Platinum Business Services LLC | U.S. GAO

DOCUMENT FOR PUBLIC RELEASE
The decision issued on the date below was subject to a GAO Protective Order. This redacted version has been approved for public release.

Decision

Matter of:  Platinum Business Services LLC

File:  B-419930

Date:  September 23, 2021

Lee Dougherty, Esq., Effectus PLLC, for the protester.
Elizabeth N. Jochum, Esq., Zachary D. Prince, Esq., and Léa A. Dickinson, Esq., Smith Pachter McWhorter PLC, for Delviom, LLC, the intervenor.
Ekta Patel, Esq., Department of Homeland Security, for the agency.
Jacob M. Talcott, Esq., and Jennifer D. Westfall-McGrail, Esq., Office of the General Counsel, GAO, participated in the preparation of the decision.

DIGEST

1.  Protest challenging agency’s evaluation of protester’s quotation is denied where evaluation was reasonable and consistent with the terms of the solicitation.

2.  Protest alleging awardee engaged in impermissible “bait and switch” is dismissed where protester fails to demonstrate awardee “baited” the agency, or intended to replace furnished key personnel with less qualified personnel.

Platinum Business Services LLC, an 8(a) small business of Catonsville, Maryland, protests the issuance of a task order to Delviom, LLC, an 8(a) small business of Ashburn, Virginia, under request for quotations (RFQ) No. 70FA3021Q00000022, issued by the Department of the Homeland Security (DHS), Federal Emergency Management Agency (FEMA) for cyber assessment and risk management support services. The protester argues the agency unreasonably evaluated its quotation, which led to an improper award to Delviom.  The protester also argues the awardee engaged in an impermissible bait and switch tactic with respect to its proposed key personnel.

We deny the protest in part and dismiss it in part.

BACKGROUND

On April 16, 2021, FEMA issued the RFQ as a set-aside for 8(a) small businesses in accordance with Federal Acquisition Regulation (FAR) section 8.405-5.[1]  Agency Report (AR), Tab 7, RFQ at 1-2.[2]  The agency sought a vendor to provide security assessments of information technology systems, security control assessments for security authorizations, and support for the information system life cycle.  Id. at 1. 

The RFQ contemplated the issuance of a fixed-price task order for a base period of twelve months and an option period of another twelve months.  AR, Tab 1, Contracting Officer’s Statement (COS) at 1.  The RFQ provided for the evaluation of quotations based on three evaluation factors:  past demonstrated experience, technical and management capability, and price.  RFQ at 1-6.  The RFQ anticipated award on a best-value tradeoff basis where past demonstrated experience was the most important factor; technical and management capability was the second most important factor; and the non-price factors, when combined, were more important than price.  Id.  The RFQ provided for a two phase evaluation scheme.  Id. at 1.  The due date for quotations for phase one was May 5; phase two submissions were due by May 19.  Id.

The evaluation of prior demonstrated experience under phase one required each vendor to provide a narrative demonstrating its relevant experience in meeting the requirements of FEMA’s cyber security program.[3]  Id. at 3.  The RFQ further required vendors to submit prior demonstrated experience on (1) a top-secret contract and (2) three government contracts within the last five years involving requirements that are similar to the technical requirements of the current solicitation.  Id. at 4.  In addition to the two required types of experience, the RFQ provided the following three areas of prior demonstrated experience that were highly desired by the agency:  (1) work on at least one prime contract of the same complexity worth at least $20 million; (2) work with high value assets, and risk and vulnerability assessment sub-categories; and (3) experience with DHS working with specific cyber security tools.  Id. at 3.

Following the agency’s evaluation of the phase one submissions, the agency would advise vendors as to whether they were likely to be viable competitors and should proceed to phase two.[4]  Id. at 2.  The solicitation explained that the agency’s intent in furnishing this advice was to minimize quotation preparation costs for vendors with little chance of award.  Id.

For the phase two evaluation of the technical and management capability factor, the RFQ required vendors to demonstrate the ability to provide an organizational and management structure for security assessment services across all FEMA offices.  Id. at 4.  Additionally, the RFQ required vendors to submit resumes for a project manager and cyber security subject matter expert (SME), which the RFQ identified as key personnel.  Id. at 5.  In evaluating technical and management capability, the RFQ provided that the agency would assess the likelihood that the vendor’s approach would meet the requirements of the solicitation; the agency would also evaluate the vendor’s plan to organize, access, and manage resources such as personnel and subcontracts.  Id. at 4‑5.  The RFQ provided that total evaluated price would include the vendor’s price for the base and option periods.  Id. at 5-6.

