CGI Federal, Inc.

DOCUMENT FOR PUBLIC RELEASE
The decision issued on the date below was subject to a GAO Protective Order. This redacted version has been approved for public release.

Decision

Matter of: CGI Federal, Inc.

File: B-423041; B-423041.2; B-423041.3; B-423041.4

Date: January 13, 2025

DIGEST

Protest challenging the agency’s evaluation of quotations is denied where the evaluation was reasonable, even-handed, and consistent with the stated evaluation criteria.

CGI Federal, Inc., of Fairfax, Virginia, protests the issuance of an order to Unison Software, Inc., of McLean, Virginia, pursuant to request for quotations (RFQ) No. 31310024Q0019, issued by the Nuclear Regulatory Commission (NRC) for acquisition management system support. The protester contends the agency unreasonably evaluated quotations.

We deny the protest.

BACKGROUND

The agency issued the RFQ on April 11, 2024, pursuant to the procedures of Federal Acquisition Regulation (FAR) subpart 8.4 (Federal Supply Schedules). Agency Report (AR), Tab 3, RFQ at 1.[1] The solicitation contemplated the issuance of a single order, with fixed-price and labor-hour contract line items, with a 1‑year base period of performance and nine 1‑year option periods. Id. at 5-11. The RFQ sought quotations to provide acquisition management system (AMS) services, to include enterprise-wide software licenses, system implementation, and hosting that will fully integrate data, functionality, and workflow with the NRC’s existing financial accounting and integrated management information system (FAIMIS) core financial system, CGI’s Momentum federal enterprise resource planning system. Id. at 5. The contractor will also be required to provide help desk support, training, and operation and maintenance of the proposed solution. Id.

The solicitation advised the order would be issued to the vendor whose quotation represented the best value to the agency. Id. at 80. The RFQ identified a preliminary pass/fail evaluation factor, under which the NRC would “evaluate whether the Quoter’s proposed Acquisition Management System (AMS) solution is hosted in an existing [Federal Risk and Authorization Management Program (FedRAMP)]-authorized cloud solution with an impact level of at least moderate.”[2] Id. Vendors’ quotations that failed this initial gating criterion would not be further evaluated. Id. The solicitation provided five non-cost/price factors, listed in descending order of importance: (1) technical capability and functionality; (2) technical approach; (3) corporate experience; (4) past performance; and (5) solution conformance to the standards for section 508 of the Rehabilitation Act.[3] Id. The technical capability and functionality factor had two identified subfactors: (a) technical capability; and (b) technical functionality. Id. The RFQ explained that the non-cost/price factors, when combined, were approximately equal to evaluated cost/price.[4] Id.

The agency received quotations from both CGI and Unison by the established May 23 due date. Contracting Officer’s Statement (COS) at 1. The following is a summary of the final ratings of the firm’s quotations:

	Unison	CGI
FedRAMP	Pass	Pass
Technical Capability and Functionality
Technical Capability	Outstanding	Outstanding
Technical Functionality	Outstanding	Very Good
Technical Approach	Outstanding	Marginal
Corporate Experience	Outstanding	Very Good
Past Performance	Excellent	Excellent
Sec. 508 Compliance	Outstanding	Outstanding
Evaluated Cost/Price	$34,783,556	$18,994,902

 

AR, Tab 11, Source Selection Decision (SSD) at 2.

In selecting Unison’s quotation for award, the source selection official, who was also the contracting officer, compared the positive and negative attributes of each vendor’s approach, and found discriminators under the technical functionality and the technical approach subfactors. Id. at 6. As she explained:

The identified discriminators between the quotations are significant and as a result, Unison’s quotation has merit that is appreciably advantageous to the Government as their superior Technical Approach gives me high confidence that Unison will be successful in providing the NRC with a fully integrated system and support over the period of performance of the contract. While the CGI quotation also provides some benefits in the non-cost/price factors, there were significant weaknesses that result in significant risk in CGl’s technical approach. In my judgment, the technical superiority of Unison’s Technical Approach, and the identified discriminators between the quotations justify the price premium of approximately $15,788,653.99 (45 [percent]).

Id. at 7.

The NRC issued the order to Unison on September 27. COS at 1. Following a brief explanation of the agency’s award decision, CGI filed this protest on October 7.

