This Request for Information (RFI) is issued solely for information and planning purposes and does not constitute a Request for Proposal (RFP), Invitation for Bid (IFB), or a promise to issue an RFP in the future. This RFI does not commit the Government to any contract action or for any supply or service implied or otherwise. These exchanges can improve both the Government's understanding of industry capabilities and the industry's understanding of the Government's needs. Any exchange of information must be consistent with procurement integrity requirements in FAR Overhaul part 3 and protected in accordance with part 24. Respondents are advised that the Government will not pay for any information or administrative costs incurred in response to this RFI. The Government does not intend to award a contract based on this RFI. Responses will be treated as information only and not as a proposal.
INTENT
The Government is conducting an RFI to identify potential industry partners capable of providing end-to-end managed services for its PeopleSoft Campus Solutions (UCAS) environment, which is customized and hosted in a FedRAMP authorized Gov Cloud.
Statement of Work
Managed Services for PeopleSoft Campus Solutions
1. Purpose & Objectives
The Academy seeks a qualified Contractor to provide end to end managed services for its PeopleSoft Campus Solutions (UCAS) environment, which is customized and hosted in a FedRAMP authorized Gov Cloud. The Contractor will:
- Operate and manage the hosted application and platform services.
- Provide production support (incidents/problems), service requests, and break/fix.
- Perform scheduled PUM updates, critical patches, and regression testing.
- Deliver enhancements and minor projects.
- Provide functional guidance on demand across CS modules without requiring full time functional consultants for all modules.
- Evaluate and implement new features (PUM/Tools) aligned to Academy priorities.
- Maintain security, compliance, and audit readiness consistent with Academy policy.
2. Scope of Services
All enhancement and project work shall be executed in accordance with Sections 2.7 through 2.10, including requirements documentation, success criteria definition, validation, and traceability under this contract.
2.1 Application Managed Services
- 24x7 monitoring of application health, integrations, jobs/process schedulers, and app/web tiers.
- Incident and problem management with RCA for P1/P2.
- Service requests (access, configurations under guardrails, reports, environment refresh coordination).
- Break/fix development and promotion through lower environments to production.
- Performance tuning, capacity planning, trend analysis.
- Knowledge management for enhancements, changes, and operational procedures performed under this contract, including requirements, solutions, runbooks, and SOP updates.
- Security administration support (roles/permission lists) in coordination with Academy IAM.
2.2 PUM & Patching
- Maintain a PUM roadmap (quarterly review) and impact analysis.
- Retrieve/review image content, categorize regulatory/mandatory vs. optional features.
- Apply updates in lower environments, retrofit customizations, execute automated/manual regression testing.
- Coordinate production deployments in approved maintenance windows with rollback plans.
The Contractor shall support impact analysis, testing and validation activities; however, final acceptance decisions remain the responsibility of the Government.
2.3 Enhancements & Minor Projects
The Contractor shall be responsible for eliciting, documenting, and validating functional requirements and acceptance criteria for all backlog items. Requirements shall be sufficiently documented to support implementation, testing, and acceptance and shall be maintained in the work management system (Jira).
- Backlog intake/refinement, functional/technical design, build, unit/integration testing, and deployment.
- CI/CD usage where feasible; branching strategy documented in the Delivery Playbook.
- Non functional requirements (performance, security, accessibility) included by default.
- Documentation updates (config, design, test cases, release notes).
2.4 Functional Guidance (On Demand)
- Access to senior functional SMEs across UCAS modules as needed (fractional capacity).
- Advisory on process optimization, configuration, feature adoption, and release impact.
- Workshops/demos for new capabilities.
2.5 Environment & Platform Management
The Contractor shall be responsible for the end to end management and operation of the UCAS application and its hosted environment, acting as the Cloud Service Provider (CSP) for the purposes of this contract. Responsibilities include management of the application, platform, and supporting infrastructure components required to sustain UCAS operations.
