Request for Quote HIPAA Security Risk Analysis

Size: px
Start display at page:

Download "Request for Quote HIPAA Security Risk Analysis"

Transcription

1 Request for Quote Security Risk Analysis 4/26/13 Florida Department of Children and Families

2 Purpose The Florida Department of Children and Families (DCF or the Department) is looking for a qualified information security assessment firm to perform a Security Risk Analysis (RA) as defined in the Security Rule 45 CFR (a)(1)(A). DCF is requesting fixed price quotes for defined deliverables based on the Department of Management Services (DMS) State Term Contract, IT Consulting Services numbered using vendors and services as defined in Project Area 1, Analysis and Design. The terms and conditions of the Purchase Order/task order resulting from this Request for Quote (RFQ) shall take precedence over the terms and conditions set forth in the DMS state term contract, except where the terms and conditions of the state term contract are required by law. Funding for the Purchase Order/task order is contingent upon annual state legislative appropriation. Although the document that will result from this RFQ will be a Purchase Order issued under the relevant DMS state term contract(s), the term contract is used in the RFQ as a matter of convenience to denote that document. The goals of this engagement are to: 1. Satisfy the Meaningful Use Core Objective to Protect Electronic Health Information. 2. Guide the Department of Children and Families Risk Management Program to more effectively prevent, detect, contain, and correct security violations. 3. Meet Security Rule testing requirements. 4. Develop a long term security partner relationship. The Department of Children and Families is responsible for providing services to protect children and adults from abuse and neglect; addressing the needs of the developmentally disabled; administering public benefits programs and issuing benefits according to Federal mandates; administering programs to help clients overcome the effects of substance abuse; and providing treatment for mentally ill children and adults. As a result of this responsibility, DCF is in contact with detailed and often non-public, information concerning these vulnerable citizens and is dedicated to protecting the confidentiality, integrity, and security of this information. Schedule The following schedule has been defined to efficiently solicit multiple competitive quotes, select the most qualified vendor, and start the project within a short time period. Event 1. RFQ Released to Vendors April 26, Questions from Vendors About Scope or Approach Due May 1, Responses to Vendors About Scope or Approach Due May 26, Quote Due Date May 714, 2013 Date 5/6/20135/3/2013 Page 2 of 12

3 5. Vendor Presentations May , Finalist s Review May 15, Anticipated Decision and Selection of Vendor May 1622, Anticipated Project Start Date June 3, 2013 All quotes must remain valid for up to 30 days following the quote due date. Any costs incurred during the development of this quote or associated work will not be reimbursed. Award Selection Criteria All quotes will be reviewed using the following criteria: completeness proven technical capability ability of deliverable to clearly communicate findings and recommendations demonstrated information security experience in healthcare vendor objectivity cost Quotes should be submitted as a firm fixed price that includes travel costs. The Department of Children and Families reserves the right to not select the lowest cost and to not select a vendor if none sufficiently meet the goals of this RFQ. Quote Structure The following sections will be included, in this order: 1. Executive Summary This section will present a high-level synopsis of the vendor s response to the RFQ. The Executive Summary should be a brief overview of the engagement, and should identify the main features and benefits of the proposed work and describe how the vendor solution addresses stated high level business and technical goals. 2. Company Overview Provide a description of the company s history, culture, # of years performing security assessments, relative engagement experience, and key differentiators. 3. Fees Itemize all fees associated with the project. 4. Deliverables Include descriptions of the types of reports used to summarize and provide detailed information on security risk, vulnerabilities, and the necessary countermeasures and recommended corrective actions. Include sample reports as attachments to the quote to 4/17/13 Page 3 of 12

4 provide an example of the types of reports that will be provided for this engagement. 5. Schedule Include the method and approach used to manage the overall project and correspondence. Briefly describe how the engagement proceeds from beginning to end and include payment terms. 6. Contact Information Key sales and project management contact info including: name, title, address, direct telephone and fax numbers. 7. References At least three healthcare clients where a similar scope of work was performed. 8. Team Member Biographies/Resumes Include biographies and relevant experience of key staff and management personnel that will be involved with this project. 9. Scope and Methodology Detail specific objectives this scope will answer and reference frameworks, standards and/or guidelines used to develop scope. Also provide a detailed description of the methodology applied to complete the scope of work. 10. Sample Reports Include as a separate attachment, sample reports of services to be provided. It is required for each quote to completely address each section in this order to ensure a fair and accurate comparison of vendors. 4/17/13 Page 4 of 12

5 Scope of Work The Department of Children and Families is in the process of developing an internal Risk Management Program and seeks an objective third-party to aid in the RA process. This process should include the following phases: 1. Develop a project plan to define the overall project timeline, including key project milestones and deliverables. 2. Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information. 3. Validate that vulnerabilities and risks identified have been sufficiently mitigated. The identification of vulnerabilities should use multiple approaches including: A review of the following control categories: o Business Associate Oversight o Business Continuity and Disaster Recovery o Data Security (ephi and meaningful use reporting) o Information Security Program o Network Analysis o Personnel Security o Physical Security o Security Event and Incident Management o Systems Analysis Internal technical vulnerability assessment External penetration testing Social Engineering The vendor shall use both technical and non-technical methods to: 1. Identify missing controls by performing a gap analysis between implemented safeguards to those required by the Security rule. 2. Identify non-functioning controls by comparing documented policies and procedures to actual implemented controls. 3. Identify internal technical vulnerabilities by testing implemented security domains, device configurations, access controls, system hardening procedures, vulnerability management programs, etc. 4. Identify external vulnerabilities by enumerating all Internet-accessible services and validating which software, configuration, and password vulnerabilities are exploitable. 5. Identify areas to improve employee security awareness and training by focused social engineering testing. 4/17/13 Page 5 of 12

