TITLE: B-297112, Carahsoft Technology Corporation, November 21, 2005
BNUMBER: B-297112
DATE: November 21, 2005
*************************************************************
B-297112, Carahsoft Technology Corporation, November 21, 2005

   Decision

   Matter of: Carahsoft Technology Corporation

   File: B-297112

   Date: November 21, 2005

   Frederick W. Claybrook, Jr., Esq., and Edward R. Murray, Esq., Crowell &
   Moring LLP, for the protester.

   Barry C. Hansen, Esq., Kristen E. Bucher, Esq., and John Caterini, Esq.,
   Department of Justice, and Sherry Kinland Kaswell, Esq., Department of the
   Interior, for the agencies.

   Kenneth L. Kilgour, Esq., and Christine S. Melody, Esq., Office of the
   General Counsel, GAO, participated in the preparation of the decision.

   DIGEST

   Solicitation for software to computerize employee appraisal process that
   calls for the same software to be used both agency-wide and for one agency
   component that requires its own separate, internally-hosted software
   system is not unduly restrictive of competition where the record shows
   that the requirement furthers agency's need for efficiency and risk
   avoidance in its modernization efforts.

   DECISION

   Carahsoft Technology Corporation protests the terms of request for
   quotations (RFQ) No. 1435-04-05-RQ-44166, issued by the Department of the
   Interior--GovWorks for a web-based executive pay and performance appraisal
   system (EPPAS) for the Department of Justice (DOJ), Justice Management
   Division (JMD). [1] Carahsoft argues that the requirement that the
   software system be capable of being installed on the agency's internal
   computer networks is unduly restrictive of competition.

   We deny the protest.

   DOJ is a large agency, with approximately 37 components[2] and 727 Senior
   Executive Service (SES)-level positions, 250 of which are in the FBI.
   Currently, all SES performance work plans, performance appraisals,
   mid-year and annual evaluations, and bonus and award documents are
   prepared manually. According to DOJ, the performance work plans may be
   modified throughout the year in response to occasional changes in policies
   or priorities. The process is paper-intensive, time-consuming, and
   susceptible to database entry errors and other inefficiencies. The RFQ at
   issue here reflects DOJ's decision to convert from the current manual
   process to a computer-based process.

   The RFQ seeks a commercial off-the-shelf or government off-the-shelf
   web-based EPPAS product suitable for the performance appraisal
   modernization effort. The RFQ calls for one copy of the EPPAS software, to
   be installed for use by all DOJ components except the FBI. The agency
   explains that the FBI's EPPAS system will contain classified information,
   and FBI protocol therefore requires its system to be housed internally on
   the FBI Intranet, which does not communicate electronically with the
   department-wide system. Accordingly, the agency states that it intends to
   amend the RFQ to add an option to purchase a second copy for use by the
   FBI. Agency Report (AR), Tab 6, Director of Personnel Staff Affidavit at
   6, para. 18.

   Because the FBI's system must be housed internally, and because the agency
   wants two identical EPPAS systems, the RFQ required that the contractor
   quote an EPPAS product capable of being installed on DOJ's internal
   network. AR, Tab 3, RFQ Statement of Work at 2. In addition, the RFQ
   required that the product be fully compatible with DOJ's existing hardware
   and software infrastructure, and designed, developed, documented, tested,
   and implemented in accordance with DOJ's programming and security
   standards. Id. at 6. The EPPAS must also interface with the National
   Finance Center, which processes DOJ's payroll, so that salary increases
   and bonuses flow automatically to the payroll system. Id. at 5. Prior to
   final acceptance, the system must have been fully certified and accredited
   by an independent source with no technical findings of deficiencies; the
   certification and accreditation process was to be separately funded. Id.
   at 6.

   The agency explains that once both the FBI and the rest of DOJ have EPPAS
   products in place, there are two times in the annual operation of the two
   systems that they will need to share information with each other. After
   review at the component levels within DOJ, and in preparation for the
   review agency-wide, pertinent data in the FBI's system, absent any
   classified information, will be transferred via disk from that system to
   the department-wide system. DOJ then will be able to generate agency-wide
   reports describing SES performance and monitor compliance with various
   personnel policies and regulations. Final decisions will be made on SES
   ratings and salary, and that individual performance information, as well
   as other compiled data that has not been passed back using the current
   paper process, will be sent from the agency-wide system to the FBI's
   system, again through the process of disk transfer. These transfers of
   information between systems will be performed by downloading information
   to a disk and uploading the information to the other system, regardless of
   whether the software systems are identical.

