HomeMy WebLinkAboutRFP - 7454 INFORMATION TECHNOLOGY INFRASTRUCTURE ASSESSMENTAddendum 1 – 7424 Information Technology Infrastructure Assessment Page 1 of 10
ADDENDUM No. 1
SPECIFICATIONS AND CONTRACT DOCUMENTS
Description of BID 7454: Information Technology Infrastructure Assessment
NOTE: DUE DATE FOR PROPOSALS HAS BEEN PUSHED BACK BY TWO WEEKS
TO THE FOLLOWING NEW DATE:
OPENING DATE: 3:00 PM (Our Clock) January 11, 2013
To all prospective bidders under the specifications and contract documents described
above, the following changes/additions are hereby made and detailed in the following
sections of this addendum:
Exhibit 1 – Additions and Clarifications
Exhibit 2 - Questions & Answers
Please contact Ed Bonnette, CPPB, CPM, Buyer, Buyer at (970) 416-2247 with any
questions regarding this addendum.
RECEIPT OF THIS ADDENDUM MUST BE ACKNOWLEDGED BY A WRITTEN
STATEMENT ENCLOSED WITH THE BID/QUOTE STATING THAT THIS
ADDENDUM HAS BEEN RECEIVED.
Financial Services
Purchasing Division
215 N. Mason St. 2nd Floor
PO Box 580
Fort Collins, CO 80522
970.221.6775
970.221.6707
fcgov.com/purchasing
Addendum 1 – 7424 Information Technology Infrastructure Assessment Page 2 of 10
EXHIBIT 1 – ADDITIONS AND CLARIFICATIONS
1. NOTE: DUE DATE FOR PROPOSALS HAS BEEN PUSHED BACK BY
TWO WEEKS TO THE FOLLOWING NEW DATE:
OPENING DATE: 3:00 PM (Our Clock) January 11, 2013
2. Schedule
Written proposals will be evaluated by the City’s Selection Committee, and three (3)
firms will be selected for interviews based upon the Committee’s recommendations.
RFP Submittal Deadline: January 11, 2013
Review and Selection of Contractor Deadline: February 1, 2013
Contracting and Scope of Work Negotiation Deadline: February 15, 2013
Notice to Proceed: March 1, 2013
In the event your firm is selected to proceed to an oral interview session; please indicate
your availability to participate onsite in Fort Collins, CO the week of January 28, 2013 as
part of your proposal.
Addendum 1 – 7424 Information Technology Infrastructure Assessment Page 3 of 10
EXHIBIT 2 – QUESTIONS & ANSWERS
Questions regarding Bid Submittal or Process:
1.Q. Does the City of a participation goal from a DBE/WBE/MBE firm? If so, what is it?
1.A. No, but we encourage submission from all vendors.
2.Q. Is there a local preference for this project? If so, how will points be awarded for
this preference?
2.A. No, the City does not have a local preference policy.
3.Q. Our team was wondering if it was possible to extend the proposal due date to
January 4? Thank you for your consideration.
3.A. Yes. See above; proposal due date has been extended.
4.Q. For clarification regarding Project Drawings (page 15, section 8), is there an
expectation that the Professional shall provide AutoCAD drawings, and if so, can
you please clarify the scope for the project drawings?
4.A. Professional Services Agreement template included in the RFP document
is our generic template included as a sample only. Specific expectations
will be clarified in Scope of Work of the contract to the awarded vendor.
5.Q. On page 1 of the RFP, it states that the preferred method is a Microsoft Word or
PDF document via email. We would like to confirm that if submitting
electronically, no paper copies are required.
5.A. Yes, that is correct.
6.Q. The RFP (page 9) states that 80% of the payment may be invoiced at the point of
delivery of the draft report and on-site discussion with members of the IT
infrastructure Assessment Committee. It states that the remaining 20% of the
contract will be authorized upon acceptance of the Final Report and
accompanying documentation. The Professional Services Agreement (page 14,
section 6) states that monthly partial payments are permissible. Can you clarify
the billing and payment schedule.
6.A. RFP page 9 is correct.
7.Q. If there is a follow-on contract to this work, will the contractor awarded by
excluded from bidding on such work?
