HHS awards $78.8M for IT support, continuing a logical follow-on to existing services

Contract Overview

Contract Amount: $78,820,588 ($78.8M)

Contractor: Iron Vine Security LLC

Awarding Agency: Department of Health and Human Services

Start Date: 2021-08-29

End Date: 2024-03-31

Contract Duration: 945 days

Daily Burn Rate: $83.4K/day

Competition Type: FULL AND OPEN COMPETITION

Number of Offers Received: 1

Pricing Type: FIRM FIXED PRICE

Sector: IT

Official Description: LOGICAL FOLLOW-ON FOR THE INFORMATION SECURITY SUPPORT SERVICES (ISPSS) CONTRACT.

Place of Performance

Location: WASHINGTON, DISTRICT OF COLUMBIA County, DISTRICT OF COLUMBIA, 20005

State: District of Columbia Government Spending

Plain-Language Summary

Department of Health and Human Services obligated $78.8 million to IRON VINE SECURITY LLC for work described as: LOGICAL FOLLOW-ON FOR THE INFORMATION SECURITY SUPPORT SERVICES (ISPSS) CONTRACT. Key points: 1. Contract value represents a significant investment in ongoing IT support. 2. The award was made under full and open competition, suggesting a competitive bidding process. 3. The firm-fixed-price contract type aims to control costs by establishing a set price. 4. This contract is a delivery order, indicating it's part of a larger indefinite-delivery/indefinite-quantity (IDIQ) vehicle. 5. The duration of 945 days (approximately 2.6 years) provides a stable period for service delivery. 6. The contractor, Iron Vine Security LLC, is continuing established information security support services.

Value Assessment

Rating: good

The contract value of $78.8 million over approximately 2.6 years suggests a substantial investment in IT security support. Benchmarking this against similar contracts for comprehensive information security services would be necessary for a precise value-for-money assessment. However, as a follow-on to existing services, there's an expectation of established efficiencies and potentially optimized pricing compared to a new, untested contract. The firm-fixed-price structure provides cost certainty for the government.

Cost Per Unit: N/A

Competition Analysis

Competition Level: full-and-open

The contract was awarded under full and open competition, indicating that all responsible sources were permitted to submit bids. This typically suggests a robust bidding environment with multiple interested parties. The specific number of bidders is not provided, but the 'full and open' designation implies a competitive process designed to foster price discovery and ensure the government receives competitive offers.

Taxpayer Impact: Full and open competition generally benefits taxpayers by driving down prices through market forces and encouraging a wider pool of contractors to vie for government work, potentially leading to better value.

Public Impact

The Centers for Medicare and Medicaid Services (CMS) benefits from continued information security support. Essential IT security services are delivered to protect sensitive health data and maintain system integrity. The primary geographic impact is within the District of Columbia, where CMS operations are centered. The contract supports a workforce skilled in information security and IT services.

Waste & Efficiency Indicators

Waste Risk Score: 50 / 10

Warning Flags

Potential for vendor lock-in if this is a critical, long-term follow-on without regular re-competition.
Reliance on a single contractor for essential security services could pose risks if performance degrades.
The specific details of the 'information security support services' are broad and require ongoing scrutiny to ensure effectiveness.

Positive Signals

Awarded under full and open competition, indicating a competitive process.
Firm-fixed-price contract type helps manage cost certainty.
Logical follow-on suggests continuity and potential for leveraging existing expertise and efficiencies.
Contract duration provides stability for service delivery and planning.

Sector Analysis

This contract falls within the broader IT services sector, specifically focusing on computer-related services and information security. The IT services market is vast and highly competitive, with significant government spending allocated to cybersecurity and infrastructure maintenance. Comparable spending benchmarks would involve analyzing other federal contracts for similar information security support services, particularly those awarded by large health agencies like HHS.

Small Business Impact

The provided data indicates that small business participation (ss and sb fields) was not a specific set-aside criterion for this particular award. While the contract itself was not set aside for small businesses, the prime contractor, Iron Vine Security LLC, may engage small businesses as subcontractors. Analysis of subcontracting plans would be necessary to determine the extent of small business involvement and its impact on the small business ecosystem.

Oversight & Accountability

Oversight for this contract would typically be managed by the contracting officer and the program office within CMS. As a delivery order under a larger IDIQ, the underlying IDIQ vehicle likely has its own oversight mechanisms. Transparency is generally facilitated through contract databases like FPDS. Inspector General jurisdiction would apply if any fraud, waste, or abuse is suspected.

Related Government Programs

Information Security Support Services (ISPSS) Contract
IT Support Services
Cybersecurity Contracts
Health IT Services
CMS IT Modernization Efforts

Risk Flags

Potential for vendor lock-in
Reliance on single source for critical security functions
Need for ongoing performance monitoring

Frequently Asked Questions

What is this federal contract paying for?

