accreditation and/or the VA OCS Certification Program Office. Governmentowned (Government facility or Government equipment) Contractor-operated systems, third party or business partner networks require memorandums of understanding and interconnection agreements (MOU-ISA) which detail what data types are shared, who has access, and the appropriate level of security controls for all systems connected to VA networks. d. The Contractor/Subcontractor’s system must adhere to all FISMA, FIPS, and NIST standards related to the annual FISMA security controls assessment and review and update the PIA. Any deficiencies noted during this assessment must be provided to the VA contracting officer and the ISO for entry into the VA POA&M management process. The Contractor/Subcontractor must use the VA POA&M process to document planned remedial actions to address any deficiencies in information security policies, procedures, and practices, and the completion of those activities. Security Page 34 of 53 Page 34 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 deficiencies must be corrected within the timeframes approved by the Government. Contractor/Subcontractor procedures are subject to periodic, unannounced assessments by VA officials, including the VA Office of Inspector General. The physical security aspects associated with Contractor/Subcontractor activities must also be subject to such assessments. If major changes to the system occur that may affect the privacy or security of the data or the system, the C&A of the system may need to be reviewed, retested and re-authorized per VA Handbook 6500.3. This may require reviewing and updating all of the documentation (PIA, System Security Plan, and Contingency Plan). The Certification Program Office can provide guidance on whether a new C&A would be necessary. e. The Contractor/Subcontractor must conduct an annual self-assessment on all systems and outsourced services as required. Both hard copy and electronic copies of the assessment must be provided to the COR. The Government reserves the right to conduct such an assessment using Government personnel or another Contractor/Subcontractor. The Contractor/Subcontractor must take appropriate and timely action (this can be specified in the contract) to correct or mitigate any weaknesses discovered during such testing, generally at no additional cost. f. VA prohibits the installation and use of personally-owned or Contractor/Subcontractor owned equipment or software on the VA network. If non-VA owned equipment must be used to fulfill the requirements of a contract, it must be stated in the service agreement, SOW or contract. All of the security controls required for Government furnished equipment (GFE) must be utilized in approved other equipment (OE) and must be funded by the owner of the equipment. All remote systems must be equipped with, and use, a VA-approved antivirus (AV) software and a personal (host-based or enclave based) firewall that is configured with a VA approved configuration. Software must be kept current, including all critical updates and patches. Owners of approved OE are responsible for providing and maintaining the anti-viral software and the firewall on the non-VA owned OE. g. All electronic storage media used on non-VA leased or non-VA owned IT equipment that is used to store, process, or access VA information must be handled in adherence with VA Handbook 6500.1, Electronic Media Sanitization upon: (i) completion or termination of the contract or (ii) disposal or return of the IT equipment by the Contractor/Subcontractor or any person acting on behalf of the Contractor/Subcontractor, whichever is earlier. Media (hard drives, optical disks, CDs, back-up tapes, etc.) used by the Contractors/Subcontractors that contain VA information must be returned to VA for sanitization or destruction or the Contractor/Subcontractor must self-certify that the media has been disposed of per 6500.1 requirements. This must be completed within 30 days of termination of the contract. h. Bio-Medical devices and other equipment or systems containing media (hard drives, optical disks, etc.) with VA sensitive information must not be returned to the vendor at the end of lease, for trade-in, or other purposes. The options are: 1) Vendor must accept the system without the drive; Page 35 of 53 Page 35 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 2) VA’s initial medical device purchase includes a spare drive which must be installed in place of the original drive at time of turn-in; or 3) VA must reimburse the company for media at a reasonable open market replacement cost at time of purchase. 