ࡱ> %'"#$a bjbj[[ \^9bE\9bE\S3))77777$>7>7>7P7*8>7g9~d;(;;;g<!C5E $e 7AFg<g<AFAF 77;;!uIuIuIAFF7;7;uIAFuIuI;yWF^bLҘ70gL/Ff//7AFAFuIAFAFAFAFAF KH*AFAFAFgAFAFAFAF/AFAFAFAFAFAFAFAFAF)> 5: Quality Assurance Statement of Work (Version 2.0) Table of Contents  TOC \h \z \t "Style1,1,Level 2 Header,2,Level 3 Header,3"  HYPERLINK \l "_Toc82239780" 1. Introduction to QA Statement of Work  PAGEREF _Toc82239780 \h 2  HYPERLINK \l "_Toc82239781" 1.1 Purpose  PAGEREF _Toc82239781 \h 2  HYPERLINK \l "_Toc82239782" 1.2 Quality Management Approach  PAGEREF _Toc82239782 \h 2  HYPERLINK \l "_Toc82239783" 1.3 Overview of QA Contractor Tasks & Deliverable Process  PAGEREF _Toc82239783 \h 4  HYPERLINK \l "_Toc82239784" 2. Statement of Work  PAGEREF _Toc82239784 \h 6  HYPERLINK \l "_Toc82239785" 2.1 Task 1: Quality Management Planning  PAGEREF _Toc82239785 \h 6  HYPERLINK \l "_Toc82239786" 2.2 Task 2: Quality Control (QC)  PAGEREF _Toc82239786 \h 11  HYPERLINK \l "_Toc82239787" 2.3 Task 3: Quality Assurance (QA)  PAGEREF _Toc82239787 \h 15  HYPERLINK \l "_Toc82239788" 2.4 Task 4: Independent Verification and Validation (IV&V) Testing  PAGEREF _Toc82239788 \h 17  HYPERLINK \l "_Toc82239789" 2.5 Task 5: Risk Assessment  PAGEREF _Toc82239789 \h 18 3. Appendices Appendix A Generic Software Project Quality Standards A-1 Appendix B Project Evaluation Template (at Project closing) A-16 Appendix C QA Status and Improvement Report Template A-27 Appendix D Status and Improvement Sample Report A-31 Appendix E OSCIO Project Assessment Report and Project Budget & Schedule Variance Report A-40 Introduction to QA Statement of Work Purpose and Background Contractor shall perform Quality Management services (QA) for the Authorized Purchaser (hereinafter, Agency) in relation to Agencys XYZ Project (henceforth Project or XYZ Project). The purpose of the Contractors work is to assure that appropriate levels of Quality Management activities are performed throughout the Project lifecycle and/or for a specific portion of the Project lifecycle. These activities shall provide Agency with appropriate visibility into the (type of) processes being used and the products being built in the Project, especially by its Design, Development, and Implementation Contractor (henceforth Development Contractor). These Quality Management activities must be sufficient to assure that the Project satisfies the needs for which it was undertaken and that Project risks are well understood and appropriately mitigated or managed. (Provide a brief description of the project and its purpose, or refer to an attachment that provides a detailed description of the project and its purpose, or both.) Quality Management Approach The approach to ensure that the appropriate quality management and risk management activities are conducted shall be based on the Project Management Institutes (PMI) Standard as described in the Project Management Body of Knowledge, Fifth Edition (or later) (PMBOK) and International Standards Organization standard ISO12207 for system life cycle management. This includes activities of Quality Management that determine the quality policy, objectives, and responsibilities, and implements them by means such as quality planning, quality control, and quality assurance. Quality Management is defined as a subset of project management that includes the process required to assure that the Project shall satisfy the needs for which it was undertaken. Quality Management consists of activities in quality planning, quality assurance, and quality control. Where appropriate, quality control activities shall incorporate independent verification and validation (IV&V) activities, which are independent in the sense that they are conducted independently of the Development Contractor. Contractor shall apply a risk management approach, in accordance with the standard identified in the last paragraph, in all aspects of quality management. For the purpose of this document, the term quality standards shall refer to both Project process and product quality standards. Process quality standards shall cover organizational influences, management support, decision drivers, project management, schedule, resourcing, experience, and others. Product quality standards shall cover product content, design, development, deployment, environment, technology, security, maintainability, and others. The XYZ Projects Quality Management approach shall adhere to and include, but not be limited to, work activities in support of the following quality management and related processes, all of which together comprise the States independent verification and validation requirements: Quality Planning Identifying and/or verifying quality standards that are relevant to the project and determining how to satisfy them. Quality Planning shall include the preparation of a Quality Management Plan based on the review of the Projects Quality Management Guide, Agency policy and standards, statewide policy and standards, and other Project specific materials to identify quality standards and checklists relevant to the Project. Any such matter is relevant if its exclusion from the project may likely result in low quality outcomes creating significant risk to the Projects success. In addition to identifying the relevant quality standards and checklists, quality planning involves determining how to satisfy each quality standard within the constraints of a projects schedule, available resources, and internal policies and procedures. The Quality Management Plan must address how these quality standards will be implemented, inspected, controlled, and reported. Comprehensive quality planning includes the following companion deliverables: 1. Identification of relevant quality standards, beginning with the Oregon Standards set out in Appendix A to this SOW, compiled within the context of operational definitions related to the risk status of a standards fulfillment at a given point in the project; i.e., low, medium, or high risk. See, Task 1, Deliverable 1.1. 2. Compilation of quality checklists with focal points related to project standards and particular project deliverables identified for quality control review. See, Task 1, Deliverable 1.2. 3. Development of a quality management plan that sets out the manner and means of the QA Contractors performance of all required quality management services. See, Task 1, Deliverable 1.3. 4. Development of a Baseline Plan for implementing the Agency-accepted, comprehensive quality management planning system. See, Task 1, Deliverable 1.4. Quality Control Quality Control involves monitoring both the process and the products, to determine if the project is meeting relevant quality standards and identifying ways to mitigate risk or eliminate causes of unsatisfactory results at the work product level. Examples of Quality Control techniques include: Initial Assessment review of key project documentation (i.e., business case, project charter, business requirements, technical documentation, management plans, the work breakdown structure, project schedule and budget original and current baseline, and project reports, etc.) and interviews with key business and technical staff. Peer Review / Work Product Review a methodical examination of work products to identify defects and other needed changes. Examples of work product review methods include inspections, structured walkthroughs, and active reviews. IV&V Testing independent verification and validation, typically on a sampling basis, to ascertain that the products for each phase in the software development life-cycle satisfies relevant standards, practices, and requirements for correctness, completeness, consistency, and accuracy. IV&V augments the Development Contractors internal software testing and QC activities. Quality Assurance Periodic executive review and evaluation of the management processes as well as overall project performance to assure that the Project will satisfy relevant quality standards. Quality assurance includes the periodic review of key project