The Contractor shall:
- Manage and operate all application tiers, including web, application, process scheduler, database, file systems, and storage;
- Perform operating system, middleware, and PeopleTools patching and upgrades in accordance with the approved roadmap;
- Monitor and maintain system performance, availability, and capacity across all layers of the application and platform stack;
- Execute and maintain high availability (HA) and disaster recovery (DR) capabilities, including defined RTO/RPO requirements, documented runbooks, and annual validation testing;
- Perform backup and restore operations and ensure data recoverability in accordance with Academy requirements;
- Manage environments, including Production, Gold, Test, and Development, and coordinate refreshes and environment synchronization;
- Coordinate and execute release, deployment, and change activities in alignment with the Academy Change Advisory Board (CAB) and approved maintenance windows;
- Maintain environment configurations, system inventory, and operational documentation for components managed under this contract;
- Serve as the primary point of coordination for all platform and infrastructure-related issues, including interactions with any underlying cloud infrastructure providers where applicable.
The Contractor's responsibilities include operational management of the full UCAS hosted environment. Any underlying infrastructure providers (e.g., IaaS) do not assume responsibility for UCAS service delivery under this contract.
2.6 Security & Compliance
- Participate in the annual security assessment.
- Support audit and compliance activities.
2.7 Requirements Management, Solution Delivery, and Traceability
For all work performed under this SOW, including managed services, enhancements, PUM activities, and functional support, the Contractor shall be responsible for performing requirements elicitation, analysis, documentation, and validation as an inherent part of service delivery.
The Contractor shall:
- Lead structured discussions with Government stakeholders to elicit requirements, constraints, assumptions, and success criteria;
- Translate verbal, informal, or partially defined needs into clear, documented functional requirements sufficient to support implementation, testing, and acceptance;
- Confirm shared understanding of requirements with Government stakeholders;
- Maintain requirements documentation consistent with industry standard software development lifecycle practices.
These activities are considered inherent to professional services under this contract and are not separately priced or treated as additional scope.
2.8 Solution Design and Implementation
The Contractor shall implement solutions that meet documented requirements using an approach appropriate to the PeopleSoft Campus Solutions environment and operational needs. Solutions may include, as applicable:
- System configuration
- Custom or modified code
- Data updates, corrections, or scripts
- Interfaces or integrations
- Reports, queries, or batch processes
- Security and access changes
- Process or workflow updates
The specific technical approach is at the Contractor's discretion, provided it satisfies documented requirements and success criteria.
2.9 Success Criteria and Validation
For each task or work item, the Contractor shall define and document objective success criteria describing when the work is complete. At a minimum, success criteria shall:
- Describe expected system behavior or outcome;
- Identify applicable business rules, conditions, or exceptions;
- Specify evidence required to demonstrate completion (e.g., test results, outputs, user confirmation).
Success criteria shall be documented prior to completion and used as the basis for Government acceptance.
Completion shall include sufficient knowledge transfer and training to enable Government personnel to reasonably understand, validate, and operate the delivered functionality. Training shall include any additional steps reasonably necessary to support ongoing use and support.
2.10 Work Item Traceability
The Contractor shall use Jira (or Government approved system) to maintain traceability for all work. Each work item shall include:
- Requirement or problem description
- Defined success criteria
- Summary of solution implemented
- Status updates
- Validation/testing evidence
- Closure notes
Documentation shall be sufficient for an independent reviewer to determine what was requested, what was delivered, and how completion was verified.
2.11 Task Prioritization and Flexibility
The Government reserves the right to prioritize, defer, accelerate, substitute, or sequence tasks within the scope of this SOW.
- Tasks are not a fixed execution list
- Delivery timelines and throughput are dependent upon available contract capacity and the relative priority of operational support, maintenance, and enhancement activities.
- Lower priority work may be paused in favor of higher priority needs
- Substitution of tasks within scope does not constitute a contract change
Such activities remain within scope where aligned to the objectives of this SOW.
2.12 Scope Refinement and Change Control
Requirements under this SOW are expected to evolve as part of ongoing analysis, stakeholder engagement, and operational execution. Activities that remain aligned with the objectives and functional domain of PeopleSoft Campus Solutions (CS) shall be considered within scope.
The following shall be considered within scope and shall not require a contract modification:
- Refinement of existing requirements based on further analysis;
- Identification and execution of additional work necessary to meet an existing requirement;
- Introduction of new functional areas, features, or capabilities within PeopleSoft Campus Solutions (CS), including modules, configurations, reporting, integrations, or enhancements that logically align to the UCAS environment;
- Reprioritization or substitution of tasks consistent with Section 2 (Scope of Services);
- Adjustments in implementation approach (configuration, code, data, integration, or workflow) necessary to achieve desired outcomes.