7.A. It will depend on the scope of that follow on work.
8.Q. Is this a new or follow on requirement? If it is a follow on, please let us know the
current contract number and contract value?
8.A. This is a new requirement.
Addendum 1 – 7424 Information Technology Infrastructure Assessment Page 4 of 10
9.Q. Who is the incumbent? Is it still eligible to bid as a prime for this contract?
9.A. This is a new requirement.
10.Q. Do we need to send the Resume of Key personal?
10.A. Yes; that is requested under VI) Submittal Requirements B) 4. Project
Staffing and Organization.
11.Q. What is the NAICS Code for this procurement?
11.A. We used the following NIGP Commodity Codes for this procurement:
918-28 Computer Hardware Consulting
918-29 Computer Software Consulting
12.Q. Is this Best Value or LPTA?
12.A. VII) Selection Criteria and Method in the RFP document shows the
evaluation criteria used for this RFP.
13.Q. What is the place of performance?
13.A. It is up to the proposer how they elect to execute the requirements
outlined in the RFP. This should be spelled out clearly in your submitted
proposal.
14.Q. What is the Set- Aside for this contract?
14.A. Project budget not available.
Questions regarding Scope of the Project:
1.Q. Does the City have a budget for this project? If so, what is it?
1.A. Project budget not available.
2.Q. Does the City have a desired completion date for this project? If so, when?
2.A. We would like to have it fully complete by July 1st.
3.Q. Could the City provide an organizational chart of the IT Department that includes
FTE figures?
3.A. Yes
4.Q. In addition to the operation and support of IT infrastructure, does the IT
Department provide other IT services (software installation, application support to
users, specifications and procurement support for new systems and applications,
etc.)?
4.A. The City’s technology support environment is managed as a fully
consolidated IT department that supports almost all technology services
Addendum 1 – 7424 Information Technology Infrastructure Assessment Page 5 of 10
for the City and its services. All of the services mentioned in the question
are provided by the IT department.
5.Q. What are the current software packages being used for key enterprise
applications such as database management, office automation, document
management, GIS, financial management, infrastructure asset management,
etc.?
5.A. The city utilizes: Oracle and SQL Server installations, MS Office 2010 and
Outlook/Exchange, AlphaCorp Sire document management, ESRI GIS,
Oracle JDE EnterpriseOne ERP, multiple asset or facilities management
systems (JDE, Maximo, Azteca CityWorks, TMA Systems), Ventyx Utility
CIS, PHP Web development, Accela Land Management.
6.Q. To what extent is the management and operational control of networks and
hardware centralized. Are there distributed servers and if so, are individual
departments or city office responsible for their operation and maintenance?
6.A. Fully centralized network, server and storage management, with minor
exceptions. There are some distributed servers at a DR site and a
secondary data center.
7.Q. Could the City describe the extent to which end-users should be involved in this
project (i.e., through web-based survey or in-person meetings)?
7.A. The City is interested in having the opportunity for a number of key
management members to be personally interviewed. As well, the City
would entertain other methods to receive input from management teams
throughout the organization.
8.Q. Does the City have established “best-in-class organizations” typically used for
benchmarking?
8.A. The City would like to have organizations such as this identified as
part of this effort if possible.
9.Q. Does the City desire status reports as part of this project? If so, at what
frequency?
9.A. The frequency and level of detail can be negotiated, but status reports are
desired.
10.Q. In the assessment of current infrastructure, could the City provide additional
explanation of the level of detail expected for the evaluation of capacity and
performance? More specifically, are you expecting a significant amount of
testing to generate and examine data on network speed, server configuration and
performance, quality of network and system security, etc.?
10.A. Significant testing of the environment was not anticipated. However, the
City would definitely entertain that as an option should it be identified as a
Addendum 1 – 7424 Information Technology Infrastructure Assessment Page 6 of 10
recommendation to adequately assess our current status and future state
strategies.
11.Q. Could the City explain further the specification for defining “business risks?” How
broad should the risk evaluation be—IT Department business processes and
infrastructure operation or more broadly to include potential risks associated with
user business processes impacted by IT (e.g., on-line eGov services line
permitting or fee payment)?
