AttainX, Inc.

Decision

DOCUMENT FOR PUBLIC RELEASE

The decision issued on the date below was subject to a GAO Protective Order. This redacted version has been approved for public release.

Matter of: AttainX, Inc.

File: B-422141.2

Date: June 20, 2024

Samuel S. Finnerty, Esq., Katherine B. Burrows, Esq., Daniel J. Figuenick, III, Esq., and Kelly A. Kirchgasser, Esq., Piliero Mazza PLLC, for the protester.
Stephanie D. Wilson, Esq., Rachael C. Haley, Esq., and Charles L. Bonani, Esq., Berenzweig Leonard LLP, for Global Solutions Group, Inc., the intervenor.
Jeffrey D. Webb, Esq., Department of Homeland Security, for the agency.
Heather Self, Esq., and Peter H. Tran, Esq., Office of the General Counsel, GAO, participated in the preparation of the decision.

DIGEST

1. Protest challenging assessment of weaknesses in protester's quotation based on evaluators' personal knowledge of incumbent subcontractor's technical execution challenges is denied where agency, while not required to consider close at hand information in a technical evaluation, was not precluded from considering such information if relevant.

2. Protest challenging assessment of awardee's past performance as satisfactory, rather than neutral, is denied where the agency's evaluation error did not competitively prejudice the protester.

DECISION

AttainX, Inc., an economically disadvantaged woman-owned small business of Herndon, Virginia, protests the issuance of a task order to Global Solutions Group, Inc., (GSG), an economically disadvantaged small business of Oak Park, Michigan, under request for quotations (RFQ) No. 70RCSJ23Q00000039, issued by the Department of Homeland Security (DHS) for information technology (IT) services. The protester challenges the agency's evaluation of quotations and resulting source selection decision.

We deny the protest.

BACKGROUND

On July 21, 2023, using the procedures of Federal Acquisition Regulation (FAR) subpart 16.5, the agency issued the solicitation to economically disadvantaged small business holders of the General Services Administration's Streamlined Technology Acquisition Resource for Services (STARS) III governmentwide acquisition contract (a type of indefinite-delivery, indefinite-quantity (IDIQ) contract). Agency Report, (AR), Tab 7, RFQ at 1-2.[1] The solicitation sought quotations for the provision of IT services to DHS's Cybersecurity & Infrastructure Security Agency (CISA) for the operation and modernization of the priority telecommunications services (PTS). AR, Tab 8, Performance Work Statement (PWS) at 1, 3. The PTS provides priority communications for emergency responders and government officials over the commercial carrier networks. Id. at 1. The solicitation sought services in six required task areas, each with a number of subtasks, and an optional transition services seventh task area. Id. generally at 4-21. As relevant here, one of the solicitation's many required tasks is for the successful contractor to “coordinate with DHS/CISA as appropriate to ensure an Authority to Operate (ATO) of the applications and infrastructure in use by PTS OSS [operational support services] as outlined by NIST [National Institute of Standards and Technology] and DHS policy.” Id. at 11.

The solicitation contemplated award of a single hybrid time-and-materials/fixed-price task order with a 1-year base period and three 1-year option periods. RFQ at 2-3, 8. The solicitation provided award would be made on a best-value tradeoff basis, considering management approach, past performance, and price. Id. at 7. The solicitation established that management approach was more important than past performance, and the two non-price factors, when combined, were significantly more important than price. Id. In evaluating quotations, the agency would assign each vendor's management approach an adjectival rating of superior, good, satisfactory, marginal, or unsatisfactory, and for each vendor's past performance would assign an adjectival rating of neutral, superior, satisfactory, or unsatisfactory. AR, Tab 26, Source Selection Decision (SSD) at 3-4.

The agency received four quotations. After initial evaluations, DHS selected GSG's quotation as representing the best value and issued GSG a task order in September of 2023. AR, Tab 26, SSD at 1-2. AttainX protested the selection decision with our Office; in response, the agency submitted a notice of its intent to take corrective action. AttainX, Inc., B422141, Nov. 17, 2023 (unpublished decision). Specifically, DHS advised that it intended to reevaluate AttainX's and GSG's quotations and make a new source selection decision. Id. As a result, we dismissed the protest as academic. Id.

