Request for Proposal OGL Information Technology Security Audit

Similar documents
REQUEST FOR PROPOSALS: VIDEO PRODUCTION SERVICES

Request for Qualifications Project Facilitator/Manager for Business Plan Development

Request for Qualifications: Information Technology Services

SFY 2019 NATIONAL FAMILY CAREGIVER SUPPORT PROGRAM REQUEST FOR PROPOSAL UNDER THE OLDER AMERICANS ACT OF 1965, AS AMENDED TO BE AWARDED BY:

Scope of Services The City is seeking consulting services for the following tasks:

ELY AREA BROADBAND COALITION (ELY ABC)- BROADBAND FEASIBILITY STUDY REQUEST FOR PROPOSAL

COUNTY OF DUNN, WISCONSIN REQUEST FOR PROPOSALS PROCUREMENT NO CSB CONSTRUCTION MANAGEMENT SERVICES

Planning Sustainable Places Program

REQUEST FOR PROPOSAL (RFP)

DATE: 12/17/15 MTA-NYCT IS NOW ADVERTISING FOR THE FOLLOWING:

REQUEST FOR PROPOSAL (RFP)

RFP No. FY2017-ACES-02: Advancing Commonwealth Energy Storage Program Consultant

IT Managed Services Provider

LAS VIRGENES MUNICIPAL WATER DISTRICT 4232 Las Virgenes Road, Calabasas, California 91302

Request for Proposal RFP # , Managed Network Services

PROSPECTIVE FIRMS. Dear Sir/Madame:

Request for Proposal (RFP) for: Technology Consulting Services

Request for Proposal 1705A Wireless Network

Grant Management Software Implementation Project

FLORIDA DEPARTMENT OF TRANSPORTATION

NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS METROPOLITAN PLANNING ORGANIZATION REQUEST FOR PROPOSALS

Request For Proposal (RFP) for On-Site Security Services

Lyndon Township Broadband Implementation Committee Lyndon Township, Michigan

CITY OF ROCK HILL, SOUTH CAROLINA SOLICITATION OF QUALIFICATIONS FOR TRANSIT CONSULTANT SERVICES

REQUEST FOR INFORMATION STAFF AUGMENTATION/IT CONSULTING RFI NO.: DOEA 14/15-001

Digital Copier Equipment and Service Program

SACRAMENTO REGIONAL SOLID WASTE AUTHORITY REQUEST FOR PROPOSALS FOR CONSULTING SERVICES FOR A REGIONAL GREEN WASTE PROCESSING FACILITY

WEST VIRGINIA HIGHER EDUCATION POLICY COMMISSION REQUEST FOR PROPOSALS VERIFICATION AND DOCUMENT MANAGEMENT SERVICES RFP #19007.

REQUEST FOR PROPOSAL For East Bay Community Energy Technical Energy Evaluation Services

REQUEST FOR PROPOSAL for Wide Area Network Design, Configuration and Installation

PAL-MAR WATER CONTROL DISTRICT Security-Maintenance Services RFP Proposal Packet

Regional Homeland Security Coordinating Committee Hospital Committee Bylaws

REQUEST FOR PROPOSALS FOR INFORMATION TECHNOLOGY SUPPORT SERVICES

Through. PICCC, Inc. As the NCTF Fiscal Agent. Program Management Services in the North Central Task Force Region (NCTF)

Linwood Corridor Complete Street & Bikeway Connections

SUPERIOR COURT OF CALIFORNIA, SANTA BARBARA COUNTY REGARDING:

REQUEST FOR PROPOSAL TO PROVIDE AS-NEEDED ENGINEERING SERVICES FOR THE IMPLEMENTATION OF

REQUEST FOR PROPOSALS PROFESSIONAL ENGINEERING SERVICES WATER SYSTEM RELIABILITY STUDY CITY OF MT. PLEASANT WATER DEPARTMENT

REQUEST FOR PROPOSALS

Regional Greenhouse Gas Initiative, Inc. Request for Proposals #18-01 RGGI Auction Services Contractor. June 18, 2018

CENTRAL BANK OF LESOTHO REQUEST FOR PROPOSAL

Solicitation Number RFP No Date Issued Procurement Officer. The Term "Offer" Means Your "Bid" or "Proposal"

State of Kansas Community Service Tax Credit FY2019 Application Guidelines (For projects starting July 1, 2018 And ending December 31, 2019)

EXHIBIT A. SCOPE OF SERVICES For EMERGENCY MANAGEMENT SERVICES. Revised 3/10/15

Request for Qualifications Gulf Environmental Benefit Fund Support Services

KANSAS CITY REGIONAL TIGER PROJECT PMOC PROGESS REPORT 2014 Fiscal Quarter 1 October 1 December 31, 2013

SAFETY NET 2017 REQUEST FOR PROPOSAL

FISCAL & COMPLIANCE AUDITS

The Request for Proposals is available on-line at and at Valparaiso City Hall, located at 166 Lincolnway, Valparaiso, Indiana

INTRODUCTION Illinois Valley Community College (IVCC) is requesting proposals for information technology security assessment services.

