Synopsis: Please note that this is NOT a request for quotes or proposals, the Government is seeking information for market research purposes only. Network Contracting Office (NCO) 2 of the Department of Veterans Affairs is currently conducting a market survey for qualified firms capable of providing Exposure Related Care Transformation Center (EXPRT) and the War Related Illness and Injury Study Center (WRIISC) Educational Communications for the New Jersey VA Healthcare System. The North American Industry Classification Systems (NAICS) is 541990. Responses to this notice must be submitting in writing (email) and must be received not later than August 24, 2023 at 10:00AM. Email: Janice.Brooks@va.gov. No telephone inquiries will be accepted. Interested parties MUST provide company/individual name, a capability statement, examples of same or similar work performed at other facilities, DUNS number and address, point of contact and social-economic. The purpose of this notice is to gain knowledge of potential qualified sources and their size classification/socioeconomic status (service-disabled veteran owned small business, veteran owned small business, women owned small business, HUB Zone, 8(a), small business or large business), relative to NAICS 541990. Responses to this notice will be used by the Government to make appropriate acquisition decisions. A solicitation is not currently available. If a solicitation is issued, it will be announced on Federal Business opportunities website http://www.fbo.gov at a later date, and all interested parties must respond to that solicitation announcement separately from the responses to this announcement. Statement of Work 1. Title: Exposure Related Care Transformation Center (EXPRT) and the War Related Illness and Injury Study Center (WRIISC) Educational Communications 2. Purpose: This procurement is seeking communications and educational services in order to provide Veterans, policymakers, providers and researchers with up-to-date information on military environmental exposures. Required services and products will include presentations, SharePoint updating and development, graphic-focused materials, advertisements and news briefs, web-based marketing campaigns, print newsletters, educational podcasts, fact sheets and blogs among other materials. In addition, providing administration support for conferences including overseeing participants, travel, and continuing education. This includes coordinating with ILEAD and other stakeholders. Products will need to be consistent in their cohesive branding, clear messaging and innovative approaches which allow for EXPRT/WRIISC to educate Veterans and their health care teams. The demand for a large amount of new, high-quality products in a timely way is greater than can be delivered through staffing structures. 3. Background: The EXPRT Center is located at the New Jersey War Related Illness and Injury Study Center. The EXPRT Center s mission is to transform care and improve health for Veterans with military exposure concerns by accelerating research into action through education, implementation support, evaluation, and research. Due to passage of the recent Sergeant First Class Heath Robinson Honoring Our Promise to Address Comprehensive Toxics Act of 2022 (referred as the PACT act ), there is increasing attention on the need to communicate information, knowledge, and best practices to VA s providers and Veterans around military environmental exposures. Additionally, a focus on military environmental exposures and related information is increasingly sought by policymakers that need concise and clear competing communications. 4. Scope: The Vendor shall be able to perform a range of activities to support high quality communications ( new knowledge ) deliverables, including: i) website design and content development, ii) social media content on various platforms and messaging, and iii) development and implementation of professional educational conferences. These deliverables shall span a variety of platforms to inform multiple key audiences (i.e., Veterans and their families, clinicians and scientists, academic collaborators and policymakers) about military environmental exposures. 5. Period of Performance: The period of performance is one 12-month base period and four 12-month option periods. Performance shall start one month following the date of award. 6. Place of Performance: Work will be performed offsite at the contractor s facility for successful completion of required deliverables. Virtual meetings will be held at least weekly, along with a project kick-off and close-out meetings, lasting approximately 60 minutes each. Any additional meetings will be scheduled as needed. Meetings will be virtual using the Microsoft Teams or similar platform. Contractor must work within the VA secured electronic environment (Teams, SharePoint, etc.) to facilitate communications. 7. Travel: Travel to the WRIISC or affiliated sites for meeting support including photography or other collateral as needed. Local travel within a 50-mile radius from the contractor s and Government facility is considered the cost of doing business and will not be reimbursed. 