Transcription
CITY OF PHOENIX - INFORMATION TECHNOLOGY SERVICESREQUEST FOR PROPOSAL (“RFP”)(Professional Technology Services)RFP No. ITS 16-011INFORMATION SECURITY ARCHITECTUREASSESSMENTProfessional Technology ServicesPROPOSAL DUE DATE AND TIMEMarch 30, 20162:00 p.m. Phoenix Local TimePROPOSAL SUBMITTAL LOCATIONCity of Phoenix Information Technology Services251 W. Washington Street, 6th FloorPhoenix, Arizona 85003CONTRACTING AUTHORITYGloria Elliott, Contracts Specialist IIgloria.elliott@phoenix.gov602-261-8481
TABLE OF N1.Requirements Specific to Evaluation Criteria . 42.Proposal Evaluation Criteria . 43.Prerequisites . 44.Statement of Work (SOW) . 45.Schedule of Events . 56.Delivery Address Instructions . 57.Requirements . 58.Exceptions . 59.Notifications . 5II.SOLICITATION TRANSPARENCY POLICY . 6III.STATEMENT OF WORK (SOW)1.Familiarity with Current City Information SecurityArchitecture . 72.Delivery of Documents . 73.Detailed Criteria . 8IV.INSTRUCTIONS TO OFFERORS1.Introduction . 92.Definitions of Key Words Used in the Solicitation . 93.Pre-Proposal Conference . 94.Offeror Inquiries . 95.Amendment of Request for Proposal . 96.Familiarization of Statement of Work . 97.Preparation of Proposal . 98.Proposal Format . 109.Request to Modify the Contract Provisions . 1010. Public Record . 1011. Confidential Information . 1012. Certification . 1113. Submission of Proposal . 1114. Late Proposals . 1115. Non-Responsive Proposals . 1116. Responsive Proposals . 1217. Compliance with Affirmative Action in Employment Requirements . 1218. Offer and Acceptance Period . 1219. Discussions . 1220. Withdrawal of Offer . 1221. Proposal Results . 1222. Evaluation Criteria . 1223. City’s Right to Disqualify for Conflict of Interest . 1324. Award. 1325. Protest of Award Recommendation . 1326. Employee Identification . 13V.EVALUATION REQUIREMENTS1.Minimum Vendor Qualifications . 142.Evaluation Criteria and Format . 143.General. 16RFP No. ITS 16-011: INFORMATION SECURITY ARCHITECTURE ASSESSMENT–Professional Technology ServicesPage 2 of 38
TABLE OF CONTENTSInformationTechnologyServicesVI.SPECIAL TERMS AND CONDITIONS1.Method of Invoicing . 182.Method of Payment . 183.Indemnification. 184.Performance Interference . 185.Contractor’s Performance . 186.Employee Identification and Access . 197.Account Staffing . 198.Time is of the Essence. 199.Consultant and Subcontractor Worker Background Screening . 1910. Contract Worker Access Controls, Badge and Key Access Requirements . 20VII.STANDARD TERMS AND CONDITIONS1.Definition of Key Words Used in the Solicitation . 232.Contract Interpretation . 243.Contract Administration and Operation . 254.Costs and Payments . 275.Contract Changes . 286.Risk of Loss and Liability . 287.Warranties . 298.City’s Contractual Rights. 299.Contract Termination . 30VIII.SUBMITTAL OF OFFER1.Proposal Requirements . 312.Offer and Acceptance . 323.Offeror’s Contact Information . 32ATTACHMENTS & EXHIBITS . 33Exhibit A:Exhibit B:Exhibit C:Exhibit D:Financial Pricing Proposal . 33Insurance Terms . 36Solicitation Submittal Checklist . 38Sample Professional Services Agreement .(separate download)RFP No. ITS 16-011: INFORMATION SECURITY ARCHITECTURE ASSESSMENT–Professional Technology ServicesPage 3 of 38
SECTION I: INTRODUCTIONInformationTechnologyServicesThe City of Phoenix (City), Information Technology Services (ITS), invites sealed Proposals for INFORMATION SECURITYARCHITECTURE ASSESSMENT-Professional Technology Services in accordance with the specifications and provisionscontained herein. The City of Phoenix ("City") seeks an experienced Contractor to provide Information Security professionalservices to assist the City in increasing its overall security posture. The Contractor will provide a dedicated team of SeniorNetwork Security and Information Security Specialists (Consultants) with proven experience and credentials to support thisproject.The City of Phoenix utilizes a large network of applications, some internal and many web facing, that support a wide range ofservices, from Fire, Police and Municipal Court, to Water and Transportation services, and enterprises ranging from Aviationservices and support, to Library and Convention Center operations. Enterprise level cybersecurity is required to safeguard allof these heterogeneous operations and protect associated data.The City seeks an experienced and qualified Consultant to assess its information technology infrastructure and help developa plan to address any deficiencies or weaknesses and improve its cybersecurity capabilities.Requested services entail developing an actionable information security architecture plan to assess and recommend changesto the City’s current information security architecture. It is expected that Contractor will use their own tools (hardware, software,etc.) to conduct this assessment. Contractor will be provided access to City infrastructure in support of this engagement.Contractor will provide professional recommendations and cost estimates to reduce Cyber security risk and increase incidentresponse capabilities in the City. It is the City’s intention to implement the professional recommendations of the selectedcontractor based on the value proposition made.It is required that the Consultant be vendor neutral assuring a fair and equal procurement process. Consultant must have novendor affiliation within the twenty four (24) month period preceding this solicitations submission due date. Consultant will notbe allowed to bid on the resulting RFP or provide services or material. The key objectives and goals for this project are tosuccessfully deliver recommendations, specifications and a solicitation statement of work document that will provide aframework to replace the existing system that meets the City’s current and future identified needs that is delivered on time andon budget.1.REQUIREMENTS SPECIFIC TO EVALUATION CRITERIAOfferor must meet the minimum requirements as detailed in SECTION V EVALUATION REQUIREMENTS of