REQUEST FOR PROPOSALS (RFP) Information Technology Services

State of Florida Department of Children and Families

Request for Proposal for: Financial Audit Services

Wastewater Master Plan Request for Proposals May 20, 2014

EFFICIENCY MAINE TRUST REQUEST FOR PROPOSALS FOR RENEWABLE ENERGY COMMUNITY DEMONSTRATION PROJECTS IN AFFORDABLE HOUSING RFP EM

CAPITAL AREA METROPOLITAN PLANNING ORGANIZATION REQUEST FOR QUALIFICATIONS (RFQ)

WAM v2 Upgrade Readiness Assessment & Pre-Implementation Plan

Request for Proposals for Single Family Trustee Services

Request For Qualifications (RFQ) for Rural Economic Opportunities Professional

Request for Proposals (RFP) for Technical Assistance U.S. Department of Housing and Urban Development Programs

Request for Information PUBLIC WiFi Service RFI E Closing: July 31, :00 p.m. Local Time

City of Mount Rainier

Lexington Center Corporation Request for Qualifications for PROJECT COORDINATOR SERVICES

A Guide to Transportation Decision Making. In the Kansas City region

REQUEST FOR PROPOSALS

HEALTHY COMMUNITIES 2018 REQUEST FOR PROPOSAL

REQUEST FOR QUALIFICATIONS (RFQ)

Coordinated Human Services Transportation Plan Update. Fall 2017 Spring 2018 Mid-America Regional Council

GRANT GUIDANCE CALENDAR YEAR Retail Program Standards Grant Program.

City of Hays Request for Proposal. Wastewater Treatment Plant Fiber Connectivity

Planning Sustainable Places Program

REQUEST FOR PROPOSAL FOR POLICE OPERATIONS STUDY. Police Department CITY OF LA PALMA

TOWN OF BRECKENRIDGE BLUE 52 TOWNHOMES HOA MANAGEMENT SERVICES REQUEST FOR PROPOSALS. Issued August 1, 2017

2016 Request for Proposal LGBT Community Needs Assessment

TRAFFIC DATA COLLECTION REQUEST FOR PROPOSALS

Background. B. Issuing Office

The Mayor s Fund for Philadelphia On behalf of The City of Philadelphia-Office of Community Empowerment and Opportunity

Request for Qualifications (Architect / Engineer) State of Ohio Standard Forms and Documents

Request for Proposals (RFP) # School Health Transactional System. Release Date: July 24, 2018

REQUEST FOR PROPOSAL FOR. Security Cameras

Ontario School District 8C

APPENDIX D. Final Rules PART 54 UNIVERSAL SERVICE. Subpart A General Information

Date: April 6, 2018 SUBJECT: REQUEST FOR QUALIFICATIONS. RFQ # Business Analyst Services

EFFICIENCY MAINE TRUST REQUEST FOR PROPOSALS FOR Forward Capacity Market Support Services RFP NUMBER EM

EFFICIENCY MAINE TRUST REQUEST FOR PROPOSALS FOR TECHNICAL SERVICES TO DEVELOP A SPREADSHEET TOOL

Skagit County 0.1% Behavioral Health Sales Tax Permanent Supportive Housing Program - Services Request for Proposals (RFP)

Request for Proposal for Digitizing Document Services and Document Management Solution RFP-DOCMANAGESOLUTION1

New England Telehealth Consortium

EFFICIENCY MAINE TRUST REQUEST FOR PROPOSALS FOR CALL CENTER SERVICES RFP EM Date Issued: March 15, 2018

Your Guide to Writing a Grant Management Software RFP

KDOT Procurement Guidelines for STP/CMAQ Funded Planning, Education, and Outreach Projects Effective 10/1/12

SACRAMENTO COUNTY REQUEST FOR PROPOSAL OPERATIONAL REVIEW Voter Registration and Elections DEPARTMENT

ALLEGHENY COUNTY RESIDENTIAL FINANCE AUTHORITY REQUEST FOR PROPOSALS. Analysis of Housing Markets in Allegheny County

