DHS awards $25M for IT patch and release management, with 7 bidders competing

Contract Overview

Contract Amount: $25,015,186 ($25.0M)

Contractor: Indigo IT, LLC

Awarding Agency: Department of Homeland Security

Start Date: 2018-03-25

End Date: 2024-08-30

Contract Duration: 2,350 days

Daily Burn Rate: $10.6K/day

Competition Type: FULL AND OPEN COMPETITION AFTER EXCLUSION OF SOURCES

Number of Offers Received: 7

Pricing Type: FIRM FIXED PRICE

Sector: IT

Official Description: PATCH AND RELEASE MANAGEMENT SERVICES

Place of Performance

Location: SPRINGFIELD, FAIRFAX County, VIRGINIA, 22153

State: Virginia Government Spending

Plain-Language Summary

Department of Homeland Security obligated $25.0 million to INDIGO IT, LLC for work described as: PATCH AND RELEASE MANAGEMENT SERVICES Key points: 1. Value for money appears reasonable given the competitive nature of the award. 2. Strong competition was present, indicating a healthy market for these services. 3. No immediate risk indicators are apparent from the contract details. 4. The contract duration extends over several years, suggesting a long-term need. 5. This contract falls within the IT services sector, specifically computer systems design. 6. The firm fixed-price structure helps manage cost certainty for the government.

Value Assessment

Rating: good

The contract value of approximately $25 million over its period of performance suggests a moderate investment for IT patch and release management. Benchmarking against similar contracts is challenging without more specific service details, but the presence of seven bidders in a full and open competition indicates that the pricing was likely competitive. The firm fixed-price (FFP) contract type provides cost certainty, which is a positive indicator for value.

Cost Per Unit: N/A

Competition Analysis

Competition Level: full-and-open

This contract was awarded under full and open competition after exclusion of sources, indicating that multiple vendors were solicited and allowed to bid. The participation of seven bidders suggests a robust competitive environment for these IT services. A higher number of bidders generally leads to better price discovery and potentially lower costs for the government.

Taxpayer Impact: The strong competition in this award is beneficial for taxpayers as it likely drove down prices and ensured the government received competitive offers for essential IT services.

Public Impact

U.S. Customs and Border Protection (CBP) benefits from enhanced cybersecurity through timely patching and release management. Essential IT infrastructure maintenance and security are delivered. The primary geographic impact is within the operational areas of CBP, likely nationwide. The contract supports IT professionals and cybersecurity specialists.

Waste & Efficiency Indicators

Waste Risk Score: 50 / 10

Positive Signals

  • Awarded under full and open competition.
  • Firm fixed-price contract type provides cost certainty.
  • Multiple bidders (7) participated, indicating market interest and competition.
  • Contract duration is substantial, suggesting a stable need for services.

Sector Analysis

The IT services sector, particularly computer systems design, is a critical component of federal operations. This contract for patch and release management services is essential for maintaining the security and functionality of U.S. Customs and Border Protection's IT infrastructure. The market for such services is competitive, with numerous firms offering specialized expertise. Federal spending in this area is consistently high due to the ongoing need for cybersecurity and system updates.

Small Business Impact

The data indicates that this contract was not set aside for small businesses, nor does it appear to have specific subcontracting requirements for small businesses mentioned. The award to INDIGO IT, LLC, a company whose size is not specified here, means that the direct impact on the small business ecosystem through this specific award is likely minimal unless INDIGO IT itself is a small business or actively subcontracts. Further investigation into INDIGO IT's size and subcontracting plans would be needed for a full assessment.

Oversight & Accountability

The contract is subject to standard federal procurement oversight. As a delivery order under a larger contract vehicle, its execution is monitored by the U.S. Customs and Border Protection. The firm fixed-price nature simplifies financial oversight. Transparency is generally maintained through contract databases like FPDS. Specific Inspector General jurisdiction would typically fall under DHS OIG.

Related Government Programs

  • IT Infrastructure Management
  • Cybersecurity Services
  • Software Maintenance
  • System Administration
  • Information Technology Support Services

Risk Flags

  • Unusual competition type requires further clarification on excluded sources.
  • Contract duration is long, necessitating ongoing performance monitoring.

Tags

it-services, cybersecurity, patch-management, release-management, department-of-homeland-security, u-s-customs-and-border-protection, firm-fixed-price, full-and-open-competition, computer-systems-design, virginia, indiana-it-llc

Frequently Asked Questions

What is this federal contract paying for?

Department of Homeland Security awarded $25.0 million to INDIGO IT, LLC. PATCH AND RELEASE MANAGEMENT SERVICES

Who is the contractor on this award?

The obligated recipient is INDIGO IT, LLC.

Which agency awarded this contract?

Awarding agency: Department of Homeland Security (U.S. Customs and Border Protection).

What is the total obligated amount?

The obligated amount is $25.0 million.

What is the period of performance?

Start: 2018-03-25. End: 2024-08-30.

What is the track record of INDIGO IT, LLC in performing similar federal contracts?

