REQUEST FOR PROPOSAL INFORMATION TECHNOLOGY SECURITY CONSULTING BID INSTRUCTIONS

Transcription

1 REQUEST FOR PROPOSAL INFORMATION TECHNOLOGY SECURITY CONSULTING BID INSTRUCTIONS NOVA SCOTIA LIQUOR CORPORATION 93 CHAIN LAKE DRIVE HALIFAX, NOVA SCOTIA B3S 1A3 NSLC REFERENCE NO: SR-39-H-15 NSLC Contact: Stephen Bayer Manager, Procurement & Tendering

2 NOVA SCOTIA LIQUOR CORPORATION BID INSTRUCTIONS & INFORMATION 1. The NSLC is seeking to engage an information technology security consulting resource, to evaluate the NSLC s policies, procedures, and tools that have been implemented for information security. The successful proponent will provide recommendations for improvements based on gaps which are discovered during the engagement. They will assist the NSLC in remediating gaps where the NSLC lacks expertise. The development of a model for ongoing assessment and continuous improvement of NSLC s information security practices. 2. The NSLC maintains a policy which ensures all firms interested in becoming government suppliers shall be given equitable access to contract opportunities, except that consideration may be shown to Atlantic Provinces suppliers, manufacturers and contractors whenever practical and economically feasible to do so, consistent with The Atlantic Procurement Agreement. 3. Inquiries regarding the RFP Specifications are to be directed to Jason Miller, Manager, IT Service Delivery via at jason.miller@mynslc.com and general Procurement procedural inquiries to Stephen Bayer, Manager Procurement & Tendering via at stephen.bayer@mynslc.com Deadline for submitting questions is Wednesday, January 20, 2:00pm AST (Halifax local time). 4. Proposals documents must be ed to Tenders@myNSLC.com prior to the RFP closing date of Wednesday, January 27, AST (Halifax local time). Please indicate the RFP Reference Number and Title on the s subject line. 5. Late proposals received after the closing date and time will be disqualified from competition and not evaluated. 6. Proposals will only be accepted via Proponents should ensure that any calculations and totals are correct. If any discrepancies/errors are noted in the evaluation process, the quoted prices included in the proposal will prevail. All pricing must be submitted in Canadian dollars (CDN) exclusive of all taxes. 8. Proponents are urged to reply to specific sections of the RFP in the manner requested. 9. Any and all charges to the NSLC must be included and clearly stated within the proposal.

3 10. The proponent shall bear all costs associated with or incurred in the preparation and presentation of its proposal, including, if applicable, costs incurred for interviews or demonstrations. In the event that any proposal is not accepted, the NSLC will not be liable for any costs or damages incurred by the proponent. 11. All proponents accept and agree that only contracts or amendments signed by the President & CEO of the NSLC will be valid. 12. At any time throughout the RFP process, a Proponent may withdraw a submitted proposal in its entirety. To effect a withdrawal, a notice of withdrawal must be ed by an authorized representative to the Manager, Procurement & Tendering, NSLC. Proposals cannot be altered or changed in any way after the receiving of proposals. 13. Proponents wishing to amend an already submitted proposal must submit the amendment via before the designated closing date/time provided they are properly identified by company name, RFP number and due date and are received prior to the closing date and time. 14. The respondent shall ensure that he has in his possession at the time of submission, all addenda that may have been issued. Confirmation can be obtained by checking the RFP document on the Public Tenders website at Notification of the successful proponent, if any, will be ed to all proponents immediately after the successful proponent is determined. 17. The NSLC reserves the right to accept or reject any or all proposals, or cancel the RFP altogether, at its sole discretion. By submitting a proposal in response to this RFP, each proponent agrees that it accepts and agrees to this condition. 18. Proposal Evaluation Criteria The Proposals will be evaluated for in accordance with the criteria outlined in section 9.2 on page 13 of the Specifications section of the RFP document follow. Within 15 days after notification of award, unsuccessful proponents may request a debriefing on their proposal to be scheduled at a later date. 20. The NSLC will consider all proposals as confidential subject to the provisions of the Freedom of Information and Protection of Privacy Act S.N.S. 1993, as amended from time to time. Any proprietary or confidential information should be identified as such and the desired treatment specified. The NSLC will, however, have the right to make copies of all proposals received, for its internal review process.

