Support Services, NMNH Biorepository

Published: May 10, 2024    Collections Assistant, Jobs, Request for Quote

Closing: May 29, 2024

Smithsonian National Museum of Natural History Biorepository https://naturalhistory.si.edu/research/biorepository

The Smithsonian Institution is seeking a contractor to provide support services to the National Museum of Natural History Biorepository.

Desirable skills:

  • Ability to use Excel, including pivot tables and index-match
  • Strong organizational and communication skills
  • Experience with frozen tissue samples and/or DNA
  • Methodical and detail-oriented in your work 

Work will be performed primarily at the Museum Support Center in Suitland, MD. Regular work must be performed between 7:00 AM – 6:00 PM, Monday – Friday. Work cannot be performed on federal holidays or whenever the federal government shuts down (such as weather emergencies).

Proposals will be accepted until 5:00 PM EDT, Wednesday, May 29, 2024. Proposals will be reviewed based on best value for the money. Send proposals to Chris Huddleston via e-mail at huddlestonc@si.edu.  Follow the format set forth in section VIII of the attached RFQ “Information to be submitted with quotes.”

There are no benefits, tax, or social security withholdings associated with this contract—this is not an offer of employment at the Smithsonian. 

The selected contractor and any sub-contractors must pass a background investigation before work can begin. 

All offerors must have an active SAM.gov registration to be considered.  Please follow the helpful attached Smithsonian advice for registration (see OCON_120).

This Request for Quote (RFQ) is issued by the National Museum of Natural History, Smithsonian Institution (SI), for technical professional, non-personal services to provide Biorepository support services in accordance with the Statement of Work (SOW). The Smithsonian Institution anticipates making one award for this RFQ. The prospective contractor MUST be registered in the Federal System for Award Management (SAM.gov) and the name under which the SAM registration was submitted with the quote to be considered. There is NO fee to register in SAM.
I. SUBMITTING YOUR QUOTE
Price quotes may be submitted by electronic mail (email) only. Quotes are due by 5 pm, on Wednesday, May 29, 2024, at: Email to: Chris Huddleston, huddlestonc@si.edu
II. DESCRIPTION OF REQUIRED SERVICES
The National Museum of Natural History Biorepository has a requirement for Support Services at the Museum Support Center in Suitland, MD. There are physical demands to the contract (see details in Statement of Work). A firm, fixed-price type award is contemplated. The award will be for up to one basic year and three up to one-year options (dependent upon future funding).
III. EVALUATION
The SI plans to award based on best value to the SI considering the following factors. The SI plans to award without discussions, however, does reserve the right to conduct discussions if later determined by the Contracting Officer to be necessary. All the following factors are of equal importance. You must respond to all factors for your offer to be considered. Evaluation factors are:
A. Technical Approach. Offeror shall include a technical approach narrative that details the Offeror’s approach toward performing the required services under this requirement, clearly demonstrating the Offeror’s understanding of and capability to meet all Government requirements and goals. This narrative should include the following specifics:

