ORDER FOR SUPPLIES OR SERVICES PAGE OF PAGES

IMPORTANT: Mark all packages and papers with contract andlor order numbers. BPA NO. NRC- 33-10-303 1 . 19

1. DATE OF ORDER 01/24/2013 2. CONTRACT NO. (If any) 6. SHIP TO:GS35F0273L

3. ORDER NO. Ma. NAME OF CONSIGNEERMODIFICATION NO. 4.REQUISITION/REFERENCE NO. aU.S. Nuclear Regulatory Commission

NRC-TO11 b. STREET ADDRESS

5. ISSUING OFFICE (Address correspondence to) 11545 Rockville Pike

U.S. Nuclear Regulatory Commission Richard OusleyDivision of Contracts Mail Stop: T-5E77BATTN: Michael TurnerMail Stop: TWB-01-BlOM c. CITY d. STATE e. ZIP CODE

Washington, DC 20555 Washington DC 20555

7. TO: t. SHIP VIA

a.NAME OF CONTRACTOR DUNS: 143147762

INFORELIANCE CORPORATION 8. TYPE OF ORDER

b. COMPANY NAME F] a. PURCHASE L b. DELIVERY

REFERENCE YOUR Quote dated 12/1/1hvExcept for biling instructions on the reverse, thisPlease furnish the following on the terms and delivery order is subject to instructions

c. STREET ADDRESS conditions specified on both sides of this order contained on this side only of this form and is4050 LEGATO RD STE 700 and on the attached sheet, if any. including issued subject to the terms and conditions

delivery as indicated, of the above-numbered contract.

d. CITY e. STATE I. ZIP CODEFAIRFAX VA 220332897

9. ACCOUNTING AND APPROPRIATION DATA 10. REQUISITIONING OFFICE CIS

B&R#: 2013-10-51-J-144 JOB CODE#: D1407 BOC: 2570APPN#: 31X0200.013 FCN: 130219 DUNS# 143147762OBLIGATION AMOUNT: $825,000.00

11. BUSINESS CLASSIFICATION (Check appropriate box(es)) 12. F.O.B. POINT

a. SMALL F7 b. OTHER THAN SMALL F7 c. DISADVANTAGED d. WOMEN-OWNED a. HUBZone

I. SERVICE-DISABLED -' g. WOMEN-OWNED SMALL BUSINESS (WOSBE h. EDWOSBVETERAN-OWNED ELIGIBLE UNDER THE WOSB PROGRAM

13. PLACE OF 14. GOVERNMENT B/L NO. 15. DELIVER TO F.O.B. POINT 16. DISCOUNT TERMSON OR BEFORE (Date)

a. INSPECTION b. ACCEPTANCE

17. SCHEDULE (See reverse, for Rejections)

QUANTITY UNIT QUANTITYITEM NO. SUPPLIES OR SERVICES ORDERED UNIT PRICE AMOUNT ACCEPTED

(a) (b) (c) (d) (e), (f) (g)

The Contractor shall provide the U.S. Nuclear RegulatoryCommission with MicroSoft Systems Maintenance, Operations,and Support in accordance with the terms and conditions ofGSA Schedule GS-35F-0273L; the terms and conditions ofNRC BPA No. NRC-DR-33-10-303; the terms and conditions of,NRC Task Order No.11; and the statement of work; at the pricesset forth in the price schedule.

This confirms authorization the to proceed with work underthis effort provided on December 11, 2012.

Order Type: Labor-Hour

Base Period: 12/11/12 - 11/03/13 Amount: $1,803,221.28

Option Period: 11/04/13 - 11/03/14 Amount: $2,047,058.13

18, SHIPPING POINT 19. GROSS SHIPPING WEIGHT 20. INVOICE NO.

21. MAIL INVOICE TO: 17(h)TOTAL

SEE BILLING a. NAME (Cont.LING Department of Interior / NBCINSTRUCTIONS pages)

ON NRCPaymentsNBCDenver@NBC.govREVERSE b. STREET ADDRESS (or P.O. Box) PHONE: -

Attn: Fiscal Services Branch - D2770 FAX: 17(i).

7301 W. Mansfield Avenue AXGRANDCITY. d. STATE e. ZIP CODE 1,803,221.28 TOTAL

Denver CO 80235-2230

22 UNITED STATES OF AM... M 23. NAME (Typed)

BYSignature........ , ... Michael Turner,I Contracting off f~er

- m ~ r CONTRACT]NGIORDERING OFFICER

AUTHORIZED FOR LOQAL REPRODUCTION I UN 1 ^VIIPREVIOUS EDITION NOT USABLE RD

P14

%,,SAJIVIr ImLL- I il4,IN OPTIONAL FORM 347 (RE 2 2' 2

PRESCRIBED BY -5.213(f)

R"

ORDER FOR SUPPLIES OR SERVICES PAGE NO.

SCHEDULE - CONTINUATIONI

IMPORTANT: Mark all packages and papem wfth contract and/or order numbefm

DATE OF ORDER CONTRACT NO. ORDER NO.

01/24/2013 GS35F0273L NRC-T0ll

OUANTITY U UNIT DUANTITYITEM NO. SUPPUES OR SERVICES ORDERED UNIT PRICE AMOUNT ACCEPTED

(A) I () CI C) (0) (E) (F) (G)

Please indicate your acceptance of this task order by-having an official who is authorized to bind your

organization execute this document in the spacesprovided below.