During reevaluations, the agency did not conduct discussions or accept quotation revisions from any vendor. AR, Tab 26, SSD at 4-5. The agency, however, requested and received clarification from GSG about its past performance. AR, Tab 24, GSG Clarification Email Exchange. After completing its reevaluation, the agency assessed AttainX's and GSG's quotations as follows:

	AttainX	GSG
Management Approach	Satisfactory	Good
Past Performance	Satisfactory	Satisfactory
Price	$19,441,400	$22,375,353

AR, Tab 26, SSD at 9. Based upon the evaluations and a comparative assessment of quotations, the source selection authority (SSA) concluded that “GSG's overall technical proposal was superior relative to AttainX's technical proposal, and presents less risk to the government, which is worth the 13.2 [percent] price premium over AttainX's proposal.”[2] Id. at 10.

Overall, due to “GSG's relatively superior technical proposal, particularly in the areas of IT Security and ATO support, and the relative risks with AttainX's proposal in these areas” the SSA concluded that GSG's superiority in this area “clearly” warranted payment of its associated price premium. AR, Tab 26, SSD at 11. In reaching this conclusion, the SSA noted that “[a]chieving an ATO is crucial in cybersecurity as it demonstrates compliance with regulations, effective risk management, enhances trust and confidence, ensures interoperability, and facilitates continuous monitoring and improvement of security measures.” Id. Therefore, the SSA selected GSG's quotation as representing the best value to the government, and the agency re-affirmed the prior issuance of a STARS III task order to GSG. Id. After being notified of the award decision and receiving a debriefing, AttainX filed this protest with our Office.[3]

DISCUSSION

The protester challenges the assessment of four weaknesses in its quotation under the management approach factor, three of which were based on the evaluators' consideration of technical execution challenges AttainX's proposed subcontractor has had while providing services under the incumbent contract. The protester argues the agency's consideration of this information was improper. The protester also contends the agency unreasonably assigned GSG's quotation a rating of satisfactory under the past performance factor and maintains GSG should have received a rating of neutral as it has no relevant past performance. Finally, the protester takes issue with the agency's tradeoff decision. While we do not address each of the protester's arguments, or permutations thereof, we have considered them all, and find that none provides a basis to sustain the protest.[4]

Evaluation of Protester's Management Approach

The protester challenges all four of the weaknesses assessed in AttainX's quotation under the management approach factor, primarily focusing on the three weaknesses based in whole or in part on the evaluators knowledge of technical execution issues encountered by AttainX's proposed subcontractor during that firm's performance as the incumbent contractor. See generally Protest at 9-21. The agency maintains its evaluation was reasonable and in accordance with the solicitation, and that it permissibly considered extrinsic information relating to AttainX's subcontractor's performance on the incumbent contract. See generally COS at 12-14; Memorandum of Law (MOL) at 12-29. For the reasons explained below, we agree.

At the outset, we note that when reviewing a protest challenging an agency's evaluation, our Office will not reevaluate proposals or quotations, nor substitute our judgment for that of the agency, as the evaluation of proposals or quotations is a matter within the agency's discretion. Cognosante MVH, LLC, B-418986 et al., Nov. 13, 2020, 2021 CPD ¶ 3 at 4. Rather, we will review the record to determine whether the agency's evaluation was reasonable and consistent with the solicitation's evaluation criteria and with applicable procurement statutes and regulations. Candor Solutions, LLC, B-417950.5, B-417950.6, May 10, 2021, 2021 CPD ¶ 199 at 5. A protester's disagreement with the agency's judgment, without more, is insufficient to establish that the agency acted unreasonably. MSK TriTech Group, LLC, B-421814, Oct. 3, 2023, 2023 CPD ¶ 235 at 3.

As part of a vendor's proposed management approach, the solicitation required vendors to describe their “proposed methods and techniques for completing each task,” and to “[i]dentify the process of completing each task,” among other things. RFQ at 5. The solicitation provided that under the management approach factor the agency would evaluate a vendor's: (i) “ability to perform the requirements defined in the PWS”; (ii) “management approach and assumptions to evaluate the [vendor's] understanding of the work”; (iii) “ability to provide an effective staffing plan and staffing approach,” including how well the staffing plan “optimize[d] the labor mix and labor hours required”; and (iv) key personnel “education, experience, and accomplishments.” Id. at 8.