The agency received five quotations for phase one.  COS at 7.  Following the phase one evaluation, Platinum received an advisory notification that its quotation was one of the lowest-rated quotations, and was unlikely to be selected for award.  Id. at 8.  The protester nonetheless proceeded with submission of a quotation for phase two.

The agency received four quotations for phase two, including a quotation from Platinum.  Id. at 7‑8.  The final results for the technical and price evaluation were as follows:

 

Platinum

Delviom

Vendor 3

Vendor 4

Prior Demonstrated Experience

Low Confidence

Some Confidence

Some Confidence

Some Confidence

Technical and Management Capability

Some Confidence

High Confidence

Some Confidence

Some Confidence

Total Evaluated Price

$21,822,701

$16,403,940

$18,549,563

$16,899,884

 

Id. at 7.

The agency determined that Delviom’s quotation represented the best value, and issued the task order to Delviom on June 11.  Id. at 10.  This protest followed.

DISCUSSION

Platinum contends the agency’s evaluation of its quotation was arbitrary and capricious.[5]  Platinum also contends Delviom engaged in an impermissible bait and switch with respect to its key personnel.  For reasons discussed below, we deny the protest in part and dismiss it in part.

The evaluation of quotations is a matter within the discretion of the procuring agency. Peregrine Integrated Mgmt., Inc., B-414788, B-414788.2, Sept. 11, 2017, 2017 CPD ¶ 286 at 2.  In reviewing a protest of an agency’s evaluation of quotations, it is not our role to reevaluate quotations; rather, our Office will examine the record to determine whether the agency’s judgment was reasonable and consistent with the solicitation criteria.  Id.  A vendor’s disagreement with the agency, without more, does not render the evaluation unreasonable.  Encorp-Samcrete Joint Venture, B-284171, B-284171.2, Mar. 2, 2000, 2000 CPD ¶ 55 at 4. 

Platinum contends the agency’s evaluation of its prior demonstrated experience was unreasonable because it had the highest overall technical rating under a prior solicitation for the services.[6]  Protest at 9.  According to Platinum, the differences between the two solicitations were “unsubstantial” and therefore, the award to Delviom under the current solicitation is unreasonable.  Id.  We disagree.  Our Office has consistently explained that each federal procurement stands on its own, and an agency may reach a different evaluation judgment from one it has reached under a different solicitation, so long as the evaluation being challenged is reasonable.  Buffalo Computer Graphics, Inc., B‑416244, July 17, 2018, 2018 CPD ¶ 247 at 4-5 n.5.  In other words, Platinum’s previous evaluation under a now-canceled solicitation has no bearing on the reasonableness of the current evaluation. 

Platinum also takes issue with the findings of the technical evaluation team (TET) on which its low confidence rating for experience was based.  The TET identified two areas in the protester’s quotation that decreased its confidence Platinum could successfully perform the requirements of the RFQ:

(1) Contractor did not provide prior demonstrated experience that was of the scope, scale, and complexity of our technical requirements.  All the task order requirements were not covered (e.g., task order 6, software/hardware experience);

(2) Prior demonstrated experience that demonstrated work in the high value assets, and risk and vulnerability assessment subcategories was not of the relevance and required scale and scope.

AR, Tab 12, TET Report at 13.

Platinum challenges the finding that it failed to provide experience in task area six. Comments at 2.  In support of this contention, Platinum identifies a matrix included in its quotation wherein it represented (with an x in a column titled Task Area 6) that it had experience in this area due to a contract it performed for the Office of Naval Research (ONR).  AR, Tab 9, Phase One Proposal at 9.  The protester does not dispute that it failed to demonstrate task area six experience on the other two contracts that it submitted for evaluation, however, and the TET noted this failure.  AR, Tab 12, TET Report at 15. While Platinum contends that the solicitation did not require that every prior contract cover every task area, we think that the evaluators could reasonably have viewed the protester’s failure to provide task area six experience on two of its three contracts as decreasing their confidence in its ability to successfully perform the requirements of the RFQ.  On this record, we fail to see that the evaluators’ finding was unreasonable. 

Platinum also disputes the finding pertaining to its demonstrated experience in high value assets/risk and vulnerability assessment subcategories.  Comments at 2-3.  Platinum contends its quotation included a section addressing this area in which it “meticulously and thoroughly details each aspect of the subcategories listed by the Agency.”  Id. at 3.  The TET found Platinum’s demonstrated experience in the above areas was not “of the relevance and required scale and scope.”  AR, Tab 12, TET Report at 13.  While Platinum points to a section in its quotation where it described its experience with the vulnerability assessment subcategories, Comments at 3, it does not address the underlying basis for the finding–i.e., that the experience it described in its quotation pertaining to the vulnerability assessment subcategories was not on contracts of the required scale and scope.  Because Platinum has not established the agency unreasonably viewed the contracts on which the experience was demonstrated as insufficiently similar, we find no merit to this argument and deny this protest ground.