A.CCEPTANCE:

_,ae " &r4

Title: 1rT2ICP

Date: 3

I. *1

TOTAL CARRIED FORWARD TO 1ST PAGE (ITEM 17(H))

AUTHORIZED FOR LOCAL REPRODUCTIONPREVIOUS EDITION NOT USABLE

OPTIONAL FORM 348 REV.(4.2006)Prmeacrbed by GSAFAR (48 CFR 63.213(f)

NRC-TO1 I

Table of Contents

SECTION A. - ORDER FOR SUPPLIES OR SERVICES

SECTION B - SUPPLIES OR SERVICES AND PRICE/COSTS

B.1 SCHEDULE OF SUPPLIES OR SERVICES ......................................................... Page 4B.2 CO NSIDERATIO N AND OBLIGATIO N ..................................................................... Page 4

SECTION C - STATEMENT OF WORK

C .1 B A C K G R O U N D ...................................................................................................... P age 5C .2 O B J E C T IV E ............................................................................................................ P a g e 5C .3 S C O P E O F W O R K .................. I ............................................................................... P age 5C.4 CONFIG URA TION MANAGEMENT ........................................................................ Page 9C .5 D E LIV E R A B LE S ..................................................................................................... P age 9C.6 PERFORMANCE MEASURES ALTERNATE I (AUG 2011) .................................... Page 11C .7 M E E T IN G S ............................................................................................................. P a g e 12C .8 T R A V E L ........................................ ......................................................................... P a g e 12

SECTION D. -- OTHER TERMS AND CONDITIONS

D. 1 FSS-BPA TERM S AND CONDITIONS ................................................................... Page 13D.2 2052.215-71 PROJECT OFFICER AUTHORITY .................................................. Page 13D.3 DURATION OF CONTRACT PERIOD (MAR 1987) ALTERNATE 2 (MAR 1987) ... Page 14D.4 52.217-9 OPTION TO EXTEND THE TERM OF THE CONTRACT (MAR 2000).. Page 15D.5 PLACE OF DELIVERY--REPORTS (JUN 1988) ..................................................... Page 15D.6 COMPENSATION FOR ON-SITE CONTRACTOR PERSONNEL (AUG 2011) ALTERNATE

I (A U G 2 0 11 ) ........................................................................................................... P a g e 1 5D.7 RULES OF BEHAVIOR FOR AUTHORIZED COMPUTER USE (MAR 2011) ......... Page 15D.8 SAFETY OF ON-SITE CONTRACTOR PERSONNEL (AUG 2011) ........................ Page 16D.9 AUTHORITY TO USE GOVERNMENT PROVIDED SPACE AT NRC HEADQUARTERS

(A U G 2 0 1 1 ) ............................................................................................................. P a g e 1 7D.10 CONTRACTOR RESPONSIBILITY FOR PROTECTING PERSONALLY IDENTIFIABLE

IN FO R M A T IO N (PII) (A U G 2011) ........................................................................... Page 17D.11 WHISTLEBLOWER PROTECTION FOR NRC CONTRACTOR AND SUBCONTRACTOR

E M P LO Y E E S (A U G 2011) ...................................................................................... P age 18D.12 G REEN PURCHASING (JUN 2011) ........................................................................ Page 19

SECTION B - SUPPLIES OR SERVICES AND PRICE/COSTS

B.1 SCHEDULE OF SUPPLIES OR SERVICES

Basý.e Year (De~embqer 11, ~212 - No?,v~emb 3, ,, .>

CLIN I DESCRIPTION QUANTITY UNIT UNIT PRICE AMOUNT

0001 Contractor performance of statement of work 1 Lot $1,803,221.28 $1,803,221.28requirements. Authorized labor categories andassociated fixed hourly rates for the labor hourservices include:

-Software Consultant: $297.12(Engagement Manager/PM)

-Software Consultant: $297.12

FCLIN DESCRIPTION TQUANTITY UNIT UNIT PRICE .AMOUNT

0002 Contractor performance of statement of work 1 Lot $2,047,058.13 $2,047,058.13

requirements. Authorized labor categories andassociated fixed hourly rates for the labor hourservices include:

- Software Consultant: $309.27(Engagement Manager/PM)

-Software Consultant: $309.27(Senior Consultant)

Subtotal - Option Period $2,047,058.13

TOTAL CEILING AMOUNT $3,850,279.41

B.2 CONSIDERATION AND OBLIGATION

(a) The total estimated amount (ceiling) of this task order is $1,803,221.28.

(c) The amount presently obligated with respect to this task order is $825.000.00. This obligated amountmay be unilaterally increased from time to time by the Contracting Officer by written modification to thiscontract. When and if the amount(s) paid and payable to the contractor hereunder is equal to the obligatedamount, the contractor shall not be obligated to continue performance .of the work unless and until theContracting Officer increases the amount obligated on this contract by written modification. Any workundertaken by the contractor in excess of the obligated amount specified above is at the. contractor's solerisk.

4

SECTION C - STATEMENT OF WORK

Title: NRC Microsoft Systems Maintenance, Operations, and Support

1.0 BACKGROUND

The Nuclear Regulatory Commission (NRC) has deployed a wide range of Microsoft systems in theproduction and test environments, and the agency is planning to deploy several other Microsoft solutions inthe coming months and years at the NRC. Examples of major applications and current Microsoqftts_%.ms..-.deployed include a robust Enterprise Project Management (EPM) Enterprise Content Managementenvironment (which includes Microsoft Project Server 2007, Microsoft SharePoint 2007, and MicrosoftSQL Server 2005), Microsoft Exchange 20071 Outlook 2007, Microsoft Server 2003/2008, Microsoft ActiveDirectory, Microsoft Systems Center Operations Manager 2007, and many other Microsoft systems andapplications. It is expected that the agency will continue to grow these existing technologies and addadditional Microsoft technology solutions to the enterprise now and in the future. To support theseinitiatives, the NRC needs Microsoft consulting services expertise to ensure that these critical applicationsare deployed and maintained correctly and securely with optimum performance to meet critical productionrequirements.

