1 REQUEST FOR PROPOSAL CITY OF LOS ANGELES MAYOR’S OFFICE OFFICE OF HOMELAND SECURITY AND PUBLIC SAFETY DATE ISSUED: December 11, 2014 TITLE: Los Angeles Citywide Cyber Security System DESCRIPTION: Pursuant to Mayor Garcetti’s Executive Order No. 2, the City of Los Angeles (City) Cyber Intrusion Command Center (CICC) was created to lead cybersecurity preparation and response across City departments. The CICC is responsible for implementing enhanced security standards across City departments and serving as a rapid reaction force to countering cyber attacks. Under the direction of the CICC, the City is seeking proposals from qualified bidders to plan, design, build and implement an integrated security operations system (ISOC) to support ongoing efforts to enhance the City’s cyber security posture. The ISOC will consolidate departmental cyber security information into a centralized system and become a resource for the CICC and law enforcement personnel in responding to cyber threats. The system will provide security personnel at each City department real-time situational awareness of cyber threats and intrusions against City assets and will serve as the primary hub for cyber security command throughout the City of Los Angeles. It will also serve as a command center where departmental security operation centers (SOCs) can access necessary enterprise information on network impacts. Pertinent cyber incident data, as well as analyzed data result-sets provided by federal law enforcement partners, will reside in this location. The ISOC will house specific cyber security hardware and software. The ISOC will bring together security information from the City’s Information Technology Agency (ITA), which manages networks of more than 40 departments, including the Los Angeles Police and Fire Departments; Los Angeles World Airport (LAWA); Port of Los Angeles (POLA); Department of Water and Power (DWP); Los Angeles Library; Los Angeles Fire and Police
Transcript
1
REQUEST FOR PROPOSAL CITY OF LOS ANGELES MAYOR’S OFFICE OFFICE OF HOMELAND SECURITY AND PUBLIC SAFETY DATE ISSUED: December 11, 2014 TITLE: Los Angeles Citywide Cyber Security System DESCRIPTION: Pursuant to Mayor Garcetti’s Executive Order No. 2, the City of Los Angeles (City) Cyber Intrusion Command Center (CICC) was created to lead cybersecurity preparation and response across City departments. The CICC is responsible for implementing enhanced security standards across City departments and serving as a rapid reaction force to countering cyber attacks. Under the direction of the CICC, the City is seeking proposals from qualified bidders to plan, design, build and implement an integrated security operations system (ISOC) to support ongoing efforts to enhance the City’s cyber security posture. The ISOC will consolidate departmental cyber security information into a centralized system and become a resource for the CICC and law enforcement personnel in responding to cyber threats. The system will provide security personnel at each City department real-time situational awareness of cyber threats and intrusions against City assets and will serve as the primary hub for cyber security command throughout the City of Los Angeles. It will also serve as a command center where departmental security operation centers (SOCs) can access necessary enterprise information on network impacts. Pertinent cyber incident data, as well as analyzed data result-sets provided by federal law enforcement partners, will reside in this location. The ISOC will house specific cyber security hardware and software. The ISOC will bring together security information from the City’s Information Technology Agency (ITA), which manages networks of more than 40 departments, including the Los Angeles Police and Fire Departments; Los Angeles World Airport (LAWA); Port of Los Angeles (POLA); Department of Water and Power (DWP); Los Angeles Library; Los Angeles Fire and Police
2
Pensions (LAFPP); Los Angeles City Employees’ Retirement System (LACERS); Department of Sanitation; and Department of Transportation. The selected contractor will be responsible for the design, development, installation and configuration of a final ISOC, including providing all equipment and software necessary to establish such ISOC, and providing support and maintenance for the newly established ISOC. Such responsibilities will include: (1) design and development of a cybersecurity information system with functionalities and capabilities as more fully set forth in this RFP; (2) development and integration of custom “dashboards” that will be integrated into the ISOC information system to monitor the City’s overall cyber environment to the ISOC and individual departments and to deliver reports of the City’s overall cyber threat exposure to City and law enforcement leaders; (3) build-out a new physical location that will serve as the command center for the ISOC; and (4) provide training, support and maintenance in connection with the ISOC and the ISOC command center. PRELIMINARY SCHEDULE: Event Date REQUEST FOR PROPOSAL RELEASE: December 11, 2014 MANDATORY PROPOSAL CONFERENCE: January 6, 2015 at 10:00 AM (PST) LOCATION: Los Angeles Emergency Operation Center 500 E. Temple Street, Los Angeles, CA 90012 BUSINESS INCLUSION PROGRAM (“BIP”) January 14, 2015 OUTREACH IS DUE ON: at 11:59 p.m. (PST) DEADLINE FOR SUBMITTING PROPOSAL: January 29, 2015 at 3:00 p.m. (PST) PROPOSAL DELIVERY ADDRESS: Adam Gertz Contract Specialist Mayor’s Office 200 N. Spring Street,
Room 303 Los Angeles, CA 90012 [email protected] Phone: 213-978-0722
A. Eligible Proposers 21 B. Source of Funds and Funds Available 22 C. Budget 22 D. Contract Term 22 E. Preliminary Schedule 22 F. Technical Assistance 23 G. Attendance at Pre-Proposal Conference 23 H. Deadline for Submission of Proposals 24 I. Evaluation Factors 24 J. Proposal Review Process 26 K. Contract Award 26 L. Proposal Appeal Process 26 IV. GENERAL RFP INFORMATION
27
A. General Proposal Conditions 27 B. Documents Required with Proposal 34 C. Contract Execution Requirements 35 D. Contractor Evaluation 37 V. PROPOSAL PACKAGE
37
A. General Proposal Conditions 37 B. Narratives 39 C. Documents to be Completed 41 D. Proposal Checklist – Documents to be Submitted with
Proposal 41
EXHIBITS
A. Insurance Requirements B. Proposers Workforce Information C. Statement of Non-Collusion D. Contractor Responsibility Questionnaire E. Pledge of Compliance with Contractor Responsibility Ordinance
5
F. Business Inclusion Program (BIP) Policy and BAVN BIP Walk-Thru G. Certification and Disclosure Regarding Lobbying H. Certification Regarding Debarment I. Drug-Free Workforce Form J. Bidder Certification (CEC Form 50) K. Bidder Contributions (CEC Form 55) L. BAVN Document Submission Guide- EBO, Non-Discrimination-Affirmative
Action and SDO M. Technical Assistance Request Form N. Statute & Regulations O. UASI 13 Technology Standards
6
I. BACKGROUND
A. Administrative Entity
The City of Los Angeles, through the Mayor’s Office of Homeland Security and Public Safety, administers the Urban Areas Security Initiative (UASI) Grant for the Los Angeles/Long Beach Urban Area and serves as the administrative entity for this Request for Proposal (RFP). The United States Department of Homeland Security (DHS) oversees the UASI grant program. DHS awards funding to urban jurisdictions for assessments and development of security strategies, equipment, training, exercises, and the development of an enhanced and sustainable capacity to prevent, respond to, and recover from threats or acts of terrorism. The source of funds for this RFP is contemplated to be the Fiscal Year 2013 UASI grant and/or a similar grant program. The project will be managed by the Mayor’s Office of Homeland Security and Public Safety (Mayor’s Office). The Mayor’s Office shall designate one person to serve as a Project Manager who will oversee completion of the project. The Project Manager shall provide overall direction of the project, and will manage the selected Contractor, project schedule, the implementation of the project, and the acceptance of deliverables.