4 21. It is the nature of this RFP process that this RFP and/or the submission of a proposal in response to the RFP will not constitute a binding agreement, but will form the basis for the finalization of the terms upon which the NSLC and the preferred proponent will enter into an agreement, and does not mean that the proposal is necessarily totally acceptable in the form submitted. After the recommendation of a proposal, the NSLC has the right to finalize the terms of the agreement with the proponent, and as part of that process, to negotiate changes, amendments or modifications to the successful respondent s proposal without offering the other respondents a similar opportunity to amend their proposals. The acceptance of a proposal and the award of any aspect of subsequent projects will be made in writing, and only in writing. At that time, the successful proponent and the NSLC shall enter into discussions to finalize an agreement. Any award is provisional until the proponent enters into a written contract on terms satisfactory to the NSLC. Note: In no event shall the NSLC be obligated to enter into the proponent s form of contract. In the event that a successful proponent fails or refuses to enter into, and duly execute a written contract acceptable to the NSLC within 45 days of the award, the NSLC reserves the right, at its sole discretion, to: - extend the period for executing a contract; - invite the next-best-ranked proponent to enter into negotiations; - not accept any proposal; or - to call for new proposals The defaulting proponent shall be responsible for all losses, damages, costs, and expenses (including consequential losses and damages, and legal fees on a solicitor-and-client basis) suffered or incurred by the NSLC as a direct or indirect result thereof, including but not limited to any increase in the price of performance over the price submitted by the defaulting proponent in its proposal.

5 REQUEST FOR PROPOSAL INFORMATION TECHNOLOGY SECURITY CONSULTING SPECIFICATIONS NOVA SCOTIA LIQUOR CORPORATION 93 CHAIN LAKE DRIVE HALIFAX, NOVA SCOTIA B3S 1A3 NSLC REFERENCE NO: SR-39-H-15

6 1. Background and Purpose Business Context RFP Purpose Current State Mandatory Conditions Laws of Nova Scotia Location References Terms Of Engagement Master Services Contract Master Services Contract Period Master Service Contract Content Cost and Value Confidential Information Service Model Local Presence Services To Be Provided Project Implementation Services Project Scope Project Implementation Timeline Understanding of Requirements Physical Safety & Environmental Considerations Business Continuity Plan Capabilities and Experience Project Team Contract Negotiation & Management Resource Skillset Summaries Pricing Consulting Services: Added Value Proposal Contents Proposal Evaluation and Award Evaluation Team Evaluation Process Step 1: Mandatory Elements Evaluated Step 2: Proposal Evaluation Step 3: Presentations Step 4: Update Scoring Evaluation Timeline Notification and Award Finalization of Contract RFP Administration Title Page Letter of Introduction / Corporate Overview Mandatory Conditions Page 2 of 19

7 10.4. Terms of Engagement Atlantic Procurement Agreement Inquiries Proposal Format and Compliance Proponent s Responsibility for Clarification Information One Proposal Irrevocable Proposal Confidential Proposals No Liability for Expenses Verification Misleading Information Page 3 of 19

8 1. BACKGROUND AND PURPOSE 1.1. Business Context The Nova Scotia Liquor Corporation (NSLC) is one of Nova Scotia s largest retailers and the for more than 80 years, the NSLC has been managing the safe and responsible sale of beverage alcohol in Nova Scotia, returning 100% of its profits to government to help fund key public services. The NSLC operates 104 retail stores, 58 Agency Stores, four Private Wine & Specialty stores and provides service to more than 2000 licensed establishments. The organization employs more than 1400 Nova Scotians and is customer focused, enjoying a customer satisfaction rating of 89%. As a true community partner, the NSLC conducts its business with integrity and respect for the environment while supporting the sale of over $30 million in local products every year contributing to a total of over $600 million in sales RFP Purpose The purpose of this RFP is for the NSLC to engage an information technology security consulting resource, to evaluate the NSLC s policies, procedures, and tools that have been implemented for information security. The successful proponent will provide recommendations for improvements based on gaps which are discovered during the engagement. They will assist the NSLC in remediating gaps where the NSLC lacks expertise. The development of a model for ongoing assessment and continuous improvement of NSLC s information security practices Current State The NSLC has implemented technical solutions in order to provide protection of our network, systems, and data assets. As well, the NSLC does not house data that would typically be viewed as a high value target such as credit card information. As a Crown Corporation and a prominent retailer, the NSLC has a brand and reputation to protect and any breach of our infrastructure could do serious harm to many of our business objectives through distraction of our resources and loss of trust from our customers. Page 4 of 19