processes, documentation (i.e., business case, project charter, project schedule and budget original and current baseline, requirements, designs, and project reports, etc.), and interviews with key business and technical staff. Quality assurance also includes evaluating, identifying, and recommending adjustments to the activities or tasks (and associated resources) that must be performed in the project to provide confidence that the project will satisfy the relevant quality standards. Risk Management In all aspects of quality management (i.e. quality planning, quality control, and quality assurance), risk management methodology shall be applied to characterize risks at the level of work product, process, and the overall Project. Risk management includes the identification of risks, the thorough assessment of the probability and the impact for the occurrence of risks, and the planning of viable responses that include, but are not limited to, mitigation, contingency, and avoidance strategies. Overview of QA Contractor Tasks & Deliverable Process The QA Contractor shall perform five primary Tasks: Task 1 - Quality Management Planning Task 2 - Quality Control Task 3 - Quality Assurance Task 4 - Independent Verification and Validation Testing Task 5 - Risk Assessment Together, these Tasks help Agency assure that the Development Contractor applies best practices in project management, including quality management, and delivers technical work products that meet or exceed Agency requirements in respect to schedule, cost, functionality, reliability, security, and other relevant quality standards. Deliverable Requirements: The QA Contractor shall meet deadlines, and provide required Deliverables within the QA Contract requirements. Each task has one or more Deliverables. Deliverable Process: The Development Contractor may implement the XYZ Project in phases by sub-systems where appropriate, with corresponding QA Contractor Deliverables conforming to the delivery schedule of the Development Contractor. As a result, the QA Contractor must align its work schedule to that of the Development Contractor as approved by the Agency Project Manager. Approved Development Contractor project plans, Development Contract statement of work, and related Development Contract terms & conditions shall serve as the basis for identifying Development Contractor activities. Certain QA Contractor Deliverables and their due dates are dependent on Development Contractor deliverables. Subject to the Agency Project Managers approval, the QA Contractor must adjust its Project plan on an on-going basis. For further details on the Development Contractor procurement, see Attachment X, Development Contractor Statement of Work. Acceptance Process: The QA Contractor will have full responsibility for the Deliverables and Tasks listed in this SOW and shall treat the Deliverables and associated Tasks as formal work requirements. QA Contractor shall describe how deliverable due dates are met in the Baseline Project Plan. All QA Contractor Deliverables and work products shall be submitted to the Agency Project Manager for acceptance and approval. (Note: The Agency Project Manager means Agency representative, or its duly authorized delegate, who coordinates Agency responsibilities under the Contract with Contractor and oversee all aspects of the Work.) The Agency Project Manager may request that a Deliverable outline be submitted for approval prior to work commencing on the Deliverable. All correspondence and documentation shall be delivered in both paper and electronic format with a signed cover letter. Due dates for Deliverables refer to first submittal of Deliverables to the Agency Project Manager. The Agency Project Manager shall review the Deliverable and provide written comments or provide direction or provisional approval with or without comments to the QA Contractor within xx (number) business days. The QA Contractor shall address the Agency Project Managers evaluation comments, and submit the final Deliverable within yy (number) business days from QA Contractors receipt of Agency Project Managers comments. Statement of Work Task 1: Quality Management Planning The QA Contractor will work with the Projects management to produce a Quality Management Plan (QMP), including all requisite quality standards, checklists, report templates, and processes. The QA Contractor will define the Project work tasks and resourcing that will add value and/or reduce risk subject to the constraints of available Project resources and organizational policies, Agency rules, and Oregon Revised Statutes, Oregon Administrative Rules, and statewide policies and standards. The QA Contractors work must adhere to generally accepted industry practices for project management and system life cycle management. In addition, the QA Contractor will utilize the Projects Quality Management Guide as a reference. Deliverables, unless otherwise noted, shall conform to the Project Management Institutes (PMI) Standard as described in the PMBOK and International Standards Organization standard ISO12207 for software development life cycle management. Based on the QMP, the QA Contractor shall define the Baseline Project Plan and subsequent Project management related Deliverables. The QA Contractor will ensure that the Project plans, standards, processes and work tasks fit the Projects needs and verify that they will be usable for performing quality control reviews, inspections, and uncovering quality risks throughout the life cycle of the Project. The emphasis of this task is to confirm that quality is planned into the Project versus a reactive quality approach that measures quality through audits completed after the work is done. Additionally at the end of each Project phase and/or at the Projects completion - the QA Contractor will facilitate a meeting to identify the lessons learned and record the results in the lessons learned and Project evaluation report. Specifically, the QA Contractor shall document the required quality planning activity in Deliverables 1.1 through 1.4: Deliverable 1.1: Quality Standards - Operational Definitions Develop and submit a written operational definition of the quality standards (Quality Standards) for the Project products and processes, which describe in very specific terms, what the standards are, and how each will be measured by the quality control process. The QA Contractor will use the Generic Software Quality Standards Template (see Appendix A) with suitable customization or tailoring to the Projects quality management and risk assessment needs by performing the following services: Identifying from the template the relevant process and product quality standards, risk cues or measurements which are appropriate for the Project based on the Projects current business and technical complexity assessment. Recommending additional quality standards based on the type of project, current phase of the project, or expert opinion where the absence of a quality standard would present high risk to the project; e.g. information security. Recommending elimination of unnecessary quality standards based on the Projects business and technical complexity assessment or current phase of the Project. However, the following Process and Product Quality Standards shall not be eliminated: Process Quality Standards: Definition of the project, development schedule, delivery commitment, cost controls, budget and resource size, project management approach (standards #10,11,12, 23, 25, 26, 27) Political influences, organizational stability (standard #6, 37) Leadership, project management authority, executive involvement (standard #12,17, 41) Team productivity, team member availability, user involvement, user justification (standard #28,34,44,48) Product Quality Standards: An appropriate, useful, and maintainable set of requirements (standard #50) An appropriate, useful, and maintainable set of engineering and design specifications (standard #58) Appropriate, useful, and maintainable