B. Project Overview
The scope of this project is to plan, design, build and implement the Integrated Security Operation System (ISOC), which is a cybersecurity information system that will serve as the primary hub for cyber security command throughout the City. It will also serve as a command center where departmental security operation centers can get necessary enterprise information on network impacts. Pertinent cyber incident data, as well as analyzed data result-sets provided by federal law enforcement partners, will reside in this location. The ISOC will house a conglomeration of specific cyber security hardware and software. The system will provide security personnel at each City department real-time situational awareness of cyber threats and intrusions against City assets. The selected contractor will be responsible for the design, development, installation and configuration of a final ISOC, including providing all equipment and software necessary to establish such ISOC and a command center for the ISOC, and providing support and maintenance for the newly established ISOC and ISOC command center. Such responsibilities will include: (1) design and development of the ISOC cybersecurity information system with functionalities and capabilities as more fully set forth in this RFP; (2) development and integration of custom “dashboards” that will be integrated into the ISOC information system to
7
monitor the City’s overall cyber environment to the ISOC and individual departments and to deliver reports of the City’s overall cyber threat exposure to City and law enforcement leaders; (3) build-out a new physical location that will serve as the physical command center for the ISOC; and (4) provide training, support and maintenance in connection with the ISOC and the ISOC command center. The overall concept design is pictured below in Figure 1.
Figure 1
II. SCOPE OF WORK
The selected contractor will be responsible for designing, developing and implementing the ISOC system, including the installation and configuration of equipment and software necessary to establish the ISOC. The selected contractor shall supply all necessary equipment and materials, including all hardware and cables necessary for integration and operation with new and existing equipment. The selected contractor shall supply all necessary labor.
8
1. Background Information
The City department networks to be connected to the ISOC system are the Information Technology Agency (ITA), which manages networks of 40 departments, including the Los Angeles Police and Fire Departments; Los Angeles World Airport (LAWA); Port of Los Angeles (POLA); Department of Water and Power (DWP); Los Angeles Library; Los Angeles Fire and Police Pensions (LAFPP); Los Angeles City Employees’ Retirement System (LACERS); Department of Sanitation; and Department of Transportation (collectively, the “Integrated City Departments”). The ISOC system must gather incident information submitted by each Integrated City Department so as to provide the CICC, Mayor of Los Angeles, and other City Executive Leadership with a graphical representation at any point in time as to the present state of the City’s critical cyber-infrastructure as it pertains to the City’s networked operations. This includes current operational status of Departmental networks and other relevant data identified by each Department. It also includes external data from other private sector, municipal, regional, and national entities which aid in providing the CICC with situational awareness regarding cyber threats and threat actors. In turn, the ISOC system must provide each Integrated City Department with dashboards so that each has a real-time overview of Citywide incident status that can be monitored by each department’s information technology security personnel. The ISOC system will also distribute notifications of relevant public and private cyber incidents to the departments to enhance their situational awareness. The selected Contractor shall be responsible for the development of such dashboards and its integration into the ISOC system. Cyber incidents reported to the ISOC system from the Integrated City Departments and external sources will include: attempts to gain unauthorized access to a system or its data; unwanted disruption or denial of service; unauthorized access to critical computers, servers, routers, firewalls, etc.; changes to system hardware or software without approval; virus or worm infection, spyware, malware; and loss or inconsistent electrical power. Incidents will be reported to the ISOC system by each Integrated City Department in accordance with the CICC-approved CICC Cyber Incident Response Plan. Notifications of Incidents will be transmitted to Integrated City Departments in accordance with the CICC-approved Unified Incident Response Plan.
9
The selected contractor must also design and build-out a physical location with necessary hardware and software that will serve as the physical command center for the ISOC system. Finally, the selected contractor must provide training, support and maintenance for the ISOC system after completion.
2. ISOC System Requirements
The selected contractor shall provide all necessary hardware, software, supplies, installation, and integration services for: (1) the development and delivery to the City of the ISOC system, including design and build-out of a physical facility to act as a command center for the ISOC system and installation of the ISOC system at such command center; (2) the integration of the ISOC system with existing security operations centers located at the Port of Los Angeles and the Los Angeles World Airports; (3) the integration of the ISOC system with security information and event management (SIEM) data furnished by ITA, the Department of Water and Power, Los Angeles Library, LAFPP, LACERS, Department of Transportation and Department of Sanitation; (4) the implementation of a centralized incident management platform into such ISOC system, including the design of custom dashboards for ISOC System; (5) the implementation of a unified threat intelligence system into such ISOC system that draws upon SIEM data from external sources; (5) training for the administration of the ISOC system and incident response and handling; and (6) maintenance and support for the ISOC system. 2.1 ISOC Platform Compatibility with Archer SecOps Design
2.1.1 The selected contractor must develop the ISOC system based
upon implementation of the RSA Archer GRC Solutions
Platform (ARCHER) or comparable cyber incident management
system that enables the City to manage controls, risks and
security deficiencies, security and compliance through one
central platform. The ISOC system must provide centralization
of alerts and incident management and must enable the City to
add future customized applications that can be readily
integrated with City systems.
The RSA Archer GRC Solutions Platform is the City’s preferred
platform for the ISOC system as it simplifies integration with the
ARCHER Platforms already deployed by the POLA and LAWA
Security Operations Centers. Bidders may offer a product
having equivalent and similar function and quality to the product
specified above, but such proposed systems must be cost
10
effective and functionally compatible with ARCHER Platforms
implemented at the LAWA and POLA Security Operations
Centers. If a solution other that ARCHER is proposed by a
bidder, bidder must explain why such alternate solutions is
proposed and the benefits of such an alternate solution. Final
determination of the acceptability of such a substitute will be at
the discretion of the Project Manager. The selected contractor
shall be responsible for securing all software licenses necessary
for the implementation of the ISOC system and its use by the
City.
2.1.2 The selected contractor must develop and deliver an ISOC
system that include the following functionalities:
2.1.2.1 The ISOC system must enable the City to manage
overall incident and breach response and effectively
respond to security incidents. The ISOC system must
enable City security personnel (including the Chief
Information Security Officer and Security Operation
Center managers) to manage and have full visibility into
the entire incident and data breach lifecycle with
workflows, dashboards, and reports.
2.1.2.2 The overall process from alert to incident investigation
shall be automated, including workflows and integration
with security-monitoring systems for alert aggregation.
For remediation, any security incident requiring action
from IT operations should be automated by integrating
the ISOC system with ticket management systems.
2.1.2.3 The ISOC system must support integration with multiple
alert sources and security monitoring systems, including
third party SIEM vendors and third party data breach
response content providers. (See Section 2.5 below.)
City security personnel must be able to view alerts as
well as the events or incidents associated with them.