4) Due to the highly specialized and sometimes proprietary hardware and software associated with medical equipment/systems, if it is not possible for VA to retain the hard drive, then; a) The equipment vendor must have an existing BAA if the device being traded in has sensitive information stored on it and hard drive(s) from the system are being returned physically intact; and b) Any fixed hard drive on the device must be non-destructively sanitized to the greatest extent possible without negatively impacting system operation. Selective clearing down to patient data folder level is recommended using VA approved and validated overwriting technologies/methods/tools. Applicable media sanitization specifications need to be preapproved and described in the purchase order or contract. c) A statement needs to be signed by the Director (System Owner) that states that the drive could not be removed and that (a) and (b) controls above are in place and completed. The ISO needs to maintain the documentation. SECURITY INCIDENT INVESTIGATION a. The term “security incident” means an event that has, or could have, resulted in unauthorized access to, loss or damage to VA assets, or sensitive information, or an action that breaches VA security procedures. The Contractor/Subcontractor shall immediately notify the COR and simultaneously, the designated ISO and Privacy Officer for the contract of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information, including that contained in system(s) to which the Contractor/Subcontractor has access. b. To the extent known by the Contractor/Subcontractor, the Contractor/Subcontractor’s notice to VA shall identify the information involved, the circumstances surrounding the incident (including to whom, how, when, and where the VA information or assets were placed at risk or compromised), and any other information that the Contractor/Subcontractor considers relevant. c. With respect to unsecured protected health information, the business associate is deemed to have discovered a data breach when the business associate knew or should have known of a breach of such information. Upon discovery, the business associate must notify the covered entity of the breach. Notifications need to be made in accordance with the executed business associate agreement. Page 36 of 53 Page 36 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 d. In instances of theft or break-in or other criminal activity, the Contractor/Subcontractor must concurrently report the incident to the appropriate law enforcement entity (or entities) of jurisdiction, including the VA OIG and Security and Law Enforcement. The Contractor, its employees, and its Subcontractors and their employees shall cooperate with VA and any law enforcement authority responsible for the investigation and prosecution of any possible criminal law violation(s) associated with any incident. The Contractor/Subcontractor shall cooperate with VA in any civil litigation to recover VA information, obtain monetary or other compensation from a third party for damages arising from any incident, or obtain injunctive relief against any third party arising from, or related to, the incident. LIQUIDATED DAMAGES FOR DATA BREACH a. Consistent with the requirements of 38 U.S.C. §5725, a contract may require access to sensitive personal information. If so, the Contractor is liable to VA for liquidated damages in the event of a data breach or privacy incident involving any SPI the Contractor/Subcontractor processes or maintains under this contract. b. The Contractor/Subcontractor shall provide notice to VA of a “security incident” as set forth in the Security Incident Investigation section above. Upon such notification, VA must secure from a nonDepartment entity or the VA Office of Inspector General an independent risk analysis of the data breach to determine the level of risk associated with the data breach for the potential misuse of any sensitive personal information involved in the data breach. The term 'data breach' means the loss, theft, or other unauthorized access, or any access other than that incidental to the scope of employment, to data containing sensitive personal information, in electronic or printed form, that results in the potential compromise of the confidentiality or integrity of the data. Contractor shall fully cooperate with the entity performing the risk analysis. Failure to cooperate may be deemed a material breach and grounds for contract termination. c. Each risk analysis shall address all relevant information concerning the data breach, including the following: 1) 2) Nature of the event (loss, theft, unauthorized access); Description of the event, including: a) date of occurrence; b) data elements involved, including any PII, such as full name, social security number, date of birth, home address, account number, disability code; 3) Number of individuals affected or potentially affected; 4) Names of individuals or groups affected or potentially affected; Page 37 of 53 Page 37 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 5) Ease of logical data access to the lost, stolen or improperly accessed data in light of the degree of protection for the data, e.g., unencrypted, plain text; 6) Amount of time the data has been out of VA control; 7) The likelihood that the sensitive personal information will or has been compromised (made accessible to and usable by unauthorized persons); 8) Known misuses of data containing sensitive personal information, if any; 9) Assessment of the potential harm to the affected individuals; 10) Data breach analysis as outlined in 6500.2 Handbook, Management of Security and Privacy Incidents, as appropriate; and 11) Whether credit protection services may assist record subjects in avoiding or mitigating the results of identity theft based on the sensitive personal information that may have been compromised. d. Based on the determinations of the independent risk analysis, the Contractor shall be responsible for paying to VA liquidated damages in