  1. Include a summary of your training and experience working with museum collections.
  2. Include a summary of your training and experience working with frozen tissue samples, DNA, RNA and/or Protein.
  3. How you will meet (if necessary) the after-hours emergency requirement as described in the Statement of Work. Please reference transportation you will use (e.g., “I have a car, or I will take public transportation.”).
    B. Past Performance:
    Provide a list of your references for the past three years, that provide similar product or services in size, scope and complexity as requested in the RFQ. Past performance references are to include but not limited to the following:
    Agency Name, address, or employer
    Contract number (if applicable)
    Contract type (if applicable)
    Period of performance
    Total contract value (if applicable)
    Work performed (a brief description of the purpose of the employment or contract)
    Contracting Officer Name or supervisor name (if not government), telephone number
    and e-mail address.
    C. Price. Provide a firm fixed price for each deliverable for the basic year plus all the option years. Evaluation of price shall be based on all years quoted.
    Deliverables
    Due monthly within two weeks after the end of each month, invoice, and a synopsis of activities, including numbers and species of samples rehoused, sampled for loans, labeled, etc., as mutually agreed upon by the contractor and COTR. Invoice shall be pro-rated by the contractor for any missed days of work (does not include federal holidays or other closures).
    A. Due on or before Month Day, Year: Invoice and written report for {the prior} Month Year.
    B. Due on or before Month Day, Year: Invoice and written report for {the prior} Month Year.
    C. Due on or before Month Day, Year: Invoice and written report for {the prior} Month Year.
    D. And so on for each month and all option years.
    IV. INSURANCE REQUIREMENTS
    Prospective contractors are required to have General Liability Insurance for $1,000,000. The SI must be listed as additional insured for the General Liability insurance. Proof of insurance must be submitted with quotes. Independent contractors under this RFQ may request to purchase
    insurance through the Smithsonian Institution Commercial General Liability for contractors if selected for an award. If you would like to purchase your insurance through the Smithsonian Institution policy, please indicate this information on your quote.
    V. SYSTEM FOR AWARD MANAGEMENT (SAM) REGISTRATION
    It is a requirement that current and prospective recipients of contracts and purchase orders
    awarded by the SI must complete registration in SAM and maintain an active record in SAM
    throughout the period the SI award is in effect. The SAM requires a one-time business
    registration, with annual updates, and allows vendors to control the accuracy of the business
    information they enter. The financial data you enter, which includes the electronic funds
    transfer (EFT) data collected by SAM, will assist the SI with correctly directing payments on
    your invoices and complying with the Federal Debt Collection Improvement Act of 1996.
    Within thirty (30) calendar days after your SAM registration is activated you must mail a
    notarized letter to SAM. You will receive guidance on this procedure throughout the SAM
    registration process and again after your SAM registration is activated. Federal agencies,
    including SI, has been assured that once an entity’s SAM registration is activated, agencies
    may engage that entity. Notarized letters from registered entities will need to contain
    specific language. OCon&PPM has provided the preferred language for letters with our form
    memo OCon 120 – Mandatory Registration in the System for Award Management (SAM)
    that accompanies this RFQ.
    If yours is the acceptable price quote and you are selected for award, your organization’s
    active registration with SAM must be verifiable by SI staff managing this procurement prior
    to contract or purchase order award being executed, and at the time any modifications or
    amendments to awards might be required.
    You may complete or update your SAM registration information anytime online at
    http://sam.gov. Questions regarding the process may be directed to the Federal Service Desk
    online at www.fsd.gov or via toll free call to 1-888-606-8220. There is no charge for
    registering in SAM.
    VI. UNIQUE ENTITY IDENTIFIER (UEI) NUMBER
    A UEI number is a unique twelve-digit alpha-numeric identifier that will be assigned to you
    when your SAM registration is completed. A UEI is available for each physical location of
    your business (see Section V. of this RFQ). You will need to maintain your assigned UEI(s)
    in a safe location where they may be easily accessed. Your UEI will be required whenever
    you need to annually update your SAM registration or make changes to your SAM
    registration information at any time.
    VII. LEGISLATIVE AND/OR ADMINISTRATIVE REQUIREMENTS
    A. Service Contract Act of 1965, as amended
    If services to be performed are covered by the Service Contract Act (SCA), as
    amended, the SCA shall apply to all work performed under the contract, purchase
    order, or GSA schedule task order to be issued. Individuals and companies submitting
    quotes are encouraged to verify the wages and fringe benefits determined by the U.S.
    Department of Labor to be payable for the Labor Category and in within the location
    that work performance will occur as cited in the Statement of Work. The SCA wages
    and fringe benefits payable shall be part of the order award.
    Individuals and companies awarded a contract, purchase order or GSA schedule
    contract task order for SCA covered services are responsible, and required by law, to
    deliver to its employee(s) or post a notice of the required compensation in a prominent
    place at the worksite. The SCA provides authority to contracting agencies to withhold
    contract funds to reimburse underpaid employees, terminate the contract, hold the
    contractor liable for associated costs to the government, and debar from future
    government contracts for a period of three (3) years any persons or firms who have
    violated the SCA. The contracting officer awarding this order, or the Smithsonian
    Inspector General, may periodically require contractors to provide information that
    verifies compliance with the SCA for services provided under the awarded contracts,
    purchase orders or GSA schedule contract task orders.
    B. Background Investigations
    If a contractor employee assigned to the SI under this contract will have an association
    with SI that will be greater than thirty (30) days, determined either at time of contract
    award or anytime during contract performance, and will need access to staff-only areas
    of SI controlled facilities and leased spaces, the employee shall be required to receive
    an SI Credential. Contractor employees who require an SI Credential shall be required
    to undergo and pass an appropriate background investigation and complete security
    awareness training before an SI Credential is issued. Employees whose associations
    with the SI will be less than 30 days shall not receive a background investigation or SI
    Credential, however, they must be escorted by Credentialed personnel at all times when
    in staff-only areas of SI facilities. If relevant to this RFQ, a form OCon 520,
    Background Investigations and Credentials for Contractors’ Personnel, is included.
    The following actions shall be required to be completed by the SI Contracting Officer’s
    Technical Representative (COTR) and successful vendor:
  4. The COTR shall provide an OF-306, Declaration for Federal Employment form,
    for each of the Contractor’s employees who will be assigned to the SI for 30 days
    or longer. The OF-306 forms must be completed by each person and returned by
    the Contractor to the COTR, or other designated SI employee, within ten (10)
    workdays from receipt of the forms by the Contractor.
  5. For contractors to SI organizations outside the Washington DC and New York
    City areas, forms SF-87, Fingerprint Cards, shall be provided to the Contractor by
    the COTR or other designated SI employee. Each form SF-87 must be returned to
    the COTR, or other designated SI employee, within ten (10) workdays from
    receipt of the forms by the Contractor. When necessary, the forms SF-87 shall be
    submitted by the Contractor with the OF-306.
    VIII. INFORMATION TO BE SUBMITTED WITH QUOTES
    Quotes submitted must include the following information to be deemed responsive to this
    Request for Quote and accepted by the SI:
    A. Project Title.
    B. Business name, name under which SAM registration was completed, address, and
    telephone number.
    C. Business point of contact name, telephone number and email address.
    D. Pricing. Ensure that base year and option year pricing is included. Format pricing as
    shown in the following example: $XXXX for Monthly Deliverable, Year 1; $XXXX
    for Monthly Deliverable, Year 2; $XXXX for Monthly Deliverable, Year 3; $XXXX
    for Monthly Deliverable, Year 4.
    E. Past Performance information should include the contract number, contact person with
    telephone number, email address, and other relevant information for relevant contracts
    or employment for the same or similar goods and/or services in the past 3 years.
    F. Certificates or other documentation confirming appropriate types and levels of
    insurance required are in effect, and other certificates and documentation requested. Or
    if you desire to purchase insurance from the Smithsonian.
    G. Cite the date through which pricing submitted is valid and earliest date service could
    start.
    ATTACHMENT(S):
  • Statement of Work for Biorepository support services, May 10, 2024
  • Form SI 147A, Smithsonian Institution Purchase Order Terms and Conditions
  • Form SI 147B, Smithsonian Institution Privacy and Security Clause
  • OCon 120, Mandatory Registration in the System for Award Management
    STATEMENT OF WORK May 10, 2024
    The contractor shall provide the following support services to the National Museum of Natural
    History (NMNH) Biorepository:
  1. Migrate the contents of specified NMNH freezers into the NMNH Biorepository freezers
    as assigned by the Biorepository Manager. This includes conducting physical inventories
    of samples and boxes, wrapping inventoried materials, and packing/unpacking of coolers.
    In addition, help with the transfer of specimen data from collecting units. Data can be in
    the form of full relational databases down to hand-written ledgers.
  2. As necessary, operate, monitor, and assist users on key pieces of equipment (automated
    tube sorter, label machines, barcode scanners, RFID coding printers, biorepository
    software, etc.) and databases. Additionally, the contractor will query the NMNH EMu
    system and use the NMNH FreezerPro system. Training is available for both systems.
  3. Work closely with the NMNH Biorepository to incorporate tissues, DNA extracts and all
    metadata into a new database as efficiently as possible, and to advise, based on
    experience, better workflows. In addition, help with the installation of small equipment
    in the Biorepository, assist with maintenance activities (e.g., freezer defrosting), and help
    store/organize supplies.
  4. Produce barcode labels and/or RFID tags for samples and apply them to storage
    containers. As necessary, transfer materials from non-cryogenic containers to suitable
    vials or other packaging while maintaining cold chain.
  5. Assist with sub-sampling specimens for loans (intramural and extramural). This includes
    labeling tubes, generating pick lists, cutting samples, making preservative solutions,
    generating invoices, and delivering prepared loans to the shipping offices of MSC and
    NMNH.
  6. As requested, check quality and/or concentration of DNA samples using
    spectrophotometers and other devices/methods. Afterward, calculate DNA mass in
    samples of known volume.
  7. On-call for emergencies at least one week per month. During this on-call period, the
    contractor shall be the primary contact person for the Biorepository alarm system and
    shall respond appropriately as needed to any emergency messages. Responses could
    include the need to come to the Biorepository and move collections from a failing freezer
    to a back-up freezer at any point in a 24-hour period. The ability to manage situations
    and operate during an emergency impacting frozen collections is required. Personal
    transportation is required to drive to and from the MSC when responding to an afterhours
    emergency.
  8. Provide a written record of activities monthly to the COTR. Following COTR approval,
    provide annual report information and photos to Pan Smithsonian Cryo Initiative (PSCI)
    Coordinator. In addition, attend monthly meetings (if scheduled) with other PSCI
    contractors to report on progress.
    Physical Demands: The work varies from sedentary to standing for prolonged periods;
    The ability to bend, twist, and lift, up to 50 pounds (sometimes above the head) is
    required; movement of samples, racks, small vials, or other storage units is required; the
    use of mechanical equipment (such as a rack hoist) may be required. Collections are
    stored and used at cold temperatures ranging from plus 4°C to minus 196°C, so personal
    protective equipment such as insulated gloves and aprons, laboratory coats, face shield,
    closed-toed shoes and gloves is required. Good manual dexterity is required as objects
    and labels are small and difficult to handle.
    The Contractor shall be paid for each deliverable and may submit invoices monthly. Invoice
    shall be pro-rated by the contractor for any missed days of work (does not include federal
    holidays or other closures). This work (except emergencies) is to be accomplished during normal
    working hours, 7 am to 6 pm, Monday-Friday, except Federal holidays or other shutdowns (such
    as weather emergencies).