The record shows that the evaluators assessed four strengths and four weaknesses in the protester's quotation, assigned it a rating of satisfactory under the management approach factor, and concluded that “AttainX demonstrated an understanding of the requirements and an approach that meets performance or capability standards.” AR, Tab 25, Consensus Technical Evaluation Report (Tech. Eval.) at 17-22. The evaluators based this conclusion, in part, on the consideration of AttainX's “strengths in Program and Project Management (PM), legacy application modernization model, [and] operational support and transition support expertise [that] will benefit the Government.” Id. at 17-18.

The evaluators also considered the four assessed “weaknesses in the area[s] of information technology (IT) enhancement including enhanced service performance metrics, IT security/ATO, and enhancement of the smartphone application which elevate the risk of an unsuccessful performance to moderate.” AR, Tab 25, Tech. Eval. at 18. Additionally, the evaluators noted AttainX “did not provide adequate approaches and methods for completing each task,” and that “[s]ome approaches lack[ed] effective methodologies required by the PWS.” Id. For example, the evaluators indicated concerns that AttainX's approach would result in “an inability to obtain ATO,” and that the proposed use of a particular tool--the “[DELETED]” tool--would be problematic as that tool was “excluded from the PTS OSS boundary and ATO assessment.” Id. Further, the evaluators found that AttainX's quoted “strategies have not been successful in the CISA environment which raises the risk of unsuccessful organization performance and not meeting PWS requirements.” Id. In assessing three of the four weaknesses, the evaluators based the weaknesses on “close at hand knowledge” or “close at hand information” of the technical execution challenges encountered by AttainX's chosen subcontractor, General Dynamics Information Technology (GDIT), in GDIT's performance of the incumbent contract. AR, Tab 25, Tech. Eval. at 19-20.

The protester challenges all four assessed weaknesses. See generally Protest at 1021. In challenging the weaknesses for which the evaluators relied in whole or in part on “close at hand” information or knowledge, AttainX asserts the same arguments: (i) that “the Agency cannot use ‘close at hand' information regarding AttainX's subcontractor to downgrade AttainX under the Management Approach factor”; (ii) that “even if the Agency could use ‘close at hand' information related to GDIT when evaluating AttainX . . . information related to GDIT's performance under a different contract does not provide a reasonable basis for the Agency to discredit the Management Approach [of] AttainX”; and (iii) that, based “upon information and belief,” “AttainX's proposed approach is not the same approach provided in the past by GDIT.”[5] Id. at 13-14, 17-18, 19.

As the foundation for its first argument--that the agency could not use “close at hand” information in its evaluation of AttainX under the management approach factor--the protester cites to decisions of our Office in which we found that “in some cases, past performance information in the agency's possession can be ‘too close at hand' to ignore,” but in which “we have specifically declined to extend that principle to an agency's evaluation of an offeror's technical proposal.” Protest at 13, citing XTec, Inc., B-418619 et al., July 2, 2020, 2020 CPD ¶ 253 at 9, citing also Enterprise Solutions Realized, Inc.; Unissant, Inc., B-409642, B-409642.2, June 23, 2014, 2014 CPD ¶ 201 at 9; Xenith Group, LLC, B-420706, July 14, 2022, 2022 CPD ¶ 184 at 4-5. While the protester accurately summarizes the cited decisions for the proposition that agencies are not obligated to consider “too close at hand” information as part of a technical evaluation, the question here is whether the agency was permitted to consider this information.

Our Office repeatedly has concluded that while an agency is not required to consider extrinsic information in the context of a technical evaluation, an agency's evaluation is not limited to the four corners of an offeror's proposal or a vendor's quotation. Strategic Operational Solutions, Inc., B-420159 et al., Dec. 17, 2021, 2021 CPD ¶ 391 at 6. That is to say, an agency may choose to rely upon other extrinsic information of which it is aware. See e.g., Park Tower Mgmt., Ltd., B295589, B-295589.2, Mar. 22, 2005, 2005 CPD ¶ 77 at 6 (finding nothing improper about agency's consideration of its direct knowledge of the job performance of incumbent personnel awardee proposed to hire, despite that information not being within the four corners of the awardee's proposal); Interfor US, Inc., B-410622, Dec. 30, 2014, 2015 CPD ¶ 19 at 6-7 (finding that agency reasonably relied on evaluators' personal knowledge of the awardee's proposed subcontractors in the evaluation of the awardee's technical proposal); Addx Corp., B414749 et al., Aug. 28, 2017, 2017 CPD ¶ 275 at 8 (concluding there was nothing unreasonable about the evaluators relying on their personal knowledge of the incumbent performance of one of the awardee's joint venture partners when evaluating the awardee's proposal under the business management factor). Likewise, here, we find nothing improper about CISA's consideration of its knowledge of the technical execution issues encountered by AttainX's proposed subcontractor during performance as the incumbent in evaluating the protester's management approach where, as explained below, that information was relevant.