8. Other Direct Costs (ODCs): The Government anticipates that ODCs will be required to address the requirements. ODCs are miscellaneous items such as suitable stock photography or printing as needed. ODCs will be reimbursed at contractor cost. Each contractor invoice must include copies of all receipts that support the ODCs claimed in the invoice and written substantiation for the incurred cost. The Contractor shall perform due diligence to ensure it incurs most favorable pricing prior to passing these costs on to the Government. Projected ODCs shall be reviewed by COR and authorized in advance by the Contracting Officer. 9. General Requirements: The deliverables specified herein include plan and materials development, outreach, graphics support, evaluation design and support, multimedia development and support, website development and support, printing and production services, and mailing and distribution. Efforts shall include the development of a strategic communication plan that builds on communications efforts to date and is consistent with annual Center priorities for communication and outreach including development of multiple written materials; presentations and tool kits that are consistent with VA, VHA, and EXPRT/WRIISC strategic plans, policies, regulations, style guides, and publication standards. The Government will provide clarification on recommendations, requirements, templates, standards, and guidelines on all deliverables when clarification is not provided in this SOW prior to any action taken by the contractor. All work products developed by the contractor (formal and informal deliverables) shall become the property of the Government. The contractor shall coordinate with the Contracting Officer Representative (COR) to schedule a Project Kick-Off Meeting with key staff; the VA PM and advisory group prior to commencing work. The contractor personnel shall also complete standard administrative tasks (e.g., background investigation forms, staff roster, mandatory training) as required. The contractor shall prepare and submit progress reports to the COR and the VA PMs. Monthly status reports shall be accompanied by a copy of that month s invoice itemized by deliverable, as applicable. Progress reports shall include a narrative review of work accomplished during the reporting period itemized by project, significant events, problem areas, anticipated activity for the next reporting period, description of any travel or unique services provided, and other relevant information. The contractor shall regularly participate in contract management meetings TBD. The contractor shall work with the VA COR to prepare the meeting agenda and prepare summary notes. Meetings will also be held to gather input from subject matter experts (SME), identify their needs, and translate the strategic communication plan into action. Reports, meeting agendas, and draft/final deliverables will be saved and tracked on the VA network using SharePoint and Microsoft Teams. The contractor shall provide the specific deliverables described below within the performance period of the resulting contract. An outline for each product shall be created for review prior to developing content. All content shall be provided in draft and be subject to two rounds of revisions. Once written content is approved, layout and design can proceed again with two rounds of revisions. Where a written milestone deliverable is required in draft form, the VA COR and lead technical contact will complete a review of the draft deliverable and provide feedback within ten business days from date of receipt. The VA COR will provide approval for each final deliverable, or rejection of the final deliverable with summary reasons in writing within five business days. 10 Tasks 10.1 Task Deliverables: Product Development 10.1.1 Develop clear and visually appealing communication materials and products. Proposed products to be created may include brochures, posters, fact sheets, blogs, briefs, info graphics; audio or video, reports, presentation materials for Veteran and scientific presentations, recruitment flyers; brochures, postcards; exhibits, posters for scientific presentations etc., as well as graphic design products listed in task 10.3.* (Spanish translations shall be made available upon request.) 10.1.2 Using best practices, develop a range of content using concepts of effective risk communication; health care communications and scientific medical communications. 10.1.3 Work collaboratively and closely with EXPRT/WRIISC SME s, etc. to research a topic, develop draft content for review, revisions, and approval, and develop recommendations to disseminate related information in appropriate formats and language suitable for intended audiences. 10.2 Task Deliverables: Website and Social Media Support 10.2.1 Develop web and social media (e.g., Facebook, Twitter, YouTube, and Flickr) content to more broadly and effectively appeal to targeted audiences considering customer s usability, needs, and communications preferences. Build on current social media presence and evaluate effectiveness of alternate strategies. Ensure website remains up to date. 10.2.2 Update/maintain/create content for WRIISC and EXPRT websites and SharePoints and continue to develop web pages or other standalone web content in versions compatible with both computer and mobile view. Transfer website to new content management system when available and familiarity with VA websites and SharePoint. 10.2.3 Recommend and support development of creative web-based programs (e.g. blogs, video casts, other multimedia and social media tools) to promote program initiatives and highlight accomplishments. 