REQUEST FOR PROPOSAL INFORMATION SECURITY PROGRAM PROVIDER



Similar documents
OVERVIEW. We seek consultative services that would deal with the following objectives:

CITY OF CHILLICOTHE REQUEST FOR PROPOSALS

Network Test Labs Inc Security Assessment Service Description Complementary Service Offering for New Clients

FedRAMP Standard Contract Language

COLONIAL HEIGHTS PUBLIC SCHOOLS REQUEST FOR PROPOSAL (RFP) FOR MEDICAL AND MEDI-GAP INSURANCE RFP# HR FEBRUARY 19, 2013

UNIVERSITY OF CENTRAL ARKANSAS PURCHASING OFFICE 2125 COLLEGE AVENUE SUITE 2 CONWAY, AR 72034

Issue Date: March 4, Proposal Due Date: Tuesday, March 18, 2014 by 11:00 AM Mountain Time to:

RFP ADDENDUM NO. 1

Request for Proposal. Contract Management Software

ADDENDUM #1 REQUEST FOR PROPOSALS

CITY OF BONITA SPRINGS, FLORIDA RFP #

Leader Dogs for the Blind 1039 South Rochester Road Rochester Hills, MI 48307

CITY OF HIGHLAND PARK

Request for Proposals for a vendor to develop and execute a

Description: Publication Date: 9/21/2015. Closing Date/Time: Open Until Contracted

Secure Electronic Voting RFP Kit

SEALED BID REQUEST FOR INFORMATION

REQUEST FOR PROPOSAL

PRINCE EDWARD COUNTY REQUEST FOR PROPOSAL (RFP) FOR MEDICAL AND MEDI-GAP INSURANCE RFP# HR March 7 th, 2013

REQUEST FOR PROPOSAL NO. RFP09503 MIDDLE SCHOOL AND HIGH SCHOOL YEARBOOKS. Submittal Deadline: October 29, Time: 10:00 a.m.

Request for Proposals for Microsoft Project Server 2013 Implementation

OCIE CYBERSECURITY INITIATIVE

Request for Proposals IT INFRASTRUCTURE MODERNIZATION

REQUEST FOR PROPOSAL (RFP) BID# UPGRADE EXISTING NEXTGEN ELECTRONIC MEDICAL RECORDS SYSTEM (EMR/EPM/EDR/KPM)

Insert Client Name Request for Proposal for Security Risk Assessment Services Consulting

PROPOSALS REQUESTED THE TOWN OF OLD ORCHARD BEACH POLICE DEPARTMENT FOR IP-BASED VOICE COMMUNICATION SYSTEM

Central Fire Protection District Of Santa Cruz County th Avenue Santa Cruz, CA

Offers received without the entire completed three-page RIVP Generated Bidder Certification Form attached may result in disqualification.

CITY OF LANCASTER RFP NO LANCASTER PERFORMING ARTS CENTER TICKETING SOFTWARE SUBMISSION DEADLINE. July 24, 2015 BY 11:00 A.M.

REQUEST FOR PROPOSAL #R13004 INFORMATION SECURITY PENETRATION ASSESSMENT

State Health Benefit Plan Procurement Policy

How To Ensure The C.E.A.S.A

REQUEST FOR PROPOSAL: A NEW AUDITING SOLUTION FOR WINDOWS FILE AND DATABASE SERVERS

Request for Proposal for Financial Advisor City of Milwaukee, Wisconsin Water Works

Audit Management Software Solution

DGS (VCCS Rev. 04/15) Page 1 of 7 REQUEST FOR PROPOSALS

CounselorMax and ORS Managed Hosting RFP 15-NW-0016

Request for Proposal Enterprise Information Technology Security Assessment

TOWN OF LINCOLN INVITATION TO BID EMERGENCY PLANNING, DISASTER RECOVERY AND HAZARD MITIGATION GRANT PROGRAM SERVICES RFP #

Request for Proposal For: CQ5 Java Developer. ABA Information Systems April 11, Table of Contents

Prosecutorial Case Management System Maintenance/Enhancement Support Services. Request for Proposal: RFP #

Request for Proposal. Internet Access. Satilla Regional Libraries. Erate Funding Year July 1, 2014 through June 30, 2015

BIDDER S DATA SHEETS (FORMS TO BE COMPLETED BY BIDDER)

Kuali Coeus and InfoEd Reporting Rev. 0 RFP # Scope of Work

Request for Proposal For: PCD-DSS Level 1 Service Provider St. Andrew's Parish Parks & Playground Commission Bid Deadline: August 17, 2015 at 12 Noon

Request for Proposal:

Construction Management Services Delmar School District RFP No. DSD16001-CONSTR_MAN

RESIDENTIAL REAL ESTATE AGENT SERVICES FOR NEIGHBORHOOD STABILIZATION PROGRAM

GALVESTON COUNTY HEALTH DISTRICT. Request For Proposal Health Insurance Broker Services RFP

City of New Rochelle New York. REQUEST FOR PROPOSAL Specification No. 5044

REQUEST FOR PROPOSALS. Curriculum Evaluation Services. for. Network Security/Computer Forensics Associate Degree program ISSUE DATE: December 8, 2014

Enterprise Scheduler Rev. 0 Bid # Scope of Work

REQUEST FOR PROPOSAL (RFP) BID# CLINICAL SUPERVISION - DEPARTMENT OF CORRECTIONS PEER SUPPORT UNIT

REQUEST FOR PROPOSAL (RFP) BID# RFI - IMPLEMENTATION OF ONLINE PAYROLL REMITTANCES

Issue Date: June 22, 2011 Due Date: July 22, 4:00p.m.

NOTICE TO PROFESSIONALS. The undersigned shall receive sealed proposals for professional services for the County of Warren as follows:

8.OFFER DUE DATE: 2:00pm September 18, PAYMENT DISCOUNT TERMS

Request for Proposal HQC Evaluation of Saskatchewan s Lean Health Care Transformation: Phase 1

Attachment A. Identification of Risks/Cybersecurity Governance

ASPIRUS HEALTH SYSTEM

Department of Economic Opportunity

Independent Security Operations Oversight and Assessment. Captain Timothy Holland PM NGEN

STATE OF MAINE REQUEST FOR PROPOSALS AMENDMENT

Purchasing a Business in Utah - RFP Approval Bid Process

CITY OF CORONA RFP SB. ADDENDUM No. 2

WATERFRONT COMMISSION OF NEW YORK HARBOR An Instrumentality of the States of New York and New Jersey. Request for Proposal

Request for Proposals RFP No

[CTUIR ERP PROJECT CONSULTING]

NOTICE TO BIDDERS Request for Proposals Legal Notice Advertisement: publish two(2) times:

PROCUREMENT DEPARTMENT 2 MONTGOMERY STREET, 3 RD FL. JERSEY CITY, NJ ADDENDUM # 2

Request for Proposal. Provision and maintenance of ACBDA s data storage, software and hardware requirements

The Town of Londonderry, New Hampshire Community Development Department seeks proposals for:

REQUEST FOR PROPOSAL: ACCOUNTING/BOOKKEEPING SERVICES

REQUEST FOR PROPOSAL. Ambulance Billing Services

EAST PALO ALTO SANITARY DISTRICT

Request for Proposals: Digital/Internet Literacy Training for Federal Stimulus Grant

Request for Proposals Community Engagement and Business Development Consultant Contractor Loan Fund May 16, 2016.

Amendment 3: HRIS/Payroll only

NEWBURGH ENLARGED CITY SCHOOL DISTRIST NEWBURGH, NEW YORK REQUEST FOR PROPOSAL ARCHITECTURE SERVICES

PROCUREMENT STANDARD OPERATING PROCEDURES (SOP)

Request for Proposal For: Video Production and Live Streaming Services. ABA Section of Litigation August 14, 2013.

Vermont Energy Investment Corporation (VEIC), a nonprofit organization, requests proposals for Website Content Strategy for Efficiency Vermont.

How To Write The Jab P-Ato Vulnerability Scan Requirements Guide

ANNEX III. Special Instructions & Evaluation Criteria

REQUEST FOR QUALIFICATIONS ARCHITECTURAL/ENGINEERING DESIGN SERVICES For the RENOVATION OF THE TUTTLE BUILDING

New Jersey Educational Facilities Authority Request For Proposal Arbitrage Compliance Services

REQUEST FOR PROPOSAL

Transcription:

REQUEST FOR PROPOSAL INFORMATION SECURITY PROGRAM PROVIDER OCTOBER 18, 2013 1

Table of Contents I. EXECUTIVE OVERVIEW... 3 II. BACKGROUND... 3 A. Goals & Objective of Request... 3 B. Project Scope... 4 C. Project Deliverables... 4 D. Project Assumptions... 5 III. ANSWERING THE RFP... 5 A. RFP QUESTIONS... 5 B. RESPONSE SUBMISSION AND DEADLINE... 6 IV. VENDOR EVALUATION... 6 A. Evaluation Criteria... 6 V. VENDOR RFP RESPONSE... 7 A. Executive Summary of Company Profile:... 7 B. Description of Products and Services:... 7 C. Cost... 7 APPENDIX A: CERTIFICATION AND SIGNATURE PAGE... 8 APPENDIX B: COST PROPOSAL... 9 2