2.0 OBJECTIVE

This task order is to provide technical support for maintenance, operations, and support activities for avariety of NRC Microsoft Technologies currently deployed or being considered for deployment in the NRCenvironment. These systems can either be in the test, development, or production environments.

3.0 SCOPE OF WORK

The contractor shall provide maintenance, and operations support for the Microsoft technologies listed inthis task.. Additional Microsoft technologies may be added depending on NRC's production requirementsduring the period of performance of this task order. There are several subtasks associated with this taskorder, and all of the subtasks can run concurrently.

Subtask 1: General Maintenance, Operations, and Support for Microsoft Technologies deployed or beingconsidered for deployment in the NRC environment.1.1 The contractor shall provide, based on Microsoft Best Industry practices, written guidance,assistance with, and recommendations for architecting, installing, configuring, maintaining, integratingand securing Microsoft technologies for production systems and systems associated with the continuityof operations at the NRC. The contractor shall provide evaluation of Microsoft-related development, testand production practices, and shall make recommendations for improved support The contractor shallprovide recommendations for and assistance with deployment and product integration of new releases ofMicrosoft technologies, bug fixes, and patches-including desktop dependencies. Theserecommendations' shall include capacity planning and system growth as defined by the NRC,identification of risks involved with implementing the new or existing Microsoft Products, and ways tomitigate the risks. The contractor shall also provide, as needed, assistance with security hardening toensure that Microsoft technologies function property. In this subtask the engineer(s) will work with NRCand contractor operational and development staff on existing Microsoft systems deployed in theproduction and test environments at the NRC. These technologies include: Microsoft Active Directory,Microsoft Windows Server operating systems, Microsoft Exchange/Outlook, Microsoft System Centerapplications, Microsoft File and Print Services, Microsoft virtualization technologies (Hyper-V), MicrosoftSQL Server, Microsoft BizTalk, Microsoft ISA Server, Microsoft SharePoint Services (and WSS), the

5

NRC Enterprise Project Management environment, Microsoft Forefront, Microsoft OfficeCommunications Server, Microsoft Terminal Server, Microsoft Windows desktop/laptop operatingsystems, and Microsoft Office applications. This shall also include new Microsoft technologies that areadded to the NRC environment under separate task orders. The contract shall also provide initialrecommendations for the deployment of new Microsoft technology into the NRC environment; however,the actual installation and associated activities for the deployment will be covered under a separate taskorder. (See Documentation under Section 6.0 Deliverables)

1.2 The contractor shall assist in resolving Microsoft technology problems in the production and testenvironments. The contractor shall analyze the problem, provide written recommendations forresolution-including impacts of those recommendations-and, when directed by the NRC, takecorrective actions. The contractor shall provide a direct interface with the appropriate corporateMicrosoft product group and software product developers to expedite resolutions to issues asrequired. (See -Problem Analysis., -Code Review and Corrective Actions- under Section 6.0Deliverables)

1.3 The contractor shall provide written recommendations for improvement in performance aridmaintenance of the NRC's applications that interface or use Microsoft technologies. Allrecommendations must comply with vendor product technical specification to retain vendorsupport. (See Documentation under Section 6.0 Deliverables)

Subtask 2: SharePoint Maintenance and Operations. The contractor shall provide best practices, writtenrecommendations, guidance, architecture, training, design, problem resolution and other activesrequired for the successful maintenance and operations of the SharePoint environment. Maintenancetasks shall include but not be limited to the following: (see "Documentation, -Code Review,- CorrectiveActions,- Operational IT Security and Compliance,- and "Configuration of Microsoft Products,. underSection 6.0 Deliverables)

* SharePoint portal integration and Agency roll out/deployment support

Portal site structure/navigational architecture guidance and execution

Placement of data/content within SharePoint or on data shares or other systems

Governance, development and maintenance of SharePoint sites

• Portal/site/sub-site taxonomy at any level of the organization based on an organization's needs.

* Process for defining, posting and managing relevant content based on the Agency informationalneeds.

Provide assistance to agency users and contractors for portal development and integration into theproduction environment, using tools such as SharePoint Designer and InfoPath.Review of custom developed web parts, custom code, and their integration into the SharePoint

environment

* SharePoint workflow processes designed by Microsoft or other NRC organizations or contractors

* Data extraction and data loads from other Agency systems

* Expert-level troubleshooting for users' and administrators' issue and interface with agencySharePoint help desk

Expert-lever problem resolution for all aspects of the SharePoint environment. Makerecommendation. for resolutions and implement and test recommendation when approved

6

Assist with the integration of agency applications with SharePoint.

* Make recommendations for installation of product updates, hot fixed and service pack. Install andrecommendations as required.

° Hardware and software architecture for scalability to ensure business continuity

* Provide informal training of NRC Staff and contractors

* Operations management, assist with backup and restore, and daily monitoring of the SharePointenvironment.

* Compliance with federal IT security policies, standards, and guidance

* Configuration management to ensure the integrity and viability of the production system, thatincludes test and development environments and transitions from these environments intoproduction

Subtask 3: The contractor-shall provide best practices, written recommendations, guidance, architecture,training, design, problem resolution and other actives required for the successful maintenance andoperations of the NRC' EPM environment. Provide oversight for the NRC EPM SharePoint configurationto ensure that the performance continues to meet NRC's agency enterprise needs. Maintenance tasksshall include but not be limited to the following: (see "Documentation: -Code Review," "Corrective Actions,Operational Security and Compliance,. and -Configuration of Microsoft Products,. under Section 6.0Deliverables).

