27-04, INTERNET SECURITY AUDIT SERVICES
Description
REQUEST FOR PROPOSAL No. 27-04 INTERNET SECURITY AUDIT SERVICES IN INGHAM COUNTY INGHAM COUNTY PURCHASING DEPARTMENT MASON, MICHIGAN (517) 676-7222 1.0 INTRODUCTION The County of Ingham, herein referred to as County, solicits interested and qualified private and commercial vendors to submit proposals for the purpose of entering into contract to conduct an internet security audit of the County’s internet servers. 2.0 GENERAL TERMS AND CONDITIONS OF THE REQUEST FOR PROPOSAL 2.1 Submittals, in three (3) copies, marked "RFP No. 27-04, Internet Security Audit Services" will be received no later than 11:00 A.M., local time prevailing, on July 26, 2004 in the: Ingham County Purchasing Department Attention: James C. Hudgins, Jr., Director of Purchasing 121 E. Maple St. Mason, Michigan 48854 2.2 Should you decide to utilize an express delivery service, please note that we are located at the intersection of Maple Street and Jefferson Street. Proposals will not be accepted via Fax machine or Internet E-mail. 2.3 Time is of the essence and any proposal or addenda pertaining thereto received after the announced time and date for submittal, whether by mail or otherwise, will be rejected. It is the sole responsibility of the Proposer for ensuring that their proposals are time stamped by Purchasing Department personnel before the ...
Informations
| Publié par | Baheh |
| Nombre de lectures | 10 |
| Langue | English |
Extrait
REQUEST FOR PROPOSAL
No. 27-04
INTERNET SECURITY AUDIT SERVICES
IN
INGHAM COUNTY
INGHAM COUNTY
PURCHASING DEPARTMENT
MASON, MICHIGAN
(517) 676-7222
1.0 INTRODUCTION
The County of Ingham, herein referred to as County, solicits interested and qualified
private and commercial vendors to submit proposals for the purpose of entering into contract to
conduct an internet security audit of the County’s internet servers.
2.0 GENERAL TERMS AND CONDITIONS OF THE REQUEST FOR PROPOSAL
2.1 Submittals, in three (3) copies, marked
"RFP No. 27-04, Internet Security Audit
Services"
will be received
no later than 11:00 A.M., local time prevailing, on July 26, 2004
in the:
Ingham County Purchasing Department
Attention: James C. Hudgins, Jr., Director of Purchasing
121 E. Maple St.
Mason, Michigan 48854
2.2 Should you decide to utilize an express delivery service, please note that we are
located at the intersection of Maple Street and Jefferson Street. Proposals will not be accepted
via Fax machine or Internet E-mail.
2.3 Time is of the essence and any proposal or addenda pertaining thereto received after
the announced time and date for submittal, whether by mail or otherwise, will be rejected. It is
the sole responsibility of the Proposer for ensuring that their proposals are time stamped by
Purchasing Department personnel before the deadline indicated in Section 2.1. Proposals and/or
any addenda pertaining thereto, received after the announced time and date of receipt, by mail or
otherwise, will be returned. However, nothing in this RFP precludes the County from requesting
additional information at any time during the procurement process.
2.4 If you are an individual with a disability and require a reasonable accommodation,
please notify the Purchasing Department at (517) 676-7222, three (3) working days prior to need.
2.5 Nothing herein is intended to exclude any responsible firm or in any way restrain or
restrict competition. On the contrary, all responsible firms are encouraged to submit proposals.
2.6 Any proposal submitted MUST be signed by an individual authorized to bind the
proposal. All proposals submitted without such signature may be deemed non-responsive.
2.7 RFP PROCESS: Proposers are to submit written proposals which present the
proposer's qualifications and understanding of the work performed. The proposer's proposal
should be prepared simply and economically and should provide all the information which it
considers pertinent to its qualifications for the project and which respond to the Project
Description and Evaluation Criteria listed herein. Emphasis should be placed on completeness of
services offered and clarity of content.
2.8 If you desire not to respond to this proposal, please forward your acknowledgment of
NO PROPOSAL SUBMITTED to the above address. Failure to comply may be cause for
removal of your company's name from the vendor list for subject commodity.
