Embed Size (px)
Citation preview
THE COMMONWEALTH OF MASSACHUSETTS
MASSACHUSETTS OFFICE OF INFORMATION TECHNOLOGY (MASSIT)
1 ASHBURTON PLACEBOSTON MA
RM 801
Request for Quote (RFQ)
Document Title: Cloud Email, Communications, Collaboration, and Productivity Suite Services
Software-as-a-Service
COMMBUYS Bid#: BD-16-1060-ITD00-ITD00-00000005719
MassIT RFQ 16-19
Revised 10-26-2015Revised 10-9/2015
Posted on10-2-2015
Request
THIS AND ALL RESPONSES HERETO INCLUDING THE WINNING BID SHALL BECOME PUBLIC RECORD AS OF THE DATE THE CONTRACT REFERENCED HEREIN IS AWARDED, AND CAN BE OBTAINED FROM THE INFORMATION TECHNOLOGY DIVISION’S LEGAL UNIT BY SENDING AN EMAIL TO [email protected]. ANY PORTIONS OF A RESPONSE THAT ARE LABELED AS CONFIDENTIAL WILL STILL BE CONSIDERED PUBLIC RECORD.
PORTIONS OF THE CONTRACT REFERENCED HEREIN AND MATERIALS RELATED THERETO MAY BE EXEMPT FROM PUBLIC RECORD REQUESTS PURSUANT TO EXEMPTION G. L. c. 4, § 7(26)(n) OF THE PUBLIC RECORDS LAW.
Please Note: This is a single document associated with a complete Bid (also referred to as Solicitation) that can be found on COMMBUYS (www.COMMBUYS.com). All Bidders are responsible for reviewing and adhering to all information, forms and requirements for the entire Bid, which are all incorporated into the Bid. Bidders may also contact the COMMBUYS Helpdesk at [email protected] or the COMMBUYS Helpline at 1-888-MA-STATE. The Helpline is staffed from 8:00 AM to 5:00 PM Monday through Friday Eastern Standard or Daylight time, as applicable, except on federal, state and Suffolk
1
county holidays.
2
Table of Contents
I. General Procurement Requirements and Specifications...............................................4A. General Procurement Information...................................................................................4B. Eligible Bidders...................................................................................................................4C. Bidders’ Responsibility....................................................................................................5D. Addendum or Withdrawal of RFQ.................................................................................5E. Other Specifications...........................................................................................................5
II. About MassIT.........................................................................................................................6III. Procurement Scope and Description..............................................................................6
A. Background Information; Pilot and Pilot Cap.................................................................6B. Services Required..............................................................................................................7
IV. Mandatory Bidder Qualifications......................................................................................8A. Bidder certifications and affiliations.................................................................................8B. Company Experience........................................................................................................8C. Employee Requirements................................................................................................8References..................................................................................................................................9
V. Detailed Requirements.........................................................................................................9A. General................................................................................................................................9B. Specific..............................................................................................................................10
VI. Required RFQ Responses of Vendors.........................................................................11A. Structure of Response.....................................................................................................12
VII. Structure of Procurement Process................................................................................12VIII. Evaluation Criteria............................................................................................................13
A. Overall Evaluation Notes................................................................................................13B. Compliance with Mandatory Submission Requirements:..........................................13C. Rating Responses.........................................................................................................13
IX. Acquisition Method to be used for Contract(s):...........................................................14X. Single or Multiple Contractors for Contract Performance:............................................14XI. Performance and Payment Timeframes That Continue Beyond Duration the RFQ.