DISCUSSION

CGI raises several grounds of protest. First, the protester contends Unison’s quotation is unable to meet the FedRAMP pass/fail criterion, and that the NRC failed to consider this under the technical approach and past performance factors. CGI also challenges the agency’s evaluation of quotations under the technical capability and functionality factor, as well as the technical approach factor, arguing the NRC’s evaluation was unreasonable, inconsistent, and unequal. Additionally, the protester challenges the agency’s best-value decision. For the reasons that follow, we find no basis to sustain the protest.[5]

FedRAMP Status for Unison’s Quotation

As noted above, the RFQ included an initial pass/fail evaluation, as to “whether the Quoter’s proposed Acquisition Management System (AMS) solution is hosted in an existing FedRAMP-authorized cloud solution with an impact level of at least moderate.”[6] RFQ at 80. Unison proposed as its AMS solution its PRISM platform, which the NRC has been using as its AMS solution since 2013; the NRC refers to PRISM as its Strategic Acquisition System (STAQS).[7] AR, Tab 7, Unison’s Quotation at 7. Unison’s quotation explained that its AMS solution was FedRAMP-authorized with an impact level of at least moderate. Id. at 10. Specifically, Unison stated its PRISM software as a service (SaaS) “is already a FedRAMP-authorized SaaS Solution on Amazon Web Services (AWS), with agency sponsorship and an Authority to Operate (ATO) by multiple federal agencies.” Id. at 11. Unison’s quotation then explained that “PRISM SaaS is listed on the FedRAMP Marketplace[]” and provided a link to the FedRAMP marketplace website. Id. This website allows users to search products, and displays the impact level and authorization status. https://marketplace.fedramp.gov/products (last visited Dec. 23, 2024). Both vendors’ quotations received a “pass” under this evaluation factor. AR, Tab 10, Selection Evaluation Pannel (SEP) Consensus Report at 5, 17.

Where, as here, an agency issues a solicitation to federal supply schedule (FSS) vendors under FAR subpart 8.4 and conducts a competition, we will review the record to ensure that the agency’s evaluation is reasonable and consistent with the terms of the solicitation. Digital Sols., Inc., B‑402067, Jan. 12, 2010, 2010 CPD ¶ 26 at 3‑4. In reviewing a protest challenging an agency’s technical evaluation, our Office will not reevaluate quotations; rather, we will examine the record to determine whether the agency’s evaluation conclusions were reasonable and consistent with the terms of the solicitation and applicable procurement law and regulation. Id. A protester’s disagreement with the agency’s judgment, without more, does not establish that an evaluation was unreasonable. Electrosoft Servs., Inc., B‑413661, B‑413661.2, Dec. 8, 2016, 2017 CPD ¶ 7 at 4‑5.

CGI raises numerous challenges concerning the FedRAMP status for Unison’s AMS solution. First, the protester argues the agency erred in assigning Unison a “pass” rating under the initial evaluation factor, as the awardee’s solution could not meet the requirements established in the RFQ. In support, CGI contends Unison’s AMS solution‑-PRISM, or at least a portion of that solution, relies on Unison’s FedConnect cloud service, which, at the time of this protest, was in a FedRAMP suspended status.[8] Protest at 9‑12; Comments and 2nd Supp. Protest at 6-8; Supp. Comments and 3rd Supp. Protest at 5‑7. However, as noted by the agency and the intervenor, there are several fatal flaws in the protester’s argument.

First, relevant FedRAMP guidance explains that when a provider receives a provisional authorization to operate its cloud system, it agrees to implement a continuous monitoring program and to adhere to a variety of requirements. AR, Tab 14, FedRAMP Continuous Monitoring Performance Management Guide, ver. 2.1, at 5. If the cloud service provider fails to meet these requirements, FedRAMP initiates an escalation process, by which FedRAMP identifies a continuous monitoring deficiency, notifies the service provider, and takes one of several actions. FedRAMP could: (a) provide a detailed finding review; (b) issue a corrective action plan; (c) suspend the provider’s provisional authority to operate until deficiencies are resolved; or (d) permanently revoke a system’s provisional authority to operate. Id. at 6.