the amount of $37.50 per affected individual to cover the cost of providing credit protection services to affected individuals consisting of the following: 1) Notification; 2) One year of credit monitoring services consisting of automatic daily monitoring of at least 3 relevant credit bureau reports; 3) Data breach analysis; 4) Fraud resolution services, including writing dispute letters, initiating fraud alerts and credit freezes, to assist affected individuals to bring matters to resolution; 5) One year of identity theft insurance with $20,000.00 coverage at $0 deductible; and 6) Necessary legal expenses the subjects may incur to repair falsified or damaged credit records, histories, or financial affairs. SECURITY CONTROLS COMPLIANCE TESTING On a periodic basis, VA, including the Office of Inspector General, reserves the right to evaluate any or all of the security controls and privacy practices implemented by the Contractor under the clauses contained within the contract. With 10 working-days’ notice, at the request of the Government, the Contractor must fully cooperate and assist in a Government-sponsored security controls assessment at each location wherein VA information is processed or stored, or information systems are developed, operated, maintained, or used on behalf of VA, including those initiated by the Office of Inspector General. The Government may conduct a security control assessment on shorter notice (to include unannounced assessments) as determined by VA in the event of a security incident or at any other time. Page 38 of 53 Page 38 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 TRAINING a. All Contractor employees and Subcontractor employees requiring access to VA information and VA information systems shall complete the following before being granted access to VA information and its systems: 1) Sign and acknowledge (either manually or electronically) understanding of and responsibilities for compliance with the Contractor Rules of Behavior, Appendix D relating to access to VA information and information systems; 2) Successfully complete the VA Privacy and Information Security Awareness and Rules of Behavior training and annually complete required security training; 3) Successfully complete Privacy and HIPAA Training if Contractor will have access to PHI; 4) Successfully complete the appropriate VA privacy training and annually complete required privacy training; and 5) Successfully complete any additional cyber security or privacy training, as required for VA personnel with equivalent information system access b. The Contractor shall provide to the contracting officer and/or the COR a copy of the training certificates and certification of signing the Contractor Rules of Behavior for each applicable employee within 1 week of the initiation of the contract and annually thereafter, as required. Failure to complete the mandatory annual training and sign the Rules of Behavior annually, within the timeframe required, is grounds for suspension or termination of all physical or electronic access privileges and removal from work on the contract until such time as the training and documents are complete. Page 39 of 53 Page 39 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 ADDENDUM C VA Central Offices: VA Central Office Station ID Facility Address State 741 VA Health Administration Center, Denver 3773 Cherry Creek North Drive Denver, CO 80209 CO 104 Austin, Financial Services Center 1615 E. Woodward St. Austin, TX 78772 TX 00CFM3 Construction & Facilities Management Regional Office West 1175 Nimitz Avenue, Suite 200 Vallejo, CA 94592 CA Veterans Health Administration: VISN 18: VA Southwest Health Care Network Station ID Facility Address State 10N18 VISN 18: VA Southwest Health Care Network 6950 E. Williams Field Road Mesa, AZ 85212-6033 AZ 504 Amarillo VA Health Care System 6010 Amarillo Boulevard, West Amarillo, TX 79106 TX 756 El Paso VA Health Care System 5001 North Piedras Street El Paso, TX 79930-4211 TX 501 New Mexico VA Health Care System 1501 San Pedro Drive, SE Albuquerque, NM 87108-5153 NM 649 Northern Arizona VA Health Care System 500 North Highway 89 Prescott, AZ 86313 AZ 644 Phoenix VA Health Care System 650 E. Indian School Road Phoenix, AZ 85012 AZ 678 Southern Arizona VA Health Care System 3601 South 6th Avenue Tucson, AZ 85723 AZ 519 West Texas VA Health Care System 300 Veterans Blvd. Big Spring, TX 79720 TX 504BY Lubbock Clinic 6104 Avenue Q South Drive Lubbock, TX 79412 TX 519HC Abilene CBOC 3850 Ridgemont Abilene, TX 79606 TX 501 Alamogordo CCBOC 3199 N. White Sands Blvd., Suite D10 Alamogordo, NM 88310 NM 649GE Anthem CBOC 3618 West Anthem Way, Bldg. D, #120 Anthem, AZ 85086 AZ 501GA Artesia Clinic 1700 W. Main St., Artesia, NM 88210-3712 NM 644 Buckeye VA Health Care Clinic 213 E. Monroe Ave., Buckeye, AZ 85326 AZ 678GC Casa Grande CBOC 1876 E. Sabin Drive, Building A Ste 15 Casa Grande, AZ 85222 AZ 504GB Childress Clinic 1001 Highway 83 North Childress, TX 79201 TX 504BZ Clovis CBOC 921 East Llano Estacado Clovis, NM 88101 NM 649GE Cottonwood CBOC 501 South Willard Cottonwood, AZ 86326 AZ 501GJ Durango CCBOC 1970 East Third Avenue, Suite 102 Durango, CO 81301 CO Page 40 of 53 Page 40 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 756GB Eastside El Paso CBOC 2400 Trawood Drive Suite 200 El Paso, TX 79936 