STATE GOVERNMENT DEPARTMENT OF FINANCE AND ADMINISTRATION
REQUEST FOR PROPOSALS FOR INFORMATION SECURITY ASSESSMENT SERVICES (ISAS) RFP NUMBER: 427.04-107-08
SECTION 1 2 3 4 5 INTRODUCTION RFP SCHEDULE OF EVENTS PROPOSAL REQUIREMENTS GENERAL REQUIREMENTS & CONTRACTING INFORMATION PROPOSAL EVALUATION & CONTRACT AWARD
RFP ATTACHMENTS: 6.1 Pro Forma Contract Contract Attachment A: Attestation Re Personnel Used in Contract Performance Contract Attachment B: Memorandum of Understanding (MOU) Contract Attachment C: HIPPA Business Associate Agreement 6.2 6.3 Proposal Transmittal/Statement Of Certifications & Assurances Technical Proposal & Evaluation Guide Section A – Mandatory Requirements Section B – Qualifications & Experience
Section C – Technical Approach Section D – Security Gap Analysis Section E – Privacy Data Section F – Security Assessment Section G – Security Assessment Report Section H – Mitigating Risks Section I – BIA, BCP, and DRP Section J – Layered Security Solution 6.4 6.5 6.6 6.7 Cost Proposal & Scoring Guide Proposal Score Summary Matrix Reference Questionnaire Supplemental Templates
INTRODUCTION Statement of Purpose The State Government, Department of Finance and Administration, hereinafter referred to as the State, has issued this Request for Proposal (RFP) to define the State's minimum service requirements; solicit proposals; detail proposal requirements; and, outline the State’s process for evaluating proposals and selecting the contractor. Through this RFP, the State seeks to buy the best services at the most favorable, competitive prices and to give ALL qualified businesses, including those that are owned by minorities, women, persons with a disability, and small business enterprises, opportunity to do business with the state as contractors and sub-contractors. The State intends to secure a contract for Information Security Assessment Services (ISAS) Consultants to assist in strengthening the State’s security posture. Services include vulnerability assessments, penetration tests, and source code reviews. Vulnerability assessments and penetration testing services will be used to identify and validate configuration and/or technical flaws within a given system or network (i.e. firewalls, routers, servers, operating systems, applications, databases, loadbalancers, etc.). Source code reviews will be conducted to identify programming errors that may lead to security issues (i.e. format string mistakes, buffer overflows, memory leaks, etc.). A vendor that currently has active managed security service provider contract(s) with any State Government agency cannot bid on this RFP. In addition, during the term of the Contract awarded from this RFP, the winning vendor cannot bid on any procurement for managed security services released by State Government agencies or otherwise provide managed security services to State Government agencies. The vendor shall provide the services required by this RFP within the context of the technical environment described by the State Information Resources Architecture (sometimes referred to as the technical architecture). The vendor may request a copy of the Architecture by submitting a written request to the RFP coordinator listed in RFP Section 18.104.22.168.
Scope of Service, Contract Period, and Required Terms and Conditions The RFP Attachment 6.1, Pro Forma Contract details the State’s required:
Scope of Services and Deliverables in Section A; Contract Period in Section B; Payment Terms in Section C; Standard Terms and Conditions in Section D; and, Special Terms and Conditions in Section E.
The pro forma contract substantially represents the contract document that the proposer selected by the State MUST agree to and sign. 1.3 Nondiscrimination No person shall be excluded from participation in, be denied benefits of, be discriminated against in the admission...