Request for Proposal For: PCD-DSS Level 1 Service Provider St. Andrew's Parish Parks & Playground Commission Bid Deadline: August 17, 2015 at 12 Noon



Similar documents
Request for Proposal. St. Andrew's Parish Parks & Playground Commission Bid Deadline: July 17, 2015 at 12 Noon

Request for Quotation

Request for Quotation For the Supply, Installation and Configuration of Security Analytics

Request for Quotation (RfQ028) Customer Relationship Management System (CRM)

United Way Monterey County

REQUEST FOR PROPOSALS FOR PCI COMPLIANCE SERVICES FOR THE GREENVILLE-SPARTANBURG AIRPORT DISTRICT

Request for Proposal/Quotation For Cowley County Network and SAN Expansion

Construction Management Services Delmar School District RFP No. DSD16001-CONSTR_MAN

Two Approaches to PCI-DSS Compliance

Contracting for Services

Vendor Questions and Answers

PCI Compliance Overview

Penetration Testing. Request for Proposal

Sample Statement of Work

REQUEST FOR PROPOSAL #R13004 INFORMATION SECURITY PENETRATION ASSESSMENT

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

Document Management System Request for Proposal

UNIVERSITY OF CENTRAL ARKANSAS PURCHASING OFFICE 2125 COLLEGE AVENUE SUITE 2 CONWAY, AR 72034

Office of Finance and Treasury

REQUEST FOR PROPOSAL: STRUCTURED CABLING, LAN SWITCHES, LONG DISTANCE SERVICE, ELECTRONIC FAXING, AND HOSTED VOIP SPECIFICATIONS

RFP Milestones, Instructions, and Information

C. La Plata County is exempt from all state taxation including state sales and use tax.

CITY OF SAN DIEGO ADMINISTRATIVE REGULATION Number PAYMENT CARD INDUSTRY (PCI) COMPLIANCE POLICY. Page 1 of 9.

PCI Requirements Coverage Summary Table

REQUEST FOR PROPOSAL

Project Title slide Project: PCI. Are You At Risk?

PCI Compliance. Top 10 Questions & Answers

PCI Requirements Coverage Summary Table

Solicitation Q External Vulnerability Scan & Web Application Vulnerability Scanning Services. Weber State University

Request for Proposals Erate Category 1 Hosted VoIP Service Hinds County School District

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

CHAMPAIGN COMMUNITY SCHOOL DISTRICT #4 Champaign, Illinois

REQUEST FOR PROPOSAL: A NEW AUDITING SOLUTION FOR WINDOWS FILE AND DATABASE SERVERS

PCI DSS 3.0 and You Are You Ready?

GALVESTON COUNTY HEALTH DISTRICT. Request For Proposal Health Insurance Broker Services RFP

Request for Proposals on Security Audit Services

Stephenson County, Illinois

SEALED BID REQUEST FOR INFORMATION

Accounting and Administrative Manual Section 100: Accounting and Finance

PCI Compliance at The University of South Carolina. Failure is not an option. Rick Lambert PMP University of South Carolina

Request for Proposal. Internet Access. Satilla Regional Libraries. Erate Funding Year July 1, 2014 through June 30, 2015

Payment Card Industry Data Security Standard

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

ADDENDUM #1 REQUEST FOR PROPOSALS

PCI Compliance Top 10 Questions and Answers

PCI Security Compliance

Shawnee County ATTN: Bill Kroll 200 SE 7 th Street, Rm B-30 Topeka, KS Phone Bill.Kroll@snco.us

How To Ensure Account Information Security

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

What are the PCI DSS requirements? PCI DSS comprises twelve requirements, often referred to as the digital dozen. These define the need to:

CITY OF LANCASTER RFP NO LANCASTER PERFORMING ARTS CENTER TICKETING SOFTWARE SUBMISSION DEADLINE. July 24, 2015 BY 11:00 A.M.

It Won t Happen To Me! A Network and PCI Security Webinar Presented By FMS and VendorSafe

Payment Card Industry Compliance Overview

Whitepaper. PCI Compliance: Protect Your Business from Data Breach

REQUEST FOR QUOTES (RFQ) FOR PLUMBING SERVICES. RFQ Release Date: August 3, Quote Due Date: August 21, 2015 at 5:00 p.m.

Memorandum. 1. Introduction

Bid Package for IT Support Services

Online Compliance Program for PCI

Credit Cards and Oracle: How to Comply with PCI DSS. Stephen Kost Integrigy Corporation Session #600

REQUEST FOR QUALIFICATIONS PROPERTY APPRAISAL SERVICES. Prepared by. City of Richmond Finance Department. February 18, 2016 RESPONSES DUE:

Credit Cards and Oracle E-Business Suite Security and PCI Compliance Issues

Vendor 1 QUESTION CCSF RESPONSE

PCI DSS. Payment Card Industry Data Security Standard.