Changes addressed through backlog prioritization and in-scope refinement (Section 2) do not require formal Change Requests unless they exceed defined scope boundaries.
Government Directed Changes
The Government may direct reprioritization or task substitution without contract modification.
Contractor Identified Changes
If the Contractor identifies work that exceeds the defined scope or available capacity, the Contractor shall:
- Notify the Government in writing;
- Provide a description of the work and rationale;
- Recommend options for resolution.
The Contractor shall not proceed with such work without written Government authorization.
3. Out of Scope (unless added via Change Order)
- Major re implementations or re platforming; migration to non PeopleSoft SIS.
- Net new enterprise integrations unrelated to UCAS or the approved roadmap.
- Custom development outside UCAS or not aligned to product backlog.
- Changes that materially exceeds the reasonable staffing capacity or increase contract value or period of performance.
4. Pricing and Service Model
4.1 Fixed Firm Price (FFP) Model
The Contractor shall provide all services described in this SOW on a Fixed Firm Price basis, billed as a recurring monthly fee covering the full scope of managed services and delivery obligations.
The fixed fee shall include, but is not limited to:
- Application managed services (incident, problem, service requests, and break/fix);
- PUM planning, impact assessment, testing, and deployment;
- Enhancements and minor project delivery within PeopleSoft Campus Solutions;[GD1] [VL2] [GD3] [VL4]
- Functional consulting support across UCAS modules;
- Environment and platform management, including CSP responsibilities;
- Requirements elicitation, documentation, validation support, and traceability;
- Knowledge transfer and training activities.
4.2 Service Baseline and Scope Boundaries
The Fixed Firm Price shall be based on a reasonable and expected service baseline, including typical operational demand, enhancement backlog, and PUM activity required to support the UCAS environment.
The Contractor is expected to maintain continuous forward progress on prioritized enhancement backlog items in addition to operational support.
The Contractor shall define and document its baseline assumptions as part of its proposal. Baseline expectations shall be informed by typical operational demands of current environment.
The Contractor is expected to manage normal fluctuations in workload, including peak academic periods, within the fixed price.
Activities that remain within the functional scope of PeopleSoft Campus Solutions (CS) and aligned with this SOW shall be considered in scope.
Work that introduces new systems, capabilities outside CS, or materially exceeds baseline expectations may require a contract modification as determined by the Government.
4.3 Optional Automated Regression Testing Capability
The Government may elect to implement automated regression testing for critical UCAS functionality as an optional capability under this contract.
Services under this contract shall be delivered using a blended managed services model operating within a finite delivery capacity. The Contractor shall support operational services, enhancements, and project activities within the available staffing and delivery capacity established under the fixed firm price structure.
If exercised, the Contractor shall:
- Identify and document critical regression testing scenarios, including high risk functional areas such as registration, grading, financial aid processing, and student financials;
- Develop and implement automated test scripts for selected scenarios using appropriate tools and frameworks compatible with the UCAS environment;
- Integrate automated testing into the PUM and release lifecycle, including execution during upgrade cycles and deployments;
- Maintain and update automated test scripts to reflect system changes, enhancements, and configuration updates;
- Provide reporting on test execution results, coverage, and identified defects.
Pricing
The Contractor shall propose this capability as a separately priced optional component, distinct from the Fixed Firm Price for base services.
The proposal shall include:
- Approach and tooling for automation;
- Assumptions used for estimating scope and coverage;
- Estimated level of effort for initial implementation;
- Ongoing maintenance approach and associated costs;
- Recommended prioritization of scenarios for automation.
The Government reserves the right to:
- Accept or decline this option at time of award; or
- Exercise the option at a later time through contract modification.
5. Roles & Responsibilities
Contractor
The Contractor shall provide and be accountable for delivery of services under this contract, including but not limited to:
- Service Delivery Manager (primary point of contact)
- Technical Lead
- Functional SME support (on demand)
- Developers and QA resources
- Release and Change Management
- Cloud and platform engineering support
- Security and compliance support
The Contractor shall:
- Perform application managed services, enhancements, PUM activities, and platform support in accordance with this SOW;
- Lead requirements elicitation sessions and document functional requirements, success criteria, and solution approaches;
- Implement, test, and deploy solutions that meet documented requirements and success criteria;
- Maintain traceability of work items, requirements, and validation evidence within the designated work management system;
- Provide knowledge transfer and training necessary to support Government understanding and operational use of delivered functionality;
- Coordinate activities across applications, platform, and integration layers to maintain system stability and performance.