2.1.2.4 The ISOC system must integrate security information
from the Integrated City Departments, including
integration of current ARCHER systems of LAWA and
POLA.
11
2.1.2.5 The ISOC system shall integrate dashboard content from
the Integrated City Departments as described in Section
2.2 below.
2.1.2.6 The ISOC system shall detect and respond to any
security incident or data breach (SecOps Instance) that
occur in any of the Integrated City Departments. The
specific functions must include:
A centralized incident management that aggregates
and connects security event management systems
from each of the Integrated City Departments.
Protocol for City-wide incident response and breach
management.
System for reporting metrics that track and report key
performance indicators based on the NIST and CIS
Security Metrics guidelines to stakeholders.
2.1.2.7 The selected contractor must deliver to the City a design
document addressing the development and
implementation of the ISOC system with the foregoing
functionalities.
2.2 Design of Custom Dashboards for ISOC System
2.2.1 The selected contractor shall use National Institute of Standards
and Technology (NIST) guidelines and Center for Internet
Security (CIS) Security Metrics guidelines to develop a set of
standard performance metrics and reports that can be used to
collect and analyze security program efficiency and
effectiveness.
2.2.2 The selected contractor will design, develop and integrate into
the ISOC system at least three custom dashboards for the ISOC
system (Dashboards). These Dashboards will compile
information provided through the ISOC system so as to provide
the CICC members, CICC Executive Leadership, the Mayor of
the City of Los Angeles’ and other City Executive Leadership
with a graphical representation at any point in time as to what
the present state of the City’s cyber and critical infrastructure
and key resource spectrum is as it pertains to the City’s
12
networked operations. This includes current operational status
of City Departmental networks and other relevant data identified
by each of the City Departments within the CICC. It also
includes external data from other private sector, municipal,
regional, and national entities which aid in providing the CICC
with situational awareness regarding cyber threats and threat
actors. Customized Dashboards shall not be licensed products
but be proprietary to and customizable by the City.
2.2.3 The ISOC system Dashboards shall include: a high level
“Citywide Security Posture” for ISOC analysts and the Chief
Information Security Officer, drill down capabilities, and
appropriate access controls with department-specific dashboard
for each of the city functions that are part of ISOC infrastructure.
The Dashboards must be viewable from each individual
departmental SOC. The Dashboards shall include the following
information:
1. Incidents by status (Open, In Progress, Closed) 2. Incidents by priority. 3. Incidents by departments. 4. Threat count metrics 5. Weekly incident trend by priority and status 6. Attack trends
Top attack source
Top attack type (e.g., “Firewall Session Opened”, “IRC Session Opened”, “Firewall Deny”) including count metrics
Top local destinations
Most frequented ports
Most significant offenses (Highest level of detected SIEM conditions, such as “Possible Local Worm Detected preceded by Local ICMP Scanner containing Deny protocol src”
Most recent offenses (5 most recent “events”)
Top services denied through firewall Samples of screenshots from the current POLA dashboard is provided in figures 2 and 3 below.
13
Figure 2 Figure
14
Figure 3
15
2.2.4 The Dashboards shall include a Cyber Alert Indicator (similar to
the MS-ISAC Cyber Alert Level Indicator) for ISOC system
tactical display for situational awareness. Display must show
the current level of malicious cyber activity on City’s network.
See sample in Figure 4 below. The indicator shall consists of
five levels:
Green or Low – indicates a low risk. No unusual activity
exists beyond the normal concern for known hacking
activities, known viruses or other malicious activity.
Blue or Guarded – indicates a general risk of increased
hacking, virus or other malicious activity. The potential exists
for malicious cyber activities, but no known exploits have
been identified, or known exploits have been identified but
no significant impact has occurred.
Yellow or Elevated – indicates a significant risk due to
increased hacking, virus or other malicious activity which
compromises systems or diminishes service. At this level,
there are known vulnerabilities that are being exploited with
a moderate level damage or disruption, or the potential for
significant damage or disruption is high.
Orange or High - indicates a high risk of increased hacking,
virus or other malicious cyber activity which targets or
compromises core infrastructure, causes multiple service
outages, multiple system compromises, or compromises
critical infrastructure. At this level, vulnerabilities are being
exploited with a high level of damage or disruption, or the
potential for severe damage or disruption is high.
Red or Severe – indicates a severe risk of hacking, virus or
other malicious activity resulting in wide-spread outages
and/or significantly destructive compromises to systems with
no known remedy or debilitates one or more critical
infrastructure sectors. At this level, vulnerabilities are being
exploited with a severe or wide spread level of damage or
disruption of critical infrastructure assets.
16
Figure 4
2.3 Integration of ISOC System with POLA and LAWA ARCHER
Systems
2.3.1 The Contractor must implement the ISOC system and integrate
it with the existing POLA and LAWA ARCHER system. The
implementation and integration tasks include:
Integrate POLA ARCHER system incident data to the ISOC
system City-wide incident management system for
situational awareness.
Integrate LAWA ARCHER system incident data to the ISOC
system City-wide incident management system for
situational awareness.
Provide for the notifications of incidents to be transmitted to
Integrated City Departments in accordance with the CICC-
approved Unified Incident Response Plan.
Integration should provide POLA and LAWA the ability to
submit incidents to the ISOC system automatically in
17
accordance with the CICC-approved CICC Cyber Incident
Response Plan.
2.3.2 Conduct test and certification of the ISOC/LAWA/POLA
integration based on the technical design document reference
architecture.
2.4 Integration of ISOC System with Other Integrated City
Departments
2.4.1 The selected contractor shall design and implement integration
of SIEM data from other Integrated City Departments to the
ISOC system. Bidders will be provided with pertinent network
infrastructure diagrams. The selected contractor shall deliver to
the City design documentation that describes the following and
shall develop the ISOS system in conformance with such design
documentation:
Integration Architecture
Incident Management Portal for ITA to view and manage its
own incidents.
Incident Management Portal for DWP to view and manage
its own incidents.
Portal for each Integrated City Department to view City-wide
security dashboards described above.
2.4.2 Contractor shall conduct test and certification of ISOC SecOps
Departmental Integration.
2.5 Threat Intelligence Integration
The ISOC system must support integration with multiple alert sources and security monitoring systems, including third party SIEM vendors and third party data breach response content providers. Such integration shall include the following functionalities:
2.5.1 Integration of information from public and private sector entities
which host dashboard items external to the City’s networks.
These should be graphically presented to give the CICC and the
City a "global" perspective of IP attacks, threats, cyber links etc.
2.5.2 Dashboard information provided from sensors and monitoring
conducted by the Department of Homeland Security of the City’s
18
networks through its City Cyber Assessments and CDM/ECS
programs shall be ported into the ISOC system.
2.5.3 Dashboard information provided from sensors and monitoring
conducted through the City’s membership in the Multi-State
Information Sharing and Analysis Center (MS-ISAC) shall be
ported into the ISOC system.
2.5.4 The selected contractor shall provide proposed threat
intelligence consumption workflows and processes for the intake
of intelligence data into the ISOC Security Operations
ecosystem.
2.5.5 The selected contractor shall provide proposed intelligence
analysis and classification processes.
