Statement of ObjectivesEnterprise Resource Planning (ERP) Cloud Transformation

1.0 BACKGROUND

The Defense Logistics Agency (DLA) Enterprise Resource Planning (ERP) program is an integrated SAP and Non-SAP business environment with multiple integrations and customizations that enable DLA to establish end-to-end processes to fulfill logistics and financial reporting requirements, streamline and use data sources effectively, reduce inefficient or non-value added operations, and audit its resources so that it can monitor and make decisions about how the resources are allocated and utilized for the benefit of the warfighter and the US taxpayer.

The vision of DLA ERP is to provide DLA with information technology services to manage its supply chain resources, including operations and financial management, in support of the warfighter. The integration of the existing ERP with other supply chain efforts, such as the Warehouse Management System (WMS), Advance Planning and Scheduling (JDA), Enterprise Business System (EBS), Enterprise Data Warehouse (EDW), and Governance, Risk and Compliance (GRC), that reside in cloud or on premise environments, is desired in order to provide real-time data access and decision support to the DLA enterprise.

2.0 PURPOSE AND SCOPE

The intent of this request is to provide the government with assistance in conducting platform configuration development to migrate DLA ERP applications from the Defense Information Systems Agency (DISA) to cloud hosting and managed services. In addition, provide technical expertise to return DLA ERP customized legacy applications and processes to align with industry standards (ERP software solution and business processes) to meet DLA’s required capabilities in preparation for transition to SAP S/4HANA. This requirement also includes subscription based licensing for software supporting the new system.

3.0 CURRENT ERP ENVIRONMENT

DLA ERP current environment includes multiple Information Technology IT portfolios, or programs, with multiple SAP and non-SAP applications residing within the associated accreditation boundary, as depicted in Attachment 3 – DLA ERP Architecture. The scope of the ERP landscape consists of multiple environments, including Development, Test, COOP, and Production. Details of the environments may be found in Attachment 4 – DLA ERP Landscape.

4.0 OBJECTIVES

The overall objective is to migrate the entirety of the existing DLA ERP to a cloud environment and convert as much custom code as possible to standard capability in preparation for transitioning to S/4HANA. To achieve this, the cloud migration and standardization services must comply with applicable business, technical, security, management, and administrative

objectives. Cloud migration and standardization services should be aligned with objectives of the enterprise service delivery model, and support the agency’s ability to deliver future sustainable services. If an objective corresponds to a particular program phase, it appears in a subsection labeled: Migration (Phase 1), Standardization/Optimization (Phase 2).

1.1. Business Objectives

1.1.1. Promote standardization to the maximum extent possible by reducing custom configurations that may be outdated or replaced by modern capabilities, and allow DLA to take advantage of immediate upgrade capabilities and evolving technological innovation.

1.1.2. To effectively manage increasing risk, including security and compliance IAW the twelve key areas identified by the Software Engineering Institute [Source: https://insights.sei.cmu.edu/sei_blog/2018/03/12-risks-threats-vulnerabilities-in-moving-to-the-cloud.html ].

Consumers Have Reduced Visibility and Control On-Demand Self Service Simplifies Unauthorized Use Internet-Accessible Management APIs can be Compromised Separation Among Multiple Tenants Fails Data Deletion is Incomplete Credentials are Stolen Vendor Lock-In Complicates Moving to Other CSPs Increased Complexity Strains IT Staff Insiders Abuse Authorized Access Stored Data is Lost CSP Supply Chain is Compromised Insufficient Due Diligence Increases Cybersecurity Risk

1.1.3. Shortened time requirements for security infrastructure deployments, such as patches, vulnerability updates, etc.

1.1.4. Acquire a set of environments, to include at a minimum Development, Production, and COOP with capabilities to include Staging and Test environments (promotion stack) as required, that are kept current, synchronized, and allow DLA to understand and test the impacts of proposed system changes.

1.1.5. Reduce infrastructure and operational costs by moving from on-premise DISA hosting to a managed services cloud offering.

1.1.6. Increase scalability and flexibility due to fluctuating workload demands.

1.1.7. Keep service interruptions to a minimum so that the transition has little or no impact on DLA’s ability to meet the needs of the Warfighter

1.1.8. Migration (Phase 1):

● Describe approach to ensure that procedures and documentation are developed for migration execution.

● Describe your methodology for migrating core ERP applications, databases, security hierarchy and integration points to a cloud environment.

● Describe approach to cloud governance for post-migration. Defining the roles and responsibilities for cloud governance.

1.1.9. Standardization / Optimization (Phase 2):

● Provide work products for standardization of custom code that result in the DLA’s understanding of the benefits and implications of standardizing capabilities.

● Develop Scope Analysis and planning for delivery of standardization efforts, to include impacted processes from all Process Areas.

● Produce analysis of applications, processes, and procedures that are well-suited for accelerated standardization, and provide recommendations for executing this effort.