SI 147A – Purchase Order Terms and Conditions Page 1 of 3
February 2018 (Rev.)
SMITHSONIAN INSTITUTION
PURCHASE ORDER TERMS AND CONDITIONS

  1. COMPLETE AGREEMENT – The purchase order and all documents attached represent the entire agreement between the Smithsonian Institution (SI) and the Contractor. Any modification, alteration or amendment to this purchase order must be in writing and signed by an authorized agent of the SI.
  2. INSPECTION AND ACCEPTANCE – The Contractor shall tender for acceptance only those items that conform to the requirements of this contract. The SI reserves the right to inspect, test or evaluate any supplies or services that have been tendered for acceptance. The SI may require repair or replacement of nonconforming supplies or re-performances of nonconforming services at the Contractors expense. The SI must exercise its post acceptance rights- (a) Within a reasonable period of time after the defect was discovered or should have been discovered; and (b) Before any substantial change occurs in the condition of the item, unless the change is due to the defect in the item. Inspection and acceptance will be at destination, unless otherwise provided in writing. Until delivery and acceptance, and after any rejections, risk of loss will be on the Contractor unless loss results from negligence of the SI. Final acceptance by the SI will be conditional upon fulfillment of the above requirements.
  3. OVERPAYMENT – If the Contractor becomes aware of a duplicate invoice payment or that the SI has otherwise overpaid on an invoice payment, the Contractor shall immediately notify the Contracting Officer and request instructions for disposition of the overpayment.
  4. USE OF SMITHSONIAN NAME or LOGO PROHIBITED – The SI owns, controls and/or has registered the trademarks /service marks “Smithsonian,” “Smithsonian Institution” and the Smithsonian sunburst logo. Except as may be otherwise provided herein, the Contractor shall not refer to the SI or to any of its museums, organizations, or facilities in any manner or through any medium, whether written, oral, or visual, for any purpose whatsoever, including, but not limited to, advertising, marketing, promotion, publicity, or solicitation without written consent.
  5. WARRANTY – The Contractor warrants and implies that the goods and services furnished hereunder are merchantable, fully conform to the SI’s specifications, drawings, designs, and are fit for intended use described in this contract. The Contractor agrees that the supplies or services furnished under this contract shall be covered by the most favorable commercial warranties the Contractor gives to all customers for such supplies or services, and that the rights and remedies provided herein are in addition to and do not limit any rights afforded to the Government by any other clause of this contract. Contractor agrees to pass through all warranties from other manufacturers.
  6. TITLE – Unless otherwise specified in this contract, title to items furnished under this contract shall pass to the SI upon acceptance, regardless of when or where the SI takes physical possession.
  7. EXCUSABLE DELAYS – The Contractor shall be liable for default unless nonperformance is caused by an occurrence beyond the reasonable control of the Contractor and without its fault or negligence, such as acts of God or the public enemy, acts of the SI, acts of the Government in either its sovereign or contractual capacity, fires, floods, epidemics, quarantine restrictions, strikes, unusually severe weather, and delays of common carriers. The Contractor shall notify the Contracting Officer in writing as soon as it is reasonably possible after the commencement of any excusable delay, setting forth the full particulars in connection therewith, shall remedy such occurrence with all reasonable dispatch, and shall promptly give written notice to the Contracting Officer of the cessation of such occurrence.
  8. DISPUTES – Any dispute arising under this contract that the parties are unable to resolve shall be decided by the Contracting Officer. All disputes must be submitted to the Contracting Officer in the form of a written claim supported by evidence within twelve (12) months following accrual of the claim. The Contracting Officer will provide a written decision to the Contractor, and that decision is the final and conclusive decision of the Smithsonian Institution, which is effective on the date the Contractor receives the decision. The Contractor retains all rights to subsequent judicial review to which it is entitled under federal law. The Contractor shall comply with any decision of the Contracting Officer and otherwise proceed diligently with performance of this contract pending final resolution of any request for relief, claim, or action arising under the contract.
  9. TERMINATION FOR CAUSE – The SI may terminate this contract, or any part hereof, for cause in the event of any default by the Contractor, or if the Contractor fails to comply with any contract terms and conditions, or fails to provide the SI, upon request, with adequate assurances of future performance. In the event of termination for cause, the SI shall not be liable to the Contractor for any amount for supplies or services not accepted, and the Contractor shall be liable to the SI for any and all rights and remedies provided by law. If it is determined that the SI improperly terminated this contract for default, such termination shall be deemed a termination for convenience.
  10. TERMINATION FOR THE SMITHSONIAN’S CONVENIENCE – The SI reserves the right to terminate this contract, or any part hereof, for its sole convenience. In the event of such termination, the Contractor shall immediately stop all work hereunder and shall immediately cause any and all of its suppliers and subcontractors to cease work. Subject to the terms of this contract, the Contractor shall be paid a percentage of the contract price reflecting the percentage of the work performed prior to the notice of termination, plus reasonable charges that the Contractor can demonstrate to the satisfaction of the SI, using its standard record keeping system, have resulted from the termination. The Contractor shall not be required to comply with the cost accounting standards or contract cost principles for this purpose. This paragraph does not give the SI any right to audit the Contractor’s records. The Contractor shall not be paid for any work performed or costs incurred that reasonably could have been avoided.
  11. CHANGES – The SI may at any time, in writing, make changes within the general scope of this purchase order to include. (a) Technical requirements and descriptions, specifications, statements of work, drawings or designs; (b) Shipment or packing methods;
    (c) Place of delivery, inspection or acceptance; (d) Reasonable adjustments in quantities or delivery schedules or both; and, (e) SI-furnished property, if any. If any such change causes an increase or decrease in the cost of or the time required for performance of this purchase order, the Contractor shall inform the SI in writing within thirty (30) days after receipt of change request. Any additional charges must be approved in writing by the SI authorized procurement officer executing this purchase order. Contractor shall not make any changes without the written consent of the SI authority executing this purchase order.
  12. CONFIDENTIALITY and DISCLOSURE – Confidential Information. Confidential Information consists of trade secrets, product concepts, customer information, marketing communication material, marketing strategies, and other commercial or financial information that if affirmatively used by a competitor of the disclosing party would cause the disclosing party substantial competitive harm or information the release of which would violate the privacy rights of a third party with no overriding public interest. If Confidential Information is disclosed in tangible form, it shall be
    SI 147A – Purchase Order Terms and Conditions Page 2 of 3
    February 2018 (Rev.)
    clearly designated in writing as such by the disclosing party. If Confidential Information is disclosed other than in writing, the information deemed to be Confidential Information shall be confirmed in writing as such within thirty days of such disclosure.