2.5.6 The selected contractor shall prepare a functional design for a
custom ARCHER-compatible module to store, manage and
distribute intelligence.
3. Cyber Threat Analysis Platform
The selected contractor shall provide the configuration and three-year
user license and subscription service for Recorded Future Enterprise (or a
service of comparable cost, quality, and function) for cyberthreat analysis.
The service should allow CICC to maintain situational awareness,
investigate vulnerabilities, research actor/method/target relationships,
identify leading indicators and alert potential risks to other departments.
4. ISOC Facility Design And Installation The selected contractor shall provide the design/build services of ISOC system physical facility. The selected contractor shall supply, install, and integrate all necessary equipment that can accommodate eight full-time staff. Bidders must participate in a mandatory site visits at the Los Angeles Emergency Operation Center at 500 E. Temple St., Los Angeles, CA, to determine the optimum size and location of all supplied equipment.
4.1 The selected contractor shall provide a logical facility design to City
of LA for approval. The selected contractor shall create a project
management installation timeline.
4.2 The selected contractor must supply and install all necessary
hardware, software, and equipment for the ISOC facility based on
the design approved by the City of LA. This includes but is not
limited to the following:
19
Eight Video Wall Displays and Mounts
Video Wall Control Processor
Audio/Video Control System
Console Workstations for eight security analyst
Cables, connectors, and brackets necessary to complete
installation.
4.3 In addition, the selected contractor shall perform the following
tasks:
1. Run all necessary cables between components. 2. Integrate all equipment with specified existing equipment where
applicable. 3. Remove any existing equipment (monitors, projectors, screens,
etc.) as applicable. 4. Move any removed equipment to a suitable, on site location or
dispose of as properly directed. 5. Ensure that all ports and wall plates are properly labeled with
cable and connector information to allow for easy reconnects. 6. Verify that all equipment is operational.
4.4 The selected contractor shall design and supply hardware and
software required for implementing ISOC system at the facility. The following tables describe minimum hardware/software requirements:
Database Server
Component Minimum Requirement
Processor 2 x 6-Core (for example, Intel Xeon E5-2667, X5680, X5690 or similar)
Memory 96 GB RAM
Operating System Windows Server 2008 R2 Enterprise or Windows Server 2012
DB Version SQL Server 2008 R2, SQL Server 2012, x64 editions
Disk Space 1 TB (Instance database), 50 GB (Configuration database)
Network Interface 1 GB
Disk 15K spindles should be the minimum for the DB tier, though we strongly recommend using a SAN with SSDs, either as regular disks, caching (for example, EMC FAST Cache), or for automated tiering. Distinct spindles for data, transaction logs, and tempdb are a necessity if SSDs are not available.
20
Web Server
Component Minimum Requirement
Processor 2 x 4-Core (for example, Intel Xeon X5667, x5677, E5-2643 or similar)
Memory 48 GB RAM
Operating System Windows Server 2008 R2 Enterprise or Windows Server 2012
Disk Space 500 GB
Network Interface 1 GB
Services Server
Component Minimum Requirement
Processor 2 x 4-Core (for example, Intel Xeon X5667, x5677, E5-2643 or similar)
Memory 48 GB RAM
Operating System Windows Server 2008 R2 Enterprise or Windows Server 2012
Disk Space 500 GB
Network Interface 1 GB
4.5 Configuration
Contractor shall work with ITA to configure the equipment for network connectivity through any City firewalls. Contractor shall configure the system to support all video and audio connections. Contractor shall configure all media and output devices for best resolution and quality.
5. Training
5.1 The selected contractor shall provide the following trainings on-site
for up to 10 students:
ISOC system Admin Training
ISOC system Advanced Admin Training
5.2 System Administrator Training: The selected contractor shall conduct at least one, full live System Administrator Training to instruct ITA representatives on how to manage and administer the ISOC system, dashboards and applications.
5.3 The selected contractor shall provide a comprehensive training
manual that will provide City users with detailed instructions on how to use the ISOC system and its components.
21
5.4 The selected contractor shall provide a comprehensive technical manual that will be used by to maintain, modify, enhance and upgrade the ISOC system and system platform.
6. Maintenance and Support
In its proposal, Contractor must provide their best terms for standard maintenance and support services for components installed under this RFP. This shall include a use, support, and maintenance license for the ISOC system (i.e. ARCHER or proposed alternative) to provide continuing access to update, patch, threat signatures, and new threat defense capabilities for a three year term.
7. Compliance with UASI 13 Technology Standards
Contractor shall ensure that the project complies with the technology standards set forth in “Exhibit O.”
III. PROPOSAL EVALUATION / CONTRACT AWARD A. Eligible Proposers
Proposals will be accepted only from Contractors that meet all of the following requirements: 1. The Proposer must be qualified to conduct business in the State of
California; 2. Must be in good standing with the Secretary of State, if a
Corporation or Limited Liability Company; 3. The Proposer has not been determined to be non-responsible nor
has the Proposer been debarred by the City pursuant to the Contractor Responsibility Ordinance;
4. The Proposer has not been debarred by the federal government,
State of California, or local government; 5. If the Proposer had contracted with the State of California or the
City of Los Angeles, it must not have an outstanding debt which has not been repaid or for which a repayment agreement plan has not been implemented. If it has contracted with the City of Los Angeles, it must not have an outstanding disallowed cost or other liability to the City;
6. Financial stability and ongoing ability to provide services proposed;
22
7. Availability of adequate staffing, including support and backup staff, with sufficient experience and technical expertise;
8. Be familiar with DHS Grant Programs.
B. Source of Funds and Funds Available
Funding for all periods of this RFP and subsequent contract is subject to City of Los Angeles Council approval and the continuing availability to the City of federal funds for this project.
C. Budget
Agreement with the selected Contractor will be on a fixed-price contract basis.
D. Contract Term
The contract performance period shall be based upon a schedule to be determined by the Project Manager and Contractor. The Project Manager estimates three months for the completion of this project. However, Bidders should include in their proposal a proposed schedule and timeline for the project contemplating completion in multiple phases, with a proposed budget for each phase.
E. Preliminary Schedule Event Date REQUEST FOR PROPOSAL RELEASE: December 11, 2014 MANDATORY PROPOSAL CONFERENCE: January 6, 2015 at 10:00 AM (PST) LOCATION: Los Angeles Emergency Operation Center 500 E. Temple Street, Los Angeles, CA 90012 BUSINESS INCLUSION PROGRAM (“BIP”) January 14, 2015 OUTREACH IS DUE ON: at 11:59 p.m. (PST) DEADLINE FOR SUBMITTING PROPOSAL: January 29, 2015 at 3:00 p.m. (PST)
23
F. Technical Assistance
All technical assistance questions must be submitted by email or fax, using the attached Technical Assistance Request Form (Exhibit M). Email is the preferred way to contact City staff. Please identify the RFP title on the subject line of your message.
To ensure fair and consistent distribution of information, all questions will be answered by a Question-and-Answer (Q&A) document available on the City of Los Angeles Business Assistance Virtual Network at www.labavn.org. No individual answers will be given. The Q&A document will be available by fax or for pick-up at the address on the front cover.