2.9 MINORITY PROPOSERS: The County encourages all businesses, including minority
and women-owned businesses to respond to all Invitations to Bid and Requests for Proposals.
3.0 SELECTED TERMS AND CONDITIONS OF THE CONTRACT
3.1 REGISTERING AS A VENDOR WITH INGHAM COUNTY: Proposers must be
registered as a vendor with Ingham County before submitting any proposals or bids. Failure to
register, may be cause for removal of your firm from consideration of award. Proposers may
register as vendors with Ingham County on-line at
www.ingham.org/pp
Vendors registering to provide goods and services to Ingham County under contract shall
certify to their knowledge of the County’s Equal Opportunity Employment/Nondiscrimination
Policy, and of their agreement to comply, and shall disclose any conclusive findings of violations
of Federal, State, or Local equal opportunity statutes, ordinances, rules/regulations, or policies
within the past three (3) years.
3.2 ADDITIONAL INFORMATION REQUESTED: Please indicate if your firm has been
cited and/or fined within the last five (5) years by any Federal, State or Local regulatory agency.
If so, please provide the following information:
A. Date
B. Identity of the agency issuing the citation of fine
C. Description of the violation
D. Final rulings of agency
3.3 NONDISCRIMINATION CLAUSE: The vendor who is selected as the Contractor, as
required by law, shall not discriminate against an employee or applicant for employment with
respect to hire, tenure, terms, conditions or privileges of employment, or a matter directly or
indirectly related to employment because of race, color, religion, national origin, age, sex, sexual
preference, disability, height, weight, or marital status.
The vendor shall adhere to all applicable Federal, State and local laws, ordinances, rules
and regulations prohibiting discrimination, including, but not limited to, the following:
A.
The Elliott-Larsen Civil Rights Act, 1976 PA 453, as amended.
B.
The Persons with Disabilities Civil Rights Act, 1976 PA 220, as amended.
C.
Section 504 of the Federal Rehabilitation Act of 1973, P.L. 93-112, 87
Stat. 394, as amended, and regulations promulgated thereunder.
D.
The Americans with Disabilities Act of 1990, P.L. 101-336, 104 Stat 328
(42 USCA §12101 et seq), as amended, and regulations promulgated
thereunder.
Breach of this section shall be regarded as a material breach of the agreement.
3.4 INDEMNIFICATION AND HOLD HARMLESS: The vendor who is selected as the
Contractor shall, at its own expense, protect, defend, indemnify, save and hold harmless the
County of Ingham and its elected and appointed officers, employees, servants and agents from all
claims, damages, lawsuits, costs and expenses including, but not limited to, all costs from
administrative proceedings, court costs and attorney fees that the County of Ingham and its
elected and appointed officers, employees, servants and agents may incur as a result of the acts,
omissions or negligence of the Contractor or its employees, servants, agents or subContractors
that may arise out of the agreement.
The Contractor’s indemnification responsibility under this section shall include the sum
of damages, costs and expenses which are in excess of the sum of damages, costs and expenses
which are paid out in behalf of or reimbursed to the County, its officers, employees, servants and
agents by the insurance coverage obtained and/or maintained by the Contractor.
3.5 INSURANCE: The vendor shall purchase and maintain insurance not less than the
limits set forth below. All coverages shall be with insurance companies licensed and admitted to
do business in the State of Michigan and with insurance carriers acceptable to Ingham County
and have a minimum A. M. Best Company's Insurance Reports rating of A or A- (Excellent).
A.
Worker's
Disability Compensation Insurance including Employers
Liability Coverage in accordance with all applicable Statutes of the State
of Michigan.
B.
Commercial General Liability Insurance on an “Occurrence Basis” with
limits of liability not less than $1,000,000 per occurrence and/or aggregate
combined single limit.
Coverage shall include the following: (A)
contractual liability; (B) products and completed operations; (C)
Independent Contractors Coverage; (D) Broad Form General Liability
Endorsement or Equivalent.
C.
Motor Vehicle Liability Insurance, including Michigan No-Fault
Coverage, with limits of liability of not less than $1,000,000 per
occurrence combined single limit Bodily Injury and Property Damage.
Coverage shall include all owned vehicles, all non-owned vehicles and all
hired vehicles.
D.