10.2.4 Support production and promotion of educational podcasts in consultation with WRIISC and EXPRT SME s. 10.3 Task Deliverables: Conference Support 10.3.1Work with WRIISC and EXPRT SME s to coordinate educational and research conferences to include promotion, attendee coordination, travel, speakers and presenters, and continuing education. *Materials to be placed online must be made Section 508 compliant and adhere to all copyright requirements and existing VHA website and social media limitations and requirements. 11. Personnel: Certain skilled experience professional and/or technical personnel are essential for accomplishing the work to be performed and provide the greatest value. These are defined as key personnel and are those persons the contractor identifies and those whose résumés are submitted. The Contractor agrees that the key personnel roles shall not be removed, diverted, or replaced from work without coordination with the CO and COR. The following labor categories are defined as Key Personnel Roles: a. Communications Specialist(s): Assist in planning, editing and writing content for a variety of internal communications mediums. Collaborate with team members to assist with key message development and outreach strategies. 4 years of experience. b. Web Support Specialist(s): Collaborates with team members to provide technical support and coordination for website updates and maintenance. Troubleshoots any problems to determine causes and provide solutions. 4 years of experience. c. Administrative Support Professional(s): The support professional may serve to facilitate meetings, prepare invoices, procure products and other associated administrative tasks. 12. Substitution of Key Personnel: All Contractor requests for approval of substitutions hereunder shall be submitted in writing to the COR and the Contracting Officer at least thirty (30) calendar days in advance of the effective date, whenever possible, and shall provide a detailed explanation of the circumstances necessitating the proposed substitution, a complete resume for the proposed substitute, and any other information requested by the Contracting Officer necessary to approve or disapprove the proposed substitution. New personnel shall not commence work until resumes are provided and accepted. The COR and the Contracting Officer will evaluate such requests and promptly notify the Contractor of approval or disapproval in writing. The Contractor shall be responsible for managing and overseeing the activities of all Contractor contracted personnel, as well as sub-contractor efforts used in performance of this effort. The Contractor s management responsibilities shall include all activities necessary to ensure the accomplishment of timely and effective support, performed in accordance with the requirements contained herein. 13. Information Security: The Contractor will require access to VA Information and VA Information Systems only to interact with subject matter experts, create content (e.g., VA s web, SharePoint, Teams), and facilitate communication. 14. Security: The C&A requirements do not apply, and a Security Accreditation Package is not required 15. Government-Furnished Information, Equipment, and Facilities. The Government will provide access to information necessary for the execution of each task. 16. Security Requirements. The C&A requirements do not apply, and a Security Accreditation Package is not required 17. Task Order Quality Assurance Surveillance Plan (QASP). The Government shall evaluate the contractor's performance in accordance with the Quality Assurance Surveillance Plan (QASP). This plan is primarily focused on what the government must do to ensure the contractor has performed in accordance with the performance standards. It defines how the performance standards will be applied, the frequency of surveillance, and the minimum acceptable defect rates. Deliverable/Requirement Performance Standard Surveillance Method Outcome Project Management Milestones, and Schedule Notifies customer of potential problems 95% of the time. Submits Deliverables in accordance with the deliverable schedule within (+/-) five business days with no more than five incidents of performance slippage. 100% Inspection of agreed upon milestones per the approved project plan. 100% Inspection of deliverables. Notification occurs within two business days of potential issue when known in advance or within 24 hours of urgent problems, where less than two business days exist. where less than two business days exist 18. Organizational Conflict of Interest and non-disclosure requirements If the Contractor is currently providing support or anticipates providing support to the VHA that creates or represents an actual or potential organizational conflict of interest (OCI), the Contractor shall immediately disclose this actual or potential OCI in accordance with FAR Part 9.5. The contractor is also required to complete and sign an Organizational Conflict of Interest Statement in which the Contractor (and any sub-contractors, consultants or teaming partners) agree to disclose information concerning the actual or potential conflict with any proposal for any solicitation relating to any work in the TO. All actual or potential OCI situations shall be handled in accordance with FAR Subpart 9.5. 