Create RFP

Begin with your organization's standard procurement template for soliciting technology-related vendor solutions.

●

Engage procurement and legal teams early in your process.
●

Include application requirements, vendor, and cost-related questionnaires in an appendix to separate them from the procurement terms and conditions.
●

Design clear and straightforward questionnaires that enable efficiencies -- vendor response and scoring.
●

Use open-ended in addition to yes/no question formats to promote higher quality vendor responses.
●

Use leading practices in defining requirements as described in the Embrace Mission topic.

Question Types

RFP-related questions that are scored are one of two types.

Published Requirement Questions are questions that discernibly, efficiently, and fairly elicit vendor responses to solution requirements, organized by specific topics and subtopics.
Unpublished Questions are questions based on other data or answers in the vendor responses. These are internal questions that only the evaluators respond to—they are not published in the RFP. They are used to provide additional points weighting to specific topics and provide objective analysis on what otherwise might be subjective or very broad topics. Typically, the number of DNP questions associated with an RFP ranges from 20 to 40.

Create Vendor Questionnaires

While most of the RFP document details procurement terms and conditions, the questionnaires provide worksheets for vendors to respond to your needs.

The questionnaires are attached to the RFP as appendices.

Partner with your IT and security organizations to prepare and finalize these questionnaires.

Also, review the questionnaires with your procurement and legal teams to ensure that the information isn't sensitive or proprietary.

Vendor Questionnaires

Technical Environment

A brief, one or two-page description of your organization's technical environment, such as:

●

Technical standards and policies
●

Servers, operating systems, technical vendors, database products, versions, and releases
●

Enterprise and web-based applications and their development environments
●

Desktop and mobile standards, operating system versions, and office productivity applications, such as Microsoft Office and its version
●

Network information and standards, including speed, connection points, firewall, and other relevant information
●

User access to applications and shared resources
●

Your organization's security policies, standards, and expectations, including authentication, authorization, sensitive data, web applications, e-commerce, and other relevant information.

Vendor Information/Profile

Assess the vendor's stability and outlook for the future.
Gathered information includes:

●

Company profile, including HQ Location, Ownership, History, Operating locations, and People
●

Products and services, such as Portfolio, History, and Market share
Commitments, including R&D spending, new releases
●

Leader profiles and experience
●

Partnerships and third-party agreements with other organizations
●

Marketplace viability, including Longevity, Financial stability, Products and services, and Research and development

Vendor Technical Questionnaire

Gathers technology-related information on a vendor's proposed solution, including:

●

Compatibility with your organization's current applications and productivity tools, e.g., Microsoft Office, Laserfiche, SharePoint, etc.
●

Affirmation that their solution integrates with your organization's technology as described in your Technology Environment brief.
●

List of accreditations and certifications, i.e., SSAE16, HIPAA, PCI, etc.
●

Their solution's compliance with Federal, State, and Local laws.
●

Their solution's audibility and data management functions, such as data retention policies, archival, and purging.
●

Where your organization's data will be stored, e.g., the United States, another country, etc.
Standard Service Level Agreements (SLAs), historical SLA performance, key metrics and performance indicators, and SLA reporting processes.
●

Incident management process, turnaround times for incidents.
●

Release management and version control processes.
●

Monitoring, measuring, and reporting processes.
●

Hardware, processor speed, minimum memory, data storage, operating system and versions, and infrastructure sizing (# of servers, storage levels, etc.) for initial implementation and ongoing organic growth.
●

Minimum desktop and other device configurations required by a vendor's proposed solution.
●

Web browser requirements, plugins, and other software dependencies.
●

Mobile devices supported and data stored on them.
●

Minimum network configuration to run a vendor's solution, including protocols, capability, and speed.
●

Database products, and their versions, required.
●

Third-party products required.
●

How does their solution integrate with legacy or proprietary solutions in your organization?
●

Redundancy and failover architecture and disaster recovery plans.

Vendor Security Questionnaire

Gathers in-depth hosted and on-site security practices used by a vendor, including:

●

Security policies and processes
●

Application security
●

Account management and access control
●

Application and data management
●

Network infrastructure
●

Log management
●

Internet-facing application
●

Anti-malware
●

Security incident response
●

Change management
●

Remote access & VPN
●

Mobile devices
●

Physical security
●

Disaster Recovery
●

Business continuity
●

Third-party agreements
●

Cloud-based technologies

Vendor and Application Requirements Questionnaire

Vendor question topics include:

●

Differentiation
●

Strategy
●

Customer base
●

Strategic partnerships
●

Deployment options
●

Governance
●

Contract
●

Continuity
●

Continuous improvement
●

Other compliance, certifications, and accreditations

Application requirement topics include:

●

Application-specific functional requirements
●

Configuration, such as regulatory compliance, templates, data entry screens, fields and labels, messaging, menus, toolbars, and workflow
●