Participate as a technical advisor to an integrated Agency team (including other governmentcontractors) to provide a strategy for the integration of project activities, schedule, risks, andresources

Provide EPM enterprise strategy and governance model guidance and execution

Integrating new programs into EPM while ensuring system performance on existing.production implementations is not negatively affected

Training as needed; this shall include conducting customized training in the use of the NRCimplementation of EPM, and the use of EPM as a tool to support the Agency's project managementprocesses

Provide recommendations and guidance In fine tuning the platform, conduct on-site assessments

and recommend optimal solutions

* Provide assistance in troubleshooting platform issues and defining workarounds, and/or solutions

* Provide hardware and software architectural recommendation and guidance for scaiability toensure business continuity

Expert level troubleshooting for users' and administrators' issue and interface with agency EPMhelp desk

Expert-lever problem resolution for all aspects of the EPM environment. Make recommendation forresolutions and implement and test recommendation when approved.

Assist with the integration of agency applications with EPM

Make recommendations for installation of product updates, hot fixes and service packs. Install andtest recommendations as required

7

Hardware and software architecture for scalability to ensure business continuity. Provide inform,&;'training of NRC Staff and contractors ... Work with existing NRC contractors to implement roll out,needed

Operations management, assist with backup and restore, and daily monitoring of the EPMenvironment

Provide EPM enterprise strategy and governance model guidance and execution ... Assist with theintegration of new projects and the management of project resources.

Assist with the integration of future agency offices' EPM roll out to ensure that it does not affectsystem performance on production implementations

Work as member of an agency team to provide a strategy to define integration project activities,schedule, risks, and resource needs.

Assist with the integration of new projects and the management of project resources

Provide assistance with data extraction and data loads from other agency systems.

Make recommendations to facilitate the use of project resources and optimize the use of EPM.

Provide assistance with data extraction and data loads from other agency systems

Compliance with Federal It security polices, standards and guidance

Configuration management to ensure the integrity and viability of the production systems, thatincludes test and development environments and transitions from these environments intoproduction and comply with the EPM Program Configuration Management process.

The contractor shall assist in refining processes and procedures to manage EPM effectively. Thecontractor shall provide samples of those procedures. For example best practicesrecommendations. The contract shall assist in creating documentation. All these procedures shallbe in alignment with NRC Policies and Guidelines.

Subtask 4: Database Management -The contractor shall provide best practices, written recommendations,guidance, architecture, training, and design for the maintenance of Microsoft Sal Server 2005 (or futureversions). Maintenance tasks shall Include, but not be limited to, the following: (see -Documentation; -CodeReview: -Corrective Actions: -Operational IT Security and Compliance: and -Configuration of MicrosoftProducts,. under Section 6.0 Deliverables)

• Conversion to the latest releases, database mirroring or clustering, performance tuning and

monitoring, and implementation of new applications

* On-site assessments and recommendations for configuration and tuning

* Project activities, schedule, risks, and resource needs for deployments or upgrades

* Backup.and recovery procedures, stored procedures, software/hardware configuration for using aStorage Array, and disaster recovery recommendations

* Compliance with Federal IT security policies, standards, and guidance

* Troubleshooting system and platform issues

Subtask 5: Support the implementation of applications to address the business needs of the NRC.8

This task will require the engineer to work with OIS/ICOD to provide recommendations fordesigning/architecting solutions that can be leveraged throughout the agency (HQ, Regions, andResident Inspector sites), developing a deployment plan for the technology, working with theNetwork Operations Center and other Operational staff to test application performance in theenvironment, develop a proof of concept environment (virtual or CTF), and deploy the solution inproduction, if approved.

This subtask will require a detailed Design Document, detailed architectural drawings of theproposed solution, Standard Operating Procedures, and other documentation as required for theproject. This task will require the coordination with other offices and regions at the NRC andthorough testing must be done to ensure the selected solution performs optimally in ourenvironment. The design should take into consideration maintenance monitoring, and highavailability of the solution.

4.0 CONFIGURATION MANAGEMENT

No changes will be made to the production environment until those changes are approved by the NRCContracting Officer Representative..

The NRC configuration management process includes submission of a change request by the NRC staffinto IBM Rational ClearQuest. The NRC reviews change requests, and may then assign a changerequest to the contractor for analysis. The contractor will provide analysis of the change request, arecommendation to resolve the change request, an estimate to complete the work, and any supportingdocumentation. The NRC will determine whether to initiate the recommended solution. The NRC staffwill assist the contractor with the submission of artifacts to the change requests as needed. Allcontractor configuration management recommendations are to be made in accordance with Federal ITsecurity policies, best practices, standards, and guidance.

5.0 DELIVERABLES

Documentation

The contractor shall provide written recommendations on architecture, design, andimplementation/deployment, risk mitigation, and technology integration based upon information andrequirements collected. These recommendations shall be provided as needed for each project, and maybe revised during the course of the project as requirements are added, changed, or removed. The format ofthese recommendations will depend on the required effort and will be agreed upon by the contractor andproject officer prior to start of the effort. These recommendations will be reviewed by the project officer ordesignee, and if accepted, an implementation plan-which must include step-by-step directions for theimplementation and schedule-shall be provided. For problem resolution, the contractor must provide awritten assessment of the problem and a course of action to analyze and resolve the problem.

Task Reportinq by Subtask

The contractor shall provide (at a minimum) a monthly status report to the project officer no later than the

third (3rd) business day of every month.