Additional Insured - Commercial General Liability Insurance, as described
above, shall include an endorsement stating the following shall be
“Additional Insureds”. The County of Ingham, all elected and appointed
officials, all employees and volunteers, all boards, commissions and/or
authorities and board members, including employees and volunteers
thereof.
E.
Cancellation Notice - All insurances described above shall include an
endorsement stating the following: “It is understood and agreed that thirty
(30) days advanced written notice of cancellation, non-renewal, reduction
and/or material change shall be sent to: Ingham County Purchasing
Department, P. O. Box 319, Mason, Michigan 48854.”
F
Proof of Insurance - The vendor shall provide to the County of Ingham at
the time the contracts are returned by it for execution, two (2) copies of
certificates of insurance for each of the and policies mentioned above. If
so requested, certified copies of all policies will be furnished.
3.6 RIGHT OF REJECTION: The County reserves the right to reject any or all proposals,
to waive any informalities or irregularities in proposals, and/or to negotiate separately the terms
and conditions of all or any part of the proposals as determined to be in the County’s best
interests in its sole discretion.
3.7 STANDARD FORMS: Any preprinted contract forms the vendor proposes to include
as part of the contract resulting from this proposal must be submitted as part of the proposal.
Any standard contract provisions not submitted as part of the proposal and subsequently
presented for inclusion may be rejected. The County reserves the right to accept or reject in
whole or in part any form contract submitted by a vendor and/or to require that amendments be
made thereto, or that an agreement drafted by the County be utilized.
3.8 ADVICE OF OMISSION OR MISSTATEMENT: In the event it is evident to a
vendor responding to this RFP that the County has omitted or misstated a material requirement to
this RFP and/or the services required by this RFP, the responding vendor shall advise James C.
Hudgins, Jr. at (517) 676-7222 in the Purchasing Department of such omission or misstatement.
3.9 COST OF PREPARATION: The County will not pay any costs incurred in the
proposal preparation, printing or demonstration process. All costs shall be borne by the vendors.
3.10 NOTIFICATION OF WITHDRAWAL OF PROPOSAL: Proposals may be
withdrawn prior to the date and time specified for proposal submission with a formal written
notice by an authorized representative of the vendor. Proposals submitted will become the
property of the County after the proposal submission deadline.
3.11
RIGHTS
TO
PERTINENT
MATERIALS:
All
responses,
inquires,
and
correspondence relating to this RFP and all reports, charts, displays, schedules, exhibits and
other documentation produced by the vendors that are submitted as part of the proposal shall
become the property of the County after the proposal submission deadline.
3.12 PRE-OPENING INQUIRES/RESPONSE: Any explanation desired by a prospective
vendor regarding the meaning or interpretation of a Request for Proposals and attachment(s)
must be requested in writing and presented to the Ingham County Purchasing Department.
Written requests may either be mailed, faxed to 517-676-7230, or email to
judgins@ingham.org.
All responses shall be in writing and shall be furnished to all prospective vendors as an
amendment to the RFP.
Receipt of all amendments shall be acknowledged upon the proposal by attachment
thereto at the time of submission of proposal. All amendments shall be signed and dated by the
vendor. No oral explanation or instruction of any kind or nature whatsoever given before the
award of a contract to a vendor shall be binding.
3.13 TAXES: Ingham County does not pay Federal excise and State sales taxes. Our tax
exemption number is #38-6005629 and is also stipulated on all our Purchase Orders.
3.14 WORKPLACE DIVERSITY: It is the policy of Ingham County to encourage its
vendors to develop and maintain a diverse workforce that is reflective of the population of
Ingham County. According to the U.S. Census Bureau, the statistics of Ingham County's
population in 2000 was comprised of the following:
A. White persons - 79.5%
B. Black or African American persons - 10.9%
C. American Indian and Alaska Native persons - 0.5%
D. Asian persons - 3.7%
E. Native Hawaiian and other Pacific Islander - 0.1%
F. Persons of Hispanic or Latino origin - 5.8%
3.15 FURTHER INFORMATION: Questions about the project or scope of services of
this RFP shall be directed to Rod Taylor, MIS Director at (517) 676-7373 or by Internet E-mail
to
rtaylor@ingham.org
. Questions about the proposal process should be directed to James C.