14XII. Anticipated Duration of Contract....................................................................................14XIII. Table A: Event Calendar.................................................................................................15
A. Locating Bid Q&A.............................................................................................................16B. Useful CommBuys Links.................................................................................................16
3
XIV. Additional Mandatory Submission Requirements.....................................................17A. Standard Contract Form.................................................................................................17B. Business Reference Form..............................................................................................18C. Other RFQ Attachments...............................................................................................18
XV. Review Rights...................................................................................................................18XVI. System and Data Security............................................................................................18XVII. Warranties and Representations.................................................................................19XVIII. Resulting Contract....................................................................................................21XIX. Miscellaneous.................................................................................................................21XX. RFQ – Other Specifications............................................................................................21
A. Bidder Communications..................................................................................................21B. Reasonable Accommodation.........................................................................................22C. Costs................................................................................................................................22D. Acceptance of Response Content..............................................................................22E. Public Records.................................................................................................................22F. Confidentiality...................................................................................................................22G. Incorporation of RFQ.....................................................................................................23H. Option to Modify Scope of Work..................................................................................23I. Authorizations and Appropriations................................................................................23J. Electronic Communication/Update of Bidder’s/Contractor’s Contact Information. 23K. Restriction on the Use of the Commonwealth Seal....................................................23L. Payment Provisions.........................................................................................................23M. Contractor and Subcontracting Teaming Partners Policies....................................24N. HIPAA: Business Associate Contractual Obligations..............................................24
XXI. Appendix 1 Required Terms........................................................................................25A. Bidder’s Contact Information..........................................................................................25B. Publicity.............................................................................................................................25
XXII. Appendix 2 Required IT Terms....................................................................................25XXIII. Glossary.....................................................................................................................27Attachments.................................................................................................................................30ATTACHMENT A- SAAS TERMS.............................................................................................1ATTACHMENT B - ACCESSIBILITY OBLIGATIONS FOR RFQ BIDDERS.......................1
Overview....................................................................................................................................1Definitions.................................................................................................................................1
4
XXIV. ATTACHMENT C- Business Reference Form.......................................................3ATTACHMENT D- ITS58 Reseller Certification Letter............................................................5Exhibits Available On CommBuys..............................................................................................6
I. General Procurement Requirements and Specifications
A. General Procurement InformationContacts: John Merto
Address: 200 Arlington Street
Suite 2100
Chelsea, MA 02150
Telephone: 617-660-4488
E-Mail Address: [email protected]
B. Eligible Bidders
Only vendors on the following statewide contracts are eligible to bid on this RFQ: ITS19 (Oracle), ITS41designatedITD (IBM); ITS53 (solutions providers and technical specialists); and software publishers willing to provide software as a service (“SaaS”) through statewide contract ITS58 (software resellers).
ITS58 Software Resellers include CDW, Dell, Insight Public Sector, PCMG, and SHI.Software publishers who are not on any of the above contracts may (1) submit a bid through a software reseller on the ITS58 statewide contract, or (2) submit a bid containing a certificate signed by an authorized ITS58 reseller in the form attached to this RFQ as Attachment D along with a quote from the reseller. Software publishers will be able to submit their bids through Commbuys. Software publisher bids will not be accepted without the reseller quotes and certificate.
The ITS58 vendors are:
Vendor Contact Email Phone
CDWSean Hart, Sales Manager
Andrew Arenella, Field Account Executive II
855.822.5157203.851.7180
5
Vendor Contact Email PhoneDell Roy Ramirez
Stephanie [email protected][email protected],
603.369.0235512-513-3039
Insight Sean Phillips, Account Executive AJ D’Agostini, Inside Sales Manager
480-409-6238800-467-4448 x5308
PCMG RoseMarie Pavlick, SLED Mgr.Rick Cardoza, SLED Sales
[email protected]@enpointe.com
800-625-5468, x82443508-524-3952
SHI MA SLED TeamAmanda Spence, Business Dev. Mgr.
[email protected][email protected] 800-527-6389 ext
7162 (office) | 732-589-6601 (cell phone)
6
C. Bidders’ ResponsibilityIt shall be the Bidder’s responsibility to read this entire document, review all referenced attachments, and comply with all requirements. If a Bidder discovers an inconsistency, error or omission in this RFQ, the Bidder should request a clarification by posting a question on the“Q & A” Tab for this RFQ on CommBuys. All of the required specifications and forms for this RFQ and the contract awarded under this RFQ are identified under the “Attachments” tab in the Bid on CommBuys. Bidders are responsible for reviewing CommBuys for all the listed specifications and the required Forms that should be submitted with the RFQ Response (in order to be considered for selection) or upon contract award and execution. Failure to submit the required forms with the RFQ Response, as specified, will be considered sufficient grounds for rejection of the Bidder’s Response.
D. Addendum or Withdrawal of RFQMassIT reserves the right to amend the RFQ at any time prior to the deadline for submission of responses and to terminate this procurement in whole or in part at any time. If MassIT decides to amend or clarify any part of this RFQ, any amendment will be posted on CommBuys.