Clark University's PCI Compliance Policy

REQUEST FOR PROPOSAL (RFP) FORM. Enter title here. Invitation to Bid. Utica College invites you to submit a proposal to brief description.

City of Colville Request for Proposals. To provide Information Technology (IT) Support Services, A Wide Area Network (WAN) and/or Hardware

CounselorMax and ORS Managed Hosting RFP 15-NW-0016

DotNetNuke (DNN) Hosting Environment

Spokane Airport Board (Spokane International Airport, Airport Business Park, Felts Field) Addendum #1 - Q&A

Request for Proposal Permitting Software

REQUEST FOR PROPOSAL For Retirement Investment Advisor Services Bid Number: March 2, 2015

REQUEST FOR PROPOSAL WAN AND INTERNET AND HOSTED VOIP

City of Belton 506 Main Street Belton, MO ATTENTION: Patti Ledford

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No MERCHANT DEBIT AND CREDIT CARD RECEIPTS

SecurityMetrics Introduction to PCI Compliance

REQUEST FOR QUALIFICATIONS/PROPOSALS (RFQ/P) FOR COMMERCIAL PROPERTY MANGEMENT SERVICES FOR 3737 MAIN STREET GROUND FLOOR COMMERCIAL

Whitepaper. PCI Compliance: Protect Your Business from Data Breach

REQUEST FOR PROPOSAL. RPMS EHR Lab Consultant Project NISQUALLY INDIAN TRIBE

REQUEST FOR PROPOSAL CONSTRUCTION MANAGEMENT SERVICES

Third-Party Access and Management Policy

AUTOMATING AUDITS AND ENSURING CONTINUOUS COMPLIANCE WITH ALGOSEC

PDQ Guide for the PCI Data Security Standard Self-Assessment Questionnaire C (Version 1.1)

Region 7 Education Service Center Request for Proposal (RFP) For Generator Installation

REQUEST FOR PROPOSAL RFP GPS FLEET MANAGEMENT SOLUTIONS FOR FREMONT UNIFIED SCHOOL DISTRICT 4210 TECHNOLOGY DRIVE FREMONT, CA 94538

Payment Card Industry Compliance

Property of CampusGuard. Compliance With The PCI DSS

TAHOE REGIONAL PLANNING AGENCY REQUEST FOR PROPOSAL FOR SOFTWARE CONSULTANT

TENDER FOR ROOF REPAIR FOR THE NSLC S METEGHAN RETAIL STORE NOVA SCOTIA LIQUOR CORPORATION 93 CHAIN LAKE DRIVE HALIFAX, NOVA SCOTIA B3S 1A3

AISA Sydney 15 th April 2009

Your Compliance Classification Level and What it Means

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)

INTERNATIONAL FOUNDATION FOR ELECTORAL SYSTEMS (IFES) RFQ/15/0061

IT Security Compliance PCI DSS FOR MERCHANTS THE PAYMENT CARD INDUSTRY DATE SECURITY STANDARD WHITE PAPER

Bottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure.

AMBULANCE TRANSPORT BILLING FOR MACON COUNTY EMERGENCY MEDICAL SERVICES

REQUEST FOR PROPOSALS SPEC. # 4995

CITY OF TULSA FINANCE DEPARTMENT. PROFESSIONAL SERVICES FOR Loyalty Rewards Card Program

NEWBURGH ENLARGED CITY SCHOOL DISTRIST NEWBURGH, NEW YORK REQUEST FOR PROPOSAL ARCHITECTURE SERVICES

Transcription:

Request for Proposal For: PCD-DSS Level 1 Service Provider St. Andrew's Parish Parks & Playground Commission Bid Deadline: August 17, 2015 at 12 Noon

Request for Proposal P a g e 2 Table of Contents 1. Confidentiality Statement...3 2. Submission Details...3 Pre-Submission Questions...3 Submission Deadlines...3 Submission Delivery Address...4 Submission Requirement Questions...4 Electronic Submissions...4 3. Introduction and Executive Summary...4 4. Business Overview & Background...4 5. Scope of Work and Technical Requirements...5 General...5 Required Services...5 Scope and Methodology...5 Deliverables...6 Project Management...6 6. Assumptions & Constraints...6 7. Pricing / Monthly Billing...7 8. Proposal Requirements...7 9. Selection Criteria...8 10. Process Schedule...8