11.A. The risks to be evaluated should be defined to more broadly include
potential risks to business activities.
12.Q. We believe it is critical to have ready access to various subject matter experts
and stakeholders to gain an understanding and expertise on the current system
state. What is the process/timeframe we should expect when working with these
individuals? For example, do we need to plan in our scheduling for a 2 day
turnaround or a 1 week turnaround from time of request to getting access to the
SMEs and stakeholders.
12.A. The answer to this question will depend upon the staff involved and the
amount of time required. Unfortunately, we are currently engaged in some
significant projects and our staffing capacity is somewhat tight. At this
time, I would plan for 1 week turnaround time.
13.Q. Let us know that how many total FTE’s are required under this requirement?
13.A. No requirement
14.Q. We understand the basic proposal requirements, but would appreciate clarity on
the following areas:
Section II – Scope of Work, Item A “Documentation”.
Documentation of the existing environment will include at a minimum:
Compiling informative inventories of hardware and software assets;
significant capacity and performance data; technical resources; historical and
current facility and technology projects; operations and maintenance workload;
technical architectures; formal and informal organization structures; operational
processes; budgets; customer service feedback; community services; application
programs; organizational vision and mission statements; outsourced workload,
and cyber security defenses.
1) Can you please clarify what is defined as “Compiling”?
1a. The compilation should be sufficient to assist the City in understanding
its current state and to provide the City with recommendations for
adapting its environment to meet the recommended future state. The
City maintains documentation regarding its current infrastructure and
would make the appropriate staff readily available to provide further
information.
Addendum 1 – 7424 Information Technology Infrastructure Assessment Page 7 of 10
2) Would that include physically collecting the information on each piece of
equipment using software or a manual process or is it the compilation of
existing inventories to arrive at the required documentation? Does that
include printers, scanners, and other peripherals?
2a. The physical collection of each piece of equipment is not necessary. It is
anticipated that City staff can provide the majority of information. The
City’s server and storage is less well documented and would require
more effort. The City does not require the collection of inventories of
lesser peripherals. However, it would be expected that the selected
vendor would provide recommendations that impact lesser peripherals.
For example, the increased use of shared printers as opposed to
personal, desktop printers.
3) Would we be allowed to use software that we have available, where
feasible, as a collection tool or does the City something that we can
leverage?
3a. The use of automated inventory collection would be allowed. The City
does maintain an existing asset management tool.
4) If a physical collection of different sites are required, what level of information
would you be requiring us to collect (model, processor, RAM, location, etc.)
and how many sites and devices do you estimate the work effort would be?
4a. The physical collection at different sites is not expected to be required to
collect information at this level of detail. However, there are a few key
sites where the City would expect the vendor to visit to understand the
environment and infrastructure involved. The City’s server and storage
is less well documented and would require more effort.
I would also submit the same questions around the “Software Assets”
compilation requirements.
5) What level of detail do you require around the software inventory? Is this
limited to business software titles only and do we need to determine the
number of licenses being used per software package?
5a. A highly detailed inventory of software is not required. The City has
significant documentation of software and licensing.
6) Will we need to manually inventory PCs or is there an automated tool, such
as Microsoft Configuration Manager that could be leveraged to gather the
information and to what level would you need those inventories?
6a. There is no expectation of a manual inventory of PCs.
7) If no tools are readily available, could we utilize questionnaires to
departments to give us the information as a part of the departmental
involvement/interviews or is more information desired than what most
department staff could easily answer?
Addendum 1 – 7424 Information Technology Infrastructure Assessment Page 8 of 10
7a. Questionnaires would be fine if desired. However, it is questionable as
to whether departmental staff could provide the information.
8) If required, could we use software that we have available to perform the
inventory on your network?
8a. Software to produce inventories would be fine.
Additionally, in the “Assessment” requirement of Section II, Item A, we have the
following question:
9) Can you explain what is meant by “Cyber Security Posture” on the fourth
item down?
9a. The City desires information and recommendations on the current state
of the City’s cyber security activities and readiness. The City needs to
know what efforts it should undertake to appropriately ensure the
security of its information systems and data as per industry standards
and best practices.
