Transcription
Information TechnologyServicesRFP Appendix: Supplemental InformationDecember 6, 2016
APPENDIX TO THE REQUEST FOR PROPOSALS FOR IT SERVICE PROVIDERTABLE OF CONTENTSAPPENDIX . 2A.B.C.Current State Analysis . 2A.1Business Requirements . 2A.2Technologies . 3A.3Risk Management and Information Security . 7A.4IT Service Delivery . 7Improvement Opportunities . 10B.1Microsoft Office Pricing . 10B.2Cloud Storage . 10B.3Remote Access . 11B.4Collaboration. 11B.5Service Delivery . 12B.6Untethered. 13Future State Model . 13C.1User Experience . 13C.2Support. 14C.3Technology . 14C.4Scenarios . 151 of 19
APPENDIX TO THE REQUEST FOR PROPOSALS FOR IT SERVICE PROVIDERAPPENDIXNYCEEC has been working with an independent IT consultant, Actionable Strategies, to evaluate itsexisting IT environment and identify opportunities for improvement. This process has informed thecontent of the RFP, with additional detail provided this Appendix. NOTE: Actionable Strategies is not areseller or IT managed services provider, and will not be competing to provide the services sought fromthe IT Service Provider with this RFP, but will continue to provide guidance to NYCEEC through theproposal evaluation process.Actionable Strategies was engaged to evaluate NYCEEC’s existing IT environment (Current State), andidentify opportunities for improvement (the Future State Model). We believe this will provide additionaluseful context to RFP respondents regarding NYCEEC’s IT environment and needs. Respondents shouldfeel free to propose alternate approaches if it believes they would better meet NYCEEC’s requirements.The material that follows has been excerpted and summarized from documents produced for NYCEECby its independent IT consultant, Actionable Strategies.A. CURRENT STATE ANALYSISThe NYCEEC IT environment meets the basic needs of end users, whether they are executives or frontline staff. There are some minor functional issues that impact productivity and the user experience, butthese can be remedied moving forward. There is pent-up demand for additional functionality and theability to work outside of the office with greater flexibility. From a risk management perspective, thereis some exposure but NYCEEC has limited information assets at risk.The operating model is outsourced and the root cause of many of the issues with IT. The current serviceprovider has capable individual contributors; however, as an organization it is not well equipped to actas a partner. NYCEEC requires a broader range of proactive IT services that are consistently wellmanaged. NYCEEC has been forced to fill the voids in IT management and support, leading to hiddencosts and lost productivity, including senior staff time.The following framework illustrates the areas that were examined in the current state analysis.A.1 BUSINESS REQUIREMENTSStrategic business requirements and supporting needs are listed below. The categories are forconvenience and have not been formally defined by NYCEEC. Operational efficiencies via process automation and integrationo Loan servicing platformo Salesforce improvement for contract / grant management2 of 19
APPENDIX TO THE REQUEST FOR PROPOSALS FOR IT SERVICE PROVIDERoooCollaborationDocument managementProcess improvement Portfolio data and analytics (not within the scope of this project)o Analysiso Reportingo Energy and other metricso Business intelligence capabilities Ubiquitous computingo Docked at a desko Undocked in meetings and other workspaceso At homeo Commutingo Traveling outside of New York City Core computing capabilitieso Office productivity: e-mail, documents, spreadsheets, presentations, project planso Printing and faxingo Mobile applicationsA.2 TECHNOLOGIESNYCEEC has implemented basic technologies suitable for a smaller organization with all IT servicesoutsourced. The vendors are all reputable with solutions that fit NYCEEC’s current size and complexity,but there have been significant issues with the actual services provided. As NYCEEC continues to grow,the technical solutions provided by the IT service provider can be scaled up as required, and hardwarereplaced with little disruption. The current IT service provider is the main provider of IT services and issupposed to function as NYCEEC’s IT department including hosting all of the server hardware.A.2.1 ServersServers are virtual machines running Microsoft Windows on Intel-based hardware, which is a verycommon configuration and appropriate for NYCEEC. Virtualization technology allows multiplecustomers of the current IT service provider to share powerful hardware with each customer seeming tohave their own, dedicated machine isolated from other customers.NYCEEC should consider increasing both the processing power and memory available in its main server.However, if the underlying computing model changes, the new architecture should be dimensionedappropriately given the number of users and anticipated workload. Note that anticipated workload isone of the key considerations in determining resource requirements (processing and memory). Userswill require additional applications, and those already in use will increase their resource requirements asupdates to the software come to market.3 of 19