However, when in a “suspended” phase, an agency using a suspended cloud system has the discretion to suspend use of the cloud service. See Intervenor’s Comments, exh. 4, FedRAMP Continuous Monitoring Performance Management Guide, ver. 3, at 73. In this regard, applicable FedRAMP guidance suggests that a suspension of an authority to operate (ATO) a previously approved system does not necessarily mean that the system has lost its prior accreditation. Specifically, as discussed above, the guidance provides that an agency “may choose to suspend use” of a cloud system offering when such system is in suspended status, which indicates that an agency may otherwise elect to continue to use the system while in suspended status. Id. The guidance further provides that “[i]f the [cloud service provider (CSP)] does not resolve a ‘Suspension’ within the agreed upon timeframe or if the agency [authorizing official (AO)] determines the CSP can no longer meet FedRAMP compliance requirements, the agency AO may revoke the [cloud service offering’s] ATO(s).” Id. This further indicates that a temporary suspension does not necessarily mean that the cloud service offering has lost its prior accreditation. Here, as there is nothing in the record to suggest the NRC has suspended its use of FedConnect, the protester’s argument is without merit.

Second, and dispositive to our analysis, the record reflects that Unison proposed its PRISM contracting SaaS system, not FedConnect, as its AMS solution, and specifically cited PRISM in its quotation as satisfying the pass/fail evaluation factor. See AR, Tab 7, Unison’s Quotation at 11 (explaining that “PRISM SaaS is already a FedRAMP-authorized SaaS Solution” and indicating its impact level is at least moderate); see also Intervenor’s Comments at 4-5 (providing numerous citations to Unison’s quotation that highlights Unison’s AMS solution is PRISM SaaS). As noted in CGI’s protest, Unison’s PRISM SaaS solution has a FedRAMP impact level of moderate. Protest at 10. Accordingly, we find no basis to sustain this allegation.[9]

Next, CGI contends that the NRC failed to consider the effects of FedConnect’s suspended status in its evaluation under other evaluation factors. For example, under the technical approach factor, the protester argues the agency unreasonably “failed to evaluate the risk impact of the currently suspended status of the FedConnect solution[.]” Comments and 2nd Supp. Protest at 8; see also Supp. Comments and 3rd Supp. Protest at 10-11. In this regard, CGI suggests the agency was bound by the terms of the solicitation to “evaluate each quoter’s ability to maintain compliance with the FedRAMP requirement[,]” and that “at the time of the Agency’s evaluation, there was significant countervailing evidence suggesting that Unison could not meet the evaluation criteria to demonstrate the ability to maintain compliance with FedRAMP requirements.” Comments and 2nd Supp. Protest at 9.

Again, there are several fundamental flaws in CGI’s arguments. First, the RFQ limited the NRC’s consideration of quotations under the technical approach factor to whether the vendor’s approach could “deliver the requirements outlined in the Statement of Objectives[.]” RFQ at 80. The protester’s suggestion that the evaluation criteria somehow encompassed whether a vendor would, throughout the life of the awarded contract, maintain compliance with FedRAMP requirements is unsupported by the terms of the solicitation. See Comments and 2nd Supp. Protest at 9 (citing to portions of the quotation preparation instructions, as well as to the scope and compliance information of the statement of objectives (SOO)). Indeed, whether Unison can adhere to applicable FedRAMP requirements during its performance is a matter of contract administration, which we will not consider. 4 C.F.R. § 21.5(a).

Next, even assuming the solicitation placed upon the NRC an onus to consider whether Unison could, given the suspended status of FedConnect, maintain compliance with FedRAMP requirements,[10] the agency was unaware of FedRAMP’s suspension of FedConnect until CGI filed this protest. The record demonstrates the agency evaluated quotations under the pass/fail evaluation factor in May, during which time FedConnect was not in a suspended status. See COS at 3. Subsequently, FedRAMP designated FedConnect as “in suspension” on September 5. See AR, Tab 19, FedRAMP Notice of Suspension at 1-2. However, the agency provides that it was unaware of this development, which occurred approximately four months after the agency reviewed Unison’s quotation under the gating pass/fail factor. COS at 2. The agency explains that it was “not one of the four ‘Authorizing Entities’ who would receive direct correspondence from FedRAMP on any status change.” Supp. MOL at 5; see also Tab 15, Email re: Notification of FedConnect Status at 1 (confirming that the NRC never received correspondence relating to FedRAMP’s suspension of FedConnect).