Technical Assistance questions submitted after January 20, 2015 at 3:00 p.m. (Pacific Time) will NOT be accepted.
G. Attendance at Proposal Conference
Attendance at the Proposal Conference is mandatory. Proposers who do not attend the mandatory pre-proposal conference will not be eligible to submit proposals. No minutes will be taken at the Pre-Proposal Conference. Attendees at the conference will be responsible for taking their own notes. All questions will be addressed at this conference and any available new information will be provided at that time. If you have further questions regarding the RFP, please refer to technical assistance guidelines.
Questions raised at the Pre-Proposal Conference may be answered orally. If any substantive new information is provided in response to questions raised at the Pre-Proposal Conference, it will also be memorialized in a written addendum to this RFP, which will be posted on the website at www.labavn.org. BRING YOUR OWN COPY OF THE RFP. NO COPIES WILL BE PROVIDED AT THE CONFERENCE.
H. Deadline for Submission of Proposals
The original proposal, together with five (5) complete copies, must be hand- or courier-delivered in a sealed package by the deadline date on the cover of this document. The original must be marked “Original” on the cover and must bear the actual “wet” signature(s) of the person(s) authorized to sign the proposal. The copies must be numbered on the upper right hand side of the cover to indicate “Copy No. ___.”
Proposals must be submitted in 3-ring binders. Proposals must be submitted by 3:00 p.m. (Pacific Standard) on January 9, 2015.
Proposals must be addressed to: Adam Gertz Los Angeles Mayor’s Office Office of Homeland Security and Public Safety 200 N. Spring Street, Room 303 Los Angeles, CA 90012 The envelope containing the proposal must clearly identify the RFP for which the proposal is being submitted with the following statement:
HSPS: Citywide Cyber Security System Persons who hand deliver a proposal will be issued a “Notice of Receipt of Proposal.” The original copy of the submitted proposal will be marked with a time and date stamp. Timely submission of the proposal is the sole responsibility of the Proposer. The City reserves the right to determine the timeliness of all submissions. Late proposals will not be reviewed. All proposals delivered after the stated deadlines will not be accepted and will be returned unopened to the Proposer.
Proposals submitted via U.S. Mail, facsimile, or e-mail will not be accepted.
I. Evaluation Factors
Proposals shall be evaluated on the following categories and may include consideration of any or all of the listed factors at the City’s sole discretion. SELECTION CRITERIA
POINTS
Project Plan (see Narrative 1) 35 Staff Experience and References (see Narrative 2) 20 Contractor’s Demonstrated Ability (see Narrative 3) 35 Cost (see Narrative 4) 10 Total Possible 100
1. Project Plan (35 points)
Thoroughness, quality, and completeness of responses to questions outlined in Narrative 1.
Practicality, efficiency, and effectiveness of the proposed strategies and methodologies.
25
2. Staff Experience (20 points)
Thoroughness, quality, and completeness of responses to questions outlined in Narrative 2.
Depth and quality of staff experience relating to their assigned role.
Staff knowledgebase.
Quality and relevance of any references provided.
3. Contractor’s Demonstrated Ability (35 points)
Thoroughness, quality, and completeness of responses to questions outlined in Narrative 3.
The Contractor’s financial stability and ability to provide the services proposed.
Availability of adequate staffing, including support and backup staff, and the experience and technical expertise of assigned staff.
Quality and relevance of any references provided.
The contractor must be experienced with the procurement and installation of similar components.
4. Cost (10 points)
Thoroughness, quality, and completeness of responses to questions outlined in Narrative 4.
Accuracy and completeness of submitted budget(s).
Allowableness/allocability, reasonableness, and necessity of costs.
Feasibility of budget(s). NOTE: Proposed costs may be compared against other proposers and against independent cost estimates. The lowest cost proposer may not be determined to be the best proposer when all the evaluation factors have been considered.
J. Proposal Review Process
The proposal review process shall include the following major activities to ensure that the procurement meets audit standards:
1. All proposals shall be reviewed to determine that the minimum
eligibility requirements have been met. Ineligible proposers will be informed in writing;
2. All eligible proposals shall be reviewed, scored, and ranked; 3. Each eligible proposal shall be reviewed for costs that are reasonable,
allowable, necessary, and competitive, as measured by a review of the
26
line-item budget, the project design, and its competitive standing as compared to all other proposals;
4. At the City’s sole discretion, oral interviews may be held with top
scoring proposers. The results of the oral review will determine the final funding recommendations; and
5. Proposers shall be notified in writing about funding recommendations.
K. Contract Award
The selection of any proposal shall not imply acceptance by the City of all terms of the proposal, which may be subject to further negotiations and approvals before the City may be legally bound thereby. If a satisfactory contract cannot be negotiated in a reasonable time, City, in its sole discretion, may terminate negotiations with the selected proposer and begin contract negotiations with the next proposer ranked by the Selection Committee.
L. Proposal Appeal Process
All applicants shall have the opportunity to appeal Department funding recommendations.
1. Errors and Omissions in RFP
Proposers are responsible for reviewing all portions of this RFP. Proposers are to promptly notify Adam Gertz, in writing, if the proposer discovers any ambiguity, discrepancy, omission, or other error in the RFP. Any such notification should be directed to the individual designated on page 2 of this RFP promptly after discovery, but in no event later than five working days before the date for receipt of proposals. Modifications and clarifications will be made by addenda as provided below.
2. Objections to RFP Terms
Should a proposer object on any ground to any provision or legal requirement set forth in this RFP, the proposer must, not more than ten (10) calendar days after the RFP is issued, provide written notice to the City setting forth with specificity the grounds for the objection. The failure of a proposer to object in the manner set forth in this paragraph shall constitute a complete and irrevocable waiver of any such objection.
27
3. Change Notices
The Project Manager may modify the RFP, prior to the proposal due date, by issuing Change Notices, which will be posted on the labavn.com website. The proposer shall be responsible for ensuring that its proposal reflects any and all Change Notices issued by the Project Manager prior to the proposal due date, regardless of when the proposal is submitted. Therefore, the City recommends that the proposer consult the website frequently, including shortly before the proposal due date, to determine if the proposer has downloaded all Change Notices.
4. Term of Proposal
Submission of a proposal signifies that the proposed services and prices are valid for 120 calendar days from the proposal due date and that the quoted prices are genuine and not the result of collusion or any other anti-competitive activity.
5. Revision of Proposal
A proposer may revise a proposal on the proposer’s own initiative at any time before the deadline for submission of proposals. The proposer must submit the revised proposal in the same manner as the original. A revised proposal must be received on or before the proposal due date.
IV. GENERAL RFP INFORMATION
A. General Proposal Conditions
1. Costs Incurred by Proposers All costs of proposal preparation shall be borne by the proposer.
The City shall not, in any event, be liable for any pre-contractual expenses incurred by proposers in the preparation and/or submission of the proposals, including mandatory attendance at the Pre-Proposal Conference, a post-submission interview, and field evaluation. Proposals shall not include any such expenses as part of the proposed budget.