Request for Proposal P a g e 3 1. Confidentiality Statement This document, and any attachments thereto, regardless of form or medium, is intended only for use by the addressee(s) and may contain legally privileged and/or confidential, copyrighted, trademarked, patented or otherwise restricted information viewable by the intended recipient only. If you are not the intended recipient of this document (or the person responsible for delivering this document to the intended recipient), you are hereby notified that any dissemination, distribution, printing or copying of this document, and any attachment thereto, is strictly prohibited and violation of this condition may infringe upon copyright, trademark, patent, or other laws protecting proprietary and, or, intellectual property. In no event shall this document be delivered to anyone other than the intended recipient or original sender and violation may be considered a breach of law fully punishable by various domestic and international courts. If you have received this document in error, please respond to the originator of this message or email him/her at the address below and permanently delete and/or shred the original and any copies and any electronic form this document, and any attachments thereto and do not disseminate further. Thank you for your consideration, Please respond to financedirector@standrewsparks.com with any questions or concerns. 2. Submission Details Pre-Submission Questions Prior to submitting your response, you may contact the following person if you have any questions or require clarification on any topic or the scope of work covered in this Request for Proposal: Susan Klugman Finance Director Tel: 843-763-4360 ext 1204 Email: financedirector@standrewsparks.com Submission Deadlines All submissions in response to this request must be submitted on paper and delivered to our office, as stated below, no later than: Friday, August 17, 2015 No later than 12 Noon Proposals must be submitted in a plainly marked and sealed envelop with the bidder's name and addressed Attn: PCI-DSS Level 1 Service Provider.

Request for Proposal P a g e 4 Any submission received at the designated location after the required time and date shall be considered late and non-responsive. Late proposals be rejected and will not be evaluated for award. Submission Delivery Address The delivery address to be used for all submissions is: 1095 Playground Rd Charleston, SC 29407 Attn: PCI-DSS Level 1 Service Provider Submission Requirement Questions You may contact the following person if you have any questions regarding the RFP submission requirements: Susan Klugman Finance Director Tel: 843-763-4360 ext 1204 Email: financedirector@standrewsparks.com Electronic Submissions Electronic submissions in response to this Request for Proposal will not be accepted. 3. Introduction and Executive Summary (StAPPC) is currently seeking proposals from qualified Providers who will provide PCI-DSS audit and compliance services etrak-plus, a parks and recreation management software. 4. Business Overview & Background St. Andrew's Parish Parks & Playground Commission was created by the General Assembly of the State of South Carolina in 1945. In addition to three public parks and a full service fitness center, the Commission owns, manages and operates a server based, real time recreation management software system, etrak-plus, with clients in 15 states comprising of state, county and local parks and recreation departments.

Request for Proposal P a g e 5 5. Scope of Work and Technical Requirements General St. Andrew's Parish Parks & Playground Commission seeks to contract with a qualified supplier to prepare and submit a proposal to furnish professional consulting services related to payment card industry data security standards ( PCI DSS ) to be performed by a qualified security assessor and related payment card industry compliance services. Required Services ASV Services o PCI DSS Quarterly Scanning and Internal Network Vulnerability Assessment o Monthly Penetration Testing QSA Services o PCI DSS Self-Assessment Questionnaire Training, Support and Review o PCI QSA Services o Security Policy Review as it relates to PCI Compliance o Onsite Data Security Audits o Online Monitoring and Tracking of Compliance Status of Each Account per Merchant ID o Online Detailed Recommendations on Possible Solutions to Specific Non- Compliant Accounts per Merchant ID Scope and Methodology Include detailed testing procedures and technical details for these items: DIAL-IN / RAS SECURITY TESTING DMZ OR NETWORK ARCHITECTURE DESIGNS / REVIEWS VIRTUAL INFRASTRUCTURE SECURITY ASSESSMENT SERVER CONFIGURATION REVIEWS FIREWALL AND ROUTER CONFIGURATION REVIEWS VPN CONFIGURATION REVIEWS SOCIAL ENGINEERING ASSESSMENTS PHYSICAL SECURITY REVIEWS SOFTWARE SOURCE CODE REVIEWS APPLICATION THREAT MODELING AND DESIGN REVIEWS INFORMATION SECURITY POLICY AND PROCEDURE DEVELOPMENT OR REVIEW INFORMATION SECURITY RISK ASSESSMENT SECURITY AWARENESS PROGRAM DEVELOPMENT OR REVIEW INCIDENT RESPONSE PROGRAM DEVELOPMENT OR REVIEW SECURE SDLC PROGRAM DEVELOPMENT OR REVIEW PCI REPORT ON COMPLIANCE ASSESSMENT OR GAP ANALYSIS