Undeterred by the agency’s lack of knowledge of the suspension, the protester attempts to place additional requirements upon the agency. CGI argues the agency’s lack of awareness of the suspension was itself unreasonable, as the NRC should have investigated FedConnect’s status. In this regard, CGI posits that because suspension is only one in a series of escalating steps taken by FedRAMP to remedy continuous monitoring requirements, the NRC must have been aware of the issues leading up to the suspension. Comments and 2nd Supp. Protest at 10 (“The Agency’s conclusory statement that it did not know of the foregoing escalations strains credulity.”); see also Supp. Comments and 3rd Supp. Protest at 10-11. But, again, the agency explains that “it had no knowledge of any FedConnect issue until learning of it from Protester’s original protest on or about October 7, 2024[.]” NRC Resp. to Supp. Doc. Req., Dec. 4, 2024 at 1; Supp. MOL at 5 (in response to CGI’s allegations, “the NRC looked into what information the agency may have received prior to being informed of it by Protester. The answer is none.”). Nothing in the record contradicts the agency’s explanation or supports an alternative explanation.[11] Moreover, the protester points to no requirement‑-in law and regulation, in our prior decisions,[12] or in the terms of the RFQ‑‑that would require the agency, sua sponte, to investigate FedRAMP’s historical evaluation of FedConnect’s compliance with requisite monitoring requirements.[13] In summary, we find no basis to object to the agency’s evaluation of Unison’s quotation under the technical approach factor, with regard to the status of its cloud solutions under FedRAMP.

We next turn to CGI’s argument that Unison’s quotation should have received a lower rating under the past performance factor because the agency failed to consider Unison’s compliance history with FedRAMP. Protest at 13; Comments and 2nd Supp. Protest at 11; Supp. Comments and 3rd Supp. Protest at 11-12; 2nd Supp. Comments at 11. The solicitation explained that the NRC would “evaluate the Quoter’s Past Performance information to assess how well the Quoter performed on relevant contracts that were completed within the past three (3) years or are currently being performed.” RFQ at 81. The RFQ also provided that the agency “may consider other past performance information obtained from any other source.” Id. Unison’s quotation received the highest rating under this factor, a rating of excellent. AR, Tab 11, SSD at 2.

The protester contends Unison’s FedRAMP compliance history represents information that is “too close at hand” and that the NRC had an obligation to consider such information in its past performance evaluation. Our Office has stated that in certain limited circumstances, an agency has an obligation (as opposed to the discretion) to consider “outside information” bearing on a vendor’s or offeror’s past performance because such information is “too close at hand” to ignore so to require vendors or offerors to shoulder the inequities that spring from an agency’s failure to obtain and consider the information. Strategi Consulting LLC; Signature Consulting Group, LLC, B‑416867, B-416867.4, Dec. 21, 2018, 2019 CPD ¶ 10 at 13. However, our Office has not extended the “close at hand” principle to apply to every case where an agency might conceivably find additional information regarding an offeror’s quotation. See U.S. Facilities, Inc., B‑293029, B-293029.2, Jan. 16, 2004, 2004 CPD ¶ 17 at 12. Rather, our Office has generally limited application of this principle to situations where the alleged “close at hand” information relates to contracts for the same services with the same procuring activity, or information personally known to the evaluators. TRW, Inc., B-282162, B‑282162.2, June 9, 1999, 99-2 CPD ¶ 12 at 5; Leidos, Inc., B-414773, B‑414773.2, Sept. 12, 2017, 2017 CPD ¶ 303 at 10.

As applied, CGI’s argument does not withstand scrutiny. First, as explained above, the agency had no actual knowledge, or reasonable basis to have known, that Unison’s FedConnect cloud solution was, or potentially could be at the time of its evaluation, placed on FedRAMP suspended status. Second, also as noted above, FedRAMP is managed by GSA, not the NRC. As such, the “too close at hand” doctrine would not apply, as the information from FedRAMP would not relate “to contracts for the same services with the same procuring activity, or information personally known to the evaluators.” See TRW, Inc., supra at 5. And third, CGI presents no factual basis to suggest that FedConnect’s compliance monitoring record would be material in an evaluation of Unison’s historic performance on contracts. As such, we find no basis to sustain this allegation.