We turn now to the protester's second and third arguments--that “information related to GDIT's performance under a different contract does not provide a reasonable basis . . . to discredit the Management Approach of AttainX,” and that AttainX's quotation did not propose “the same approach provided in the past by GDIT.” Protest at 14, 17, 19. The agency responds that the information about “AttainX's proposed subcontractor, GDIT, the PTS incumbent contractor” was “only considered” when it “was personally known to [the] evaluators, consistent with the evaluation criteria for Factor 1--Management Approach and limited to the relevant task areas of AttainX's quote.” COS at 11, 13. Further, the agency maintains that, as presented in the protester's quotation, “AttainX's partnership with GDIT is integral to the Protester's proposed management approach.”[6] Id.

As a first example, we examine the weakness assessed by the evaluators related to section 2.2.1 of the PWS (enhanced service performance metrics). See PWS at 6. The evaluators noted:

The offeror states that big data analytics technologies will be incorporated into the Performance End-To-End-Reporting (PEERS) application and that they will provide a data collection application and PS [priority services] Dashboard, which are required by the PWS; however, based on the team's close at hand knowledge, this may not be possible as the quotation's subcontractor, who is a current CISA vendor, did not receive a successful outcome with the same approach during technical enhancement implementations.

AR, Tab 25, Tech. Eval. at 19-20. Accordingly, the evaluators concluded there was an “increased risk that a similar failure could occur that would impact both schedule and cost,” as well as potentially resulting in the vendor “not successfully enhancing service performance metrics tasks, and thereby not meeting PWS requirements.” Id.

While the protester insists GDIT's technical execution on the incumbent contract is not relevant to AttainX's approach to PEERS big data analytics, the protester's quotation states an intent to [DELETED] to the current PEERS process. AR, Tab 14, AttainX Mgmt. Approach Vol. at 16. The agency represents that as part of the incumbent contract “GDIT proposed to do a proof of concept investigating the possibility of leveraging data analytics solutions” with the current PEERS process by preparing a “Tech Refresh proposal,” but GDIT neither submitted the proffered proposal nor implemented “a successful data analytics solution to replace the manual process of PEERS.”[7] COS at 12.

The protester does not dispute that GDIT previously tried and failed to augment the PEERS process through the use of big data analytics solutions, rather, AttainX--through an affidavit from AttainX's [DELETED]--maintains, “[u]pon information and belief” that GDIT's incumbent approach and the protester's quoted approach are not the same. Protest at 14 and Comments at 7, both citing Protest exh. F, Decl. at 60.[8] On the record before us, we find no basis to question the evaluators assessment of a weakness in AttainX's quotation based on consideration of their personal knowledge that a key member of “Team AttainX” previously tried and failed to implement big data analytics for the PEERS process.

As a second example, we examine the weakness assessed by the evaluators related to section 2.2.6 of the PWS (IT Security Services and ATO Support). See PWS at 11. The evaluators found:

For IT Security and ATO support, the offeror repeats the requirement of the PWS and states it will be completed, defines what RMF [risk management framework] is but does not fully provide a description of how or what security measures and techniques will be applied to ensure DHS compliance. The offeror does not demonstrate a comprehensive understanding of DHS IT security requirements in alignment with the PWS. Further, the quotation's approach includes an RMF approach which has not been successful at CISA. Based on close at hand information, the quotation's subcontractor, GDIT, previously provided and implemented resources to obtain an ATO within a similar requested timeline required by ECD[9] and using the same approach. The approach to follow the proposed RMF and achieve the ATO for the Priority Telecommunications Service Operational Support System (PTS OSS) was not successful within the required timeline defined by ECD.

AR, Tab 25, Tech. Eval. at 19-20. Accordingly, the evaluators concluded AttainX's “approach has been demonstrated as unsuccessful which increases the risk of ECD not achieving a successful ATO implementation and/or meeting all PWS requirements.” Id. at 19.