9 2. MANDATORY CONDITIONS The mandatory conditions for the RFP are listed below. Any proposal that does not meet these requirements will be rejected without further consideration Laws of Nova Scotia The proposal must explicitly state that the Proponent agrees that the Master Services Contract and all Statements of Work resulting from this RFP will be governed under the laws of Nova Scotia and Canada Location Proponents must identify the location from which their proposed NSLC services will be based. Proponents may also provide more detail on their overall locations and service breakdown, and how their larger corporate structure can provide support to the local presence References Proponents must provide references from clients for whom they have provided similar services. A minimum of three references is preferred. Please include client contact information and addresses, and a brief summary of the services provided and the timeline. Proponents should be advised that the NSLC may contact references as part of the evaluation process. Page 5 of 19

10 3. TERMS OF ENGAGEMENT Final details of the Master Services Contract will be established following the award to the successful Proponent; however, the sections below highlight important clauses for the terms of the engagement. Proponents must explicitly indicate that the terms listed have been read and understood, and that mutually acceptable contract terms can be reasonably foreseen Master Services Contract The successful Proponent will enter into a Master Services Agreement with the NSLC which will constitute the legal agreement between the NSLC and the integrator, within 30 days from RFP award, and provide the framework, terms, standards and guidelines for all engagement Master Services Contract Period The master services contract resulting from this RFP will be effective for a 24 month period Master Service Contract Content The details of the Master Services Contract will be negotiated, but will include sections that outline expectations and SLAs in the following areas: Professional Services: 3.2. Cost and Value The NSLC takes cost management seriously, in order to fulfil our mandate of returning as much profit as possible to the Provincial government for public use. Knowing that there is a wide range of expertise and price point in the Information Technology Security Consulting market, the NSLC wishes to maximize the value-for-cost balance in choosing the successful Proponent, but will not necessarily choose the lowest cost proposal. The ideal partner will be able to provide a balanced mix of levels of expertise at competitive hourly rates, in order to support each piece of work with appropriate, cost-effective resources Confidential Information Confidential information shall be owned and remain the property of NSLC. The Propoent shall protect and maintain the confidentiality of the Confidential Information. If relevant, the Proponent must adhere to the Personal Information International Disclosure Protection Act ( with respect to the protection of personal information. PIIDPA makes it illegal for public bodies and municipalities to disclose information outside of Canada, or store personal information at (or allow it to be accessed from), locations outside Canada, unless certain circumstances exist Service Model The NSLC intends the relationship with the successful proponet to be a partnership model. Service levels and metrics will be established, provided and reviewed at regular intervals, with timely and effective remediation approaches. Page 6 of 19

11 Local Presence The NSLC s preference will be to choose a partner with a local presence, both to support onsite team collaboration when necessary, and to align with the NSLC s stated mandate to support Nova Scotia businesses. However, provided the proposed collaboration approach is strong, there is close time zone alignment, and there is no corporate risk due to international storage of NSLC data, the NSLC will consider a non-local Proponent on the basis of all other merits. As part of the RFP response, confirm that you can work in these environments. Page 7 of 19

