CounselorMax and ORS Managed Hosting RFP 15-NW-0016



Similar documents
Request for Proposals

Prepared by: OIC OF SOUTH FLORIDA. May 2013

Introduction and Background

UNIVERSITY OF CENTRAL ARKANSAS PURCHASING OFFICE 2125 COLLEGE AVENUE SUITE 2 CONWAY, AR 72034

III. Services Required The following details the services to be provided to the Town of North Haven in the area of information services:

REQUEST FOR PROPOSAL-INFORMATION TECHNOLOGY SUPPORT SERVICES

Leader Dogs for the Blind 1039 South Rochester Road Rochester Hills, MI 48307

Office of Information Technology Hosted Services Service Level Agreement FY2009

Request for Proposal Managed IT Services 7 December 2009

Client Security Risk Assessment Questionnaire

FormFire Application and IT Security. White Paper

REQUEST FOR PROPOSALS INFORMATION TECHNOLOGY SUPPORT SERVICES. Bid Packets are Due:

University of Pittsburgh Security Assessment Questionnaire (v1.5)

REQUEST FOR PROPOSAL INFORMATION TECHNOLOGY SUPPORT SERVICES

Request for Proposals (RFP) Managed Services, Help Desk and Engineering Support for Safer Foundation

Collaborative Asset Management System (CAMS) Load Balancer Solution. Request for Proposal (RFP) Distributed by:

Invitation To Bid By State of Connecticut Office of Policy and Management. Vendor to Host Internet Applications. Amendment #2 October 29, 2008

Data Classification Technical Assessment

IBX Business Network Platform Information Security Controls Document Classification [Public]

Infrastructure Technical Support Services. Request for Proposal

APPENDIX 8 TO SCHEDULE 3.3

MS Design, Optimize and Maintain Database for Microsoft SQL Server 2008

Hosted SharePoint: Questions every provider should answer

How To Ensure The C.E.A.S.A

Penobscot County IT Department Technology Modernization: Server and Storage Virtualization

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Supplier Security Assessment Questionnaire

SaaS Service Level Agreement (SLA)

Designing, Optimizing and Maintaining a Database Administrative Solution for Microsoft SQL Server 2008

Service Catalog. it s Managed Plan Service Catalog

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

REQUEST FOR PROPOSAL

Vendor Audit Questionnaire

REQUEST FOR PROPOSAL FOR DESKTOP MANAGEMENT SYSTEM FOR MIDVALE CITY OFFICES

NYSED DATA DASHBOARD SOLUTIONS RFP ATTACHMENT 6.4 MAINTENANCE AND SUPPORT SERVICES

1 OPPORTUNITY SUMMARY

Hosted Exchange. Security Overview. Learn More: Call us at

Cloud Vendor Evaluation

CLOUD SERVICE SCHEDULE

System Security Plan University of Texas Health Science Center School of Public Health

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

GFI White Paper PCI-DSS compliance and GFI Software products

Security Controls for the Autodesk 360 Managed Services

Managed Service Plans

Ancero Backup & Disaster Recovery (BDR) Service Guide

MSP Service Matrix. Servers

R3: Windows Server 2008 Administration. Course Overview. Course Outline. Course Length: 4 Day

Attachment E. RFP Requirements: Mandatory Requirements: Vendor must respond with Yes or No. A No response will render the vendor nonresponsive.

SERVICE SCHEDULE INFRASTRUCTURE AND PLATFORM SERVICES

Exhibit to Data Center Services Service Component Provider Master Services Agreement

SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA

Appendix E to DIR Contract Number DIR-TSO-2736 CLOUD SERVICES CONTENT (ENTERPRISE CLOUD & PRIVATE CLOUD)

BMC s Security Strategy for ITSM in the SaaS Environment

Managing and Maintaining Windows Server 2008 Servers

Secure, Scalable and Reliable Cloud Analytics from FusionOps

Request for Proposals

Remote Services. Managing Open Systems with Remote Services

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Hosting Services VITA Contract VA AISN (Statewide contract available to any public entity in the Commonwealth)

City of Richmond Business and Financial Services Department. Contract 4595P. Security Information Event Management System

Network Support. Request for Proposals

To follow are answers to questions submitted regarding the Request for Proposals (RFP) Packet distributed on Friday, March 6, 2015.