19. Non-Disclosure Requirements All Contractor personnel (to include sub-contractors, teaming partners, and consultants) who shall be personally and substantially involved in the performance of the TO issued which requires the contractor to act on behalf of or provide advice with respect to any phase of an agency procurement, as defined in FAR 3.104-4, shall execute and submit an Employee/Contractor Non-Disclosure Agreement Form. This is required prior to the commencement of any work on such TO and whenever replacement personnel are proposed under an ongoing TO. Any information obtained or provided in the performance of this TO is only to be used in the performance of the TO. 20. GENERAL Contractors, Contractor personnel, Subcontractors, and Subcontractor personnel shall be subject to the same Federal laws, regulations, standards, and VA Directives and Handbooks as VA and VA personnel regarding information and information system security. 21. ACCESS TO VA INFORMATION AND VA INFORMATION SYSTEMS a) A Contractor/Subcontractor shall request logical (technical) or physical access to VA information and VA information systems for their employees, Subcontractors, and affiliates only to the extent necessary to perform the services specified in the contract, agreement, or task order. b) All Contractors, Subcontractors, and third-party servicers and associates working with VA information are subject to the same investigative requirements as those of VA appointees or employees who have access to the same types of information. The level and process of background security investigations for Contractors must be in accordance with VA Directive and Handbook 0710, Personnel Suitability and Security Program. The Office for Operations, Security, and Preparedness is responsible for these policies and procedures. c) Contract personnel who require access to national security programs must have a valid security clearance. National Industrial Security Program (NISP) was established by Executive Order 12829 to ensure that cleared U.S. defense industry contract personnel safeguard the classified information in their possession while performing work on contracts, programs, bids, or research and development efforts. The Department of Veterans Affairs does not have a Memorandum of Agreement with Defense Security Service (DSS). Verification of a Security Clearance must be processed through the Special Security Officer located in the Planning and National Security Service within the Office of Operations, Security, and Preparedness. d) Custom software development and outsourced operations must be located in the U.S. to the maximum extent practical. If such services are proposed to be performed abroad and are not disallowed by other VA policy or mandates, the Contractor/Subcontractor must state where all non-U.S. services are provided and detail a security plan, deemed to be acceptable by VA, specifically to address mitigation of the resulting problems of communication, control, data protection, and so forth. Location within the U.S. may be an evaluation factor. e). The Contractor or Subcontractor must notify the Contracting Officer immediately when an employee working on a VA system or with access to VA information is reassigned or leaves the Contractor or Subcontractor s employ. The Contracting Officer must also be notified immediately by the Contractor or Subcontractor prior to an unfriendly termination. 22. VA INFORMATION CUSTODIAL LANGUAGE a) Information made available to the Contractor or Subcontractor by VA for the performance or administration of this contract or information developed by the Contractor/Subcontractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the Contractor/Subcontractor's rights to use data as described in Rights in Data - General, FAR 52.227-14(d) (1). b) VA information should not be co-mingled, if possible, with any other data on the Contractors/Subcontractor s information systems or media storage systems in order to ensure VA requirements related to data protection and media sanitization can be met. If co-mingling must be allowed to meet the requirements of the business need, the Contractor must ensure that VA s information is returned to the VA or destroyed in accordance with VA s sanitization requirements. VA reserves the right to conduct on site inspections of Contractor and Subcontractor IT resources to ensure data security controls, separation of data and job duties, and destruction/media sanitization procedures are in compliance with VA directive requirements. c) Prior to termination or completion of this contract, Contractor/Subcontractor must not destroy information received from VA, or gathered/created by the Contractor in the course of performing this contract without prior written approval by the VA. Any data destruction done on behalf of VA by a Contractor/Subcontractor must be done in accordance with National Archives and Records Administration (NARA) requirements as outlined in VA Directive 6300, Records and Information Management and its Handbook 6300.1 Records Management Procedures, applicable VA Records Control Schedules, and VA Handbook 6500.1, Electronic Media Sanitization. Self-certification by the Contractor that the data destruction requirements above have been met must be sent to the VA Contracting Officer within 30 days of termination of the contract. d) The