12 4. SERVICES TO BE PROVIDED The successful Proponent will provide a well-rounded body of expertise, to partner with the NSLC in planning and delivering excellence in Information Technology Security services. The Proponent must describe its ability to provide the services desired by the NSLC. All sub-sections of this section should be addressed Project Implementation Services Project Scope The Proponent will evaluate the NSLC s policies, procedures, and tools that have been implemented for information security. The Proponet will provide recommendations for improvements to its evolving cyber security framework and response plan based on gaps which are discovered during the engagement. The Proponent will assist the NSLC in remediating gaps where the NSLC lacks expertise. The Proponent will develop a model for ongoing assessment and continuous improvement of NSLC s information security practices Project Implementation Timeline The Proponent should provide a project implementation timeline, based on the required scope Understanding of Requirements The Proponent should demonstrate an understanding of the requirements outlined in the scope of this RFP Physical Safety & Environmental Considerations Where relevant, the proponent should speak to how they meet OH&S standards and have proper equipment to support those standards. The proponent should outline their methods for reducing environmental impact Business Continuity Plan The proponent should outline their business continuity plan, specifically related to employee turnover as well as technology interruptions to service. Page 8 of 19

13 5. CAPABILITIES AND EXPERIENCE The successful Proponent will provide a well-rounded body of expertise, to partner with the NSLC in planning and delivering excellence in Information Technology Security consulting services. This section outlines the NSLC requirements related to the expertise of the service provider. The Proponent must describe its ability to provide the expertise, capability and experience desired by the NSLC. All sub-sections of this section should be addressed, with information on the Proponent s corporate expertise and specialization in the subject areas, levels of seniority and depth / breadth of knowledge Project Team The Proponent should identify the project team that would be assigned to work on this project with the NSLC and outline how these resources meet the project requirements Contract Negotiation & Management The Proponent should identify the resources that would be assigned to lead the negotiations of this contract with the NSLC and identify who would be responsible for overall contract management for the Master Services Agreement timeframe. The Proponent may also wish to outline their overall approach to contract management Resource Skillset Summaries The Proponent is requested to provide a summary of the resource skillsets, representing the ability of the Proponent to fulfill the services, expertise, capability and experience expectations of the NSLC on an ongoing basis. Each bio should be no more than one page in length. Page 9 of 19

14 6. PRICING All rates should be quoted in Canadian dollars. Harmonized Sales Tax (HST) or the Goods and Services Tax (GST) should not be included in proposed rates and/or pricing. Daily rates are not acceptable Consulting Services: The proposal must include an hourly rate range for services and/or specialties, by experience level. Service / Resource Type Specialization A Specialization B Experience Junior Intermediate Senior Junior Intermediate Senior Hourly Rate low end Hourly Rate high end Proponents must provide detailed information on any additional surcharges, management fees, overhead percentages or other charges applied in addition to the resource hourly rate. Proponents may also provide information on: expiry dates related to rates expected annual increases frequency of rate changes Proponents should also indicate whether or not fixed-price SOWs may be used for some or all engagements, and under what circumstances. Page 10 of 19

15 7. ADDED VALUE In this non-compulsory section the Proponent may outline how they could bring added value to the NSLC beyond what has been requested in this RFP. Proponents may highlight any information they believe to be valuable. Please note that this section may not be added as an Appendix, and must be included within the total page count of the body of the proposal Page 11 of 19

16 8. PROPOSAL CONTENTS This section describes the required content of the response to this RFP. All Proponents are asked to organize their proposals in the order outlined in the table of contents below. Proponents are advised to limit their proposals to not longer than 25 pages. In addition to the sections noted below, Proponents are free to include additional material in appendices; however, only the requested sections of the proposal will contribute to scoring. Proponents must provide one paper copy of their proposals, as well as one electronic copy in PDF format. Section # Section Title RFP Section 1. Title Page Letter of Introduction Mandatory Conditions Terms of Engagement Services to be Provided Capabilities and Expertise Pricing Added Value 7.0 Page 12 of 19

