ISG Contract Onboarding Services Lifecycle

Versions Compared

Old Version 24

changes.mady.by.user Angel Tucker

Saved on

compared with

New Version 25

changes.mady.by.user Angel Tucker

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

<Back to Communications Hub 

Panel
borderWidth0
HTML
<nav class="aui-navgroup aui-navgroup-horizontal">
<div class="aui-navgroup-inner">
<div class="aui-navgroup-primary">
<div class="aui-nav-heading">
</div>

	<button class="aui-button aui-button-link" style="font-size: 11pt">
	<a href="https://qnetconfluence.cms.gov/display/ISGCO/QualityNet+Contract+Services">HOME&nbsp</a>
	</button>

	<button class="aui-button aui-button-link aui-dropdown2-trigger" aria-controls="services-dropdown" style="font-size: 11pt">
	Access to Services
	</button>
	<aui-dropdown-menu id="services-dropdown" aria-controls="services">
		<aui-section id="services-all">
			<aui-item-link href="https://qnetconfluence.cms.gov/display/ISGCO/Access+to+Services">ACCESS TO SERVICES</aui-item-link>
		</aui-section>
		<aui-section id="services">
			<aui-item-link href="https://qnetconfluence.cms.gov/display/ISGCO/Access+to+Services#QualityNetITServices">QualityNet IT Services</aui-item-link>			
			<aui-item-link href="https://qnetconfluence.cms.gov/display/ISGCO/Access+to+Services#CMSServices">CMS Services</aui-item-link>
			<aui-item-link href="https://qnetconfluence.cms.gov/display/ISGCO/Access+to+Services#QPPServiceNow">QPP Onboarding Processes</aui-item-link>
		</aui-section>
		</aui-dropdown-menu>

	<button class="aui-button aui-button-link aui-dropdown2-trigger" aria-controls="onboarding-dropdown" style="font-size: 11pt">
	Onboarding Process  
	</button>
	<aui-dropdown-menu id="onboarding-dropdown" aria-controls="onboarding">
		<aui-section id="onboarding-all">
			<aui-item-link href="https://qnetconfluence.cms.gov/display/ISGCO/OnboardingProcess">ONBOARDING PROCESS</aui-item-link>
		</aui-section>
		<aui-section id="onboarding">
        	<aui-item-link href="https://qnetconfluence.cms.gov/display/ISGCO/OnboardingProcess#60DaysPriortoAward">60 Days Prior to Award</aui-item-link>
			<aui-item-link href="https://qnetconfluence.cms.gov/display/ISGCO/OnboardingProcess#ContractAwarded">Contract Awarded</aui-item-link>
			<aui-item-link href="https://qnetconfluence.cms.gov/display/ISGCO/OnboardingProcess#PeriodofPerformanceBegins">Period of Performance Begins</aui-item-link>
			<aui-item-link href="https://qnetconfluence.cms.gov/display/ISGCO/OnboardingProcess#Within5BusinessDays">Within 5 Business Days</aui-item-link>
			<aui-item-link href="https://qnetconfluence.cms.gov/display/ISGCO/OnboardingProcess#Within10BusinessDays">Within 10 Business Days</aui-item-link>
		    </aui-section>
		</aui-dropdown-menu>		

	<button class="aui-button aui-button-link aui-dropdown2-trigger" aria-controls="offboarding-dropdown" style="font-size: 11pt" >
	Offboarding Process  
	</button>
	<aui-dropdown-menu id="offboarding-dropdown" aria-controls="offboarding">
		<aui-section id="offboarding-all">
			<aui-item-link href="https://qnetconfluence.cms.gov/display/ISGCO/OffboardingProcess">OFFBOARDING PROCESS</aui-item-link>
		</aui-section>
		<aui-section id="offboarding">
        	<aui-item-link href="https://qnetconfluence.cms.gov/display/ISGCO/OffboardingProcess#60DaysPriortoPOPEnding">60 Days Prior to POP Ending</aui-item-link>
			<aui-item-link href="https://qnetconfluence.cms.gov/display/ISGCO/OffboardingProcess#PeriodofPerformanceEnds">Period of Performance Ends</aui-item-link>
		    </aui-section>
		</aui-dropdown-menu>		