    Limited Disclosure — Each party agrees that it will not disclose Confidential Information provided to it by the other party to others except to the extent that it is necessary to disclose such Confidential Information to its directors, officers, representatives, legal and financial consultants, and employees having a need to know such Confidential Information (“authorized parties”) for the purpose of pursuing a business and contractual relationship between the parties. The parties shall use at least the same degree of care that each party uses to protect its own Confidential Information of similar importance, but no less than a reasonable degree of care. Further, the parties may disclose Confidential Information if required by law, subpoena, order or request of a federal governmental authority or court of competent jurisdiction, and further, provided that the party obligated to disclose such Confidential Information shall (a) assert the confidential nature of the Confidential Information to be disclosed, (b) use reasonable efforts to obtain confidential treatment for any Confidential Information so disclosed, and (c) immediately notify the other party of the requirement, order, or request to disclose in advance of such disclosure in order to afford the other party the opportunity to contest disclosure. No other use or disclosure of Confidential Information may be made by any party without the prior written consent of the disclosing party.
  13. INDEMNITY – The Contractor shall defend, indemnify, and hold harmless the SI, its Regents, directors, officers, employees, volunteers, licensees, representatives, agents and the United States Government (hereinafter referred to as “Indemnitees”) from and against all actions, causes of action, losses, liabilities, damages, suits, judgments, liens, awards, claims, expenses and costs including without limitation costs of litigation and counsel fees related thereto, or incident to establishing the right to indemnification, arising out of or in any way related to:
    Any breach of this Agreement, Terms and Conditions, and the performance thereof by Contractor, Subcontractor, other third parties, or any activities of Indemnitees, including, without limitation, the provision of services, personnel, facilities, equipment, support, supervision, or review; any claims of any kind and nature whatsoever for property damage, personal injury, illness or death (including, without limitation, injury to, or death of employees or agents of Contractor or any Subcontractor).
    Any claims by a third party of actual or alleged direct or contributory infringement, or inducement to infringe any United States or foreign patent, trademark, copyright, common law literary rights, right of privacy or publicity, arising out of the creation, delivery, publication or use of any data furnished under this contract or any libelous or other unlawful matter contained in such data or other intellectual property rights and damages. The contractor shall notify the SI immediately upon receiving any notice or claim related to this contract.
  14. HAZARDOUS MATERIAL – The Contractor shall inform the SI in writing at the correspondence address listed on the purchase order prior to shipment and delivery of any hazardous material. Any materials required by this purchase order that are hazardous under federal, state or local statute, ordinance, regulation, or agency order shall be packaged, labeled, marked and shipped by the Contractor to comply with all federal, state and local regulations then in effect.
  15. OTHER COMPLIANCES – The Contractor shall comply with all applicable Federal, State and local laws, executive orders, rules and regulations applicable to its performance under this contract.
  16. SECURITY CONSIDERATION – OPS, OCon 520 Contractor’s conducting work on the SI premises are required to obtain a temporary or
    long-term identification badge. Contractor’s employee (s) requiring a long-term identification badge is subject to a fingerprint review. An adverse finding during the fingerprint review may prohibit a contractor’s employee (s) from working on the contract. The SI will inform the contractor if a long-term identification badge is required.
  17. INSURANCE and BONDS – Contractor shall maintain at all times during the performance of this contract Commercial General Liability Insurance. Contractor shall maintain Worker’s Compensation Insurance in accordance with statutory requirements and limits. If during the performance of this contract, a vehicle is required, contractor shall maintain business automobile insurance. If this contract relates to any type of media exposure, then Contractor is required to have professional errors and omissions coverage. If this contract requires Contractor to handle Smithsonian funds or guard or protect Smithsonian artifacts, Contractor will also be required to obtain a fidelity bond or crime insurance. Limits of such bonds or insurance policies are to be determined. SI shall be listed as an “additional insured” under the comprehensive general liability and business automobile policies. Proof of insurance shall be in the form of a binder, policy, or certificate of insurance and this is to be submitted to the SI’s Procurement Officer prior to work being initiated.
  18. INVOICE INSTRUCTIONS – Invoices shall be submitted to the bill to address on the face of the purchase order after delivery of supplies and/ or services, and shall contain the following information:
    (a) Contractor’s name, address, and taxpayer identification number (TIN). (b) Invoice date and number. (c) Purchase order number including contract line item number. (d) Item description, quantity, unit of measure, unit price, and extended price. (e) Name, title, telephone and fax number, and mailing address of point of contact in the event of an invoice discrepancy. (f) Invoice total, payment discount terms and remittance address. (g) Shipping and payment terms (e.g. shipment number, date of shipment, and discount terms). Bill of lading number and weight of shipment should be included when using Smithsonian Institution bills of lading. Prepaid shipping costs shall be indicated as a separate item on the invoice. (h) Any other information or documentation required by other provisions of the contract.
  19. Travel – (a) If travel is specified under this purchase order; it must be pre-authorized by the Contracting Officer’s Technical representative (COTR) prior to occurrence. The Contractor shall be reimbursed for such travel upon receipt of documentation that the expenses were incurred. (b) Rail or air transportation costs shall not be reimbursed in an amount greater than the cost of economy class rail or air travel unless the economy rates are not available and the Contractor certified to this fact in vouchers or other documents submitted for reimbursement. (c) Room and meals (per diem travel allowance) shall be reimbursed in accordance with the Contractor’s established policy, but in no event shall such allowances exceed the rates Contractor’s established in the Federal Travel Regulations. (d) The contractor shall be reimbursed for the cost of the out-of-town travel performed by its personnel in their privately owned automobiles at the rates established in the Federal travel Regulations, not to exceed the cost by the most direct economy air route between the points so traveled. If more than one person travels in the same automobile, the Contractor for such travel shall incur no duplication of or otherwise additional charges. (e) The Contractor shall be reimbursed upon receipt of appropriate documentation that the expenses were incurred. Total travel cost will not be reimbursed for an amount that exceeds the estimated amount stated in this purchase order.
  20. RESPONSIBILITY OF SMITHSONIAN PROPERTY – Contractor assumes full responsibility for and shall reimburse and indemnify the SI for any and all loss or damage whatsoever kind and nature to any and all SI property, including any equipment, supplies, accessories, or parts furnished, while in the Contractor’s custody and
    care, or resulting in whole or in part from the negligent acts, omissions of the Contractor, any subcontractor, or any employee, agent, or representative of the Contractor or subcontractor.
    SI 147A – Purchase Order Terms and Conditions Page 3 of 3
    February 2018 (Rev.)