The Contractor is responsible for execution, documentation, and solution delivery but does not assume ownership of business decisions, requirements approval, or acceptance of completed work.
Academy
The Academy shall provide the following roles and responsibilities:
Business SMEs / Functional Leads
- Serve as the primary representatives for functional areas (e.g., Registrar, Admissions, Financial Aid, Student Financials);
- Participate in requirements elicitation sessions led by the Contractor;
- Review, validate, and approve documented functional requirements to ensure alignment with intended business processes and operational needs;
- Review and approve defined success criteria prior to completion of work;
- Participate in validation, testing, and user acceptance activities;
- Provide formal acceptance or rejection of completed work based on documented requirements and success criteria;
- Establish and communicate priorities and sequencing of work.
Change Governance (CAB / Approver)
- Review and approve planned changes and releases;
- Ensure alignment of work with operational priorities and risk tolerance;
- Approve exceptions to blackout/freeze periods when required.
Enterprise Architecture / Technical Oversight (as applicable)
- Provide guidance on alignment with enterprise architecture standards when required;
- Review significant design or integration decisions as needed.
Identity and Access Management (IAM) Coordination (as applicable)
- Approve user access and role assignments in accordance with Academy policy;
- Coordinate with the Contractor on access control and security-related requirements.
6. Governance & Cadence
- Weekly operations sync: incidents, backlog, risks, blockers.
- Bi weekly Delivery cadence and planning activities aligned with the delivery methodology approved by the Academy (e.g., Scrum, Kanban, or hybrid Agile approach).
- Monthly service review: SLAs/KPIs, credits, improvements, capacity burn, roadmap.
- Quarterly roadmap & architecture review: PUM planning, performance, security posture.
- Executive Steering (quarterly/as needed): outcomes, budget, strategic changes.
7. Agile Delivery Framework
The Contractor shall use an Agile delivery approach appropriate to the nature, priority, and complexity of the work being performed. Delivery activities may use Scrum, Kanban, or a hybrid methodology as agreed upon with the Academy.
The Contractor shall:
- Maintain and manage a prioritized backlog of work items;
- Support iterative and incremental delivery of enhancements, fixes, and operational improvements;
- Coordinate planning, review, and status activities with the Academy;
- Maintain visibility into work status, risks, dependencies, and progress;
- Ensure delivered work includes appropriate testing, documentation, validation, and change approvals prior to production deployment.
Work items shall include:
- Documented requirements or problem statements;
- Defined success criteria;
- Traceability to implementation and validation activities;
- Sufficient documentation to support operational use and ongoing support.
The Academy reserves the right to adjust priorities, sequencing, and scheduling of work items based on mission and operational needs.
8. SLAs & KPIs[VL5]
8.1 Operational Criticality and Academic Calendar Alignment
The Contractor shall support the UCAS environment in alignment with the Academy's academic and operational calendar. Certain periods of the academic cycle may require elevated responsiveness, prioritization, coordination, and communication due to increased operational impact and mission sensitivity.
The Academy may designate specific activities, events, or operational periods as high criticality based on mission impact, including but not limited to:
- Registration and Add/Drop
- Term Start and Orientation
- Grading periods
- Billing and payment deadlines
- Financial aid processing activities
- Other operationally sensitive events identified by the Academy
The Academy may adjust work prioritization, escalation expectations, communication cadence, deployment restrictions, and response urgency during these periods.
Severity and operational priority shall be determined based on:
- Mission impact
- Number of affected users
- Functional criticality
- Timing relative to academic or operational events
8.2 Incident Response & Resolution Targets
Severity
Response
Work Start
Workaround Target
Resolution Target
P1 Critical
30 minutes
30 minutes
4 hours
8 hours
P2 High
30 minutes
1 hour
8 hours
5 business days
P3 Medium
As prioritized by Academy
As prioritized by Academy
N/A
As prioritized by Academy
P4 Low
As prioritized by Academy
As prioritized by Academy
N/A
As prioritized by Academy
8.3 Elevated Operational Response
During periods designated by the Academy as operationally critical, the Contractor shall:
- Prioritize affected incidents, requests, and changes accordingly;
- Provide increased communication frequency and stakeholder coordination;
- Support expedited troubleshooting and decision-making activities;
- Coordinate staffing and resource availability to support operational continuity;
- Minimize operational risk associated with deployments or system changes.