I. EXECUTIVE OVERVIEW First Coast Technical College is in the process of identifying firms who offer services to assist us in establishing an information security program to secure student and proprietary data. The intent of the Request for Proposal (RFP) is to identify an Information Security Program provider that can satisfy the requirements defined in the RFP. The selection process also includes but is not limited to a review and evaluation of the responses and reference checks. Selection of a vendor will be based on: Compliance with all the requirements of this RFP Vendor capabilities Client references Total cost of services To facilitate the selection process and help FCTC better understand your company and its services, it is requested that you provide all the information requested in this document. For you information, an overview of key project milestone dates is as follows: Milestone Completion Date RFP Release October 15, 2013 Questions on the RFP due October 23, 2013 Responses to questions from vendors October 25, 2013 RFP Responses Dues November 14, 2013 RFP Analysis and Vendor Selection November 13, 2013 FCTC Board Approval of Contract November 19, 2013 II. BACKGROUND A. Goals & Objective of Request The primary goals and objective of the development of an Information Security Program are to: 1. Establish and manage an information security program 2. Identify and confirm FCTC s vulnerabilities to information systems from internal and external threats by actually attempting to penetrate defenses 3. Identify and confirm FCTC vulnerabilities to information systems from internal and external threats by actually auditing the current architecture and system configuration 4. Minimize or eliminate business risks and exposures by identifying short and long term options and solutions for remediation of identified vulnerabilities 5. Determine the appropriate approach to develop or improve an existing information security program 6. Recognize solutions to risks, vulnerabilities, and/or threats 3

B. Project Scope Scope Parameter Penetration Testing Information Security Program Creation and Management (Virtual CISO) C. Project Deliverables Deliverable Penetration Analysis Report Final Presentation Security Policies & Procedures Corporate Security Assessment Report Description Internet-Facing Hosts Unlimited IP addresses tested Internal Hosts Unlimited IP addresses tested Creation of Information Security Program Establish Policies & Procedures to govern the security of the network and data Information Security Program Management Implement security bases upon created Policies & Procedures to reduce, transfer and mitigate risk Description and Purpose Report highlights and documents key engagement findings, conclusions, and recommendations regarding the vulnerabilities found during testing Details the exposures associated with your infrastructure from an internal and external perspective A presentation for management at the conclusion of the project to review the following: Penetration analysis results Overview of the current environment security posture Recommended action plan Policies & Procedures relevant to FCTC's environment to reduce, transfer and mitigate risk to the network and student data Report highlights and documents key engagement findings, conclusions, and recommendations regarding the vulnerabilities found in all systems during testing Details the exposures associated with your infrastructure and systems 4

D. Project Assumptions Assumptions FCTC will identify a senior Executive Sponsor to support the engagement. The Executive Sponsor will serve as the point of coordination to engage FCTC's executive core team members at key points during the project. FCTC will identify a Project Coordinator to provide operational assistance to the consulting team, to identify project participants, and to arrange meetings and associate logistics, etc. Should an alternate representative (designee) be assigned to participate in any workshop, presentation, or session, all answers and decisions of the alternate will be deemed accurate and may be used in the analysis and assessment without further qualification or review. FCTC will provide the consultant with timely responses to all requests for information, review, and resources, as well as workspace for the project team with the ability to access vendor systems through the Internet. FCTC will confirm IP address ranges, provide telephone number ranges, and supply target lists. FCTC has secured all necessary rights an permissions in the systems and facilities to permit the consultant to perform the service at the FCTC's address space. FCTC will provide access to necessary personnel for data gathering activities, such as interviews to obtain insight into the application development processes and procedures, as well as the nature of the application. Involvement of third parties shall require a third-party agreement to be signed, unless a Service Level Agreement exists and indicates FCTC's right to audit. This does not include resources owned by the third party on which multiple clients' data or services reside. All work will occur within weekday business hours (i.e.., 7 AM - 7 PM local time). Exceptions will be made for automated data gathering (e.g., vulnerability scanning). The actual Project Plan will based on a delivery schedule, including workshop dates, review activities, and presentation dates that will be mutually agreed and confirmed at the start of the project. III. ANSWERING THE RFP A. RFP QUESTIONS Vendors may submit questions relating to this RFP to the FCTC contact. Questions must be submitted in writing. All questions must be submitted on or before the date listed below to the address listed below in order to be considered. A written response will be published in an RFP addendum if a response is possible and appropriate. Non-written discussions, conversations, or questions and answers regarding this Solicitation are preliminary in nature and non-binding. Any questions regarding the content, scope or intent of this RFP should be directed vial mail or email to the attention of: Jeannie Dopson Chief Financial Officer 2980 Collins Avenue 5