AttainX's quotation offers a plan to “ensur[e] the successful attainment of the required ATO for PTS OSS, following a proven approach.” AR, Tab 14, AttainX Mgmt. Approach Vol. at 26 (emphasis added). The quotation further references that AttainX's “Team has led the design, development, and ATO efforts and successfully achieved ATO for multiple mission critical systems for DHS that align with the technical stack of PTS OSS.” Id. at 27. In evaluating this aspect, the agency noted that GDIT has been unable to achieve an ATO for the specific DHS component to be served under the protested task order, and that “GDIT has submitted proposals to ECD” in order to obtain an ATO and “beginning in 2018 and up until 2021 but has been unable [to] deliver.” COS at 13.

AttainX does not dispute that GDIT previously tried and failed to obtain an ATO for the specific program to be serviced under the protested task order. Instead, the protester claims that “having GDIT on its team no doubt provides AttainX with a better understanding of the current operating system required to appropriately design, develop and deploy OSS 2.0, which is an advantage over GSG [the awardee],” yet still insists “upon information and belief” that GDIT's incumbent approach and the protester's quoted approach are not the same. Comments at 13 and Protest at 18, both citing Protest exh. F, Decl. at 61. Our review of the record finds no basis to question the evaluators' assessment of a weakness in AttainX's quotation based on consideration of their personal knowledge that a key member of “Team AttainX” previously tried and failed to obtain the necessary ATO for the PTS OSS.

Moreover, we note that the integrity of the procurement process does not permit a protester to espouse one position during the procurement, and then argue during a protest that the position is unreasonable or otherwise improper. Raytheon Co., B417524.2, B-417524.3, Dec. 19, 2019, 2020 CPD ¶ 50 at 8. Here, AttainX's quotation made clear it would rely on the incumbent contractor--GDIT--as a “major subcontractor” and that the protester's quoted approach was based, in part, on GDIT's “deep historical understanding that no other offeror can claim.” AR, Tab 14, AttainX Mgmt. Approach Vol. at 3-4. Having sought to bolster its quotation through reliance on GDIT's experience performing the incumbent contract, the protester cannot disclaim association with that same experience now that the agency has considered it unfavorably. See e.g., Logistics Health, Inc.--Adv. Op., B416145.7, Mar. 2, 2021, 2021 CPD ¶ 184 at 16 n.12 (noting that the integrity of the procurement process did not permit the protester to take a position in litigation that was different from the position taken by the protester when it structured its proposal submission). Accordingly, we deny the protester's challenges to the evaluation of its own quotation under the management approach factor.

Evaluation of Awardee's Past Performance

The protester contends that the agency improperly assigned the awardee's quotation a rating of satisfactory under the past performance factor, and that instead the agency should have assigned a rating of neutral as the awardee lacks any relevant past performance. Protest at 23. The agency responds that it reasonably found two of the awardee's three past performance reference contracts relevant, and on that basis assigned a rating of satisfactory. COS at 15; MOL at 32. As explained below, we find the record supports the protester's contention that the awardee's reference contracts should not have been considered relevant, and instead GSG's quotation should have received a rating of neutral under the past performance factor. The record does not demonstrate, however, that the protester suffered any competitive prejudice as a result of the agency's evaluation error.

When, as here, a protester challenges an agency's evaluation of past performance, we will review the evaluation to determine if it was reasonable and consistent with the solicitation's evaluation criteria and with procurement statutes and regulations. Innovative Mgmt. Concepts, Inc., B-419834.2, B-419834.3, Sept. 20, 2021, 2021 CPD ¶ 319 at 14. An agency's evaluation of past performance, including its consideration of the relevance, scope, and significance of an offeror's performance history, is a matter of discretion that we will not disturb unless the agency's assessments are unreasonable or inconsistent with the solicitation criteria. PricewaterhouseCoopers Public Sector, LLP, B-415504, B-415504.2, Jan. 18, 2018, 2018 CPD ¶ 35 at 10-11. Further, competitive prejudice is an essential element of any viable protest; where a protester fails to demonstrate that, but for the agency's actions, it would have had a substantial chance of receiving the award, there is no basis for finding prejudice, and our Office will not sustain the protest, even if deficiencies in the procurement are found. SeaTech Security Solutions; Apogee Group, LLC, B-419969.6, B-419969.7, Apr. 21, 2023, 2023 CPD ¶ 104 at 16.