6 6. Validate all identified vulnerabilities have been addressed in a timely manner. 7. If sampling is part of your methodology, define when and how sampling will be used. The Department of Children and Families infrastructure for the purpose of this RFQ includes: Number of Physical Locations 125 Locations Requiring Physical Visit 5 Total Northwood 1940 N. Monroe Street Tallahassee, FL Winewood 1317 Winewood Blvd Tallahassee, FL Florida State Treatment Center 100 N Main Street Chattahoochee, FL Northeast Florida State Treatment Center 7487 Florida 121 Macclenny, FL North Florida Evaluation and Treatment Center 1200 NE 55 th Blvd Gainesville, FL Number of Employees Number of IT staff 11,866 Total Department FTEs Northwood 139 Winewood 1052 Florida State Treatment Center 1679 Northeast Florida State Treatment Center 1048 North Florida Evaluation and Treatment Center 356 Northwest Region 721 Northeast Region 1322 Suncoast Region 1461 Central Region 1976 Southeast Region 849 Southern Region Total FTEs Headquarters 177 4/17/13 Page 6 of 12

7 Number of Beds Number of Servers 130 Number of Workstations Number of Windows Domains 3 Number of Firewalls and Vendor(s) 1, CISCO Number of Routers and Vendor(s) Florida State Treatment Center 20 Northeast Florida State Treatment Center 11 North Florida Evaluation and Treatment Center 4 Northwest Region 11 Northeast Region 11 Suncoast Region 11 Central Region 14 Southeast Region 8 Southern Region Total Beds Florida State Treatment Center 959 Northeast Florida State Treatment Center 632 North Florida Evaluation and Treatment Center Total Northwood 249 Winewood (including Hotline) 1248 Florida State Treatment Center 787 Northeast Florida State Treatment Center 508 North Florida Evaluation and Treatment Center 194 Northwest Region 1126 Northeast Region 1597 Suncoast Region 1588 Central Region 2354 Southeast Region 920 Southern Region 1522 Northwood One Cisco router that provides MFN service Winewood Two Cisco routers that provide MFN service (includes Hotline) Florida State Treatment Center One Cisco router that provides MFN service Northeast Florida State Treatment Center One Cisco router that provides MFN service North Florida Evaluation and Treatment Center One Cisco router that provides MFN service Northwest Region 28 Cisco routers that provide MFN service Northeast Region 16 Cisco routers that provide 4/17/13 Page 7 of 12

8 MFN service Suncoast Region 29 Cisco routers that provide MFN service Central Region 30 Cisco routers that provide MFN service Southeast Region 19 Cisco routers that provide MFN service Southern Region 8 Cisco routers that provide MFN service Number of Public Facing IP addresses in Use 2 Number of Applications that Store ephi Approximately 159 Total Florida State Treatment Center 84 Northeast Florida State Treatment Center 33 North Florida Evaluation and Treatment Center 9 All other apps with ephi 33 Number of Wireless Networks in Use Northwood 10 Aerohive Access Points and 2 Cisco Access Points, hosting three wireless networks Winewood--6 Aerohive Access Points and 13 Cisco Access Points, hosting three wireless networks Florida State Treatment Center 9 Aerohive Access Points, hosting two wireless networks Northeast Florida State Treatment Center no wireless North Florida Evaluation and Treatment Center no wireless Northwest Region 4 Aerohive Access Points, 9 Cisco Access Points Northeast Region 3 Cisco Access Points Suncoast Region Central Region 20 Aerohive Access Points and 2 Cisco Access Points Southeast Region 1 Aerohive Access Point and 10 Cisco Access Points Southern Region 47 Aerohive Access Points and 2 Cisco Access Points Deliverables As a result of this project, the Department of Children and Families requests: a project plan that defines the overall project timeline and includes key project milestones, and 4/17/13 Page 8 of 12

9 deliverables; weekly status reports; and a documented and prioritized list of risks overall and by location, each defined by a specific vulnerability, its impact, the asset affected, and a recommendation to mitigate the risk. The final report will consist of the following sections: 1. Executive Summary appropriate for senior management to review and understand the current level of risk. 2. Introduction including the scope and methodology used for this assessment. 3. Findings and Mitigation Recommendations providing sufficient technical detail for the IT team to understand and replicate the issue. 4. Analysis Work Notes documenting all control and/or vulnerability categories tested and the results of the testing per location. The deliverables will be both concise and comprehensive, free from false positives and false negatives, and provide sufficient technical detail to support all findings. Deliverables must be in PDF format and shall be delivered encrypted or via another secure method. In addition, a presentation of findings to executive management and the technical team is required. Assessment follow-up access to the security engineering team for questions and clarifications is desired. 4/17/13 Page 9 of 12

10 Pricing DCF requires a fixed fee for deliverable pricing schedule that identifies the cost for each of the project deliverables identified below: Task Deliverable Cost of Deliverable Prepare Review Project Plan Project Work Plan Assess the physical and technical environment of the Office of Information Technology Services (OITS) located at the Northwood Center, including identifying compliance gaps, recommendations to mitigate the risks for OITS and levels of for OITS effort to Assess the physical and technical environment of the Headquarters offices located at the Winewood Office Complex, including identifying compliance gaps, vulnerabilities, impacts, the assets affected, and recommendations to mitigate the risks and levels of effort to accomplish each mitigation action. Assess the physical and technical environment of the Florida State Treatment Center located in Chattahoochee, Florida, including identifying compliance gaps, vulnerabilities, impacts, the assets affected, and recommendations to mitigate the risks and levels of effort to accomplish each mitigation action. Assess the physical and technical environment of the North Florida Evaluation and Treatment Center location in Gainesville, Florida, including identifying compliance gaps, Assess the physical and technical environment of the Northeast Florida Treatment Center located in Macclenny, Florida, including identifying compliance gaps, vulnerabilities, impacts, the assets affected, and recommendations to mitigate the risks and levels of effort to for Winewood for the Florida State Treatment Center for the North Florida Evaluation and Treatment Center for the Northeast Florida Treatment Center 4/17/13 Page 10 of 12