APPENDIX TO THE REQUEST FOR PROPOSALS FOR IT SERVICE PROVIDERA.2.2 Operating SystemsOperating systems at NYCEEC are all Microsoft Windows on both servers and workstations. In bothinstances, the licenses are behind roughly two generations. Windows Server 2008 is being run at NYCEEC with more recent versions being Windows Server2012 and 2016 Windows 7 is being run on the desktop while Microsoft has released both Windows 8 and 10While upgrading the server will have no impact on NYCEEC users, operating system differences willrequire training when upgrading workstations.A.2.3SoftwareCitrixAlmost without exception, end users at NYCEEC rely upon Citrix to launch the applications used in dayto-day business. This technical approach is sometimes favored for small organizations because itsimplifies the technical environment and limits the number of things that can go wrong. The downsideof the approach is that it limits what end users can do, and NYCEEC has experienced some of theseconstraints.The impact on NYCEEC users includes the following. Requires reasonably fast network connection with sufficient bandwidth at all times Limits what software can be installed by end users; users are allowed to request any reasonablesoftware to be installed; in some cases, there are limitations or performance implicationsrelated to the software’s potential interaction with Citrix Difficult for end users to interact with devices on their actual PC, such as printers and localstorage devices Performance issues when user activity is high because they are all sharing one serverMicrosoft OfficeThe version of Microsoft Office currently deployed is Office 2010, which is two major versions behind.(Office 2013 is the previous version and Office 2016 is the current version.) Office 365 bundles thecurrent version of Office with additional features. Upgrading to the current version will likely requireend user training.Salesforce and LinkPointSalesforce is used for customer relationship management (CRM). Salesforce data are linked in Outlookvia LinkPoint. This is a critical technology component that prevents silos of information from developingacross two primary applications: e-mail and CRM. When upgrading or modifying the NYCEEC desktop4 of 19
APPENDIX TO THE REQUEST FOR PROPOSALS FOR IT SERVICE PROVIDERconfiguration, LinkPoint, or an effective alternative, should be tested during piloting prior to full-scaledeployment.Loan ServicingNYCEEC and its fiscal agent, BTQ Financial, will service loans using The Mortgage Office from AppliedBusiness Software, which is in the process of being implemented. This will replace the current loanservicing and reporting processes that have been managed using Excel spreadsheets that are manuallyupdated.The underlying database is a Microsoft SQL technology but not the JET Engine. The provider will need tobe able to support this technology including any business continuity and any potential IT compliance orinformation security requirements.CollaborationWhile there is pent-up demand for collaboration technologies, NYCEEC has not deployed collaborationsoftware. Makeshift solutions have been employed to facilitate basic information sharing and processlinkage. File sharing is supported via secure ftp (file transfer protocol in the form on the WinSCPapplication) and also Dropbox. Dropbox has not been formally organized with protocols for useestablished.MarketingMarketing-specific applications have been deployed on an ad-hoc basis. While these are functionspecific, there may be applicability to other areas of the NYCEEC business. For example, while aConstant Contact import function for Outlook might not be widely used, presentation software such asPrezi might be appropriate for non-Marketing users.A.2.4 End User ComputersNYCEEC users are provided equipment but are also permitted to use their own devices for work outsideof the office.NYCEEC-Owned EquipmentAll NYCEEC employees have been issued a standard laptop which can be placed into a docking station atNYCEEC headquarters in New York. This equipment is approaching end-of-life, presenting anopportunity to improve in-office capabilities. Hardware standards facilitate better service delivery sincethe service provider only has one type of machine to update, maintain and troubleshoot. However, themajority of users should feel that the hardware suits their needs.The following feedback was provided and should be considered when selecting the next hardwareplatform:5 of 19
APPENDIX TO THE REQUEST FOR PROPOSALS FOR IT SERVICE PROVIDER Docking and undocking is a time sink for users due to lost connectivity, restarting Citrix sessionsand rebooting Some users prefer mouse buttons which are not present with the current hardwareUser-Owned EquipmentUsers are allowed to connect to the NYCEEC network with their own devices under a bring-your-owndevice (BYOD) policy and permitted practices. Personal computers tend to be home machines, includinglaptops, which allow users to initiate Citrix sessions without bringing their NYCEEC-issued laptops home.Mobile devices can function in the same fashion as personal computers in many instances. While e-mailcapabilities are easy to use when ActiveSync is installed, Citrix is not due to screen size and touchinterface. While there are applications to allow viewing and editing of Office documents, users do nothave a simple way to access documents on the NYCEEC network using mobile devices.A.2.5 PrintingPrinting at NYCEEC is supported by a multifunction printer owned by NYCEEC, and under a servicecontract with Atlantic, Tomorrow's Office. This model is ideal for an organization of NYCEEC’s size,staffing level and complexity. Printing has not posed issues except for access issues when undocked orattempting to print to local printers outside of the office. Consumable use has not exceeded contractedlimits. The regional vendor has offices in New York, New Jersey and Connecticut and it is reported thatservice have been good.A.2.6 Telephony / Unified CommunicationsTelephony services are not hosted at NYCEEC. Vonage has provided what is reported to be reliableservice. However, use of the Unity Client (acquired when Vonage acquired SimpleSignal) does notprovide all of the potential benefits. Part of this could be attributed to configuration but withouttraining, users are not aware of the full set of capabilities.It should be noted that the contract with SimpleSignal includes punitive penalties for disruptions inservice greater than 30 minutes (or for two outages each lasting 15 minutes or more). This is a goodexample of a strong service level agreement. In addition, if sufficient capacity is not available to supportthe contracted number of callers, SimpleSignal will propose upgrades installed at no cost. NYCEEC hasthe option to accept the upgrade (which may result in higher monthly charges) or terminate thecontract without penalty.Current pricing is high, particularly given discounts for which NYCEEC is eligible with its not-for-profitstatus. Service options and not-for-profit pricing should be evaluated as part of an RFP process.6 of 19
APPENDIX TO THE REQUEST FOR PROPOSALS FOR IT SERVICE PROVIDERA.3 RISK MANAGEMENT AND INFORMATION SECURITYNetwork SecurityNetwork security is the managed by NYSERDA including perimeter security (securing theNYSERDA/NYCEEC network from the outside). NYCEEC and its New IT Service Provider should review theresults of any relevant security testing. These tests may include penetration testing.End Point SecuritySecurity of end points at NYCEEC involves protecting servers and end user devices. Areas of potentialexposure that must be managed include:1) Consistent maintenance and monitoring of anti-virus and anti-malware on servers andworkstations2) Devices owned by NYCEEC users and connected to the NYCEEC network must have appropriateanti-virus protection installed3) Home computers, occasionally connected to the NYCEEC network, should likewise be protectedWhile users maintain anti-virus protection on their personal devices, this should be explicitly mandatedand periodically reviewed.Data SecurityInformation security practices at NYCEEC align to policies. NYCEEC handles internal confidential data aswell as external data that require protection. Policies to govern protection of this information must bemanaged in coordination with the IT service provider to ensure consistency between policies andpractices, and ongoing protection of critical data. The underlying technologies that should be appliedinclude encryption of data at-rest and in-flight.A.4 IT SERVICE DELIVERYThe root cause of technology issues relates to IT service delivery. IT is not being managed effectively bythe current IT service provider, forcing the Director of Operations to expend significant effort acting asthe head of IT. The major shortcomings of the current service provider’s service delivery include thefollowing: IT is not being driven at a strategic level including alignment to the business and basic strategicplanning IT service delivery is not being proactively managed, leading to lapses in reactive responses toproblems reported by NYCEEC7 of 19
APPENDIX TO THE REQUEST FOR PROPOSALS FOR IT SERVICE PROVIDER A well-defined model including repeatable and documented processes has not beenimplemented, degrading service levels, elongating response times and reducing effectiveness ofproblem determination and resolution Performance management does not reflect service delivery, but is focused on technicalmeasures that do not reflect the experience of end usersThe services contracted from the current IT service provider, in addition to the levels of service provided,fall short of commitments. No service provider can be expected to perform flawlessly but they shouldbe expected to build and operate a service delivery model that is effective. Moreover, when issues doarise, they should be addressed promptly and to the satisfaction of the customer.In addition to issues identified in this section, underlying elements of the current IT service provider’soperating model will be discussed as they impact service delivery.As NYCEEC evaluates future service providers, it should consider lessons learned about the operatingmodel of the provider.A.4.1 Reseller ModelThe current IT service provider is a reseller of other services but provides most engineering and supportservices directly. While it should not be problematic to engage a reseller of hosted infrastructure, usinga reseller of services can lead to gaps in service delivery. This has been the case for NYCEEC as somesupport services are delivered by a third party, including one in India that uses a separate ticketingsystem.Large scale providers experience service delivery issues due to seams across departments but within theorganization. These types of problems are amplified when seams are inter-organizational. Typical rootcauses are: Lack of process harmonization Silos of customer and technical information Missed handoffs of responsibility Gaps in communicationThere is also a lack of transparency with respect to which providers are involved in service delivery. Forexample, certain providers appeared in the current IT service provider’s service description to itsauditors, while others were omitted.A.4.2 Tactical FocusThe current IT service provider is not providing strategic IT services, though these services are supposedto be part of the provided services. While the IT service provider is supposed to “serve as NYCEEC’s‘Virtual CIO’ and make recommendation on projects and technology related matters,” it does not8 of 19
APPENDIX TO THE REQUEST FOR PROPOSALS FOR IT SERVICE PROVIDERprovide strategic planning or advice. The interaction with the current IT service provider has not been atan executive level, and has caused NYCEEC’s Director of Operations to wade into intimate technicaldetails.A.4.3 Reactive ModelThe current IT service provider has not been proactive in managing NYCEEC’s IT environment. It isdoubtful that other, larger customers would need to initiate action by the current IT service provider toreceive attention. There are numerous examples documented for Actionable Strategies but thefollowing are illustrative: Performance issues were reported by NYCEEC rather than detected by the IT service provider Infrastructure upgrades have been requested without proposing a solution design Versions of operating systems and Microsoft Office are behind 2 generationsA.4.4 Misaligned MetricsThe measurements applied by the current IT service provider
Dec 06, 2016 · o Salesforce improvement for contract / grant management . A. PPENDIX TO THE . R. EQUEST FOR . P. ROPOSALS FOR . IT S. ERVICE . P. ROVIDER . 3 of 19 . o Collaboration o Document management o Process improvement Portfolio data and an