E. Other Specifications This Request for Quotes (RFQ) does not commit the Commonwealth of Massachusetts (Commonwealth) or the Massachusetts Office of Information Technology (MassIT) to approve a contract, pay any costs incurred in the preparation of a Bidder’s response to this RFQ or to procure or contract for products or services.
MassIT reserves the right to accept or reject any and all proposals received as a result of this RFQ and to contract for some, all or none of the products and services as a result of this RFQ. MassIT further reserves the right to negotiate with any or all qualified Bidders and to cancel in part or in its entirety this RFQ if it is in the best interest of MassIT or the Commonwealth of Massachusetts to do so.
II. About MassIT The Massachusetts Office of Information Technology (MassIT) is responsible for overseeing all information technology investments for the Commonwealth of Massachusetts. MassIT provides the processing and application programming services for many Commonwealth entities, and also supports municipalities in leveraging technology.
MassIT has a vision of both fostering innovation and revolutionizing the speed of delivery of IT services to its constituents, be they state agencies or citizens and in a manner that is consistent with the expectations of its IT customers. MassIT envisions an overall service delivery mechanism that is both highly efficient and responsive to customer needs, and most effective from a capital investment standpoint, and fully secure from a risk management perspective.
The Executive Department’s email, collaboration tool and productivity suite environment is described in Exhibits D and E and comprises critical information for the Bidder.
III. Procurement Scope and Description
7
A. Background Information; Pilot and Pilot Cap The purpose of this procurement is to enter a contract with a vendor who will provide and implement a SaaS solution including email, conferencing, instance messaging, desktop collaboration services and an office productivity suite (word processing, spreadsheets, presentations, calendars, to do list, etc.) (collectively the “The Solution ”). Such services provide present an opportunity to realize cost savings, add additional service capabilities, enhance productivity and security, make rapid changes and updates to email, productivity suites, and related applications, and reduce costs. These collaboration services are changing rapidly to an ecosystem of communication options and rich collaboration and sharing environments. Furthermore, Collaboration services in a cloud environment have changed with industry requirements to offer a more robust collaborative tool than was possible in previous years.
Through the contract entered into under this RFQ, MassIT will acquire a government-client-only community cloud System.
The Commonwealth’s intent is that this SaaS procurement will result in the planning, design, configuration, testing, and implementation of the Solution, data migration and Active Directory recommendations (“Implementation Services”), and the ongoing provision of SaaS services in a pilot project through which the Solution will be provided to a limited number of the Commonwealth’s current central email system (“MassMail”) users (the “Pilot”). Through this pilot, MassIT will evaluate the potential for expanding the Solution or a similar solution to the entire Executive Department.The Bidder must provide the pilot conducted under this RFQ, including all discovery, implementation, configuration, Active Directory recommendations and SaaS services for the initial term of the Contract entered hereunder for less than $552,572 (the “Pilot Cap”). Because any technology implementation can be expected to involve cost change orders due to unanticipated scope changes, Bidders must include in their Cost Proposals a change order margin of at least 10% of the Pilot Cap. Based on the results of the Pilot, MassIT will make a determination as to the feasibility of extending the Solution to the entire Executive Department (“Phase I”); MassIT reserves the right to go out to bid at any time in connection with the Phase I expansion of the Solution or a competing cloud service following the Pilot, if such a procurement is required by law, or meets MassIT’s business or technical needs. The Solution, while applied to a limited number of mailboxes during the Pilot, must be scalable to the Executive Department’s roughly 58,000 employees.
B. Services RequiredAll services are a mandatory part of the Solution.
Conduct a PILOT, for a limited number of Executive Department MassMail users, and with a maximum obligation of less than the Pilot Cap, of an overall Cloud Email, Communication, Real Time Collaboration and Productivity Suite Solution (the Solution).
