Unlike most artifacts in this suite, the QASP is written and owned by the government (COR), not the contractor — it defines how FOPBA will independently verify Acme Federal Systems is meeting the PWS, separate from the contractor's own QA process.
In commercial healthcare PM work, quality assurance is typically the vendor's own internal process reported up to the client. Federally, the government runs a parallel surveillance process of its own — the contractor doesn't control how it's graded.
Surveillance Methods
| Deliverable / Service Area | Method | Frequency | Acceptable Quality Level |
|---|---|---|---|
| CDRL deliverable submissions | 100% review against CDRL acceptance criteria | Per due date | No more than 1 rejection cycle per item |
| Section 508 conformance | Independent government accessibility audit | At each release | Zero Level A/AA violations at go-live |
| Monthly status reporting | COR review for completeness/timeliness | Monthly | Submitted by CDRL due date, no material omissions |
| System availability (post-launch) | Automated uptime monitoring | Continuous | 99.5% monthly uptime |
| Help desk / defect response | Ticket log sampling | Monthly | Priority 1 defects acknowledged within 4 business hours |
Remedies for Unacceptable Performance
Repeated missed Acceptable Quality Levels are documented by the COR and reported to the CO, who may withhold payment, require a corrective action plan, or — in a sustained pattern — pursue contract remedies up to termination for cause. This is a materially different consequence path than a commercial vendor scorecard.