Correction: DHS did include a the ISO-9001 and OTTP requirements in draft versions of the FirstSource III solicitation.
The Department of Homeland Security’s acquisition shop is one of the most well-respected in government. It communicates with industry almost better than any other.
It makes decisions that are both pragmatic and unselfish, like deciding not to pursue an EAGLE III multiple award contract and move the work to existing governmentwide acquisition contracts. The procurement office also admits when it makes mistakes, like it did with its agile procurement several years ago.
For these reasons and many others, it’s a real head scratcher why DHS is requiring two arduous certifications for vendors under its FirstSource III solicitation for technology products and related services.
Insight by ThunderCat Technology and Dell Technologies: Learn different ways agencies are taking more advantage of AI and ML tools to help exceed mission expectations by downloading this exclusive e-book.
In the request for proposals for this small business contract with a $10 billion ceiling, DHS mandated that small firms must have the ISO 9001:2015 Quality Management System and/or the Open Trusted Technology Provider Standards.
This decision to make these standards a requirement has led two small firms to file a protest with the Government Accountability Office on June 8, just a few days before bids were due.
The companies, z SofTech Solutions and KPaul Properties, claim the requirement for the certifications is “unduly restrictive” and creates an unnecessary limitation of the competition because DHS didn’t give bidders an appropriate amount of time to go through the process.
“DHS went rogue on this requirement,” said Leticia Alexander, the president of z SofTech Solutions, one of the two companies who filed a protest. “To be a value-added reseller (VAR), a system integrator or a managed service provider, you do not need all these certifications. DHS has conflated a lot of requirements for the reseller community. When we resell for major suppliers we do not need all these certifications. We work with distributors to ensure we are doing quality control processing. It’s a partnership effort and that is what we have distributors. To me DHS doesn’t know what the reseller agreement entails and they didn’t elicit that support from the supplier community or reseller community.”
Emails to DHS seeking comment were not returned. Typically, agencies do not comment on ongoing litigation anyways.
Procurement experts said that, generally speaking, when it comes to these types of protests, the agency and complainant resolves the issue before GAO gets a chance to issue a decision.
Kevin Paul, a member of KPaul Properties, said the requirements specifically to be ISO-9001 certified is inappropriate.
“Even if the government is able to justify the requirement for the certification, the certification relates to quality management and maintenance of standards that would be applied during contract performance, rather than relating to the contractor’s ability to do the particular work requested in the solicitation,” Paul said in an email to Federal News Network. “The requirement that offerors present a currently effective certification at the time of Phase I submission unduly restricts competition and is not rationally related to any agency need. Instead, the agency could check for compliance later in the process during Phase 2, at the time of award, or at some predetermined length of time after award (such as is the case with the GSA 2GIT BPA – 10 months). This would maximize the number of eligible offerors, not impose undue financial burden on small businesses, and would not impede any legitimate governmental need as the certifications relate to evaluating and maintaining quality during contract performance. Potential elimination during Phase I would be wholly arbitrary when contractors will be able to meet all desired requirements by the time contractual performance begins. This issue was brought up multiple times in the Q&A, but was rejected by DHS.”
Paul added GAO previously ruled in favor of the companies who filed similar protests–USA Jet Airlines, Inc.; Active Aero Group, Inc., B-404666 (April 1, 2011), and Lbm Inc., B-286271 (Dec. 1, 2000).
Alexander agreed that it seems like DHS is trying to limit competition, particularly from small disadvantaged businesses.
She said it could take six months and cost upwards of $30,000 to get an ISO-9001 certification.
“I’ve worked with IBM, and my company works with IBM, CISCO, AWS and many others and none of them asked us for these certifications,” Alexander said. “We work with our suppliers to ensure we have quality control. We share that responsibility because it has to be a collaborative approach. That is why we think it is just another barrier.”
Paul added, “What the DHS is doing is creating a pool of large companies who technically meet some required socio-economic status but can choke out other more appropriately labelled business size statuses.”
Alexander and Paul want DHS to remove the certification requirements from the request for proposals.
“This is not a way to get small businesses involved,” Alexander said. “We were on a call with DHS, asked them about this requirement. They didn’t answer the questions. We don’t think DHS is upholding up their end of the bargain about making it easier to do a business with underserved communities.”
Many procurement experts said FirstSource has been a small business success story with more than 16,000 task orders to small firms worth more than $3.8 billion since fiscal 2012, according to Bloomberg Government. BGov said the top spending bureaus since 2012 are Customs and Border Protection ($1.3 billion), U.S. Citizenship and Immigration Services ($613 million) and FEMA ($374 million).
Again, this is why the requirement for ISO and OTTP certifications is so surprising. Why would DHS decide to require these standards without any sort of previous alert or notification, and why would they not answer questions from the vendors asking about the requirement?
For a procurement shop that has made its reputation of being among the most transparent, this is disappointing.
The reason why KPaul and z SofTech Solutions are taking the time and spending the money to file bid protests is they, and many other vendors, recognize the growing trend to use multiple award contracts across government.
BGov found agencies spent more money through multiple award contracts in fiscal 2020 than ever before. Agencies obligated $159 billion through more than 2,000 of these acquisition vehicles.
BGov said about one-half of all MAC spending was for IT and professional services last year.
Since 2016, the Defense Department’s reliance on multiple award contracts grew by 50% while civilian agency use grew by 33%. Small businesses also did well through MACS, winning about 33% of all awards for the second year in a row in 2020.
BGov said task orders expiring through fiscal 2026 on legacy MACs are worth $20 billion, meaning getting on the next generation of multiple-award contracts like FirstSource or the General Services Administration’s Polaris or the National Institutes of Health’s IT Acquisition Assessment Center’s CIO-SP4 is much more important.
“GSA is rolling out this new contract vehicle in cohorts, balancing the need to provide innovative products and services that agencies require quickly, with the intent to on-board the broadest number of small businesses over time,” said Federal Acquisition Service Commissioner Sonny Hashmi in a statement. “Through this strategy, GSA can start to create an immediate positive impact to our partner agencies’ mission, while increasing opportunities for our small business partners.”
GSA said it intends to make STARS III awards in phases with the next cohort coming later this summer.
Agencies were big fans of the 8(a) STARS II contract, requiring GSA to increase the contract’s ceiling by $7 billion last year. Agencies spent more than $11.1 billion on the contract since 2011.