10) Would you desire for us to perform penetration testing and a full compliance
review for a standard such as PCI or would interviews of security staff and an
assessment of the “Cyber Security” infrastructure that the city uses today be
sufficient?
10a. Penetration testing is not required. The City is engaged in another
contract with a different vendor for that purpose. We would be
interested in attaining information that would assist the City in
understanding any deficiencies in being PCI compliant.
15.Q. Do you have change control processes in place?
15.A. Not in as formal manner as desired.
16.Q. Is there a capacity planning group?
16.A. No
17.Q. Do you have clear vision of IT and business need growth for the next six months
or year? If so, can you provide a rough idea of that growth?
17.A. We have developed Program Action Plans for most functional areas of IT
and those documents will be made available.
18.Q. Are there defined SLA's for any of the services that are within scope?
18.A. Yes.
19.Q. Do you have a disaster recovery and/or business continuity plan or recovery
strategy in place now?
19.A. No.
Addendum 1 – 7424 Information Technology Infrastructure Assessment Page 9 of 10
20.Q. How current is business impact analysis information?
20.A. Not.
21.Q. Do you have any software tools in place that will contribute to the collection of
detailed information about the technology environment; providing inventory and
performance data. If so, what tools are available?
21.A. The City maintains software and network inventories based upon
discovery and management tools sets. The network LMS is Ciscoworks.
22.Q. What regulatory compliance requirements are imposed on you?
22.A. The City has numerous regulatory compliance requirements that IT is
peripherally involved in such as CJIS, DEA grant compliance, and
financial.
23.Q. What audits are performed relative to those compliance requirements?
23.A. The audits that are performed that we participate in are: Yearly CJIS audit
in Police Services; DEA audit in August for Smart Grid, which includes
cyber security for that project; financial audit, which includes IT related
financial systems and processes audit.
24.Q. Can you elaborate on what you perceive to be your cyber security
requirements?
24.A. The City desires information and recommendations on the current state of
the City’s cyber security activities and readiness. The City needs to know
what efforts it should undertake to appropriately ensure the security of its
information systems and data as per industry standards and best
practices.
25.Q. When speaking of items such as organizational structure and process
improvement, can we assume this relates only to the IT organization and not the
overall business environment?
25.A. Yes.
26.Q. Is there an accurate asset list with hardware and software in scope for this
assessment?
26.A. The physical collection of each piece of equipment is not necessary. It is
anticipated that City staff can provide the majority of information. The
City’s server and storage is less well documented and would require more
effort.
27.Q. Is there a current enterprise map covering:
a. network topology with associated circuit types/speeds and future growth
requirements.
Addendum 1 – 7424 Information Technology Infrastructure Assessment Page 10 of 10
Topology and circuit types available.
b. logical application architecture
No
c. storage infrastructure
Limited
d. Backup and DR requirements and infrastructure
Limited
28.Q. What business applications/systems will be in scope for this assessment?
28.A. The assessment of business applications themselves is not necessary.
The assessment of the interaction of the business applications with the
infrastructure and its ability to adequately deliver current and proposed
applications is expected.
29.Q. Are there any 3rd party services or applications in scope?
29.A. The City utilizes a number of externally hosted applications. See answer
to 28 as to their part in the assessment. The City does engage some 3rd
party service providers for limited support of the infrastructure
environment. An assessment would be expected.
30.Q. Are there any custom applications (non-COTS) in scope?
30.A. The City has an extensive PHP Web environment. See answer to 28 as to
its part in the assessment.
31.Q. Has there been a criticality assessment to prioritize applications?
31.A. No.
32.Q. How many sites need to be visited to get a reasonable understanding of sites
and site types?
32.A. The City has a large number of facilities. Primary IT infrastructure is
present at a small number of sites, 4. However, given the variation of
services that the City provides, the number of sites to visit to understand
business needs would be higher and would depend upon the selected
vendor’s methods to gather information. Feel free to access the City’s
Web site to determine how many sites that your company many need to
visit.
33.Q. How many references does the City desire to be provided?
33.A. 3