A report on EACH activity shall include;

* NRC Activity Lead

* Project Health Dashboard (Green=No Impact; Yellow=Possible Impact; Red=impact)

* Status Summary

9

Work Completed (with key milestones, decisions and accomplishments)

* Work Summary (Resource, Activity Name, Actual Hours, Completed (YIN), Estimated Hours,Comments [as appropriate)

* Total Hours for Current Report

* Total Hours to Date

A report on ALL activities to include:

Budget Plan for current contract period (by month): Planned costs, actual costs, cost variance,planned cumulative costs, actual cumulative costs, cumulative cost difference, planned remainingbudget, and actual remaining budget

Work breakdown for each major job category as defined by project officer (by month)

Work planned for next period

Key risks, decisions or actions required by either the NRC or contractor (risk, impact, owner,resolution/mitigation/status)

List of problems identified as being caused by contractor implementations (description, estimatedhours to resolution, actual hours to resolution, deviation between estimated and actual hours)

The contractor shall provide project schedules, updates to project schedules, and resource requirementsin Microsoft Project format to the NRC project officer as requested. The dates of the project tasks will becoordinated with and agreed to by the NRC Contracting Officer Representative . This reporting deliverableapplies, but is not limited to, the following tasks under Maintenance and Operations: 1.4 of Section 12.0,Support Tasks.

Problem Analysis

Problem resolution documentation shall be submitted to the Contracting Officer Representative officerwithin 4 hours of issuance of the problem notification. If the problem is not resolved within 4 hours,updates shall be issued at 12 hour increments until the problem resolution has been determined and anappropriate course of action determined.

This problem analysis deliverable applies, but is not limited to, the following tasks under Maintenance andOperations: 1.2 and 1.4 of Section 12.0, Support Tasks.

Corrective Actions

Upon the request of the Contracting Officer Representative, the contractor shall take the actionsrecommended by them to resolve the Issue at hand.

Code Review

Using best practices, the contractor shall review custom code produced by other government contractorsor third-party vendors to determine maintenance by the NRC. The contractor shall providerecommendations for modifications to the code that will provide the NRC with best value and usability inthe enterprise environment.

This code review deliverable applies, but is not limited to, the following tasks under Maintenance andOperations: 1.2 and 1.4 of Section 12.0, Support Tasks.

10

Ooerational IT Security and Comoliance

The contractor shall ensure that NRC-approved secure baseline configurations are implemented on all ofthe Microsoft product specific technologies listed in: 12.0, Task 1: Maintenance and Operations, For thetechnologies listed in this section that have no NRC-specified or NRC-approved baseline configuration, thecontractor shall ensure these technologies are implemented under the auspices of Federal IT security"best practices", as designated by the appropriate NRC Internal office.

The contractor shall identify production limitations that have been introduced by modifications to ITsecurity settings and make recommendations for how the NRC can operate Microsoft products in asecure manner. This operational IT security and compliaince deliverable applies, but is not limited to, thefollowing tasks under Maintenance and Operations: 1.4 of Section 12.0, Support Tasks.

Configuration of Microsoft Products

The contractor shall make modifications to Agency Microsoft products based on the recommendationsthat the contractor has made.

This corrective actions deliverable applies, but is not limited to, the following tasks under Maintenance andOperations: 1.4 of Section 12.0, Support Tasks,

6.0 Performance Measures

This section describes the performance measures that will be evaluated monthly to determinewhether or not the option years will be exercised. A high performance score does not automaticallyindicate that an option will be exercised.

Task 1 Fails to meet Objective Objective Superior Job in Outstanding Job inMaintenance and expectations, accomplished accomplished; met terms of quality, terms of quality,Operations objective not but significant expectations in terms timeliness, and timeliness, and

accomplished (1) rework of quality, timeliness, cost (4) cost (5)required (2) and cost (3) ....

Cost Realism

ArchitecturelPlan-ning Support ........Design andConfigurationSupportSystem HealthMonitoring ,,ProblemIdentification andResolution

Definitions

Cost Realism -The extent to which the contractor's estimates for activities to be performed areaccurate (1 = Greater than 20 percent over budget, 2 = Greater than 10 percent over budget, 3 =Onbudget, 4 = More than 5 percent under budget, 5 = More than 10 percent under budget).

Architecture Planning Support. The efficacy of the proposed architecture in deploying new technologiesor products into the Technical Reference Model and infrastructure without impact to the Production andOperating Environment (PO&E) and host applications. (Recommendations for implementation of newMicrosoft software tools: 1 = Rejected by the NRC more than 50 percent of lime, 2 = Rejected by the NRC

11

more than 35 percent of time, 3 = Rejected by NRC less than t5 percent of time, Rejected by the NRC lessthan 10 percent of time, Rejected by NRC less than 5 percent of time).

Design and Configuration Support -The effectiveness and documentation of changes to the PO&E toensure they are supportable and meet the conditions for secure implementation as specified and approvedby the appropriate the NRC internal office(s). The Project manager will evaluate this measure based onconsultation with the NRC staff and contractors responsible for maintaining contractor implementations.(Number of requests for corrections to documentation: 1 = More than 2 times, 2 = N/A, 3 = More than 1time, 4 =N/A, 5 = No corrections required).

System Health Monitoring -The extent to which the contractors advice helps the NRC meet its servicelevel agreements (SLAs). (After contractor recommendation is implemented, the NRC's meetsSLAs: 1 = 85 percent of time, 2 = 90 percent of time, 3 = 95 percent, 4 = 98 percent, 5 =Greater than 99percent of time). Problem Identification and Resolution -The timeliness and effectiveness in resolvingproblems identified as being, caused by contractor implementations (based on initial contractor estimatesof the number of hours to resolve the identified problem). Percentage deviation from estimate: 1 = morethan 100 percent above estimate. 2 = more than 50 percent above estimate, 3 = at estimate, 4 = more than5 percent below estimate, 5 = more than 10 percent below estimate).

7.0 MEETINGS

The contractor's technical representative shall attend status meetings at NRC Headquarters to discusswork being done, as deemed necessary by the Contract Officer's Representative for this Task Order (11).

8.0 TRAVEL

None anticipated.

12

SECTION D - OTHER TERMS AND CONDITIONS

DA FSS-BPA TERMS AND CONDiTiONS

This order is subject to the terms referenced in BPA NRC-33-10-303 and the General ServicesAdministration (GSA) Federal Supply Schedule Contract # GS35F0273L.