IT INFRASTRUCTURE MANAGEMENT SERVICE ADDING POWER TO YOUR NETWORKS

CLOUD SERVICE SCHEDULE Newcastle

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

ACME Enterprises IT Infrastructure Assessment

Remote Infrastructure Support Services & Managed IT Services

APPENDIX 8 TO SCHEDULE 3.3

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Music Recording Studio Security Program Security Assessment Version 1.1

Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security

APPENDIX 3 TO SCHEDULE 3.3 SECURITY SERVICES SOW

PCI DSS Reporting WHITEPAPER

Data Center Colocation - SLA

CLOUD SERVICES FOR EMS

CHOOSING A RACKSPACE HOSTING PLATFORM

Keyfort Cloud Services (KCS)

Securing the Service Desk in the Cloud

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

Customized Cloud Solution

Ancero Network Attached Storage (NAS) Service Guide

Payment Card Industry Data Security Standard

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

REQUEST FOR EXPRESSIONS OF INTEREST 4887 EOI NETWORK BACKUP/ ARCHIVING

Request for Proposal: Catholic Charities of the Archdiocese of Miami, Inc. is accepting proposals until May 20th, 2016 for IT managed services.

Vendor Questionnaire

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

ANNEX A.1 TECHNICAL SPECIFICATIONS. OPEN CALL FOR TENDERS No F-SE-12-T10 WEB APPLICATIONS HOSTING SERVICES

Business process efficiency is improved with task management, alerts, notifications and automated process workflows.

UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM

REQUEST FOR PROPOSAL. # Storage Solution RFP

ediscovery Implementation Services Statement of Work To be Executed under State Blanket Contract ITS53 Cat2B

Enterprise Scheduler Rev. 0 Bid # Scope of Work

Transcription:

CounselorMax and ORS Managed Hosting RFP 15-NW-0016 Posting Date 4/22/2015 Proposal submission deadline 5/15/2015, 5:00 PM ET Purpose of the RFP NeighborWorks America has a requirement for managed hosting services for CounselorMax and Online Reporting System (ORS) web-based applications and is seeking a contractor to implement secure and reliable web-based access to both of these key external customer facing applications. Specifically, NeighborWorks America seeks to purchase application hosting services that will allow it to: Provide the CounselorMax and ORS software applications with secure web-based hosting services which will enable NeighborWorks affiliate organizations, and other organizations, the ability to collect and report data to NeighborWorks as required for surveys, quarterly and annual reports, and other required online reporting requirements. Provide CounselorMax user organizations with the ability to collect the required data and produce the necessary reports to meet the National Foreclosure Mitigation Program reporting requirements. Provide CounselorMax user organizations with the ability to manage their HUD Housing Counseling Grant required data and services and to meet the HUD 9002 reporting requirements. Provide user organizations with the ability to collect extensive client and service data required to effectively manage their service delivery. Provide the CounselorMax application with a redundant failover site to be activated quickly in case of primary system outage (ORS does not require a failover site) in order to ensure uninterrupted access to critical CounselorMax service data. Provide user organizations with the ability to exchange data with other key management systems increasing efficiency and management capacity. Provide NeighborWorks America and NeighborWorks America authorized vendors with access to the CounselorMax and ORS application for data analysis and maintenance through an effective remote access technology such as remote desktop connection. These activities are part of NeighborWorks Americas ongoing management program and are focused on increasing the organization s efficiency and management capacity by providing secure and reliable online management and reporting tools. NeighborWorks America anticipates a contract award to an outside independent organization to provide high quality hosting services for these two applications. A firm fixed

