Friday is the end of the beginning for the General Services Administration’s years’ long effort to develop the OASIS+ professional services contract.
After two years of planning, meetings, feedback and answering almost 900 questions about the final solicitations, vendors’ bids are due tomorrow.
Tiffany Hixson, GSA’s assistant commissioner for the Office of Professional Services and Human Capital Categories in the Federal Acquisition Service, said she is cautiously optimistic about moving forward into source selection for OASIS+.
“We do not plan on extending the proposal due date,” Hixson said during a webinar yesterday sponsored by ACT-IAC. “I like to remind those that may not be participating this time around or found out about the opportunity late, that it’s not a one and done. Once we get done with the initial source selections for OASIS+, we will be reopening the solicitations and plan to leave those open for most of the program’s lifecycle. That’s a pretty unique feature of this indefinite delivery, indefinite quantity (IDIQ) contract. I’m not really sure that message has really gotten out completely. So I’d like to remind our industry partners or really down the road for those new companies that are coming into the federal market, that all was not lost, once we got through the initial source selection for OASIS+ , we will keep the solicitations open for new entrants.”
Hixson added GSA doesn’t plan to have a cap of the number of awards under OASIS+, meaning all those who are qualified will make the cut, and for those who didn’t make the cut this time, they can try and try again.
GSA has been working on the follow-on to the highly successful OASIS multiple award contract since March 2021. The effort included 23 program updates to draft requests for proposals (RFPs), three industry days with more than 3,000 participants and more than 1,900 questions between the draft and final solicitations.
On top of that, Hixson said GSA has held office hours to answer vendor questions, training sessions on how to use the offer management and the proposal management tool, called Symphony, and received feedback and input from a vendor working group sponsored by ACT-IAC.
And now GSA is facing its first protest of OASIS+. Boston Consulting Group Federal filed a complaint with the Government Accountability Office on Aug. 28 over the terms of the solicitation.
Trends in questions about OASIS+ RFP
Hixson said through all that input and feedback, including more than 880 questions about the six final RFPs, she believes GSA has improved OASIS+.
“There were a couple of themes as we got through the acquisition lifecycle. One is there is still, even for us, a lot of confusion around how we evaluate joint ventures and small business teams who are coming together as primes as part of the source selection process. We had a lot of questions in that space. If you’re coming in as a small business team with primes, how does their experience count against our evaluation criteria?” Hixson said. “We thought we got that right, but then there was a Court of Federal Claims case that was related to a different procurement that GSA was running that impacted the language that we had in our initial solicitation or a draft solicitation that we had to update. The judge provided us with some feedback. We went back and nuanced that based on the judge’s findings, and in that case, so we’ve had a lot of questions in that space.”
Hixson said the other trend that emerged among the questions was around whether OASIS+ was a best-value trade off in the traditional sense. She said GSA developed the acquisition vehicle to focus around whether a company can meet the technical requirements and has a fair and reasonable price.
“I think, because this procurement is taking a slightly different approach than other governmentwide acquisition contracts and multiple award contracts, it’s just been harder for industry to understand sometimes,” she said. “I think that approach is a huge differentiator between this program and others. It’s really probably a test for GSA. And I think for industry, it’s been hard for them to go ‘Oh, yeah, that’s the thing, I need to focus on making sure that I’m showing that I’m qualified or a company is qualified or team is qualified, I don’t need to worry about competition from another company in that kind of way.’”
GSA was forced to delay bids for OASIS+ one time so far, mainly due to updates needed for the Symphony tool.
Symphony also suffered a potential security incident, but Hixson said that issue didn’t have anything to do with the proposal delay.
“There was a way that companies could get technical credit, and it was a niche way that they could get credit depending on how they were positioned. We didn’t have a place in Symphony for companies to put that in. So we actually had to update the software to allow for companies to take that credit,” she said. “Anytime you change software, you got to do the code, the testing and the security. So it took us a couple of weeks to get through that, and then we wanted to give industry time to be able to take advantage of that if that’s what they wanted to do. We already have lots of offers already coming in.”
As for the security incident, which potentially affected both vendors on OASIS and bidders on OASIS+, Hixson said a vendor came to GSA and pointed out a potential vulnerability in the tool.
GSA took the findings to its chief information officer and chief information security officer, who did a deep dive into the problem.
“We actually just finished the final review and didn’t see any breach of data at all based on logs and records. That was an initial relief,” Hixson said. We closed that vulnerability, and right now if you’re going to go in and set up an account, our helpdesk will actually reach out to you and ask for some additional validation and identity verification information to make sure that you are who you say who you are before we will give you an account in the tool. I think there are some improvements that we’re going to make in the logging of the system, but for the most part, we were super relieved that we actually did not have a security breach.”