TX 501GE Espanola CCBOC 105 S. Coronado Ave. Espanola, NM 87532 NM 501GB Farmington CBOC 1001 West Broadway, Suite C Farmington, NM 87401-5638 NM 649GB Flagstaff CBOC 1300 W. University Ave. Suite 200 Flagstaff, AZ 86001 AZ 519HB Fort Stockton Clinic 501 North Main Street Fort Stockton, TX 79735 TX 501GD Gallup CBOC 520 Hwy 564 Gallup, NM 87301 NM 644 Globe-Miami VA Health Care Clinic 5860 S. Hospital Drive, Suite 111 Globe, AZ 85501-9449 AZ 678GE Green Valley CBOC 380 W. Vista Hermosa Drive #140 Green Valley, AZ 85614 AZ 519GB Hobbs CBOC 1601 N Turner (4th Floor) Hobbs, NM 88340 NM 649GA Kingman CBOC 1726 East Beverly Avenue Kingman, AZ 86409 AZ 649GC Lake Havasu City CBOC 2035 Mesquite, Suite D Lake Havasu City, AZ 86403 AZ 756GA Las Cruces CBOC 1635 Don Roser Las Cruces, NM 88001 NM 501GZ Las Vegas CCBOC 624 University Ave., Las Vegas, NM 87701 NM 501GM Northwest Metro 1760 Grande Blvd SE Rio Rancho, NM 87124 NM 644GA Northwest VA Health Care Clinic 13985 W. Grand Avenue, Suite 101 Surprise, AZ 85374 AZ 519GA Odessa Clinic 4141 N. Tanglewood, Suite 201 Odessa, TX 79762 TX 644GD Payson VA Health Care Clinic 1106 N. Beeline Highway Payson, AZ 85541 AZ 501HB Raton CBOC 1275 South 2nd Street, Raton, NM 87440-2234 NM 678GD Safford Clinic 711 South 14th Avenue Safford, AZ 85546 AZ 519HF San Angelo Clinic 2018 Pulliam San Angelo, TX 76905 TX 501 Santa Fe CBOC 2213 Brothers Road, Suite 600 Santa Fe, NM 87505 NM 644GB Show Low VA Health Care Clinic 5171 Cub Lake Road, Suite C380 Show Low, AZ 85901 AZ 678GA Sierra Vista Clinic 101 N. Coronado Drive Suite A Sierra Vista, AZ 85635 AZ 501GC Silver City Clinic 1302 32nd St., Silver City, NM 88601 NM 644BY Southeast VA Health Care Clinic 6950 E. Williams Field Road, Bldg. 23 Mesa, AZ 85212-6033 AZ 519AB Stamford Clinic 1601 N Columbia Stamford, TX 79553 TX 501 Taos CCBOC 1353 Paseo Del Pueblo Sur Taos, NM 87571 NM 644GE Thunderbird VA Health Care Clinic 9424 N. 25th Ave. Phoenix, AZ 85021 AZ 501GH Truth or Consequences CCBOC 1960 North Date Street Truth or Consequences, NM 87901 NM Page 41 of 53 Page 41 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 678GF VA Northwest Tucson Clinic 2945 W. Ina Road Tucson, AZ 85741 AZ 678GG VA Southeast Tucson Clinic 7395 S. Houghton Road Ste 129 Tucson, AZ 85747 AZ 470-8262 Yuma Clinic 2555 E. Gila Ridge Road Yuma, AZ 85365 AZ 0515V Albuquerque Vet Center 1600 Mountain Road NW Albuquerque, NM 87104 NM 0702V Amarillo Vet Center 3414 Olsen Blvd. Suite E Amarillo, TX 79109 TX Navajo Route 7, Old BIA Complex-B59 Chinle, AZ 86503 05161V Chinle Vet Center Outstation Mailing Address: P.O. Box 1934 Chinle, AZ 86503 AZ 0707V El Paso Vet Center 1155 Westmoreland Suite 121 El Paso, TX 79925 TX 0516V Farmington Vet Center 4251 E. Main Suite C Farmington, NM 87402 NM 5162 Hopi Vet Center Outstation P.O. Box 929, 1 Main St. Hotevilla, AZ 86030 AZ 530 Las Cruces Vet Center 230 S. Water Street Las Cruces, NM 88001 NM 0714V Lubbock Vet Center 3106 50th st sute 400 Lubbock, TX 79413 TX 524 Mesa Vet Center 1303 South Longmore, Suite 5 Mesa, AZ 85202 AZ 716 Midland Vet Center 2817 W. Loop 250 N., Suite E Midland, TX 79707 TX 0517V Phoenix Vet Center 77 E. Weldon Ave., Suite 100 Phoenix, AZ 85012 AZ 0518V Prescott Vet Center 3180 Stillwater Drive, Suite A Prescott, AZ 86305 AZ 0520V Santa Fe Vet Center 2209 Brothers Road Suite 110 Santa Fe, NM 87505 NM 0733V Taylor County Vet Center 3564 N 6th Street Abilene, TX 79603 TX 0521V Tucson Vet Center 3055 N. First Avenue Tucson, AZ 85719 AZ 0533V West Valley Vet Center 14050 N. 83rd Avenue Suite 170 Peoria, AZ 85381 AZ 0537V Yuma Vet Center 1450 E. 16th St, Suite 103 Yuma, AZ 85365 AZ Veterans Health Administration: VISN 19: Rocky Mountain Network Station ID Facility Address State 10N19 VISN 19: Rocky Mountain Network 4100 E. Mississippi Ave., 11th floor Glendale, CO 80246 CO 554 VA Eastern Colorado Health Care System(ECHCS) 1055 Clermont Street Denver, CO 80220 CO 436 VA Montana Health Care System 3687 Veterans Drive, P.O.BOX 1500 Fort Harrison, MT 59636 MT 660 VA Salt Lake City Health Care System 500 Foothill Drive Salt Lake City, UT 84148 UT 442 Cheyenne VA Medical 2360 E. Pershing Blvd. Cheyenne, WY 82001 WY Page 42 of 53 Page 42 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 575 Grand Junction VA Medical Center 2121 North Avenue Grand Junction, CO 81501 CO 666 Sheridan VA Medical Center 1898 Fort Road Sheridan, WY 82801 WY 666 Afton Outreach Clinic 125 South Washington Afton, WY 83110 WY 554GI Burlington VA Outreach Clinic 1177 Rose Avenue Burlington, CO 80807 CO 666 Evanston Primary Care Telehealth Outreach Clinic 1565 South Highway 150 #E Evanston, WY 82930 WY 436 Hamilton Primary Care Telehealth Outreach Clinic 299 Fairgrounds Suite A Hamilton, MT 59840 MT 436HC Havre VA Community Based Outreach Clinic 130 13th Street, Suite 1 Havre, MT 59501 MT 554 Jewell Clinic 14400 E Jewell Ave Aurora, CO 80012 CO 442 Laramie Mobile Telehealth Clinic 2901 Armory Road Laramie, WY 82702 WY 436 Plentywood Primary Care Telehealth Outreach Clinic 440 West Laurel Avenue Plentywood, MT 59254 MT 442 Rawlins PCTOC 1809 East Daley Street Rawlins, WY 82301 WY 554 Salida VA Telehealth Clinic 920 Rush Drive Salida, CO 81201 CO 442 Sterling Mobile Telehealth Clinic American Legion, Post # 20, 1602 Hwy. 6 Sterling, CO 80751 CO 442 Torrington Mobile Telehealth Clinic 