code, utility, object, etc., construction (standard #80) Appropriate, useful, and maintainable test planning, test execution, and test corrective actions (standard #51) The product or application is fit for use (standard #46, 76) Alternatives Analysis, Commitment Process, Lessons Learned (standard #55, 56, 63) Appropriate, thorough and maintainable implementation (standard #53,81) Deliverable 1.2: Quality Checklists For each of the Development Contractor deliverables identified under Deliverable 2.1, the QA Contractor shall determine how the Quality Standards will be monitored and measured. At a minimum, for each major subsystem, the QA Contractor shall develop a checklist that combines the selected quality standards with the expected monitoring activities described in: (1) the Quality Control section of the Quality Management Approach (see above); and (2) Task 2, Quality Control. The QA Contractor shall deliver checklists for each Development Contractor deliverable to be reviewed under Task 2. These checklists must have the following attributes: Indicate the schedule for reviews, including the deliverable(s) under review, the person(s) responsible for the deliverable(s), and the person(s) responsible for conducting the reviews. Indicate a specific review procedure to follow, e.g. a procedure for schedule analysis, code walk-through, peer review, interviews, lessons learned, test methodology, or if the review will be performed informally. Verify and record that a set of required inspections have been performed. Indicate that the minimum quality standard has been met. Record the measurements. Identify the expected risk cue or measurement. Indicate the expected acceptability or tolerance. Indicate the rank of the quality standards where risk was found unacceptable. Indicate change in risk rank since previous review. Indicate a reference that will describe what was reviewed, who was interviewed, and the information or reasoning that non-adherence to a specific quality standard causes risk. The process of measurement, setting tolerance, and risk ranking referred to above may be based on the QA Contractors subject matter knowledge, domain experience, and expert opinions. These checklists shall conform to the specific choice of system life cycle model chosen by the Development Contractor or Agency, especially in respect to detailed requirements definition, general and detailed system design, test design, test planning and execution, and system implementation. Deliverable 1.3: Quality Management Plan (QMP) The QA Contractor shall develop and submit a Quality Management Plan (QMP) that defines how Quality Assurance (QA), Quality Control (QC), Independent Verification and Validation (IV&V), and Risk Assessment will be conducted in the Project. When developing the QMP, the QA Contractor shall review and use as key input the following: all available Project planning artifacts including any guidance provided by the Agency in writing or orally; the PMBOK, fifth edition (or later); and ISO 12207. The QA Contractor shall adhere to generally accepted industry practices for project quality management and software development quality management. At a minimum, the QMP shall include the following: Definition of QA Contractor, Development Contractor, Office of the State Chief Information Officer (OSCIO) and Agency staff roles and responsibilities; and procedures and resources needed from the QA Contractor, Development Contractor and Agency staff to implement the Quality Management Plan. Identification of all the work tasks to be performed by the QA Contractor, Development Contractor and the Agency staff to provide confidence that the Project will satisfy the specified and relevant process and product quality standards. At a minimum the QMP shall include: Detailed plan for QA Review, including scope, criteria, and methodology to be employed Detailed plan for QC, including scope, criteria, and methodology, including activities relating to IV&V Quality Management Tools: Quality standards Quality checklists Templates for all reporting types required during the lifecycle of the Project; e.g. QA Status & Improvement Report, QC Report, Monthly Status Report, Weekly Status Report, On-Going Risk Notification Report, Project Assessment Report, Project Budget and Schedule Variance Report, etc. Additional quality tools and methods as needed Risk Assessment Methodology Verification that the Quality Management Plan relates to and references the other Deliverables supporting the Quality Management Planning Task in this SOW. Templates for quality standards, QA Status and Improvement Reports, Project Assessment Report, and Project Budget & Schedule Variance Report are provided in the Appendices. Deliverable 1.4: Baseline Project Plan The QA Contractor shall deliver a Baseline Project Plan. The plan shall address each QA Contractor Deliverable and establish the baseline against which subsequent QA Contractor Deliverables are to be measured. Upon acceptance by Authorized Purchaser, the QA Contractor shall conduct a walk-through presentation with the Agency Project team and OSCIO. To accomplish this task, the QA Contractor must be well versed in all aspects of the Project. The QA Contractor shall review the following documents as input to its work: The approved business case on file with the OSCIO, as documented in the Information Resource Request signed by the State Chief Information Officer (CIO) or designee. All available Agency planning artifacts, e.g. Integrated Project Plan (IPP), supporting plans, and quality management guidance. Agency or statewide standards, including technology and security standards. Documented requirements, including functional, non-functional, and security requirements. The Development Contractors Proposal and contract SOW, especially the Project plan, software development methodology, data conversion & interface plan, and training plan where available. Deliverable 1.4 shall include at a minimum the following elements: General approach to achieve Contract requirements. Schedule Detailed work breakdown structure, with key milestones, critical path elements, and Deliverables identified Estimated resource requirements Staffing plan with key persons identified Assessment of all levels of assistance needed from the Development Contractor, including but not limited to hands-on participation, facilities, and infrastructure Assessment of all levels of assistance needed from State personnel, including but not limited to hands-on participation, facilities, and infrastructure Demonstrate a clear link to the Development Contractors Project Plan and Deliverables The accepted Baseline Project Plan shall be updated quarterly thereafter and be submitted to Agency for review and approval. At its option, the Agency may authorize the QA Contractor to satisfy special requests or evaluate the project through development of a lessons learned report, or both, as follows: Deliverable 1.5: Internal/External Presentations and Special Requests At the Agency Project Managers request, the Contractor shall be required to appear before various committees and/or individuals to discuss the overall strategic direction and progress of the Project. The QA Contractor shall accompany Agency staff at these appearances to make presentations, help answer questions, and provide its assessment of confidence on whether the Project will satisfy the needs it was undertaken to address. The QA Contractor shall, at the Agency Project Managers request, help prepare, attend, and participate in management or other Project meetings, and for consulting advice as requested by the Agency Project Manager, through the Contract term. The QA Contractor shall participate on-site unless otherwise directed by the Agency Project Manager. During the Contract Period, the Agency Project Manager may submit written requests for internal / external presentation requests, and special work. Special work includes independent analysis, recommendations on unforeseen problems, opportunities for improvement, research