VA RFI: Privacy Compliance Services


Solicitation: 36C10B20Q0454

The Contractor shall support the development, execution and maintenance of a comprehensive department-wide VA Privacy Program. The Contractor shall support activities to ensure compliance with applicable privacy requirements; evaluate and monitor privacy policies, procedures and processes; and manage privacy risks. This includes the development, implementation and maintenance of a Department-wide Privacy Continuous Monitoring Strategy and Privacy Continuous Monitoring Program to ensure ongoing awareness of privacy risks and assessment of privacy controls. This also includes supporting the Privacy Program Management Office (PPMO) focused on ensuring the Department-wide VA Privacy Program delivers high quality and high value services and products to Veterans and other VA internal and external stakeholders through using Federal and industry standards and best practices in program and project management. Additionally, the Contractor shall support activities related to social security reduction efforts, privacy controls and Privacy Act activities.

The Contractor shall provide internal program support for VA Privacy Service staff in relation to privacy controls and overlays. These activities include:

  1. Monitoring policy and guidance changes affecting privacy controls and overlays to include the management of transitions between NIST guidance revisions. The Contractor shall document these changes in a Privacy Controls and Overlays Change Management Report to include recommendations on how to implement the new or revised requirements.
  2. Developing and maintaining Privacy Controls and Overlays Information within VA’s security control explorer to include drafting VA-specific control correlation identifiers (implementation guidance, supporting policies, responsibilities, inheritance, etc.). The Contractor shall coordinate the review and approval of the Privacy Controls and Overlays Information with the Office of Information Security (OIS) and VA Privacy Service leadership and incorporate all edits received, until approved. The Contractor shall also work with OIS and IT stakeholders to ensure all updates to the Privacy Controls and Overlays Information is posted to the security control explorer.
  3. Coordinating input from stakeholders in the development and preparation of the Processes, Plans and Procedures approved by the VA Privacy Service. The Processes, Plans and Procedures shall provide VA privacy controls and overlays stakeholders with tools and materials that are useful for day-to-day work activities demonstrating the knowledge, understanding, and skills to implement compliance with privacy control and overlays requirements. These Processes Plans and Procedures may include the drafting of business process maps, development of workflows, business process reengineering and analysis, operational and tactical plans, checklists and standard operating procedures. There are estimated to be approximately 10 Processes, Plans and Procedures in total and these documents are updated quarterly…

Read more here.


This topic contains 0 replies, has 1 voice, and was last updated by  Jackie Gilbert 2 weeks, 4 days ago.

  • Author
  • #76169
     Jackie Gilbert
    • G2xchange

    Replies viewable by members only


You must be logged in to reply to this topic.


Questions?. Send us an email and we'll get back to you, asap.


©2020 G2Xchange all rights reserved (new) | Community and Member Guidelines | Privacy Policy | About G2Xchange Health

Federal Government Employees Join Free

As a special thank you to all the federal agencies that have been supportive of our efforts over the years we offer a free individual membership to Federal Government employees.  Membership includes:

Full Access to the G2Xchange Health website, including exclusive member content.

Access to Forums, Comments, and Discussions

Member Directory

Private Messaging

The G2Xchange Health Daily Take Newsletter which includes the latest intelligence, news, and happenings from across the Federal Health IT Market.

Exclusive Discounts on G2Xchange Events and G2Xchange Partner Events.

Click Here to Join


Opportunities. Starting Points.

About our Data

The Vault is a listing of expiring contracts, task orders, etc. within a certain set of parameters, to include:

  • Have an initial total estimated contract value of $10 million or above
  • Federal Health Only – MHS/DHA, HHS, CMS, or VA Actions
  • NAICS codes include: 511210, 518210, 519130, 519190, 541511,
    541513, 541519, 541611, 541618,
    541690, 541720, 541990
  • Were modified within the last 12 calendar months
  • The data represented is based on information provided by the government

Who has access? Please note that ALL G2Xchange Health Members will receive access to all basic and much of the advanced data. G2Xchange Health Corporate Members will receive access to ALL Vault content (basic and advanced).

Feedback/Suggestions? Contact us at and let us know what you think. 

G2Xchange Health

Log in with your credentials
for G2Xchange Health

Forgot your details?