21. INTERNET PROTOCOL VERSION 6 (IPV6) COMPLIANCE – In the event that the Contractor will be developing, acquiring, and/or producing products and/or systems pursuant to this Contract that will be connected to a network or that will interface with the World Wide Web, the following provisions shall apply: OMB Memo M-05-22, dated August 2, 2005, and OMB guidance, dated July 2012 September 28, 2010, that requires procurements of networked IT comply with the USGv6 Profile and Test Program for the completeness and quality of SI IPv6 capabilities. The Contractor hereby warrants and represents that such products and/or systems to be developed, acquired, and/or produced pursuant to this Contract will be IPv6 compliant. These products and/or systems must be able to receive, process, and transmit or forward (as appropriate) IPv6 packets and must be able to interoperate with other systems and protocols in both IPv4 and IPv6 modes of operation. If the product or system will not be IPv6 compliant initially, the Contractor will provide a migration path and express commitment to upgrade to IPv6 for all application and product features. Any such migration path and commitment shall be included in the Contract price. In addition, the Contractor will have available contractor/vendor IPv6 technical support for development and implementation and fielded product management.

CLAUSES INCORPORATED BY REFERENCE -This contract incorporates one or more clauses by reference with the same force and effect as if they were given in full text. The applicability of these clauses is effective upon the date of the actual contract award. Upon request the Contracting Official will make the full text available. The full text of the following FAR clauses may be viewed at the Federal Acquisition Regulation (FAR) website. For the full text of Smithsonian Institution clauses contact the procurement official. The Contractor shall comply with the FAR clauses incorporated by reference, unless the circumstances do not apply: References herein to the “Government” shall be deemed to mean the Smithsonian Institution.
SMITHSONIAN Clauses

  • Minimum Insurance
  • Smithsonian Institution Privacy and Security Clause (form SI 147B, SI Privacy and Security Clause ) FAR Clauses
  • 52.222-3 Convict Labor
  • 52.222-19 Child Labor – Cooperation with Authorities and Remedies
  • 52.222-20 Contracts for Materials, Supplies, Articles, and Equipment Exceeding $15,000
  • 52.222-21 Prohibition of Segregated Facilities
  • 52.222-26 Equal Opportunity
  • 52.222-35 Equal Opportunity for Veterans
  • 52.222-36 Equal Opportunity for Workers with Disabilities
  • 52.222-41 Service Contract Labor Standards
  • 52.222-50 Combating Trafficking in Persons. (non-commercial services awards that do not exceed $500,000)
  • 52.222-56 Certification Regarding Trafficking In Persons Compliance Plan (when applicable)
  • 52.223-1 thru 4 Bio-based ProductCertification/Affirmative Procurement of Biobased Products Under Service and Construction Contracts/Hazardous Material Identification and Material Safety Data/Recovered Material Certification
  • 52.223-5 Pollution Prevention and Right-to-Know Information
  • 52.224-1 Privacy Act Notification
  • 52.225-1 Buy American Supplies
  • 52.225-13 Restrictions on Certain Foreign Purchases
  • 52.232-11 Extras
  • 52.239-1 Privacy or Security Safeguards (see form SI 147B)
  • 52.233-3 Protest After Award
  • 52.244-6 Subcontracts for Commercial Items
    Additional FAR clauses that apply when applicable:
  • 52.204-6 Universal Numbering System (DUNS) NumberUnique Entity Identifier
  • 52.204-7 System for Award Management
  • 52.208-4 Vehicle Lease Payments
  • 52.208-5 Condition of Leased Vehicle
  • 52.208-6 Marking of Leased Vehicles
  • 52.208-7 Tagging of Leased Vehicle
  • 52.211-6 Brand Name or Equal
  • 52.211-17 Delivery of Excess Quantities
  • 52.222-54 Employment Eligibility Verification (E-Verify)
  • 52.228-8 Liability and Insurance Leased Motor Vehicles
  • 52-233-4 Applicable Law for Breach of Contract Claim
  • 52.236-5 Material and Workmanship
  • 52.247-29 F.o.b. Origin
  • 52.247-34 F.o.b. Destination

OCon 120, Notice of Mandatory Registration in the System for Award Management
December 2023
Notice to all Current and Prospective Smithsonian Institution Contractors
Subject: Mandatory Registration in the System for Award Management (SAM)
Individuals and companies that want to do business with U.S. government agencies, including the Smithsonian Institution, are required to maintain active and valid registrations in the System for Award Management (SAM). We are informing you of this requirement because you are a vendor who has been requested to present pricing and/or proposals for goods or services, is currently participating in a Smithsonian solicitation for goods or services, or is already providing goods or services to the Smithsonian.
Registration with SAM is free and accomplished via https://www.sam.gov. Included with this letter are tips on how to register in SAM. These have been written by the Smithsonian Office of Contracting and Personal Property Management and are intended to convey specific information on how to register with SAM to do business with the Smithsonian. Full guidance on how to register in SAM is available from the Federal Services Help Desk (FSD) and Professional Technical Assistance Centers, as described in the tips.
Thank you for your attention to this matter. If you received this letter in conjunction with a solicitation or Request for Quote, please address any questions you may have to the Smithsonian point of contact whose name and telephone number are provided therein.
Sincerely,
Thomas E. Dempsey
Director
OCon 120, Notice of Mandatory Registration in the System for Award Management Tips Page 1
December 2023
General Tips for Businesses To Register in SAM