	<button class="aui-button aui-button-light aui-dropdown2-trigger" aria-controls="roles-dropdown" style="font-size: 11pt">
	Roles & Responsibilities
	</button>
	<aui-dropdown-menu id="roles-dropdown" aria-controls="roles">
		<aui-section id="roles-all">
			<aui-item-link href="https://qnetconfluence.cms.gov/display/ISGCO/RolesResponsibilities">ROLES & RESPONSIBILITIES</aui-item-link>
		</aui-section>
		<aui-section id="roles">
        	<aui-item-link href="https://qnetconfluence.cms.gov/display/ISGCO/RolesResponsibilities#CMSCOR">CMS COR</aui-item-link>
			<aui-item-link href="https://qnetconfluence.cms.gov/display/ISGCO/RolesResponsibilities#ContractEngagementTeam">Contract Engagement Team</aui-item-link>
			<aui-item-link href="https://qnetconfluence.cms.gov/display/ISGCO/RolesResponsibilities#Contractors">Contractors</aui-item-link>
		   </aui-section>
		</aui-dropdown-menu>

	<button class="aui-button aui-button-link aui-dropdown2-trigger" aria-controls="contactus-dropdown" style="font-size: 11pt">
	Contact Us
	</button>
<aui-dropdown-menu id="contactus-dropdown" aria-controls="contactus">
		<aui-section id="contactus-all">
			<aui-item-link href="https://qnetconfluence.cms.gov/display/ISGCO/ContactUs">CONTACT US</aui-item-link>
		</aui-section>
		<aui-section id="contactus">
        	<aui-item-link href="https://qnetconfluence.cms.gov/display/ISGCO/ContactUs#FAQs">FAQs</aui-item-link>
		</aui-section>
		</aui-dropdown-menu>
</div>
	

<div class="aui-navgroup-secondary">
<div class="aui-nav-heading"></div>
<button class="aui-button aui-dropdown2-trigger" aria-controls="Resources-dropdown" style="font-size: 11pt"><span class="aui-icon aui-icon-small aui-iconfont-configure"></span>
  RESOURCES
</button>

<aui-dropdown-menu id="Resources-dropdown" aria-controls="right-aligned">
	<aui-section id="View-all">
		<aui-item-link href="https://qnetconfluence.cms.gov/display/ISGCO/Resources">RESOURCES</aui-item-link>
	</aui-section>
	<aui-section id="right-aligned">  
		<aui-item-link href="https://qnetconfluence.cms.gov/display/ISGCO/Resources#ContractChecklists">Contract Checklists</aui-item-link>
		<aui-item-link href="https://qnetconfluence.cms.gov/display/ISGCO/Resources#Security">Security</aui-item-link>     
        <aui-item-link href="https://qnetconfluence.cms.gov/display/ISGCO/Resources#Templates">Templates</aui-item-link>
        <aui-item-link href="https://qnetconfluence.cms.gov/display/ISGCO/Resources#Training&Manuals">Training & Manuals</aui-item-link>
	</aui-section>
</aui-dropdown-menu>
</div>
</div>


Livesearch
spaceKeyISGCO
additionalnone
placeholderSearch
typepage


This section lists the roles and responsibilities of those individuals that ISG Management has identified who play a part in the onboarding or offboarding of contractors to the QualityNet IT Services. Included is a general description of the role, the steps involved in the onboarding/offboarding process in which they participate, and who they interact with during each step.




Horizontal Navigation Bar
idRoles_Responsibilities


Horizontal Navigation Bar Page
titleCMS COR

CMS Contracting Officer's Representative CMS Contracting Officer's Representative

The CMS COR  is an integral part of the ISG contract engagement process, representing CMS and supporting the new contracting organization to ensure all CMS contract requirements are met and all new contractor questions and needs are addressed for a successful onboarding experience. In addition, the CMS COR assists in closing out contracts, which can include extending or transitioning efforts to a new contractor. 



Tabs Container
directionvertical


Tabs Page
titleTraining

Security Training

Refer to the Security tab on the QualityNet Communications Hub.


Tabs Page
titleResponsibilities

CMS COR Responsibilities

The CMS COR responsibilities are presented following the timeline for the processes involved in onboarding or offboarding contractors to the QualityNet IT Services, as well as activities conducted during the contract's period of performance.


Onboarding Process

60 Days Prior to Contract Award 

  • Notify of contract solicitation.
    The CMS COR should provide only contract specifics that are publicly available, such as the contract solicitation number and estimated award date.
  • Identify contract requirements.
    The CMS COR works with the ISG Contract Engagement team to identify high-level service requirements for the new contract to gain a better understanding of what QualityNet IT Services will be applicable. Some contract types, such as ADOs, already have a package of services pre-approved for use.