17 9. PROPOSAL EVALUATION AND AWARD 9.1. Evaluation Team The Evaluation Team will consist of representatives of the NSLC s Information Technology business unit as well as the Procurement and Tendering business unit. It is understood and accepted by any Proponent that all decisions about the degree to which a proposal meets the requirements of this RFP are the judgment of this Evaluation Team Evaluation Process Step 1: Mandatory Elements Evaluated Each proposal s compliance to mandatory criteria identified below will be evaluated. Any proposals that fail to meet these will be disqualified. Response signed by authorized representative of company Compliance with mandatory conditions All pricing submitted in Canadian dollars (CDN) exclusive of all taxes Step 2: Proposal Evaluation Proposals that pass the mandatory criteria will be evaluated and scored using the categories and weights outlined below. A proposal must achieve a total score of 75 or higher in order for the Proponent to be shortlisted for presentation, with no individual category scoring less than 20 points. Category Points Terms of Engagement (Section 3) 5 Services to be Provided (Section 4) 40 Project Implementation Timeline 20 Understanding of Requirements 20 Capabilities and Expertise (Section 5) 30 Overall + Project Team/Contract Management 10 Resource Skill Resumes 20 Pricing 25 Total Score 100 Added value (additional points available) Step 3: Presentations Shortlisted Proponents may be invited to present to the Evaluation Committee. Presentations will be held onsite at the NSLC location, at a mutually agreed time and date tentatively on February 8 th and/or February 9th, 2016, if required. A presentation agenda will be communicated with the shortlist notification. Page 13 of 19

18 Step 4: Update Scoring Following the presentations the Evaluation Committee will review and update the scoring of Proponents, and select the successful Proponent Evaluation Timeline Task Date Issue RFP Jan.12, 2016 Deadline for Q&A submissions (Questions from Proponents on RFP Content) Jan. 20, 2016 Publish Q&A Addendum to Tendering Site Jan. 21, 2016 Closing date for RFP Jan. 26, 2016 Review RFPs and create shortlist Feb. 1, 2016 Call for presentations for shortlisted vendors Feb. 2, 2016 Presentations Feb. 8-9, 2016 Final Selection Feb. 12, Notification and Award It is the nature of this RFP process that this is not an offer in relation to Contract A. No contract A, or a preliminary contract of any other form, is intended to be formed by acceptance of a proposal. The NSLC does not bind itself to select any proposal and may proceed as it determines, in its sole discretion, following receipt of proposals.. The NSLC reserves each of the following rights, each of which may be exercised at its sole discretion, and for any reason whatsoever: To reject any or all of the proposals; To accept a proposal that does not satisfy every requirement of the NSLC identified in this RFP; To terminate this RFP for any reason or no reason Finalization of Contract The selection of a successful Proponent will not constitute a binding agreement, but will form the basis for the finalization of the terms upon which the NSLC and the Proponent will enter into an agreement, and does not mean that the proposal is necessarily totally acceptable in the form submitted. After the selection of a successful Proponent, the NSLC has the right to finalize the terms of the agreement with the Proponent, and as part of that process, to negotiate changes, amendments or modifications to the successful Proponent s proposal without offering the other Proponents a similar opportunity to amend their proposals. Page 14 of 19

19 The acceptance of a proposal and the award of any aspect of subsequent assignments will be made in writing, and only in writing. At that time, the successful Proponent and the NSLC shall enter into discussions to finalize an agreement. Any award is provisional until the Proponent enters into a written contract on terms satisfactory to the NSLC. Page 15 of 19

20 10. RFP ADMINISTRATION The following terms will apply to this Request for Proposal and to any subsequent contract. Submission of a proposal in response to this Request for Proposal indicates acceptance of all the following terms Title Page Proponents must attach a Title Page to their proposal that contains the following: RFP Number Closing Date and Time Name of Proponent Mailing address and physical address Web site address Name and title of primary contact person Telephone number and address of primary contact person Company fax number Letter of Introduction / Corporate Overview Proponents must attach a letter of introduction to their proposal. It should be a maximum of 1 page in length and signed by the person or persons authorized to sign on behalf of, and bind the Proponent to, statements made in the proposal. The name and title of the signatory must be clearly identified. Proponents must provide a summary of the corporate profile including business focus, the total number of full-time employees, length of time in business, head office and significant branch locations. If one or more offices are located in Nova Scotia, please specify and provide the number and role of employees in the local office. If there are multiple lines of business, please include only information relevant to the services requested in this RFP. In this section Proponents may also note any memberships in relevant industry/professional associations, awards or accreditations achieved Mandatory Conditions Any proposal that does not meet the mandatory conditions, identified in section 2 of the RFP. will be rejected without further consideration Terms of Engagement Referring to section 3 of this RFP, the Proponent is requested to explicitly indicate that the terms and conditions have been read and understood, and that mutually acceptable contract terms can be reasonably foreseen. Page 16 of 19

