Proprietary and confidential
REQUEST FOR PROPOSAL
Table of Contents
USING THIS TEMPLATE 3
TEMPLATE CONTENTS 3
INTRODUCTION AND BACKGROUND 5
PURPOSE OF THE REQUEST FOR PROPOSAL 5
TECHNICAL CONTACT 6
CONTRACTUAL CONTACT 6
DUE DATES 6
SCHEDULE OF EVENTS 7GUIDELINES FOR PROPOSAL PREPARATION 8
PROPOSAL SUBMISSION 8
DETAILED RESPONSE REQUIREMENTS 9
EXECUTIVE SUMMARY 9
SCOPE, APPROACH, AND METHODOLOGY 9
PROJECT MANAGEMENT APPROACH 9
DETAILED AND ITEMIZED PRICING 10
APPENDIX: REFERENCES 10
APPENDIX: PROJECT TEAM STAFFING 10
APPENDIX: COMPANY OVERVIEW 10
EVALUATION FACTORS FOR AWARD 11CRITERIA 11
SCOPE OF WORK 12
USING THIS TEMPLATE
Foundstone has developed this Request For Proposal (“RFP”) template to help organizations identify and select a quality security vendor to perform professional services work. It also lists questions organizations should consider asking potential vendors to ensure that a thorough and comprehensiveapproach to the project will be taken. This template should apply for a variety of information security projects including:
• External Network Vulnerability Assessment and Penetration Testing
• Internal Network Vulnerability Assessment and Penetration Testing
• Web Application Penetration Testing
• Dial-In / RAS Security Testing
• DMZ or Network Architecture Designs /Reviews
• Wireless Network Assessment and Penetration Testing
• Virtual Infrastructure Security Assessment
• Server Configuration Reviews
• Firewall and Router Configuration Reviews
• VPN Configuration Reviews
• Voice over IP Assessments
• Social Engineering Assessments
• Physical Security Reviews
• Software Source Code Reviews
• Application ThreatModeling and Design Reviews
• Information Security Policy and Procedure Development or Review
• Information Security Risk Assessment
• Security Awareness Program Development or Review
• Incident Response Program Development or Review
• Secure SDLC Program Development or Review
• PCI Quarterly Scans
• PCI Report on Compliance Assessment or Gap Analysis
The template contains a number of different sections that provide the vendor with a better understanding of the business and technical objectives of the effort. The major sections of the RFP template are:
• Introduction and Background: A description of the project’s objectives plus any additional background about the organization or business objectives that may provide the vendorwith additional useful perspective.
• Administrative Information: Contact information that the vendors will need to prepare and submit their proposal as well as major dates associated with the RFP submission, evaluation and award process.
• Guidelines for Proposal Preparation: Guidelines for vendor communication with the organization are provided in this section and a preferredproposal format is described for the vendor.
• Evaluation Factors for Award: Outlines the criteria that will be used to evaluate the various proposals.
• Statement of Work and Deliverables: This section provides sufficient technical details about the environment to allow a vendor to understand the scope of the effort and price it appropriately. In addition, the deliverables or workproducts required from the project are described.
INTRODUCTION AND BACKGROUND
PURPOSE OF THE REQUEST FOR PROPOSAL
ABC Company is a provider of specific products or services to types of customers in the industry. It has facilities in approximately number locations within the United States, as well as several other locations in Europe and Asia.
ABC Company is interested in conducting a...