this RFP.2.PROPOSAL EVALUATION CRITERIA – (listed in relative order of importance):EVALUATION ITEMExperience with risk based infrastructure cybersecurity assessments, i.e. NIST cybersecurityframework and the 20 Critical Controls with Security Information and Event Management (SIEM)SystemsExperience of Team - number of staff dedicated to project and include resumesMethod of Approach - ability to keep within prescribed time frame, plan of execution, proposedstaffing levelsPricing ProposalTotal available points3.POINTS250 points250 points250 points250 points1,000 pointsPREREQUISITESEvidence of bonds, sureties, licenses and certifications if and as specifically requested in this RFP (Rated Pass/Fail – aFail will result in a non-responsive proposal).Where an endorsement would be needed to fulfill an insurance requirement, a current certificate is acceptable with astatement from a broker or agent that such requirements can be met in the event of contract award.A Submittal to this solicitation is an offer to contract with the City based upon the terms, conditions, and specificationscontained in the City’s RFP. Such a submittal does not become a contract until it is executed by the Department Director.4.STATEMENT OF WORK (SOW)As set forth in detail in SECTION III STATEMENT OF WORK (SOW) of this RFP.RFP No. ITS 16-011: INFORMATION SECURITY ARCHITECTURE ASSESSMENT–Professional Technology ServicesPage 4 of 38
SECTION I: INTRODUCTION5.SCHEDULE OF EVENTSCity reserves the right to change dates as necessary.PROPOSAL ISSUE DATE:OFFERORS WRITTEN INQUIRIES DUEDUE DATE FOR PROPOSALS:FINALIST INTERVIEWS (if required)ESTIMATED CITY COUNCIL APPROVAL6.InformationTechnologyServicesFebruary 26, 2016March 11, 2016, 1:00 p.m. local Phoenix timeMarch 30, 2016, 2:00 p.m., local Phoenix timeApril 18, 2016May 18, 2016 (tentative)DELIVERY ADDRESS INSTRUCTIONSCity of Phoenix Information Technology ServicesGloria Elliott, Contracts Specialist II251 West Washington Street, 6th FloorPhoenix, AZ 85003-2295In addition, the package must also show the following information:Offeror’s Name and AddressRFP Number and Title of ProposalProposal Due Date and Time7.REQUIREMENTSProposals must be complete by providing all of the information requested under the Submission Requirements. EachProposal must include two (2) printed copies and five (5) electronic copies (CD or thumb drive) of the SubmissionRequirements.8.EXCEPTIONSThe City will, at its option, not allow exception to any material requirement if, in the opinion of the City, the exceptionalters the overall intent of this RFP, unless the exception would be of material benefit to the City.A Submittal to any RFP is an offer to contract with the City based upon the contract provisions contained in the City’sRFP, including, but not limited to, the specifications, Statement of work and any terms and conditions. Offerors whowish to propose modifications to the contract provisions must submit a “Request for Consideration of Alternate Terms.”The written request for modification must be received by the Contracting Authority listed on the front of this solicitation,at least seven (7) calendar days prior to the proposal due date. The City may issue an addendum to this solicitation ofany approved specification changes. The provisions of the RFP cannot be modified without the express written approvalof the Director or Director’s designee. If a proposal or offer by Offeror is returned with modifications to the contract; thecontract provisions contained in the City’s RFP shall prevail unless the Offeror’s proposed alternative provisions areexpressly approved in writing by the Director or designee.Exceptions, conditions, or qualifications to the provisions of the City’s specifications must be clearly identified andprovided in the Proposal under the Executive Summary section. Offeror must state the section number, heading and/orparagraph or Term and Conditions that exception is being taken with and why.9.NOTIFICATIONSThis solicitation is available in large print, Braille, audio tape, or computer diskette. Please call (602) 262-5054/Fax(602) 534-2311 or TTY (602) 534-5500 for ness/contract/opportunities/rfp/index.html. Internet access is available at all public libraries.The City of Phoenix takes no responsibility for informing recipients of changes to the original solicitation document. It isthe Offeror’s responsibility to obtain a copy of any amendment relevant to this solicitation. Failure to submit amendmentswith the solicitation Submittal may be grounds for deeming a submittal non-responsive.RFP No. ITS 16-011: INFORMATION SECURITY ARCHITECTURE ASSESSMENT–Professional Technology ServicesPage 5 of 38
SECTION II: SOLICITATION TRANSPARENCY POLICYInformationTechnologyServicesSOLICITATION TRANSPARENCY POLICYBeginning on the date the solicitation is issued and until the date the contract is awarded or the solicitation withdrawn, allpersons or entities that respond to the solicitation for the RFP No. ITS 13-010, Fire CAD and RMS Modernization Program –Professional Services, including their employees, agents, representatives, proposed partner(s), subcontractor(s), jointventurer(s), member(s), or any of their lobbyists or attorneys, (collectively, the Offeror) will refrain, from any direct or indirectcontact with any person (other than the designated contract representative) who may play a part in the evaluation process,including members of the evaluation panel, the City Manager, Assistant City Manager, Deputy City Managers, Departmentheads, the Mayor and other members of the Phoenix City Council. As long as the solicitation is not discussed, Offerors maycontinue to conduct business wit
framework and the 20 Critical Controls with Security Information and Event Management (SIEM) Systems 250 points Experience of Team - number of staff dedicated to project and include resumes 250 points Method of Approach - ability to keep within prescribed time frame, plan of execution, proposed staffing levels 250 points