11 Assess the physical and technical environment of the Northwest Region, including identifying compliance gaps, Assess the physical and technical environment of the Northeast Region, including identifying compliance gaps, Assess the physical and technical environment of the Suncoast Region, including identifying compliance gaps, Assess the physical and technical environment of the Central Region, including identifying compliance gaps, Assess the physical and technical environment of the Southeast Region, including identifying compliance gaps, Assess the physical and technical environment of the Southern Region, including identifying compliance gaps, Summarize the statewide results, including any overarching compliance gaps, vulnerabilities, impacts, and the assets affected that are not documented in the individual location reports and recommend mitigation actions for these overarching compliance issues and levels of effort to accomplish each mitigation action. for the Northwest Region for the Northeast Region for the Suncoast Region for the Central Region for the Southeast Region for the Southern Region Executive Report Please describe efforts to maximize the use of state residents, state products, and other Floridabased businesses in fulfilling the contractual duties under this RFQ. 4/17/13 Page 11 of 12

12 Vendors shall not increase their proposed cost for the specified deliverables for the scope of work defined in this RFQ during the term of any Purchase Order resulting from this RFQ and any renewals. DCF may request additional services for additional costs at its sole discretion. Any additional services for the term of any Purchase Order renewals or extensions contemplated by this RFQ shall be subject to the availability of state funding and the approval of the department s Contract Manager. Submission of RFQ Responses Electronic responses are due to the Office of Information Systems Procurement Office no later than May 7, 2013 by 2pm ET. Responsibility for timely delivery rests with the Vendor. The Vendor electronic mail response to this RFQ should be addressed with the SUBJECT line as DCF Assessment Procurement and delivered to All required documents may be included as an attachment to the . Any quote received after the required time and date specified for shall be considered late and nonresponsive. Any late quotes will not be evaluated. 4/17/13 Page 12 of 12

Department of Children and Families (DCF) Request for Information (RFQ) #01U013DS1 HIPAA Compliance Review DCF Answers to Vendor Questions

Department of Children and Families (DCF) Request for Information (RFQ) #01U013DS1 HIPAA Compliance Review DCF Answers to Vendor Questions Department of Children and Families (DCF) Request for Information (RFQ) #01U013DS1 HIPAA Compliance Review s to Vendor Questions Questions as Submitted by Vendors (Duplicates omitted) 1. Have controls

More information

Request for Proposal HIPAA Security Risk and Vulnerability Assessment

Request for Proposal HIPAA Security Risk and Vulnerability Assessment Request for Proposal HIPAA Security Risk and Vulnerability Assessment May 1, 2016 First Choice Community Healthcare Timeline The following Timeline has been defined to efficiently solicit multiple competitive

More information

UNIVERSITY OF CENTRAL ARKANSAS PURCHASING OFFICE 2125 COLLEGE AVENUE SUITE 2 CONWAY, AR 72034

UNIVERSITY OF CENTRAL ARKANSAS PURCHASING OFFICE 2125 COLLEGE AVENUE SUITE 2 CONWAY, AR 72034 UNIVERSITY OF CENTRAL ARKANSAS PURCHASING OFFICE 2125 COLLEGE AVENUE SUITE 2 CONWAY, AR 72034 REQUEST FOR PROPOSAL Information Technology Security Audit RFP#UCA-15-072 PROPOSALS MUST BE RECEIVED BEFORE:

More information

Introduction and Background

Introduction and Background Request for Bid Network Security Assessment March 28, 2016 Introduction and Background Purpose of the Request for Proposal The Library Network operates a wide area telecommunications network for 70 public

More information

Leader Dogs for the Blind 1039 South Rochester Road Rochester Hills, MI 48307

Leader Dogs for the Blind 1039 South Rochester Road Rochester Hills, MI 48307 Leader Dogs for the Blind 1039 South Rochester Road Rochester Hills, MI 48307 REQUEST FOR PROPOSAL Information Security Assessment/External Penetration Testing PROPOSALS MUST BE RECEIVED VIA EMAIL BEFORE:

More information

REQUEST FOR QUOTE Department of Children and Families Office of Child Welfare National Youth in Transition Database Survey Tool January 27, 2014

REQUEST FOR QUOTE Department of Children and Families Office of Child Welfare National Youth in Transition Database Survey Tool January 27, 2014 REQUEST FOR QUOTE SUBJECT: Request for Quotes, State Term Contract #973-561-10-1, Information Technology Consulting Services TITLE: National Youth in Transition Database (NYTD) Survey Tool Proposal Software

More information

Penetration Testing. Request for Proposal

Penetration Testing. Request for Proposal Penetration Testing Request for Proposal Head Office: 24 - The Mall, Peshawar Cantt, 25000 Khyber Pakhtunkhwa, Islamic Republic of Pakistan UAN: +92-91-111-265-265, Fax: +92-91-5278146 Website: www.bok.com.pk

More information

Department of Management Services. Request for Information

Department of Management Services. Request for Information Department of Management Services Request for Information Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 Submitted By: Carlos Henley

More information

Florida Gulf Coast University Board of Trustees

Florida Gulf Coast University Board of Trustees Florida Gulf Coast University Board of Trustees Request for QUOTE Consulting Services (Employment Contract and Compensation Study for incoming President) RFQ Number RFQ 16E 001 Deadline for Questions prior

More information

Florida Cost Analysis of Addiction Programs (FCAAP): Methodology, Approach, and Lessons Learned

Florida Cost Analysis of Addiction Programs (FCAAP): Methodology, Approach, and Lessons Learned Florida Cost Analysis of Addiction Programs (FCAAP): Methodology, Approach, and Lessons Learned Isabelle C. Beulaygue University of Miami Addiction Health Services Research Annual Meeting Fairfax, VA October

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

Request for Expressions of Interest On a contract to perform: Renewal of Information Technology Strategic Plan 2013-2018

Request for Expressions of Interest On a contract to perform: Renewal of Information Technology Strategic Plan 2013-2018 Request for Expressions of Interest On a contract to perform: Renewal of Information Technology Strategic Plan 2013-2018 for City of Pitt Meadows Table of Contents Table of Contents... 2 General Information...

More information

Request for Proposal For: PCD-DSS Level 1 Service Provider St. Andrew's Parish Parks & Playground Commission Bid Deadline: August 17, 2015 at 12 Noon

Request for Proposal For: PCD-DSS Level 1 Service Provider St. Andrew's Parish Parks & Playground Commission Bid Deadline: August 17, 2015 at 12 Noon Request for Proposal For: PCD-DSS Level 1 Service Provider St. Andrew's Parish Parks & Playground Commission Bid Deadline: August 17, 2015 at 12 Noon Request for Proposal P a g e 2 Table of Contents 1.

