Criterion 1

Provide at least one contract/TO reference demonstrating implementation of related services covering multiple states; performance ongoing or within 5 years; max 3 references total.

Contract Reference 1 describes phased mobilization, provider onboarding, credentialing workflow, contact center stand-up, documentation processes, claims go-live sequencing across [Number] states. Dates/amount/customer are placeholders; 5-year recency not demonstrated.

Partially Covered

Missing actual customer name, contract/order number, dollar value, dates, state/geography detail; cannot validate within-5-years requirement. Also must include supporting SOW/PWS/requirements doc and page references to where experience appears.

Populate all required reference metadata (customer POC info if required by RFP, contract #, POP dates, value, geography/states). Explicitly state recency (e.g., 'ongoing through MM/YYYY' or 'completed MM/YYYY'). Ensure Attachment I-1 is the applicable SOW/PWS and add precise page citations that evidence implementation tasks.

Criterion 2

Provide at least one reference demonstrating overall program management covering multiple states.

Contract Reference 2 describes governance, IMS, risk/issue mgmt, change control, subcontractor oversight across [Number] states; placeholders remain.

Partially Covered

Same missing mandatory reference metadata and 5-year recency evidence; no explicit mapping to PWS Section 2.1 program/project management outcomes or metrics; lacks quantified results.

Add measurable outcomes (e.g., SLA attainment, volume handled, stabilization timelines) and explicitly map program management functions to PWS 2.1 elements. Provide attachment and page citations (Attachment I-2) tied to those functions.

Criterion 3

Provide at least one reference demonstrating IT integration with customer/client IT system to operate related services covering multiple states.

Contract Reference 3 describes eligibility/referral/claims/documentation exchanges, HL7/EDI, security controls; mentions HIPAA; placeholders remain.

Partially Covered

Need specific systems/platforms integrated, interface types, standards used (X12 transactions, HL7 v2/FHIR resources), security artifacts, and objective results. Recency and required metadata missing.

Add specifics: interface inventory, X12 transaction sets (e.g., 270/271/278/837/835 as applicable), HL7 message types or FHIR APIs used, test/ATO status if relevant, and performance metrics. Provide Attachment I-3 and page citations showing these requirements.

Elimination trigger

Failure to address criteria 1,2,3 at least once across references results in Unacceptable.

Narrative addresses all three criteria conceptually across three references.

Partially Covered

Because references contain placeholders and missing required documentation/page citations, the proposal may be deemed non-compliant even if narrative is relevant.

Complete references and documentation package; add a short compliance matrix in Volume I that explicitly states which reference satisfies criteria 1/2/3 and where (page numbers).

Provide SOW/PWS/Requirements document for each reference

Must include SOW/PWS/equivalent requirements doc for each reference; not included in page limits.

States 'supporting SOW/PWS/requirements document is provided as Attachment I-1/I-2/I-3'.

Partially Covered

Attachments not included in provided draft; risk of omission or wrong document (esp. if subcontractor, must be subcontract SOW not prime).

Ensure attachments are included in submission package; verify that if offeror was a subcontractor, the attached requirements are the subcontract SOW.

Page references to relevant experience

Must provide page references within the narrative to the applicable SOW/PWS pages.

Uses placeholders 'pages [X–Y]'.

Gap

Hard requirement; missing page citations is a clear evaluation deficiency.

Replace placeholders with exact page numbers and section titles; consider table mapping 'Experience claim → Attachment page/paragraph' for each reference.

Max 3 references & narrative length

No more than 3 contract/TO references; reference narrative no more than 25 pages.

Provides exactly 3 references; actual page count unknown from excerpt.

Partially Covered

Cannot validate page count; risk if narrative expands beyond limit.

Add internal controls: page counter, concise structure; keep within 25 pages excluding attachments.

Offeror-only experience (not team member) except JV

Examples must be Offeror’s experience; subcontract allowed but must be Offeror-performed; JV allowed if performed by Offeror.

States performed as [Prime/Subcontractor/JV Member] but not specified; no subcontract delimitation of scope.

Partially Covered

If subcontractor, evaluators may question what work the offeror actually performed vs prime.

For each reference, explicitly define role, workshare %, and responsibilities performed by Offeror; attach subcontract SOW and, if allowed, letter of confirmation from prime/customer.

