Request for Information - Information Technology Global Operations

Active

Contract Opportunity

The Department of Defense Education Activity is issuing this Request for Information (RFI) to assess Small Business market capability to provide Global Operations Support Services as described in the Draft Performance Work Statement (PWS) supporting DoDEA's worldwide enterprise. This RFI is strictly for market research in accordance with FAR Part 10 and will help determine appropriate acquisition and competition strategies. This RFI is issued solely for information purposes and is not intended to serve as a forum for questions or clarifications. The Government will not respond to questions, provide additional information, or engage in any question-and-answer process regarding this requirement. However, if any aspect of this RFI appears unclear, respondents may submit a point of clarification or noted ambiguity. All relevant comments will be noted. These "Points of Clarification" may be submitted with your responses not to exceed two (2) pages and must adhere to the same format requirements specified in this RFI.

DoDEA requires integrated support across the following functional areas (PWS Sections 2.1 – 2.8):

• Security Operations Center (SOC) (24×7 Tier 1–3 operations)


• DevSecOps & Cloud‑Native Application Development


• Enterprise Device Management


• Enterprise Network Operations Center (NOC)


• CloudOps (Google Workspace & Microsoft Azure)


• Agile Project Management


• Business Case & Requirements Analysis


• Technical Writing & Documentation

This notice does not constitute a solicitation. No contract will be awarded from this announcement.

2. BACKGROUND

DoDEA operates a global PK–12 school system across the Americas, Europe, and Pacific, with 160 schools in 11 foreign countries, 7 U.S. states, Guam, and Puerto Rico. The DoDEA IT enterprise requires continuous cybersecurity, cloud operations, device management, application modernization, and enterprise network support.

The Draft PWS defines outcome‑based objectives, performance standards, and Acceptable Quality Levels (AQLs) across all functional areas.

3. NAICS & SIZE STANDARD

• NAICS Code: 541513 – Computer Facilities Management Services


• Small Business Size Standard: $37.0M
  
  Respondents must identify their small business category (e.g., SB, 8(a), WOSB, SDVOSB, HUBZone, SB‑JV, etc.).

4. SCOPE OVERVIEW

The Draft PWS requires contractors to provide comprehensive global IT services including:

• 24×6 SOC monitoring and incident response


• Enterprise Device management for Windows, ChromeOS, iOS, and IoT systems


• NOC support for SD‑WAN, LAN/WLAN, firewalls, and cloud networking


• DevSecOps development with Zero Trust and CI/CD pipelines


• CloudOps for Google Workspace and Microsoft Azure


• Agile project management supporting all technical workstreams


• Business case development and requirements analysis


• Technical writing for policies, SOPs, runbooks, diagrams, and governance documents

5. SUBMISSION INSTRUCTIONS

A. Response Due Date

Responses are due within 10 business days of the posting date on SAM.gov.

B. Submission Method

Email submissions to:

[Insert Government Email Address]

Subject Line: “RFI Response – DoDEA IT Global Operations Support – [Company Name]”

C. Format Requirements

• Submit one (1) PDF containing your entire response


• Maximum 15 pages for the narrative response (questions 1–19)


• Cover page, table of contents, and optional attachments do not count toward the limit


• Minimum 11‑point font, 1‑inch margins


• Include:
  
  
  
  • Company Name
  
  
  • UEI & CAGE Code
  
  
  • Business Size & Socioeconomic Category
  
  
  • Primary NAICS 541513 confirmation
  
  
  • Contact Name, Phone, Email
  
  
  
  

D. Optional Attachments Allowed (Not counted toward page limit)

1. Capability Matrix (Prime/JV/Sub roles by PWS Objective)


2. Corporate Experience Summary Table


3. Proposed Organizational Structure Chart


4. Key Personnel Matrix


5. Risk Mitigation Summary

6. PROPRIETARY INFORMATION

Do not submit classified information or CUI. Proprietary information must be clearly marked.

7. DISCLAIMER

This RFI is for planning purposes only and does not obligate the Government to issue a solicitation or award. The Government will not reimburse respondents for the cost of preparation.

8. STRUCTURED RFI QUESTIONS (REQUIRED)

Respondents must answer all 19 questions below within the 13‑page narrative limit.

