PART 811 - DESCRIBING AGENCY NEEDS
Authority: 38 U.S.C. 5723-5724, 5725(a)-(c); 40 U.S.C. 121(c); 41 U.S.C. 1303, 1702; and 48 CFR 1.301 through 1.304.
Source: 73 FR 2717, Jan. 15, 2008, unless otherwise noted.
Subpart 811.0 - Definitions
Subpart 811.1 - Selecting and Developing Requirements Documents
811.107-70 Contract clause.
The contracting officer shall insert the clause at 852.211-70, Equipment Operation and Maintenance Manuals, in solicitations and contracts for technical medical equipment, and other technical and mechanical equipment and devices where the requiring activity determines manuals are a necessary requirement for operation and maintenance of the equipment.
Subpart 811.2 - Using and Maintaining Requirements Documents
811.204-70 Contract clause.
The contracting officer shall insert the clause at 852.211-72, Technical Industry Standards, in solicitations and contracts requiring conformance to technical industry standards, federal specifications, standards and commercial item descriptions unless comparable coverage is included in the item specification.
Subpart 811.4 [Reserved]
Subpart 811.5 - Liquidated Damages
Source: 88 FR 4746, Jan. 25, 2023, unless otherwise noted.
This subpart prescribes policies and procedures for using a liquidated damages clause in solicitations and contracts that involve VA sensitive personal information. This also pertains to any solicitations and contracts involving VA sensitive personal information issued by another agency for or on behalf of VA through an interagency acquisition in accordance with FAR subpart 17.5 and subpart 817.5.
811.501-70 Policy - statutory requirement.
(a) Contracting officers are required to include a liquidated damages clause in contracts for the performance of any Department function which requires access to VA sensitive personal information (see the definition in 802.101), in accordance with 38 U.S.C. 5725(b). The liquidated damages are to be paid by the contractor to the Department of Veterans Affairs in the event of a data breach involving sensitive personal information maintained, processed, or utilized by contractors or any subcontractors.
(b) The purpose of the liquidated damages to be paid for by the contractor in the event of a data breach of personal sensitive information is for VA to provide credit protection services to affected individuals pursuant to 38 U.S.C. 5724(a)-(b).
811.503-70 Contract clause.
(a) Insert the clause at 852.211-76, Liquidated Damages - Reimbursement for Data Breach Costs, in all solicitations, contracts, or orders, where VA requires access to sensitive personal information for the performance of a Department function where -
(1) Sensitive personal information (see the definition in 802.101) will be created, received, maintained, or transmitted, or that will be stored, generated, accessed, or exchanged such as protected health information (PHI) or utilized by a contractor, subcontractor, business associate, or an employee of one of these entities; or,
(2) When VA information systems will be designed or developed at non-VA facilities where such sensitive personal information is required to be created, received, maintained, or transmitted, or that will be stored, generated, accessed, exchanged, processed, or utilized.
(b) Insert the clause at 852.211-76 with its Alternate I in all solicitations, contracts, or orders, for commercial products or commercial services acquisitions awarded under the procedures of FAR part 8 or 12.
(c) Insert the clause at 852.211-76 with its Alternate II, in all solicitations, contracts, or orders, in simplified acquisitions exceeding the micro-purchase threshold that are for other than commercial products or commercial services awarded under the procedures of FAR part 13 (see FAR 13.302-5(d)
(1) and the clause at FAR 52.213-4).