More information

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 Adopting Multnomah County HIPAA Security Policies and Directing the Appointment of Information System Security

More information

Chapter 12. Competitive Negotiation: Elements of a Request for Proposals

Chapter 12. Competitive Negotiation: Elements of a Request for Proposals Chapter 12. Competitive Negotiation: Elements of a Request for Proposals Summary This chapter identifies the minimum elements of a request for proposals when procuring goods or services using the competitive

More information

WASHINGTON STATE ENERGY CODE COMMERCIAL COMPLIANCE DOCUMENTATION PROJECT

WASHINGTON STATE ENERGY CODE COMMERCIAL COMPLIANCE DOCUMENTATION PROJECT REQUEST FOR QUALIFICATIONS ANNOUNCEMENT FOR WEBSITE HOSTING & DATA RETENTION SERVICES WASHINGTON STATE ENERGY CODE COMMERCIAL COMPLIANCE DOCUMENTATION PROJECT Northwest Energy Efficiency Council 605 First

More information

REQUEST FOR INFORMATION FOR DELEGABLE VOCATIONAL REHABILITATION SERVICES RFI 2013-11

REQUEST FOR INFORMATION FOR DELEGABLE VOCATIONAL REHABILITATION SERVICES RFI 2013-11 REQUEST FOR INFORMATION FOR DELEGABLE VOCATIONAL REHABILITATION SERVICES RFI 2013-11 325 West Gaines Street Tallahassee, FL 32399-0400 Please deliver or email submissions to: Attn: Christina Davis 325

More information

Texas Comptroller of Public Accounts

Texas Comptroller of Public Accounts Texas Comptroller of Public Accounts Susan Combs, Comptroller Request for Information for Mobile Device Management Products and Services RFI#0313VC March 20, 2013 Page 1 of 7 A. Summary 1. Type of Document:

More information

Senior Security Analyst

Senior Security Analyst Senior Security Analyst REQUEST FOR QUOTATION Minority Business Enterprise (MBE) ONLY State Term Schedule Page 1 of 13 Table of Contents INTRODUCTION AND BACKGROUND...3 PURPOSE OF THE REQUEST FOR QUOTATION...3

More information

Minority, Women and Florida Veteran Business Enterprise Participation Plan Fiscal Year 2012-2013

Minority, Women and Florida Veteran Business Enterprise Participation Plan Fiscal Year 2012-2013 Minority, Women and Florida Veteran Business Enterprise Participation Plan Fiscal Year 2012-2013 Protect the Vulnerable, Promote Strong and Economically Self-Sufficient Families, And Advance Personal and

More information

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific

More information

FLORIDA AGRICULTURAL AND MECHANICAL UNIVERSTY. Request for Quote for Performance of Security Risk Assessment

FLORIDA AGRICULTURAL AND MECHANICAL UNIVERSTY. Request for Quote for Performance of Security Risk Assessment FLORIDA AGRICULTURAL AND MECHANICAL UNIVERSTY 1. Overview Request for Quote for Performance of Security Risk Assessment The Florida Agricultural and Mechanical University ( FAMU ) is seeking a qualified

More information

Tackling Medical Device Cybersecurity

Tackling Medical Device Cybersecurity Tackling Medical Device Cybersecurity Anthony J. Coronado Methodist Hospital of Southern California Biomedical Engineering Manager Overview of Initiative With the advancement of technology in the design

More information

Request for Proposals IT INFRASTRUCTURE MODERNIZATION

Request for Proposals IT INFRASTRUCTURE MODERNIZATION Request for Proposals IT INFRASTRUCTURE MODERNIZATION Deadline to Submit Questions for Response: March 25, 2015 by 4:00 pm Deadline for Proposal Submissions: March 27, 2015 by 4:00 pm REQUEST FOR PROPOSALS

More information

HIPAA Risk Analysis By: Matthew R. Johnson GIAC HIPAA Security Certificate (GHSC) Practical Assignment Version 1.0 Date: April 12, 2004

HIPAA Risk Analysis By: Matthew R. Johnson GIAC HIPAA Security Certificate (GHSC) Practical Assignment Version 1.0 Date: April 12, 2004 HIPAA Risk Analysis By: Matthew R. Johnson GIAC HIPAA Security Certificate (GHSC) Practical Assignment Version 1.0 Date: April 12, 2004 Table of Contents Abstract... 3 Assignment 1 Define the Environment...

More information

Penobscot County IT Department Technology Modernization: Server and Storage Virtualization

Penobscot County IT Department Technology Modernization: Server and Storage Virtualization Penobscot County IT Department Technology Modernization: and Storage Virtualization RFP NO. 20150501IT 85 Hammond Street Bangor, ME. 04401 p. 207-561-6177 f. 207-561-6179 support@penobscot-county.net www.penobscot-county.net

More information

REQUEST FOR INFORMATION DEBIT CARD PROCESSING FOR FLORIDA RETIREMENT SYSTEM (FRS) PENSION PLAN PAYMENTS RFI NO.: DMS 12/13-036

REQUEST FOR INFORMATION DEBIT CARD PROCESSING FOR FLORIDA RETIREMENT SYSTEM (FRS) PENSION PLAN PAYMENTS RFI NO.: DMS 12/13-036 REQUEST FOR INFORMATION DEBIT CARD PROCESSING FOR FLORIDA RETIREMENT SYSTEM (FRS) PENSION PLAN PAYMENTS RFI NO.: DMS 12/13-036 I. DEFINITIONS Payee A retiree or beneficiary of a retiree who has received

More information

Request for Proposals Information Technology Support & Consulting Services

Request for Proposals Information Technology Support & Consulting Services Request for Proposals Information Technology Support & Consulting Services City of Calistoga Finance Department 1232 Washington Street Calistoga, California 94515 Date of Issuance: Deadline to Submit Proposal:

More information

211 LA County. Technology Infrastructure Assessment. Request for Proposals. August 2012 Request for Proposals- 211 LA County 1