A. Corporate Capability & Program Management

1. Corporate Capability & Global Reach

Describe your company’s capabilities and global delivery footprint supporting DoDEA’s worldwide presence (Americas, Europe, Pacific).

2. Integrated Program Management Approach

Explain how you would manage an integrated program covering SOC, NOC, DevSecOps, Device Management, CloudOps, Agile PM, Requirements Analysis, and Technical Writing, aligned to the PRS and QASP.

3. Lines of Communication & Coordination

Describe your lines of communication with DoDEA HQ, regional offices, COR, PMO, SOC/NOC leads, and school facilities, including communication during normal hours (0700–1700 ET) and surge periods.

4. Small Business Staffing & Surge Capacity

Explain your small business staffing model, teaming/JV structure (if applicable), key labor categories, and ability to surge across global operations while meeting AQLs.

5. Compliance Readiness

Describe your readiness to support DoD/DoDEA requirements (DoD Zero Trust, DoDI 8510.01/RMF, NIST 800‑53, STIGs, FedRAMP), and any existing certifications or compliance methods.

B. Objective 1 – SOC Support

6. 24×6 SOC Operations Capability

Describe your capability to operate a 24×6 Tier 1–3 SOC using Microsoft Sentinel/Defender, Azure Data Explorer, incident response, and ability to meet MTTD/MTTR standards.

7. Detection Engineering & Readiness

Explain your experience with detection engineering (custom rules, tuning), threat hunting, and readiness exercises (purple team/tabletop), including dashboard/report development.

C. Objective 2 – DevSecOps & Application Development

8. Secure SDLC & CI/CD Practices

Describe your Secure SDLC and DevSecOps methods including requirements, design, coding, testing, SAST/DAST, quality gates, CI/CD pipelines, Zero Trust integration, and traceability.

9. Application Development Expertise & Sustainment

Describe your experience with Angular, .NET, SQL, HTML, JavaScript, and C#, and how you ensure availability, code quality, test coverage, deployment frequency, and IP delivery. ]

D. Objective 3 – Enterprise Device Management

10. Unified Endpoint Management

Describe your experience with Intune, Entra ID, Autopilot, Apple School Manager/MDM, ChromeOS, and IoT management, including alignment with Zero Trust and compliance baselines.

11. Compliance Reporting & Troubleshooting

Explain your approach to compliance dashboards, device posture reporting, and Tier‑2 troubleshooting while maintaining Zero Trust enforcement.

E. Objective 4 – Enterprise NOC Support

12. NOC Operations Capability

Describe your experience managing SD‑WAN, LAN, WLAN (Aruba), firewalls, cloud networking, segmentation, and fabrics while maintaining STIG/NIST compliance.

13. Availability, Incident Response & Documentation

Explain how you will meet AQLs for 99.9% service availability, P1 MTTR, change success rate, and timely updates to network baselines and diagrams.

F. Objective 5 – CloudOps

14. Cloud Administration & Zero Trust

Describe your experience administering Google Workspace and Azure, enforcing Zero Trust IAM, performing configuration reviews, incident response, and meeting availability AQLs.

G. Objective 6 – Agile Project Management

15. Enterprise‑Scale Agile Management

Explain your Agile approach (Scrum, Kanban, scaled Agile) to coordinating SOC, NOC, CloudOps, DevSecOps, and device management workstreams, including use of KPIs

H. Objective 7 – Business Case & Requirements Analysis

16. Requirements Analysis & Governance

Describe your methodology for eliciting, validating, and documenting requirements; building RTMs; conducting alternatives analysis; and supporting governance review cycles.

I. Objective 8 – Technical Writing

17. Documentation Quality & Repository Management

Explain your process for policy‑aligned documentation, templates, style guides, diagrams, approval workflows, accessibility, and storing artifacts in authorized repositories.

J. Staffing, Clearances & Constraints

18. Staffing, Clearances & Regulatory Constraints

Describe your ability to meet clearance requirements, background checks for facility/school access, FAR/DoDEA constraints, GFP/GFE handling, and work‑hour limitations (0700–1700 ET).

K. Information Technology Certifications

19. Information Technology Requirements

List organization information technology certifications and certification levels. Examples of these are ISO, CMMI, and CMMC.

(LISTED AS AN ATTACHMENT)

Attachments/Links