Request for Information No. 15-200-ACCO Litigation Hold & ediscovery Tool Posting Date: November 14, 2014 Event Timeline: This Request for Information (RFI) is issued by Washington State Department of Enterprise Services (DES) under the following schedule. The response deadlines are mandatory and based on Pacific Standard Time (PST). Question & Answer Period Begins: November 14, 2014 Question & Answer Period Ends: November 21, 2014 Vendor Responses Due: December 5, 2014 by 3:00 p.m. PST Optional Vendor Demonstrations: December 9 11, 2014 DES reserves the right to revise the above schedule. RFI Coordinator: Cover Letter Upon release of this RFI, all vendor communication concerning this RFI must be directed to the RFI Coordinator listed below. Vendors shall rely only on written statements issued by the RFI Coordinator. Written Responses to this RFI should be submitted electronically to the RFI Coordinator listed below. Vendor email must include DES RFI NO. 15-200-ACCO in the subject of the email. Brenda Rix RFI Coordinator Contracts Consultant Brenda.Rix@des.wa.gov 360-407-2914 Vendors who intend to respond to this RFI are encouraged to include a cover letter describing their product(s). DES RFI NO. 15 200 ACCO Page 1 of 5
Introduction DES is considering soliciting bids to procure a Litigation Hold & ediscovery Tool. As part of that consideration, DES is seeking information from vendors who offer a product capable of addressing litigation hold and electronic discovery processes with a core solution offering as follows: Location and Preservation of Records Content Searching Document Management and Retention Ownership Identification Document Cataloging Storage Management Reporting and Metrics Integration with other existing state systems Currently, DES processes are very labor intensive and time consuming due to the amount of manual processes required and the lack of robust software tools. A response to this RFI is not a mandatory requirement for participation in any subsequent solicitations released by DES. However, the results of this RFI may be used in development of future solicitations. All vendor communications concerning this RFI must be directed to the RFI Coordinator and shall become a public record pursuant to Chapter 42.56 RCW. No Award No contract will be awarded via this RFI. This is solely an information gathering process. Background DES is an agency in Washington State that provides centralized leadership in efficiently and costeffectively managing resources necessary to support the delivery of state government services. The Office of Financial Management (OFM) has a need to enhance their ability to search, identify, preserve, track, and retrieve electronically stored information that may be subject to litigation. OFM is actively involved in enhancing their ability to perform these related tasks and is interested in solutions that will improve the state of Washington s ability to search, identify, track, preserve, and retrieve records meeting certain criteria. Purpose As part of this RFI process, DES may offer invitations for product demonstrations by those vendors whose product most likely meets the criteria set forth in this RFI. Through this RFI, DES is seeking information to stand up, host, support and maintain a Litigation Hold & ediscovery solution supported by DES, using Software as a Service (SaaS) or a solution hosted in-house at DES. DES RFI No. 15-200-ACCO Page 2 of 5
Overall objectives of the RFI: Identify potential vendors and determine what solutions are available to meet the state s business requirements Gather sufficient information to complete a Request for Proposal (RFP) Identify and understand potential risks associated with this effort Gather information regarding any pre-work that DES could complete to support a smooth implementation of a Litigation Hold & ediscovery solution DES is most interested in a solution, costing less than two hundred fifty thousand dollars ($250,000) to license and stand up a system. Vendors may submit price estimates with range increments depending on sizing of a system to demonstrate potential pricing options. Business objectives for this RFI include: Decrease staff time and effort currently required to search and identify records associated with a litigation activity Successful management of identified records for preservation Lower costs through automation of record searching and improved tracking Reduce risk by increased automation Public Records Materials including the response to this RFI provided to DES are subject to the Public Records Act, Chapter 42.56 RCW. Upon request, public records are disclosed consistent with the Act. Accordingly, please do not include any confidential or proprietary information with your response to this RFI. Information Requested DES is interested in learning about the industry standards as they relate to your line of business or the industry in which your business operates. You may also describe concerns or suggest equal or alternative ways of conducting business by providing a detailed description, supporting documentation, and any associated exceptions to such industry standards. Technical Requirements The Technical Requirements embedded below are intended to provide a starting point; any solution advanced under this RFI should possess these Technical Requirements. However, the Technical Requirements as set forth herein may not ultimately be used in any subsequent solicitations. DES environment is a Microsoft Active Directory/Windows environment. Our unstructured data resides primarily on Windows compatible CIFS storage, SharePoint, and NFS. DES is required to safeguard all data related to the services provided to the state of Washington citizens. The Office of the Chief Information Officer (OCIO) sets statewide requirements for maintaining system and network security, data integrity and confidentiality. All vendors who enter into a partnership with DES will be required to meet the security standards as set forth in the OCIO Policy 141.10, Securing Information Technology Assets, Exhibit A. Specifically, vendors must comply with the requirements to ensure: Access to information technology assets is allowed only by authorized individuals. Integrity and privacy of information technology assets (including data) is maintained. DES RFI No. 15-200-ACCO Page 3 of 5