and recommendations on alternative courses of action, and additional quality control reviews or risk management activities. Additionally, consulting assistance may be requested for the QA Contractor to develop and review documents. All requests will be within the original Scope of Work for this opportunity. Within five (5) business days of QA Contractors receipt of a work request, or within such time frame within the Contract Period as the Agency Project Manager and the QA Contractor shall mutually agree, the QA Contractor shall provide the Agency Project Manager with a written fixed cost proposal detailing a proposed schedule. The fixed-cost proposal shall reflect the skill level of position categories and associated fully loaded hourly rates identified in the contract. Upon receiving the Agency Project Managers written approval and notice to proceed, the QA Contractor shall develop and submit, to the Agency Project Manager, written presentations or materials that meet the requirements of the request to the Agency Project Manager. Upon the Agency Project Managers approval of such written presentations or materials, and if they are part of the Agency Project Managers request, the QA Contractor shall perform the presentation or tasks remaining as described in the approved proposal. Deliverable 1.6: Lessons Learned Report Project Evaluation The Contractor shall facilitate a Project Evaluation/Lessons Learned session at the end of each Project phase or at the close of the Project, and create a report of the findings. The session will utilize as inputs, the Projects QA Quarterly Status and Improvement Reports and other reports deemed suitable by the Agency Project Manager, to create the Project Evaluation Report (Appendix B). At a minimum, the session shall examine the progress made, planned vs. accomplished tasks, the risks, problems, and delays encountered, mitigation actions taken or not taken, successes and mistakes made, and shall include recommended actions. Further, the session shall specifically examine whether the original (or current baseline) business case & ROI targets (if they exist) will be achieved. Within 30 months from the contract start, the QA Contractor shall prepare and conduct a Project Evaluation/Lessons Learned session. Those persons to be in attendance will be identified by the Agency Project Manager and the OSCIO. Within 15 business days following the Project Evaluation/Lessons Learned session, the QA Contractor will deliver a written Project Evaluation Report. The QA Contractor shall prepare Deliverable number 1.6 "Lessons Learned Report - Project Evaluation" within 30 days of the termination of the Design, Development and Implementation (DDI) contract in the event that the Development Contract is terminated early. In such case, Deliverable 1.6 will be considered the final Deliverable for this contract. Task 1 Deliverables: Deliverable NumberDeliverable DescriptionDue Date1.1Quality Standards Operational Definitions ReportContract Start or Agency acceptance of Task 5, Deliverable 5.1+ 40 Business Days1.2Quality ChecklistsContract Start + 40 Business Days1.3Quality Management PlanContract Start or Agency acceptance of Task 5, Deliverable 5.1 + 40 Business Days1.4Baseline Project PlanContract Start or Agency acceptance of Task 5, Deliverable 5.1+ 40 Business Days for the first version; quarterly update thereafter.1.5Internal/External presentations and Special RequestsTBD1.6Lessons Learned Report Project EvaluationTBDTask 2: Quality Control (QC) This task monitors Project results to determine if they comply with stated Project requirements. Project results include both work product results, notably deliverables, and project management results, notably schedule and cost performance. The QA Contractor shall: Review Project activities and inspect Agency and Development Contractor work product deliverables throughout the life of the Project in terms of their ability to meet the performance requirements for scope, schedule, and cost. This evaluation shall be done at the level of a specific work product deliverable, as well as its impact on subsequent deliverables to verify compliance and provide the Agency Project Manager, Project Team, others in Agency management, and the OSCIO with visibility as to whether the Project is adhering to its established plans, process and product standards, and work tasks. Review work product compliance with Agency security standards, especially in relation to system access. Review Development Contractor deliverables for completeness and accuracy, as well as identifying and assessing issues and risks at the work product level. In ascertaining whether the Development Contractor work products meet Agency requirements, the QA Contractor shall pay particular attention to the scope, execution, and results of the Development Contractors Test Plan. Address issues within the Project for resolution, if possible. Issues not resolvable within the Project will be escalated to the Projects Steering Committee or in accordance with the Projects governance processes. Specifically, the QA Contractor shall: Deliverable 2.1: Quality Control Reviews Detailed Quality Control (QC) Reviews and Reports are required for the following Development Contractor deliverables and Agency foundational project management documents (Agency must align with Stage Gate Review Process requirements): Development Contractor Project Plan, Quarterly Major Deliverable 1 Major Deliverable 2 Major Deliverable 3 Major Deliverable 4 Major Deliverable 5 Major Deliverable 6 Major Deliverable 7 Major Deliverable 8 Major Deliverable 9 Etc. For each Development Contractor deliverable, the QC Review shall evaluate major components or subsystems as necessary to establish acceptable workmanship. Each QC report will be a separate Deliverable with all applicable quality checklists completed and attached. QA Contractor shall conduct scheduled QC reviews by following the Quality Management Plan, and the approved Quality Standards, and Quality Checklists. The Quality Management Plan, Quality Standards, and Quality Checklists will indicate the type of review expected, e.g. data analysis, schedule analysis, standards or process conformance analysis, and additional analysis based on subject matter expertise. At a minimum, QA Contractor shall complete checklists indicating that the reviews for the process and products in the current period have been completed, measured, ranked, and reported. The completed checklists will be provided with the QC Deliverables and shall become input to the Quarterly QA Status and Improvements Report (Deliverable 3.1), the OSCIO Project Assessment Report, and the OSCIO Project Budget & Schedule Variance Report. (See Appendix E for the OSCIO report templates.) The precise nature of QC review shall be adjusted for the specific Development Contractor deliverable under review, as well the XYZ Project subsystem within a Development Contractor deliverable under review. It shall also accommodate the specific choice of software development life cycle model chosen by the Development Contractor or Agency. Deliverable 2.2: Security Code Review and Sampling The QA Contractor shall review specific code samples for security standards compliance. The QA Contractor shall also participate in major security code reviews by Agency for the modules that are developed specifically for the XYZ system, ensuring that relevant code adheres to statewide and Agency information security standard(s) where applicable. The list of areas to be examined includes, but is not limited to the following: User Authentication Role Based Security Database Connectivity Password Validation Encryption The QA Contractor shall work with the Development Contractor, the Agency Project Manager and the Agency Information Security Office to identify modules for code review and appropriate sampling rates. The QA Contractor shall use the Project Plan, Project Schedule and the Development Contractors deliverable schedule when scheduling security code