2908 West 25th Ave. Torrington, WY 82240 WY 442 Wheatland Mobile Telehealth Clinic 759 East Cole Street Wheatland, WY 82201 WY 666 Worland Primary Care Telehealth Outreach Clinic 510 South 15th., Suite D Worland, WY 82401 WY 567GC Alamosa /San Luis Valley Clinic/Sierra Blanca Med. Ctr. 622 Del Sol Drive Alamosa, CO 81101 CO 436GA Anaconda VA Community Based Outpatient Clinic 118 East 7th St., Anaconda, MT 59711 MT 554GB Aurora Outpatient Clinic 13701 E Mississippi Ave Gateway Medical Bldg #200 Aurora, CO 80012 CO 436GH Billings VA Community Based Outpatient Clinic 1775 Spring Creek Lane Billings, MT 59102 MT 436GD Bozeman VA Community Based Outpatient Clinic 300 N. Wilson, Suite 703G Bozeman, MT 59715 MT 666GB Casper Outpatient Clinic 4140 S. Poplar Str. Casper, WY 82601 WY 554GE Colorado Springs Clinic 25 North Spruce Street Colorado Springs, CO 80905 CO 575GB Craig CBOC 551 Tucker Street Craig, CO 81625 CO 436 Cut Bank VA Community Based Outpatient Clinic #8 2nd Ave SE Cut Bank, MT 59427 MT Page 43 of 53 Page 43 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 660GK Elko Outreach Clinic 2715 Argent Ave. Elko, NV 89801 NV 660GC Ely CBOC William Bee Ririe Rural Health Clinic, #6 Steptoe Circle Ely, NV 89301 NV 442GC Fort Collins Outpatient Clinic 2509 Research Blvd. Fort Collins, CO 80526-8108 CO 666GB Gillette Outpatient Clinic 604 express Drive Gillette, WY 82718 WY 436GI Glasgow VA Community Based Outpatient Clinic 630 Second Ave. South, Suite A Glasgow, MT 59230 MT 436GK Glendive VA Community Based Outpatient Clinic 2000 Montana Ave. Glendive, MT 59330 MT 436GB Great Falls VA Community Based Outpatient Clinic 1417-9th Street South, Suite 200 and 300 Great Falls, MT 59405 MT 442GD Greeley Outpatient Clinic 2001 70th Ave Suite# 200 Greeley, CO 80631-4621 CO 660 Idaho Falls Outreach Clinic 3544 East 17th Street Idaho Falls, ID 83406 ID 436GF Kalispell VA Community Based Outpatient Clinic 31 Three Mile Dr Ste 102 Kalispell, MT 59903 MT 554GG La Junta Outpatient Clinic 1100 Carson Ave., Suite 104 La Junta, CO 81050 CO 554/GC Lakewood Outpatient Clinic 155 Van Gordon Street, Suite 395 Lakewood, CO 80225 CO 554GH Lamar Outpatient Clinic 405 Kendall Drive Lamar, CO 81052 CO 436 Lewistown VA Community Based Outpatient Clinic 629 NE Main Street (Hwy 87) Lewistown, MT 59457 MT 436GJ Miles City VA Community Based Outreach Clinic/ Nursing Home 210 S. Winchester Miles City, MT 59301 MT 436GC Missoula VA Community Based Outpatient Clinic 2687 Palmer Street, Suite C Missoula, MT 59808 MT 575GA Montrose Outpatient Clinic 4 Hillcrest Plaza Way Montrose, CO 81401 CO 660GI Nephi CBOC 48 W. 1500 N. Nephi, UT 84648 UT 660GB Ogden CBOC 982 Chambers Street South Ogden, UT 84403 UT 660GE Orem CBOC 1443 West 800 North, Suite #302 Orem, UT 84057-3658 UT 660GA Pocatello CBOC 444 Hospital Way, Suite 801 Pocatello, ID 83201 ID 666GD Powell Outpatient Clinic 777 Avenue H Powell, WY 82435 WY 660 Price CBOC 189 South 600 West, Suite B Price, UT 84501 UT 554GD Pueblo Outpatient Clinic 4112 Outlook Boulevard Pueblo, CO 81008 CO 666GC Riverton Outpatient Clinic 2300 Rose Lane Riverton, WY 82501 WY 666GF Rock Springs Outpatient Clinic 1401 Gateway Rock Springs, WY 82901 WY Page 44 of 53 Page 44 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 660GD Roosevelt CBOC 245 West 200 North Roosevelt, UT 84066-2336 UT 0514V Salt Lake Vet Center 22 West Fireclay Avenue Murray, UT 84107-2637 UT 442GB Sidney VA Outpatient Clinic 1116 10th Ave Sidney, NE 69162 NE 660GG St. George CBOC 1067 East Tabernacle, Suite 7 St. George, UT 84770 UT 660GJ Western Salt Lake CBOC 2750 South 5600 West West Valley City, UT 84120 UT 0500V 4A RCS Western Mountain Regional Office 789 Sherman Street, Suite 570 Denver, CO 80203 CO 436 Billings Vet Center 2795 Enterprise Ave., Suite 1 Billings, MT 59102 MT 527 Boulder Vet Center 4999 Pearl East Circle, Suite 106 Boulder, CO 80301 CO 0519V Casper Vet Center 1030 North Poplar Casper, WY 82601 WY 0501V Cheyenne Vet Center 3219 E Pershing Blvd Cheyenne, WY 82001 WY 525 Colorado Springs Vet Center 602 South Nevada Avenue Colorado Springs, CO 80903 CO 0504V Denver Vet Center 7465 East First Avenue Suite B Denver, CO 80230 CO 0543V Fort Collins Vet Center 702 W Drake Builing C Fort Collins, CO 80526 CO 526 Grand Junction Vet Center 2472 Patterson Road Unit 16 Grand Junction, CO 81505 CO 538 Great Falls Vet Center 615 2nd Avenue North Great Falls, MT 59401 MT 539 Kalispell Vet Center 690 North Meridian Road, Suite 101 Kalispell, MT 59901 MT 528 Missoula Vet Center 500 N. Higgins Avenue, Suite 202 Missoula, MT 59802 MT 531 Pocatello Vet Center 1800 Garrett Way Pocatello, ID 83201 ID 532 Provo Vet Center 1807 No. 1120 West Provo, UT 84604 UT 542 Pueblo Vet Center 1515 Fortino Blvd., Suite 130 Pueblo, CO 81008 CO 0540v St. George Vet Center 1664 South Dixie Drive, Suite C-102 St. George, UT 84770-4494 UT Address State Veterans Health Administration: VISN 20: Northwest Network Station ID Facility 1601 4th Plain Blvd Building 17, 4th Floor, Suite 402 Vancouver, WA 98661 10N20 VISN 20: Northwest Network Mailing Address: P.O. Box 1035 Portland, OR 97207 WA 463 Alaska VA Healthcare System 1201 North Muldoon Road Anchorage, AK 99504 AK 663A4 VA Puget Sound Health Care System - American Lake Division 9600 Veterans Dr Lakewood, WA 98493 WA Page 45 of 53 Page 45 