Request for Proposal (RFP) Leasing of Copiers and Copiers Support Services Throughout Garfield School District Re2

DISTRICT OF COLUMBIA WATER AND SEWER AUTHORITY (DC WATER) REQUEST FOR QUOTE RFQ 18-PR-DIT-27

REQUEST FOR PROPOSAL (RFP) SOLICITATION NO COMPUTER HARDWARE AND SOFTWARE. Nevada Rural Housing Authority Carson City, Nevada

On-Call Traffic Engineering Services

REQUEST FOR QUALIFICATIONS ARCHITECTURAL SERVICES Burbank School District 111 March 2016

REQUEST FOR QUALIFICATIONS G ELLUCIAN (Datatel) COLLEAGUE CONVERSION TO MS SQL AND RELATED UPGRADES PROJECT

Request for Proposal (RFP) Video Production and Videography Services Response Deadline: September 3, 2018

Transcription:

Request for Proposal Issued August 11, 2017 Table of Contents Page Background I. MARC Organizational Structure and Activities 1 II. Operation Green Light Program Description 2 III. OGL Information Technology (IT) System 2 IV. Current IT Security Efforts 3 V. Objectives 3 Proposed Scope of Services 3 Questions 4 Response Requirements 4 Engagement 5 Anticipated Schedule for Consultant Selection 5 Evaluation Criteria and Weights 5 Contact for Further Information 6 Open Records Act and Proprietary Information 6 Protest Procedures 6 Closing Date and Time for Proposals September 8, 2017, by 4 pm CST Contact Information Ray Webb, Manager of Traffic Operations, rwebb@marc.org

Background I. MARC Organizational Structure and Activities The Mid-America Regional Council (MARC) is the metropolitan planning organization and association of city and county governments serving the bi-state Kansas City region. It is a public, nonprofit agency. MARC serves nine counties with 119 cities, including Cass, Clay, Jackson, Platte and Ray counties in Missouri; and Johnson, Leavenworth, Miami and Wyandotte counties in Kansas. MARC was formed in 1972 and is governed by a 33-member board of directors composed of city and county elected officials. In addition to the board, MARC has dozens of policy, technical and advisory committees and decision-making entities overseeing its work and providing important and diverse stakeholder involvement. This series of committees and working groups enables MARC to engage a diverse array of community interests and representatives from often under-represented constituencies. MARC was formed in response to the increasing demand for regional cooperation. With input from federal, state and local governments, citizens groups and the private sector, MARC serves as a forum for the discussion of various issues including transportation, the environment, public safety and emergency services, early learning, aging services, public health, and community development issues. MARC also provides seminars and training opportunities for local governments and serves as an advocate for the region in the state and federal legislative arenas. MARC s services have expanded over the years and continue to evolve to meet the changing needs of the region. MARC promotes regional cooperation and develops innovative solutions through leadership, planning and action. The Board provides direction and support for committees and related entities comprised of elected officials, federal, state and local government professionals, and representatives of civic partners and institutions, such as non-profit agencies, special districts, colleges and universities, business interests and associations, and citizens. The Board and committee activities are supported by a professional staff headed by an executive director who is appointed by the Board. Staff members are trained in a variety of disciplines, including public administration, economics, urban planning, accounting, social services and public affairs. The staff works in six departments: aging, community development, early learning, research services, financial affairs and transportation. MARC currently has 130+ employees and offers a comprehensive fringe benefit package. MARC services are funded by a variety of sources including contributions by member governments; formula and discretionary grants from Missouri, Kansas, and the federal government; and contributions for specific programs from private foundations and civic organizations. MARC s annual budget is approximately $60 million, with approximately 75 percent from federal grant sources and the remainder from state and local government dollars, private foundation grants and earned income. MARC s financial services department manages over 150 grants at any given time. 1