Subcontracting plan submission (large business)

Large businesses must submit FAR 52.219-9 plan; page limit 10; must be approved prior to award.

States it submits plan and references FAR/VAAR minimum requirements; no explicit goal table or FAR 52.219-9 elements.

Partially Covered

Plan content may be insufficient if it lacks required FAR 52.219-9 elements (goals by category, method used, admin, reporting, assurances, flowdowns, etc.).

Add explicit FAR 52.219-9 compliant structure and address VAAR 852.219-70 minimum requirements; include required elements and signatures as applicable.

Meet VA minimum subcontracting goals or justify

Plan must meet minimum VA goals in Table 2 or clearly explain why not attainable.

No numeric goals included.

Gap

High evaluation risk; solicitation states plans not meeting requirements must clearly identify why; absence prevents evaluation.

Insert a goal table matching VA categories (All SB, SDVOSB, VOSB, HUBZone, SDB, WOSB) with % and dollar basis; if deviating, provide rationale tied to subcontractable scope.

Range of services subcontracted

Describe proposed range of services to be provided by small businesses.

Provides range (training support, provider outreach, CS overflow/QM, data analysis, program integrity support).

Covered

—

Ensure consistency with proposed technical approach and ensure no OCI for integrity-related work; tie to CLIN/task areas.

Identify specific firms with UEI/address/status

Provide names, UEI, addresses, socioeconomic status for each firm.

Lists placeholders for firms and UEIs.

Partially Covered

Missing actual firm details; may be considered incomplete.

Populate with real firms, validated UEIs/addresses, and certification status; add capability summaries and intended workshare.

VetCert / SBA certification alignment

SDVOSB/VOSB must be SBA-certified at proposal and award to receive credit; if prime is SDVOSB/VOSB include statement of compliance.

Proposal discusses Veteran-owned participation generally; does not state prime SDVOSB/VOSB status nor identify SBA Vet certification for subs.

Gap

May lose evaluation credit under VAAR 852.215-70/Factor 2 if certification evidence absent.

If prime is SDVOSB/VOSB: provide affirmative statement and certification evidence. If not: identify certified SDVOSB/VOSB subs, include SBA certification confirmation and approximate dollar values.

Evaluation factor commitment

Must honor SDVOSB/VOSB commitment throughout life of contract; substitution rules.

States intent to honor commitments and substitute equal or greater value where practicable.

Partially Covered

Needs explicit commitment language aligned to VAAR 852.215-71 evaluation factor commitments and how tracked.

Add commitment tracking method, governance, reporting cadence, and change-control for substitutions requiring CO approval.

Price volume required

All proposals must include a Price Volume to be considered.

Volume III included with narrative and table.

Covered

—

Ensure volume is in required file format (PDF) and separate volume submission as instructed.

Labor categories required

Must price Program Manager (Senior), Customer Service Representative (Journeyman), Trainer (Senior).

Includes these 3 categories in table.

Covered

—

Confirm titles exactly match solicitation labor categories.

Base year + all option years

Must price base year and all nine option years; failure causes rejection.

Table shows BY and OY1–OY9 placeholders.

Partially Covered

Placeholders indicate values not provided; if submitted with brackets, will be rejected as incomplete.

Replace all bracketed placeholders with numeric rates to two decimals for every year/category.

Two decimal places

Rates must be two decimals.

States rounding to two decimals; placeholders present.

Partially Covered

Cannot validate; risk if rounding inconsistent.

Ensure all rates have exactly two decimals; validate across table and narrative.

Price narrative basis per labor category

Must provide explanatory narrative basis for proposed price for each labor category.

Provides general basis but not category-specific breakdowns/assumptions.

Partially Covered

May be viewed as insufficient traceability if not tied to each labor category and escalation method.

Add per-labor-category basis: market data, loaded rate build-up (labor, fringe, OH, G&A, fee), escalation % assumptions by year, and rationale for seniority/degree requirements.

Completeness/traceability

No blanks/unreadable; traceable between narrative and table.

States no fields blank; but table contains placeholders and no explicit traceability references.

Gap

Potential elimination for incomplete pricing.

Add crosswalk (narrative paragraph references table row/column), and QA statement after final numbers inserted.

TOPR responsiveness

Expected to respond to all TOPRs; if no-bid, provide brief yet specific explanation; repeated failure impacts CPARS/off-ramp.