For past performance, the solicitation permitted vendors to submit up to three references for “programs/projects from the last three (3) years of the date of this solicitation.” RFQ at 5. The solicitation instructed vendors “[f]or each past-performance citation [to] identify the following information,” and listed information such as the contract number, total contract value, percentage of the work completed to date, a description of the work performed, and any problems encountered as well as the corrective actions taken. Id. at 5-6. The solicitation advised that the agency would “evaluate the relevance--in terms of size, scope, and complexity--and quality of Quoters' past performance to determine the likelihood of successful performance.” Id. at 8. Additionally, through issuance of amendment 1, the agency clarified some of the RFQ requirements in answers to potential vendors' questions. RFQ at 1. As relevant here, one vendor asked: “Can we submit past performance references from a subcontractor? If so, how many?” AR, Tab 11, RFQ Questions and Answers at 2. The agency responded: “Yes. A maximum of three (3).” Id.

The record shows that GSG submitted three past performance reference contracts, and that the evaluators considered two of the three contracts relevant, while the third contract was not considered because it was older than the solicitation's stated 3-year recency period. AR, Tab 17, GSG Past Performance Volume (GSG Past Perf. Vol.) at 4-9; Tab 25, Tech. Eval. at 14-15. One of the two contracts the agency considered relevant was for work GSG performed as a subcontractor to another firm, CMCI, in providing cloud software engineering services to DHS's Countering Weapons of Mass Destruction (CWMD) office. Id. The second of the two contracts the agency considered relevant was for work performed by one of GSG's quoted subcontractors for the Federal Bureau of Investigation. The work involved providing enterprise IT, IT, and network technologies services. Id. The protester challenges the relevancy of each reference, which we deal with in turn.

With regards to the first reference contract, the record shows the evaluators considered GSG's cloud-related subcontract work to CMCI for DHS's CWMD office to be “recent, relevant, similar in size, scope, and less in complexity” to the solicited requirement. AR, Tab 25, Tech. Eval. At 14. The protester contends this was unreasonable because GSG's quotation included, as a reference, not the awardee's subcontract with CMCI, but CMCI's prime contract with DHS. Comments at 22, citing AR, Tab 17, GSG Past Perf. Vol. at 4. As CMCI is not a part of GSG's quoted team, the protester maintains CMCI's prime contract with DHS is not “relevant or pertinent to GSG's ability to perform the requirements.” Comments at 22. Moreover, the protester notes, GSG did not explain “what percentage of work, or what value of work was actually performed by GSG.” Id. Nor, in the protester's view, did the agency successfully remedy this issue during its corrective action reevaluation of quotations by requesting information from CMCI. Id. at 23. Further, the protester maintains the first reference contract was not similar in scope to the solicited work. Id. at 24-25.

The record reveals that during reevaluations, the agency emailed CMCI asking: “For the work GSG is performing please provide the:” (i) total contract value; (ii) scope of GSG's work; and (iii) an indication of how GSG's performance had been. AR, Tab 22, Agency Past Perf. Req. to CMCI at 2. In response, CMCI provided the total value of its prime contract, rather than the total value of GSG's subcontract. Compare AR, Tab 23, CMCI Resp. to Past Perf. Req. at 1 with AR, Tab 14, GSG Past Perf. Vol. at 4 (both showing the approximately $26.8 million value of the prime contract). With respect to the agency's request for information about the scope of GSG's work under the contract, CMCI responded only that “GSG is a key subcontractor on this contract” providing unspecified “services that include supporting: (i) Cloud Software Engineering; (ii) Cloud System Administration; (iii) Cloud Applications Security Support; (iv) Cloud Architecture; (v) Cybersecurity Support; (vi) Application Development and Transformation; (vii) System Engineering; (viii) Data Analysis; [and] (ix) Data Migration.” Id. As to the quality of GSG's performance, CMCI stated it was “Exceptional” with no further explication. Id.

Based on this record, we conclude neither GSG's quotation nor the agency's communications with CMCI provided sufficient information for the agency to determine that GSG's first reference contract was of similar size, as GSG and CMCI only provided information about the total dollar value of CMCI's prime contract, not GSG's subcontract work. To assess the scope and complexity of the first reference contract, the agency reasonably relied upon the narrative description of the work performed included in GSG's quotation. See AR, Tab 14, GSG Past Perf. Vol. at 4-5. Based on this information, however, the evaluators concluded that while GSG's description of the work aligned with “PWS Task Two requirements” it was “less relevant” for at least four of the remaining six PWS required task areas. AR, Tab 25, Tech. Eval. at 15-16; see also PWS at 1718, 20. With respect to complexity, the evaluators considered the described work to be less complex as it involved supporting only 1,800 users compared with the solicited requirement's need to support over 25,000 users. Id. at 15.

