logo__image

GSA Multiple Award Schedule (MAS) — Contract 47QTCA23D00E1

Blue Parrot Software LLC delivers secure, modern software solutions through the GSA Multiple Award Schedule (IT Category). Federal and eligible state/local buyers can procure .NET and Azure-first application development, cloud engineering, and data services via GSA eBuy under contract 47QTCA23D00E1

GSA MAS 47QTCA23D00E1, Texas DIR Vendor ID 850931172, Texas HUB VID 1850931172800, SBA HUBZone, NMSDC MBE—fast, compliant purchasing for custom software, cloud/DevOps, automation, and data/analytics.

Post an RFQ on GSA eBuy
GSA Contract OverviewJoe Silva - COO
  • Contractor #: 7QTCA23D00E1
  • UEI: NFNJYXR6KT54
  • CAGE: 9F9R4
  • NAICS: 541511, 518210
  • Commodity Codes: 204-91-00; 208-43-22; 208-20-00; 208-32-00; 208-36-00; 208-82-10; 208-53-00; 208-67-58; 208-88-00
Blue Parrot Software LLCJoe Silva - COO

Contract #: 47QTCA23D00E1(GSA MAS – IT Category)

(956) 378-9072
1601 W Monte Cristo Rd., Suite A Edinburg, TX 78541
www.blueparrotsoftwarellc.com
bpsllc@blueparrotsoftwarellc.com

Core Competencies

  • .NET & Web application development — ASP.NET Core, Web APIs, microservices + React/TypeScript (Next.js SSR/SSG or SPA); secure integrations to ERP/HR/finance and mission systems; WCAG-aware UI patterns.
  • Cloud engineering (Azure & AWS) — architecture & landing zones (Azure Landing Zones, AWS Control Tower/Organizations); IaC (Bicep/ARM/Terraform, CloudFormation/CDK); automation (Azure DevOps/GitHub Actions, CodePipeline/CodeBuild); observability (Azure Monitor/Log Analytics, CloudWatch/X-Ray/OpenSearch); cost governance.
  • Migrations to Azure/Azure Government & AWS/AWS GovCloud (US) — SQL Server → Azure SQL/MI or Amazon RDS/Aurora; on-prem apps → App Service/AKS or ECS/EKS; file/DB → Azure Storage or Amazon S3; identity with Microsoft Entra ID (Azure AD) and AWS IAM Identity Center/SSO.
  • Power Platform & M365 solutions — Power Apps/Automate, SharePoint Online integration, data connectors, DLP & ALM policies, accessibility-conformant UI components.
  • Data engineering & analytics — ADF/Synapse/Databricks and AWS Glue/Lake Formation/Athena/EMR/Redshift; dimensional models & governed datasets; dashboards in Power BI (and Amazon QuickSight where required) with RLS and accessibility best practices.
  • DevSecOps — gated CI/CD; SAST/DAST/SCA; container & dependency scanning; secrets (Key Vault, Secrets Manager); image registries (ACR/ECR); environment promotion, rollback, and release automation.
  • Quality, security & accessibility — automated testing (unit/UI/API), performance baselines, logging/audit evidence, WCAG 2.1 AA workflows; documentation & hand-off runbooks.

Microsoft Stack Focus

  • Modernize .NET monoliths into maintainable services; implement API gateways, caching, and message queues.
  • Harden identity & access: Conditional Access, PIM, service principals, key rotation; map roles to least-privilege.
  • Establish Azure landing zones with policy, tagging, cost alerts, and baseline security controls; document runbooks.
  • Lift-and-shift or refactor legacy Windows/IIS workloads to App Service or AKS, with rollback plans and cutover checklists.
  • Data estate uplift to Azure SQL/Synapse; enforce data-quality rules and lineage; publish Power BI semantic models.
  • Automate releases with Azure DevOps/GitHub Actions; enable blue/green or canary; track release metrics and SLOs.

Modern App Stack Focus (AWS • React • Android • iOS)

  • Modernize app stacks into maintainable services; adopt API Gateway, ElastiCache, SQS/SNS/EventBridge; decouple UIs from backends with versioned APIs.
  • Harden identity & access: least-privilege IAM & SCP guardrails; IAM Identity Center (SSO); app auth with Amazon Cognito / OAuth2/OIDC; keys with KMS; secrets in Secrets Manager.
  • Establish AWS landing zones with Control Tower/Organizations; tagging, budgets & cost alerts; baseline controls via Security Hub, WAF/Shield, CloudTrail & Config; publish runbooks.
  • Lift-and-shift or refactor web & services: React/Next.js hosted on S3 + CloudFront or Amplify; backends on ECS/EKS/Lambda with rollback plans and cutover checklists.
  • Data estate uplift to S3 data lake with Lake Formation/Glue/Athena/EMR; operational stores on RDS/Aurora, analytics on Redshift; lineage & DQ in the Glue Catalog; publish QuickSight datasets/dashboards.
  • Automate releases with CodePipeline/CodeBuild/CodeDeploy (or GitHub Actions); enable blue/green or canary; observability via CloudWatch/X-Ray/OpenTelemetry; track release metrics and SLOs.
  • Modernize mobile apps (native): Android Kotlin & iOS Swift/SwiftUI with secure storage, MDM compatibility, offline sync, analytics; accessibility for TalkBack/VoiceOver; CI for signed builds and staged rollouts.

Stack Modernization

  • What this covers: modernizing apps, data, platform, identity, and delivery so agencies get secure, supportable systems with measurable outcomes.