  1. There is assistance directly on the SAM website to start registration. Look for quick start guides and the SAM user manual using the Help tab on the SAM.gov website. These guides are helpful for vendors in completing the SAM registration process.
  2. Registration in SAM is Free. If you search online for SAM registration your search might return businesses that will assist you with SAM registration for a fee. You are not required to utilize these services, and the Smithsonian does not reimburse for their use. The easiest way to ensure you are in the right location is to navigate directly to www.SAM.gov.
  3. Free assistance with SAM registration is available via the Federal Service Desk (FSD). This is available at http://www.fsd.gov, or at the toll-free number 1-866-606-8220
  4. APEX Accelerators offer free assistance with SAM registration. These offices are non-profit, non-governmental organizations established to assist you with doing business with the government. You must use the local or regional office closest to your business address. Locate the center nearest at https://www.apexaccelerators.us/#/.
  5. You control all information entered into SAM, and may opt out of public searches. If you choose to opt out of public searches, please notify the Smithsonian employee you are working with and provide confirmation of your SAM registration.
  6. Be sure to keep your SAM registration up-to-date. After you have completed registration you will be required to update your information if it ever changes (such as mailing address or banking records) and notify Smithsonian staff as soon as possible. Keep your Unique Entity Identifier Number in a safe place, you will need it to renew or update your registration.
    Tips on Valid Registrations:
  7. Your registration must be active before the purchase can be made. Obtaining a Unique Entity Identifier only is only the first step to a complete registration. You must complete all steps thereafter and be listed in SAM with a record labeled “Active.”
  8. If you have a registration that inactive, then your registration must be made active before you can receive a procurement. Inactive records cannot be used for a purchase. Your SAM registration must be active throughout the term of the award.
  9. If you have a registration that requires updates then your updates must be complete before you can receive a procurement. Changes to information including (but not limited to) company or contact names, banking information, and addresses must be completed before you may receive an award. If changes to any information in your SAM registration must be made during the timeframe of an award then you must notify the Procurement Officer who issued the award within two business days of the change in information.
  10. You must register as eligible to receive “All Awards” to qualify for Smithsonian Awards. In the SAM registration process, you will be asked for your purpose of registration. The question is “Why are you registering this entity to do business with the U.S. Government?” You must answer this question with “I want to be able to bid on federal contracts or other government opportunities. I also want to be able to apply for grants, loans, and other financial assistance programs.” This option will allow you to accept procurements issued by the Smithsonian. Do not select “I only want to apply for federal assistance opportunities like grants, loans, and other financial assistance programs.” If you register for assistance opportunities only then procurements may be delayed until your record is corrected.
    OCon 120, Notice of Mandatory Registration in the System for Award Management Tips Page 2
    December 2023
  11. The name of your business (entity) that you enter in SAM must match your IRS Tax Payer Consent Name. This will be the name that Smithsonian will use to register your entity in our internal payment and tax reporting system. If your SAM entity name and your Tax Payer Consent Name differ this can create problems during the Smithsonian vendor enrollment and tax reporting processes, as well as for you when paying taxes. (These two names may be allowed to differ only if you are a single member LLC, and you report and pay taxes to the IRS using the owners name and tax id. In this case, IRS will count the owners name and tax id as the legal business name while disregarding the legal business name of the LLC registered in SAM.)
    Tips on Entity Administrators
    SAM requires each non-federal entity to have someone with the role of Entity Administrator. SAM will appoint the Entity Administrator role to the first individual who registers a new business entity. They will have the capability to update, renew and end your registration. They will also have the authority to appoint administrative roles with SAM to your entity’s staff and to assign other users within your entity to become an Entity Administrator. This administrator must be an employee of your entity. Information for new Entity Administrators and on role assignment is found in the FSD knowledge base.
    It is important that your entity always have a current Entity Administrator. If, for any reason your, Entity Administrator leaves your entity before appointing a replacement and you do not have a current administrator, then you must follow the process to appoint a replacement. This process includes submitting a notarized Entity Administrator Appointment Letter and may take several weeks to complete. Your SAM registration will not be editable or renewable until you have a new Entity Administrator. Information on appointing a replacement Entity Administrator is found in the FSD knowledge base.

Smithsonian Institution
Privacy and Security Clause
SI 147B – SI Privacy and Security Clause
March 13, 2024 (Rev.)