In sum, the record establishes the GSG's first reference contract was of unknown size, similar in scope for only one or two of the PWS's six required task areas, and less complex due to GSG's support of a user pool approximately seven percent the size of the user pool under the solicited requirement. Accordingly, we find unreasonable the agency's conclusion that GSG's first reference contract was relevant. See e.g., Al Raha Group for Tech. Servs., Inc.; Logistics Mgmt. Int'l, Inc., B-411015.2, B-411015.3, Apr. 22, 2015, 2015 CPD ¶ 134 at 7 (sustaining challenge to evaluation of awardee's past performance where the awardee's reference contracts included only a fraction of the effort required by the solicitation).

For the awardee's second reference contract, the record shows the evaluators considered the approximately $25.8 million IT services work of GSG's quoted subcontractor for the Federal Bureau of Investigation to be “ recent, relevant, similar in size, scope, and complexity” to the solicited requirement. AR, Tab 25, Tech. Eval. at 14. The protester contends this was unreasonable, in part, because the contract “is not relevant to most and nearly all of the tasks listed in the RFQ's PWS.” Comments at 32. The record supports the protester's contention. Specifically, the evaluators found that the IT engineering and service center support work in the second reference contract were similar in scope to the PWS requirements. AR, Tab 25, Tech. Eval. at 16. These types of work are similar to a few of the subtasks of PWS task area two and are similar in scope to the service center requirements of task area four. See PWS at 5, 10, 18-19. The evaluators, however, found that the second reference contract did not involve “system engineering lifecycle (SELC) documentation, IT Modernization, data migration, IT security services and ATO support, and GETS [government emergency telecommunication services], smartphone application, fraud testing, [and] phase in/out support services.” AR, Tab 25, Tech. Eval. at 17. Importantly, those identified types of work encompass most of the subtasks under task area two, as well as all of the subtasks under task areas three, five, and six. See PWS at 5-13, 1718, 20. Thus, the contemporaneous record shows the evaluators considered the awardee's second reference contract similar in scope for only one and a small portion of a second of the PWS's six required task areas.

Additionally, the protester maintains it was unreasonable for the agency to assess the quality of the awardee's second contract reference based on a contractor performance assessment reporting system (CPARS) report from outside the solicitation's stated period of recency. Comments at 30. Specifically, the protester notes the period of performance covered by the CPARS report relied on by the evaluators to assess the quality of performance of GSG's second reference contract was from February 16, 2019, through February 15, 2020, which is more than three years before the July 2023 issuance of the solicitation. Id., citing AR, Tab 25, Tech. Eval. at 16. We agree. The record shows performance was occurring under the awardee's second reference contract from February 2019 through August 2023, a period which encompasses time within the solicitation's 3-year recency period, yet, without explanation, the evaluators chose to review a CPARS report from outside the recency period. AR, Tab 25, Tech. Eval. at 16.

As the solicitation advised that past performance would be evaluated for “relevance--in terms of size, scope and complexity--and quality,” we find unreasonable the evaluators' conclusion that the awardee's second reference should be considered relevant when it was similar in size and complexity but had very limited similarity in scope and was of unknown quality. RFQ at 8 (emphasis added); see e.g., General Dynamics Info. Tech., Inc., B-421290, B-421290.2, Mar. 1, 2023, 2023 CPD ¶ 60 at 9-10 (sustaining protest where record failed to explain basis for evaluators finding awardee's past performance references relevant where they were similar in scope for only a limited amount of the solicited work).

As none of the awardee's submitted reference contracts reasonably could be considered relevant, we find the agency erred in assigning GSG's quotation a rating of satisfactory under the past performance factor. Rather, the evaluators should have assigned a rating of neutral to GSG's quotation. See AR, Tab 26, SSD at 4 (defining a rating of neutral as: “No relevant past performance record is identifiable upon which to base a meaningful performance rating. . . . This is neither a negative nor positive assessment.”). As noted above, however, competitive prejudice is an essential element of any viable protest.