8
T he Solution must o provide the capability for use on a cloud infrastructure,
o be accessible on demand, 24 x 7 x 365
o meet service levels set forth in this RFQ and its attachments and Exhibits,
The Solution must include, among other things:
o Messaging: Includes e-mail/calendaring/resource scheduling, voice mail, and related messaging capabilities;
o Conferencing: Includes audio, video, and Web conferencing, and integrated desktop conferencing solutions;
o Instant Messaging/Presence: Includes Instant Messaging (IM), presence, and rich presence aggregation (the ability to aggregate and publish presence and location information from multiple sources); and
o Applications: Includes applications that have both productivity and integrated communication functions; including office productivity and collaboration suites (e.g. word processing, spreadsheets, slide presentations, etc.), notification, and integration with mobile device platforms in a consolidated communications enabled environment. For purposes of clarity, MassIT seeks a solution that will migrate its current on premises productivity suite, both its communications functions and its standalone desktop features, to the cloud.
o Scalability: Although the Pilot Phase will involve only a limited number of mailboxes, the winning Bidder must provide a Solution that will easily scale up to the entire Executive Department’s potential 58,000 users during Phase I.
Limited Pilot Cost - The total cost of implementing, configuring and testing the Solution, and providing SaaS services for the duration of the first term of the Contract entered hereunder must be less than the Pilot Cap, including a 10% buffer for change orders.
o Mailboxes: The Bidding Vendor will propose the number of mailboxes that can be migrated and supported under the Pilot Cap.
Provide Interoperability. The Commonwealth has and will make significant investments in its recently procured collaborative file share (One Drive); its eArchiving solution (EMC One Source); its mobile device management system, (AirWatch), its current Active Directory structure; and its SendMail Sentrion solution. The Commonwealth will only consider solutions that will interoperate seamlessly with these Commonwealth services. The Commonwealth is not seeking an archive and e-discovery service from the Bidder. Should the winning bidder identify additional systems with which the System must interoperate during the discovery period, or should MassIT identify such systems during the Bidder’s conference, the Bidder’s solution must also be capable of interoperating with these systems as well (i.e. Secure Mail, Identity and Access Management)
Provide Implementation Services. The winning Bidder will provide planning, design, , implementation, configuration, data migration, testing and training services related to transitioning the selected mailboxes and productivity suites from the MassMail exchange environment and the current productivity suite to the Solution.
9
Provide Written Recommendations: The winning Bidder will also make written recommendations during the Pilot as to how, specifically, it recommends the Commonwealth re-architect its Active Directory structure to best industry standards and support the System. At MassIT’s discretion, MassIT may, hire the winning Bidder to implement these recommendations.
IV. Mandatory Bidder Qualifications
The winning Bidder must have the following qualifications.
10
A. Bidder certifications and affiliations
At a minimum, Bidders must be ISO 20001, ISO 27001 and ISO 27002 certified.
Be a FedRAMP-Compliant Service Provider.
B. Company Experience.
Bidders must have experience within the last three years providing the services described in this RFQ to individual public sector customers with user populations of at least 60,000.
C. Employee Requirements.
Commit that all vendor or sub-contractor staff assigned to the planning, design, implementation, configuration, migration, testing training, and recommendation activities described in this RFQ must have the following mandatory experience and qualifications. Experience:
With Microsoft Exchange, Microsoft Outlook and other third party software required to operate the Solution.
Designing and deploying the Solution in a multi-email organization environment.
Delivering high quality solutions in aggressive timelines.
Bidder staff working on these activities must hold current certifications in their respective technologies.
Planning for, designing and implementing a migration from a mixed Exchange 2007 and Exchange 2013 on-premise email system to The Solution cloud service in, at a minimum, a 40,000 user multi-domain multi-facility Microsoft Active Directory environment.
Migrating from On-premises Exchange 2007 through 2013 in a multi-domain multi-facility Microsoft’s Active Directory environment to an cloud environment with over 40,000 users, in the last 12 months
Knowledge of/familiarity with SendMail’s Sentrion solutions (See Exhibit C)
Working knowledge of/familiarity with EMC Source One
Working knowledge of/familiarity with CommVault Simpana software.
Working knowledge of/familiarity with the Scattered Files technology and other storage approaches.
Bidder resources must be certified in current versions of Exchange and Active Directory with each resource having at least 5 years of experience 11
in use of this technology.
Knowledge of/familiarity integrating cloud-based Microsoft Exchange 2007, 2010 and 2013 with local (not cloud-based) industry standard email archiving solutions.
References Bidder must provide a minimum of three recent (within
past two years) business references who can discuss Bidder’s experience, products and services, using Attachment C hereto, Business Reference Forms.