  1. Smithsonian Data: (a) The Smithsonian Institution
    (“Smithsonian”) retains sole ownership of, and unrestricted rights to, any and all physical or electronic information collected, processed, or stored by or on behalf of the
    Smithsonian (“Smithsonian Data”), which is defined to include personal information, also referred to as personally identifiable information (PII), i.e., information about individuals, which may or may not be publicly available, that can be used to distinguish or indicate an individual’s identity, and any other information that is linked or linkable to an individual, such as medical, educational, financial or employment information, online identifiers such as IP address, device IDs, and cookie data, and any other information defined as “personal information,” “personal data” (or other analogous variations of such terms) under the applicable
    privacy, security and data protection laws (“PII”). (b) Contractor shall maintain, transmit, and retain in strictest confidence, and prevent the unauthorized duplication, use and disclosure of Smithsonian Data. (i) Contractor shall only access, maintain, use, and disclose Smithsonian Data to the extent necessary to carry out the requirements of this contract, and shall not use Smithsonian Data for any other purposes, including testing or training purposes. (ii) Contractor shall only provide Smithsonian Data to its authorized employees, contractors, and subcontractors and those Smithsonian employees, contractors, and subcontractors who have a valid business need to know such information in order to perform duties consistent with this contract. (iii) Contractor shall ensure that all Smithsonian Data is protected from unauthorized access, disclosure, modification, theft, loss, and destruction and will provide assurance and evidence of such protections upon the Smithsonian’s request. (iv) Contractor shall not disclose Smithsonian Data without the Smithsonian’s advance written authorization. If Contractor receives a legal request (such as a subpoena), or becomes subject to a legal requirement or order to disclose Smithsonian Data, Contractor shall (1) immediately notify the Contracting Officer’s Technical Representative (“COTR”) of it and afford the Smithsonian the opportunity to contest such disclosure, (2) assert the confidential nature of the Smithsonian Data, and (3) cooperate with the Smithsonian’s reasonable requirements to protect the confidential and proprietary nature of Smithsonian Data. (v) Contractor shall not transfer access to any Smithsonian Data in the event of a Contractor merger, acquisition, or other transaction, including sale in bankruptcy, without the prior written approval of the Contracting Officer. (c) Contractor shall provide the Smithsonian reasonable access to Contractor facilities, installations, technical capabilities, operations, documentation, records, databases, and personnel, and shall otherwise cooperate with the Smithsonian to the extent required to carry out an audit for compliance with the requirements in this contract. Contractor shall, as requested by the COTR, complete, or assist Smithsonian staff with the completion of, a privacy and/or security review which might include providing requested information and documentation about how Smithsonian Data is used, collected, maintained, stored, or shared. (d) Contractor shall make any Smithsonian Data accessible to the COTR as soon as possible, but no later than ten calendar days of receiving a request from the COTR, and shall transfer all Smithsonian Data to the COTR no later than thirty calendar days from the date of such request from the COTR. Contractor shall, when required to transfer Smithsonian Data to the COTR under the terms of this contract, provide that Smithsonian Data in one or more commonly used file or database formats as the COTR deems appropriate. (e) Unless otherwise specified in this contract, Contractor shall purge any Smithsonian Data from its files and shall provide the COTR a Certificate of Destruction (“COD”),confirming the purging of the Smithsonian Data within forty- five calendar days of receiving a request from the COTR or at the expiry of this contract. (f) Contractor shall only be permitted to use non-Smithsonian provided information technology resources to access or maintain Smithsonian Data if Contractor provides, and the COTR approves, the following written certifications about the non-Smithsonian provided information technology resources: (i) Contractor shall maintain an accurate inventory of the information technology resources; (ii) Contractor shall keep all software installed on the information technology resources, especially software used to protect the security of the information technology resources, current and free of vulnerabilities; (iii) Contractor shall encrypt all Smithsonian Data stored or accessed on non-Smithsonian provided mobile devices and back-up devices (e.g., phone, laptop, tablet, or removable media) using a Federal Information Processing Standards compliant encryption method; (iv) Contractor shall utilize anti-virus software on all non-SI information technology resources used under this contract; and (v) Contractor shall encrypt all transmissions of PII using Transport Layer Security 1.2 or higher with secure cyphers. Secure Sockets Layer shall not be used. (g) Unless more substantial requirements are provided for herein, Contractor is responsible for, at a minimum, applying industry best practice background screening, security and privacy training, and other appropriate personnel security safeguards to the services performed under this contract. (h) Contractor shall, if requested by the COTR, require its employees to sign a nondisclosure agreement, sign a conflict of interest agreement, and/or sign an acknowledgement of the requirements in this contract.
  2. Privacy Breach or IT Security Incident: In the event of
    (i) any action that threatens or is likely to threaten the confidentiality, integrity, or availability of Smithsonian IT resources (including computer hardware and software, data, communication links, mobile devices, digitized assets, automated processes, physical computing environments, and associated personnel, whether located inside or outside of the Smithsonian); (ii) any activity that violates Smithsonian IT Security policies provided by the COTR; (iii) any suspected or confirmed loss of control, compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access, or situation where persons other than authorized users or for an
    Page 1 of 4
    Smithsonian Institution
    Privacy and Security Clause
    SI 147B – SI Privacy and Security Clause
    March 13, 2024 (Rev.)
    other than authorized purpose have access or potential access to Smithsonian Data or PII in a usable form, whether physical or electronic; or (iv) any suspected loss of control, compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access, or situation where persons other than authorized users or for an other than authorized purpose have access or potential access to PII in a usable form, whether physical or electronic (collectively,
    “Incident”), Contractor shall: (a) Immediately, but no later than 24 hours after discovery, report the Incident to the designated COTR and Smithsonian Office of the Chief Information Officer (“OCIO”) Service Desk by calling 202-633-4000 and, if the OCIO Service Desk does not answer the telephone, leaving a voicemail which includes the name of Contractor, a brief summary of the Incident, and a return telephone number; (b) The Contractor shall cooperate with Smithsonian investigations and response activities for breaches or incidents that include the Contractor’s IT resources or personnel; (c) Follow industry standard best practices to preserve evidentiary information to support forensics analysis, correct and mitigate any damages resulting from the Incident, provide a final report or summary of the incident to include lessons learned and corrective actions taken and planned; (d) Contractor shall acquire applicable forensics services in the event the Contractor does not have adequate resources or capabilities to respond to the Incident; and (e) Indemnify and hold the Smithsonian harmless from any costs incurred by the Smithsonian in connection with such Incident or corrective actions the Contractor must deploy to safeguard SI information.
  3. Public-Facing Software: (a) Any application, system, software, or website used to fulfill the terms of this contract, which can be accessed by members of the public (Public- Facing Software) shall comply with Smithsonian’s Privacy Statement (located at Smithsonian Institution’s Privacy Statement | Smithsonian Institution (si.edu) and the
    Smithsonian Kids Online Privacy (“SKOP”) Statement (located at http://www.si.edu/privacy/kids), and such Public- Facing Software shall provide the public with privacy notices in locations that are acceptable in accordance with these policies. (b) For kiosks and interactives developed by Contractor, the Contractor shall take all reasonably necessary steps to ensure they will be maintained with antivirus software and routine patching. (c) If Contractor discovers that information was collected from someone under the age of 13 in violation of the SKOP’s parental permission requirements, Contractor shall provide notice to the Smithsonian Privacy Office as soon as possible, but no later than 24 hours after discovery, and delete that information as soon as possible, but no later than 24 hours after discovery. (d) Any public-facing software that employs tracking technology (such as a cookie, pixel, web bug, or web beacon) or collects contact information shall provide all users with legally-compliant notice of its data collection and tracking practices, and any required consumer choices (including the opportunity to opt-in or opt-out, as required). as well as: (i) for those who opt-out or decline the “opt-in,” reasonable access to the public-facing software; and
    (ii) for those who “opt-in”, a subsequent and accessible opportunity to request that the tracking or communications cease (i.e., “opt-out”).