What we Modernize

  • Applications (.NET first, multi-stack supported) upgrade to .NET 8/ASP.NET Core; retire WCF with REST/gRPC; extract services from monoliths; API gateways, caching, and queues.
  • Platform (Azure & AWS) containerize to AKS/EKS or replatform to App Service/ECS; adopt Functions/Lambda for event-driven workloads; service mesh and API management (Azure API Management / Amazon API Gateway).
  • Data estate SQL Server → Azure SQL MI/SQL DB or Amazon RDS/Aurora; pipelines in ADF/Synapse/Databricks or AWS Glue/Athena/EMR; governed models and BI in Power BI (and QuickSight where needed).
  • Identity & security Microsoft Entra ID (Azure AD) and AWS IAM Identity Center, OAuth2/OIDC, Conditional Access, PIM; secrets in Key Vault/Secrets Manager; posture via Defender for Cloud/Security Hub, WAF/Shield.
  • Observability & resilience Application Insights/CloudWatch, OpenTelemetry traces; SLOs with error budgets; DR targets (e.g., RTO ≤ 4 hrs / RPO ≤ 15 min); backup/restore runbooks.
  • DevSecOps & IaC pipelines in Azure DevOps/GitHub Actions or CodePipeline/CodeBuild; IaC with Bicep/Terraform/ARM and CloudFormation/CDK; SAST/DAST, SBOMs, blue/green or canary releases.

Migration patterns

  • Rehost / Replatform / Refactor / Rearchitect / Replace / Retire (6R/7R).
  • Strangler-Fig for incremental decomposition; feature toggles & parallel runs.
  • Side-by-side cutover with rollback and data reconciliation playbooks.

SOW-ready deliverables

  • Current-state assessment & risk register; target reference architecture diagrams.
  • Modernization roadmap (90/180/365-day plan) with backlog & dependencies.
  • CI/CD pipelines and IaC repositories; environment topology & access model.
  • Data conversion & validation scripts; API contracts (OpenAPI), integration adapters.
  • Security & accessibility evidence (threat model, test reports, WCAG 2.1 results).
  • Runbooks: operations, DR, release, rollback; knowledge-transfer & admin guides.

Acceptance & success metrics

  • Performance: p95 API ≤ agreed SLO (e.g., ≤ 500 ms baseline); concurrency targets met.
  • Reliability: availability ≥ 99.9%; RTO/RPO hit in DR test; mean-time-to-recover ≤ target.
  • Quality & security: UAT pass ≥ 95%; zero Sev-1 open at acceptance; SAST/DAST clean for criticals; SBOM published.
  • Cost & ops: unit cost per txn reduced X%; automated deploys with change-failure-rate ≤ 15%.
  • Accessibility: WCAG 2.1 AA defects tracked to closure with retest evidence.

Supported platforms & tech (examples)

  • Azure: App Service, AKS, Functions, API Management, Key Vault, Monitor/Log Analytics, ADF, Synapse, Databricks, SQL DB/MI.
  • AWS: ECS/EKS, Lambda, API Gateway, Secrets Manager, CloudWatch, Glue, Lake Formation, Athena, EMR, Redshift, RDS/Aurora, S3.
  • Languages/Frameworks: .NET/C#, REST/gRPC, message queues (Service Bus/SQS), caching (Redis/ElastiCache).

How to Buy via GSA eBuy

  • Draft a concise SOW (goals, deliverables, milestones, acceptance).
  • On GSA eBuy, post an RFQ under the appropriate IT category and reference 47QTCA23D00E1.
  • Evaluate best-value responses (technical, past performance, price).
  • Award and kickoff; we provide governance, security/accessibility checkpoints, and status reporting.
  • Direct link: https://www.ebuy.gsa.gov/ebuy/

Representative Work Packages (SOW-ready)

  • .NET & C# application development (ASP.NET Core, Web APIs, microservices, worker services) with secure integrations to ERP/HR/finance and mission systems.
  • Azure cloud engineering — architecture, landing zones, IaC (Bicep/Terraform), automation (Azure DevOps/GitHub Actions), observability (Azure Monitor/Log Analytics), and cost governance.
  • Migrations to Azure/Azure Government — SQL Server to Azure SQL/Managed Instance, on-prem apps to App Service/AKS, file/DB migrations, identity integration with Microsoft Entra ID (Azure AD).
  • Power Platform & M365 solutions — Power Apps/Automate, SharePoint Online integration, data connectors, accessibility conformant UI patterns.
  • Data engineering & analytics — Azure Data Factory/Synapse/Databricks pipelines; dimensional models; governed datasets; Power BI dashboards with RLS and accessibility best practices.
  • DevSecOps — gated CI/CD, SAST/DAST, dependency and container scanning, secrets management, environment promotion, rollback and release automation.
  • Quality, security & accessibility — automated testing (unit/UI/API), performance baselines, logging/audit evidence, WCAG 2.1 conformance workflows. (These build on your published strengths in full-stack development, cloud/IaC (CDK), databases, QA, and security.)

Acceptance & Performance Examples

  • Performance: p95 API ≤ agreed SLO (e.g., ≤ 500 ms baseline); concurrency targets met.
  • Reliability: availability ≥ 99.9%; RTO/RPO hit in DR test; mean-time-to-recover ≤ target.
  • Quality & security: UAT pass ≥ 95%; zero Sev-1 open at acceptance; SAST/DAST clean for critical; SBOM published.
  • Cost & ops: unit cost per txn reduced X%; automated deploys with change-failure-rate ≤ 15%.
  • Accessibility: WCAG 2.1 AA defects tracked to closure with retest evidence.