VA Modernized Messaging Software as a Service (SaaS)

The Department of Veterans Affairs (VA) is soliciting proposals for a Modernized Messaging Software as a Service (SaaS) solution. This Request for Proposal (RFP) outlines the requirement for a secure, encrypted, and HIPAA-compliant text messaging application delivered in a FedRAMP Moderate cloud environment. The solution must support alpha-numeric, numeric, and graphic communications, replacing physical pagers. Key requirements include protecting Veteran data, ensuring 100% separation of government/corporate and personal device data, and hosting all data and transmissions within the continental United States. The contractor will be responsible for project management, obtaining and maintaining a VA Authority to Operate (ATO), implementation, and ongoing operations, maintenance, sustainment, and engineering (OMS&E). The contract includes a base year with four 12-month option periods, plus an optional six-month extension, with provisions for increased license quantities and expanded site coverage.

This government solicitation amendment, 36C10A25R0002 0003, issued by the Department of Veterans Affairs, Technology Acquisition Center, modifies the original Request for Proposal (RFP) for "Modernized Messaging." The key changes include an extension of the deadline for offer submissions to October 31, 2025, at 2:00 PM CST. Additionally, an amended RFP document, identified by "red text in the conformed RFP for identified changes," has been provided, and offerors are required to use this updated version for their responses. This amendment ensures that all potential contractors are aware of the revised submission deadline and the updated requirements for the Modernized Messaging project.

The government solicitation outlines requirements for a messaging software application focused on privacy, security, and robust functionality. Key requirements include 100% privacy for non-Government Furnished Equipment (GFE) Bring Your Own Device (BYOD) data, secure separation of government and personal data on BYOD, personalized passcode authentication, and audit trails for user activities with government data. The solution must support transmitting various media types while protecting PII, PHI, and SPI, preventing government access to personal BYOD data. Functionality demands include individual and group messaging, message status tracking (received/read), group creation, role-based profiles, and fast content loading (1-10 seconds). Notifications and alerts must be customizable. Performance requirements ensure isolation to authenticated users, enhanced IP service for critical messages, and a secure enrollment process for users and devices (GFE/BYOD) to ensure HIPAA compliance. The SaaS solution needs administrative message escalation rules, priority message overrides, hotlinking, secure peer-to-peer texting, and near real-time delivery notifications. Key performance indicators include 99.95% CONUS Wi-Fi availability, 4-hour time to restore, and 100-millisecond messaging response time. The application must be responsive, horizontally scalable, and offer broad network access. Use cases highlight role-based communication, escalation for unread messages, and the ability to manage on-call schedules and surrogates through the mobile application.

The document provides answers to 53 questions regarding Solicitation 36C10A25R0002 for a Modernized Messaging Software as a Service (SaaS) solution. Key areas covered include mobile device compatibility (Apple and Android), current VA Mobile Device Management (Microsoft Intune and Workspace One), and funding availability (dependent on federal government operations). The RFP emphasizes a SaaS approach, excluding non-manufacturer rule waivers for licenses and treating software as a service rather than a supply. Technical requirements address audit trail data elements, message escalation examples, and timelines for mobile application compliance approvals, with a 12-month window for VA authorization post-award. The VA requires FedRAMP Moderate authorization as a minimum, with a preference for the underlying platform's FedRAMP High authorization, but mandates separate authorization for integrations. Data storage policies are clarified: acceptable on government-furnished devices managed by MDM, but not on personal BYOD. The VA will use 20K licenses initially, scaling to 120K, and anticipates a phased rollout. There is no incumbent contractor for this new requirement. AI is not currently utilized, and the solution must integrate with EntraID for user lookup. The ATO approval process is expected to take 9-12 months. The VA declines to increase the page count for proposals.