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 663 VA Puget Sound Health Care System - Seattle Division 1660 S. Columbian Way Seattle, WA 98108-1597 WA 653 VA Roseburg Healthcare System 913 NW Garden Valley Blvd. Roseburg, OR 97471-6513 OR 531 Boise VA Medical Center 500 West Fort Street Boise, ID 83702 ID 687 Jonathan M. Wainwright Memorial VA Medical Center 77 Wainwright Drive Walla Walla, WA 99362 WA 648 Portland VA Medical Center 3710 SW U.S. Veterans Hospital Road Portland, OR 97239 OR 648 Portland VA Medical Center - Vancouver Campus 1601 E. 4th Plain Blvd Vancouver, WA 98661 WA 668 Spokane VA Medical Center 4815 N. Assembly Street Spokane, WA 99205-6197 WA 531 Burns OPC (Extension Clinic) 271 N Egan Ave Burns, OR 97720 OR 709 West 9th Street, Suite 150 Juneau, AK 99801 463 Juneau VA Outreach Clinic Mailing Address: P.O. Box 20069 Juneau, AK 99802 AK 531 Mountain Home Idaho Outpatient Clinic 815 North 6th East Mountain Home, ID 83647 ID 648 Newport Clinic 1010 SW Coast Highway Newport, OR 97365 OR 531 Salmon Outreach Clinic 705 Lena Street Salmon, ID 83467 ID 648JA The Dalles OPC 704 Veterans Drive The Dalles, OR 97058 OR 648 West Linn Clinic 1750 SW Blankenship Rd Ste 300 West Linn, OR 97068 OR 0523V Yakima Valley Vet Center 2119 W. Lincoln Yakima, WA 98902 WA 648GF Bend CBOC 2115 NE Wyatt Ct., Suite 201 Bend, OR 97701 OR 663GB Bremerton CBOC 925 Adele Avenue Bremerton, WA 98312 WA 653GB Brookings CBOC 555 - 5th Street Brookings, OR 97415 OR 531GG Caldwell Clinic 4521 Thomas Jefferson Drive Caldwell, ID 83605 ID 668 Coeur d 'Alene CBOC 2177 N Ironwood Center Dr Coeur d 'Alene, ID 83815 ID 668 Colville Clinic 1200 E Columbia Colville, WA 99114 WA 648 East Portland CBOC 10535 NE Glisan Street, Gateway Medical Bldg., 2nd Floor Portland, OR 97220 OR 653BY Eugene CBOC 100 River Ave. Eugene, OR 97404 OR Bldg 4076, Neeley Road, Room 1J-101 Fort Wainwright, AK 99703 463GA Fairbanks VA Community Based Outpatient Clinic Mailing Address: P.O. Box 74570 Fairbanks, AK 99707 AK 687 Grangeville Idaho VA Outpatient Clinic 711 West North Street Grangeville, ID 83850 ID 648GF Hillsboro CBOC 1925 Amber Glen Parkway Suite #300 Hillsboro, OR 97006 OR Page 46 of 53 Page 46 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 463GB Kenai VA Community Based Outpatient Clinic 11312 Kenai Spur Highway, #39 Kenai, AK 99669 AK 692GA Klamath Falls CBOC 2819 Dahlia St. Klamath Falls, OR 97601 OR 687GC La Grande Community Based Outpatient Clinic 202 12th Street La Grande, OR 97850 OR 687GB Lewiston Idaho CBOC 1630 23rd Avenue, Stes. 302 & 401, Bldg. 2 Lewiston, ID 83501 ID 668 Libby CBOC 211 East 2nd St. Libby, MT 59923 MT 463GC Mat-Su VA Community Based Outpatient Clinic 865 N. Seward Meridian Parkway, Suite 105 Wasilla, AK 99654 AK 663 Mount Vernon CBOC 307 S. 13th St., Suite 200 Mount Vernon, WA 98274 WA 653GA North Bend CBOC 2191 Marion Street North Bend, OR 97459 OR 648GG North Coast CBOC 91400 N. Neacoxie Street, building 7315 Warrenton, OR 97146 OR 663GB Port Angeles 1005 Georgianna St Port Angeles, WA 98362 WA 617 Portland Vet Center 1505 N.E. 122nd Ave. Portland, OR 97230 OR 687GA Richland Community Based Outpatient Clinic 825 Jadwin Avenue, Suite 250 Federal Building 2nd Floor Richland, WA 99352 WA 648GD Salem CBOC 1660 Oak Street SE, Suite 100 Salem, OR 97301 OR 663GD South Sound CBOC 151 NE Hampe Way Chehalis, WA 98532 WA 531GE Twin Falls Outpatient Clinic 260 2nd Avenue East Twin Falls, ID 83301 ID 663GA Valor CBOC Bellevue 13033 Bel-Red Road Suite 210 Bellevue, WA 98005 WA 663GA Valor CBOC Federal Way 34617 11th Place South Suite 301 Federal Way, WA 98003 WA 663GA Valor CBOC North Seattle 12360 Lake City Way NE, Suite 200 Seattle, WA 98125 WA 668GA Wenatchee CBOC 2530 Chester-Kimm Road Wenatchee, WA 98801 WA 687HA Yakima Community Based Outpatient Clinic (CBOC) 717 Fruitvale Blvd. Yakima, WA 98902 WA 0502V Anchorage Vet Center 4400 Business Park Blvd, Suite B-34 Anchorage, AK 99503 AK 0522V Bellingham Vet Center 3800 Byron Ave Suite 124 Bellingham, WA 98229 WA 531 Boise Vet Center 2424 Bank Drive Boise, ID 83705 ID 0622V Central Oregon Vet Center 1645 NE Forbes Rd. Suite 105 Bend, OR 97701 OR 626 Eugene Vet Center 1255 Pearl Street Suite 200 Eugene, OR 97401 OR 529 Everett Vet Center 3311 Wetmore Avenue Everett, WA 98201 WA 0511V Fairbanks Vet Center 540 4th Ave., Suite 100 Fairbanks, AK 99701 AK 0535V Federal Way Vet Center 32020 32nd Ave South Suite 110 Federal Way, WA 98001 WA 645 Grants Pass Vet Center 211 S.E. 10th St. Grants Pass, OR 97526 OR Page 47 of 53 Page 47 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 05021V Kenai Vet Center Outstation 43299 Kalifornsky Beach Rd. Ste 4 Soldotna, AK 99669 AK 0617V Portland Vet Center 1505 NE 122nd Ave, Suite 110 Portland, OR 97230 OR 640 Salem Vet Center 2645 Portland Road, Suite 250 Salem, OR 97301 OR 0507V Seattle Vet Center 2030 - 9th Ave. Suite 210 Seattle, WA 98121 WA 0510V Spokane Vet Center 13109 E Mirabeau Parkway Spokane, WA 99216 WA 508 Tacoma Vet Center 4916 Center St. Suite E Tacoma, WA 98409 WA 0541V Walla Walla County Vet Center 1104 West Poplar Walla Walla, WA 99362 WA 0512V Wasilla Vet Center 851 E. West Point Drive Suite 102 Wasilla, AK 99654 AK 523 Yakima Vet Center 2119 W. Lincoln Ave Yakima, WA 98902 WA 692 VA Southern Oregon Rehabilitation Center & Clinics 8495 Crater Lake Hwy. White City, OR 97503 OR 523 