CGI also presents arguments that the awardee made material misrepresentations in its quotation, as it relates to Unison’s proposed AMS solution, PRISM. In this regard, the protester contends because Unison’s PRISM cloud solution was also placed in suspension by FedRAMP in November 2024 (approximately 4 months after the agency evaluated FedRAMP status and two months after award, but during the pendency of this protest), Unison’s quotation must have misrepresented that it could meet various requirements identified in the RFQ’s SOO. Supp. Comments and 3rd Supp. Protest at 7-12; 2nd Supp. Comments at 4-10.

Our Bid Protest Regulations contain strict rules for the timely submission of protest allegations; these rules reflect the dual requirements of giving parties a fair opportunity to present their cases and resolving protests expeditiously without unduly disrupting or delaying the procurement process. Verizon Wireless, B-406854, B-406854.2, Sept. 17, 2012, 2012 CPD ¶ 260 at 4. Our regulations provide that a protest allegation must be filed not later than 10 days after the protester knows or should have known the basis for its protest, whichever is earlier. 4 C.F.R. § 21.2(a)(2); accord. Kolb Grading, LLC, B‑420310.2, Dec. 8, 2021, 2022 CPD ¶ 6 at 2.

Under the circumstances presented, we conclude CGI’s supplemental allegation is untimely. The record evidence reflects that no later than November 21, FedRAMP publicly posted on the FedRAMP website that Unison’s PRISM cloud solution was in suspension. See AR, Tab 20, Unison Email regarding PRISM; 2nd Supp. MOL at 2, n1. The record also illustrates CGI’s dependence on the FedRAMP website to support its protest earlier raised allegations regarding FedConnect. See Protest at 10-11, 14; Comments and 2nd Supp. Protest at 7. Despite the protester’s actual knowledge of, and reliance on, the FedRAMP website, CGI did not raise its misrepresentation allegations based on PRISM’s suspension until December 6, more than 10 days after that information was publicly available on the FedRAMP website. In this circumstance, where CGI was clearly aware and reliant upon the FedRAMP website, we conclude CGI’s protest allegation is untimely raised. 4 C.F.R. § 21.2(a)(2).

Moreover, even if we were to reach the merits of this allegation, CGI’s argument presents no basis to sustain the protest. The record demonstrates Unison submitted its quotation on May 23; PRISM was not in a suspended status at that time. COS at 1; Protest at 10. The agency evaluated Unison’s quotation under the pass/fail evaluation factor in late May; PRISM was not in a suspended status at that time. COS at 3; Protest at 10. The NRC issued the order to Unison on September 27; PRISM was not in a suspended status at that time. COS at 1; Protest at 10. Then, on or about November 21--approximately two months following award--FedRAMP publicly posted that Unison’s PRISM cloud solution was in suspension. See AR, Tab 20, Unison Email regarding PRISM; 2nd Supp. MOL at 2, n1. Thus, where PRISM’s FedRAMP status was active from the time of proposal submission through award, it is not apparent on what basis the awardee could have misrepresented its status. Given this timeline of events, we cannot conclude Unison’s quotation misrepresented that it could meet various requirements identified in the SOO because of PRISM’s subsequent suspension by FedRAMP approximately two months after award.

Technical Evaluation

CGI also raises numerous challenges to the agency’s evaluation of quotations under the technical capability and functionality and technical approach factors. In this regard, and concerning the agency’s evaluation of its own quotation, the protester contends the NRC failed to assign numerous strengths, and improperly assigned weaknesses. Moreover, CGI argues the agency unevenly evaluated quotations, where Unison’s quotation received strengths for various features also included in CGI’s quotation, yet the protester was not also credited with similar strengths. Additionally, the protester contends the agency ignored aspects of Unison’s quotation that warranted the assignment of several weaknesses. Given the volume of allegations raised by the protester, we discuss only a few representative examples, below. However, we have reviewed each of CGI’s arguments concerning the agency’s evaluation under the technical factors and subfactors and find no basis to sustain the protest.[14] Rather, the record demonstrates that the agency’s evaluation was reasonable, even-handed, and in accordance with the terms of the RFQ.[15]

CGI alleges various concerns related to NRC’s evaluation of quotations under the technical functionality subfactor. Under this subfactor, vendors were to provide a live demonstration of their proposed AMS solution, with specific focus on the functionality requirements identified in the SOO. RFQ at 76. The NRC would “evaluate the functionality of the proposed AMS solution and subjectively evaluate the ease of use of that solution.” Id. at 80. While Unison received a rating of “Outstanding” for its demonstration, CGI received a rating of “Very Good”. AR, Tab 11, SSD at 2. In assessing CGI’s final rating, the SEP assigned the firm’s quotation 9 strengths and 13 weaknesses. AR, Tab 10, SEP Consensus Report at 6-7.