Platinum also contends the agency’s evaluation of its technical and management capability was unreasonable.  Protest at 11.  Specifically, Platinum cites the agency’s post-award explanation wherein the agency stated that Platinum’s quotation would have been more competitive if it (1) explained how Platinum planned to develop and influence cybersecurity architecture and strategy, and (2) discussed the importance of, and collaboration about, policy change.  Protest, attach. 5, Brief Explanation at 1.  According to Platinum, this evaluation conclusion was unreasonable because Platinum’s quotation devoted an entire section to its plan to develop cybersecurity architecture and strategy.  Protest at 11.  Additionally, Platinum contends it mentioned the word “collaboration” several times throughout its quotation.  Id.

The RFQ instructed vendors to address several specific topics under the technical and management capability factor.  RFQ at 4-5.  One topic required vendors to explain how the vendor planned to develop and influence cyber security architecture and strategy for emerging technology from a legacy environment; a second was to explain how the vendor intended to manage the creation and distribution of policies and procedures to stakeholders for awareness.  Id. at 5.

With respect to Platinum’s discussion of developing cybersecurity architecture and strategy, the agency acknowledges that Platinum devoted an entire section to this area, but responds that the explanation was “vague” and did not provide specifics on how Platinum planned to develop these areas.  MOL at 13.  For example, the agency argues that Platinum used only broad phrases such as “infuse new ideas and technologies” and “apply reach back expertise,” but failed to provide specifics on how these concepts would actually influence cybersecurity and architecture.  Id.  With respect to collaboration, the agency contends Platinum did not sufficiently address the importance of policy changes, despite mentioning collaboration several times.  Id. at 13-14.

Essentially, Platinum argues that in phase two the agency should have assigned its quotation a rating of high confidence instead of some confidence.  As mentioned above, our Office will not reevaluate quotations; we review only whether the agency’s judgment was reasonable and consistent with the solicitation.  Encorp-Samcrete Joint Venture, supra, at 4.  Here, the agency contends Platinum’s explanations lacked the specificity desired by the agency to assign its quotation a rating of high confidence for phase two.  Based on the record, we have no basis to determine the agency’s evaluation here was unreasonable.  This protest ground is also denied.

Platinum next challenges the award to Delviom on the ground that Delviom engaged in an impermissible “bait and switch.”  Protest at 13.  Specifically, Platinum alleges that following the award, Delviom listed a job posting for a cyber security SME using the language from the solicitation.  Id. at 13-14.  Platinum contends Delviom submitted key personnel it had no intention of using during contract performance.  Comments at 7.

A protester’s argument that key personnel identified in an awardee’s quotation will not perform under the resulting contract is generally a matter of contract administration that our Office will not review.  Bid Protest Regulations, 4 C.F.R. § 21.5(c).  To establish an impermissible bait and switch, a protester must show that a firm either knowingly or negligently represented that it would rely on specific personnel that it did not expect to furnish during contract performance, and that the misrepresentation was relied on by the agency and had a material effect on the evaluation results.  Data Mgmt. Servs. Joint Venture, B-299702, B-299702.2, July 24, 2007, 2007 CPD ¶ 139 at 10.  Even where there is evidence of a planned switch in key personnel, our Office will not find an impermissible bait and switch where there is no evidence of baiting, i.e., an intent to replace proposed key personnel with less qualified personnel.  Id.; Dynamic Security Concepts, Inc., B-416013, B-416013.2, May 15, 2018, 2018 CPD ¶ 186 at 6.

We dismiss this protest ground as Platinum has failed to make a threshold showing, namely that Delviom “baited” the agency, or intended to replace key personnel with less qualified personnel.  Even if we accept as true Platinum’s assertions that Delviom knowingly furnished a cyber security SME that it did not intend to use, that the agency relied on that misrepresentation, and that the agency’s reliance had a material effect on the evaluation, Platinum has not shown, nor does the record support, a conclusion that Delviom intended to replace its proposed cyber security SME with someone less qualified.  This protest ground is dismissed for failure to state a valid basis of protest.  4 C.F.R §§ 21.1(c)(4), (f).

The protest is denied in part and dismissed in part.

Edda Emmanuelli Perez
General Counsel