21 10.5. Atlantic Procurement Agreement The NSLC Policy is to ensure that all firms interested in becoming NSLC suppliers shall be given equitable access to contract opportunities, except that consideration may be shown to Atlantic Provinces suppliers, manufacturers and contractors whenever practical and economically feasible to do so, consistent with the Atlantic Procurement Agreement Inquiries No Proponent can claim any advantage from any error, inconsistency, or omission in this RFP. Any Proponent who has questions as to the meaning of any part of this RFP, or who believes the RFP contains any error, inconsistency, or omission should submit an inquiry requesting clarification, interpretation or explanation to the NSLC at the following The NSLC reserves the right to distribute any or all questions and answers to all other potential Proponents through a Q&A addendum to be posted on the Public Tenders website. No information given orally by the NSLC, or by means of or telephone, will be binding, nor will it be construed to change the requirements of the RFP in any way Proposal Format and Compliance All instructions relating to the information to be provided and its format are requirements that must be substantially adhered to in order for the proposal to receive consideration. Failure to do so may result in the proposal being declared non-compliant. Any proposals declared non-compliant will be given no further consideration Proponent s Responsibility for Clarification It is the Proponent s responsibility to ensure that it has all the necessary information concerning the intent and requirements of this RFP, and to seek clarification of any matter it considers to be unclear before submitting a response. The NSLC is not responsible for any misunderstanding of this RFP on the part of the Proponent. Proponents have the responsibility to obtain clarifications from the contacts noted in this RFP and failure to understand its terms will not be considered a valid reason for any resulting non-compliant rating. The Evaluation Team will only seek clarification from a Proponent if requested information is ambiguous or missing and if such clarification does not offer the Proponent the opportunity to improve the competitive position of its response Information All requirements, designs, documentation, plans and information obtained by the Proponent from the NSLC in connection with this RFP are the property of the NSLC, and must be treated as confidential and not used for any other purpose than replying to this RFP and the fulfillment of any subsequent contract. Upon request of the NSLC, all such designs, documents, plans and information shall be returned to the NSLC One Proposal Proponents may not submit more than one (1) proposal. Page 17 of 19

22 Proponents may include options and alternatives in their proposal. Options may be included when the Proponent wishes to propose additional services beyond those specifically identified in the RFP Irrevocable Proposal The proposal submitted is irrevocable by the Proponent, and will remain in effect and open for acceptance by the NSLC for a period of sixty (60) days after the last day for the submission of proposals Confidential Proposals The NSLC will consider all proposals as confidential subject to the provisions of the Freedom of Information and Protection of Privacy Act S.N.S. 1993, as amended from time to time. Any proprietary or confidential information should be identified as such and the desired treatment specified. The NSLC will, however, have the right to make copies of all proposals received, for its internal review process No Liability for Expenses In the event that any proposal is not accepted, the NSLC will not be liable for any costs or damages incurred by the Proponent including, without limitation, any expenses incurred in the preparation and submission of the proposal or the preparation and performance of any presentations or demonstrations Verification The NSLC reserves the right to verify any information provided by a Proponent by whatever means it deems appropriate, including contacting references other than those offered, and to reject any such information if, in the judgment of the NSLC, such information is not verifiable Misleading Information It must be clearly understood that if there is any evidence of misleading or false information having been given, the NSLC may, at its sole discretion, reject the proposal. Note: In no event shall the NSLC be obligated to enter into the Proponent s form of contract. In the event that a successful Proponent fails or refuses to enter into, and duly execute a written contract acceptable to the NSLC within 45 days of the award, the NSLC reserves the right, at its sole discretion, to: extend the period for executing a contract; award the contract to the next qualified Proponent; not accept any proposal; or to call for new proposals and the defaulting Proponent shall be responsible for all losses, damages, costs, and expenses (including consequential losses and damages, and legal fees on a solicitor-and- Page 18 of 19

23 client basis) suffered or incurred by the NSLC as a direct or indirect result thereof, including but not limited to any increase in the price of performance over the price submitted by the defaulting Proponent in its proposal. Page 19 of 19