  4. Cardholder Data and PCI Sensitive Authentication Data: (a) Any Contractor that collects, processes, stores, transmits, or affects the security of cardholder data or Payment Card Industry (“PCI”) sensitive authentication data, either directly or through a third party, in order to carry out the requirements of this contract shall provide the COTR, before this contract begins and annually thereafter, for the Contractor and for any third party vendor that processes, stores, transmits, or affects the security of cardholder data or PCI sensitive authentication data, a current, complete, comprehensive, and signed PCI Data Security Standard (“DSS”) Attestation of Compliance (“AOC”), a template for which may be accessible in the online document library of the PCI Security Standards Council (“SSC”); (b) any Contractor that works as a PCI Third-party Service Provider (“TPSP”), in order to carry out the requirements of this contract, shall provide the COTR: (i) the duly authorized contact responsible for the Contractor’s maintenance of PCI DSS compliance; (ii) the PCI DSS Requirement Management Form provided by the COTR, which asks whether Contractor or a third party shall be responsible for ensuring that certain key DSS requirements are met; (iii) before this contract begins and for each bespoke and custom software developed for the Smithsonian i.e., application, system, software, or website, the validation for the use of the PCI SSC’s Software Security Framework standards (the Secure Software Standard or the Secure SLC standard); (iv) for each Payment Application hosted by the Smithsonian, the listing from the SSC website’s Validated Payment Software List of Validated Payment Applications or the Report on Validation (“ROV”) from a PCI Secure Software Assessor; (v) for each payment device, the listing from the SSC website’s Approved Personal Identification Number Transaction Security (“PTS”) Devices list; (vi) for each system used to process Point of Sale card-present transactions, the listing from the SSC website’s Point-to-Point Encryption Solutions list; and (vii) if requested, any additional evidence needed to determine the PCI compliance of activities related to this contract; (c) Contractor shall provide the documents and listings identified in Paragraph 4(b) before it shall be permitted to use the relevant technology and shall provide updated documents and listings to the COTR for review and approval before a system change results in one or more of the required documents or listings becoming inaccurate.
  5. IT Systems and Cloud Services: (a) Contractor is responsible for applying industry best practices to secure their systems and services provided to or used for the Smithsonian. (b) For any Cloud Service (i.e., computing service provided on-demand via a shared pool of configurable resources instead of via separate dedicated computing resources or information technology system) or IT system Contractor develops, operates, or maintains on behalf of the Smithsonian, or which Contractor uses to collect or store information on the
    Page 2 of 4
    Smithsonian Institution
    Privacy and Security Clause
    SI 147B – SI Privacy and Security Clause
    March 13, 2024 (Rev.)
    Smithsonian’s behalf, Contractor shall provide the requested documentation, security control evidence/artifacts, and other information needed to complete Security Assessment and Authorization activities. (c) For Systems that have been Federal Risk and Authorization Management Program (“FedRAMP”) certified or have received other independent third party assessments (e.g., SOC2, HITRUST, etc.), Contractor shall provide FedRAMP documentation or relevant third party assessment report(s) to the Smithsonian for review and shall cooperate with Smithsonian requests for clarification or further evidence. (d) For Systems which are not FedRAMP certified, Contractor shall complete all requested Smithsonian Assessment and Authorization documentation and shall fully cooperate with the Smithsonian’s security assessment process, including providing requested security control evidence/artifacts and access to interview appropriate Contractor personnel about security controls. (e) For websites or web servers hosted outside of the Smithsonian’s data center, the Contractor must allow OCIO to perform vulnerability scanning and penetration testing. Website owners should consult with information technology security staff to determine specific needs for their environment. (f) The Contractor shall maintain all Smithsonian Data inside the United States. (g) For Contractor custom developed (non-COTS) systems and websites to be hosted at the Smithsonian, Contractor shall complete all requested Smithsonian Assessment and Authorization documentation for the components/aspects of the system provided by Contractor, and shall fully cooperate with the Smithsonian’s security assessment process, including providing requested security control evidence/artifacts and access to interview appropriate Contractor personnel about security controls. (h) For Contractor developed applications or Contractor built interactive systems (e.g., public-facing exhibit technology incorporated through digital signage, custom interactives, content players, media players, audio streaming devices, lighting or control automation systems), Contractor shall not circumvent the security of the system (e.g., the use of backdoor or maintenance hook provisions are prohibited) and will ensure that the system can be protected from malware and vulnerabilities while it is in use at the Smithsonian. (i) Contractor shall not implement into live production or use for the Smithsonian or any system containing Smithsonian Data until security and privacy authorization has been granted in writing by the Smithsonian OCIO via the COTR. Contractor will resolve security deficiencies in order to successfully meet the applicable requirements of this section. (j) Contractor consents to and will cooperate with ongoing monitoring for security, privacy, cyber supply chain risk management, and contractual requirement compliance by the Smithsonian, including providing periodic updated evidence/artifacts, third party assessment reports, and questionnaire responses as requested. Contractor will resolve findings from monitoring, assessments, and Smithsonian web vulnerability scans in a timely manner. The Smithsonian may use third party risk intelligence tools to monitor risk and control compliance by the Contractor. Contractor will address issues as necessary to maintain an acceptable risk rating in these tools. (k) Contractor will provide at least one point of contact to receive and respond to requests related to these requirements.
  6. Credentials and Network Access: (a) Contractor and Contractor’s employees who have access to Smithsonian network/systems shall, when requested by the COTR, complete Smithsonian-provided privacy and security training course(s), sign a nondisclosure agreement, sign a conflict of interest agreement, sign an acknowledgement of the requirements in this contract, provide fingerprints, pass a Smithsonian background check, and/or provide notice of the results of that background check to the COTR. The content and timing of the course(s), agreement, or background check shall be substantially similar to one that would be required of a Smithsonian employee with access to similar Smithsonian networks/systems. (b) Contractor shall notify the COTR at
    least two weeks before any of Contractor’s employee requiring a Smithsonian credential, network account or other access, or other Smithsonian-furnished equipment stops supporting the work of this contract. In the event that
    Contractor is not provided two weeks’ notice by its employee,
    Contractor will notify the COTR as soon as Contractor becomes aware of the employee’s departure from the
    contracted work. (c) Contractor shall, when any employee requiring a Smithsonian credential, network account or other access, or other Smithsonian furnished equipment stop supporting the work of this contract, provide such employee’s Smithsonian credential and any Smithsonian furnished equipment to the COTR within three business days.
  7. California Consumer Privacy Act: (a) The California Consumer Privacy Act as amended by the California Privacy Rights Act, including any regulations and amendments implemented thereto (“CCPA”) shall apply to any information collected from California residents on behalf of the Smithsonian. (b) For purposes of the CCPA, Contractor shall be considered a service provider and the Smithsonian is a business. (c) Contractor shall not collect, maintain, store, use, disclose, or share PII for a commercial purpose other than providing the services or performing its obligations to the Smithsonian. (d) Without limiting the foregoing, Contractor: (i) will not sell or share PII (as “sell,” “sale,” or “share” is defined by the CCPA); (ii) will not retain, use, or disclose Personal Information outside of the direct business relationship between Contractor and the Smithsonian; and (iii) certifies that it understands the restrictions in this section and will comply with them. (e) Contractor agrees: (i) that the personal information disclosed is only for limited and specified purposes; (ii) to comply with applicable CCPA obligations; (iii) to grant the Smithsonian the right to take reasonable and appropriate steps to help ensure that Contractor uses the PII transferred in a manner consistent with the Smithsonian’s CCPA obligations; (iv) to notify the Smithsonian if it makes a determination that it can no longer meet its obligations; and (v) to grant the Smithsonian the right (upon notice) to take reasonable and appropriate steps to
    Page 3 of 4
    Smithsonian Institution
    Privacy and Security Clause
    SI 147B – SI Privacy and Security Clause
    March 13, 2024 (Rev.)
    stop and remediate unauthorized use of PII. (f) Upon request by the Smithsonian, Contractor will assist the Smithsonian in the Smithsonian’s fulfillment of any individual’s request to access, delete, or correct PII. (g) Contractor will promptly notify the Smithsonian following Contractor’s receipt of any request or complaint relating to any PII (unless applicable law prohibits such notification). Contractor will not respond to any such request or complaint, other than to redirect to the Smithsonian, unless expressly authorized to respond by the Smithsonian.
  8. European Economic Area. This contract does not include the collection or processing of Personal Information relating to individuals located in the European Economic Area.
  9. Terms: The bolded headings at the start of each section of this Smithsonian Institution Privacy and Security Clause are included only to assist the reader in navigating this Smithsonian Institution Privacy and Security Clause. The Parties intend the bolded headings to have no legal effect, and agree that the bolded headings are not intended to limit or modify any other language in this Smithsonian Institution Privacy and Security Clause.
    Page 4 of 4