Yakima Valley Vet Center 2119 West Lincoln Avenue Yakima, WA 98902 WA Veterans Health Administration: VISN 21: Sierra Pacific Network Station ID Facility Address State 10N21 VISN 21: Sierra Pacific Network 201 Walnut Avenue Mare Island, CA 94592 CA 640 Livermore 4951 Arroyo Road Livermore, CA 94550 CA 640 Menlo Park 795 Willow Road Menlo Park, CA 94025 CA 662 San Francisco VA Medical Center 4150 Clement Street San Francisco, CA 94121 CA 570 VA Central California Health Care System 2615 E. Clinton Avenue Fresno, CA 93703 CA 612 VA Northern California Health Care System 10535 Hospital Way Mather, CA 95655 CA 459 VA Pacific Islands Health Care System 459 Patterson Road Honolulu, HI 96819-1522 HI 640 VA Palo Alto Health Care System 3801 Miranda Avenue Palo Alto, CA 94304-1290 CA 654 VA Sierra Nevada Health Care System 1000 Locust Street Reno, NV 89502 NV 640 Capitola Clinic 1350 41st Avenue, Suite 102 Capitola, CA 95010-3906 CA 612 Chico Outpatient Clinic 280 Cohasset Road Chico, CA 95926 CA 612 Fairfield Outpatient Clinic 103 Bodin Circle, Travis Air Force Base Fairfield, CA 94535 CA 96440 Manila Outpatient Clinic 1501 Roxas Boulevard Pasay City, PI 1302 PI 612 Mare Island Outpatient Clinic 201 Walnut Avenue Vallejo, CA 94592 CA Page 48 of 53 Page 48 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 612 Martinez Outpatient Clinic and Community Living Center 150 Muir Road Martinez, CA 94553 CA 612 McClellan Dental Clinic - Sacramento 5401 Arnold Avenue McClellan, CA 95652 CA 612 McClellan Outpatient Clinic - Sacramento 5342 Dudley Blvd. McClellan, CA 95652 CA 640 Modesto Clinic 1524 McHenry Avenue Modesto, CA 95350 CA 5199 Monterey Clinic 3401 Engineer Lane Seaside, CA 93955 CA 459 National Center for PTSD - Pacific Islands Division 3375 Koapaka Street, Suite I-560 Honolulu, HI 96819 HI 654 Northeast Primary Care Clinic 4461 E Charleston Blvd Las Vegas, NV 89104 NV 612 Oakland Behavioral Health Clinic 525 21st Street Oakland, CA 94612 CA 612 Oakland Outpatient Clinic 2221 Martin Luther King Jr. Way Oakland, CA 94612 CA 612 Redding Outpatient Clinic 351 Hartnell Avenue Redding, CA 96002 CA 612 Sacramento Mental Health Clinic at Mather 10535 Hospital Way Mather, CA 95655 CA 640BY San Jose Clinic 80 Great Oaks Boulevard San Jose, CA 95119 CA 654GA Sierra Foothills Outpatient Clinic 11985 Heritage Oak Place Auburn, CA 95603 CA 640GB Sonora Clinic 13663 Mono Way Sonora, CA 95370 CA 640 Stockton Clinic 7777 South Freedom Rd French Camp, CA 95231 CA 570GA VA Merced Out Patient Clinic 340 E Yosemite Ave Merced, CA 95340 CA 570 VA South Valley OPC 1050 N. Cherry Street Tulare, CA 93274 CA 662GG Clearlake VA Outpatient Clinic 15145 Lakeshore Drive Clearlake, CA 95422 CA 662GC Eureka VA Outpatient Clinic 714 F St. Eureka, CA 95501 CA 640GC Fremont Clinic 39199 Liberty Street Fremont, CA 94538 CA 570GC Oakhurst CBOC 40597 Westlake Drive Oakhurst, CA 93644 CA 662GE San Bruno VA Outpatient Clinic 1001 Sneath Lane, Suite 300, Third Floor San Bruno, CA 94066 CA 662GA Santa Rosa VA Outpatient Clinic 3841 Brickway Blvd Santa Rosa, CA 95403 CA 662BU SFVA Downtown Clinic 401 3rd Street San Francisco, CA 94107 CA 662GD Ukiah VA Outpatient Clinic 630 Kings Court Ukiah, CA 95482 CA 654 VA Carson Valley Outpatient Clinic 925 Ironwood Drive, Suite 2102 Minden, NV 89423 NV Page 49 of 53 Page 49 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 654GD VA Diamond View Outpatient Clinic 110 Bella Way Susanville, CA 96130 CA 459 VA Hilo Community Based Outpatient Clinic 1285 Waianuenue Avenue, Suite 211 Hilo, HI 96720 HI 459 VA Kauai Community Based Outpatient Clinic 4485 Pahe'e Street, Suite 150 Lihue, HI 96766 HI 459 VA Kona Community Based Outpatient Clinic 35-377 Hualalai Road Kailua-Kona, HI 96740 HI 654 VA Lahontan Valley Outpatient Clinic 345 West A Street Fallon, NV 89406 NV 459 VA Maui Community Based Outpatient Clinic 203 Ho'ohana Street, Suite 303 Kahului, HI 96732 HI 0600V 4B RCS Pacific Western Regional Office 420 Executive Court North Suite A Fairfield, CA 94534 CA 649 Chico Vet Center 280 Cohasset Road, Suite 100 Chico, CA 95926 CA 610 Citrus Heights Vet Center 5650 Sunrise Blvd., Suite 150 Citrus Heights, CA 95610 CA 602 Concord Vet Center 1333 Willow Pass Road, Suite 106 Concord, CA 94520-7931 CA 644 Eureka Vet Center 2830 G Street, Suite A Eureka, CA 95501 CA 628 Fresno Vet Center 3636 North 1st St. Suite 112 Fresno, CA 93726 CA 635 Hilo Vet Center 70 Lanihuli Street Suite 102 Hilo, HI 96720 HI 609 Honolulu Vet Center 1680 Kapiolani Blvd. Suite F-3 Honolulu, HI 96814 HI 0636V Kailua-Kona Vet Center 73-4976 Kamanu St Kailua-Kona, HI 96740 HI 633 Kauai Vet Center 3-3367 Kuhio Hwy. Suite 101 Lihue, HI 96766-1061 HI 634 Maui Vet Center 35 Lunalilo Street, Suite 101 Wailuku, HI 96793 HI 650 Modesto Vet Center 1219 N. Carpenter Rd., Suite 12 Modesto, CA 95351 CA 646 Northbay Vet Center 6225 State Farm Drive Suite 101 Rohnert Park, CA 94928 CA 612 Oakland Vet Center 1504 Franklin St. Suite 200 Oakland, CA 94612 CA 647 Peninsula Vet Center 2946 Broadway St. Redwood City, CA 94062 CA 0506V Reno Vet Center 5580 Mill St. Suite 600 Reno, NV 89502 NV 638 Sacramento Vet Center 1111 Howe Avenue Suite #390 Sacramento, CA 95825 CA 620 San Francisco Vet Center 505 Polk Street San Francisco, CA 94102 CA 615 San Jose Vet Center 278 North 2nd St. San Jose, CA 95112 CA Page 50 of 53 Page 