Bid Opportunities


Request for information (RFI) regarding Information Technology Services

Statement of Need

The Better Business Bureau (BBB) of Southern Arizona is seeking to acquire quality support from an independent Information Technology (IT) vendor that can maximize services and minimize extraneous expenses associated with upgrading hardware, software, and trouble-shooting. BBB’s major needs are system security, remote assistance, and operating system monitoring.


The BBB of Southern Arizona transitioned off an in-house server to Google Apps for Work in 2013 and installed a new VOIP system (ShoreTel) in the summer of 2014. Security scans and threat assessments are provided by NCGIT every month. On an as-needed basis, system components require replacement; we utilize our vendor to suggest and install new hardware.  Most of our system has been upgraded in the last 2 years; therefore this is a rare occurrence. Currently the majority of our IT needs are maintaining our security software (VIPRE), managing updates on our PC’s and laptops (majority are HP Windows 7 Pro and 1 Mac computer OS X) and resolving more complex IT issues that require more skilled services outside of the scope of BBB staff. Examples of complex issues are: OS update failures, diagnosing hardware failure, and repairs to the firewall.


  • Timely assistance is required- BBB of Southern Arizona’s daily operations are fast-paced and IT issues require immediate attention.
  • Provide appropriate follow-up- Communication is key regarding requests from the vendor to make changes to the hardware or software, time restrictions/interruptions, and cost.
  • Timely invoicing- we require itemized billing within 7-10 days after services are rendered.
  • Ability to coordinate with multiple vendors- BBB of Southern Arizona’s services are comprised of three separate providers:  Hurdman Communications, Copper State Communications, and an IT vendor. The BBB of Southern Arizona Technology Coordinator is available to assist in this function but some discussions require more advanced knowledge and the IT vendor will be requested to provide that assistance.
  • Maintain a positive history with BBB of Southern Arizona- BBB of Southern Arizona requires that vendors maintain a positive record which includes maintaining a B or higher rating and responding to and resolving complaints. This does not require a business to become accredited with BBB of Southern Arizona but Accredited Businesses are preferred vendors.
  • Services that are provided must remain compliant with Council of Better Business Bureau requirements (see Appendix I) and BBB of Southern Arizona’s requirements regarding security, access to data, and maintaining operations.

Information Requested

  • IT vendor’s recommended model of supporting the BBB of Southern Arizona
  • List of services, associated pricing, and ability for the BBB of Southern Arizona to customize the services offered.
  • Support agreement terms
  • IT vendor history
  • Testimonials from previous/current customers

Criteria used for evaluation

  • Value
  • BBB Business Review history
  • Types of services and support available for our changing needs

Questions regarding this RFI must be submitted electronically to, no later than 4 pm, 12 December 2014. Answers will be electronically transmitted to all respondents within two weeks of submission.

Appendix I

BBBs must have minimum security protocols in place to protect all information systems and ensure security scans are conducted on quarterly basis with the correction of critical deficiencies identified in the scans within 15 days.

Security Protocols – Minimum requirements must be in place to protect BBB’s data, network, and transmission of data. This should include virus protection software, firewall that is locked down to protect network, security certificates installed and https protocol on any web page collecting personally identifiable information, industry acceptable password requirements, and password protection for all access to databases and network (including wireless networks). BBBs must consider protection of data including when transferring data containing personal information via e-mail to consumers, businesses, government agencies, or other recipients.

Security Scans –A professional security firm must run a quarterly security scan (vulnerability assessment) on the BBB’s external computer network(s) and any servers.

The scan should be directed at the BBB’s primary IP address. The scans must include a

PCI compliance scan if BBB collects credit card information on its sites. BBBs must notify the Chief Information Officer (CIO) at CBBB by email within 24 hours of any serious deficiencies or security breaches identified in a quarterly scan. A copy of the scan identifying the deficiency and/or security breach must be provided to the CBBB CIO at the time of this notification.

For purposes of systemwide data security, all BBBs are required to implement DMARC with SPF and DKIM for emails. 

Deadline for Response (one month after questions are due).