Cover letter commits to timely responsiveness and no-bid statements with rationale.

Covered

—

Add internal process description (intake, decision authority, response templates) to demonstrate capability.

Do not start performance without signed TO/CO authorization

Contractor not authorized to commence prior to signed TO or CO written approval.

Explicitly acknowledged in cover letter.

Covered

—

None.

COR authority limits

COR cannot change terms or obligate Government.

Explicitly acknowledged.

Covered

—

None.

Modification instructions (B.6)

Submit mod proposals by deadlines; confirm submission within 1 business day; extension requests ≥3 business days prior; maintain records; NTP cost notification within 2 business days.

Points of Contact section references responsiveness to Section B.6, but does not commit to each procedural requirement.

Partially Covered

May be acceptable but adds performance risk if not explicitly addressed.

Add a concise 'Modification Compliance' subsection committing to B.6 items and describing recordkeeping and notification workflows.

Collaborative meetings requirement & off-ramp risk

Required to attend collaborative meetings; repeated failure may off-ramp.

Cover letter commits to full participation in collaborative meetings and IPTs.

Covered

—

None.

Encryption standard for VA data transmission

Use FIPS 140-2/140-3 validated encryption tools; store/transport/transmit encrypted.

Mentions encryption in transit and at rest generally in Contract Reference 3; not explicitly FIPS-validated or VA-approved tools.

Partially Covered

Noncompliance could block system access/ATO and create breach liability.

Add explicit commitment to FIPS 140-2/140-3 validated encryption (as applicable) and VA-approved tools; describe key management and approved cryptographic modules.

CSCA timing & annual requirement

If no EHNAC/ATO: provide synopsis; upon award complete CSCA within 30 days and annually thereafter.

Proposal does not address EHNAC/ATO status nor CSCA commitment/timeline.

Gap

Evaluation and post-award compliance risk; may delay onboarding/access.

State whether EHNAC certified and provide number OR provide ATO copy summary OR provide required synopsis of security controls. Commit to CSCA within 30 days of award and annually.

FedRAMP requirement

Must achieve and maintain FedRAMP rating as directed; applies to interfaces/data repositories with PHI/PII/financial info.

Not addressed.

Gap

Critical compliance risk for cloud hosting; could render technical approach unacceptable at TO level.

State current FedRAMP authorization (provider, level) for any cloud service used OR plan to use FedRAMP-authorized services; commit to maintaining authorization.

Training & Rules of Behavior certificates

Employees needing access must complete VA cyber & privacy training and sign Rules of Behavior; provide certificates within 2 days of initiation (per B.11 Training section excerpt) / within 5 days per VAAR 852.204-71(j)(2) depending clause version.

Not addressed.

Gap

Access may be suspended; performance start delays.

Add a compliance statement committing to required trainings, annual refresh, and certificate submission timelines; include onboarding checklist.

Incident reporting timeline

Notify VA within 1 hour of suspected/known incident; follow-up in writing within 1 hour.

Not addressed.

Gap

High breach-response noncompliance risk; liquidated damages and termination exposure.

Include an Incident Response commitment: 1-hour notification to CO/COR, coordination with VA OIG/law enforcement as required, and internal escalation.

Employee termination/reassignment notification

Notify CO/COR within 4 hours of employee leaving/reassignment; prior to unfriendly termination.

Not addressed.

Gap

Access control weakness; audit finding risk.

Add explicit HR/offboarding control and 4-hour notification commitment.

Data segregation / no co-mingling (if possible) & sanitization / destruction cert

Avoid co-mingling; if unavoidable, ensure return/destroy per VA/NARA/NIST 800-88; certify destruction within 30 days of termination.

Not addressed.

Gap

Audit and data spillage risk; could trigger payment withholds.

Add data handling plan summary: segregation approach, media sanitization per NIST 800-88/VA 6500.1, return/destruction and 30-day certification.

PIA requirement for systems developed/operated on behalf of VA

PIA must be completed and approved by VA Privacy Service prior to operational approval; POA&M if controls inadequate.

Not addressed.

Gap

Operational approval/ATO delays.

Commit to supporting PTA/PIA processes, providing SSP/contingency plans, and POA&M management.

PIV/IAM / NIST 800-63 authentication compliance

Applications must be PIV-enabled, comply with VA IAM patterns, support PKI-based auth, etc.

