Protest challenging the agency’s evaluation of the protester’s proposal is denied, where the protester’s proposal did not provide full and accurate instructions for logging into and out of the system it created for a coding test, and where the evaluators reasonably assessed deficiencies based on their difficulty using and testing the system. GAO explained that the agency did not use unstated evaluation criteria, because evaluating the user log-in/log-out function was reasonably encompassed by the requirement to create a usable application with a good user experience. While some of the evaluators were able to find a work-around, GAO explained that it was the protester’s responsibility to provide clear instructions for using their application.
NCI Information Systems Inc. protested U.S. Citizenship and Immigration Services’ issuance of task orders for outcome-based software development and operations services to ERPSI, Leidos Innovations Corp., and REI Systems Inc., arguing that the evaluation of proposals was unreasonable.
First, NCI argued the agency used unstated evaluation criteria. Alternatively, the protester argued its proposal nonetheless met the requirements.
The RFP provided for a two-step evaluation process addressing the following four factors, in descending order of importance: (1) technical demonstration, (2) technical approach (coding challenge), (3) past performance, and (4) price. During step one of the evaluation, the offerors would complete a coding challenge. The agency would evaluate the offerors’ responses to the coding challenge under the technical approach factor, and conduct a down-select of the offerors on a best-value tradeoff basis.
In response to the coding challenge, NCI created Conference Peak, a cloud-based, scalable, and secure conference room reservation system. The prototype application had three user roles with varying levels of access to the system. The agency assessed several deficiencies to the protester’s technical approach due to issues with testing the log in/log out functionality of the three role-based user accounts. For example, the evaluators found that once a user logged in with one account, the user could not log out and use a different account.
The evaluators also assigned deficiencies for NCI’s failure to have role-based access control and failure to present role-based pages offering the appropriate functionality to users. Evaluators again had trouble with the log-in/log-out features. As a result of this issue, the evaluators also were unable to test other features of the prototype system.
NCI argued that these deficiencies related to the evaluators’ problems with the log-in/log-out function were based on unstated evaluation criteria. Further, NCI argued that some of the evaluators were able to test functions after they found a work-around to the log-out issue.
GAO found the evaluation reasonable. While GAO agreed that the two role-based requirements were not specified as one of the 15 evaluation criteria in the RFP attachment, GAO noted that the user’s ability to log in (and log out) of the application was reasonably related to and encompassed by, the stated evaluation factors. GAO found this function reasonably encompassed by the requirement that offerors create and deliver a usable application that demonstrated a high degree of understanding of security concerns, satisfied business needs, and offered a good user experience. Simply put, NCI failed to accomplish this.
Although NCI argued that some evaluators were able to work around this issue, GAO noted that several others were not, even though the evaluators used the instructions provided by NCI with its proposal. In its response to the protest, NCI explained how a user would fully log out of the system, but this information was not included in the proposal. Rather, the evaluators were forced to find a work-around. Accordingly, GAO found the agency’s evaluation reasonable.
NCI Information Systems Inc. is represented by Daniel P. Graham, Caroline E. Colpoys, John M. Satira, and Parker Hancock of Vinson & Elkins LLP. The government is represented by John Cornell, Department of Homeland Security. GAO attorneys Nora K. Adkins and Amy B. Pereira participated in the preparation of the decision.