211 LA County. Technology Infrastructure Assessment. Request for Proposals. August 2012 Request for Proposals- 211 LA County 1 211 LA County Technology Infrastructure Assessment Request for Proposals August 2012 Request for Proposals- 211 LA County 1 1. General conditions and proposers directions 1.1. Overview 1.1.1. 211 LA County

More information

TENDER NUMBER: ITT/SACU/015/2015/O Information and Communication Technology (ICT) Audit IT Effectiveness Review

TENDER NUMBER: ITT/SACU/015/2015/O Information and Communication Technology (ICT) Audit IT Effectiveness Review TENDER NUMBER: ITT/SACU/015/2015/O Information and Communication Technology (ICT) Audit IT Effectiveness Review CLOSING DATE & TIME FRIDAY, 23 JANUARY 2015 17H00 (Namibian Time) POSTAL & PHYSICAL ADDRESS

More information

933 COMPUTER NETWORK/SERVER SECURITY POLICY

933 COMPUTER NETWORK/SERVER SECURITY POLICY 933 COMPUTER NETWORK/SERVER SECURITY POLICY 933.1 Overview. Indiana State University provides network services to a large number and variety of users faculty, staff, students, and external constituencies.

More information

Looking at the SANS 20 Critical Security Controls

Looking at the SANS 20 Critical Security Controls Looking at the SANS 20 Critical Security Controls Mapping the SANS 20 to NIST 800-53 to ISO 27002 by Brad C. Johnson The SANS 20 Overview SANS has created the 20 Critical Security Controls as a way of

More information

2011 2012 Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec.

2011 2012 Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec. The OCR Auditors are coming - Are you next? What to Expect and How to Prepare On June 10, 2011, the U.S. Department of Health and Human Services Office for Civil Rights ( OCR ) awarded KPMG a $9.2 million

More information

Asset Recovery Collections System. Request for Proposal

Asset Recovery Collections System. Request for Proposal DEPARTMENT OF FINANCIAL SERVICES Division of Rehabilitation and Liquidation Asset Recovery Collections System Request for Proposal February 17, 2016 REVISED FEBRUARY 18, 2016 2/18/2016 Revision Note: Paragraph

More information

Comptroller of Maryland Information Technology Division Annapolis Data Center Operations

Comptroller of Maryland Information Technology Division Annapolis Data Center Operations Audit Report Comptroller of Maryland Information Technology Division Annapolis Data Center Operations March 2015 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY

More information

Request for Proposals (RFP) Managed Services, Help Desk and Engineering Support for Safer Foundation www.saferfoundation.org

Request for Proposals (RFP) Managed Services, Help Desk and Engineering Support for Safer Foundation www.saferfoundation.org Request for Proposals (RFP) Managed Services, Help Desk and Engineering Support for Safer Foundation www.saferfoundation.org IMPORTANT NOTICE All proposal question and inquiries must be sent by email to

More information

Request for Proposals

Request for Proposals Request for Proposals Title: RFP #: 2010-HR-001 Issue Date: January 4, 2010 Due Date/Time: January 28, 2010 2 p.m. Issuing Agency: Harnett County Human Resources Department 102 E. Front Street P.O. Box

More information

HIPAA SECURITY RISK ANALYSIS FORMAL RFP

HIPAA SECURITY RISK ANALYSIS FORMAL RFP HIPAA SECURITY RISK ANALYSIS FORMAL RFP ADDENDUM NUMBER: (2) August 1, 2012 THIS ADDENDUM IS ISSUED PRIOR TO THE ACCEPTANCE OF THE FORMAL RFPS. THE FOLLOWING CLARIFICATIONS, AMENDMENTS, ADDITIONS, DELETIONS,

More information

Department of Economic Opportunity

Department of Economic Opportunity Department of Economic Opportunity REQUEST FOR INFORMATION Information Acknowledgement Form Page 1 of 9 pages SUBMIT RESPONSE TO: Department of Economic Opportunity DEPARTMENT RELEASE DATE: May 1, 2013

More information

REQUEST FOR INFORMATION. Hosted Website Solution and Services RFI #E15-037. Closing: March 24, 2015 at 2:00 pm local time.

REQUEST FOR INFORMATION. Hosted Website Solution and Services RFI #E15-037. Closing: March 24, 2015 at 2:00 pm local time. REQUEST FOR INFORMATION Hosted Website Solution and Services RFI #E15-037 Closing: March 24, 2015 at 2:00 pm local time. Halifax Regional Municipality Procurement Section Suite 103, 1 st Floor, 40 Alderney

More information

MODEL REQUEST FOR PROPOSALS (RFP) TEMPLATE Generalized for professional services. www.cdrfg.com

MODEL REQUEST FOR PROPOSALS (RFP) TEMPLATE Generalized for professional services. www.cdrfg.com MODEL REQUEST FOR PROPOSALS (RFP) TEMPLATE Generalized for professional services www.cdrfg.com CDR Fundraising Group 2015 This sample RFP is made available by the CDR Fundraising Group as a public service.

More information

Request for Proposal. Contract Management Software

Request for Proposal. Contract Management Software Request for Proposal Contract Management Software Ogden City Information Technology Division RETURN TO: Ogden City Purchasing Agent 2549 Washington Blvd., Suite 510 Ogden, Utah 84401 Attn: Sandy Poll 1

More information

EVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07

EVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07 EVALUATION REPORT Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review March 13, 2015 REPORT NUMBER 15-07 EXECUTIVE SUMMARY Weaknesses Identified During the FY 2014

More information

Request for Proposal: Catholic Charities of the Archdiocese of Miami, Inc. is accepting proposals until May 20th, 2016 for IT managed services.