   The agency maintains that the risk inherent in those transfers of data is
   much greater when the two software systems are not identical, unless the
   burden on the agency is substantially increased in order to reduce that
   risk to a minimal level. The protester argues that the risk is already
   minimal, and that any increase in the burden on the agency will be borne
   by the contractor under the terms of the contract. Thus, Carahsoft asserts
   that the solicitation is unduly restrictive of competition to the extent
   that it requires--based on the FBI's need for internal hosting and the
   agency's decision to use the same software for the FBI and
   agency-wide--that the software to be used by all DOJ components be the
   same, internally-hosted software.[3]

   An agency has the discretion to determine its needs and the best way to
   meet them. USA Fabrics, Inc., B-295737, Apr. 19, 2005, 2005 CPD para. 82
   at 4. When a protester challenges a specification as unduly restrictive,
   the procuring agency has the responsibility to establish that the
   specification is reasonably necessary to meet its needs. 41 U.S.C.
   sections 253a(a)(1)(A), (2)(B) (2000). The adequacy of the agency's
   justification is ascertained through examining whether the agency's
   explanation is reasonable, that is, whether the explanation can withstand
   logical scrutiny. A protester's mere disagreement with the agency's
   judgment concerning the agency's needs and how to accommodate them does
   not show that the agency's judgment is unreasonable. USA Fabrics, Inc.,
   supra, at 4-5.

   In this case, DOJ states that it seeks to maximize efficiency in the
   performance appraisal process for its SES members. The agency argues that
   both the greater risk involved in the transfer of data between unlike
   systems, and the duplicate effort and expense that would be incurred with
   two systems, create a high level of inefficiency that can be avoided by
   procuring identical software for both systems. DOJ asserts that any
   complications arising from that transfer would have the potential to
   interrupt the smooth functioning of the system, with possibly adverse
   consequences for the agency in its personnel functions; in addition, the
   use of different software systems, and the threat of complications, place
   additional demands on the technical support staff. The protester asserts
   that the risk inherent in the transfer of data is minimal, regardless of
   the degree of similarity of the two systems, and that any burden created
   by using different systems will be borne by the contractor rather than
   DOJ. As explained below, we conclude that the record here supports the
   agency's decision to require an internally-hosted system based on its
   underlying decision to use the same software system for the FBI and the
   rest of DOJ.

   The parties agree that the basic process for the transfer of data is as
   follows. The data in one system would be unrecognizable by a different
   system unless the data is coded in such a way that the other system,
   properly programmed, could understand the code. Thus, programmers, using
   one of a variety of methods, would code the data collected for the
   performance appraisals with fields such as "Employee_Name" and
   "Grade_Level." Care would have to be taken that the labels in the systems
   corresponded, and that the amount of data that could be stored in each
   field was the same, so that all of the data from a field in one system
   would end up in the corresponding field in the other system. Again, care
   would have to be taken that these fields properly mirrored one another,
   regardless of whether the systems were identical. The parties agree that
   the process would have to be performed for transfers of data between any
   two systems, whether they use the same software or not. If the systems are
   not identical, however, there is a second step involved in the data
   exchange; while being transferred from one system to the other, the data
   must also be translated. While the difference in the level of risk in
   either case--i.e., transferring and translating data between different
   systems, or transferring data between systems using the same software--is
   difficult to quantify, the agency has asserted that the risk is materially
   greater when using different software systems, a position that on its face
   appears reasonable. While the protester disagrees with the agency's
   assessment, it simply has not demonstrated that the agency's position is
   incorrect or otherwise unreasonable. Thus, we see no basis to question the
   agency's conclusion that acquiring different software systems would
   require the agency to assume materially greater risk of error in
   performing data transfer and translation between the FBI and DOJ systems.

   We recognize that the agency concedes that the data transfer and
   translation risk conceivably can be made minimal though the agency's
   assumption of administrative burdens and attendant risks associated with
   management and oversight of multiple contracts. The agency argues,
   however, that the additional effort required to minimize the risk involved
   in the data transfer/translation process would place a substantial burden
   on the agency that unreasonably reduces its efficiency. Specifically,
   without the ability to require that the systems be the same, the agency
   would assume additional contract management burdens, because the agency
   would potentially be interacting with two different contractors, rather
   than one. This would be true even if, as the protester asserts, much of
   the work of the actual maintenance of the system is done by the
   contractors, since some amount of agency supervision of the additional
   contractors would be required. Also, certain critical management auditing
   functions, which by their nature must be performed by the agency, would be
   duplicated if unlike systems were implemented. Likewise, periodic
   reprogramming of the system, made necessary by policy or regulatory
   changes, would have to be done on the two systems separately. As with the
   initial effort to set up the proper fields for the transfer of data, the
   agency maintains that this reprogramming work could be performed more
   efficiently if the systems were identical, and that this work could be
   done once and then transferred to the other system.