D.2 2052.215-71 CONTRACTING OFFICER REPRESENTATIVE

(a) The contracting officer's authorized representative hereinafter referred to as the contracting officerrepresentative is:

Name: Richard Ousley

Address: 11545 Rockville PikeMail Stop: T-5-D-141Washington, DC 20555

Telephone Number: 301-415-5220

(b) Performance of the work under this contract is subject to the technical direction of the NRCcontracting officer representative. The term "technical direction" is defined to include the following:

(1) Technical direction to the contractor which shifts work emphasis between areas of work or tasks,authorizes travel which was unanticipated in the Schedule (i.e., travel not contemplated in the Statement ofWork or changes to specific travel identified in the Statement of Work), fills in details, or otherwise serves toaccomplish the contractual statement of work.

(2) Provide advice and guidance to the contractor in the preparation of drawings, specifications, ortechnical portions of the work description.

(3) Review and, where required by the contract, approval of technical reports, drawings,specifications, and technical information to be delivered by the contractor to the Government under thecontract.

(c) Technical direction must be within the general statement of work stated in the contract. Thecontracting officer representative does not have the authority to and may not issue any technical directionwhich:

(1) Constitutes an assignment of work outside the general scope of the contract.

(2) Constitutes a change as defined in the "Changes" clause of this contract.

(3) In any way causes an increase or decrease in the total estimated contract cost, the fixed fee, ifany, or the time required for contract performance.

(4) Changes any of the expressed terms, conditions, or specifications of the contract.

(5) Terminates the contract, settles any claim or dispute arising under the contract, or issues anyunilateral directive whatever.

13

(d) All technical directions must be issued in writing by the project officer or must beconfirmed by thecontracting office• r representative it, writi: ig within iea- t.) I orling d... ., "isr a -Ee kthe written direction must be furnished to the contracting officer. A copy of NRC Form 445, Request forApproval of Official Foreign Travel, which has received final approval from the NRC must be furnished to'the contracting officer.

(e) The contractor shall proceed promptly with the performance of technical directions duly issued bythe contracting officer representative in the manner prescribed by this clause and within the contractingofficer representative's authority under the provisions of this clause.

(f) If, in the opinion of the contractor, any instruction or direction issued by the contracting officerrepresentative is within one of the categories as defined in paragraph (c) of this section, the contractor maynot proceed but shall notify the contracting officer in writing within five (5) working days after the receipt ofany instruction or direction and shall request the contracting officer to modify the contract accordingly.Upon receiving.the nbtification from the contractor, the contracting officer shall issue an appropriatecontract modification or advise the contractor in writing that, in the contracting officer's opinion, thetechnical directionh is within the scope of this article and does not constitute a change under the "Changes"clause.

,,.(g) Any unauthorized commitment or direction issued by the contracting officer representative mayresult in an unnecessary delay in the contractor's performance and may even result in the contractorexpending funds for unallowable costs under the contract.

(h) A failure of the partieslto agree upon the nature of the instruction or direction or upon the contractaction to be taken with respect thereto is subject to 52.233-1 - Disputes.

(i) In addition to providing technical direction as defined in paragraph (b) of the section, the contractingofficer representative shall:

(1) Monitor the contractor's technical progress, including surveillance and assessment ofperformance, and recommend to the contracting officer changes in requirements.

(2) Assist the contractor in the resolution of technical problems encountered during performance.

(3) Review all costs requested for reimbursement by the contractor and submit to the contractingofficer recommendations for approval, disapproval, or suspension of payment for supplies and servicesrequired under this contract.

(4) Assist the contractor in obtaining the badges for the contractor personnel.

(5) Immediately notify the Personnel Security Branch, Division of Facilities. and Security(PERSEC/DFS) (via e-mail) when a contractor employee no longer requires access authorization andreturn the individual's badge to PERSEC/DFS within three days after their termination.

D.3 DURATION OF CONTRACT PERIOD (MAR 1987) ALTERNATE 2 (MAR 1987)

This contract shall commence on December 11, 2012 and will expire on November 3, 2013. The term ofthis contract may be extended at the option of the Government for an additional one-year period.

14

D.4 52.217-9 OPTION TO EXTEND THE TERM OF THE CONTRACT (MAR 2000)

(a) The Government may extend the term of this contract by written notice to the Contractor within 30days; provided that the Government gives the Contractor a preliminary written notice of its intent to extendat least 60 days days before the contract expires. The preliminary notice does not commit the Governmentto an extension.

(b) If the Government exercises this option, the extended contract shall be considered to include thisoption clause.

(c) The total duration of this contract, including the exercise of any options under this clause, shall notexceed 24 months.

D.5 PLACE OF DELIVERY--REPORTS (JUN 1988)

The items to be furnished hereunder shall be delivered, with all charges paid by the Contractor, to:

(a) Contracting Officer Representative (1 copy)

(b) Contracting Officer (1 copy)

D.6 COMPENSATION FOR ON-SITE CONTRACTOR PERSONNEL (AUG 2011)ALTERNATE I (AUG 2011)

(a) NRC facilities may not be available due to (1) designated federal holiday, any other day designatedby federal statute, Executive Order, or by Presidential Proclamation; (2) early dismissal of NRC employeesduring working hours (e.g., special holidays or emergency situations); or (3) occurrence of emergencyconditions during nonworking hours (e.g., inclement weather).

(b) When NRC facilities are unavailable, the compensation and deduction policy stated below shall befollowed for contractor employees performing work on-site at the NRC facility:

(c) The contractor shall not charge the NRC for work performed by on- site contractor employees whowere reassigned to perform other duties off site during the time the NRC facility was closed.

(d) On-site contractor staff shall be guided by the instructions given by a third party (e.g., MontgomeryCounty personnel, in the case of a water emergency) in situations which pose an immediate health orsafety threat to employees.