    If this is not an ISG contract, the CMS COR completes the ISG Questionnaire and provides the approved ISG Questionnaire to the ISG Contract Engagement team to assist with requirements gathering.

Contract Awarded

Period of Performance Begins

  • Complete Contract Engagement Intake form.
    The CMS COR works with the New Contractor to complete the Contract Engagement Intake form by identifying the type of work to be performed and the services required.

Within 5 Business Days

  • Conduct contract engagement meeting.
    Upon receipt of the intake form, the CMS COR and New Contractor meet with the ISG Contract Engagement team to confirm eligibility for the services identified in the Contract Engagement Intake form. Upon confirmation, the ISG Contract Engagement team sends a request for approval of these services to the CMS Service Leads for processing. 

Within 10 Business Days

  • Hold contract calls as needed.
    The CMS COR and the ISG Contract Engagement team will conduct touchpoint meetings with the New Contractor to ensure the organization has all the necessary knowledge, templates, and points of contact (POCs) for any formal security deliverables or other security-related items within the dates of the engagement timeline.
Offboarding Process

60 Days Prior to Period of Performance Ending

  • Notify of contract closeout.
    The CMS COR sends an email to the ISG Contract Engagement team that identifies one of four scenarios that will occur when a contract's period of performance ends. The ISG Contract Engagement team will respond requesting additional information that is needed to coordinate user access to QualityNet IT Services.
Contract Maintenance

During the contract's Period of Performance (POP), there are three actions for QualityNet IT Services that may require CMS COR involvement:

  • Action 1: Assignment of new COR.
    The ISG Contract Engagement team should be advised immediately upon reassignment, if a new COR is assigned to the contract so that the HARP and ServiceNow records can be updated accordingly. An email should be sent to ISGContractEngagement@hcqisISGContractorOnboardingServices@cms.hhs.orggov
  • Action 2: Approval of additional SPOCs.
    The CMS COR approves additional contractor Security Points of Contact (SPOC), as needed. The CMS COR needs a HARP ID to approve/reject additional SPOC requests. Refer to the QualityNet | HARP for instructions on getting started with a HARP ID.
    NOTE: The first SPOC is set up by the ISG Contract Engagement team during the onboarding process.
  • Action 3: Approve additional QualityNet IT Services.
    The CMS COR approves additional QualityNet IT Services if a contract requires additional services after initial onboarding is completed. The ISG Contract Engagement team will request approval by the CMS COR via email.





Horizontal Navigation Bar Page
titleContract Engagement Team

ISG Contract Engagement Team ISG Contract Engagement Team

The ISG Contract Engagement team coordinates the transition between incoming and outgoing contracts. The team ensures all activities occur on schedule, addresses and supports activities as needed, and escalates any transition-related issues to ISG Management. The team includes CMS Service Leads who process all requests for approval of QualityNet IT Services.



Tabs Container
directionvertical


Tabs Page
titleTraining

Security Training

The ISG Contract Engagement team is knowledgeable of the necessary security forms and requirements that need to be met by the New Contractor and works with the CMS COR and HCQIS Security with any questions posed by the contracting organization.

For additional security requirements and training, refer to the Security tab on the QualityNet Communications Hub.


Tabs Page
titleResponsibilities

ISG Contract Engagement Team Responsibilities

The ISG Contract Engagement team responsibilities are presented following the timeline for the processes involved in onboarding or offboarding contractors to the QualityNet IT Services, as well as activities conducted during the contract's period of performance.


Onboarding Process

60 Days Prior to Contract Award 

  • Identify contract requirements.
    The ISG Contract Engagement team works with the CMS COR to identify high-level service requirements for the new contract to gain a better understanding of what QualityNet IT Services will be applicable. Some contract types, such as ADOs, already have a package of services pre-approved for use.

Period of Performance Begins

  • Complete Contract Engagement Intake form.
    The ISG Contract Engagement team receives the completed Contract Engagement Intake form and begins the onboarding process.