   The agency also asserts that the inability to procure the same software
   system for use in the FBI as well as elsewhere in DOJ would seriously
   impede the agency's long-range plans to extricate itself from the systems
   integration business through streamlining the number of different
   applications that it runs for particular agency functions. The agency
   argues that, regardless of who does the work of creating and maintaining
   dissimilar systems, the agency will always be called upon to arbitrate
   disputes and to serve as the go-between for the contractors. Nor is it
   clear where liability resulting from problems with the interface between
   the two systems would lie, if neither contractor accepted liability for
   such problems and their consequences.

   We do not think that Carahsoft has shown that the agency's determination
   to procure the same, internally-hosted EPPAS software system was
   unreasonable. The protester's position is essentially that the agency can
   contract for the services necessary to create and maintain more than one
   system, and that therefore the agency itself will not be burdened. The
   protester ignores the duplication of effort to the agency of having two
   different software systems serviced by two contractors and the reality
   that the agency, in its oversight capacity, would expend more time
   monitoring and evaluating the work of two contractors rather than one. In
   this regard, an agency may place restrictions in a solicitation when its
   aim is to establish a single contractor's responsibility for a technical
   system so that the government is relieved of the need to analyze the
   source of technical problems and to avoid "finger pointing" between
   contractors, Tucson Mobilephone, Inc., B-256802, July 27, 1994, 94-2 CPD
   para. 45 at 3, or to ensure the technical integrity and performance of a
   computer system. MASSTOR Sys. Corp., B-211240, Dec. 27, 1983, 84-1 CPD
   para. 23 at 3; see also Pacific Northwest Bell Tel. Co., Mountain States
   Tel. Co., B-227850, Oct. 21, 1987, 87-2 CPD para. 379 at 5 (describing
   protests that were denied where multiple acquisitions would involve
   unacceptable technical risks or defeat a requirement for
   interchangeability or compatibility within a computer system, or where a
   single contractor was required to ensure the effective coordination of
   interrelated tasks).

   The protester also asserts that the government generally is moving in the
   direction of external hosting of software, in order to divest itself
   entirely of its systems management responsibilities, and that from a total
   business management perspective it makes sense for the agency to remove
   the solicitation requirement that the EPPAS be capable of being internally
   hosted. Whatever the merits of that argument, in this particular case, DOJ
   is constrained by the requirement that the FBI's EPPAS be housed
   internally. We believe that the agency had a reasonable basis, given that
   constraint and its need for efficiency, to conclude that there are certain
   advantages associated with the purchase of identical software systems in
   furtherance of the agency's performance appraisal modernization efforts.

   The protest is denied.

   Anthony H. Gamboa
   General Counsel

   ------------------------

   [1] GovWorks is a franchise fund established in the Department of Interior
   to provide administrative procurement services to federal agencies. DOJ
   entered into an agreement with GovWorks for procurement support in
   connection with this acquisition.

   [2] Components include multiple offices, boards, and divisions, and
   bureaus such as the Federal Bureau of Investigation (FBI), Federal Bureau
   of Prisons, Drug Enforcement Administration, U.S. Marshals Service, Office
   of Justice Programs, and the Bureau of Alcohol, Tobacco, Firearms and
   Explosives.

   [3] Because, as explained below, we deny Carahsoft's protest that the
   solicitation improperly limited competition by requiring a software
   package that can be internally hosted, we need not reach Carahsoft's other
   bases of protest--i.e., that the agency's decision to procure the
   certification and accreditation for the new software system separate from
   the system itself is unreasonable, and that the agency's decision not to
   allow fixed-price quotations is unreasonable. Carahsoft concedes that it
   does not offer a software package that can be internally hosted.
   Accordingly, Carahsoft is not an interested party under our Bid Protest
   Regulations to challenge either the agency's decision to procure the
   certification and approval separately or to prohibit fixed-price
   quotations. See 4 C.F.R. sect. 21.0(a) (2005).