DA01--36C10B26Q0170 | RECOMPETE-eDiscovery: Software as a Service and Maintenance | VA-26-00011700 | AUG

Statement of Work (SOW) / Performance Work Statement (PWS)

This Performance Work Statement (PWS) outlines the requirements for an enterprise Software as a Service (SaaS) eDiscovery solution for the Department of Veterans Affairs (VA), Office of Information & Technology (OIT), Produce Delivery Service (PDS). The goal is to provide a robust eDiscovery system to support the VA Office of General Counsel (OGC) and Office of Accountability and Whistleblower Protection (OAWP) in preserving, collecting, processing, reviewing, analyzing, and producing Electronically Stored Information (ESI) in compliance with legal obligations and to meet time-sensitive requests.

The contractor shall provide a Commercial-Off-The-Shelf (COTS) eDiscovery SaaS product that meets Federal eDiscovery Law and VA requirements. Key functions include:

• FedRAMP MODERATE authorization and FISMA Moderate compliance.

• System implementation, including installation, data migration, testing, and deployment.

• Training support for VA staff.

• 24/7 on-call technical support and product service.

• Installation of software upgrades, patches, and releases.

• FedRAMP Authorization: The solution must be FedRAMP Authorized at a Moderate impact level and meet FISMA Moderate requirements. Assistance with the VA Authority to Operate (ATO) process is required.

• System Capabilities: The eDiscovery platform must support approximately 100 concurrent users (or 1,000 named users), handle 450 new cases per year with an average case size of 350 GB, and support an initial upload of approximately 300TB of existing data. It must be capable of processing, reviewing, and producing ESI in a timely, repeatable, and defensible manner.

• Security & Compliance: Adherence to numerous federal laws, directives, and NIST standards related to information security, privacy, identity management, and network connectivity (e.g., FedRAMP, FISMA, HIPAA, Zero Trust, TIC).

• Deliverables: Include a Contractor Project Management Plan (CPMP), Privacy & HIPAA training certificates, Technical Kickoff Meeting Agenda and Minutes, System Design Document (SDD), Change and Configuration Management Plan, Service Level Agreement (SLA), Monthly Status Reports, training plans, and security assessment documentation.

• Period of Performance (PoP): A 12-month base period plus four (4) 12-month option periods.

• Optional Tasks: Include Transition Support, Additional Storage, and Additional Concurrent Users.

• Place of Performance: Primarily at Contractor facilities. Remote work may be permitted with prior approval. Onsite presence is required during normal business hours.

• Security: Strict adherence to VA and Federal security protocols, including FedRAMP authorization, continuous monitoring, and personnel security requirements (background investigations).

• Data Handling: Compliance with data protection, encryption, and media sanitization requirements.

• Accessibility: Compliance with Section 508 standards for all electronic ICT and content.

• Reporting: Monthly status reports detailing cost, processing/indexing success, analysis/review performance, uptime, security compliance, and web request/database metrics.

Request for Information (RFI)

This RFI is issued by the Department of Veterans Affairs (VA) for market research purposes to identify qualified vendors capable of providing an enterprise-scale eDiscovery Software-as-a-Service (SaaS) solution, including implementation, training, and support. The VA's Office of General Counsel (OGC) and Office of Accountability and Whistleblower Protection (OAWP) require an advanced system to manage large volumes of Electronically Stored Information (ESI) for litigation, investigations, FOIA responses, and Congressional oversight.

• FedRAMP Moderate-authorized SaaS platform supporting full eDiscovery workflows.

• Initial migration of approximately 300TB from the incumbent system.

• Capabilities include ingestion, indexing, processing, review, analytics (TAR/AI), PII/PHI identification/redaction, case management, and secure production.

• Security compliance: Role-based access, Entra ID integration, 2-factor authentication, VA security, FISMA, FedRAMP, and Zero Trust requirements.

• High-availability cloud architecture, TIC-compliant network connectivity, continuous monitoring, and monthly performance reporting.

• 24/7 support services.

• Compliance with Executive Order 14028 and NIST guidance for Secure Software Development (M-22-18).

• Compliance with Section 508 accessibility standards.

• Technical capability to meet requirements.

• Relevant past performance.

• SaaS licensing model and pricing structure.

• Migration approach, timelines, and tools.

• Security compliance posture (FedRAMP Moderate, ATO history).

• Recommendations for refining VA's requirements.

• Suggestions for cost reduction (approx. 20%).

• Rough Order of Magnitude (ROM).

• Submit a capability statement (max 15 pages) and responses to specific questions.

• Response Deadline: March 25, 2026, 5:00 PM Eastern Time.

• Submission Email: William.Waterhouse@va.gov

• This is an RFI only; it is not a solicitation or request for proposal/quote.

• The government is not seeking proposals at this time and will not accept unsolicited ones.

• Responses are voluntary and will become government property.

• The government will not reimburse for any costs associated with responses.

• The VA may invite select responders for follow-up briefings.

• Vendors are responsible for monitoring SAM.gov for future updates or solicitations.