Within 5 Business Days

  • Conduct contract engagement meeting.
    Upon receipt of the intake form, the ISG Contract Engagement team meets with the CMS COR and New Contractor to confirm eligibility for the services identified in the Contract Engagement Intake form and sends a request for approval of these services to the CMS Service Leads for processing. 
  • Complete contract onboarding.
    After the CMS Service Leads have processed the requests for services, the ISG Contract Engagement team prepares and sends a welcome package to the New Contractor's Security Official (SO) to complete the engagement process.

Within 10 Business Days

  • Hold contract calls as needed.
    The CMS COR and the ISG Contract Engagement team will conduct touchpoint meetings with the New Contractor to ensure the organization has all the necessary knowledge, templates, and points of contact (POCs) for any formal security deliverables or other security-related items within the dates of the engagement timeline.
  • Complete Post-Engagement Survey.
    The ISG Contract Engagement team forwards link to Contract Engagement Post-Onboarding Survey to New Contractor for response. The goal of the survey is to assist the team in creating an effective and efficient onboarding process.

Offboarding Process

60 Days Prior to Period of Performance Ending

  • Notify of contract closeout.
    The ISG Contract Engagement team receives an email from the CMS COR that identifies one of four scenarios that will occur when a contract's period of performance ends. The ISG Contract Engagement team will respond requesting additional information that is needed to coordinate user access to QualityNet IT Services.

Period of Performance Ends

  • Contract removed from QualityNet IT Services.
    The ISG Contract Engagement team will remove user access to QualityNet IT Services based on the scenario identified by the CMS COR.

Contract Maintenance

During the contract's Period of Performance (POP), there is one action for QualityNet IT Services that will require ISG Contract Engagement team involvement:

  • Action 1: Assignment of new COR.
    The ISG Contract Engagement team should be advised immediately upon reassignment if a new COR is assigned to the contract so that the HARP and ServiceNow records can be updated accordingly. An email should be sent to ISGContractEngagement@hcqisISGContractorOnboardingServices@cms.hhs.orggov





Horizontal Navigation Bar Page
titleContractors

Contractors Contractors

Contractors represent the organizations who are either onboarding or offboarding to QualityNet IT Services. 


Tabs Container
directionvertical


Tabs Page
titleTraining

Security Training

As part of the contract engagement process, contractors are required to designate at least one Security Official (SO) and Security Point of Contact (SPOC).

For additional security requirements and training, refer to Security Awareness and Training on the QualityNet Communications Hub.


Tabs Container
directionhorizontal


Tabs Page
titleSO

Security Official

The SO is responsible for the following:

  • Communicate to users in your organization how to request access to the QualityNet IT Services approved for your contract/organization.
  • Review and approve all new user requests for these services.
    NOTE: Only approve user requests that come directly from your contract/organization.
  • Remove users that no longer require access to these services.
  • Approve other SOs within your organization, as needed, to assist with the above tasks.

Refer to the Security Official Role on the QualityNet | HARP page for instructions on requesting the SO role in HARP and a short video of the role. Once your request is approved, you will review and approve requests from members of your organization for access to the desired services. You will also remove users’ access to services no longer needed.

To ensure a smooth and quick start to utilizing the approved service(s), the Contract Engagement team recommends the following actions be taken:


Expand
titleACTION 1:

Ensure all users have HARP IDs. 

For instructions on the process, refer to the QualityNet | HARP page.


Expand
titleACTION 2:

Notify members that they may now request above services.

Refer to the QualityNet IT Services page for instructions on the user request process for each service.


Expand
titleACTION 3:

Approve user access to the services.

As an approved SO for your organization, you can now approve or reject user role requests.  For instructions on this process, refer to the Security Official Role tab on the QualityNet | HARP page.


Resources

QualityNet | HARP

QualityNet IT Services


Tabs Page
titleSPOC

Security Point of Contact

Each organization is required to designate at least one (1) Security Point of Contact (SPOC) who is responsible for ensuring the organization is compliant with CMS security requirements and policies. You may access the Policies/Procedures and Security Awareness Training by going to https://qnetconfluence.cms.gov/ and selecting Security. The SPOC is responsible for reporting and handling security incidents that occur within the organization. 

When a contract is awarded, the CMS COR will designate the first SPOC who will be established in ServiceNow. When an organization needs to add, update, replace or make any changes to the SPOC it can be done via the HARP application following the instructions below. Once approved, the SPOC is stored and tracked through ServiceNow for general tracking and maintenance. 

HCQIS ServiceNow - Refer to Security POC tab on this page for requesting assignment as your organization's SPOC for a program. Note that your CMS COR must have a HARP account for your request to be approved.


