Appian Corporation (5000017835)

Case: B-417837 Agency: Department of the Treasury : Internal Revenue Service Protester: Appian Corporation Date: 2020-03-09 Sustained
View full decision with AI analysis on ProtestIntel →
B-417837.2 Mar 09, 2020 Jump To FULL REPORT VIEW DECISION RELATED PAGES GAO CONTACTS Highlights Appian Corporation, of McLean, Virginia, protests the terms of request for quotations (RFQ) No. FY18-ECM 5000017835, issued by the Department of the Treasury, Internal Revenue Service (IRS), for a multifaceted Enterprise Case Management (ECM) solution. Appian contends that the IRS's decision to relax the RFQ's cybersecurity requirements is unjustified and unreasonable, and its decision to convert database software license costs to government furnished equipment (GFE) was improper. We dismiss the protest. View Decision DOCUMENT FOR PUBLIC RELEASE The decision issued on the date below was subject to a GAO Protective Order. This redacted version has been approved for public release. Decision Matter of:  Appian Corporation File:  B-417837.2 Date:  March 9, 2020 Daniel R. Forman, Esq., and James G. Peyster, Esq., Crowell & Moring LLP, for the protester. J. Hunter Bennett, Esq., Jason A. Carey, Esq., and Andrew R. Guy, Esq., Covington & Burling, LLP, for immixTechnology, Inc., the intervenor. Richard L. Hatfield, Esq., Holly H. Styles, Esq., and Gregory J. Matherne, Esq., Department of the Treasury, for the agency. Raymond Richards, Esq., Mary G. Curcio, Esq., and Laura Eyester, Esq., Office of the General Counsel, GAO, participated in the preparation of the decision. DIGEST Protest that agency improperly relaxed certain cybersecurity requirements in revising a solicitation is dismissed.  GAO will not entertain a protest that the agency should utilize more restrictive specifications. DECISION Appian Corporation, of McLean, Virginia, protests the terms of request for quotations (RFQ) No. FY18-ECM 5000017835, issued by the Department of the Treasury, Internal Revenue Service (IRS), for a multifaceted Enterprise Case Management (ECM) solution.  Appian contends that the IRS’s decision to relax the RFQ’s cybersecurity requirements is unjustified and unreasonable, and its decision to convert database software license costs to government furnished equipment (GFE) was improper. We dismiss the protest. BACKGROUND The IRS issued the RFQ on May 24, 2018, to vendors holding a contract under General Services Administration Federal Supply Schedule 70, pursuant to the procedures of Federal Acquisition Regulation subpart 8.4.  Agency Report (AR), Tab D.1, RFQ, at 1.  The estimated value of the procurement is between $40 million and $125 million.  Id. at 4. The RFQ sought quotations to provide a multifaceted ECM solution to replace existing case management legacy systems.  Id. at 1, 6.  The solution was to consist of commercially available off-the-shelf software and services, capable of operating fully in a cloud environment and fully on-premise.  Id. at 7.  The RFQ noted that, while the IRS intended to use an IRS or Treasury cloud option for hosting the solution, it would be interested in Federal Risk and Authorization Management Program (FedRAMP) certified cloud hosting options. Id.  The RFQ provided for a two‑phase award and evaluation process.  Id. at 99.  The evaluation criteria for the first phase included the following factors:  (1) strategy and approach; (2) technical capabilities of the products; (3) similar experience; (4) past performance; (5) management capabilities; and (6) price.  Id. at 101.  The agency evaluated several mandatory minimum requirements (MMRs) under the technical capabilities of the products factor on a pass/fail basis.  Id. at 100, 103.  As relevant here, MMR-4 required that the solution adhere to the various regulatory, legal, statutory, and security-related policies and guidance “at the time of quote submission.”  RFQ at 8.  This includes “Federal Cloud Strategy and Standards, including the [FedRAMP] for cloud components” and “Federal Information Security Management Act (FISMA).”  Id.  During phase I, the agency was asked whether all software components were required to have FedRAMP authorization and FISMA certification at the time quotations were submitted.  AR, Tab D.14, Question and Answers (Q&A), at Q.92, Q.93.  The agency responded yes to both questions.  Id.  Eight vendors responded to the solicitation.  Contracting Officer’s Statement (COS) at 1.  Two of the vendors, immixTechnology and Appian, were rated excellent under each non-price factor.  Id. at 6.  Appian offered to perform for $47,127,800, and immixTechnology for $79,749,010.  Id.

Full decision text continues on ProtestIntel...