V. Detailed Requirements
A. General Bidders for this cloud solution must provide, implement, configure, test, provide training, and manage the hardware, software, storage, infrastructure, platform and networking components for the Email, Communication, Collaboration and Productivity Suite Solution detailed in this RFQ. During the Pilot, the Solution must serve the number of mailboxes proposed by the Bidder to fit under the Price Cap. The Solution must also be scalable, for a potential Phase I engagement, to the Executive Department’s 58,000 users.
Bidders will provide, support and host all the infrastructure and platform components of Hosted Email, Communications, and Collaboration services.
B. Specific
12
SaaS. The Bidder shall commit to manage and control the System’s underlying cloud infrastructure, network, servers, operating systems, or storage.
The Solution must be and remain a government community cloud in the Contiguous U.S. The private cloud and all technicians working on it must l be located at Vendor’s or Sub-Contractor’s data centers within the contiguous United States (including the District of Columbia).
The Bidder’s SaaS services must meet the requirements set forth in Attachment A – SaaS Terms. An Apparent Successful Bidder will have the opportunity to comment on those terms and MassIT will consider the Bidder’s issues and concerns.
Bidder must preserve the integrity and security of personal and confidential information in a way that meets state and federal information privacy and security laws and statutes detailed in this RFQ, detailed in Exhibits I-1 and J
The Bidder must implement the solution on an aggressive timetable,
The Bidder must enter a HIPAA Business Associate Agreement as required by the HIPAA privacy rule and the HITECH Act, and a CJIS Agreement as required by Federal law.
The Bidder’s Solution must provide complete audit, tracking, logging capability.
The Solution must comply with all of the security controls set forth this RFQ, specifically at Exhibit I-3, Exhibit I1 line S-31, and in the Commonwealth’s Enterprise Technical Reference Model for which a link is provided in Appendix 2 hereto .
Ensure that the cost of the engagement, including all of the roadmap tasks referenced in Exhibit F hereto, all other Implementation Services described herein, and the Solution subscription fees, total less, in the aggregate, than the PILOT CAP, with a 10% buffer for Change Orders
Ensure that all deliverables are consistent with MassIT’s applicable Policies and Standards, available online at www.mass.gov/itd and consistent with the RFR specification for IT contracts, set forth in Appendix 2 hereto.
The Solution and all training must comply with the Mandatory Accessibility Requirements e set forth in Exhibit H – Mandatory Accessibility Requirements.
The Solution must meet, as of the time of the bid, the technical, administrative and physical security requirements of the laws, regulations, policies and executive orders to which current MassMail users are subject, referenced in Exhibit I-1 - Mandatory Legal Security Requirements; Exhibit J - Mandatory Legal Privacy Requirements, and Exhibit K, Mandatory Additional Legal Requirements. Note that encryption alone cannot be relied upon to comply with many of the requirements set forth in this RFQ (including without limitation legal and security requirements). Accessing encrypted data (even if the data is not decrypted) may be considered “access” to that data under certain laws. Thus, even though Exhibit K contains a requirement that data be encrypted at rest and in transit, compliance with that requirement does not obviate the need for a Bidder to adequately respond to other requirements set forth in this RFQ (including without limitation legal and security requirements).
VI. Required RFQ Responses of Vendors
13
A. Structure of Response The Response shall consist of the following documents::
Cover Letter. A letter o stating that the Bidder agrees to the terms of this RFQo Identify what organization is submitting the proposal.
o Identify the name and title of the person authorized to sign a contract on behalf of the responding organization.
o Identify whether the organization intends to sub-contract any of its services. The organization does not have to identify Sub-contracts as part of its intent letter but must do so in business requirements response.
o Identify the name, title, telephone numbers, and email address of the person to contact for clarification about the proposal being transmitted.
o Identify the name, title, telephone, and email address of the individual who will serve as the project manager.
o Be signed by an authorized signatory.
o
Business Response. The Business Response must include the following:
o A completed Attachment C hereto, Business Reference Formo A completed Exhibit A, Commonwealth Statement of Worko A completed Exhibit B, Confidentiality Agreemento A completed Business Response Template, Exhibit Fo A completed Exhibit I-2 and I-3 showing the Bidder’s compliance with Fedramp
Cost Response - The Cost Response must be in the format of the Cost Response Template (Exhibit G).