A review of federal contract databases would be necessary to fully assess INDIGO IT, LLC's track record. However, being awarded a $25 million contract by the Department of Homeland Security, specifically U.S. Customs and Border Protection, suggests a level of capability and past performance that met the agency's requirements. Further analysis would involve examining past performance reviews, any past issues or disputes, and the types and values of previous contracts held by the company. Understanding their history with similar IT services, particularly patch and release management, would provide a clearer picture of their reliability and expertise.

How does the awarded price compare to market rates for patch and release management services?

Determining the precise market rate for these services is complex without detailed service level agreements (SLAs) and specific technical requirements. However, the presence of seven bidders in a full and open competition suggests that the pricing achieved was likely competitive. The firm fixed-price (FFP) nature of the contract also implies that the government secured a defined cost for a specific scope of work. To benchmark effectively, one would compare the per-unit costs (if applicable and calculable) or the overall contract value against industry reports and similar government solicitations for comparable IT support and cybersecurity services, considering factors like contract duration, scope, and service levels.

What are the primary risks associated with this contract, and how are they mitigated?

Key risks for a contract of this nature include potential delays in patching that could lead to security vulnerabilities, inadequate release management causing system disruptions, or contractor performance issues. Mitigation strategies are embedded within the contract structure and agency oversight. The firm fixed-price (FFP) contract incentivizes the contractor to perform efficiently. The multi-year duration allows for stable service but also necessitates ongoing performance monitoring by CBP. Clear performance standards, regular reporting requirements, and the potential for contract termination for default or convenience serve as further risk mitigation tools. The competitive award process itself helps mitigate risks by selecting a vendor with demonstrated capability.

How effective has this contract been in ensuring the security and operational readiness of CBP's IT systems?

Assessing the effectiveness requires access to CBP's internal performance metrics, security audit reports, and incident logs related to patching and release management. Publicly available data typically does not detail the day-to-day operational effectiveness. However, the renewal or continuation of such services over a significant period (2018-2024) implies a perceived level of effectiveness by the agency. A comprehensive evaluation would involve analyzing metrics such as the average time to patch critical vulnerabilities, the number of successful versus failed releases, system uptime during maintenance windows, and the overall reduction in security incidents attributable to timely patching.

What is the historical spending trend for patch and release management services at CBP or DHS?

Analyzing historical spending trends would require accessing multi-year federal procurement data. This specific contract, valued at approximately $25 million over its lifespan, represents a significant but potentially consistent investment in IT maintenance for CBP. To understand trends, one would examine annual obligations for this contract and compare them to spending on similar services in previous fiscal years and across other components within DHS. This would reveal whether spending in this area is increasing, decreasing, or remaining stable, providing context for the current award's significance and the agency's ongoing commitment to IT security and operations.

What are the implications of the 'exclusion of sources' clause in the competition type?

The contract type 'FULL AND OPEN COMPETITION AFTER EXCLUSION OF SOURCES' is somewhat unusual and warrants clarification. Typically, 'full and open competition' implies all responsible sources are permitted to compete. The 'exclusion of sources' phrase suggests that while the competition was intended to be broad, certain specific sources may have been excluded for particular reasons, possibly related to prior performance, security concerns, or specific technical requirements that only a subset of vendors could meet. This could potentially limit the breadth of competition compared to a standard full and open process, and the justification for excluding sources would be critical to understanding its impact on price and innovation.

Industry Classification

NAICS: Professional, Scientific, and Technical ServicesComputer Systems Design and Related ServicesComputer Systems Design Services

Product/Service Code: IT AND TELECOM - INFORMATION TECHNOLOGY AND TELECOMMUNICATIONSADP AND TELECOMMUNICATIONS

Competition & Pricing

Extent Competed: FULL AND OPEN COMPETITION AFTER EXCLUSION OF SOURCES

Solicitation Procedures: SUBJECT TO MULTIPLE AWARD FAIR OPPORTUNITY

Solicitation ID: HSBP1017R0038

Offers Received: 7

Pricing Type: FIRM FIXED PRICE (J)

Evaluated Preference: NONE

Contractor Details

Address: 1902 CAMPUS COMMONS DR STE 420, RESTON, VA, 20191

Business Categories: 8(a) Program Participant, Category Business, Hispanic American Owned Business, Limited Liability Corporation, Minority Owned Business, Self-Certified Small Disadvantaged Business, Small Business, Small Disadvantaged Business, Special Designations, U.S.-Owned Business, Woman Owned Business

Financial Breakdown

Contract Ceiling: $25,015,186

Exercised Options: $25,015,186

Current Obligation: $25,015,186

Actual Outlays: $8,867,956

Contract Characteristics

Commercial Item: COMMERCIAL PRODUCTS/SERVICES

Parent Contract

Parent Award PIID: GS06F1036Z

IDV Type: GWAC

Timeline

Start Date: 2018-03-25

Current End Date: 2024-08-30

Potential End Date: 2024-08-30 14:24:37

Last Modified: 2024-05-23

Other Department of Homeland Security Contracts

View all Department of Homeland Security contracts →

Explore Related Government Spending