Protest decision backs past performance validation for CIO-SP4 bids

It was Ronald Reagan who popularized the phrase, Trust but Verify. He was talking about the Soviet Union and missile treaties, but it seems that the National Institutes of Health's IT acquisition organization channeled their inner Reagan in writing the CIO-SP4 contract.

NIH's Information Technology Acquisition and Assessment Center is using a three-phase evaluation of proposals. In phase one, bidders can score themselves in the contract’s task areas -- IT services, CIO support, digital media, outsourcing, IT operations and maintenance, integration services, cybersecurity, digital government and cloud services, ERP, and software development.

Companies with the highest scores advanced to phase two, where they have to prove the experience they claim in phase one is real. For each experience reference from phase one, bidders were required to submit information including the customer name and project name. The customer also must sign the reference.

Which is where Tata America International Corp. ran into trouble. The company says it can’t submit that information because of non-disclosure agreements with its commercial customers.

The company took that argument to the Government Accountability Office, claiming that the CIO-SP4 requirement was “unduly restrictive of competition.” Tata would be at a disadvantage in the competition because it couldn’t submit examples of its work with commercial customers.

Tata America is part of a large international technology company, Tata Consultancy Services, which had $22.2 billion in revenue for its most recent fiscal year.

The company’s arguments fell flat as GAO denied the protest.

NITAAC has the provision in the solicitation to “provide validation beyond the offeror’s own assertion regarding the experience provided.” Relying solely on the bidder’s representation introduces the risk of a fraudulent submission, the contracting officer told GAO.

Tata argued that there already are rules and regulations that make false statements illegal. The requirement in the solicitation is “redundant and not reasonably necessary to meet the Agency’s needs,” the company said.

But GAO said the contract number and customer name are “essential data.”

Tata also argued there were alternative ways to validate the experience submissions without naming names. For example, the submission of redacted contracts that include dates, value and task areas but not anything that would identify the customer.

The company said GSA doesn’t require the identity of customers and customer signatures for some of their self-scoring contracts.

But GAO countered that each contract is a separate transaction, so different contracts can have different requirements.

“Even if other agencies have issued solicitations that accept information that the protester views as less restrictive, nothing bars NIH from imposing the otherwise reasonable requirement for information,” GAO wrote.

Tata's protest may be resolved, but there are still five other pending challenges at GAO involving the CIO-SP4 contract. The pending protests all were filed after the Aug. 20 deadline for bids. They likely are protesting their eliminations from the competition. Decisions are expected in December.

There have been 20 total protests over this contract to date. Many of those have challenged the solicitation because of ambiguities in the solicitation and were dismissed as NITAAC continued to make adjustments.