VII. Structure of Procurement Process MassIT will only be evaluating the total solution for award after all documents have been submitted completed. Bidders who fail to submit completed bids in a timely manner shall be disqualified at the discretion of MassIT.
Upon the close of the solicitation process MassIT will evaluate the bids based on our stated Evaluation Criteria (Section IX).
14
Mass IT may select the top Bidders (the Initial Selected Bidders) based on an initial scoring. These Initial Selected Bidders may be invited to the Initial Selected Bidders Meeting. After such time, MassIT will use the same Evaluation Critera and Rescore the bids to determine an apparent successful Bidder. The choice of the Initial Selected Bidders, and the conduct of the Initial Selected Bidder’s Meeting, is at the sole discretion of MassIT.
MassIT will then enter a negotiation with the apparent successful bidder. MassIT reserves the right move to the next successful Bidder if it is in the best interest of the Commonwealth to do so.
MassIT reserves the right to solicit a Best and Final Offer from any Bidder.
VIII. Evaluation Criteria
A. Overall Evaluation NotesResponses shall be evaluated by a MassIT Strategic Sourcing Team (SST). MassIT shall select the Bidder(s) whose proposal, in the aggregate, provides the best business, technical, and financial value for the Commonwealth (“Best Value”). Cost will be among several factors in the SST’s consideration; however, MassIT is not required to choose the Bidder(s) that proposes the lowest costs, but will choose the Bidder(s) that offers the best value to the Commonwealth.
MassIT reserves the right to reject a Bidder(s)’s response at any time during the evaluation process if the Bidder(s):
Fails to demonstrate to MassIT’ satisfaction that it meets all RFQ requirements; Fails to submit all required information or otherwise satisfy all Response Requirements i Receives a rating of Poor in the evaluation of one or more categories of its Business and
Technical Response; or Vendors who have given themselves favorable programmatic or technical responses,
which are untrue. Has any interest that may, in MassIT’s sole determination, conflict with performance of
services for the Commonwealth or be anti-competitive.
The SST, in its sole discretion, may determine whether non-compliance with any of the above requirements is insubstantial. In such cases, the SST may seek clarification, allow the Bidder(s) to make minor corrections, apply appropriate penalties in evaluating the Response, or apply a combination of all three remedies.
B. Compliance with Mandatory Submission Requirements: All responses will be reviewed to determine compliance with the mandatory qualifications, and submission of all materials required under this RFQ. The SST will only evaluate responses which meet the mandatory, Submission Requirements, including without limitation, compliance with Firm Qualifications.
The compliance to bid will not be scored; vendors will be listed as only qualified or disqualified.
C. Rating Responses
15
The responses to this RFQ will be evaluated for maximum value based on the criteria listed below. The criteria are listed in descending order of importance with the most important criteria listed first. The SST reserves the right to remove from further consideration non-responsive bids and those that include attempts by the Bidder to alter the Commonwealth’s standard legal terms.
The SST reserves the right to refuse to score bids that fail to meet the mandatory criteria in this RFQ.
The criteria for each section are listed with those of the highest importance first.
A.) The degree to which the Business and Technical Response meets the Commonwealth’s requirements as set forth in this RFQ
B.) Bidder Experience and References
C.) Cost & Time for Delivery
All other things being equal (e.g., business and technical requirements; experience and references; cost, including cost compared to existing MassMail; etc.), MassIT will give preference to a single Bidder who can supply the Solution and provide the Implementation Services.
AlternativesA Response which fails to meet any material term or condition of the RFQ, including the submission of required attachments, may lose points or be deemed unresponsive and disqualified.
Unless otherwise specified, Bidders may submit Responses proposing alternatives which provide equivalent, better or more cost effective performance than achievable under the stated RFQ specifications. These alternatives may include related commodities or services that may be available to enhance performance during the period of the Contract. The Response should describe how any alternative achieves substantially equivalent or better performance to that of the RFQ specifications.
The SST will determine if a proposed alternative method of performance achieves substantially equivalent or better performance. The goal of this RFQ is to provide the best value of commodities and/or services to achieve the goals of the procurement.
IX. Acquisition Method to be used for Contract(s):
The acquisition method to acquire services from this RFQ is:
(a) fee for service for Mandatory Service Requirements
(b) time and materials for the Tasks and Deliverables related to the Services under this RFQ but not explicitly included in this RFQ.