2. Best Offer
The proposal shall include the proposer’s best terms and conditions. Submission of the proposal shall constitute a firm and fixed offer to the City that will remain open and valid for a minimum of ninety (90) days from the submission deadline.
28
3. Accuracy and Completeness
The proposal must set forth accurate and complete information as required in this RFP. Unclear, incomplete, and/or inaccurate documentation may not be considered. Falsification of any information may result in disqualification.
If the proposer knowingly and willfully submits false performance or other data, the City reserves the right to reject that proposal. If it is determined that a contract was awarded as a result of false performance or other data submitted in response to this RFP, the City reserves the right to terminate the contract.
Unnecessarily elaborate or lengthy proposals or other presentations beyond those needed to give a sufficient, clear response to all the RFP requirements are not desired.
4. Withdrawal of Proposals
Proposals may be withdrawn by written request of the authorized signatory on the proposer’s letterhead at any time prior to the submission deadline.
5. General City Reservations
The City reserves the right to extend the submission deadline should this be in the interest of the City. Proposers have the right to revise their proposals in the event that the deadline is extended.
The City reserves the right to withdraw this RFP at any time without prior notice. The City makes no representation that any contract will be awarded to any proposer responding to the RFP. The City reserves the right to reject any or all submissions.
If an inadequate number of proposals is received or the proposals received are deemed non-responsive, not qualified or not cost effective, the City may at its sole discretion reissue the RFP or execute a sole-source contract with a vendor.
The City shall review and rate submitted proposals. The proposer may not make any changes or additions after the deadline for receipt of proposals. The City reserves the right to request additional information or documentation, as it deems necessary.
29
The City reserves the right to verify all information in the proposal. If the information cannot be verified, and if the errors are not willful, the City reserves the right to reduce the rating points awarded.
The City reserves the right to require a pre-award interview and/or site inspection.
The City reserves the right to waive minor defects in the proposal in accordance with the City Charter.
If the selection of the proposer is based in part on the qualifications of specific key individuals named in the proposal, the City must approve in advance any changes in the key individuals or the percentage of time they spend on the project. The City reserves the right to have the contractor replace any project personnel.
6. Contract Negotiations
Proposers approved for funding shall be required to negotiate a contract with the City on an offer/counter-offer basis. The best terms and conditions originally offered in the proposal shall bind the negotiations. The City reserves the right to make a contract award contingent upon the satisfactory completion by the proposer of certain special conditions. The contract offer of the City may contain additional terms or terms different from those set forth herein.
As part of the negotiation process, the City reserves the right to:
Fund all or portions of a proposer’s proposal and/or require that one proposer collaborate with another for the provision of specific services, either prior to execution of an agreement or at any point during the life of the agreement;
Use other sources of funds to fund all or portions of a proposer’s proposal;
Require that a funded proposer utilize a facility designated by the City for purposes of implementing its project;
Elect to contract directly with one or more of the identified collaborators;
Require all collaborators identified in the proposal to become co-signatories to any contract with the City.
30
7. Standing of Proposer
Regardless of the merits of the proposal submitted, a proposer may not be recommended for funding if it has a history of contract non-compliance with the City or any other funding source, poor past or current contract performance with the City or any other funding source, or current disputed or disallowed costs with the City or any other funding source.
Contractors/Organizations that have been sanctioned because of non-compliance with Single Audit Act requirements for managing grant funds will be eligible to apply; however, they will not be eligible to receive any funding, if awarded under this RFP process, until this sanction is removed.
The City will enter into an agreement only with entities that are in good standing with the California Secretary of State.
8. Contractor Responsibility Ordinance
Every Request for Proposal, Request for Bid, Request for Qualifications or other procurement process is subject to the provisions of the Contractor Responsibility Ordinance, Section 10.40 et seq. of Article 14, Chapter 1 of Division 10 of the Los Angeles Administrative Code, unless exempt pursuant to the provisions of the Ordinance.
This Ordinance requires that all proposers/bidders complete and return, with their response, the responsibility questionnaire included in this procurement. Failure to return the completed questionnaire may result in the proposer/bidder being deemed non-responsive.
The Ordinance also requires that if a contract is awarded pursuant to this procurement, that the contractor must update responses to the questionnaire, within thirty calendar days, after any changes to the responses previously provided if such change would affect contractor’s fitness and ability to continue performing the contract.
Pursuant to the Ordinance, by executing a contract with the City, the contractor pledges, under penalty of perjury, to comply with all applicable federal, state and local laws in performance of the contract, including but not limited to laws regarding health and safety, labor and employment, wage and hours, and licensing laws which affect employees. Further, the Ordinance, requires each contractor to: (1) notify the awarding authority within thirty calendar days after receiving notification that any governmental agency has initiated an investigation which may result in a finding that the
31
contractor is not in compliance with Section 10.40.3 (a) of the Ordinance; and (2) notify the awarding authority within thirty calendar days of all findings by a government agency or court of competent jurisdiction that the contractor has violated Section 10.40.3 (a) of the Ordinance.
9. Proprietary Interests of the City All proposals submitted in response to this RFP shall become the property of the City of Los Angeles and subject to the State of California Public Records Act. Proposers must identify all copyrighted material, trade secrets or other proprietary information that the proposers claim are exempt from the California Public Records Act (California Government Code Section 6250 et seq.).
In the event a proposer claims such an exemption, the proposer is required to state in the proposal the following:
"The proposer will indemnify the City and its officers, employees and agents, and hold them harmless from any claim or liability and defend any action brought against them for their refusal to disclose copyrighted material, trade secrets or other proprietary information to any person making a request therefore."
Failure to include such a statement shall constitute a waiver of a proposer's right to exemption from this disclosure.
10. Discount Terms
Proposers agree to offer the City any discount terms that are offered to its best customers for the goods and services to be provided herein, and apply such discount to payments made under this agreement which meet the discount terms.
11. Equal Benefits Ordinance
Bidders/Proposers are advised that any contract awarded pursuant to this procurement process shall be subject to the applicable provisions of Los Angeles Administrative Code Section 10.8.2.1, Equal Benefits Ordinance (EBO). All Bidders/Proposers shall complete and upload the Equal Benefits Ordinance Affidavit (two (2) pages), available on the City of Los Angeles’ Business Assistance Virtual Network (BAVN) residing at www.labavn.org, prior to award of a City contract valued at $5,000
32
or more. The Equal Benefits Ordinance Affidavit shall be effective for a period of twelve months from the date it is first uploaded onto the City’s BAVN. Bidders/Proposers do not need to submit supporting documentation with their bids or proposals. However, the City may request supporting documentation to verify that the benefits are provided equally as specified on the Equal Benefits Ordinance Affidavit. Bidders/Proposers seeking additional information regarding the requirements of the Equal Benefits Ordinance may visit the Bureau of Contract Administration’s web site at www.bca.lacity.org. Information concerning the submission of documents to BAVN is included in Exhibit L of this RFP.
12. Statutes and Regulations Applicable To All Grant Contracts
Statutes and regulations applicable to all grant contracts and to this particular grant contract are attached as Exhibit N. Contractor shall be required to abide by these statutes and regulations as these statutes and regulations shall be incorporated into the Contract between the City and the Contractor regarding this project.