For P1 and P2 incidents occurring during operationally critical periods:
- Status updates shall be provided at intervals defined by the Academy based on business impact;
- Root Cause Analysis (RCA) reports shall be delivered within the timeframe agreed upon during incident resolution, typically within 10 business days unless otherwise directed by the Academy.
8.4 Availability Targets
- Monthly Availability Target: 99.9%
- Planned maintenance windows approved by the Academy are excluded from availability calculations.
8.5 KPIs (Reported Monthly)
The Contractor shall provide monthly reporting on, at a minimum:
- SLA performance by severity
- Open incidents and aging
- Open enhancement / backlog items and status
- P1/P2 incident summary and Root Cause Analysis status
- System availability
- Security vulnerabilities and remediation status
- Significant risks, issues, or operational concerns
- Summary of completed releases, enhancements, and maintenance activities
KPI reporting is intended to support operational transparency, trend analysis, and continuous improvement activities.
8.6 Change Freeze / Operational Protection Periods
The Academy may establish temporary operational protection periods or change restrictions associated with mission-critical events or academic activities.
During such periods:
- Major or high-risk changes may be restricted unless expressly approved by the Academy;
- Emergency changes may proceed in accordance with approved emergency change procedures.
9. Deliverables
Recurring
- Service Operations Report (monthly): SLAs/KPIs, trends, RCA, changes, risks, capacity burn, improvements.
- PUM Assessment & Plan (per image): impact matrix, retrofit list, test plan, deployment plan.
- Release Notes & Runbooks for each deployment.
- Security & Compliance Pack (quarterly): vulnerability report, patching status, access review, backup/DR evidence.
- Architecture/Environment Inventory (quarterly): topology, versions, integration catalog.
One Time
- Discovery & Baseline Assessment (customizations catalog, integrations map, NFRs, performance baseline).
- Delivery Playbook (Agile workflow, branching model, test strategy, environments, change control, defect taxonomy).
- RACI Matrix (see 10).
- Knowledge Transfer Plan and repository setup.
As Needed
- Incident Reports.
- Knowledge Management: Documentation shall be maintained for enhancements, changes, and operational updates performed under this contract.
10. RACI (Illustrative)
Activity
Academy
Contractor
Application Operations
A
R
Incident Management (L2/L3)
C
A/R
Enhancements (Build, Test, Deploy)
A (Business SMEs)
R
Requirements Definition & Validation
A (Business SMEs)
R
User Acceptance / Sign-Off
A
R
PUM Planning & Execution
A (Validation & Approval)
R
Security Patching (OS, Middleware, Application Layers)
I/C
A/R
DR / Backup Strategy & Execution
A
R
Access Management (Application Roles)
A
R
Change Approval (CAB)
A
R (prep/execute)
11. Assumptions & Constraints
- PeopleSoft CS and PeopleTools are properly licensed for the Academy; Contractor has required skills/tools.
- Access to environments, repositories, ticketing (Azure DevOps/Jira/ServiceNow), and documentation is provided.
- Maintenance windows are pre defined; emergency changes allowed per policy.
12. Change Management
- Scope changes via formal Change Requests with cost/schedule/risk impacts.
- Emergency changes require post implementation review.
- Versioned documentation; semantic versioning; traceability to work items.
Backlog prioritization and in scope refinement activities defined in Section 2 do not require formal Change Requests unless scope boundaries are exceeded.
13. Quality Management
The Contractor shall follow documented testing, peer review, and release management practices appropriate to the UCAS environment and risk level of the change.
- Coding standards, static analysis, peer review, unit test thresholds.
- Test levels: unit, SIT, UAT, regression, performance, security.
14. Data & Integrations
- Academy retains all data ownership.
- Integration catalog maintained; error handling and retry policies documented.
- API/interface versioning, schema change control, and contract tests where applicable.
15. Security Incident & DR
The Contractor shall support operational security, incident response, and disaster recovery activities necessary to maintain continuity and reliability of the UCAS environment.