II. Operation Green Light Program Description Operation Green Light (OGL) is a regional effort to improve traffic flow and reduce vehicle emissions. As part of MARC s transportation department, Operation Green Light works with federal, state and local agencies to develop and implement a system to coordinate traffic signal timing plans and communication between traffic signal equipment across jurisdictional boundaries. MARC staff working in the OGL program provide resources to member agencies in the form of (1) a regional network for traffic signals and other transportation related technology needs, (2) access to a central Advanced Transportation Management System software and associated servers, software, and network equipment, (3) traffic signal programming/operations and data collection services, and (4) other support services as needs arise. The OGL program is under the oversight of the MARC organization as described above as well as the OGL Steering committee which is made up of representatives from each of the OGL-participating member agencies. Currently 24 different cities and states participate in OGL. MARC staff working in the OGL program are housed at the Missouri Department of Transportation Kansas City District office in Lees Summit, MO. III. OGL Information Technology (IT) System MARC maintains a regional IT network to provide applications and services to MARC and member agency staff, as well as authorized consultants and contractors. These applications include TransSuite by TransCore, Security Center by Genetec, as well as web access to various field transportation devices. MARC staff also utilize standard Microsoft Office and other applications on workstations in the office. System users who are not on-site at the OGL office access the OGL applications through the Internet or the OGL Regional network. This includes remotely logging into the TransSuite application server using Microsoft RD Gateway. A small, single access point Wi-Fi network is maintained at the OGL office for staff and visitor use. MARC maintains two Hyper-V host servers for OGL, one is at the office in Lees Summit, and the other is a replication backup maintained at a tower shelter offsite. MARC maintains two Internet connections for OGL, one at each of the two host server locations. The MARC maintained OGL field network consists of wireless and wired backbone links between 16 tower locations as well as interfaces with networks of other agencies who provide backhaul from one part of the city to another when existing network capacity can meet the system needs without MARC building additional infrastructure. The OGL network interfaces with many other networks of area cities and state agencies. The OGL field network extends down to the street level at several hundred signalized intersections through the region. These on-street connections can be both wireless and through fiber-optic cable. The primary connection needed at each intersection s control cabinet is with the Traffic Signal Controller device but other devices, such as surveillance cameras, may also be connected at some locations. 2

MARC s OGL network is well documented and details can be provided during contract development time. IV. Current IT Security Efforts MARC staff and their existing on-call OGL IT Consultant have been working to make the OGL network more secure against threats. The field network, servers and software at the office, as well as the traffic signal controllers must be as protected as possible. The field network has been geographically segmented using layer 3 routing. Staff have configured firewalls at each Internet connection, tower location as well as connections with networks maintained by other agencies. Local agencies who maintain traffic signal cabinets have been strongly encouraged to use padlocks on those cabinets in addition to the cabinet keyed lock. All wireless connections are encrypted. All user accounts having access to the OGL system are required to have strong passwords. V. Objectives MARC is interested in assessing its current OGL IT systems and practices to determine if any improvements can be made to better protect the network integrity, servers, software, and traffic signal controllers from threats. Proposed Scope of Services The consultant shall assess the following, either through directly TESTing or through discussions with MARC staff and REVIEW of documentation: Network resiliency (REVIEW to identify single points of failure for primary and backbone connections) Firewall vulnerability (REVIEW rules of two sample firewalls) Wireless network vulnerability (TEST consumer-grade WiFi at office and TEST one typical proprietary field wireless technology setup) Server vulnerability (TEST against one machine) Workstation vulnerability (TEST against one workstation) Password management vulnerability (REVIEW policy and procedures) Physical field cabinet access vulnerability (REVIEW several sample field cabinet setups and TEST one location) User behavior/procedural vulnerability (REVIEW through phone interview with 5-7 OGL users) The consultant will provide a written report and a presentation of the process and findings to selected key MARC staff and OGL Steering Committee members. The report will address the following: Specific recommendations for each area of vulnerability along with an implementation cost estimate, if any, of recommended solutions. Immediate response reports for critical discoveries. Prioritization of remaining discoveries with a roadmap for remediation. Definition of any risks associated with the remediation of the vulnerabilities. Recommended tools, procedures or policies. The Consultant shall adhere to the following restrictions in the performance of the Scope of Work: No denial of service tools/techniques shall be used as part of any assessment. 3

No footprint of penetration shall be left behind. MARC has budgeted $25,000 for the scope of services. It is anticipated that the consultant should be able to complete the project within a 60-day timeframe. A consultant located outside the Kansas City region may work remotely using Conference calls, Skype or Go to Meeting technologies however there will be a need to be in Kansas City for a limited number of meetings at MARC and/or the OGL program offices. Questions All questions regarding this Request for Proposals (RFP) should be directed to Ray Webb by email at rwebb@marc.org by August 22, 2017. Responses to questions will be provided to all interested parties by August 28, 2017. Response Requirements Responses to this Request for Proposals should be directed to Ray Webb NO LATER THAN 4 p.m. CST on September 8, 2017. Responses may be mailed or delivered in electronic format (PDF limited to approximately 15Mb) to Ray Webb at rwebb@marc.org. Note: It is the responsibility of the consultant to verify the receipt of proposals by MARC staff as there is always the possibility of emails getting blocked by MARC s firewall/spam filter. The following items should be addressed in your response. 1. Identification Information: Name of Key Contact Person Organization Name Address Phone Number Email Address 2. Background of the Individual and/or Organization Offering Consulting Services. Provide information on the individual s or organization s background, including experience, education and skills necessary to perform the required work. If multiple individuals will be assigned to the MARC project, please include a brief (no more than 1 page) resume for key staff assigned to support this project. Indicate specific credentials that make an individual(s) and/or organization well suited to meet MARC s requirements for this project. 3. Experience with Similar Engagements. Provide a description of experience on projects with other clients similar to the work that MARC is requesting. 4. References for Similar Projects. Provide three references of clients (key contact information) where similar services to those requested in this RFQ were offered and/or where knowledge of skills would be known. 4