13. Slavery Disclosure Ordinance - Not applicable to this RFP.
14. Americans With Disabilities Act
Any contract awarded pursuant to this RFP/RFQ shall be subject to the following:
The Contractor/Consultant hereby certifies that it will comply with the Disabilities Act 42, U.S.C. Section 12101 et seq., and it’s implementing regulations. The Contractor/Consultant will provide reasonable accommodations to allow qualified individuals with disabilities to have access to and to participate in its programs, services and activities in accordance with the provisions of the Disabilities Act. The Contractor/Consultant will not discriminate against persons with disabilities or against persons due to their relationship to or association with a person with a disability. Any subcontract entered into by the Contractor/Consultant, relating to this Contract, to the extent allowed hereunder, shall be subject to the provisions of this paragraph.
15. Child Support Assignment Orders
Any contract awarded pursuant to this RFP/RFQ shall be subject to the following:
This Contract is subject to Section 10.10 of the Los Angeles Administrative Code, Child Support Assignment Orders Ordinance. Pursuant to this Ordinance, Contractor/Consultant certifies that it will (1) fully comply with all State and Federal employment reporting requirements applicable to Child Support Assignment Orders; (2) that the principal owner(s) of Contractor/Consultant are in compliance with any Wage and Earnings Assignment Orders and Notices of Assignment applicable to them personally; (3) fully comply with all lawfully served Wage and Earnings Assignment Orders and Notices of Assignment in accordance with California Family Code Section 5230 et seq.; and (4) maintain such compliance throughout the term of this Contract. Pursuant to Section 10.10.b of the Los Angeles Administrative Code, failure of Contractor/Consultant to comply with all applicable reporting requirements or to implement lawfully served Wage and Earnings Assignment Orders and Notices of Assignment or the failure of any principal owner(s) of Contractor/Consultant to comply with any Wage and Earnings Assignment Orders and Notices of Assignment applicable to them personally shall constitute a default by the Contractor/Consultant under the terms of this Contract, subjecting this Contract to termination where such failure shall continue for more than ninety (90) days after notice of such failure to Contractor/Consultant by City. Any subcontract entered into by the Contractor/Consultant relating to this Contract, to the extent allowed hereunder, shall be subject to the provisions of this paragraph and shall incorporate the provisions of the Child Support Assignment Orders Ordinance. Failure of the Contractor/Consultant to obtain compliance of its subcontractors shall constitute a default by the Contractor/Consultant under the terms of this contract, subjecting this Contract to termination where such failure shall continue for more than ninety (90) days after notice of such failure to Contractor/Consultant by the City.
Contractor/Consultant shall comply with the Child Support Compliance Act of 1998 of the State of California Employment Development Department. Contractor/Consultant assures that to the best of its knowledge it is fully complying with the earnings assignment orders of all employees, and is providing the names of all new employees to the New Hire Registry maintained by the Employment Development Department as set forth in subdivision (1) of the Public Contract Code 7110.
34
16. Assurances
As a condition to the award of a contract under this RFP, the contractor shall assure that it will comply fully with the nondiscrimination and equal opportunity provisions of the following laws:
Title VI of the Civil Rights Act of 1964, as amended, which prohibits discrimination on the basis of race, color and national origin;
Section 504 of the Rehabilitation Act of 1973, as amended, which prohibits discrimination against qualified individuals with disabilities;
The Age Discrimination Act of 1975, as amended, which prohibits discrimination on the basis of age.
The contractor shall also assure that it will comply with all regulations implementing the laws listed above. This assurance applies to the contractor’s operation of the program or activity. The contractor understands that the United States and the City of Los Angeles have the right to seek judicial enforcement of this assurance.
B. Documents Required with Proposal
1. Proposers Workforce Information (Exhibit B) 2. Statement of Non-Collusion (Exhibit C) 3. Contractor Responsibility Questionnaire (Exhibit D) 4. Pledge of Compliance with Contractor Responsibility Ordinance
Action Documents (labavn.org) 7. Business Inclusion Program Outreach (Exhibit F and labavn.org) 8. Certification and Disclosure Regarding Lobbying (Exhibit G) 9. Certification Regarding Debarment (Exhibit H) 10. Drug-Free Workforce Form (Exhibit I) 11. Bidder Certification CEC Form 50 (Exhibit J) 12. Bidder Contributions CEC Form 55 (Exhibit K)
C. Contract Execution Requirements
If recommended for funding, the proposer shall be required to enter into an agreement with the City of Los Angeles and comply with the requirements listed below.
35
Failure to comply with these requirements will result in non-execution of the contract. A copy of the City’s Standard Agreement is available upon request. The agreement with the selected proposer(s) will be on a FIXED fee-for-performance basis OR on a line item cost reimbursement basis as may be applicable.
1. Performance Bond
The successful Proposer will be required to provide a performance bond, in accordance with the Grantor and City’s Risk Management Requirements, prior to the award of the contract to cover the completion of the project.
2. Insurance Certificates
Contractors may be required to maintain insurance at a level to be determined by the City’s Risk Manager, with the City named as an additional insured. Contractors who do not have the required insurance should include the cost of insurance in their bid. Contractors will be required to provide insurance at the time of contract execution. Bidders/Proposers shall refer to Exhibit A for City of Los Angeles Insurance Requirements.
2. Secretary of State Documentation
All contractors are required to submit one copy of their Articles of Incorporation, partnership, or other business organizational documents (as appropriate) filed with the Secretary of the State. Organizations must be in good standing and authorized to do business in California.
3. Corporate Documents
All contractors who are organized as a corporation or a limited liability company are required to submit a Secretary of State Corporate Number, a copy of its By-Laws, a current list of its Board of Directors, and a Resolution of Executorial Authority with a Signature Specimen.
4. City Business License Number
All contractors are required to submit one copy of their City of Los Angeles Business License, Tax Registration Certificate or Vendor Registration Number. To obtain a Business Tax Registration Certificate (BTRC) call the City Clerk’s Office at (213) 473-5901 and pay the respective business taxes. The address is as follows: City of Los Angeles, City Hall, Room 101, Office of Finance, Tax and Permit Division, 201 North Main Street, Los Angeles, CA 90012.
36
5. Proof of IRS Number (W-9)
All contractors are required to complete and submit Proof of IRS Number (W-9) Form.
6. Certifications
Contractor shall provide copies of the following documents to the City:
a. Certification Regarding Ineligibility, Suspension and Debarment as required by Executive Order 12549, is attached as Exhibit H.
b. Certification and Disclosure Regarding Lobbying (not
required for contracts under $100,000). Bidders/Proposers shall refer to Exhibit G for Certification form.
c. Contractor shall also file a Disclosure Form at the end of
each calendar quarter during which any event requiring disclosure, or which materially affects the accuracy of the information contained in any previously filed Disclosure Form, occurs.
d. A Certificate Regarding Drug-Free Workplace Requirement
is attached as Exhibit I.
e. A Bidder Certification CEC Form 50 as required by Los Angeles Municipal Code Sections 10.40.1 (h) and 10.37.1 (i) (b) is attached as Exhibit J.
f. A Bidder Contributions CEC Form 55 as required by Los Angeles City Charter Section 470(c)(12) is attached as Exhibit K.
g. Non-Discrimination/Equal Employment Practices/Affirmative
Action Plan
All contractors who are awarded contracts in excess of $5,000 are required to comply with the City’s Affirmative Action Policies and must submit an Affirmative Action Plan if awarded the contract (Exhibit L).