review and sampling. Deliverable 2.3: Quality Status Reporting and Tracking Status Reporting. The QA Contractor shall attend Project status meetings weekly and shall prepare a Monthly Quality Status Report that documents Project status with the following sections: Project Quality Status For the overall Project For each element on the work breakdown structure in the Baseline Project Plan being executed Tracking of recommendations made through QA Status and Improvements Report or other channels designated by the Agency Project manager or DAS ESIPD. On-Going Risk Notification Report per task 5.2. Task 2 Deliverables: Deliverable NumberDeliverable DescriptionDue Date2.1aProject Plan Report, QuarterlyDocument Delivery + 10 Business Days2.1bMajor Deliverable 1Document Delivery + 10 Business Days2.1cMajor Deliverable 2Document Delivery + 10 Business Days2.1dMajor Deliverable 3Document Delivery + 10 Business Days2.1eMajor Deliverable 4Document Delivery + 10 Business Days2.1fMajor Deliverable 5Document Delivery + 10 Business Days2.1gMajor Deliverable 6Document Delivery + 10 Business Days2.1hMajor Deliverable 7Document Delivery + 10 Business Days2.1iMajor Deliverable 8Document Delivery + 10 Business Days2.1jMajor Deliverable 9Document Delivery + 10 Business Days2.2aSecurity Code Review and Sampling PlanIn accordance with Development Contractor Project Plan and Schedule2.2bSecurity Code Review and Sampling ReportTask 2.2.a acceptance + 10 Business Days2.3aMonthly Quality Status Report FormatContract Start + 10 Business Days2.3bMonthly Quality Status ReportTask 2.1a acceptance, first day of each calendar month Task 3: Quality Assurance (QA) The QA Contractor shall provide overall Project quality review; periodically examine quality control review results, checklists, change requests and tracking; and summarize the results for executive review and oversight throughout the life of the Project. The QA Contractor will create and deliver quarterly Quality Assurance Status and Improvements Reports and Presentations summarizing the overall Project status, performance, risks and recommendations for process improvement to the Agency Project Manager, the Projects Steering Committee and other relevant governance bodies, and the OSCIO. Specifically the QA Contractor shall: Deliverable 3.1: QA Status and Improvement Reports / Presentations The QA Contractor shall use the QA Status and Improvements Report template, Project Assessment Report, Project Budget and Schedule Variance Report, and other reporting vehicle or format as approved by the OSCIO, to conduct quarterly reviews, prepare reports, and deliver presentations. (See Appendix C for the template and Appendix D for a sample.) In order to ensure that State and Development Contractor personnel are coordinated in a manner that minimizes the impact of the review on the overall Project schedule, the QA Contractor shall coordinate the review with the Agency Project Manager five (5) business days prior to conducting the review. The Deliverable - QA Status and Improvement Report - shall contain, at a minimum, the following: Overall risk rank for the Project. Executive Summary paragraph of the entire report. It shall contain information such as: A brief description of the primary achievement in the last period; A brief description of the highest ranked primary (if any) quality risks covered in the following detail of the report; A brief description of the impact or consequence of the risk if left unresolved. At a minimum, the Executive Summary shall include: A summary of Project progress and accomplishments since the last report A summary of expenditures to date compared to budgeted Project dollars Identification and resolution of all problems encountered Plans, milestones and deliverables for the coming period A 3-month rolling risk matrix by assessment area Assessment of overall risk to the Project Evaluation of the overall Project status, Project budget and schedule variance, schedule and stage of completion, indicating the causal factors, mitigation efforts and recommendations Evaluation of the Projects ability to deliver the benefits/results stated in the approved business case on file with the OSCIO, as documented in the Information Resource Request signed by the State CIO. Summary of the current progress followed by major milestones. At a minimum the report shall contain a progress, status and risk analysis for the following assessment areas, in addition to other areas determined by the Agency Project Manager to be critical for monitoring purposes: Project Management Customer Involvement Technology Facilities and Support Project Scope Business Impact Deliverable Quality Development and Implementation Schedule Resources and Staff Actual expenditures compared to original (or current baseline) Project budget Project schedule performance compared to original (or current baseline) schedule Security Brief Project effectiveness statements on all the high level categories from the approved Quality Standards: Categories where no risks were identified shall simply be indicated in one line, for example: Decision Drivers no risks currently identified, or not evaluated at this time. Categories that contained a significant risk shall describe the risk, describe the factors used to determine the risk, estimate probability of occurrence, describe the potential impact, indicate the risk severity rating, and provide a recommended resolution strategy. At a minimum the resolution strategy shall include: Status of risks that must be monitored, identifying probability of occurrence and potential impacts Identification of trigger points for intervention for each risk Recommended and alternative correction actions plans, with options identified, presented for each identified risk to prevent and/or reduce potential for the risk occurring or the danger escalating Intervention strategies to address any risk(s) that exceed a trigger point, to include a definition of options available to address the risk, the potential affects and costs of implementing the strategy, a comparative summary of the alternative strategies and identification of a recommended strategy Implications for the Development Contractors Project Plan Risks resolved since last period. Provide the previous risk rank, and brief status or the actions taken on risks and results. Completed the OSCIO Project Assessment Reports and Project Budget & Schedule Variance Reports since Project start. (See Appendix E.) The QA Status and Improvement Report Template will assist with the executive summary. (See Appendix C.) The QA Status and Improvement Report EXAMPLE will assist with how to create the report. (See Appendix D.) The OSCIO requires the completion of a Project Assessment Report approximately once every 6 weeks. (See Appendix E.) Task 3 Deliverables: Deliverable NumberDeliverable DescriptionDue Date3.1Quarterly QA Status and Improvement Reports / PresentationsEnd of Quarter + 10 Business Days* *Note: The exact dates of the End of Quarter will be specified in the Baseline Project Plan. These dates will take into account and include but not be limited to, Contractor start date, and Oregons Joint Legislative Committee on Information Management Technology hearing dates. Task 4: Independent Verification and Validation (IV&V) Testing This task ensures that the system and its components, as delivered by the Development Contractor, are functional, stable, and secured as defined by approved requirements of the XYZ Project. The QA Contractor shall perform IV&V testing independent of the Development Contractor. In Deliverable 4.1, the QA Contractor shall prepare an IV&V Master Test Plan (MTP). The plan shall call for IV&V of the Development Contractors work products on a sampling basis. As the Development Contractors deliverables may contain software elements that have been previously deployed and proven stable, the QA Contractor shall focus IV&V efforts primarily on high-risk and newly developed code. In Deliverable 4.2, the QA Contractor shall execute the