User experience, including navigation, user interface, interactive views and filters, and search
●

Standard and ad-hoc reporting, analytics, and delivery options, such as print, screen, PDFs, web, etc.
●

Application security and controls, such as access, locking, user roles, audit, archive/purge, anywhere and anytime access
●

Integration to other applications and tools in your organization, including import/export capabilities
●

Technical, including software, environments, performance, architecture, asset mgmt, configuration mgmt, availability, disaster recovery, backup and recovery, service level objectives, and performance/reporting
●

Application management and support, including application development
●

Data migration and conversion, application support, incident mgmt, release mgmt, documentation, online help, training, user conferences, compliance, and organization change mgmt
●

Other products and services offered by a vendor
●

Potential long-term requirements for your organization

Vendor Cost Proposal

Proposed vendor cost components include:

●

Deployment approaches, such as on-premise, hosting, software-as-a-service, or other
●

One-time costs, including application software, system software, hardware, other infrastructure (storage, network, etc.), and implementation
●

Annual recurring, such as system subscription, data center hosting, in-house hardware and infrastructure, software licenses, application mgmt and support, hardware/other support, post-implementation training, project (e.g., upgrade), other variable and miscellaneous costs
●

Early termination costs
●

Service/role costs, such as hourly rates by role, e.g., project manager
●

Other services and products cost
●

Vendor-added contingency costs
●

Vendor cost commitment, e.g., guaranteed costs, estimate requiring further discovery, etc.

The cost proposal worksheet should specify the deployment approach. Each deployment approach option should have its worksheet.

Vendors should note the added contingency costs and their cost commitment.

More on Application Requirements and Vendor Cost Proposal

To organize the Application Requirements Questionnaire and Vendor Cost Proposal, use a worksheet format, like the layouts below.

●

Vendors must answer all the questions.
●

Vendors may reference additional documents to support or clarify their responses.

Application Requirements

Topic	Sub-topic	Question	Vendor Response
Add a row for each primary requirements topic.	Specify the requirement sub-topics you want to highlight and break out associated with the primary topic.	Add a row for each requirement question.	The vendor responds with their ability to satisfy the requirement.

Vendor Cost Proposal

Cost Component	Cost Item	Vendor Response	Costs
Add a row for each significant cost component above, highlighted in bold.	Specify items associated with the cost component you want to be highlighted and broken out.	The vendor responds with a specific cost for the line item.	Add a cost column for each year—Year 1 through Year 5—and a Total column. Break out cost by year for the cost component or line item.

Organize and Draft RFP Content

Partner with your procurement and legal team to draft and finalize RFP content.

Create RFP

Introduction

Provide your organization's purpose and objective for issuing the RFP.

Overview

Provide an overview of your:

●

Organization and technical environment
●

Project
●

Requirements

Response Submission and Guidelines

Provide a timeline for the RFP process and submission guidelines, including the number of copies, format, and media, e.g., paper and electronic.

Post Submission Guidelines

Describe your evaluation guidelines and process.

Vendor Additional Service Capabilities

Request the vendor to describe additional services provided in their response, such as project and support services that address your organization's requirements.

Invoicing and Payment

Describe your organization's standard payment terms and methods.

Value Proposition

Request the vendor to describe what value their solution and services deliver to your organization.

Key Contract Terms and Conditions

Your organization's Procurement and Legal department provides standard procurement terms and conditions.

Those terms and conditions should be in your organization's standard RFP template—request vendors to note their exceptions.

Customer References

Request the vendor provide three to five customer references.

Vendor Questionnaires

The questionnaires are the primary vendor response documents to the RFP.

●

Use Excel to accommodate tabular layouts and scoring

Addendums

Addendums are procurement-related attachments that allow the vendor to:

●

Communication their intent to bid.
●

Confirm a vendor representative authorizes their solicitation response, e.g., pricing.
●

Certify their organization as a particular class of business, e.g., minority-owned.

Publish RFP

Your Procurement team may be required to publish notices regarding the RFP in local or community newspapers.

Also, many Procurement teams use online procurement exchanges, such as DemandStar for public sector organizations, to electronically publish, track, and receive RFP-related communications from vendors.

Communicate with Vendors

Schedule a vendor conference within a week or two of publishing your RFP.

●

It provides an opportunity for potential vendors to ask questions and get clarifications on RFP-related content.
●

Adding a conference with vendors results in more responsive vendor proposals.

Create RFP

Question Types

Create Vendor Questionnaires

Vendor Questionnaires

More on Application Requirements and Vendor Cost Proposal

Application Requirements

Vendor Cost Proposal

Organize and Draft RFP Content

Create RFP

Publish RFP

Communicate with Vendors

Cookies & Privacy