Intent to Sole Source for Data Collection and Computing Infrastructure Services

This is an INTENT TO SOLE SOURCE NOTICE only. The Department of Veteran Affairs, Network

Contracting Office (NCO) 16, intends to issue a sole-source purchase order under the authority of 41 U.S.C 253(c) (1) - FAR 6.302-1 (only one responsible source and no other supplies or services will satisfy agency

requirements), to with MediaLab Solution, LLC., located at 1745 North Brown Road, Suite #300, Lawrenceville, GA., 30043. Supply delivery will be 30 Days ARO under NAICS 518210. The Vendor shall provide the below list of materials to G.V. (Sonny) Montgomery Veterans Healthcare System located at 1500 East Woodrow Wilson Avenue, Jackson, MS., 39216-5116. This action will result in a firm-fixed-price supply purchase order. The

period of performance shall be for 30 days ARO with option years. This notice of intent is not a request for quotations; interested parties may express their interest by providing a capabilities statement not later than

2 April 2026 at 10:00 AM CST, to [email protected] . When responding to this announcement, respondents should refer to number 36C25626P0505, Notice of Intent in the subject line. The capabilities statement must provide clear and unambiguous evidence to substantiate the capability of the party to provide the required supplies without deviation. Responding as an interested party under the www.beta.sam.gov website does not constitute convincing evidence of capabilities. A determination not to compete this proposed contract upon responses to this notice is solely within the discretion of the Government. Verbal and facsimile responses are not acceptable and will not be considered. All interested parties are reminded to be registered with System for Award Management (SAM) at https://sam.gov/SAM/ in order to be eligible for award of Government contracts. No telephone calls will be accepted. If after April 2nd at 10:00 am, no viable responses have been received in response to this announcement, NCO 16 shall negotiate solely with MediaLab Solution, LLC., located at 1745 North Brown Road, Suite #300, Lawrenceville, GA., 30043. The Government anticipates the award of a firm-fixed-price purchase order. A determination by the Government whether to compete the proposed requirement shall be based upon responses received and is solely within the discretion of the government. Information received shall be considered solely for the purpose of determining whether to conduct a competition. REQUIRED SUPPLIES: : The software shall meet the following specifications: General Design Laboratory ‘Software as a Service’ through Media Lab Federal with redundant servers and accessible from any computer 24/7, 365 days/year. Secure documents, passwords and personal information using encryption and Secure Sockets Layer (SSL). Provide system server backup and contingency to ensure access to documents during planned or unplanned downtime. Simple and intuitive, menu-driven, customizable portal or user interface. Modular software that components can be added or removed without requiring major upgrades or changing the functionality of the system. Multiple role or group-based permission levels that enable different levels of user access. The system should enable easy addition and removal of user and level of access. Total traceability – tracks who performed what steps of task or approval. Easy management of the entire life cycle of a document (create, edit, approve, issue and archive). Set priority tasks and reminders. Assign to self or other users. Customizable workflows based on department or level of importance. Document Viewer module or capability Ability to create customizable reports. Ability to download full back-ups on demand Generates site usage reports allowing some determination of system effectiveness. Fast supported implementation Vendor shall maintain a Memorandum Of Understanding MOU-ISA. 2.2 Document Control 2.2.1 The ability to manage the entire document lifecycle from creation, approval, editing, in use status and archiving. The ability to download multiple (in bulk) documents. Ability to link documents to forms (or to other documents) Ability to print controlled copies of documents Facilitate the use of standardized headers and formats for all sections of the lab. Identify documents using a numeric or alphanumeric system and be traceable to associated forms, job aids, derivative documents or policies, etc. Offer customizable design elements for the system or document control log, which include but not be limited to, document number, name, implementation date, location of copies, last revision date/approval/version number, review date/approval, review due date, and date retired. It must capture the changes made between versions and have a link between the version and approval. Document control log is updated automatically as documents, versions, and approvals are updated. Standard file extension compatibility that allows upload of Word (.doc, .docx, .rtf, .odt), Excel (.xls and .xlsx), PDF (.pdf), Microsoft Vizio (.vsd, .vsdx), PowerPoint (.ppt and .pptx), image files (.png and .jpg/.jpeg), etc. without the need for conversion. The documents must display easily. Multiple options for document list, query, and categorize including keywords, departments, or review status. It must be secure from editing for both the draft and final except for those assigned. The document control system must ensure that only current policies procedures or forms are in use. The ability to show the 'status' of documents – i.e.; draft, in approval routing, final, implemented, in review, retired. Ability to send notification emails with a link to affected employees to review new/revised procedures. Automatic, email notification (with embedded links) to approvers/ reviewers until tasks have been completed, with automatic escalation to a higher level after predefined number of failures to complete task. Automatic routing of new/revised documents to appropriate persons for review at appropriately determined intervals for draft review, approval, and periodic review. Ability of frequent reviewers to retrieve documents from a list of "in review' rather than having to open each email. Accessibility and communication to outside services (non-Pathology) for notification of document availability and accessibility to read document (full network/user accessibility). Examples include the ability to share manuals with distant CBOCs and to inform wards and clinics using point of care instruments about new policies, procedures, form and job aids, etc. Ability to audit/query records for timeliness/completion. Maintains document history for length of time required by regulations. Flexible version control to allow for major and minor changes, to enable versioning by dates or numbers and that can be enabled and disabled. Versioning should contain limits, history, restoration, archiving, and deletion. Enables the creation of specific metadata fields for each library. Current and default views of document libraries that are customizable. Flexibility of workflows to accommodate multiple approvers, fast track needs, delegations, or extra approvals. The ability of multiple users