Not addressed.

Gap

Integration/access risk; could fail technical governance requirements.

Add IAM compliance statement: PIV/CAC support, assertion-based auth, alignment to NIST 800-63 and VA IAM enterprise patterns.

NDA prior to commencing services (B.7.2 Attachment A)

All contractors shall sign NDA prior to commencing services.

Not addressed.

Gap

Administrative noncompliance at kickoff.

Add explicit acknowledgement/commitment to execute Attachment A NDA pre-performance and flow down where required.

Provide OCI statement with offer; include facts for offeror and consultants; include mitigation if applicable.

Must submit OCI statements; heightened OCI sensitivity for VHA support in last 5 years; nondisclosure may lead to disqualification/termination.

Includes an OCI statement section with placeholder for 'No OCI' or disclosure narrative + mitigation plan elements; commits to notify CO if OCI arises.

Partially Covered

Not completed—placeholders remain; no consultant OCI statements mentioned; no recusal from future competitions language tied to B.7.4.

Finalize OCI disclosure: state whether any qualifying VHA work in last 5 years with access to privileged info; include consultant/subcontractor OCI statements; add mitigation plan if needed and commitment to recusal from future competitions per B.7.4.

2.1 Program/Project Management

Provide PM services per TO; planning/execution/monitoring; risk mgmt; milestones.

Addressed in corporate experience narrative and Reference 2.

Covered

Consider adding explicit PM framework (e.g., governance, artifacts, KPIs) although not required for Factor 1.

2.2 Contractor Maintained Records

Provide requested artifacts within 5 business days; provide personnel access; include VA access rights in provider agreements.

Mentioned in Factor 1 narrative (five business days) and artifact types.

Partially Covered

Add explicit commitment to flow VA access language into provider agreements and a records production SOP.

2.14 Technology (interoperability)

Use recognized interoperability standards; capability for HL7/FHIR; consider TEFCA/SMART on FHIR.

Proposal mentions EDI/HL7 and evolving standards incl. FHIR/TEFCA/SMART.

Covered

Add commitment to provider education for FHIR interface (explicitly required in B.11).

Eligibility Data Management

Daily eligibility file via EDI Gateway/DAS; meet VA connectivity/ATO at TO level.

Mentioned generally (eligibility data intake) but not specific to DAS/ATO.

Partially Covered

Add explicit acknowledgment of DAS/EDI Gateway and readiness to meet VA connectivity/ATO requirements.

Utilization Management

UM program; accreditation; notify VA of changes.

Mentions UM recommendations/processes; does not mention ongoing UM accreditation.

Partially Covered

Add statement of current UM accreditation (URAC/NCQA) or plan to maintain; commit to notification of changes.

Medical Documentation (Central Submission System)

Develop Central Submission System w/ bidirectional exchange.

Proposal mentions medical documentation exchange and standards; not Central Submission System concept.

Partially Covered

Add explicit capability/approach for Central Submission System and bidirectional exchange pathways.

Reimbursement Submission

Invoice VA within 30 calendar days of complete adjudication.

Not mentioned.

Gap

Add commitment to 30-day reimbursement submission requirement and controls.

Coordination of Benefits (hold harmless)

Ensure Veterans not billed; providers agree not to seek payment even if denied.

Not mentioned.

Gap

Add hold-harmless policy and provider contract language commitment.

Acknowledge amendments

Must acknowledge all solicitation amendments (SF30).

Has amendment acknowledgement section with placeholders.

Partially Covered

If not completed, may be deemed nonresponsive.

Populate with all amendment numbers/dates; include signed SF30s as required.

Executed SF1449 and signatures

Volume I requires executed proposal incl. SF1449 and amendments; signature block completed.

Proposal cover letter is not signed in excerpt; SF1449 not included.

Gap

Could be deemed incomplete/nonresponsive.

Include completed/signed SF1449 (Blocks per instructions) and authorized signature evidence.

Reps & Certs (SAM)

Complete reps/certs; continuous SAM registration.

States continuous SAM and FAR 52.204-19 incorporation; UEI placeholder.

Partially Covered

UEI not provided; does not explicitly include affirmative statement that reps/certs completed in SAM as of submission date.

Fill UEI/EFT suffix; add statement confirming reps/certs current in SAM at submission and will remain through award/performance.