Request for Proposal: Catholic Charities of the Archdiocese of Miami, Inc. is accepting proposals until May 20th, 2016 for IT managed services. Request for Proposal: Catholic Charities of the Archdiocese of Miami, Inc. is accepting proposals until May 20th, 2016 for IT managed services. Objective Catholic Charities of the Archdiocese of Miami,

More information

Network Security Policy

Network Security Policy Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus

More information

Request for Proposal Managed IT Services 7 December 2009

Request for Proposal Managed IT Services 7 December 2009 Request for Proposal Managed IT Services 7 December 2009 BuzzBack, LLC 25 West 45 th Street Suite 202 New York, NY 10036 Table of Contents 1 Summary... 1 2 Proposal Guidelines and Requirements... 1 2.1

More information

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY School Board Policy 523.5 The School District of Black River Falls ( District ) is committed to compliance with the health information

More information

Request for Resume (RFR) CATS II Master Contract. Section 1 General Information R00B4400024

Request for Resume (RFR) CATS II Master Contract. Section 1 General Information R00B4400024 RFR Number: (Reference BPO Number) Functional Area (Enter One Only) Section 1 General Information R00B4400024 Functional Area 10 - IT Management Consulting Services Position Title/s or Service Type/s (Short

More information

About This Document. Response to Questions. Security Sytems Assessment RFQ

About This Document. Response to Questions. Security Sytems Assessment RFQ Response to Questions Security Sytems Assessment RFQ Posted October 1, 2015 Q: Which specific security assessment processes are sought for this engagement? The RFQ mentions several kinds of analysis and

More information

Please Read. Apgar & Associates, LLC apgarandassoc.com P. O. Box 80278 Portland, OR 97280 503-384-2538 877-376-1981 503-384-2539 Fax

Please Read. Apgar & Associates, LLC apgarandassoc.com P. O. Box 80278 Portland, OR 97280 503-384-2538 877-376-1981 503-384-2539 Fax Please Read This business associate audit questionnaire is part of Apgar & Associates, LLC s healthcare compliance resources, Copyright 2014. This questionnaire should be viewed as a tool to aid in evaluating

More information

Network Support. Request for Proposals

Network Support. Request for Proposals Request for Proposals Network Support Worksystems is seeking one or more qualified and experienced organizations to provide back-up network support, develop system documentation, and develop a Disaster

More information

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the

More information

Vermont Information Technology Leaders

Vermont Information Technology Leaders Vermont Information Technology Leaders HIPAA COMPLIANCE POLICIES AND PROCEDURES Policy Number: InfoSec 1 Policy Title: Information Privacy and Security Management Process IDENT INFOSEC1 Type of Document:

More information

STATE OF NORTH CAROLINA

STATE OF NORTH CAROLINA STATE OF NORTH CAROLINA INFORMATION SYSTEMS AUDIT OFFICE OF INFORMATION TECHNOLOGY SERVICES INFORMATION TECHNOLOGY GENERAL CONTROLS OCTOBER 2014 OFFICE OF THE STATE AUDITOR BETH A. WOOD, CPA STATE AUDITOR

More information

Client Security Risk Assessment Questionnaire

Client Security Risk Assessment Questionnaire Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2

More information

Notice of Privacy Practices

Notice of Privacy Practices Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. This Notice of

More information

Fayetteville Public Schools Request for Proposals

Fayetteville Public Schools Request for Proposals Fayetteville Public Schools Request for Proposals TITLE: DEPARTMENT: Employee Benefits Broker Services Human Resources ISSUE DATE: May 28, 2013 DUE DATE: 4:00 PM, June 11, 2013 ISSUING AGENCY: Fayetteville

More information

ADDENDUM #1 REQUEST FOR PROPOSALS 2015-151

ADDENDUM #1 REQUEST FOR PROPOSALS 2015-151 ADDENDUM #1 REQUEST FOR PROPOSALS 2015-151 HIPAA/HITECH/OMNIBUS Act Compliance Consulting Services TO: FROM: CLOSING DATE: SUBJECT: All Potential Responders Angie Williams, RFP Coordinator September 24,

More information

Vendor Questions and Answers

Vendor Questions and Answers OHIO DEFERRED COMPENSATION REQUEST FOR PROPOSALS (RFP) FOR COMPREHENSIVE SECURITY ASSESSMENT CONSULTANT Issue Date: December 7, 2016 Written Question Deadline: January 11, 2016 Proposal Deadline: RFP Contact:

More information

REQUEST FOR PROPOSAL

REQUEST FOR PROPOSAL CITY OF MUKILTEO 11930 Cyrus Way Mukilteo, Washington 98275 425-263-8030 www.ci.mukilteo.wa.us REQUEST FOR PROPOSAL IT SERVICES ACQUISTION SCHEDULE The Acquisition Schedule is as follows, with all times

More information

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.

More information

P A G E C O U N T Y V I R G I N I A

P A G E C O U N T Y V I R G I N I A P A G E C O U N T Y V I R G I N I A Page County, Virginia Managed Information Technology Services Prepared September 4, 2015 R E Q U E S T F O R P R O P O S A L 1 INTRODUCTION AND BACKGROUND PURPOSE OF

More information

Retention & Destruction

Retention & Destruction Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of

More information

April 22, 2016 FLORIDA DEPARTMENT OF FINANCIAL SERVICES DIVISION OF REHABILITATION AND LIQUIDATION. Request for Proposal PC-9999-16003

April 22, 2016 FLORIDA DEPARTMENT OF FINANCIAL SERVICES DIVISION OF REHABILITATION AND LIQUIDATION. Request for Proposal PC-9999-16003 Division of Rehabilitation and Liquidation http://www.myfloridacfo.com/division/receiver/ DEPARTMENT OF FINANCIAL SERVICES April 22, 2016 1. Purpose FLORIDA DEPARTMENT OF FINANCIAL SERVICES DIVISION OF

More information

SAMPLE REQUEST FOR PROPOSAL (RFP) FOR MENTORING PRODUCTS/SERVICES

SAMPLE REQUEST FOR PROPOSAL (RFP) FOR MENTORING PRODUCTS/SERVICES SAMPLE REQUEST FOR PROPOSAL (RFP) FOR MENTORING PRODUCTS/SERVICES (1) Overview: (This part is where you, the client, provide a summary of the vision you have and the specific products/services you are

More information

Security Assessment Report

Security Assessment Report Security Assessment Report Prepared for California State Lottery By: Gaming Laboratories International, LLC. 600 Airport Road, Lakewood, NJ 08701 Phone: (732) 942-3999 Fax: (732) 942-0043 www.gaminglabs.com

More information

IT Optimization Consulting Services for Organizational Change Management (OCM)

IT Optimization Consulting Services for Organizational Change Management (OCM) IT Optimization Consulting Services for Organizational Change Management (OCM) April 5, 2013 REQUEST FOR QUOTATION MINORITY BUSINESS ENTERPRISE (MBE) PREFERRED State Term Schedule Table of Contents 1.