First, CGI challenges the assignment of numerous weaknesses to its quotation under this subfactor. Taking one illustrative example, the protester contends its demonstration received a weakness because the agency wrongly believed (and contrary to CGI’s demonstration) that document numbers were automatically generated in its AMS solution and would be difficult to correct. Comments and 2nd Supp. Protest at 17; Supp. Comments and 3rd Supp. Protest at 15-16, 25. In the protester’s view, the NRC ignored a verbal statement in its demonstration that document numbers could be (but were not required to be) [DELETED] (and thus more difficult to edit) and also failed to properly consider the system’s [DELETED] functionality. Id.

As an initial matter, CGI truncates the purported basis for the assigned weakness. The SEP explained:

Potential for long-term data issues due to the way that the document numbers are created--users must enter data on each requisition/solicitation/award document so that the system can generate a number. Even with the ability to use a look up table, and user training, this increases the chances that users will select incorrect data leading to document numbers that are not in compliance with the FAR and will be difficult to correct.

AR, Tab 10, SEP Consensus Report at 7.

As further explained by the agency, under the protester’s AMS solution, to generate the document numbers, “a user must [DELETED] before the document number is generated by the system.” 2nd Supp. MOL at 12. This process, thus, “provides the user with four different opportunities for error, which may be difficult to correct when the error is ultimately identified by contracting personnel.” Id. While CGI asserts its [DELETED] is actually beneficial, as it provides more options for the user, the agency disagreed, believing that such a system introduced more risk of error. See AR, Tab 10, SEP Consensus Report at 7. Moreover, the [DELETED] function of the protester’s technical solution (which, as the agency notes, was not actually demonstrated) does not otherwise make the SEP’s consideration regarding risk of initial selection error otherwise unreasonable. CGI’s disagreement with the agency’s reasonable assessment provides no basis to sustain the protest. Electrosoft Servs., Inc., supra at 4‑5.

CGI also alleges numerous instances of unequal treatment with respect to the agency’s evaluation. It is a fundamental principle of federal procurement law that a contracting agency must evaluate in an even-handed manner. Spatial Front, Inc., B‑416753, B‑416753.2, Dec. 10, 2018, 2018 CPD ¶ 417 at 13. To prevail on an allegation of disparate treatment, a protester must show that the agency unreasonably evaluated its quotation in a different manner than another quotation that was substantively indistinguishable or nearly identical. See Battelle Mem’l Inst., B-418047.5, B‑418047.6, Nov. 18, 2020, 2020 CPD ¶ 369 at 6.

We first address CGI’s allegations concerning the disparate assignment of weaknesses under the technical functionality subfactor. As one representative example of CGI’s challenges, and in keeping with the above weakness assigned to CGI’s quotation concerning the creation of document numbers (see AR, Tab 10, SEP Consensus Report at 7), the protester contends Unison’s AMS solution contains essentially the same features but did not receive a weakness. Supp. Comments and 3rd Supp. Protest at 25; 2nd Supp. Comments at 16 (explaining “both Unison’s and CGI Federal’s system require data to be input into the system before a number can be generated.”). However, as the agency explains, the differences in the evaluation are the result of differences in the underlying technical features of the quotations. That is, while CGI’s solution requires that “a user must [DELETED] before the document number is generated by the system[,]” Unison’s technical solution “solely requires the user to select [DELETED].” 2nd Supp. MOL at 12.

The agency further explains that, “[DELETED], which avoids multiple opportunities for user error.” Id. Given the differences in the way each vendor’s AMS solution assigned document numbers, we find no basis to conclude the agency evaluated the quotations unequally. See DigiFlight Inc., B-419590, B‑419590.2, May 24, 2021, 2021 CPD ¶ 206 at 5 (agencies properly may assign dissimilar quotations different evaluation ratings).