Misuse or loss of information technology assets is prevented. Vendors are encouraged to review the OCIO Policy on Securing Information Technology Assets as referenced above and provide a brief response on how their system meets the state of Washington s security requirements. Response It is requested that vendors participating in the RFI submit a Written Response. Vendors are encouraged to include further information about other features of their solution in their Written Response. They should also include marketing material and other documentation that may be useful in assisting DES in examining the vendor s product(s). The information received may assist in the development of a subsequent solicitation that DES may issue. Vendors shall provide answers to the following questions in sufficient detail to enable a comprehensive understanding of the response: Solution Functionality 1. Describe how the proposed solution can search and identify records based on specific criteria or content. Indicate details around items such as multiple search criteria, multilevel filtering (e.g. user name and keyword, keyword and date range, etc.), template use, highlighted search term capability, and wildcard capabilities. 2. Describe the proposed solution's Boolean operator capability, as well as operators that address proximity of terms. List the specific operators. 3. Describe what file types (e.g. pdf, doc, docx, html, image, etc.) and metadata the proposed solution can index and search. Also indicate what data sources (e.g. file shares, workstations, removable media, email, etc.) it can search. 4. Describe the proposed solution's litigation hold capabilities. Indicate capabilities such as tagging search results to a specific case, duplicate identification and separation, ability to protect records under litigation hold, how a record with multiple legal holds is handled, etc. 5. Describe the proposed solution's auditing and tracking capabilities (e.g. last accessed by, created by, modified date, etc.) 6. Describe the proposed solution's capability to capture and maintain a history of search requests, search results, and cases. 7. Describe the proposed solution s general reporting capabilities. Indicate types of reports such as case reports, litigation hold reports, etc. Please provide five example reports. 8. Describe how the proposed solution produces records in their original format. 9. Describe how the proposed solution provides records review for cases and the reviewer capabilities. 10. Describe the proposed solution's role and permission structure and capability. 11. Describe any core capabilities of the proposed solution that were not addressed in previous questions. DES RFI No. 15-200-ACCO Page 4 of 5
B. Technical Requirements 1. Describe the proposed solution s technical architecture and provide diagrams of the data flows and components. Specify if the proposed solution is an inline front end to all storage or if it indexes records after they are placed in storage. 2. Describe how the proposed solution is not overly complex and how it scales in a large enterprise environment. 3. Describe how the proposed solution is a turnkey solution and does not require substantial resources to operate and maintain. 4. Describe how the proposed solution utilizes authentication and encryption. 5. Describe how the proposed solution integrates with Microsoft Active Directory security, including the ability to impersonate one or more Windows accounts for searching and collecting data. Indicate how security groups are utilized. 6. Describe any technical hardware or software requirements of the proposed solution. Also indicate specifically what platforms, hardware, and software are supported (e.g. NAS models, web browser versions, databases, storage types and protocols, etc.) 7. Describe the performance impact of the proposed solution during business hours, as well as after hours. Indicate specific performance items such as how much data can be indexed, how many searches can be performed simultaneously, search processing times, bandwidth throttling capabilities, etc. 8. Describe how the proposed solution enforces litigation hold requirements at a technical level (e.g. copying, archiving, moving, modification, etc.) 9. Describe the proposed solutions internal audit and logging capability. Indicate what can be logged such as access attempts, modifications, etc. 10. Describe if the proposed solution integrates with any third-party software (e.g. content management, vaulting software, SIEM, etc.) 11. Describe software licensing requirements and agreement terms as they relate to the number of users, separate software modules deployed, connectors/apis, and any server side licenses/costs for the production of data. 12. As separate attachments, vendor must provide all software licensing agreements applicable to the proposed solution. 13. Describe how the proposed solution addresses OCIO Security Policy 141.10, Exhibit A. DES RFI No. 15-200-ACCO Page 5 of 5