No hyperlinks/embedded files; no footnotes; PDF format; separate volumes; page limits

Instructional constraints in Section E.3.

Not verifiable from text extract.

Not Applicable/Not Evaluated

Packaging noncompliance can cause portions not evaluated.

Perform a compliance QA check on final files: remove hyperlinks, avoid embedded objects, avoid footnotes, ensure searchability and legibility, comply with volume/page limits.

R1

Elimination for Factor 1 noncompliance (missing page citations / incomplete reference data)

Contract references contain placeholders; required page references [X–Y] not provided; attachments not shown.

High

High

Critical

Finalize all reference metadata; include required SOW/PWS attachments; add exact page citations and role/workshare clarity.

R2

Elimination for incomplete pricing

Rates shown as $[BY]/$[OYx] placeholders; completeness requirement strict.

High

High

Critical

Populate all rates to two decimals; provide per-category basis narrative and traceability crosswalk; conduct internal completeness check.

R3

Loss of Factor 2 evaluation credit / subcontracting plan deficiency

No numeric goals table; placeholders for firms/UEIs; no SDVOSB/VOSB certification evidence.

High

Medium

High

Add VA goal table, FAR 52.219-9 elements, certified firm details and dollar values; include Vet certification verification.

R4

Post-award access delays due to security compliance omissions

No explicit commitments for CSCA, FedRAMP, training certificates, incident reporting timelines, PIV/IAM.

Medium

High

High

Add security/privacy compliance appendix summarizing all required commitments and current certifications/authorizations.

R5

OCI disqualification/termination risk

OCI section not finalized; consultants/subs not addressed; heightened OCI sensitivity stated by VA.

Medium

High

High

Complete OCI disclosures for offeror and consultants/subs; include mitigation and recusal language; implement OCI governance.

High

Complete Factor 1 references: fill in customer/contract metadata, POP dates (prove within 5 years), geography/states, and clearly state Prime/Sub/JV role and workshare.

Section E Factor 1 instructions; Factor 1 evaluation criteria

Reduces likelihood of Unacceptable rating and strengthens confidence assessment.

High

Replace all placeholder page citations ([X–Y]) with exact page/paragraph references to the attached SOW/PWS/requirements documents; add a crosswalk table per reference.

Section E Factor 1 traceability requirement

Meets a mandatory instruction; improves evaluator verification speed and accuracy.

High

Finalize Price Volume with numeric rates (BY and OY1–OY9) at two decimals; add per-labor-category price basis and escalation assumptions; ensure narrative-table traceability.

Section E Factor 3 completeness/rounding; FAR 15.404-1(b)

Avoids rejection for incomplete pricing and supports reasonableness analysis.

High

Expand subcontracting plan to include numeric goals meeting VA Table 2 minimums (or explicit justification), plus full FAR 52.219-9 required elements; populate specific small business firms with UEI/address/status and estimated dollars.

Factor 2 instructions; VA goals table; FAR 52.219-9; VAAR 852.219-70

Improves compliance and maximizes Factor 2 scoring/credit.

High

Add a Security/Privacy Compliance Appendix: FedRAMP approach, CSCA within 30 days + annual, EHNAC/ATO status or security controls synopsis, 1-hour incident reporting, training/Rules of Behavior certificate timelines, data segregation/sanitization and 30-day destruction certification, PIV/IAM/NIST 800-63 alignment.

B.11 IT Contract Security; VAAR 852.204-71; liquidated damages clauses

Reduces onboarding delays and breach/termination exposure; demonstrates maturity.

Medium

Finalize OCI disclosure including subcontractor/consultant OCI statements and explicit recusal/mitigation aligned to B.7.4 and B.12.1/12.2.

VAAR 852.209-70; Section B.7.4; B.12

Reduces disqualification/termination risk; improves trust with CO.

Medium

Add explicit commitments for reimbursement submission within 30 days of adjudication and hold-harmless/no-billing Veterans provider terms; reference how provider agreements enforce these.

PWS 2.10; PWS 2.11

Demonstrates deeper PWS operational alignment beyond Factor 1 narrative.

Low

Add a short 'Modification Administration Compliance' subsection committing to B.6 deadlines, notifications, extension requests, and submission record retention.

Section B.6

Reduces administrative friction and CPARS risk.