Contractor/Subcontractor must receive, gather, store, back up, maintain, use, disclose and dispose of VA information only in compliance with the terms of the contract and applicable Federal and VA information confidentiality and security laws, regulations and policies. If Federal or VA information confidentiality and security laws, regulations and policies become applicable to the VA information or information systems after execution of the contract, or if NIST issues or updates applicable FIPS or Special Publications (SP) after execution of this contract, the parties agree to negotiate in good faith to implement the information confidentiality and security laws, regulations and policies in this contract. e) The Contractor/Subcontractor shall not make copies of VA information except as authorized and necessary to perform the terms of the agreement or to preserve electronic information stored on Contractor/Subcontractor electronic storage media for restoration in case any electronic equipment or data used by the Contractor/Subcontractor needs to be restored to an operating state. If copies are made for restoration purposes, after the restoration is complete, the copies must be appropriately destroyed. f) If VA determines that the Contractor has violated any of the information confidentiality, privacy, and security provisions of the contract, it shall be sufficient grounds for VA to withhold payment to the Contractor or third party or terminate the contract for default or terminate for cause under Federal Acquisition Regulation (FAR) part 12. g) If a VHA contract is terminated for cause, the associated BAA must also be terminated and appropriate actions taken in accordance with VHA Handbook 1600.01, Business Associate Agreements. Absent an agreement to use or disclose protected health information, there is no business associate relationship. h) The Contractor/Subcontractor must store, transport, or transmit VA sensitive information in an encrypted form, using VA-approved encryption tools that are, at a minimum, FIPS 140-2 validated. i) The Contractor/Subcontractor s firewall and Web services security controls, if applicable, shall meet or exceed VA s minimum requirements. VA Configuration Guidelines are available upon request. j) Except for uses and disclosures of VA information authorized by this contract for performance of the contract, the Contractor/Subcontractor may use and disclose VA information only in two other situations: (i) in response to a qualifying order of a court of competent jurisdiction, or (ii) with VA s prior written approval. The Contractor/Subcontractor must refer all requests for, demands for production of, or inquiries about, VA information and information systems to the VA contracting officer for response. k) Notwithstanding the provision above, the Contractor/Subcontractor shall not release VA records protected by Title 38 U.S.C. 5705, confidentiality of medical quality assurance records and/or Title 38 U.S.C. 7332, confidentiality of certain health records pertaining to drug addiction, sickle cell anemia, alcoholism or alcohol abuse, or infection with human immunodeficiency virus. If the Contractor/Subcontractor is in receipt of a court order or other requests for the above mentioned information, that Contractor/Subcontractor shall immediately refer such court orders or other requests to the VA contracting officer for response. l) For service that involves the storage, generating, transmitting, or exchanging of VA sensitive information but does not require C&A or an MOU-ISA for system interconnection, the Contractor/Subcontractor must complete a Contractor Security Control Assessment (CSCA) on a yearly basis and provide it to the COTR. 23. SECURITY INCIDENT INVESTIGATION a) The term security incident means an event that has, or could have, resulted in unauthorized access to, loss or damage to VA assets, or sensitive information, or an action that breaches VA security procedures. The Contractor/Subcontractor shall immediately notify the COTR and simultaneously, the designated ISO and Privacy Officer for the contract of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information, including that contained in system(s) to which the Contractor/Subcontractor has access. b) To the extent known by the Contractor/Subcontractor, the Contractor/Subcontractor s notice to VA shall identify the information involved, the circumstances surrounding the incident (including to whom, how, when, and where the VA information or assets were placed at risk or compromised), and any other information that the Contractor/Subcontractor considers relevant. c) With respect to unsecured protected health information, the business associate is deemed to have discovered a data breach when the business associate knew or should have known of a breach of such information. Upon discovery, the business associate must notify the covered entity of the breach. Notifications need to be made in accordance with the executed business associate agreement. d) In instances of theft or break-in or other criminal activity, the Contractor/Subcontractor must concurrently report the incident to the appropriate law enforcement entity (or entities) of jurisdiction, including the VA OIG and Security and Law Enforcement. The contractor, its employees, and its Subcontractors and their employees shall cooperate with VA and any law enforcement authority responsible for the investigation and prosecution of any possible criminal law violation(s) associated with any incident. The Contractor/Subcontractor shall cooperate with VA in any civil litigation to recover VA information, obtain monetary or other compensation from a third party for damages arising from any incident, or obtain injunctive relief against any third party arising from, or related to, the incident. 