More information

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011 Nationwide Review of CMS s HIPAA Oversight Brian C. Johnson, CPA, CISA Wednesday, January 19, 2011 1 WHAT I DO Manage Region IV IT Audit and Advance Audit Technique Staff (AATS) IT Audit consists of 8

More information

AUDIT REPORT 03-11 WEB PORTAL SECURITY REVIEW. 2004 FEBRUARY R. D. MacLEAN CITY AUDITOR

AUDIT REPORT 03-11 WEB PORTAL SECURITY REVIEW. 2004 FEBRUARY R. D. MacLEAN CITY AUDITOR AUDIT REPORT 03-11 WEB PORTAL SECURITY REVIEW 2004 FEBRUARY R. D. MacLEAN CITY AUDITOR Web Portal Security Review Page 2 Audit Report 03-11 Web Portal Security Review INDEX SECTION I EXECUTIVE SUMMARY

More information

Richard Gadsden Information Security Office Office of the CIO Information Services

Richard Gadsden Information Security Office Office of the CIO Information Services Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO Information Services Sharon Knowles Information Assurance Compliance MUSC Medical Center

More information

SUPERIOR COURT OF CALIFORNIA

SUPERIOR COURT OF CALIFORNIA SUPERIOR COURT OF CALIFORNIA COUNTY OF LOS ANGELES REQUEST FOR QUOTE (RFQ) FOR LUMENSION PATCH MANAGEMENT SOFTWARE LICENSE RENEWAL SERVICES RFQ NUMBER 2014-PR35074294 Table of Contents SECTION TITLE PAGE

More information

Four Top Emagined Security Services

Four Top Emagined Security Services Four Top Emagined Security Services. www.emagined.com Emagined Security offers a variety of Security Services designed to support growing security needs. This brochure highlights four key Emagined Security

More information

TOWN OF SOUTH KINGSTOWN Request for Proposal

TOWN OF SOUTH KINGSTOWN Request for Proposal TOWN OF SOUTH KINGSTOWN Request for Proposal MEETING MANAGEMENT SYSTEM: Live and On Demand Video Streaming, Agenda Management, and Minutes Automation Contact Information: TOWN OF SOUTH KINGSTOWN ATTN:

More information

RFP No. 1-15-C017 OFFICE OF TECHNOLOGY INFORMATION SYSTEMS AND INFRASTRUCTURE PENETRATION TEST

RFP No. 1-15-C017 OFFICE OF TECHNOLOGY INFORMATION SYSTEMS AND INFRASTRUCTURE PENETRATION TEST RFP No. 1-15-C017 OFFICE OF TECHNOLOGY INFORMATION SYSTEMS AND INFRASTRUCTURE PENETRATION TEST Questions and Answers Notice: Questions may have been edited for clarity and relevance. 1. How many desktops,

More information

Security Manual Template Policy and Procedure Manual Compliance Management Made Easy ISO 27000 / HIPAA / SOX / CobiT / FIPS 199 Compliant

Security Manual Template Policy and Procedure Manual Compliance Management Made Easy ISO 27000 / HIPAA / SOX / CobiT / FIPS 199 Compliant Brochure More information from http://www.researchandmarkets.com/reports/3302152/ Security Manual Template Policy and Procedure Manual Compliance Management Made Easy ISO 27000 / HIPAA / SOX / CobiT /

More information

Security Information and Event Management (SIEM) Hardware & Software RFP #15-109309

Security Information and Event Management (SIEM) Hardware & Software RFP #15-109309 CITY OF FARMINGTON 800 Municipal Drive Farmington, NM 87401-2663 (505) 599-1373 Fax (505) 599-1377 http://www.fmtn.org REQUEST FOR PROPOSALS FOR Security Information and Event Management (SIEM) Hardware

More information

DISTRICT OF COLUMBIA SUPERIOR COURT OFFICE OF CONTRACTS AND PROCUREMENT REQUEST FOR PROPOSALS (RFP) FROM GSA FEDERAL SUPPLY SCHEDULE CONTRACTORS FOR

DISTRICT OF COLUMBIA SUPERIOR COURT OFFICE OF CONTRACTS AND PROCUREMENT REQUEST FOR PROPOSALS (RFP) FROM GSA FEDERAL SUPPLY SCHEDULE CONTRACTORS FOR DISTRICT OF COLUMBIA SUPERIOR COURT OFFICE OF CONTRACTS AND PROCUREMENT REQUEST FOR PROPOSALS (RFP) FROM GSA FEDERAL SUPPLY SCHEDULE CONTRACTORS FOR INFORMATION AND TECHNOLOGY PENETRATION TESTING AND INFORMATION

More information

Altius IT Policy Collection Compliance and Standards Matrix

Altius IT Policy Collection Compliance and Standards Matrix Governance IT Governance Policy Mergers and Acquisitions Policy Terms and Definitions Policy 164.308 12.4 12.5 EDM01 EDM02 EDM03 Information Security Privacy Policy Securing Information Systems Policy

More information

REQUEST FOR PROPOSAL: A NEW AUDITING SOLUTION FOR WINDOWS FILE AND DATABASE SERVERS

REQUEST FOR PROPOSAL: A NEW AUDITING SOLUTION FOR WINDOWS FILE AND DATABASE SERVERS REQUEST FOR PROPOSAL: A NEW AUDITING SOLUTION FOR WINDOWS FILE AND DATABASE SERVERS Issued: TABLE OF CONTENTS 1. Introduction...3 1.1 Purpose...3 1.2 Background...3 1.3 Scope of Work...3 1.4 Current Infrastructure...3

More information

Secure Electronic Voting RFP Kit

Secure Electronic Voting RFP Kit Secure Electronic Voting RFP Kit The purpose of this document is to assist election officials in jurisdictions with DRE voting systems in identifying and selecting qualified independent security experts