price contract type is anticipated with a four (4) year period of performance (inclusive of a base year and 3 one year options). NeighborWorks America will issue the options unilaterally without further competition if the services are required and the contractor s performance has been acceptable. Background on NeighborWorks America NeighborWorks America is a national non-profit organization created by Congress in 1978 to provide financial support, technical assistance and training for community-based revitalization efforts. It is composed of three major parts: NeighborWorks America, the founder of the NeighborWorks network, provides support to and strengthens NeighborWorks organizations by providing training, technical assistance, funding and organizational assessments. NeighborWorks America was created by Congress in 1978 in order to revitalize older urban neighborhoods by mobilizing public, private, and community resources at the neighborhood level. Today, NeighborWorks America supports more than 240 organizations revitalizing their communities in rural and urban America. The NeighborWorks Network is a national network of more than 240 independent, community-based nonprofit organizations working to revitalize urban, suburban, and rural communities through the work of thousands of residents, business people, government officials and other partners. Several Related Capital Corporations work with NeighborWorks America to build partnerships, develop loan products, and support financing vehicles that expand affordable housing opportunities in communities served by local NeighborWorks organizations. Background on Division/Program Division Background Information Technology & Services (IT&S) is a division of NeighborWorks America which provides and supports the information technology environment that enables NeighborWorks America staff to effectively meet the goals of the corporation. In addition, IT&S provides tools and applications development for NeighborWorks Network Organizations and for the community development field. IT&S also provides information technology consulting and planning services to the corporation s business units to address the growing technology needs in support of the Corporation s strategic plan. IT&S is comprised of a Program Management Office, IT Operations, Enterprise Architecture, Business Applications, IT Security and Compliance and Database Engineering. Our staff is committed to providing quality products and timely support to assist our clients in meeting their business goals, while at the same time preserving the security and stability of our corporate network.

Program Background The business purpose of the CounselorMax application is to provide NeighborWorks Network users with housing counseling client tracking and reporting functionality. Currently there are approximately 900 subscriber organizations and 8,000 individual users. The business purpose of the ORS (Online Reporting System) application is to collect and validate NeighborWorks compliance data from NeighborWorks Organizations. It has an MS SQL DB component, a Windows IIS Web Server component and a Windows and IIS Server application component. The application is developed in a.net environment. Scope of Services NeighborWorks requires managed hosting services for two applications (CounseloMax and ORS). The contractor shall provide hosting services that will meet or exceed the following requirements as detailed below. The contractor shall provide the following features and functionality: 1. Hosted Environments A. Production Database (DB) Server Environment Dedicated Windows environment with SQL Server 2008, or later, capable of handling the current transaction volume and current storage requirements with sufficient room for growth based on the historical growth trajectory as detailed below. CounselorMax application database metrics: Current Database Size as of March 20, 2015 = 178 GB Growth rate: December 2014 = 170 GB (current) December 2013 = 115 GB August 2012 = 50 GB December 2011 = 30 GB December 2010 = 9 GB December 2009 = 4.3 GB Average daily data base transaction volume = 3.1 million transactions

ORS application database metrics: Current Database Size March 20, 2015 = 11.3 GB Growth rate: December 2014 = 12.0 GB December 2013 = 9.5 GB December 2012 = 8.1 GB December 2011 = 6.3 GB B. Production Environment Application and Web Server The contractor shall also provide Windows dedicated or virtualized environments with IIS capable of handling the current transaction volume. The application and Web servers shall contain sufficient room to grow on a planned and as-needed basis. Currently the production environment application server runs Microsoft terminal services for remote access by application support staff and development staff, as well as Microsoft Access for reporting purposes, and a Tomcat web server for processing Credit Reports. The proposed production Application and Web Server configuration should allow for the following transaction volume as well as having capacity for future growth. CounselorMax metrics: Average daily web hits January, 2015 = 637,000. Average daily bandwidth usage = 2 GB/day web traffic. ORS metrics: Average daily web hits = 46,000 hits/day Average daily bandwidth = 1.5 GB/day of web traffic C. Pre-Production Redundancy and Failover Environment: The contractor shall also provide a pre-production redundancy/failover environment. This environment is needed for business continuity in case of any disaster or other event rendering the primary production environment inoperable for more than 15 minutes. The CounselorMax application is considered mission critical for many user organizations. As such, we require redundancy in case of catastrophic failure of the primary production site. CounselorMax requires a failover system capable of going into production within 15 minutes of catastrophic loss of service at the primary site. This requirement includes a failover system capable of meeting all of the production environment requirements plus a viable routine replication method that will ensure little or no loss of data (maximum loss of data in the current environment is 15 minutes via log shipping). This environment does not have to be identical to the full

