Application replacement for the end-of-life IFSMR (Integrated Fire Services Management & Reporting)

Advance Contract Award Notice (ACAN) File/Contract No.: W2187-SPO-26-289 Definition of ACAN An Advance Contract Award Notice (ACAN) is a public notice informing suppliers that Canada intends to award a contract for goods, services or construction to a pre-identified supplier, and invites other suppliers to express their interest by submitting a statement of capabilities. If no other supplier submits a statement of capabilities demonstrating how they meet the set requirements in the ACAN by the closing date stated in the ACAN, the buyer may then proceed with the award to the pre-identified supplier. Purpose of the ACAN The purpose of this ACAN is to inform industry that Canada intends to award a contract to a pre-identified supplier to replace the end-of-life IFSMR (Integrated Fire Services Management & Reporting) application with a Commercial Off-The-Shelf (COTS) fire services management and reporting solution. The contract includes implementation (configuration and customization), historical data migration, bilingual (English and French) documentation and training, and ongoing support/maintenance for the initial period and options. Statement of requirements Type of software sought: a web/cloud-based COTS fire services management and reporting solution with integrated modules for: • Incident reporting and tracking (fire and non-fire), including medical emergencies, wildland fires and events involving aircraft and ships; • Inspections and prevention management (forms, compliance checks, history); • Training and exercises management (logs, records, tracking); • Asset, inventory and maintenance management; • Workflow, communications, reporting and dashboards (including compatibility with analytics tools such as Power BI or equivalent); • Document/media management (upload of PDF forms/images, metadata, search). Required capabilities include: • Configuration to meet Canadian Forces Fire Marshal (CFFM) requirements; • Secure migration of historical IFSMR data with integrity validation; • Bilingual (English and French) user interface, documentation and training; • Hosting on servers located in Canada only and processing at the Protected A level; • Support and maintenance (updates, patches, helpdesk) for the initial period and options. Security and privacy requirements (summary): • The Contractor must hold a valid Designated Organization Screening (DOS) and obtain approved Document Safeguarding Capability at PROTECTED A; • Personnel screening: at a minimum of a RELIABILITY STATUS for access to PROTECTED information; the Company Security Officer (CSO) must hold SECRET clearance (minimum) and all privileged user accounts must also hold a SECRET clearance (minimum); • No processing/production/storage of PROTECTED information on Contractor facilities and/or IT systems until written approval is issued by Public Services and Procurement Canada PSPC/ Contract Security Program (CSP) and/or applicable security authorities; • Compliance obligations include : the SRCL for this file, Schedule 1 (Security Obligations), Schedule 2 (Privacy Obligations) and the ‘IT Security Requirements for Information up to Protected B v1.5’, as applicable; • Cloud security: evidence of a Cloud Service Provider IT Security assessment (Information Technology Services (ITS)M.50.100 or other accepted assessment) and a departmental Security Assessment & Authorization (SA&A); • Logging, incident management/notification, access control (Role-Based Access Control (RBAC)/Multi-Factor Authentication (MFA)), encryption and flow-down to subcontractors/sub-processors as applicable; • Transmittal of PROTECTED material and any IT connectivity to DND systems require explicit authorization and approved channels. Expected deliverables and evidence (security and privacy) – to be provided upon request and/or at project kickoff • Evidence that the organization holds a valid DOS and approved PROTECTED A Document Safeguarding Capability (DSC), or a plan and schedule to obtain them if applicable. • List of proposed resources and required screening levels (RELIABILITY STATUS; SECRET for the CSO and for any resource with a privileged account), including identification of the CSO/ ISSO (Information System Security Officer). • Hosting architecture description and confirmation that servers and data storage (including backups) are located in Canada; list of locations (city/province) upon request. • Evidence/confirmation of Cloud Service Provider IT security assessment (Information Technology Services (ITS)M.50.100 or other accepted assessment) and commitment to support the departmental SA&A process. • Incident Management Plan (Incident Management Plan (IMP)) and notification process (security and privacy), including roles/responsibilities and escalation model. • Identity and Access Management (IAM) controls description (Role-Based Access Control (RBAC), Multi-Factor Authentication (MFA) for administrators/privileged access), account management and least-privilege