Application replacement for the end-of-life IFSMR (Integrated Fire Services Management & Reporting)

This selective competitive solicitation follows ACAN W2187-SPO-26-289-A and is being issued to the suppliers who submitted statements of capabilities in response to that ACAN. The invited/selected suppliers for this solicitation are ICO Solutions and One Step Information Systems Inc. Other interested suppliers may request a copy of the solicitation from jean-philippe.dufault2@forces.gc.ca. Canada will not update the list of invited suppliers if additional suppliers request copies of the solicitation. The requirement is for the replacement of the end-of-life IFSMR (Integrated Fire Services Management & Reporting) application with a commercially available cloud-based or web-based fire services management and reporting solution, including implementation, configuration, secure data migration, bilingual documentation and training, and ongoing support and maintenance. The solution must support, at a minimum, incident reporting and tracking, inspections and prevention management, training and exercises management, asset, inventory and maintenance functions, workflow and communications, dashboards and reporting, and document and media management. The resulting contract is expected to include an initial one-year period, followed by two additional one-year periods, with the possibility of extending the contract by two further irrevocable one-year option periods. Evaluation will be based on the highest combined rating of technical merit and price, with a weighting of 70% for technical merit and 30% for price. This solicitation contains mandatory security requirements. The solution must be hosted in Canada, support the handling of Protected A information, and comply with the applicable security, privacy, and information technology security requirements, including the SRCL, commercial cloud security obligations, privacy obligations, and the information technology security requirements applicable to the requirement. The successful supplier will be required, throughout the contract period, to hold a valid Designated Organization Screening and to obtain approved Document Safeguarding Capability at the Protected A level. Personnel requiring access to Protected information must each hold, at a minimum, a valid Reliability Status. The Company Security Officer must hold a valid Secret clearance at a minimum, and any personnel with a privileged user account must also hold a valid Secret clearance. Privileged accounts include access enabling changes to security controls, system configurations, audit logs, backups, or the accounts and data of other users. The Contractor must not use its facilities or its information technology systems to process, produce or store Protected information until the required written approvals have been issued by the competent authorities. The supplier must also provide evidence of a completed Cloud Service Provider Information Technology Security assessment, or another accepted assessment, and support the departmental Security Assessment and Authorization process for the system in scope of the contract. Subcontracts containing security requirements must not be awarded without prior written approval from the competent authorities. The solution must also provide appropriate security controls, including account and access management, multi-factor authentication for administrative and privileged access, activity logging and auditing, security incident management, personal information protection, and the measures necessary to support service continuity, monitoring, recovery, and overall compliance with the applicable contractual obligations.