St. Augustine, Florida 32084 Email: jeannie.dopson@fctc.edu 904-547-3500 All questions must be submitted in writing by the date specified in this document Friday, October 18, 2013 at 5:00 p.m. EST. All questions submitted, along with the responses, will be submitted back to the group of prospective vendors as a group with the asking of the party de-identified. Each vendor must have a designate point of contact on the RFP. FCTC will forward the responses to vendor questions to that person. B. RESPONSE SUBMISSION AND DEADLINE RFP Proposal responses must be submitted no later than 5:00 p.m. on Tuesday, November 12. Responses may be submitted in a.pdf format via email to the FCTC Contact, Jeannie Dopson, at jeannie.dopson@fctc.edu or responses may be submitted via mail to the address listed above. RFP responses must be clearly labeled: Information Security Program RFP Response. IV. VENDOR EVALUATION A. Evaluation Criteria To be evaluated as one of the potential vendors, each vendor must provide all of the information requested. Any information not provided that has been requested must have detailed explanation as to why that information was not submitted. Vendors failing to agree to the mandatory requirements of the RFP are subject to disqualification and their cost proposals will not be scored. Entering Not applicable is not acceptable. Vendors responding in a satisfactory format will be evaluated by the vendor selection team based on the areas listed below: Did the vendor meet all of the Mandatory Requirements as outlined in this RFP Did the vendor complete and submit the Certification and Signature Page ( Appendix A) Vendor knowledge and experience Timeliness and comprehensiveness in responding to this RFP Ability of vendor to meet RFP requirements Client references Total cost (with appropriate detail) FCTC will assemble an RFP Evaluation Team that will be comprised of persons knowledgeable in the terms and scope intended by the RFP. The evaluation criteria will be weighted by the selection team and applied to vendor responses in a uniform format to determine which vendor is the best business partner for FCTC. 6

V. VENDOR RFP RESPONSE Please provide the following information. In your response, please be sure to specifically state which question is being answered (i.e., A1, B3, etc). A. Executive Summary of Company Profile: The executive summary should contain the following information: 1. Please describe the benefits you believe FCTC will achieve through partnering with your company. Where possible, quantify the expected benefits. This may include the results of other benefit analysis performed or client contact names that may be referenced. 2. Please provide a brief description of your company and its products and services. 3. Please confirm the specific products and services that you are including in order to satisfy the RFP. 4. Please describe any experience that your company has had working with government agencies and/or entities. Include the names of a least two (2) other organizations of a similar scope and size. You will need to include the name and contact information for a person or persons at those organizations that can be used as a professional reference. You are encouraged to advise that person(s) listed that they will be contacted by FCTC for reference verification. 5. Specify the name, title, address, email, telephone and fax numbers of the contact including brief bios that define education and experience. Also please include the steps that your company takes to ensure the integrity and experience of your staff, e.g. background checks, etc. 6. List any and/or all relationships with any third party vendors and/or subcontractors who may be included in your proposed solution(s). B. Description of Products and Services: The products and services included in your response should address the following: B1. Detailed description of proposed solution/services B2. Known vulnerabilities and solutions B3. Software tools that you will be using B4. Methodology of non-software based vulnerability assessments, e.g. site inspections, intrusion testing, social engineering, etc. B5. Minimum information that vendor will need to get started B6. A description of you Quality Control Process B7. A description of the team that the vendor will assign to the project including brief resumes outlining the experience and qualifications of team members B8. The required professional references as requested in Section A, #4 of this RFP. C. Cost Please provide a cost proposal as part of your response. The cost(s) should be submitted as a fixed fee. See Appendix B for Cost Proposal Form. 7

APPENDIX A: CERTIFICATION AND SIGNATURE PAGE By signing below, I certify that I have reviewed this RFP solicitation in its entirety; understand the requirements, terms and conditions, and other information contained herein; that I am submitting this bid or proposal for review and consideration; that I am authorized by the bidder to execute this bid or any documents related thereto on bidder s behalf; and that I am authorized to bind the bidder in a contractual relationship. (Company) (Authorized Signature) (Representative Name, Title) (Phone Number) (Date) 8

APPENDIX B: COST PROPOSAL Service Year Cost Information Security Program/Virtual CISO 1 $ Information Security Program/Virtual CISO 2 $ Information Security Program/Virtual CISO 3 $ Yearly Penetration Testing 1 $ Yearly Penetration Testing 2 $ Yearly Penetration Testing 3 $ 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information