24. LIQUIDATED DAMAGES FOR DATA BREACH a) Consistent with the requirements of 38 U.S.C. §5725, a contract may require access to sensitive personal information. If so, the Contractor is liable to VA for liquidated damages in the event of a data breach or privacy incident involving any SPI the Contractor/Subcontractor processes or maintains under this contract. b) The Contractor/Subcontractor shall provide notice to VA of a security incident as set forth in the Security Incident Investigation section above. Upon such notification, VA must secure from a non-Department entity or the VA Office of Inspector General an independent risk analysis of the data breach to determine the level of risk associated with the data breach for the potential misuse of any sensitive personal information involved in the data breach. The term 'data breach' means the loss, theft, or other unauthorized access, or any access other than that incidental to the scope of employment, to data containing sensitive personal information, in electronic or printed form, that results in the potential compromise of the confidentiality or integrity of the data. Contractor shall fully cooperate with the entity performing the risk analysis. Failure to cooperate may be deemed a material breach and grounds for contract termination. Each risk analysis shall address all relevant information concerning the data breach, including the following: i. Nature of the event (loss, theft, unauthorized access); ii. Description of the event, including: iii. date of occurrence; iv. data elements involved, including any PII, such as full name, social security number, date of birth, home address, account number, disability code; v. Number of individuals affected or potentially affected; vi. Names of individuals or groups affected or potentially affected; vii. Ease of logical data access to the lost, stolen or improperly accessed data in light of the degree of protection for the data, e.g., unencrypted, plain text; viii. Amount of time the data has been out of VA control; ix. The likelihood that the sensitive personal information will or has been compromised (made accessible to and usable by unauthorized persons); x. Known misuses of data containing sensitive personal information, if any; xi. Assessment of the potential harm to the affected individuals; xii. Data breach analysis as outlined in 6500.2 Handbook, Management of Security and Privacy Incidents, as appropriate; and xiii. Whether credit protection services may assist record subjects in avoiding or mitigating the results of identity theft based on the sensitive personal information that may have been compromised. Based on the determinations of the independent risk analysis, the Contractor shall be responsible for paying to the VA liquidated damages in the amount of $37.50 per affected individual to cover the cost of providing credit protection services to affected individuals consisting of the following: i. Notification; ii. One year of credit monitoring services consisting of automatic daily monitoring of at least 3 relevant credit bureau reports; iii. Data breach analysis; iv. Fraud resolution services, including writing dispute letters, initiating fraud alerts and credit freezes, to assist affected individuals to bring matters to resolution; v. One year of identity theft insurance with $20,000.00 coverage at $0 deductible; and vi. Necessary legal expenses the subjects may incur to repair falsified or damaged credit records, histories, or financial affairs. 25. TRAINING a) All Contractor employees and Subcontractor employees requiring access to VA information and VA information systems shall complete the following before being granted access to VA information and its systems: i. Sign and acknowledge (either manually or electronically) understanding of and responsibilities for compliance with the Contractor Rules of Behavior, Appendix D relating to access to VA information and information systems; ii. Successfully complete the VA Cyber Security Awareness and Rules of Behavior training and annually complete required security training; iii. Successfully complete the appropriate VA privacy training and annually complete required privacy training; and iv. Successfully complete any additional cyber security or privacy training, as required for VA personnel with equivalent information system access b) The Contractor shall provide to the contracting officer and/or the COTR a copy of the training certificates and certification of signing the Contractor Rules of Behavior for each applicable employee within 1 week of the initiation of the contract and annually thereafter, as required. c) Failure to complete the mandatory annual training and sign the Rules of Behavior annually, within the timeframe required, is grounds for suspension or termination of all physical or electronic access privileges and removal from work on the contract until such time as the training and documents are complete.