(e) The contractor's Project Director shall first consult the NRC Officer's Representative (COR) beforereleasing on-site personnel in situations which do not impose an immediate safety or health threat toemployees (e.g., special holidays). That same day, the contractor must then alert the Contracting Officerof the NRC Contracting Officer's Representative's (COR) direction. The contractor shall continue toprovide sufficient personnel to perform the requirements of essential tasks as defined in the Statement ofWork which already are in operation or are scheduled.

D.7 RULES OF BEHAVIOR FOR AUTHORIZED COMPUTER USE (MAR 2011)

In accordance with Appendix Ill, "Security of Federal Automated Information Resources," to Office ofManagement and Budget (OMB) Circular A-1 30, "Management of Federal Information Resources," NRC

15

has established rules of behavior for individual users who access all IT computing resources maintainedand operated by the NRC or on behalf of the NRC. In response to the direction from OMB, NRC has issuedthe "Agency-wide Rules of Behavior for .A,\uthorized Computer- Use" policiy, hereafter- L errF.ed to a.- :-u.of behavior. The rules of behavior for authorized computer use will be provided to NRC computer users,including contractor personnel, as part of the annual computer security awareness course.

The rules of behavior apply to all NRC employees, contractors, vendors, and agents (users) who haveaccess to any system operated by the NRC or by a contractor or outside entity on behalf of the NRC. Thispolicy does not apply to licensees. The next revision of Management Directive 12.5, "NRC AutomatedInformation Security Program," will include this policy. The rules of behavior can be viewed athttp://www.internal.nrc.gov/CSO/documents/ROB.pdf or use NRC's external Web-based ADAMS athttp://wba.nrc.gov:8080/ves/ (Under Advanced Search, type ML082190730 in the Query box).

The rules of behavior are effective immediately upon acknowledgement of them by the person who isinformed of the requirements contained in those rules of behavior. All current contractor users arerequired to review and acknowledge the rules of behavior as part of the annual computer securityawareness course completion. All new NRC contractor personnel will be required to acknowledge therules of behavior within one week of commencing work under this contract and then acknowledge ascurrent users thereafter. The acknowledgement statement can be viewed athttp://www.internal.nrc.gov/CSO/documents/ROBAck.pdf or use NRC's external Web-based ADAMS athttp://wba.nrc.gov:8080/ves/ (Under Advanced Search, type ML082190730 in the Query box).

The NRC Computer Security Office will review and update the rules of behavior annually beginning inFY 2011 by December 31st of each year. Contractors shall ensure that their personnel to which thisrequirement applies acknowledge the rules of behavior before beginning contract performance and, if theperiod of performance for the contract lasts more than one year, annually thereafter. Training on themeaning and purpose of the rules of behavior can be provided for contractors upon written request to theNRC Contracting Officer's Representative (COR).

The contractor shall flow down this clause into all subcontracts and other agreements that relate toperformance of this contract/order if such subcontracts/agreements will authorize access to NRCelectronic and information technology (EIT) as that term is defined in FAR 2.101.

D.8 SAFETY OF ON-SITE CONTRACTOR PERSONNEL (AUG 2011)

Ensuring the safety of occupants of Federal buildings is a responsibility shared by the professionalsimplementing our security and safety programs and the persons being protected. The NRC's Office of.Administration (ADM) Division of Facilities and Security (DFS) has coordinated an Occupant EmergencyPlan (OEP) for NRC Headquarters buildings with local authorities. The OEP has been approved by theMontgomery County Fire and Rescue Service. It is designed to improve building occupants' chances ofsurvival, minimize damage to property, and promptly account for building occupants when necessary.

The contractor's Project Director shall ensure that all personnel working full time on-site at NRCHeadquarters read the NRC's OEP, provided electronically on the NRC Intranet athttp://www.internal.nrc.gov/ADM/OEP.pdf. The contractor's Project Director also shall emphasize to eachstaff member that they are to be familiar with and guided by the OEP, as well as by instructions given byemergency response personnel in situations which pose an immediate health or safety threat to buildingoccupants.

The NRC Contracting Officer's Representative (COR) shall ensure that the contractor's Project Directorhas communicated the requirement for on-site contractor staff to follow the guidance in the OEP. TheNRC Contracting Officer's Representative (COR) also will assist in accounting for on-site contract personsin the event of a major emergency (e.g., explosion occurs and casualties or injuries are suspected) during

16

which a full evacuation will be required, including the assembly and accountability of occupants. TheNRC DFS will conduct drills periodically to train occupants and assess these procedures.

D.9 AUTHORITY TO USE GOVERNMENT PROVIDED SPACE AT NRC HEADQUARTERS(AUG 2011)

Prior to occupying any government provided space at NRC HQs in Rockville Maryland, the Contractorshall obtain written authorization to occupy specifically designated government space, via the NRCContracting Officer's Representative (COR), from the Chief, Space Design Branch, ADSPC. Failure toobtain this prior authorization can result in one, or a combination, of the following remedies as deemedappropriate by the Contracting Officer.

(1) Rental charge for the space occupied will be deducted from the invoice amount due theContractor

(2) Removal from the space occupied

(3) Contract Termination

D.10 CONTRACTOR RESPONSIBILITY FOR PROTECTING PERSONALLYIDENTIFIABLE INFORMATION (P11) (AUG 2011)

In accordance with the Office of Management and Budget's guidance to Federal agencies and theNuclear Regulatory Commission's (NRC) implementing policy and procedures, a contractor (includingsubcontractors and contractor employees), who performs work on behalf of the NRC, is responsible forprotecting, from unauthorized access or disclosure, personally identifiable information (PII) that may beprovided, developed, maintained, collected, used, or disseminated, whether in paper, electronic, or otherformat, during performance of this contract.