Here, the record reflects that the agency's tradeoff decision was focused on GSG's superior approach to providing IT Security and ATO support as well as the risks of AttainX's proposal in these areas, as opposed to GSG's past performance. Specifically, the Source Selection Decision concluded as follows:

Because of GSG's relatively superior technical proposal, particularly in the areas of IT Security and ATO support, and the relative risks with AttainX's proposal in these areas, the Government has far greater confidence GSG's ability to meet the PWS requirements. Achieving an ATO is crucial in cybersecurity as it demonstrates compliance with regulations, effective risk management, enhances trust and confidence, ensures interoperability, and facilitates continuous monitoring and improvement of security measures. GSG's superiority in this area is clearly worth the $2,933,953.00 price premium over AttainX.

AR, Tab 26, SSD at 11.

Further, the record reflects that when conducting the tradeoff assessment, the SSA specifically acknowledged that AttainX's quotation demonstrated more relevant past performance than GSG's quotation. Id. Accordingly, even if GSG had received a neutral rating instead of an acceptable rating under the past performance factor, the basis for the tradeoff in favor of GSG--namely its more advantageous approach with respect to IT Security and ATO support, and the risks associated with AttainX's proposal in these important areas--would remain unchanged and there is no reasonable basis to conclude that AttainX would have had a substantial chance of receiving award. Because AttainX was not competitively prejudiced by the agency's evaluation of the awardee's past performance, we have no basis to sustain the challenge here. See e.g., SeaTech Security Solutions; Apogee Group, LLC, supra at 17 (denying evaluation challenge where even if agency's error were corrected, awardee's proposal still would have been considered superior under multiple factors, which SSA found justified payment of associated price premium).

Best-Value Tradeoff

Finally, the protester challenges the agency's tradeoff analysis arguing, among other things, that the underlying evaluation errors tainted the tradeoff, that the SSA focused too much on AttainX's weaknesses under the management factor while ignoring the vendor's strengths, and that the agency failed to justify payment of the awardee's price premium. See generally Protest at 25-29.

Source selection officials have broad discretion in deciding the manner and extent to which they will make use of technical and price evaluation results; price/technical tradeoffs may be made and the extent to which one may be sacrificed for the other is governed only by the test of rationality and consistency with the evaluation criteria. Cognosante MVH, LLC; Pro Sphere-Tek, Inc., B-421150 et al., Jan. 10, 2023, 2023 CPD ¶ 18 at 22-23. A protester's disagreement with an agency's judgments about the relative merit of competing proposals does not establish that the judgments were unreasonable. Id.

As discussed above, the alleged evaluation errors, on which the protesters' tradeoff challenges partially rest, have no merit. Further, the record does not support the protester's remaining contentions. Rather, the source selection decision includes a detailed comparison of the protester's and awardee's quotation in which the SSA acknowledged AttainX's various strengths and its superior past performance, but also noted AttainX's various weaknesses and the fact that GSG's quotation was superior under the most important factor--management approach. AR, Tab 26, SSD, at 10-11.

Specifically, the SSA found that, under the most important evaluation factor, management approach, “GSG's quotation included approaches and techniques to complete the PWS tasks that would exceed performance or capability standards and demonstrate a good understanding of the requirements.” AR, Tab 26, SSD at 10. Further, the SSA noted that “GSG's quotation included comprehensive and detailed methodologies for completing RFQ PWS Tasks,” such as “a comprehensive understanding of IT Security and ATO Support” that would be “central to ensure success in accomplishing an ATO in a timely and cost-effective manner.” Id. In contrast, the SSA found that “[w]hile AttainX's quotation demonstrated an understanding of the requirements and an approach that meets performance or capability standards, including several strengths, the[ir] proposal also included several weaknesses . . . that moderately increased the risk of unsuccessful performance.” Id. In particular, the SSA noted that “AttainX's quotation does not demonstrate how it will accomplish IT Security and ATO support, it simply repeats the requirement of the PWS and states it will be completed.” Id. The SSA then concluded that notwithstanding AttainX's more relevant past performance, GSG's superior management approach warranted payment of its associated price premium. Id. at 11. Accordingly, the record provides no basis for us to question the agency's selection of GSG's higher-rated, higher-priced proposal.

The protest is denied.

Edda Emmanuelli Perez General Counsel

---