More information

CITY OF CHILLICOTHE REQUEST FOR PROPOSALS

CITY OF CHILLICOTHE REQUEST FOR PROPOSALS CITY OF CHILLICOTHE REQUEST FOR PROPOSALS The City of Chillicothe is accepting sealed proposals for a Financial and Payroll software system for the Chillicothe Auditor s office. Proposal Must Be Sealed,

More information

Request for Proposal No. CCAD2015-01 TECHNICAL/IT Services REQUEST FOR PROPOSAL FOR TECHNICAL/IT SERVICES CESAR CHAVEZ ACADEMY DENVER

Request for Proposal No. CCAD2015-01 TECHNICAL/IT Services REQUEST FOR PROPOSAL FOR TECHNICAL/IT SERVICES CESAR CHAVEZ ACADEMY DENVER REQUEST FOR PROPOSAL FOR TECHNICAL/IT SERVICES Request for Proposal No. CCAD2015-01 Date of Issue: December 18, 2015 RETURN TO: Kamini Patel, Executive Director/Principal 3752 Tennyson Street Denver, Colorado

More information

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008 U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October

More information

U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL

U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL FINAL REPORT: U.S. Election Assistance Commission Compliance with the Requirements of the Federal Information Security Management Act Fiscal

More information

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific documents requested,

More information

IBM Global Technology Services Statement of Work. for. IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing

IBM Global Technology Services Statement of Work. for. IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing IBM Global Technology Services Statement of Work for IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing The information in this Statement of Work may not be disclosed

More information

ACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire

ACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire ACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire Overview This pre-implementation questionnaire is designed to provide the Boston College Internal Audit Department with a general understanding

More information

Request for Proposal

Request for Proposal Request for Proposal Outsourced IT & Managed Services ISSUED DATE: 12/07-2015 RFQ COORDINATOR: MARY MACHADO (305)430-0085 HIS HOUSE INC. 20000 NW 47 TH AVENUE MIAMI GARDENS, FL. 33055 MMACHADO@HHCH.ORG

More information

After reviewing all the questions, the most common and relevant questions were chosen and the answers are below:

After reviewing all the questions, the most common and relevant questions were chosen and the answers are below: 2015 007 After reviewing all the questions, the most common and relevant questions were chosen and the answers are below: 1. Is there a proposed budget for this RFP? No 2. What is the expect duration for

More information

DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy IT Risk Strategy V0.1 April 21, 2014

DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy IT Risk Strategy V0.1 April 21, 2014 DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy IT Risk Strategy V0.1 April 21, 2014 Revision History Update this table every time a new edition of the document is published Date Authored

More information

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Type of Policy and Procedure Comments Completed Privacy Policy to Maintain and Update Notice of Privacy Practices

More information

REQUEST FOR PROPOSALS FOR A PROGRAM EVALUATOR TO EVALUATE LSC S MIDWEST LEGAL DISASTER COORDINATION PROJECT OCTOBER 28, 2015

REQUEST FOR PROPOSALS FOR A PROGRAM EVALUATOR TO EVALUATE LSC S MIDWEST LEGAL DISASTER COORDINATION PROJECT OCTOBER 28, 2015 LEGAL SERVICES CORPORATION REQUEST FOR PROPOSALS FOR A PROGRAM EVALUATOR TO EVALUATE LSC S MIDWEST LEGAL DISASTER COORDINATION PROJECT OCTOBER 28, 2015 Page 1 of 8 INTRODUCTION The Legal Services Corporation

More information

University System of Maryland University of Maryland, College Park Division of Information Technology

University System of Maryland University of Maryland, College Park Division of Information Technology Audit Report University System of Maryland University of Maryland, College Park Division of Information Technology December 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND

More information

Request for Proposal RFP No. IT-2015-101. Phone System Replacement

Request for Proposal RFP No. IT-2015-101. Phone System Replacement Request for Proposal RFP No. IT-2015-101 November 23 rd 2015 Phone System Replacement Deadline for Receipt of Proposals: January 18 th, 2016 at 4:30pm Proposals to be submitted by e-mail to Morgan Calvert

More information

COMMUNITY CARE FOR THE ELDERLY (CCE) PROGRAM REQUEST FOR PROPOSAL (RFP) GUIDELINES

COMMUNITY CARE FOR THE ELDERLY (CCE) PROGRAM REQUEST FOR PROPOSAL (RFP) GUIDELINES COMMUNITY CARE FOR THE ELDERLY (CCE) PROGRAM REQUEST FOR PROPOSAL (RFP) GUIDELINES This document is intended for use as guidance by area agencies on aging in the development of an area-specific request

More information

Infrastructure Technical Support Services. Request for Proposal

Infrastructure Technical Support Services. Request for Proposal Infrastructure Technical Support Services Request for Proposal 15 May 2015 ISAAC reserves the right to reject any and all proposals, with or without cause, and accept proposals that it considers most favourable

More information

HIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS

HIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS Department of Health and Human Services OFFICE OF INSPECTOR GENERAL HIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS AT STATE MEDICAID AGENCIES Inquiries

More information

FedRAMP Standard Contract Language

FedRAMP Standard Contract Language FedRAMP Standard Contract Language FedRAMP has developed a security contract clause template to assist federal agencies in procuring cloud-based services. This template should be reviewed by a Federal

More information

IBM Internet Security Systems. The IBM Internet Security Systems approach for Health Insurance Portability and Accountability Act compliance overview

IBM Internet Security Systems. The IBM Internet Security Systems approach for Health Insurance Portability and Accountability Act compliance overview IBM Internet Security Systems The IBM Internet Security Systems approach for Health Insurance Portability and Accountability Act compliance overview Health Insurance Portability and Accountability Act

More information

REQUEST FOR QUALIFICATIONS ARCHITECTURAL DESIGN SERVICES FOR A FIRE STATION

REQUEST FOR QUALIFICATIONS ARCHITECTURAL DESIGN SERVICES FOR A FIRE STATION Architectural Design Services RFQ October 30, 2015 Shoreline Fire Station & Headquarters Modifications REQUEST FOR QUALIFICATIONS ARCHITECTURAL DESIGN SERVICES FOR A FIRE STATION A. Purpose of Request:

More information