A contractor who has access to NRC owned or controlled P1, whether provided to the contractor by theNRC or developed, maintained, collected, used, or disseminated by the contractor during the course ofcontract performance, must comply with the following requirements:

(1) General. In addition to implementing the specific requirements set forth in this clause, thecontractor must adhere to all other applicable NRC guidance, policy and requirements for the handling andprotection of NRC owned or controlled PII. The contractor is responsible for making sure that it has anadequate understanding of such guidance, policy and requirements.

(2) Use, Ownership, and Nondisclosure. A contractor may use NRC owned or controlled PII solelyfor purposes of this contract, and may not collect or use such PII for any purpose outside the contractwithout the prior written approval of the NRC Contracting Officer. The contractor must restrict access tosuch information to only those contractor employees who need the information to perform work under thiscontract, and must ensure that each such contractor employee (including subcontractors' employees)signs a nondisclosure agreement, in a form suitable to the NRC Contracting Officer, prior to being grantedaccess to the information. The NRC retains sole ownership and rights to its PI1. Unless the contract statesotherwise, upon completion of the contract, the contractor must turn over all PHI in its possession to theNRC, and must certify in writing that it has not retained any NRC owned or controlled PII except asotherwise authorized in writing by the NRC Contracting Officer.

(3) Security Plan. When applicable, and unless waived in writing by the NRC Contracting Officer,the contractor must work with the NRC to develop and implement a security plan setting forth adequateprocedures for the protection of NRC owned or controlled PHI as well as the procedures which thecontractor must follow for notifying the NRC in the event of any security breach. The plan will be

17

incorporated into the contract and must be implemented and followed by the contractor once it has beenapproved by the NRC Contracting Officer. If the contract does not include a security plan at the time ofcontract award, a plan must be submitted for the aproval of the NRC Contracting Officer within .O d•\w---after contract award.

(4) Breach Notification. The contractor must immediately notify the NRC Contracting Officer andthe NRC Contracting Officer's Representative (COR) upon discovery of any suspected or confirmedbreach in the security of NRC owned or controlled P11.

(5) Legal Demands for Information. If a legal demand is made for NRC owned or controlled PII(such as by subpoena), the contractor must immediately notify the NRC Contracting Officer and the NRCContracting Officer's Representative (COR). After notification, the NRC will determine whether and towhat extent to comply with the legal demand. The Contracting Officer will then notify the contractor inwriting of the determination and such notice will indicate the extent of disclosure authorized, if any. Thecontractor may only release the information specifically demanded with the written permission of the NRCContracting Officer.

(6) Audits. The NRC may audit the contractor's compliance with the requirements of this clause,including through the use of online compliance software.

(7) Flow-down. The prime contractor will flow this clause down to subcontractors that would becovered by any portion of this clause, as if they were the prime contractor.

(8) Remedies:

(a) The contractor is responsible for implementing and maintaining adequate security controls toprevent the loss of control or unauthorized disclosure of NRC owned or controlled P11 in its possession.Furthermore, the contractor is responsible for reporting any known or suspected loss of control orunauthorized access to PII to the NRC in accordance with the provisions set forth in Article 4 above.

(b) Should the contractor fail to meet its responsibilities under this clause, the NRC reserves theright to take appropriate steps to mitigate the contractor's violation of this clause. This may include, at thesole discretion of the NRC, termination of the subject contract.

(9) Indemnification. Notwithstanding any other remedies available to the NRC, the contractor willindemnify the NRC against all liability (including costs and fees) for any damages arising out of violations ofthis clause.

D.11 WHISTLEBLOWER PROTECTION FOR NRC CONTRACTOR AND SUBCONTRACTOREMPLOYEES (AUG 2011)

(a) The U.S. Nuclear Regulatory Commission (NRC) contractor and its subcontractor are subject to theWhistleblower Employee Protection public law provisions as codified at 42 U.S.C. 5851. NRCcontractor(s) and subcontractor(s) shall comply with the requirements of this Whistleblower EmployeeProtection law, and the implementing regulations of the NRC and the Department of Labor (DOL). See,for example, DOL Procedures on Handling Complaints at 29 C.F.R. Part 24 concerning the employerobligations, prohibited acts, DOL procedures and the requirement for prominent posting of notice ofEmployee Rights at Appendix A to Part 24 entitled: "Your Rights Under the Energy Reorganization Act".

(b) Under this Whistleblower Employee Protection law, as implemented by regulations, NRC contractorand subcontractor employees are protected from discharge, reprisal, threats, intimidation, coercion,blacklisting or other employment discrimination practices with respect to compensation, terms, conditionsor privileges of their employment because the contractor or subcontractor employee(s) has provided notice

18

to the employer, refused to engage in unlawful practices, assisted in proceedings or testified on activitiesconcerning alleged violations of the.Atomic Energy Act of 1954 (as amended) and the EnergyReorganizatior Act of 1974 (a-." amended).

(c) The contractor shall insert this or the substance of this clause in any subcontracts involving workperformed under this contract.

D.12 GREEN PURCHASING (JUN 2011)

(a) In furtherance of the sustainable acquisition goals of Executive Order 13514, "Federal Leadership inEnvironmental, Energy, and Economic Performance" products and services provided under thiscontract/order shall be energy- efficient (Energy Star or Federal Energy Management Program (FEMP)designated), water-efficient, biobased, environmentally preferable (e.g., Electronic Product EnvironmentalAssessment Tool (EPEAT) certified), non-ozone depleting, contain recycled content, or are non-toxic orless toxic alternatives, where such products and services meet agency performance requirements.http://www.fedcenter.gov/programs/eo13514/

(b) The contractor shall flow down this clause into all subcontracts and other agreements that relate toperformance of this contract/order.

19