enforcement. • Description of encryption controls for data at rest and in transit, key management, and logging/audit controls (access, retention, protection of logs). • List of subcontractors/sub-processors (if any), scope of work performed and performance locations; evidence that security and privacy obligations flow down. • Transmittal/document control procedures for PROTECTED material (approved channels, transmittal forms) and confirmation that no IT connectivity to DND systems will be established without explicit authorization. • Privacy Officer point of contact (if applicable) and description of support for access requests (Access to Information and Privacy (ATIP)) and breach/incident records . Evaluation criteria for assessment of statement of capabilities (minimum essential requirements) • Web/cloud COTS solution covering, at minimum: incident reporting/tracking, inspections/prevention, training/exercises, inventory/maintenance, reporting and dashboards. • Ability to migrate IFSMR data (including integrity validation and migration reporting). • Full bilingual capability (English/French) for user interface, documentation and training. • Hosting in Canada and demonstrated ability to meet Protected A handling and applicable SRCL/security/privacy/IT security obligations. Trade agreement applicability Based on the estimated contract value (services) and the applicable thresholds in effect from January 1, 2026 to December 31, 2027 (Contracting Policy Notice 2025-8), this procurement is subject to the following trade agreement(s): - Canadian Free Trade Agreement (CFTA) - World Trade Organization – Agreement on Government Procurement (WTO-GPA) - Canada–European Union Comprehensive Economic and Trade Agreement (CETA) - Canada–United Kingdom Trade Continuity Agreement (Canada-UK TCA) - Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP) - Canada–Chile Free Trade Agreement - Canada–Colombia Free Trade Agreement - Canada–Honduras Free Trade Agreement - Canada–Korea Free Trade Agreement - Canada–Panama Free Trade Agreement - Canada–Peru Free Trade Agreement - Canada–Ukraine Free Trade Agreement Set-aside indications Not applicable. Comprehensive Land Claims Agreement Not applicable. Justification for pre-identified supplier ICO Solutions holds exclusive intellectual property ownership and usage rights to the proposed solution as the original developer. Based on the client’s analysis, it is the only known product that meets the mandatory requirements (bilingual cloud-based solution, Canada data residency, functional, security and integration requirements) without significant customization, supporting the use of a pre-identified supplier. Government Contract Regulations exception(s) The following exception to the Government Contracts Regulations is invoked for this procurement under subsection 6(d) – “only one person or firm is capable of performing the contract.” Exclusions and/or Limited tendering reasons The following exclusion(s) and/or limited tendering reasons are invoked (Article (b) only – sole supplier: protection of exclusive rights and/or absence of competition for technical reasons): - CFTA 513.(1)(b) - CETA 19.12.(1)(b) - Canada-UK TCA: government procurement obligations are identical to CETA (incorporated by reference) – apply the equivalent of Article 19.12.(1)(b) - WTO-GPA XIII.(1)(b) - CPTPP 15.10.(2)(b) - Canada–Chile Kbis09.(1)(b) - Canada–Colombia 1409.(1)(b) - Canada–Honduras 17.11.(2)(b) - Canada–Korea 14.3 - Canada–Panama 16.10.(1)(b) - Canada–Peru 1409.(1)(b) - Canada–Ukraine Article 10.3 Intellectual property ownership Ownership of any Foreground Intellectual Property arising from the proposed contract will vest in the Contractor. Contract period and delivery dates An initial one (1) year period, followed by two additional one (1) year periods, with the option to extend by two (2) irrevocable one year option periods. Cost estimate of the proposed contract The estimated value of the proposed contract, including option(s), is $603,233.16 CAD (applicable taxes extra). Supplier information ICO Solutions Door 13, 217 Av. Léonidas S, Rimouski, QC, G5L 2T5, Canada Telephone: 1-877-636-8383 Email: info@icosolutions.com 1 877-636-8383 info@icosolutions.com Response procedure Suppliers who consider themselves fully qualified and available to provide the goods, services or construction services described in this ACAN may submit a statement of capabilities in writing to the contact person identified in this notice on or before the closing date of this notice. The statement of capabilities must clearly demonstrate how they meet the advertised requirements. Closing date and time The closing date and time for accepting statements of capabilities is March 12, 2026 at 2:00 p.m. EDT. Contact information Jean-Philippe Dufault, CD Senior Materiel Acquisition and Support Officer, Senior Procurement Office, Chief of Staff - ADM(IE) National Defence / Government of Canada National Defence Headquarters (NDHQ) 101 Colonel By Drive Ottawa, ON K1A 0K2 Canada Email: Jean-Philippe.dufault2@forces.gc.ca