Security Awareness and Training

During the onboarding process, and before accessing any HCQIS system or application, each user must sign HCQIS Rules of Behavior, complete the appropriate training, and provide evidence of training completion to their Security Point of Contact (SPOC); the SPOC will track all required training within their organization. In many cases, an annual attestation is also provided to the organization’s CMS Contracting Officer’s Representative (COR) as a deliverable.

For additional information, refer to the Security Awareness & Training page on the QualityNet Communications Hub.


Resources

HCQIS ServiceNow

QualityNet Security - Central source of security-related information and reference material.




Tabs Page
titleResponsibilities

Contractor Responsibilities

The Contractor responsibilities are presented following the timeline for the processes involved in onboarding or offboarding contractors to the QualityNet IT Services, as well as activities conducted during the contract's period of performance.


Onboarding Process

Contract Awarded

  • The New Contractor is contacted by the CMS ISG of contract award. Thereafter, ISG prepares the official approval of the contract is prepared by ISG and sent to the New Contractor. The contract is then executed by the New Contractor. No work can start or meetings scheduled with the New Contractor until the Period of Performance (POP) begins.
  • The New Contractor must identify a Security Point of Contact (SPOC) and Account Administrator (AA) within one (1) day of the contract award.

Period of Performance Begins

  • Complete Contract Engagement Intake form.
    The New Contractor works with the CMS COR to complete the Contract Engagement Intake form by identifying the type of work to be performed and the services required.

Within 5 Business Days

  • Conduct contract engagement meeting.
    Upon receipt of the intake form, the New Contractor and CMS COR meet with the ISG Contract Engagement team to confirm eligibility for the services identified in the Contract Engagement Intake form. Upon confirmation, the ISG Contract Engagement team sends a request for approval of these services to the CMS Service Leads for processing. 
  • Complete contract onboarding.
    The New Contractor's Security Official (SO) completes the engagement process upon receipt of welcome package from the ISG Contract Engagement team. The welcome package is sent after the CMS Service Leads have processed the requests for services.

Within 10 Business Days

  • Hold contract calls as needed.
    The New Contractor participates in touchpoint meetings conducted by the CMS COR and the ISG Contract Engagement team to ensure the organization has all the necessary knowledge, templates, and points of contact (POCs) for any formal security deliverables or other security-related items within the dates of the engagement timeline.
  • Complete Post-Engagement Survey.
    The New Contractor receives link to Contract Engagement Post-Onboarding Survey from the ISG Contract Engagement team. The Contractor's response will assist the team in creating an effective and efficient onboarding process.

Offboarding Process

60 Days Prior to Period of Performance Ending

  • Notify of contract closeout.
    The Contractor works with the CMS COR in responding to one of four scenarios that will occur when a contract's period of performance ends and additional information that is needed by the ISG Contract Engagement team to coordinate user access to QualityNet IT Services.

Period of Performance Ends

  • Contract removed from QualityNet IT Services.
    The Contractor's user access to QualityNet IT Services is removed or transitioned by the ISG Contract Engagement team based on the scenario identified by the CMS COR. 

Contract Maintenance

During the contract's Period of Performance (POP), there are two actions for QualityNet IT Services that will require Contractor involvement:

  • Action 1: Approval of additional SPOCs.
    The Contractor seeks approval from the CMS COR for additional Security Points of Contact (SPOC), as needed. The CMS COR needs a HARP ID to approve/reject additional SPOC requests. Refer to the QualityNet | HARP for instructions on getting started with a HARP ID.
    NOTE: The first SPOC is set up by the ISG Contract Engagement team during the onboarding process.
  • Action 2: Approve additional QualityNet IT Services.
    The CMS COR or Contractor submits a request to obtain access to an additional service by emailing ISGContractEngagement@hcqisISGContractorOnboardingServices@cms.hhs.orggov. Refer to the Onboarding Process > Period of Performance Begins for guidance  on how to request additional services as an existing contractor.






Panel
borderColor#254b78
titleColor#ffffff
borderWidth1
titleBGColor#254b78
borderStylesolid
titleNeed Help ?

Excerpt Include
QualityNet Contract Services
QualityNet Contract Services
nopaneltrue


Info
iconfalse
titlePrint Friendly Version

ISG Contract Services - Onboarding/Offboarding - 508 Compliant PDF