Request for Proposal P a g e 6 FORENSICS REVIEW AND REPORTING PCI COMPLIANCE TRAINING (ONSITE AND ONLINE) PCI POLICIES AND CREDIT CARD PROCEDURE DEVELOPMENT OR REVIEW ENDPOINT PROTECTION REVIEW TWO FACTOR AUTHENTICATION SYSTEM WIDE REVIEW AND RECOMMENDATIONS Deliverables Include descriptions of the reports used to summarize and provide detailed information on security risk, vulnerabilities, and the necessary countermeasures and recommended corrective actions. Include sample reports as attachments to the proposal to provide an example of the types of reports that will be provided for this work. Project Management & Implementation Include the method and approach used to manage the overall project and client correspondence. Briefly describe how the engagement proceeds from beginning to end. Include a description and timeline for program implementation including any issues which may restrict or hamper a successful implementation. 6. Assumptions & Constraints I. The VENDOR shall assume responsibility for meeting project deadlines regardless of weather and shipping delays. II. The VENDOR will be required to comply with all applicable laws for the State of South Carolina including but not limited to Labor Laws, Wages and Workers Compensation. III. The VENDOR must be acquainted with the nature and location of the project; the local conditions, the condition of the facilities; and the character of equipment and facilities needed before and during the performance of the work. IV. The VENDOR is responsible for procuring all Federal, State and local permits and licenses, becoming familiar with, following and meeting all regulations and standards including those of South Carolina Department of Health and Environmental Control (DHEC) and Federal Occupational Health and Safety Administration (OSHA) and the American with Disabilities Act (ADA); paying all charges, fees and taxes; and giving and posting all notices necessary in performing the work. VENDOR shall supply a list of sub-contractors involved in the project. VENDOR shall show proof that all sub contractors are licensed and bonded. V. The VENDOR must be prepared to provide services beginning September 30, 2015.

Request for Proposal P a g e 7 VI. The VENDOR must be available to attend (either in person or via teleconference) the initial project meeting on Monday, August 31, 2015 at 9:00 am EDT. 7. Pricing / Monthly Billing I. Pricing shall be quoted on a three (3) year contract initial term, and include an option to extend for an additional two (2) year term. This shall be specified in the contract and purchase order. Maximum duration of the agreement, including all extensions, shall be five (5) years. 8. Proposal Requirements I. Proposal Cover Statement a. The RFP Response must include a cover letter with original signature of the authorized Vendor Representative, which must be attached to the original RFP response and must precede the narrative. II. Table of Contents RFP a. Please provide a table of contents for your RFP response. III. Organization s Narrative: a. State your organization s name (include parent name if applicable.) b. Give a brief history and description of your organization and the business(es) in which you are engaged. c. List any accreditation and/or affiliation your organization may have with local, state, or national oversight organizations. d. Describe the experience of your staff in delivering your service, including their credentials. e. Identify the Project Manager and other key personnel who will be administering the contracted services. f. Tell us anything else you would like us to know about your organization that is relevant to your RFP response. g. Provide three professional references for projects similar in scope and size. h. Please limit your organization narrative to no more than two pages. IV. Technical Details / Scope of Work: a. Detailed Testing Procedures b. Deliverables V. Project Management & Implementation a. Provide a detailed description and timeline for the program implementation b. Provide name and title of Project Manager

Request for Proposal P a g e 8 c. Provide name and title of on-site representative d. Specify your company's dispute resolution process and time frame VI. Cost/Fee Information: a. Normal Invoicing Procedures b. Invoice must include: i. Net cost of each item or service ii. Terms Net 30 days 9. Selection Criteria I. VENDOR selection shall be based on a two-part rubric that includes a Vendor Selection Scorecard and the Average Score given by provided references. II. This RFP does not commit the Commission to award a contract, pay any cost incurred in the preparation of a proposal in response to the RFP or to procure or contract for any services. III. This project will not necessarily be awarded to the lowest bidder. All responses to this RFP will be evaluated based on the response that is the most advantageous to StAPPC and will provide the highest quality of service at a fair and competitive price. Furthermore, St. Andrew's Parks and Playground reserves the right to award in whole or in part and / or reject any and all bids. 10. Process Schedule Release of Request for Proposal: Sunday, August 2, 2015 Deadline for Pre-bid Questions: Wednesday, August 5, 2015 1:30 pm EDT RFP Sealed Submissions Due: Friday, August 21, 2015 at 12:00 noon EDT Vendor Evaluations: Friday, August 21, 2015 1:00 pm - 4:00 pm EDT Letter of Award: Friday, August 28, 2015 5:00 pm EDT Notice to Proceed and Project Meeting with Selected Vendor: Monday, August 31, 2015 5:00 pm EDT

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information