production environment but must have sufficient resources to ensure that the CounselorMax application is available to end-users and functional. In your proposal you must detail any expected performance limitation of the Pre-production Redundant Failover environment. D. Testing environment: The contractor shall also provide a testing. This environment may be a virtualized environment that replicates the production environment for internal testing and quality assurance work. This system should replicate the architecture of the production system but should not be open to general internet traffic. A secure remote desktop or other remote access technology for internal staff and authorized contractors is required. E. Development environment: The contractor shall also provide a development environment. This environment may be a virtualized environment that replicates the production environment for development work. This system should replicate the architecture of the production system, but should not be open to general internet traffic. A secure remote desktop or other remote access technology for internal staff and authorized contractors is required. NeighborWorks will want to load software and tools on this environment for development and source control purposes. Appendix B provides a diagram of the current CounselorMax hosted environment and configuration at a high-level. We are not necessarily seeking to replicate this environment, and in fact recognize that this environment should be upgraded and expanded with the new contract. It is presented for informational purposes to help you identify the minimum level of system requirements that are acceptable. 2. Other Hosing Services A. Managed Telecommunications The contractor shall provide managed, redundant internet connection for CounselorMax and ORS. The telecommunications technology should include redundant routers and firewall. B. Operating System Administration Operating system administration of the CounselorMax and ORS servers and assistance to the development team in troubleshooting application problems. This should include installation of operating system patches as called for by security best practice and as required to maintain compliance with FISMA requirements and our information security policy. Patches should be tested first on internal test and development servers before installing them to production. C. SQL Server DB administration The contractor shall provide administration of SQL Server databases, including status checks of SQL Servers, backup jobs, maintenance jobs, availability, performance and

error logs, and installation of patches, upgrades, troubleshooting, and performance tuning. D. Backups The contractor shall provide daily backups of the production QA and Development environments stored on disk for rapid restores. We seek weekly and monthly backups, written to encrypted tape storage and secured in an offsite vault for long-term storage. Virtual Machines may be replicated to the DR site daily or hourly. E. Availability and Performance Monitoring The contractor shall provide ongoing monitoring of the network, hardware, operating system, and SQL Server availability and performance counters. Automated alerts should be in place based on standard thresholds and custom monitors. F. Automated Log Analysis The contractor shall provide automated log analysis of the network, information security, and other infrastructure components, as well as operating systems, web server, and SQL server logs forwarded to a central, indexing log repository where automated analysis generates alerts and daily tickets for review by hosting provider staff. G. Network Security The contractor shall provide managed network security services including clustered enterprise firewall protection with intrusion prevention, firewall administration, intrusion detection and web proxying. H. Integration Requirements The CounselorMax application communicates via Web services with several other online systems. The proposal must address your services ability to securely provide Web services availability. I. Host-Based Security Services The contractor shall provide managed host-based security services with antivirus and host intrusion detection, including file integrity monitoring. J. Security and System Incident Response The contractor shall provide proactive incident response including initial diagnosis and notification to the NeighborWorks point of contact(s). K. Domain Name Server Hosting (DNS) The contractor shall provide DNS hosting for www.counselormax.net and report.nw.org (ORS). L. Secure Sockets Layer Certificates (SSL) The contractor shall provide SSL certificates for www.counselormax.net and report.nw.org (ORS). M. Routine Vulnerability Scans The contractor shall provide routine vulnerability scans of the CounselorMax and ORS environments, which are reviewed by hosting service information security engineers,

