B&M Consulting Group, Inc. (2031JW22Q00022)
Case: B-420450.2
Agency: Department of the Treasury : Office of the Comptroller of the Currency
Protester: B&M Consulting Group, Inc.
Date: 2022-06-29
Denied
B-420450.2
Jun 29, 2022
Jump To
VIEW DECISION
DOWNLOADS
RELATED PAGES
GAO CONTACTS
Highlights
B&M Consulting Group, Inc., a small business of Rockville, Maryland, protests the issuance of a task order to Iron Vine Security, LLC, a small business of Washington, D.C., under request for quotations (RFQ) No. 2031JW22Q00022, issued by the Department of Treasury, Office of the Comptroller of the Currency (OCC), for cybersecurity support services. B&M, the incumbent contractor, contends that the agency unreasonably evaluated its quotation as technically unacceptable and conducted a flawed best-value tradeoff analysis.
We deny the protest.
View Decision
DOCUMENT FOR PUBLIC RELEASE
The decision issued on the date below was subject to a GAO Protective Order. This redacted version has been approved for public release.
Decision
Matter of: B&M Consulting Group, Inc.
File: B-420450.2
Date: June 29, 2022
William T. Welch, Esq., and J. Patrick McMahon, Esq., McMahon, Welch and Learned, PLLC, for the protester.
Terry L. Elling, Esq., Sean Belanger, Esq., and Danielle Rich, Esq., Holland & Knight LLP, for Iron Vine, LLC, the intervenor.
Eric C. Crane, Esq., Department of Treasury, for the agency.
Christine Milne, Esq., and Tania Calhoun, Esq., Office of the General Counsel, GAO, participated in the preparation of the decision.
DIGEST
Protest that the agency unreasonably evaluated the protester’s quotation as technically unacceptable is denied where the record shows the evaluation was reasonable in light of the protester’s failure to submit an adequately written quotation.
DECISION
B&M Consulting Group, Inc., a small business of Rockville, Maryland, protests the issuance of a task order to Iron Vine Security, LLC, a small business of Washington, D.C., under request for quotations (RFQ) No. 2031JW22Q00022, issued by the Department of Treasury, Office of the Comptroller of the Currency (OCC), for cybersecurity support services. B&M, the incumbent contractor, contends that the agency unreasonably evaluated its quotation as technically unacceptable and conducted a flawed best-value tradeoff analysis.
We deny the protest.
BACKGROUND
The RFQ was issued on October 6, 2021, pursuant to Federal Acquisition Regulation (FAR) part 12 and subpart 8.4, to vendors holding General Services Administration multiple award schedule Information Technology-IT Services, Special Item Number (SIN) 5451HACS, Highly Adaptive Cybersecurity Services contracts, to obtain comprehensive cybersecurity support services. Agency Report (AR), Exh. B, RFQ, amend. 1 at 51.[1] The services were to assist with the agency’s Cybersecurity Assurance & Compliance program, which provides agency-level oversight to ensure compliance with the Risk Management Framework (RMF), audit liaison, and execution of assessment and authorization steps of the RMF. Id. at 5. The contractor was to provide a wide range of technical, administrative, and managerial support to the program to ensure the effectiveness of OCC’s cybersecurity protocols and compliance with various privacy laws. Id. The RFQ contemplated the issuance of a fixed-price task order to be performed over a 1-year base period, four 1-year option periods, and one 6-month option period. Id. at 2-4, 55.
Award was to be made to the quotation offering the best value to the government as determined by a tradeoff considering the following factors, listed in descending order of importance: technical/management approach; key personnel resumes; past performance; and price. Id. at 55. As relevant here, under the key personnel resumes factor, the resumes would be evaluated to determine if the individuals met or exceeded the minimum qualifications set forth in the RFQ’s statement of work. Id. As relevant here, and among other things, the tier 2 Enterprise Governance, Risk, and Compliance System (eGRC) specialist was required to have at least 2 years of experience with ITILv3 service management processes in the last 3 years, id. at 23, and the project manager was required to have at least 8 years of experience in program and project management supporting information security or cybersecurity projects for the federal government. Id. at 22.
The agency received eight quotations by the submission due date, including those from B&M and Iron Vine. AR, Exh. H, Award Determination at 2. The agency made award to Iron Vine on December 28 and notified B&M on January 6, 2022. Id. B&M filed a protest with our Office the same day. The agency subsequently advised our Office of its intent to take corrective action, which included reevaluating quotations, and as a result, we dismissed the protest as academic on February 10. B&M Consulting Group, Inc., B‑420450.1, Feb. 10, 2022 (unpublished decision).
Full decision text continues on ProtestIntel...