Hudgins,
Jr.,
Purchasing
Director,
at
(517)
676-7222,
or
by
Internet
E-mail
to
jhudgins@ingham.org
.
3.16 LIVING WAGE: Vendors contracting with the County primarily to perform services
are required to pay their employees a "living wage" if the following two (2) conditions apply:
1. The total expenditure of the contract or the total value of all contracts the
vendor has with the County exceeds $ 50,000 in a twelve-month calendar; and,
2. The vendor employs five (5) or more employees.
Subcontractors providing services to the County who employs five (5) or more
employees and where the total value of the contract(s) exceeds $25,000 are also required to pay a
living wage.
A living wage is defined as an hourly wage rate which is equivalent to 125% of the
federal poverty level.
For 2004, the living wage is $11.79 per hour
. Typically, the living wage
increases from 2-4% annually. Twenty percent of the living wage costs paid by the employer
can be for an employee's health care benefits. This wage rate applies to part and full-time
employees who work on County contracts.
The following group of vendors and special conditions are exempted from paying living wages:
1. Public Entities
2. Entities with 501(c)(3) status who have nine (9) or fewer employees.
3. Employees working under the terms of a collective bargaining agreement.
4. Contracts where County policy requires the payment of prevailing wages
(construction contracts.)
5. Programs designed specifically for high school and/or college students such as
a bona fide training, summer or youth employment, work study, volunteer/public
service, or internship programs.
6. Co-op employees employed as part of a high school or college co-op program
which is part of the employee's educational curricula.
7. Programs which operate to train people with disabilities and which are
designated as community rehabilitation programs, work activity centers and/or
sheltered workshops.
8. Temporary or seasonal employees.
For more information on the Ingham County Living Wage Policy, please see the attached
Ingham County Living Wage Resolution and the Frequently Asked Questions About Living
Wage in Ingham County Guideline.
4.0 SCOPE OF SERVICES/PROJECT DESCRIPTION
4.1 SCOPE OF SERVICES: The County currently has numerous servers that are internet
accessible inside a DMZ. To verify that these servers are secure, and to ensure that the County is
following industry standards, the County requests proposals from vendors experienced with and
capable of performing internet security auditing services. At a minimum, the audit will address
the following for each of the servers in the DMZ:
A. Service Packs and Hot fix levels
B. Open ports
C. Back doors
D. Web services configuration (i.e. IIS)
E. SNMP
F. Assignment of server rights (i.e. NTFS, share)
G. Database security
H. Passwords strength and policy
I. Security of access back from the DMZ to the County network
J. Viruses, scripts or Trojans
K. SANS top 20
L. Best practices the County should consider adopting
M. Any other issues that could place the County at risk for hacking, denial of service, or
any other unintended use of the servers that are located on the web.
This audit is intended to be more than an external scan by a third-party Contractor, and
therefore, it is expected that the Contractor will need to perform some of the auditing services
on-site. As such, the Contractor shall coordinate scheduling with the MIS Department so as to
limit the impact on the County’s ability to offer web services to its internal and external
customers.
The expected outcome of the audit is a report that will allow the County to evaluate and
to address the internet security issues discovered. It is further expected that the report will consist
of an Executive Summary; a comparison to other governmental entities of similar size; a listing
of vulnerabilities; and, in-depth recommendations on how the County can resolve current and
future vulnerabilities. To help the County resolve the most pressing vulnerabilities, each one
must be ranked/prioritized by the following criteria: probability and impact to the organization.
Probability
Very High
High
Medium
Low
Impact
Critical
Serious
Significant
Minor
4.2 PROPOSAL FORMAT: Prefacing the Proposal, the Proposer shall provide an
Executive Summary of three (3) pages or less, which gives in brief, concise terms, a summation
of the Proposal. The Executive Summary shall indicate a brief statement of intent to perform the
services, qualifications for selection, and signature of an authorized officer of the firm who has
legal authority in such transactions. Unsigned proposals will be rejected.
In addition, the Proposer's Executive Summary shall expressly state that, should the
enclosed proposal be accepted, the Proposer agrees to enter into a contract under the terms and
conditions as prescribed by this Request for Proposal. Any and all exceptions to the RFP must be
listed on an item-by-item basis and cross-referenced within the Executive Summary. If there are
no exceptions, the Proposer must expressly state that no exceptions are taken.