50 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 0619v San Luis Obispo Vet Center 1070 Southwood Drive San Luis Obispo, CA 93401 CA 639 Santa Cruz County Vet Center 1350 41st Ave Suite 102 Capitola, CA 95010 CA 0621V Western Oahu Vet Center 885 Kamokila Boulevard, Unit 105 Kapolei, HI 96707 HI Veterans Health Administration: VISN 22: Desert Pacific Healthcare Network Station ID Facility Address State 10N22 VISN 22: Desert Pacific Healthcare Network 300 Oceangate, Suite 700 Long Beach, CA 90802 CA 691 VA Greater Los Angeles Healthcare System (GLA) 11301 Wilshire Boulevard Los Angeles, CA 90073 CA 605 VA Loma Linda Healthcare System 11201 Benton Street Loma Linda, CA 92357 CA 600 VA Long Beach Healthcare System 5901 E. 7th Street Long Beach, CA 90822 CA 664 VA San Diego Healthcare System 3350 La Jolla Village Drive San Diego, CA 92161 CA 593 VA Southern Nevada Healthcare System (VASNHS) 6900 North Pecos Road North Las Vegas, NV 89086 NV 605 Blythe Rural Health Clinic 1273 Hobson Way Blythe, CA 92225 CA 691GA Los Angeles Ambulatory Care Center 351 East Temple Street Los Angeles, CA 90012 CA 664 Mission Valley 8810 Rio San Diego Drive San Diego, CA 92108 CA 664 Oceanside 1300 Rancho del Oro Drive Oceanside, CA 92056 CA 691GB Santa Barbara Community Based Outpatient Clinic 4440 Calle Real, Santa Barbara, CA 93110 CA 691A4 Sepulveda OPC and Nursing Home 16111 Plummer Street North Hills, CA 91343 CA 691 VA West Los Angeles Healthcare Center 11301 Wilshire Blvd Los Angeles, CA 90073 CA 600GA Anaheim 2569 W Woodland Dr Anaheim, CA 92801 CA 691GD Bakersfield Community Based Outpatient Clinic 1801 Westwind Drive Bakersfield, CA 93301 CA 664GC Chula Vista 835 3rd Avenue Chula Vista, CA 91910 CA 605GD Corona 800 Magnolia Avenue #101 Corona, CA 92879 CA 691GF East Los Angeles 5426 E. Olympic Boulevard City of Commerce, CA 90040 CA 664GD Escondido 815 East Pennsylvania Avenue Escondido, CA 92025 CA 691 Gardena 1251 Redondo Beach Blvd, 3rd Floor Gardena, CA 90247 CA 926 West Owens Avenue Las Vegas, NV 89106 593 Healthcare for the Homeless Vets Mailing Address: P.O. Box 360001 North Las Vegas, NV 89036 NV Page 51 of 53 Page 51 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 664GA Imperial Valley 1600 South Imperial Avenue El Centro, CA 92243 CA 600GE Laguna Hills 25292 McIntyre Road Laguna Hills, CA 92653 CA 691 Lancaster Community Based Outpatient Clinic 547 West Lancaster Boulevard Lancaster, CA 93536 CA 605 Murrieta 28078 Baxter Rd., Suite 540 Murrieta, CA 92563 CA 691gm Oxnard 2000 Outlet Center Drive, Ste 225 Oxnard, CA 93036 CA 593 Pahrump Community Based Outpatient Clinic 2100 E. Calvada Blvd. Pahrump, NV 89048 NV 605 Palm Desert 41-990 Cook St, Bldg F Ste 1004 Palm Desert, CA 92211 CA 69G Pasadena 420 W. Las Tunas Drive San Gabriel, CA 91776 CA 605 Rancho Cucamonga 8599 Haven Ave., Suite 102 Rancho Cucamonga, CA 91730 CA 605 Redlands Blvd Clinic 25828 Redlands Blvd Redlands, CA 92374 CA 691GK San Luis Obispo - Pacific Medical Plaza 1288 Morro Street, Ste.200 San Luis Obispo, CA 93401 CA 600GB Santa Ana 1506 Brookhollow Dr Santa Ana, CA 92705 CA 691 Santa Maria Community Based Outpatient Clinic 1550 East Main Street Santa Maria, CA 93454 CA 605 Victorville 12138 Industrial Boulevard, Suite 120 Victorville, CA 92392 CA 600GC Villages At Cabrillo 2001 River Ave, Bldg 28 Long Beach, CA 90806 CA 600gd Whittier/Santa Fe Springs Clinic 10210 Orr & Day Rd Santa Fe Springs, CA 90670 CA 603 Antelope Valley Vet Center 38925 Trade Center Drive, Suite J Palmdale, CA 93551 CA 601 Bakersfield Vet Center 1110 Golden State Ave. Bakersfield, CA 93301 CA 614 Chula Vista Vet Center 180 Otay Lakes Road, Suite 108 Bonita, CA 91902-2439 CA 611 Corona Vet Center 800 Magnolia Avenue Suite 110 Corona, CA 92879 CA 623 East Los Angeles Vet Center 5400 E. Olympic Blvd. Suite 140 Commerce, CA 90022 CA 534 Henderson Vet Center 400 North Stephanie, Suite 180 Henderson, NV 89014 NV 613 High Desert Vet Center 15095 Amargosa Rd, Suite 107 Victorville, CA 92394 CA 0505V Las Vegas Vet Center 1919 S. Jones Blvd., Suite A Las Vegas, NV 89146 NV 0606V Los Angeles Vet Center 1045 W. Redondo Beach Blvd. Suite 150 Gardena, CA 90247 CA 624 North Orange County Vet Center 12453 Lewis St. Suite 101 Garden Grove, CA 92840 CA 637 San Bernardino Vet Center 1325 E. Cooley Drive, Suite 101 Colton, CA 92324 CA 618 San Diego Vet Center 2790 Truxtun Road, Suite 130 San Diego, CA 92106 CA 642 San Marcos Vet Center One Civic Center Dr., Suite 150 San Marcos, CA 92069 CA Page 52 of 53 Page 52 of 53 Local Exchange Carrier (LEC) Services for Region 1 TAC-13-06211 605 Sepulveda Vet Center 9737 Haskell Ave. Sepulveda, CA 91343 CA 0604V South Orange County Vet Center 26431 Crown Valley Parkway, Suite 100 Mission Viejo, CA 92691 CA 608 Temecula Vet Center 40935 County Center Drive, Suite A Temecula, CA 92591 CA 643 Ventura Vet Center 790 E. Santa Clara St. Suite 100 Ventura, CA 93001 CA 607 West Los Angeles Vet Center 5730 Uplander Way Suite 100 Culver City, CA 90230 CA 593 Mike O'Callaghan Federal Medical Center 4700 N. Las Vegas Blvd. Nellis AFB, NV 89191-6601 NV 593 Readjustment Counseling Services (Vet Center Henderson) 400 North Stephanie St., Suite 180 Henderson, NV 89014 NV 593 Readjustment Counseling Services (Vet Center - Las Vegas) 1919 S. Jones, Suite A Las Vegas, NV 89146 NV Page 53 of 53 Page 53 of 53