IV&V MTP and report testing status and results. The QA Contractor shall plan and perform security related IV&V separately under Deliverable 4.3. Specifically, the QA Contractor shall: Deliverable 4.1: IV&V Master Test Plan (MTP) The QA Contractor shall develop an IV&V Master Test Plan (MTP). The MTP shall include plans, methodologies, development procedures, and bug tracking. Emphasis shall be on the testing of high risk and new code areas. High Risk areas will include but not be limited to sub-system integration, interfaces to other data systems, and provider claims processing systems. At a minimum, the MTP shall have the following elements: Identification of potential high risk or new code areas Test Definition and Test Matrix Detailed Test Script Development Procedure Detailed Configuration and Build Control Procedure Testing Procedure Testing Environment Test Scripts Testing Metric and Reporting The nature of IV&V testing to be conducted may vary greatly depending on the Development Contractor selected by the State. Deliverable 4.2: Test Execution and Status Report The QA Contractor shall prepare for and conduct IV&V testing. The QA Contractor will provide a Status Report on a bi-weekly basis, not to exceed 20 bi-weekly reports, from the initiation of IV&V through completion of the Project report to update the Agency Project Manager on the status of IV&V activities. (Note: Testing will not begin until the Agency Project Manager has accepted the Master Test Plan, Deliverable 4.1). At a minimum, this report shall include the following: Number of total tests to be conducted for the Project Number of tests per high risk or new code areas of the system Number of tests conducted, completed, and awaiting retest Types of bugs correlated to the areas of test Summary of the results of each security test This Deliverable shall have a total not-to-exceed cost of $xyz. Task 4 Deliverables: Deliverable NumberDeliverable DescriptionDue Date4.1IV&V Master Test Plan (MTP)Developer Contractor Test Plan acceptance + 10 Business Days4.2Bi-Weekly Test Execution and Status ReportIV&V Initiation + 2 weeks, then bi-weekly4.3 Separate Security-related TestingTBD by subsequent task release order or WOC amendment.Task 5: Risk Assessment The Risk Assessment Task defines the QA Contractor tasks to support the XYZ Projects overall risk management efforts. The QA Contractor will refer to the Projects Risk Management Plan, if one exists. The XYZ Project Team has the primary responsibility for executing the Projects risk management activities with the QA Contractor providing a supporting function. Within the QA Contractors role of completing quality management, quality assurance and quality control on the Development Contractors plans, process and products, the QA Contractor will identify risks and provide recommendations for risk avoidance and mitigation strategies. Similarly, the QA Contractor will identify risks and provide recommendations for risk avoidance and mitigation strategies on the Agency project managements plans, process, and products. The QA Contractor shall perform an initial risk assessment (Deliverable 5.1) on the XYZ Project Integrated Project Plan and/or related supporting plans, and the Development Contractors proposed project plan. After the initial assessment, the QA Contractor will provide On-Going Risk Notification (Deliverable 5.2) for the life of the Contract. Identification of Information Security risks will be an essential part of the scope of the QA Contractors initial and on-going risk assessment. Specifically, the Contractor shall: Deliverable 5.1: Initial Risk Assessment The QA Contractor shall conduct an Initial Risk Assessment of the Project to identify the current status of the project, identify risks and their likelihood of occurring, and provide an independent evaluation of the planned schedule, resources (budget and staffing) and processes. The QA Contractor shall evaluate the XYZ Project Projects Integrated Project Plan (IPP), its components and processes, for reasonableness, validity, thoroughness and accuracy with emphasis on the following: Project Plan including State Resource Plan Project Requirements Management Plan Project Change Management Plan Project Issue Management Procedure Communication Plan Other critical Project processes The QA Contractor shall perform a risk assessment on the Development Contractors most recent Project Plans including the Project Schedule, Software Development Plan, Facility Plan, Configuration Management Plan, Data Conversion Strategy, Testing Strategy, Post-Implementation Support Strategy (for on-going operations and maintenance), Training Strategy, and Certification Checklist where applicable. This risk assessment shall take into account work product and Project level considerations, including at a minimum: Feasibility of the technical solution Sufficiency of security controls to safeguard protected or confidential information and to meet security requirements Sufficiency of Project components and processes Sufficiency of Project budget, schedule and resources To accomplish this task, the QA Contractor must be well versed in all aspects of the XYZ Project. To gain basic project knowledge, the QA Contractor shall review the following documents: XYZ Business Case, Project Charter, Project Work Plan and Work Breakdown Structure, Approved (original or current) baseline project budget and schedule, Integrated Project Plan and/or related supporting plans, the Development Contractors Proposal, Statement of Work, and Project Plan, etc. The Development Contract including the XYZ Project Requirements that specifies functional, non-functional, and security requirements. The Initial Risk Assessment Deliverable (5.1) will include: Risk Identification Provide a description, level of impact, probability of occurrence, and measurable threshold to trigger the risk. Risk Avoidance Plan - Recommend specific solutions to avoid the triggering of each risk. Risk Mitigation Plan Recommend specific risk mitigation solutions for each risk that is identified. Solutions shall include cost/benefit analysis for each mitigation option along with specific recommendations. The OSCIO Project Assessment Report QA Contractor will complete forward view column for all metrics identified therein. (See Appendix E.) Deliverable 5.2: On-Going Risk Notification The QA Contractor shall immediately verbally report to the Agency Project Manager the discovery of problems, new risks, or previously known risks that have increased in risk probability or potential impact, which pose a risk of failure or danger to the success of the project. The QA Contractor shall develop and submit a written On-Going Risk Notification Report within three business days. The on-going risk notification will follow the same requirements as defined for the initial risk assessment with an emphasis on managing risks that occur and change during the development and implementation process. On-going risk assessment will be conducted while conducting the quality assurance and quality control tasks. The on-going risk assessment will as a minimum: Monitor the replacement XYZ systems hardware, software, infrastructure, and data security requirements and risks as they apply to the projects progress to ensure that the XYZ system meets Agency requirements. Review where applicable the Business Continuity Plan (BCP), the Disaster Recovery Plan (DRP) and XYZ audit controls to ensure the security of Agency protected or confidential information. Review of implementation tasks and activities to assure that the confidentiality, integrity and availability of the XYZ system are not compromised. Task 5 Deliverables: Deliverable NumberDeliverable DescriptionDue Date5.1Initial Project Risk Assessment ReportContract Start + 40 Business Days5.2On-Going Risk Notification ReportAs needed. Written report three (3) days after verbal notification.Deliverable and Payment Schedule Deliverable NumberDeliverable DescriptionCost       Appendices QA Contractor shall use the appendices provided as reference materials for developing proposal and performing work specified in the Statement of Work. In addition, the QA Contractor should reference material documented in the Development Contract Statement of Work, other project planning artifacts, and related supporting documents as available and applicable.     