● Describe approach to identify and manage communication, change management, and training needs for migration and standardization execution.

1.2. Technical Objectives

1.2.1. Provide all technical advisory services necessary to fully develop and deliver services for the appropriate phases, Migration and Standardization / Optimization.

1.2.2. Provide cloud migration and standardization services that account for the systems lifecycle, ranging from development, testing, and production. Provide services that include considerations for maintaining cloud services post-deployment.

1.2.3. Migration (Phase 1):

● Deliver a technical architecture capturing the “to-be” cloud migration state that is consistent with Department of Defense Architecture Framework (DoDAF).

● Include considerations in the migration planning solution for the target design such as capacity, schedules, migration priority, cost, etc.

● Describe approach to providing technical advice to cloud migration that will enable DLA to implement metering to migrated cloud services including provisioning capabilities, accounting capabilities, billing capabilities, etc.

● Produce a plan that will support co-existing non-cloud and cloud architectures, if applicable, during and after migration.

1.2.4. Standardization / Optimization (Phase 2):

● Provide technical services for standardization including illuminating interdependencies such as application dependencies and affinities to servers, server configuration etc.

● Identify and document critical dependencies between associated applications, processes, policies, and data.

● Describe approach to developing custom code evaluation criteria, standardization profiling, and application dependency mapping:o Include approach to mapping multi-purpose applications.

o Identify and describe methodology for analyzing customizations/infrastructure across a range of lifecycle stages (e.g. development, testing, and production).

● Describe approach for decomposition of custom code and identification of standard capabilities and services that can be transitioned.

1.3. Security Objectives

1.3.1. Provide comprehensive analysis of current applications and infrastructure that incorporates considerations for security such as data sensitivity, legal or other regulatory issues, disaster recovery, currently deployed remote access or internal security considerations, etc.

1.3.2. Provide support and services in compliance and in alignment with Federal Risk and Authorization Management Program (FedRAMP) standardized security assessment, authorization, and continuous monitoring policies in migration services, as required by the scope of the project.

1.3.3. Provide technical services regarding security and privacy in the migration services that are consistent with NIST Special Publication 800-144 – “Guidelines on Security and Privacy in Public Cloud Computing” or other applicable standards and guidelines.

1.3.4. Provide IL4 level hosting (SAP Secure HANA Cloud Platform – GovCloud) to include the following environments; Development, Test, Quality Assurance, Patch Fix/Sandbox, User Acceptance Testing (UAT), High Availability / Disaster Recovery (HA/DR), and Production.

1.3.5. Describe framework and approach to incorporating both federal and agency security requirements into migration planning recommendations.

1.3.6. List any additional Security and Privacy standards to which the contractor should conform their services/solution. For example:

● Properly securing the connections between formerly collocated systems, including systems not migrated for business or other reasons.

● Implementation of Trusted Internet Connections and similar mandates.

1.4. Management Objectives

1.4.1. Allow the contractor maximum flexibility to innovatively manage program cost, schedule, performance, risks, warranties, contracts and subcontracts, vendors, and data required to deliver effective inventory services.

1.4.2. Provide meaningful reporting metrics and progress analytics during program execution that provide DLA with timely and comprehensive visibility into the technical and management performance of the migration phase.

1.5. Administrative Objectives

1.5.1. Utilize relevant tools and analysis techniques for analyzing, evaluating and presenting information gathered throughout the migration and standardization phases. Describe approach and examples of relevant tools and analysis techniques for all relevant phases.

1.5.2. Provide DLA decision making support in the form of relevant artifacts and work products.

1.5.3. Describe in the proposal methods of compliance with requirements for the business, management and security objectives, proposing service level agreements (SLAs), associated terms and conditions, and enforcement methodology. At a minimum the SLA shall cover the following points:

● Metrics for the services as measured as the [describe calculation of metric]; not to be less than that proposed within the acquisition vehicle (e.g., GSA’s IT70), and including definitions

● Metric Time Objectives for tasks

● Methodology for ensuring that the Service Level Agreement is met. 5.0 PLACE OF PERFORMANCE

TBD

6.0 PERSONNEL REQUIREMENTS

TBD

7.0 PERIOD OF PERFORMANCE

TBD

8.0 CONTRACTING OFFICER’S REPRESENTATIVE (COR)

The Contracting Officer’s Representative (COR) will be assigned at time of task order award.

9.0 TYPE OF CONTRACT TBD

List of Attachments

Attachment 1 – TBD Attachment 2 – TBD Attachment 3 - DLA ERP Architecture Attachment 4 - DLA ERP Landscape

Attachment 1 – Definitions/Acronyms

TBD.

Attachment 2 – Possible Labor Categories (but not limited to)

Labor Category

Attachment 3 – DLA ERP Environment

Attachment 4 – DLA ERP Landscape

Expand the rows on the left to view details for each environment.