CGI also alleges disparate treatment with respect to the agency’s assignment of strengths under the technical functionality subfactor. For example, CGI challenges NRC’s assignment of a strength to Unison’s quotation for its use of “[DELETED] that can be easily created by each user[,]” which “allows users to have the ability to create a customized homepage to organize individual workload assignments and tasks.” AR, Tab 10, SEP Consensus Report at 18. CGI contends it too showed during its technical demonstration “how the homepage could be customized to meet different role needs, and to ensure that individuals are seeing the information most relevant to their work.” Comments and 2nd Supp. Protest at 22; see also CGI AMS Demonstration, pt. 1 at 1:07:38, 2:38:26, 22:30. CGI asserts its customizable homepage “provides a substantively indistinguishable benefit from the basis for Unison’s strength, and CGI should have been assessed a similar strength.” Id.

However, the record reflects that the differences in the vendors’ evaluations reasonably stem from differences in the quotations. Indeed, while both vendors may have presented an ability to produce a customizable homepage, the agency found particular merit in Unison’s [DELETED], a feature not mentioned or otherwise demonstrated by CGI. Given the evaluation criteria identified in the solicitation (which included “subjectively evaluat[ing] the ease of use of [a vendor’s] solution[]”), and the differences in the technical solutions presented by each vendor, we have no basis to conclude that the agency’s evaluation reflected unequal treatment. DigiFlight Inc., supra at 5-6; see also Protection Strategies, Inc., B-416635, Nov. 1, 2018, 2019 CPD ¶ 33 at 8 n.4 (an agency’s judgment that the features identified in the proposal did not significantly exceed the requirements of the solicitation--and thus did not warrant the assessment of unique strengths--is a matter within the agency’s discretion and one that we will not disturb where the protester has failed to demonstrate that the evaluation was unreasonable.).

We next turn to the agency’s evaluation under the technical approach factor. The solicitation provided that NRC would “evaluate the efficacy of the Quoter’s approach to deliver the requirements outlined in the [SOO][.]” RFQ at 80. The agency assigned Unison’s quotation a rating of “outstanding”, having found 26 strengths and only one weakness. AR, Tab 10, SEP Consensus Report at 20-23. CGI’s quotation received a rating of “marginal”, where the agency assigned 18 strengths, 2 weaknesses, and 5 significant weaknesses. Id. at 9-12. The significant weaknesses assigned to CGI’s quotation under the technical approach factor were key discriminators in NRC’s award decision. See AR, Tab 11, SSD at 7 (“While the CGI quotation also provides some benefits in the noncost/price factors, there were significant weaknesses that result in significant risk in CGl’s technical approach.”).

While CGI challenges each of its assigned significant weaknesses under the technical approach factor, we address one representative example, here. The SEP assigned CGI’s quotation a significant weakness concerning its approach to managing subscription licenses. AR, Tab 10, SEP Consensus Report at 11. The agency noted that while the RFQ provided there are approximately 600 current STAQS users (see RFQ at 83), CGI’s “proposed User Level subscription allows a maximum amount of 600 users.” AR, Tab 10, SEP Consensus Report at 11. The NRC explained CGI’s approach, coupled with the quotation’s proviso that “CGI will work with NRC to identify AMS users that overlap with existing FAIMIS users and provide NRC the advantageous licensing pricing for those users” (AR, Tab 6, CGI’s Quotation at 79), “creates a burden for the Government because it would require the need to continuously monitor the number of users in the system to ensure it does not exceed 600.” AR, Tab 10, SEP Consensus Report at 11. Moreover, the SEP explained:

Also, in the event that additional licenses are needed, CGI states they “shall authorize an increase in the user count to accommodate an increase within two business days” [AR, Tab 6, CGI’s Quotation at 131]. However, the NRC would need to obtain funding and negotiate the modification to the contract, so the actual time to add additional users would likely exceed two (2) days and the NRC would run the risk that users that require access to the system do not have access.

AR, Tab 10, SEP Consensus Report at 11.

CGI disagrees with the agency’s assessment, arguing the RFQ “was clear that the Agency required 600 user licenses.” Supp. Comments and 3rd Supp. Protest at 32. As such, the protester’s proposed solution, which included a commitment to “provide enough user licenses to cover the entire NRC AMS user community” should not have warranted the assignment of a significant weakness. Comments and 2nd Supp. Protest at 27 (emphasis removed).