Page  PAGE 1 of  NUMPAGES 21 ./3GH    ǶDZڦޢαsYs3jhlyP:>*B*CJUmHnHphuhlyP:CJmHnHuhlyP0JR:CJmHnHu%jhlyP0JR:CJUmHnHuhv&j{hlyPU hlyP5!jhlyP>*B*Uph hlyP0JR;jhlyP0JR;UhlyPjhlyPU hlyP5CJh OJQJhhlyPOJQJh"%34FG8  g 3  { E ~ $a$ $ X ]a$ $  ]a$ $  L]La$ ! $a$/1$   2 3 4 5 6 7 8 9 : U V W X [ \ w x y 󟅮qW3jhlyP:>*B*CJUmHnHphu'jghlyP:CJUmHnHu3jhlyP:>*B*CJUmHnHphuhlyP0JR:CJmHnHu%jhlyP0JR:CJUmHnHuhv&:CJmHnHu'jqhlyP:CJUmHnHu!jhlyP:CJUmHnHuhlyP:CJmHnHu"        / 0 1 2 4 5 ? F G H a b c d e f g h i Ӳӟ󓌈wrkcXcTcrhv&jShlyPUjhlyPU h1)0JR; hlyP5!jhlyP>*B*UphhlyP hlyP0JR;jhlyP0JR;U%jhlyP0JR:CJUmHnHuhv&:CJmHnHu'j]hlyP:CJUmHnHu!jhlyP:CJUmHnHuhlyP0JR:CJmHnHuhlyP:CJmHnHu i    , - . 0 1 2 3 ʷ󒦅kW'j?hlyP:CJUmHnHu3jhlyP:>*B*CJUmHnHphuhv&:CJmHnHu'jIhlyP:CJUmHnHu!jhlyP:CJUmHnHu%jhlyP0JR:CJUmHnHu3jhlyP:>*B*CJUmHnHphuhlyP0JR:CJmHnHuhlyP:CJmHnHu"3 4 5 P Q R S V W v w x ݶХБj[[hD0JR:CJmHnHu3jhlyP:>*B*CJUmHnHphuhv&:CJmHnHu'j5hlyP:CJUmHnHu!jhlyP:CJUmHnHu3jhlyP:>*B*CJUmHnHphuhlyP:CJmHnHuhlyP0JR:CJmHnHu%jhlyP0JR:CJUmHnHu          : ; < = @ A Y Z [ t u v x y z { Ӳӟ䟐vbӲӟUP hlyP5hlyP0JR;>*B*ph'j! hlyP:CJUmHnHu3jhlyP:>*B*CJUmHnHphuhlyP0JR:CJmHnHu%jhlyP0JR:CJUmHnHuhv&:CJmHnHu'j+hlyP:CJUmHnHu!jhlyP:CJUmHnHuhlyP:CJmHnHuhk.)0JR:CJmHnHu +U\` 12N8>EPѺѮѮѪѣ͙э͍хсh hN;hDhh!5hME6 *h!5hME6 hNlhlyPha *hlyP hNlhC hNlhDhVhk.)hChMEhlyP hlyP5CJ hlyPCJ hlyP5CJ hB;yCJ hlyPCJjhlyPCJU2  2N,-CDJ K ! ! hgdnxgd$a$'+1k3<!#*,?k * I J K ! ! !!!!%%%#%&&&))+|,,,,,,,,n-t---ܾԳ hNlh  hlyP@hlyP@OJQJhtXhtXCJ aJ htXhCJ aJ hhCJ aJ hhtXhnx hNlhD hNlhlyP hlyP5hk.) *hlyPhlyP; !!!"/$%&)+++,0,L,,,,-- ....W2X2 59D[$\$ & F  & F<<xx hgdnx- ...../0 0U1s1y112U2X2l2333 44+414t4z4445555#6)616<6@6F66666667<77777777777P8R8S8`8v99άh<h1) *htXhlyP>* *htXh<>* *h<hlyP>* *h<h >*hD h<hlyP hNlhNl hlyP>* hNlhD hNlhlyP *hlyPhlyPhlyPOJQJPEPPPzP~PP+Q[QQQR RRRRS S&S-S8SITTTTU UUUU hNlh!5 hNlhMEhNlhlyP5 hNlh<hN$hr hlyP56 hlyP5hthtX5 hthtX htht hthlyP hlyP@h<hlyP hNlhlyP hNlhD;BCBDCDDDDgEEEjFkFFF8GGHDHHHHIK & F  & F  h  & F h^h` & F hh^h`KKFLMfMMMMNgNNKOLO*Q+Q[QTTnoooodpjpppppqqrrrrsAsCsEsSsYsls}ssssž񚳖hlyPOJQJ hlyP>*he hlyP5 *hlyPh!5hpj *hlyP>*hlyP hNlhD hNlhlyPhNlhlyP5hNlhr@hNlh<@hNlhD@hNlhlyP@ hlyP@ *hlyP>*@6!qrrrrrrrrr $$Ifa$ h rrrsTsLCCC $$Ifa$kd $$IfTl44FtLms 0    4 laf4pyt)-TTsUsYslss{rjd$IfQ$1$If $$Ifa$kd $$IfTlFtLms 0    4 laTsssssxooi$If $$Ifa$kd" $$IfTl4FtLms 0    4 laf4Tsssss'tVtXtZthtttttt uu*hlyPOJQJ hpj>* hlyP>* *hlyP>*hlyPhe7sstttxooi$If $$Ifa$kd $$IfTl4FtLms 0    4 laf4TtttttxogoQ$1$If $$Ifa$kdV $$IfTl4FtLms 0    4 laf4Tttt uuxooo $$Ifa$kd $$IfTl4FtLms 0    4 laf4Tuu/u!v"v;v* hlyP6 hNlh5t hNlhpj *hlyP hNlhD hNlhlyP hpj5 hlyP5hDhpj *hDhlyP>J^rR'?0`avw $$Ifa$ & F & F  h & F  hgd5tЉLCCC $$Ifa$kd$$$IfTl44FtLms 0    4 laf4pyt)-T4{rrl$If $$Ifa$kd$$IfTlFtLms 0    4 laT45:Nsxooi$If $$Ifa$kd$$IfTl4FtLms 0    4 laf4Tsty{rrl$If $$Ifa$kdD$$IfTlFtLms 0    4 laT̊{rrl$If $$Ifa$kd$$IfTlFtLms 0    4 laT̊݊ /6J[^nuȋً܋+2Y̌14A|wˏ =JS`iǒ×GPhNlhD hlyP>*hlyPOJQJh!5 hNlhD hNlhlyP *hlyP *hehlyPOJQJhk *hlyP>*he *hehlyPhlyPD 0{rrl$If $$Ifa$kdl$$IfTlFtLms 0    4 laT016Jo{rrl$If $$Ifa$kd$$IfTlFtLms 0    4 laTopu{rjd$IfQ$1$If $$Ifa$kd$$IfTlFtLms 0    4 laTȋ{rrl$If $$Ifa$kd($$IfTlFtLms 0    4 laT,{rrl$If $$Ifa$kd$$IfTlFtLms 0    4 laT,-2Y{rrr $$Ifa$kdP$$IfTlFtLms 0    4 laŤxooo $$Ifa$kd$$IfTl4FtLms 0    4 laf4T B{rrr $$Ifa$kd~$$IfTlFtLms 0    4 laTBCHf{rrr $$Ifa$kd$$IfTlFtLms 0    4 laT<={urkuuu\uu5 h9D[$\$$ h$ hkd$$IfTlFtLms 0    4 laT qr.v1bD+>S^uƙϙ & F ^ & F & F & F h & F hϙ2OT<= à   & F ^ & F ^ & F h h & F ^ #$XYףȤ̤ӤݥܦD֫?ENy(2ClȱȨȨȺȱ hk)>* hk)@ h 0g6@hNlhD6@hNlhlyP6@ *hlyP>*@hNlhlyP@ *hD@ *hlyP@ hlyP@hDhNlhlyPCJ *hlyP *hlyP>* hlyP; hlyP5 hlyP5@hlyPh9Q3 #$7COSX $$$Ifa$$ h ) hFp@ P !XY]LAAA $$$Ifa$kd:$$IfTl44FtLms 0    4 laf4pyt)-Tף./xjUSMMMM h hhP]h^`PgdNl h^`kd,$$IfTl4FtLms 0    4 laf4TũDVjwD(^֭12 & F h hgdNl & F h hlpqs  )]tv{үկ6ADnY"t*-ؼ478?A|ɼµµɯɪ蕌h 0ghD@h 0ghlyP@h!5hb!oh1) *hlyP hc@ *hD@ hD@ *hlyP@ hlyP@ h 0gh 0g *h 0g>*h 0g *hlyP>* hlyP5hlyP hk)>* *hchk)>*72rs $$Ifa$ h ®ޮPJJJ$Ifkd$$Ifl44FiAbs 0    4 laf4pyt)- Kuyyy$Ifkd$$IflFiAbs 0    4 lauvz{ԯ|vvvv$IfkdD$$Ifl4FiAbs 0    4 laf4ԯկ01CDn|zttttttttttt hkd$$Ifl4FiAbs 0    4 laf4 Yɷ!"*Pƺ,- нW & F   & F   h^h & F  hgdc h & F  hABlm $$Ifa$$ h !h & F  h & F BZ]z}JMm ,FTqrsvwySTVWYZ\]_deklmºº¶h CJmHnHujh/\CJU h/\CJh)-jh)-UhvyOJQJ hvy5hvyh OJQJh hlyPOJQJ *hlyP>* hlyP5 h 0ghlyP h 0ghD *hlyPhlyP *hlyP>*@ hlyP@3LCCC $$Ifa$kdp$$IfTl44FPs 0    4 laf4pyt)-T ,7pxogooQ$1$If $$Ifa$kdb$$IfTlFPs 0    4 layt TpqrstxogoQ$1$If $$Ifa$kd $$IfTlFPs 0    4 layt TtuvwxxogoQ$1$If $$Ifa$kd$$IfTlFPs 0    4 layt TxyxvfZZZZZ $$Ifa$gd3 u & Fx@& ^gdvykdh$$IfTlFPs 0    4 layt TL@@@ $$Ifa$gd3 ukd$$IfTl44FPs 0    4 laf4pyt)-Tvj_j Q$1$Ifgd3 u $$Ifa$gd3 ukd $$IfTl FPs 0    4 laytvyTQRSUVXYvhf```^^^^ h  & F@& gdvykd $$IfTlFPs 0    4 laytvyT Y[\^_ h$a$ mnrs}~hlyPh)- h/\6h/\h CJmHnHu h/\CJjh/\CJU ,1h/ =!"#$% ,1h/ =!"#$% {DyK  _Toc82239780{DyK  _Toc82239780{DyK  _Toc82239781{DyK  _Toc82239781{DyK  _Toc82239782{DyK  _Toc82239782{DyK  _Toc82239783{DyK  _Toc82239783{DyK  _Toc82239784{DyK  _Toc82239784{DyK  _Toc82239785{DyK  _Toc82239785{DyK  _Toc82239786{DyK  _Toc82239786{DyK  _Toc82239787{DyK  _Toc82239787{DyK  _Toc82239788{DyK  _Toc82239788{DyK  _Toc82239789{DyK  _Toc82239789$$If!vh#vm#vs#v :V l44 05m5s5 4f4pyt)-T$$If!vh#vm#vs#v :V l05m5s5 4T$$If!vh#vm#vs#v :V l405m5s5 4f4T$$If!vh#vm#vs#v :V l405m5s5 4f4T$$If!vh#vm#vs#v :V l405m5s5 4f4T$$If!vh#vm#vs#v :V l405m5s5 4f4T$$If!vh#vm#vs#v :V l405m5s5 4f4T$$If!vh#vm#vs#v :V l44 05m5s5 4f4pyt)-T$$If!vh#vm#vs#v :V l05m5s5 4T$$If!vh#vm#vs#v :V l405m5s5 4f4T$$If!vh#vm#vs#v :V l05m5s5 4T$$If!vh#vm#vs#v :V l05m5s5 4T$$If!vh#vm#vs#v :V l05m5s5 4T$$If!vh#vm#vs#v :V l05m5s5 4T$$If!vh#vm#vs#v :V l05m5s5 4T$$If!vh#vm#vs#v :V l05m5s5 4T$$If!vh#vm#vs#v :V l05m5s5 4T$$If!vh#vm#vs#v :V l05m5s5 4T$$If!vh#vm#vs#v :V l405m5s5 4f4T$$If!vh#vm#vs#v :V l05m5s5 4T$$If!vh#vm#vs#v :V l05m5s5 4T$$If!vh#vm#vs#v :V l05m5s5 4T$$If!vh#vm#vs#v :V l44 05m5s5 4f4pyt)-T$$If!vh#vm#vs#v :V l405m5s5 4f4T$$If!vh#vb#vs#v :V l44 05b5s5 4f4pyt)-$$If!vh#vb#vs#v :V l05b5s5 4$$If!vh#vb#vs#v :V l405b5s5 4f4$$If!vh#vb#vs#v :V l405b5s5 4f4$$If!vh#v#vs#v :V l44 055s5 4f4pyt)-T$$If!vh#v#vs#v :V l055s5 / 4yt T$$If!vh#v#vs#v :V l055s5 / 4yt T$$If!vh#v#vs#v :V l055s5 / / 4yt T$$If!vh#v#vs#v :V l055s5 / 4yt T$$If!vh#v#vs#v :V l44 055s5 4f4pyt)-T$$If!vh#v#vs#v :V l 055s5 4ytvyT$$If!vh#v#vs#v :V l055s5 4ytvyTns2&6FVfv2(&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv8XV~ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@_HmH nH sH tH B`B Normal$a$CJ_HmH sH tH n@n Heading 1,MainHeading,H1$<@&5CJ KH OJQJ Heading 2,2,h2,Head 2,l2,TitreProp,UNDERRUBRIK 1-2,Header 2,ITT t2,PA Major Section,Livello 2,R2,H21,Heading 2 Hidden,Head1,H2,Sub-section Title,Header2,h:2,h:2app,level 2,Head2A,Major Section,Head2,Level 2 Head,2nd level,Titre3,Prophead 2,C2$ x@&56!" MHeading 3,h3,H3,Level 3 Topic Heading,Heading1,Heading2,Heading11,l3,3,More 3  @&212  Heading 4@&JJ  Heading 5 & F!<@& 56CJHH  Heading 6 & F!<@&5CJDD  Heading 7 & F!<@&CJHH  Heading 8 & F!<@&6CJL L  Heading 9 & F!<@& CJOJQJDA D Default Paragraph FontVi@V  Table Normal :V 44 la (k (No List B@ Body Text,Information,bt,B,heading3,Body Text-RGS Props,body text,Resume Text,BODY TEXT,Block text,sp,tx,txt1,T1,Title 1,sbs,block text,bt4,body text4,bt5,body text5,bt1,body text1,RFP Text,P,Teh2xt,EDStext,bodytext,bullet title,BT,Questions,bi,bodytxy2CJ<O< Style1  & F!xOJQJPOP Level 2 Header & F!x@&56R"R Level 3 Header & F!x@&5CJT2T Level 4 Header & F!x@& 56CJP@PTOC 1 ! xx5;CJmHnHu.R. title5CJ,2@2 TOC 2 ^:22 TOC 3 ^6.. TOC 4 ^.. TOC 5 ^.. TOC 6 ^.. TOC 7 ^.. TOC 8 ^.. TOC 9 ^8@8 Header  !CJ8 @8 Footer  !CJT#T Table of Figures p^`p5CJDD bullet 1 ! & Fx CJOJQJ\S"\ Body Text Indent 3" Z^Z CJOJQJ2P22 Body Text 2#JQBJ Body Text 3$B*CJW&phnRRn Body Text Indent 2% >^`>B*CJOJQJphBbB Section Title & & FCJJrJ Section Sub Sub Title'CJ66 Sub Title 3(CJLL SubSubSubSub Style ) & FCJ88  Comment Text*CJ~C~ Body Text Indent,Body Indent 1+ ^` B*CJph:: body,$xxa$OJQJ:: xl22-dd[$\$CJPJBB Level 1.1$^`CJB>@B Title /$1$a$5CJ OJQJhXTX Block Text0p]p^`CJOJQJh@@ font51dd[$\$ CJOJQJD"D font62dd[$\$5CJOJQJB2B xl243dd9D[$\$ CJOJQJBBB xl254dd9D[$\$ CJOJQJFORF xl265dd9D[$\$5CJOJQJFbF xl276dd9D[$\$5CJOJQJBrB xl287dd9D[$\$ CJOJQJTT xl29%8dd-D9DM [$\$ CJOJQJFF xl309dd9D[$\$5CJOJQJ^^ xl31+:$dd-D9DM [$\$a$5CJOJQJXX xl32%;dd-D9DM [$\$5CJOJQJTT xl33%<dd-D9DM [$\$ CJOJQJDD xl34=dd[$\$56CJOJQJHH xl35>dd9D[$\$56CJOJQJff xl362?dd%d&dOP[$\$56CJOJQJVV xl37!