Using BPA Against GSA Schedule to Procure Cloud Services

BPAs save time, account review, and money needed for government agencies to place recurring orders. The volume of agencies that purchase products and services from approved vendors allows the agencies to negotiate lower price agreements with the vendors or approved companies that they conduct business with. Furthermore, BPAs streamline the ordering process, lower costs by providing bulk discount rates for products and services, and allow for thorough purchasing documentation and annual account reviews.

The Type of BPA Where There is a Contract (GSA Schedule 70) Covering the Item is the Schedule BPA:

Schedule BPAs—FAR Section 8.405-3 discusses the establishment and use of BPAs created against a Federal Supply Schedule (FSS). These are BPAs that “ordering activities may establish … under any schedule contract to fill repetitive needs for supplies or services. Ordering activities shall establish the BPA with the schedule contractor(s) that can provide the supply or service that represents the best value.” FSS BPAs offer value to customers in the form of an opportunity for streamlined and oftentimes cost savings contract creation and, importantly, in the fact that they are supported by GSA’s Schedule contracts.

Recent GSA Cloud BPA Example

Recently, GSA conducted a procurement where the objective of the BPA was to procure an Amazon or “Amazon-like” commodity web services Cloud hosting infrastructure environment and optional professional support services.

The basic requirements were to:

  1. Provide an innovative, scalable, cost-efficient solution that meets short term, fast turn-around requirements for GSA’s Cloud infrastructure while reducing costs, risk and driving efficiencies.
  2. Provide Cloud services with a dynamic pricing model that gives maximum business flexibility and allows for scalability and growth.
  3. Provide Cloud services delivering access to commodity technology services that can be easily managed, cutting edge, and forward driven.
  4. Provide commodity Cloud services that include technology for web services, operating systems, databases, development and deployment service that are automated, dynamic, and cutting edge. In addition, allow for adding or modifying stacks that allow for scalability, maximum sharing, and reuse.
  5. Access and manage hosting resources over the internet, with no upfront costs (no capital investment). Measured resource utilization must be transparent, reported on project level accounting practices, tracked and allocated by customer, project and by web instance.
  6. Provide for Cloud services that offer on-demand self-service, broad network access, capabilities for resource pooling, rapid and automated elasticity, identity management, and various other web and internet services.
  7. Provide for Cloud services that are geographically dispersed and created as independent environments acting as one ecosystem. The ecosystem must be designed for high level availability and provide the capability to deploy resilient IT architecture designed to tolerate to system or hardware failures with minimal customer impact and eliminate single points of failure.
  8. Ensure the Cloud offering provides for distributed computing options as a private, public, community, hybrid, and distributed Cloud solution that can work together in a single ecosystem.
  9. Provide capabilities to the consumer for provisioning, processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which could include operating systems and applications. It is not expected that the consumer will manage or control the underlying Cloud infrastructure but has control over operating systems, storage, and deployment applications.
  10. Provide Cloud services that meet security requirements and controls outlined and required by NIST and enabled by the Federal Risk and Authorization Management Program (FedRAMP).
  11. Demonstrate that the Cloud ecosystem offers an environment(s) that will operate solely within the Continental United States and remain compliant to U.S.-persons-only access requirements.