including follow-up notification of any newly discovered vulnerabilities by the automated scans. N. Reporting The contractor shall provide routine reports on system and environment metrics to include but not limited to the following: 1. Monthly bandwidth consumption per site: daily average, daily max, daily minimum. 2. Monthly average daily Web hits per site (counselormax.net and report.nw.org). 3. Monthly Top 10 Max bandwidth consumption by external IP address 4. Monthly average daily data base transactions 5. Monthly page hits by form 6. Monthly data base size and growth rate How to Submit a Proposal Proposals become the property of NeighborWorks America. Proprietary information that you wish to remain confidential should not be included in your response materials. Intent to Propose to the RFP shall be submitted electronically to: procurement@nw.org. The subject line shall include: Intent 15-NW-0016 (CounselorMax and ORS Management Hosting). Deadline for submission of Intent to Propose is no later than May 8, 2015, 5:00 PM ET Questions related to the RFP should be submitted electronically to: procurement@nw.org. The subject line shall include:questions 15-NW-0016 (CounselorMax and ORS Management Hosting). Deadline for submission of Questions is no later than April 29, 2015, 5:00 PM ET. Proposals shall be submitted electronically to: procurement@nw.org. The subject line shall include: Proposal 15-NW-0016 (CounselorMax and ORS Management Hosting). Deadline for submission of proposals is no later than May 15, 2015, 5:00 PM ET. Hard copy proposals will not be accepted. The proposal submission shall include a Technical and Price Proposal as well as past performance information. Each (Technical, Past Performance and Price Proposal) shall be submitted in seperate files. The Technical Proposal and Past performance files shall not include any cost information. I. Technical Proposal The technical proposal shall include the following sections and attachments labeled and itemized as below: A. Executive summary A high level statement summarizing scope and approach suitable for consumption by senior management. Any exceptions your firm takes to the scope of services must be addressed in this summary section and shall also include:

Official registered name (Corporate, D.B.A., Partnership, etc.), Dun & Bradstreet Number, Primary and secondary SIC numbers, address, main telephone number, tollfree numbers, and facsimile numbers. Key contact name, title, address (if different from above address), direct telephone and fax numbers. Person authorized to contractually bind the organization for any proposal against this RFP. Brief history, including year established and number of years your company has been offering this service. B. Technical Approach and Methodology to the RFP Scope of Services. This section shall include your firm s technical approach and methodology to meet or exceed the RFP s Scope of services. Include descriptions of how you plan on achieving the needed deliverables and meeting the stated requirements including a separate detailed breakdown of the proposed technology and configuration for each application (CounselorMax and ORS). Detailed discussion of migration process from current hosting environment, and implementation plan including time frame, resources required, testing plan and other relevant information. A time frame for the implementation of each environment will be helpful if the time-frame for each may vary. Detailed discussion of the proposed technology to be used for each requested environment including specifics on proposed hardware specification, software specifications, bandwidth allocation and metering scheme, etc. Methodology or approach to implement each of the relevant requirements found in the scope of services (e.g., backup methodology and practices, vulnerability scanning approach, replication procedure for Production to Pre-Production/Failover, Preproduction failover testing plan, etc). Relevant policy and practices information: technology upgrade cycles, staff certification requirements, etc. Details on security certifications and letters held by your organization (SSAE 16, PCI compliance, SOC 1, SOC 2, SOC 3, etc.). A transition plan at contract end, and the level of support provided when ending the services. This should include the level of support you will provide to safely transition or terminate the hosting services. C. Management and Staffing Plan The proposal shall include a Management and Staffing Plan that, at a minimum provides the names, position title, and resumes (no more than 2 pages for each resume) of key personnel to implement the contractor s proposed Technical Approach and Methodology. The resumes shall include all certifications the proposed employee has obtained. The plan shall also include your firm s bonding process and levels of coverage for employees.

II. Past Performance: The contractor shall provide three references and description of three completed projects for which you have performed work similar in scope, size, and complexity to the RFP Scope of services within the past three years. For each past-project/reference include: a. Company name b. Company address c. Contact name and telephone number/email d. Date of project e. Description of work performed At least one of the references should be a current or past client for whom you provided migration services from another environment, if available, in addition to set-up and implementation of standard hosting services. III. Price Proposal The price proposal shall be submitted in a separate file and must use the format found in Appendix A. Prices must be proposed for the base and each option year and shall include the following: - A separate document detailing any assumptions you made in developing your technical proposal (technical approach and methodology, deliverables, and Management and Staffing Plan). - Details/back up information (proposed labor categories, hourly rates, number of hours, licensing fees, unit costs, etc.) to substantiate how you arrived at the proposed price for the specified requirements found in Appendix A. - In order to submit a complete price proposal you must include the anticipated frequency of the cost for each line item (monthly, quarterly, annually, etc.). You should add lines to Appendix A to reflect additional costs required to provide the proposed services. Proposal Evaluation and Selection Process/Basis of Award NeighborWorks America reserves the right to determine which bidders have met the requirements of this RFP. In addition, NeighborWorks America may reject, in whole or in part, any and all proposals, waive minor irregularities in proposals, allow a bidder to correct minor irregularities and negotiate with all responsible efforts in any matter deemed necessary to serve the best interest of NeighborWorks America. NeighborWorks America reserves the right to reject any and all proposals when such rejection is in the interest of NeighborWorks America, to reject the proposal of a bidder who has not met the prerequisites of the bid proposal or who has previously failed to perform properly or complete on time contracts of a similar nature, and to reject the proposal of a bidder who is not, in the sole opinion of NeighborWorks America, able to perform the contract to the sole satisfaction of NeighborWorks America. NeighborWorks America also reserves the right to waive any informalities and technicalities in the bidding. NeighborWorks America reserves the right, however, to award the contract in accordance with its best interest, and will not be required to accept the lowest bid.