Department of Health and Human Services awarded $78.8 million to IRON VINE SECURITY LLC. LOGICAL FOLLOW-ON FOR THE INFORMATION SECURITY SUPPORT SERVICES (ISPSS) CONTRACT.

Who is the contractor on this award?

The obligated recipient is IRON VINE SECURITY LLC.

Which agency awarded this contract?

Awarding agency: Department of Health and Human Services (Centers for Medicare and Medicaid Services).

What is the total obligated amount?

The obligated amount is $78.8 million.

What is the period of performance?

Start: 2021-08-29. End: 2024-03-31.

What is the track record of Iron Vine Security LLC with federal contracts, particularly within HHS?

Iron Vine Security LLC has been awarded federal contracts, including this delivery order for information security support services. To fully assess their track record, a deeper dive into their contract history with HHS and other agencies is needed. This would involve examining past performance evaluations, any contract modifications, and their history of meeting delivery schedules and technical requirements. Understanding their experience with similar-sized and scoped projects, especially within the healthcare IT domain, is crucial for gauging their capability and reliability in fulfilling the current contract's objectives.

How does the pricing of this $78.8 million contract compare to similar IT security support contracts awarded by federal agencies?

Benchmarking the pricing of this $78.8 million contract requires comparing its per-unit costs (if applicable and calculable) or overall value against similar IT security support services contracts. Factors such as contract duration, scope of services (e.g., network security, data protection, vulnerability assessment), and the specific agency awarding the contract play a significant role. Without access to detailed pricing breakdowns and a comprehensive database of comparable contracts, a precise comparison is difficult. However, as a follow-on contract, it might reflect established rates, but vigilance is needed to ensure it remains competitive against current market conditions and other agency awards.

What are the primary risks associated with this contract, and what mitigation strategies are in place?

Key risks for this contract include potential over-reliance on a single vendor for critical security functions, the possibility of scope creep if requirements are not clearly defined, and performance degradation over the contract's term. Mitigation strategies likely involve robust contract management by CMS, including regular performance reviews, clear communication channels, and adherence to the firm-fixed-price structure to limit cost overruns. The fact that it's a follow-on contract suggests some level of established risk management from the previous iteration, but continuous monitoring is essential. The competitive award process also serves as a risk-reduction measure by selecting a vendor based on demonstrated capabilities.

How effective has the ISPSS contract been in the past, and what does this follow-on indicate about its ongoing effectiveness?

The designation of this award as a 'logical follow-on' to the Information Security Support Services (ISPSS) contract strongly implies that the preceding contract was deemed effective and necessary. This continuity suggests that the services provided were valuable and met CMS's evolving information security needs. The follow-on award indicates a continued reliance on the established framework and potentially the contractor's performance. To assess past effectiveness definitively, one would need to review performance metrics, user feedback, and any documented achievements or challenges from the prior ISPSS contract period.

What is the historical spending pattern for information security support services at CMS, and how does this award fit within that trend?

Historical spending on information security support services at CMS is likely substantial, given the agency's critical mission and the sensitive nature of the data it handles. This $78.8 million award represents a significant, but potentially consistent, investment in maintaining robust cybersecurity. To understand the trend, one would analyze CMS's IT and cybersecurity budgets over several fiscal years, looking at the total expenditure on similar services and the number and value of contracts awarded. This specific award fits within the broader pattern of federal agencies prioritizing cybersecurity, especially within large healthcare entities like CMS, to protect against increasing cyber threats.

Industry Classification

NAICS: Professional, Scientific, and Technical Services › Computer Systems Design and Related Services › Other Computer Related Services

Product/Service Code: IT AND TELECOM - INFORMATION TECHNOLOGY AND TELECOMMUNICATIONS › IT AND TELECOM - SECURITY AND COMPLIANCE

Competition & Pricing

Extent Competed: FULL AND OPEN COMPETITION

Solicitation Procedures: SUBJECT TO MULTIPLE AWARD FAIR OPPORTUNITY

Offers Received: 1

Pricing Type: FIRM FIXED PRICE (J)

Evaluated Preference: NONE

Contractor Details

Address: 1400 I STREET NW, SUITE 925, WASHINGTON, DC, 20005

Business Categories: Category Business, Corporate Entity Not Tax Exempt, Not Designated a Small Business, Special Designations, U.S.-Owned Business

Financial Breakdown

Contract Ceiling: $79,042,344

Exercised Options: $78,820,588

Current Obligation: $78,820,588

Actual Outlays: $78,820,588

Contract Characteristics

Commercial Item: COMMERCIAL PRODUCTS/SERVICES

Cost or Pricing Data: NO

Parent Contract

Parent Award PIID: 47QTCA19D00HF

IDV Type: FSS

Timeline