5. Detailed Project Plan. Provide a detailed project plan, outlining the tasks that will be completed along with the deliverable schedule. Include the estimated timeframe for the review and completion of written report. 6. Proposed Hourly Fees and Total Project Fee. Provide the hourly billing rates for each individual that would be assigned to the MARC project along with the estimated hours and total fee proposed for this project. Engagement This Request for Proposal does not commit MARC to award a contract or to pay costs incurred in the preparation of a proposal in response to this request. MARC reserves the right to accept or reject any or all responses received as a result of this request if it is considered in the best interest of MARC. MARC may require the proposer selected to participate in negotiations, and to submit such price, technical or other information as may be needed to finalize a particular engagement for services. Anticipated Schedule for Consultant Selection The following schedule will be used for the selection of a consultant. Issue Request for Proposals August 11 Deadline for Questions and Requests for Further Information August 22 Responses to Questions August 28 Deadline for Proposals (submitted by email to September 8, 2017, by 4 pm CST, rwebb@marc.org) Select Preferred Consultant Week of September 11, 2017 Finalize Agreement and Issue Notice to Proceed Estimated within two weeks following selection Evaluation Criteria and Weights The proposals submitted by each consultant will be evaluated according to the following factors: 1. Specialized experience and technical competence of the consultant and assigned staff relative to the scope of work and task requirements outlined in this RFP (50 points) a. Experience of the project manager b. Amount of dedicated time of key staff allocated to the project c. Experience of other assigned individuals 2. Understanding the nature of the project (30 points) a. Understanding the proposed scope of work b. General understanding of the regional significance of the project c. General organization and clarity of the proposal 3. References reflecting previous work experience of the project team and satisfactory accomplishment of responsibilities (20 points) (minimum of three verifiable references) a. Quality of final product b. Ability to meet work schedules c. Responsiveness to client input 5

Contact for Further Information For further information about this RFP, contact Ray Webb, PE, Manager of Traffic Operations, at rwebb@marc.org. Open Records Act and Proprietary Information The Mid-America Regional Council (MARC) is a public organization and is subject to the Missouri Open Records Act (Chapter 610, RSMo). All records obtained or retained by MARC are considered public records and are open to the public or media upon request unless those records are specifically protected from disclosure by law or exempted under the Missouri Sunshine Law. All contents of a response to a Request for Bids, Qualifications, Proposals or information issued by MARC are considered public records and subject to public release following decisions by MARC regarding the bid request. If a proposer has information that it considers proprietary, a bidder shall identify documents or portions of documents it considers to contain descriptions of scientific and technological innovations in which it has a proprietary interest, or other information that is protected from public disclosure by law, which is contained in a Proposal. After either a contract is executed pursuant to the Request for Bids, RFQ or RFP, or all submittals are rejected, if a request is made to inspect information submitted and if documents are identified as Proprietary Information as provided above under Missouri Sunshine Law, MARC will notify the proposer of the request for access, and it shall be the burden of the proposer to establish that those documents are exempt from disclosure under the law. Protest Procedures In the course of this solicitation for proposals and the selection process, a proposer (bidder of offer or whose direct economic interest would be affected by the award of the contract) may file a protest when in the proposer s opinion, actions were taken by MARC staff and /or the selection committee which could unfairly affect the outcome of the selection procedure. All protest should be in writing and directed to Mr. David Warm, Executive Director, Mid America Regional Council, 600 Broadway, Suite 200, Kansas City, MO 64105. Protest should be made immediately upon occurrence of the incident in question but no later than three (3) days after the proposer receives notification of the outcome of the section procedure. The protest should clearly state the grounds for such a protest. Upon receipt of the protest, MARC s Executive Director or his assigned will review the actual procedures followed during the selection process and the documentation available. If it is determined the action(s) unfairly changed the outcome of the process, notifications with the selected proposer will cease until the matter is resolved. 6

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback