Request for information (RFI) regarding Information Technology Services
Statement of Need
The Better Business Bureau (BBB) of Southern Arizona is seeking to acquire quality support from an independent Information Technology (IT) vendor that can maximize services and minimize extraneous expenses associated with upgrading hardware, software, and trouble-shooting. BBB’s major needs are system security, remote assistance, and operating system monitoring.
The BBB of Southern Arizona transitioned off an in-house server to Google Apps for Work in 2013 and installed a new VOIP system (ShoreTel) in the summer of 2014. Security scans and threat assessments are provided by NCGIT every month. On an as-needed basis, system components require replacement; we utilize our vendor to suggest and install new hardware. Most of our system has been upgraded in the last 2 years; therefore this is a rare occurrence. Currently the majority of our IT needs are maintaining our security software (VIPRE), managing updates on our PC’s and laptops (majority are HP Windows 7 Pro and 1 Mac computer OS X) and resolving more complex IT issues that require more skilled services outside of the scope of BBB staff. Examples of complex issues are: OS update failures, diagnosing hardware failure, and repairs to the firewall.
Criteria used for evaluation
Questions regarding this RFI must be submitted electronically to email@example.com, no later than 4 pm, 12 December 2014. Answers will be electronically transmitted to all respondents within two weeks of submission.
BBBs must have minimum security protocols in place to protect all information systems and ensure security scans are conducted on quarterly basis with the correction of critical deficiencies identified in the scans within 15 days.
Security Protocols – Minimum requirements must be in place to protect BBB’s data, network, and transmission of data. This should include virus protection software, firewall that is locked down to protect network, security certificates installed and https protocol on any web page collecting personally identifiable information, industry acceptable password requirements, and password protection for all access to databases and network (including wireless networks). BBBs must consider protection of data including when transferring data containing personal information via e-mail to consumers, businesses, government agencies, or other recipients.
Security Scans –A professional security firm must run a quarterly security scan (vulnerability assessment) on the BBB’s external computer network(s) and any servers.
The scan should be directed at the BBB’s primary IP address. The scans must include a
PCI compliance scan if BBB collects credit card information on its sites. BBBs must notify the Chief Information Officer (CIO) at CBBB by email within 24 hours of any serious deficiencies or security breaches identified in a quarterly scan. A copy of the scan identifying the deficiency and/or security breach must be provided to the CBBB CIO at the time of this notification.
For purposes of systemwide data security, all BBBs are required to implement DMARC with SPF and DKIM for emails.
Deadline for Response (one month after questions are due).