to access and edit documents. Multiple-user edits can be subsequently merged/reviewed for merge. Compass The ability to manage the entire competency lifecycle from creation, approval, editing, employee status and archiving completed assignments. The ability to download and upload assigned documents. Ability to link documents from document control into Compass. Facilitate the use of standardized/shared competency assessments across multiple campuses. Offer customizable design elements for each competency task. It must capture the changes made between versions and have a link between the version and approval. Compass is updated automatically as tasks, versions, and approvals are updated. Standard file extension compatibility that allows upload of Word (.doc, .docx, .rtf, .odt), Excel (.xls and .xlsx), PDF (.pdf), Microsoft Vizio (.vsd, .vsdx), PowerPoint (.ppt and .pptx), image files (.png and .jpg/.jpeg), etc. without the need for conversion. The documents must display easily. It must be secure from editing for both the draft and final except for those assigned. The competency assessment system must ensure that only current and approved assessments are in use. The ability to show the 'status' of a competency assessment for each employee. (complete/incomplete) Ability to send notification emails with a link to the affected employees to review new assignments. Automatic, email notification (with embedded links) to approvers/ reviewers until tasks have been completed, with automatic escalation to a higher level after predefined number of failures to complete task. Automatic routing of new/revised competency assessments to appropriate persons for review. Ability to audit/query user records for timeliness/completion. Maintains competency history for length of time required by regulations. Current and default views of competency libraries, that are customizable. Flexibility of workflows to accommodate multiple approvers, fast track needs, delegations, or extra approvals. The ability of multiple approved users to access, edit, and assign competency assessments. Continuing Education The Compliance & CE module shall have: The ability to build customized courses and quizzes. Preloaded P.A.C.E. credit courses that include all major laboratory disciplines. The ability to track continuing education by employee. The ability to print certificates of completion or transcripts on demand. Able to pull list of standards from accrediting bodies such as TJC, CAP, and FDA. Sending alerts to staff as well as supervisors as to approaching due dates for competencies. Regulatory Inspection Checklist Auditing and Management Supplier must be an approved participant of College of American Pathologists (CAP) Accreditation Checklist Distribution Program and the Joint Commission accreditation standards (TJC) Ability to import / upload custom accreditation standards from common accreditation agencies (e.g. - CAP, AABB, TJC, FDA, and others). Ability to search checklists Ability to link evidence or documents to checklist items Flexible workflow to delegate audits to multiple people with different levels of review. Ability to view or print report on current compliance. Ability to set and assign tasks to personnel, or link to document control for revisions. Comparison of previous year to current year standards. Option to transfer or update standards from previous year to current year. Reminders sent about upcoming audits and reviews that must be performed before due date. Regulatory Compliance Software must be compatible with multiple regulatory and accreditation agencies, such as CAP, JC, and AABB. Document compliance with the following Clinical Laboratory Improvements Amendments (CLIA) elements semiannually for new employees and annually thereafter: Direct observation of test performance Monitoring and recording of test results Review of test results Direct observation of instrument maintenance Assessment of test performance Evaluation of problem-solving skills SYSTEM SUPPORT AND MAINTENANCE Support (phone, email) must be available weekdays during normal business hours. Minimal server maintenance. Document backups available to staff during downtimes. Advance notification during server updates or down times. Storage capacity to archive all document types and workflow histories for at least 5 years after removal from use to meet the more stringent transfusion medicine and quality documents requirement is preferred. Alternatively, a minimal storage capacity is needed for archiving transfusion service documents and review/approval histories for 5 years, and other laboratory section records for 2 years. SECURITY REQUIREMENT FOR CLOUD SERVICES 4.1 Per the (OMB), any cloud services that hold federal data must be authorized by the Federal Risk and Authorization Management Program (FedRAMP). All Federal data must be stored on a FedRAMP authorized systems, and loss of FedRAMP authorization is equivalent to the inability to house federal data via a cloud service. FedRAMP authorization applies to all third parties and subcontractors that the vendor uses to store federal data. Proof of FedRAMP authorization must be provided, and the vendor must disclose where all data is stored. If any data is stored by a third party and/or subcontractor, the vendor must provide proof of FedRAMP authorization for these third parties and subcontractors. FedRAMP authorization must always be maintained by the vendor and all third parties and subcontractors the vendor uses to store federal data. 4.2 All cryptographic modules and hardware security modules (HSMs) must be FIPS 140-2 certified. The vendor must provide proof of FIPS 140-2 certification via a NIST approved validator. The operating platform upon which the FIP 140-2 certification was obtain must be maintained. If the solution is FedRAMP Authorized and VA Authorized: The information system solution selected by the Contractor shall comply with the Federal Information Security Management Act (FISMA) and have a current VA authorization. The Contractor shall comply with FedRAMP

requirements as mandated by Federal laws and policies, including making available any documentation, physical access, and logical access needed to support this requirement. The FedRAMP Authorization level and existing VA ATO should be no less than the level required for this use case which has been defined as Moderate Impact Level. The Contractor shall, where applicable, assist with the VA ATO Sustainment Process to help maintain health and quality of agency authorization of the cloud service or migrated application. The Contractor shall exclusively provide licenses and/or accounts to FedRAMP authorized and VA authorized environments. The Contractor shall afford VA access to the Contractor’s and Cloud Service Provider’s (CSP) facilities, installations, technical capabilities, operations, documentation, records, and databases. If new or unanticipated vulnerabilities are discovered by either VA or the Contractor, or if existing safeguards have ceased to function, the discoverer shall immediately bring the situation to the attention of the other party in accordance with Addendum B, VA Information and Information System Security/Privacy Language. VA Privacy and Security