The proposal itself shall be organized in the following format and informational
sequence:
4.2.1 Part 1- Organization: State the full name and address of your organization
and identify the parent company, if you are a subsidiary. Specify the branch office
or other subordinate element that will perform, or assist in performing work
herein. Indicate whether you operate as a partnership, corporation or individual.
Indicate the state in which you are incorporated or licensed to operate.
4.2.2 Part II- System Concept and Solution: Define in detail your understanding
of the problem presented in Section 4.1 Scope of Work, and your system solution.
Provide all details as required in Section 4.1, Scope of Work, in addition to
those facts you deem necessary to evaluate your proposal.
4.2.3 Part III- Program: Describe your technica1 plan for accomplishing the
required work. Include such time-related displays, graphs, and charts as necessary
to show tasks, sub-tasks, and decision points related to the Scope of Work and
your plan for accomplishment.
4.2.4 Part V-Prior Experience: Describe only relevant corporate experience and
individual experience for personnel who will be actively engaged in the project.
Do not include corporate experience unless personnel assigned to this project will
actively participate.
4.2.5 Part VI-Personnel: Include the names and qualifications of all professional
personnel who will be assigned to this project. State the primary work assigned to
each person and the percentage of time each person will devote to this work.
Identify key persons by name and title. The employee(s) performing the audit
must be CISA, SANS, GIAC, CISSP, CCSA or equivalent certified.
4.2.6 Part VIII-Cost Proposal: Contractors should provide pricing by server.
Additionally, provide an option for a smaller “refresh audit” one year after the
completion of the primary audit.
5.0 PROPOSAL EVALUATION FACTORS
5.1 EVALUATION CRITERIA: The evaluation criteria will have the following assigned
point values. The criteria shall have a maximum total value of 100 points in accordance with the
following ranking:
1. Cost -
Maximum of 40 points
2. Business Plan & Technical Proposal -
Maximum of 30 points
3. Proposer’s Experience -
Maximum of 25 points
4. Delivery Time-
Maximum of 5 points
5.2 SELECTION PROCEDURE: Selection may be made of one or more Proposers
deemed to be fully qualified and best suited among those submitting proposals, on the basis of
the factors involved in the Request for Proposal. Negotiations may then be conducted with the
Proposers so selected. After negotiations have been conducted with the Proposers so selected, the
County shall select the Proposer which, in its opinion, has made the best proposal and award the
contract to that Proposer.
5.3 BASIS FOR AWARD: Information and/or factors gathered during interviews,
negotiations and any reference checks, in addition to the evaluation criteria stated in the RFP,
and any other information or factors deemed relevant by the County, shall be utilized in the final
award. The final award of a contract is subject to approval by the Ingham County Board of
Commissioners.
WORKPLACE DIVERSITY QUESTIONNAIRE
(Please type or print clearly in ink only)
RFP #27-04
The Ingham County Board of Commissioners recognizes the importance of purchasing goods
and services from vendors who are committed to creating a diverse work environment which
values and utilizes the contribution of employees from different backgrounds, experiences and
perspectives.
As such, the County actively encourages supplier relationships with women-,
minority-, disabled-, and veteran-owned business enterprises that can provide competitive prices,
quality and service. The County also strongly encourages employers to employ an equally
diverse workforce.
To that end, the County
requests
vendors to submit as part of their response to any formal
Request for Proposals or Bids, the following workplace diversity information. Vendors are
encouraged to complete as much information as possible. This information will be used for
statistical purposes only.
1. What percentage of your firm’s workforce is:
African American ______%
Asian Pacific Islander ______%
Caucasian _____%
Hispanic _____%
Native American _____%
Subcontinent Asian (Indian) _____%
2. What percentage of your firm’s workforce is female? ______%
3. What percentage of your firm’s workforce is physically-disabled? ______%
4. If your business is at least 51% owned by one of the following individuals, please check all
that apply:
Female ______
Minority ______
Disabled ______
Veteran _____
Firm Name: ___________________________________Date:____________________________
Signature: ________________________________ Name (print):_________________________
© 2010-2024 YouScribe