The underlying record supports the reasonableness of the agency’s evaluation judgments. First, as the agency notes, the RFQ did not provide for 600 users, as CGI suggests, but instead, the RFQ stated there are “approximately” 600 users. RFQ at 83. If the actual number of users exceeds 600, as the agency suggests is possible, CGI’s proposed 500-600 licenses will not meet the agency’s needs. Supp. MOL at 27. Second, the protester did not propose pricing for licenses above 600 users. Therefore, the agency reasonably recognized a risk of programmatic delay and users going without access, as the NRC would have to negotiate a modification to the contract for the unpriced increase and obtain funding. Id.; Intervenor’s Supp. Comments at 9-10. We find the agency’s conclusions reasonable, and CGI’s disagreement, without more, provides us no basis to sustain the protest.[16] Electrosoft Servs., Inc., supra at 4‑5.

CGI also alleges the agency erred in its evaluation of Unison’s quotation under the technical approach factor. For example, the protester contends the NRC should have assigned Unison’s quotation a deficiency (rather than a weakness) based on the awardee’s reservation to make unilateral changes to PRISM. Comments and 2nd Supp. Protest at 30; Supp. Comments and 3rd Supp. Protest at 36-37. The SEP, in reference to system functionality, took issue with Unison’s assertion in its quotation that while it “will make every effort not to disrupt customer business processes, we reserve the right to make changes without client consent.” AR, Tab 7, Unison’s Quotation at 49. The agency assigned a weakness, providing that “[a]t a minimum the [contracting officer’s representative (COR)] should be notified in cases such as this[,], and that [e]ven if it is an after-hour call, the client should be notified.” AR, Tab 10, SEP Consensus Report at 23.

While the protester contends Unison’s “clear and blatant violation of the SOO requirements” (Supp. Comments and 3rd Supp. Protest at 37) should have resulted in a deficiency and an overall rating of “unacceptable” under this factor, the agency argues its assignment of a weakness was reasonable. See Supp. MOL at 32-36. In this regard, the agency argues that the protester misconstrues the SOO, by conflating the preapproval requirements for changes based on enhanced versus existing functionality. Specifically, the SOO directs:

System Functionality: All system functionality and capabilities included on the start date of the contract (e.g. closeout application) must remain functional and operational throughout the lifecycle of the contract.

The Contractor shall ensure that all system functionality and capabilities are operational, and unaffected by future system enhancements, system changes or other system activities that may affect operation/use.

In any case of a new enhancement superseding or improving upon an existing function/capability, written approval from the COR must occur prior to change/removal of any system feature.

RFQ at 99.

The agency contends the protester overstates the import of the required COR approval requirement as applying to any change, as opposed specifically to a “new enhancement superseding or improving upon an existing function/capability.” Id. In this regard, the agency argues the awardee’s quotation unequivocally demonstrates compliance with the required preapproval for such changes. See, e.g., Supp. MOL at 33-34 (quoting sections of Unison’s quotation demonstrating the NRC’s involvement and approval of system enhancements and changes).

In contrast, the agency notes that the evaluated concern pertained to other types of changes that the solicitation did not mandate prior COR approval for. In this regard, Unison’s quotation stated that:

As Unison develops new capabilities and introduces new technologies, some PRISM capabilities may be deprecated due to regulatory, business, or technological changes. While Unison will make every effort not to disrupt customer business processes, we reserve the right to make changes without client consent. However, Unison desires to engage with each of our customers and will make every reasonable effort to collect end user feedback as part of the requirements gathering process.

AR, Tab 7, Unison’s Quotation at 49.

The agency asserts there is a clear dichotomy between new enhancements and changes--which the SOO required prior NRC approval for, and Unison clearly agreed to comply with--and changes arising from deprecation of existing capabilities impacted by new enhancements and changes. Indeed, the evaluators concluded that Unison’s approach warranted a weakness because while these changes would not necessarily require preapproval, the evaluators nevertheless believed that the agency should be notified about such changes. AR, Tab 10, SEP Report, at 23.

On this record, we find no basis to question the agency’s evaluation findings. In this regard, where the language of the SOO appears to limit prior COR approval to new enhancements or changes, and the contested quotation language at issue appears to be limited to a different class of changes, we find no basis on which to sustain the protest.[17]

The protest is denied.

Edda Emmanuelli Perez
General Counsel

 

---