NeighborWorks America, may, at their discretion and without explanation to the prospective Vendors, at any time choose to discontinue this RFP without obligation to such prospective Vendors. NeighborWorks may, upon its discretion, establish a competitive range of qualified proposals for award consideration. NeighborWorks will not conduct discussions or negotiations with firms not within the competitive range and those firms will not be considered for award. The proposal will be evaluated on the following criteria: Technical Approach and Methodology: The proposal sets out a logical approach/technical methodology and demonstrates a strong technical capability and ability to meet and/or exceed the requirements of the RFP and scope of services. Management and Staffing Plan: The firm demonstrates the availability, credentials and related experience of key staff levels proposed to successfully execute the technical approach and methodology. Past Performance: The firm has recent (2 year) successful past performance that is relevant to the proposed project in terms of similar size, scope and complexity. Price (inclusive of base and option years) Summary of Key Dates Request for Proposal is posted 4/22/2015 All Questions must be received by 5:00 PM ET 4/29/2015 Questions and Answers posted to NeighborWorks.org 5/1/2015 Vendor submission of intent to propose must be received by 5:00PM ET 5/8/2015 Proposal Submission must be received by 5:00 PM ET 5/15/2015 Anticipated service start date (Estimated) 7/1/2015 Qualified bidders will be alerted to any schedule changes.

Security of NeighborWorks America (NW) Data within Third Party Environment 1. Security Measures. Third Party agrees to implement data security measures that are consistent with industry best practices and standards so that it: a) Protects the privacy, confidentiality, integrity and availability of NW data; b) Protects against accidental, unauthorized, unauthenticated or unlawful access, copying, use, processing disclosure, alteration, transfer, loss or destruction of NW data; c) Complies with all applicable federal and state laws, rules, regulations, directives and decisions that are relevant to the handling, processing, and use of NW data in accordance with this Agreement. 2. Risk Assessments. Third Party shall perform comprehensive internal and external risk assessments (at least annually and/or after major changes) and provide results to NW. a) Third Party agrees to send completed Third Party Information Gathering Questionnaire to NW for review after vendor intent to bid. b) Third Party agrees to provide NW with any information technology audit report as to provide an understanding of Third Party security controls and requirements in place currently. c) Upon request by NW, Third Party agrees to provide NW with the results of their most recent vulnerability scans conducted for review. d) Upon request by NW, Third Party agrees to allow NW to conduct an information security control review as it pertains to the scope of service outlined within the agreement. 3. Organizational Security Responsibility. Third Party shall assign responsibility for information security management to a senior management officer or a designated data steward to maintain the security of NW data. Third Party will provide their contact information to NW. Third Party agrees to provide NWA with evidence of destruction of NWA information upon end or termination of this agreement. 4. Third Party or Shared Hosting Service Provider. If Third Party uses any third party or shared hosting service provider, NWA requests to receive independent security assessment reports (e.g. ISO 2700x Certification and Report, SSAE 16 SOC Reports, Shared Assessment Program Agreed Upon Procedures Review, PCI DSS Report on Compliance, or IT Audit External) from those parties and\or hosting service providers. The third party must protect each entity s hosted environment and data. NWA reserves the right to move NWA data within its own data center at its discretion.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information