@dd&dP[$\$56CJOJQJff xl382Add&d'dPQ[$\$56CJOJQJB"B xl39Bdd9D[$\$ 5OJQJB2B xl40Cdd9D[$\$ CJOJQJTBT xl41%Ddd-D9DM [$\$ CJOJQJTRT xl42%Edd-D9DM [$\$ CJOJQJb xl43MF$dd$d%d-D9DM NO[$\$a$5CJOJQJnrn xl44<G$dd$d-D9DM N[$\$a$5CJOJQJ xl45MH$dd$d'd-D9DM NQ[$\$a$5CJOJQJHH xl46I$dd9D[$\$a$ 5OJQJ@@ xl47J$dd9D[$\$a$CJ66 xl48Kdd[$\$CJFF xl49Ldd9D[$\$5CJOJQJ66 xl50Mdd[$\$CJ::  Footnote TextNCJ@@  Balloon TextO CJOJQJBjB Comment SubjectP5CJNoN 4DocumentQ1$CJOJQJ_HmH sH tH 6U`!6 Hyperlink >*B*ph626 body2 S@^@OJQJ.1B. body3 T`^`.AR. body4 U^RbR Titel Page TitleV$a$5CJ$OJQJLrL tcv2.col2W$P1$a$ OJQJhFV F FollowedHyperlink >*B* phXYX  Document MapY$-D M a$ CJOJQJ.). Page Number Headingi[$ V%$d !%d !&d !'d !-DM N !O !P !Q !a$ 56CJ >' > Comment ReferenceCJ.2. List 2]$a$ZZ Section Heading 1^$ & F a$:>*OJQJ@& @ Footnote ReferenceH*>> Table Text`$((a$44 Tablea$xxa$P"P Normal Indentb$^a$ CJOJQJL2L form text - small c$a$CJLBL Main Section Textd$a$5CJL/RL Blurb Headse56CJ_HmH sH tH RbR Section Headingf$a$56CJOJQJHrH table heading g$<a$6CJP/P Title 3 h$$5CJPJ_HmH sH tH >> Cover Titlei5CJPn0n List Bullet-j$$ & F" h^`a$CJOJQJhdMd Body Text First Indentk$ dd[$\$^ a$T^T Normal (Web)l$dd[$\$a$ OJPJQJj/j 1AutoList12m 0^`0CJOJQJ_HhmH sH tH PK![Content_Types].xmlN0EH-J@%ǎǢ|ș$زULTB l,3;rØJB+$G]7O٭VvnB`2ǃ,!"E3p#9GQd; H xuv 0F[,F᚜K sO'3w #vfSVbsؠyX p5veuw 1z@ l,i!b I jZ2|9L$Z15xl.(zm${d:\@'23œln$^-@^i?D&|#td!6lġB"&63yy@t!HjpU*yeXry3~{s:FXI O5Y[Y!}S˪.7bd|n]671. tn/w/+[t6}PsںsL. J;̊iN $AI)t2 Lmx:(}\-i*xQCJuWl'QyI@ھ m2DBAR4 w¢naQ`ԲɁ W=0#xBdT/.3-F>bYL%׭˓KK 6HhfPQ=h)GBms]_Ԡ'CZѨys v@c])h7Jهic?FS.NP$ e&\Ӏ+I "'%QÕ@c![paAV.9Hd<ӮHVX*%A{Yr Aբ pxSL9":3U5U NC(p%u@;[d`4)]t#9M4W=P5*f̰lk<_X-C wT%Ժ}B% Y,] A̠&oʰŨ; \lc`|,bUvPK! ѐ'theme/theme/_rels/themeManager.xml.relsM 0wooӺ&݈Э5 6?$Q ,.aic21h:qm@RN;d`o7gK(M&$R(.1r'JЊT8V"AȻHu}|$b{P8g/]QAsم(#L[PK-![Content_Types].xmlPK-!֧6 0_rels/.relsPK-!kytheme/theme/themeManager.xmlPK-!R%theme/theme/theme1.xmlPK-! ѐ' theme/theme/_rels/themeManager.xml.relsPK] ^.^ 0000222225 i 3 -9Ughslmeghijklnprvx} !X2BK&W;_!qrTsssttuS{4s0o,Bϙ X2uԯptxYfmoqstuwyz{|~G 3568Wx 1Gbdeg-013Rw<Zuxy X%X%X%X%X%X%X%X%X%X%̕*-5!8@0(  B S  ?B _Hlt82241010 _Hlt82241011 _Hlt82317597 _Hlt82317598 _Toc82239780 _Toc82244810 _Toc82245854 _Toc72725523 _Toc75931848 _Toc81973160 _Toc82239781 _Toc82244811 _Toc82245855 _Toc72725524 _Toc75931849 _Toc81973161 _Toc82239782 _Toc82244812 _Toc82245856 _Toc71425929 _Toc71430615 _Toc71430965 _Toc71431091 _Toc71680998 _Toc72143470 _Toc72725525 _Toc75931850 _Toc81973162 _Toc82239783 _Toc82244813 _Toc82245857 _Toc71425933 _Toc71430619 _Toc71430969 _Toc71431095 _Toc71681002 _Toc72143474 _Toc81973163 _Toc82239784 _Toc82244814 _Toc82245858 _Toc75931852 _Toc81973164 _Toc82239785 _Toc82244815 _Toc82245859 _Toc75931853 _Toc81973165 _Toc82239786 _Toc82244816 _Toc82245860 _Toc75931854 _Toc81973166 _Toc82239787 _Toc82244817 _Toc82245861 _Toc75931855 _Toc81973167 _Toc82239788 _Toc82244818 _Toc82245862 _Toc75931856 _Toc81973168 _Toc82239789 _Toc82244819 _Toc82245863JJ      2 2 2 2 2 2 ############X*X*X*X*X*X*/////////mmmmmכככככէէէէէ@@@@ <=>?@A !"#$%&'()*+,-./0123456789:;KKM M M M M M ############////#0#0#0#0#0.m.m.m.m.myyyyyySUVXY[\^_SUVXY[\^_33./6xGe1wZy`@7A711qy̾̾ӾӾھھRSSUVVXY[\^_dnr./6xGe1wZy`@7A711qy̾̾ӾӾھھRSdnr#⣐TjE>,K duT^ Z5|g.cou,$T_&u+_i)"` +1,chI.:,^Ej.,"w{'0VY{7V`Q 9:,^~89$9hxA:,^ND&| fF0~1J+0."OOv0;[%Pؾ1P:,^U:,^' rV6(X:,^aYD&0Or=[0y  ]`pu.f:,^`8l:,^yxF.yqy"J,Y5*\Ʈ hh^h`OJQJo(hhh^h`.h88^8`.hL^`L.h  ^ `.h  ^ `.hxLx^x`L.hHH^H`.h^`.hL^`L.hh^h`.P^`P..^`...x^`x....  ^` .....  X@ ^ `X ......  ^ `....... 8x^`8........ `H^``.........P^`Po(@@^@`o(.0^`0o(..``^``o(... ^`o( .... ^`o( ..... ^`o( ...... `^``o(....... 00^0`o(........hh^h`o(.^`.pLp^p`L.@ @ ^@ `.^`.L^`L.^`.^`.PLP^P`L.hhh^h`.h88^8`.hL^`L.h  ^ `.h  ^ `.hxLx^x`L.hHH^H`.h^`.hL^`L.P^`Po(@@^@`o(.0^`0o(..``^``o(... ^`o( .... ^`o( ..... ^`o( ...... `^``o(....... 00^0`o(........0^`0o(.0^`0o(.0^`0o(..``^``o(... ^`o( .... ^`o( ..... ^`o( ...... `^``o(....... 00^0`o(........hhh^h`.h88^8`.hL^`L.h  ^ `.h  ^ `.hxLx^x`L.hHH^H`.h^`.hL^`L.hh^h`o(.^`.pLp^p`L.@ @ ^@ `.^`.L^`L.^`.^`.PLP^P`L.hh^h`.   ^ `OJ QJ o(o   ^ `OJ QJ o( xx^x`OJQJo( HH^H`OJ QJ o(o ^`OJ QJ o( ^`OJQJo( ^`OJ QJ o(o ^`OJ QJ o(hh^h`o(.^`.pLp^p`L.@ @ ^@ `.^`.L^`L.^`.^`.PLP^P`L.hh^h`o(.^`.pLp^p`L.@ @ ^@ `.^`.L^`L.^`.^`.PLP^P`L.hh^h`o(.^`o(.pLp^p`L.@ @ ^@ `.^`.L^`L.^`.^`.PLP^P`L.hh^h`.   ^ `OJ QJ o(o   ^ `OJ QJ o( xx^x`OJQJo( HH^H`OJ QJ o(o ^`OJ QJ o( ^`OJQJo( ^`OJ QJ o(o ^`OJ QJ o(hh^h`o(.^`.pLp^p`L.@ @ ^@ `.^`.L^`L.^`.^`.PLP^P`L.^`o(. ^`OJ QJ o(o xx^x`OJ QJ o( H H ^H `OJQJo(   ^ `OJ QJ o(o ^`OJ QJ o( ^`OJQJo( ^`OJ QJ o(o XX^X`OJ QJ o(z^`zo(.^`o(.^`.pLp^p`L.@ @ ^@ `.^`.L^`L.^`.^`.PLP^P`L.^`o(.^`o(. pp^p`OJ QJ o( @ @ ^@ `OJQJo( ^`OJ QJ o(o ^`OJ QJ o( ^`OJQJo( ^`OJ QJ o(o PP^P`OJ QJ o(^`o(.88^8`.L^`L.  ^ `.  ^ `.xLx^x`L.HH^H`.^`.L^`L.hhh^h`.h88^8`.hL^`L.h  ^ `.h  ^ `.hxLx^x`L.hHH^H`.h^`.hL^`L. P^`P56o(.^`79<H*S*TXo(.   ^ `OJ QJ o(   ^ `OJQJo( xx^x`OJ QJ o(o HH^H`OJ QJ o( ^`OJQJo( ^`OJ QJ o(o ^`OJ QJ o(hh^h`.   ^ `OJ QJ o(o   ^ `OJ QJ o( xx^x`OJQJo( HH^H`OJ QJ o(o ^`OJ QJ o( ^`OJQJo( ^`OJ QJ o(o ^`OJ QJ o(hh^h`o(.^`.pLp^p`L.@ @ ^@ `.^`.L^`L.^`.^`.PLP^P`L.^`79<H*S*TXo(.   ^ `OJ QJ o(o   ^ `OJ QJ o( ^`OJQJo( ^`OJ QJ o(o ``^``OJ QJ o( 00^0`OJQJo( ^`OJ QJ o(o ^`OJ QJ o(hh^h`o(.^`.pLp^p`L.@ @ ^@ `.^`.L^`L.^`.^`.PLP^P`L.hh^h`o(.^`.pLp^p`L.@ @ ^@ `.^`.L^`L.^`.^`.PLP^P`L.hh^h`o(.^`.pLp^p`L.@ @ ^@ `.^`.L^`L.^`.^`.PLP^P`L.hh^h`. ^`OJ QJ o(o pp^p`OJ QJ o( @ @ ^@ `OJQJo( ^`OJ QJ o(o ^`OJ QJ o( ^`OJQJo( ^`OJ QJ o(o PP^P`OJ QJ o(hh^h`.   ^ `OJ QJ o(o   ^ `OJ QJ o( xx^x`OJQJo( HH^H`OJ QJ o(o ^`OJ QJ o( ^`OJQJo( ^`OJ QJ o(o ^`OJ QJ o(hh^h`o(.^`.pLp^p`L.@ @ ^@ `.^`.L^`L.^`.^`.PLP^P`L.^`79<H*S*TXo(.XX^X`.(L(^(`L.  ^ `.  ^ `.L^`L.hh^h`.88^8`.L^`L.^`o(.hh^h`o(.^`.pLp^p`L.@ @ ^@ `.^`.L^`L.^`.^`.PLP^P`L.#T_& Z5yND~1J1P.f[%PEUQ 9hI.`8l(XaY' rVOr=[9hxA"OO.y,$+Y{7{'0cou5* ]`Ej.~891,yxK _i)fF##0/ k l|$v&k.)1)k))-!5N;lyP9QtX 0gpjNlb!o5t3 uB;yYSyvyVP}r<M teanxc CxVtDF&ME/\y N$SU@{@Unknown G*Ax Times New Roman5Symbol3. *Cx ArialY CG TimesTimes New RomanI. ??Arial Unicode MS3*Ax Times5. .[`)Tahoma9PalatinoABook Antiqua?= *Cx Courier New;WingdingsA$BCambria Math"h&'p D+3& b]b]q243qHP ?YSy2! xx QA SOW V.1_0_2 CLEAN NJB/Quality Assurance Statement of Work V.1.0.2 NJBBETSACON Nicholas * CIOBETSACON Nicholas * CIO#                           ! " P  hp  State of Oregon]b QA SOW V.1_0_2 CLEAN NJB TitleH Lx _PID_HLINKS Sub-TopicDocument TitleTopic7display_urn:schemas-microsoft-com:office:office#Editor7display_urn:schemas-microsoft-com:office:office#AuthorA$<;8 _Toc82239789;2 _Toc82239788;, _Toc82239787;& _Toc82239786;  _Toc82239785; _Toc82239784; _Toc82239783; _Toc82239782; _Toc82239781; ns:ds="http://schemas.openxmlformats.org/officeDocument/2006/customXml"/>as.microsoft.com/office/2006/metadata/longProperties"/> ?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~     5 !+&)?*,-./0123467@Root Entry F`O5( Data >!1TableǠWordDocument\^SummaryInformation(4DocumentSummaryInformation8PCompObjrMsoDataStore `O5`O5 - !"#$%&'()*+,3.012456  F Microsoft Word 97-2003 Document MSWordDocWord.Document.89qDocumentLibraryFormDocumentLibraryFormDocumentLibraryForm This value indicates the number of saves or revisions. The application is responsible for updating this value after each revision. as/xmls/qdc/2003/04/02/dc.xsd"/> le for updating this value after each revision. ns:ds="http://schemas.openxmlformats.org/officeDocument/2006/customXml"/>w>