The Contractor shall:
- Support identification, analysis, containment, and resolution of security-related incidents affecting UCAS;
- Coordinate with the Academy during security incidents and operational disruptions;
- Provide timely communication and status updates based on operational impact and urgency;
- Support recovery activities necessary to restore services and operational stability;
- Maintain backup and recovery capabilities consistent with Academy requirements;
- Maintain and update disaster recovery procedures and operational runbooks for components managed under this contract;
- Participate in periodic disaster recovery testing and remediation activities as directed by the Academy.
- The Academy may designate certain incidents or operational events as high criticality based on mission or academic impact. During such events, the Contractor shall prioritize response, coordination, communication, and recovery activities accordingly.
- Recovery objectives, communication expectations, and operational priorities may be adjusted by the Academy based on the nature and impact of the incident or event.
16. Staffing & Key Personnel
- Named Service Delivery Manager (key) and Technical Lead (key).
- Academy may request replacements subject to knowledge transfer.
- Background checks and eligibility consistent with Gov Cloud requirements and Academy policy.
17. Pricing & Invoicing
The Contractor shall provide services using a blended managed services delivery model operating within a finite delivery capacity.
The Government shall prioritize work items within the available delivery capacity.
The Contractor is not required to execute all requested work concurrently and may sequence work based on priority, operational risk, staffing availability, and mutually agreed planning activities.
18. Term & Transition
- Base 12 months; Two 12 month options.
- Transition Out
Upon expiration or termination, the Contractor shall support a structured transition out period of up to 60 days (or as directed by the Government) to ensure continuity of operations.
Transition out shall include:
-
- Complete transfer of updated documentation, configurations, and work artifacts including any automated testing assets (test scripts, documentation, execution procedures) produced under this contract
- Knowledge transfer sessions sufficient for Government personnel or successor support to sustain operations
- Handover of backlog, open issues, and system status
Transition out activities shall be performed without degradation to ongoing services.
19. Acceptance Criteria
Acceptance of work under this SOW shall be based on:
- Documented requirements derived from stakeholder discussions
- Defined and validated success criteria
- Implementation of a solution that satisfies those requirements
- Documented testing or validation evidence
- Jira records demonstrating traceability from requirement to delivery
- Completion of knowledge transfer sufficient for operational use
SLA achievement alone does not constitute acceptance without the above elements.
20. Tools & Repositories
- Work management: Jira.
- CI/CD: Git based repo, pipeline per Academy standards.
- Documentation: SharePoint/Confluence/Teams as designated.
The Academy shall retain ownership and administrative access to all repositories, documentation spaces, work management systems, automation assets, and operational artifacts used under this contract.
THIS IS A SOURCES SOUGHT ANNOUNCEMENT ONLY.
This Sources Sought Announcement is issued solely for information and planning purposes and to identify interested sources. THIS IS NOT A SOLICITATION. No contract will be awarded from this announcement. This Sources Sought does not constitute an RFP or a promise to issue an RFP in the future. It is subject to change and is not binding on the Government. Further, unsolicited proposals will not be accepted. Funding is not available at this time. The United States Merchant Marine Academy has not made a commitment to procure any of the items/services discussed, and release of this Sources Sought Announcement should not be construed as such a commitment or as authorization to incur cost for which reimbursement would be required or sought.
Response to this Sources Sought Announcement is voluntary and no reimbursement will be made for any costs associated with providing information in response to this and any follow-on information requests. All submissions become Government property and will not be returned. Not responding to this Sources Sought Announcement does not preclude participation in any future RFP if any is issued. If a solicitation is released, it will be synopsized on the SAM.gov website or another Governmentwide Port of Entry (GPE). It is the responsibility of the potential responders to monitor Government GPE sites for additional information pertaining to this subject.
RESPONSES
Any comments to improve the Statement of Work will be appreciated. Interested parties are asked to provide the following information to Daphnee Ravilus (RavilusD@usmma.edu) and Theodore Nigro (Theodore.nigro@dot.gov).
Company Name:
SAM Entity Identification (UEI):
Business Size (Small Business or Other Than):
GSA FSS Contract Number (if any):
Point of Contact Title/Name:
Point of Contact Email:
Proposed NAICS:
Comments: