Think-tank Complex Project
Prepared November 21, 2012
Proprietary and confidential
REQUEST FOR PROPOSAL
Table of Contents
USING THIS TEMPLATE3
INTRODUCTION AND BACKGROUND5
PURPOSE OF THE REQUEST FOR PROPOSAL5
SCHEDULE OF EVENTS7
GUIDELINES FOR PROPOSAL PREPARATION8
DETAILED RESPONSE REQUIREMENTS9
SCOPE, APPROACH, AND METHODOLOGY9
PROJECT MANAGEMENT APPROACH9
DETAILED AND ITEMIZED PRICING10
APPENDIX: PROJECT TEAM STAFFING10
APPENDIX: COMPANY OVERVIEW10
EVALUATION FACTORS FOR AWARD11
SCOPE OF WORK12
USING THIS TEMPLATE
Foundstone has developed this Request For Proposal (“RFP”) template to help organizations identify and select a quality security vendor to perform professional services work. It also lists questions organizations should consider asking potential vendors to ensure that a thorough and comprehensive approach to the project will be taken. This template should apply for a variety of information security projects including:
• External Network Vulnerability Assessment and Penetration Testing • Internal Network Vulnerability Assessment and Penetration Testing • Web Application Penetration Testing
• Dial-In / RAS Security Testing
• DMZ or Network Architecture Designs / Reviews
• Wireless Network Assessment and Penetration Testing
• Virtual Infrastructure Security Assessment
• Server Configuration Reviews
• Firewall and Router Configuration Reviews
• VPN Configuration Reviews
• Voice over IP Assessments
• Social Engineering Assessments
• Physical Security Reviews
• Software Source Code Reviews
• Application Threat Modeling and Design Reviews
• Information Security Policy and Procedure Development or Review • Information Security Risk Assessment
• Security Awareness Program Development or Review
• Incident Response Program Development or Review
• Secure SDLC Program Development or Review
• PCI Quarterly Scans
• PCI Report on Compliance Assessment or Gap Analysis
The template contains a number of different sections that provide the vendor with a better understanding of the business and technical objectives of the effort. The major sections of the RFP template are:
• Introduction and Background: A description of the project’s objectives plus any additional background about the organization or business objectives that may provide the vendor with additional useful perspective.
• Administrative Information: Contact information that the vendors will need to prepare and submit their proposal as well as major dates associated with the RFP submission, evaluation and award process.
• Guidelines for Proposal Preparation: Guidelines for vendor communication with the organization are provided in this section and a preferred proposal format is described for the vendor.
• Evaluation Factors for Award: Outlines the criteria that will be used to evaluate the various proposals.
• Statement of Work and Deliverables: This section provides sufficient technical details about the environment to allow a vendor to understand the scope of the effort and price it appropriately. In addition, the deliverables or work products required from the project are described.
INTRODUCTION AND BACKGROUND
PURPOSE OF THE REQUEST FOR PROPOSAL
Cable Gods have been providing organizations and businesses with cable infrastructure and management solutions for...