37
h. Collaboration
The City may, at its discretion, require two or more proposers to collaborate as a condition to contract execution.
D. Contractor Evaluation
At the end of the contract, the City will conduct an evaluation of the Contractor’s performance. The City may also conduct evaluations of the Contractor’s performance during the term of the contract. As required by Section 10.39.2 of the Los Angeles Administrative Code, evaluations will be based on a number of criteria, including the quality of work product or service performed, the timeliness of performance, the Contractor’s compliance with budget requirements, and the expertise of personnel that the Contractor assigns to the contract. A copy of the Contractor Evaluation Form is available upon request. The Contractor will be provided with a copy of the final City evaluation and allowed fourteen (14) calendar days to respond. The City will use the final City evaluation, and any response from the Contractor, to evaluate proposals and to conduct reference checks when awarding other contracts.
V. PROPOSAL PACKAGE
A. General Preparation Guidelines
If a proposer does not follow these instructions and/or information is left out or a particular exhibit is not submitted, the proposer may be ineligible and excluded from the review. The proposal must be submitted in the legal name of the firm or corporation and the corporate seal must be embossed on the original proposal. An authorized representative of the applicant organization who has legal authority to bind the organization in contract with the City must sign the proposal. Proposers must submit one original together with five (5) stapled copies.
The original must be marked “Original” on the cover and must bear the actual “wet” signature(s) of the person(s) authorized to sign the proposal. The copies must be numbered on the upper right hand side of the cover to indicate “Copy No. __.” Proposals must be submitted in 3-ring binders. All proposals must be accompanied by a cover letter that should be limited to one page. The letter must:
38
Include the title, address, telephone number, fax number, and e-mail of the person(s) who will be authorized to represent the proposer and each collaborator;
Be signed by the person(s) authorized to bind the agency to all commitments made in the proposal and, if applicable, be accompanied by a copy of the Board Resolution authorizing the person(s) to submit the proposal. If a Board Resolution cannot be obtained prior to proposal submission, it may be submitted no later than three (3) calendar weeks after the proposal submission deadline;
Identify the individual or firm which prepared or assisted in preparing the proposal. If that individual or firm will not participate in the implementation of the project, describe how the transfer of responsibility will occur to ensure timely implementation
Proposals must be submitted in the English language. Numerical data must be in the English measurement system; costs must be in United States dollars.
Other Proposal Requirements:
1. Narratives are limited to the number of pages indicated and must follow these standards:
Font size – 12 points
Margins – At least 1 inch on all sides
Line spacing – Single-spaced
Single-sided, plain white paper
Pages in excess of the stated limits will not be read and will not be considered in scoring.
2. Each page of the proposal, including exhibits, must be numbered
sequentially at the bottom of the page to indicate Page __ of __. 3. Please use the indicative mood (will, shall, etc.) in narratives rather than
the subjective (would, should, etc.) so that proposals can be easily converted to contract form.
4. The Proposal Checklist lists all narratives, exhibits and certifications that
must be included in the proposal. In assembling the completed proposal, please insert the exhibits and certifications where they are indicated in the Proposal Checklist. This Checklist will serve as your Table of Contents.
39
5. Answers should be as concise as possible while providing all the information requested.
6. In completing the narratives and exhibits, including the budget, please
include and clearly identify the services to be provided by and the demonstrated ability of subcontractors, if any.
B. Narratives
1. Narrative 1 – Project Plan – limit 20 pages a. Table of Contents
The table of contents should outline, in sequential order, the major sections of the proposal as listed below, including all other relevant documents requested for submission. All pages of the proposal, including the enclosures, should be clearly and consecutively numbered and correspond to the table of contents.
Maximum 2 pages
b. Executive Summary
The executive summary should summarize your firm’s qualifications and experience, describe the overall approach to and methodology of the project and identify the key project tasks and deliverables.
Maximum 2 pages
c. Overall Approach and Methodology
Address each of the required components:
Procurement strategy: Type of equipment; how quickly can your firm obtain equipment.
Proposed installation strategy: How quickly can your firm install the equipment at each location; Installation Schedule.
Proposed designed strategies, if applicable.
Details of standard warranty and maintenance packages included with the project.
Provide any other innovative and original ideas above and beyond the scope of work that is requested.
Describe the availability of adequate staffing, including support and backup staff.
References: Provide three (3) examples of situations where your firm has installed cybersecurity operations systems or similar systems. Provide the names, titles and contact information for similar engagements. Please provide the entity name, physical address, telephone number, and email address for each reference. These references may be used as a gauge to help the City determine the quality, reliability, dependability, consistency, safety issues and overall satisfaction levels exemplified by your firm.
Optional: Provide no more than three written client references for the Contractor; references should pertain to projects and services that are similar in nature.
4. Narrative 4 – Cost Proposal – limit 5 pages
Create an accurate and complete budget(s). Please provide pricing information and notes with as much detail as possible. In order for the City to plan for expenditures pursuant to the contract awarded for this project, Proposer must provide a cost
41
breakdown that lists and defines all costs for services being requested pursuant to this RFP. The breakdown should include costs for materials and labor.
Substantiate how your proposed budget(s) will ensure sufficient dedication of resources so that a quality product will be completed according to the Schedule of Deliverables.
Describe allowableness, reasonableness, and necessity of costs.
Present any critical information that has not been requested in this RFP.
C. Documents to be Completed
Proposers must complete and submit all of the Attachments, Exhibits and Certification forms. Do not assume that any document is not applicable. Use the Proposal Checklist as a guide. Failure to complete and submit any of these documents may result in your ineligibility at the discretion of the City.
D. Proposal Checklist – Documents to be Submitted with Proposal
1. Narrative 1 – Project Plan 2. Narrative 2 – Staff Experience and References 3. Narrative 3 – Contractor’s Demonstrated Ability 4. Narrative 4 – Cost Proposal 5. Narrative 5 – (optional) – Additional Information 6. Proposer Workforce Information – Exhibit B 7. Statement of Non-Collusion – Exhibit C 8. Contractor Responsibility Questionnaire – Exhibit D 9. Pledge of Compliance with Contractor Responsibility Ordinance –
Exhibit E 10. EBO Compliance Forms – labavn.org; Guide attached as Exhibit L 11. Non-Discrimination/Equal Employment Practices/Affirmative Action
Documents – labavn.org; Guide attached as Exhibit L 12. Business Inclusion Program (BIP) outreach (labavn.org; Policy and
Walk-Thru attached as Exhibit F) 13. Certification and Disclosure Regarding Lobbying – Exhibit G 14. Certification Regarding Debarment – Exhibit H 15. Drug-Free Workforce Form – Exhibit I 16. Bidder Certification CEC Form 50 – Exhibit J 17. Bidder Contributions CEC Form 55 – Exhibit K