X. Single or Multiple Contractors for Contract Performance:
16
The estimated number of Contractors is one. This is the target number; the SST may award more or fewer Contracts if it is in the best interests of the Commonwealth to do so.
XI. Anticipated Duration of Contract
The initial term of contract entered through this RFQ will be 3 years with two (2) options to renew, solely at MassIT’s discretion, for an addition two (2) years each for a maximum contract term of seven (7) years (including the initial term and all possible renewal terms).
Services procured through contracts resulting from this procurement are subject to available funding. No goods may be ordered and no new agreements for services may be executed after the contract entered under the RFQ has expired (unless renewed or amended within the parameters set forth above).
XII. Table A: Event Calendar
The procurement process will observe the following calendar. Questions concerning this RFQ must be posted to the “Q&A” tab for this RFQ on CommBuys (see below by the deadline for submitting questions listed below. Questions and their answers may be posted on CommBuys following the final submission date for questions.
CALENDAR EVENT DAY DATE TIME
RFQ Release Date Friday October 5, 2015 12:00 PM
Written Questions due in CommBuys Thursday October 22, 2015
Physical Bidders’ Conference
Location: Ashburton, room TBD.
Audio Bridge (low quality/questions by text): 877-820-7831 / 829-034
Friday November 6, 2015 10:00 AM – 12:30 PM
Final Questions due in CommBuys Tuesday November 10, 2015 2:00 PM
Official Answers Published on CommBuys (estimated)
Thursday November 19, 2015 4:00 PM
Responses Due
Note: CommBuys locks at precisely 4:00:00
Friday December 11, 2015 2:00 PM
Initial Selected Bidders’ Meeting and Oral Presentations (estimated)
Week of January 5, 2015 Each up to 4 hours, Tuesday and Thursday
Announcement of Apparent Successful Tuesday January 26, 2015 4:00 PM
17
CALENDAR EVENT DAY DATE TIME
Bidder on CommBuys (estimated)
Estimated Contract start date Tuesday March 1, 2016 --
18
Times are Eastern (US), Standard or Daylight Savings, as applicable. If there is a conflict between the dates in this Procurement Calendar and dates on the RFQ’s Summary tab or Forum pages, the dates on the RFQ’s Summary tab or Forum pages on CommBuys shall prevail. Any changes in the Estimated Procurement Calendar which are made after the RFQ has been published will not result in amendments to the Estimated Procurement Calendar. Such changes will appear only on the RFQ’s Summary tab and/or related Forum pages on CommBuys. Bidders are responsible for checking the RFQ’s Summary tab and related Forum pages on CommBuys for Procurement Calendar updates.
Written questions via the Bid Q&A on COMMBUYSThe “Bid Q&A” provides the opportunity for Bidders to ask written questions and receive written answers from the Strategic Sourcing Team (SST) regarding this Bid. All Bidders’ questions must be submitted through the Bid Q&A found on COMMBUYS (see below for instructions). Questions may be asked only prior to the Deadline for Submission of Questions stated in the Procurement Calendar. The issuing department reserves the right not to respond to questions submitted after this date. It is the Bidder’s responsibility to verify receipt of questions.
Please note that any questions submitted to the SST using any other medium (including those that are sent by mail, fax, email or voicemail, etc.) will not be answered. To reduce the number of redundant or duplicate questions, Bidders are asked to review all questions previously submitted to determine whether the Bidder’s question has already been posted.
Bidders are responsible for entering content suitable for public viewing, since all of the questions are accessible to the public. Bidders must not include any information that could be considered personal, security sensitive, inflammatory, incorrect, collusory, or otherwise objectionable, including information about the Bidder’s company or other companies. The PMT reserves the right to edit or delete any submitted questions that raise any of these issues or that are not in the best interest of the Commonwealth or this Bid.
All answers are final when posted. Any subsequent revisions to previously provided answers will be dated.
It is the responsibility of the prospective Bidder and awarded Bidder to maintain an active registration in COMMBUYS and to keep current the email address of the Bidder’s contact person and prospective contract manager, if awarded a contract, and to monitor that email inbox for communications from the Purchasing Department, including requests for clarification. The Purchasing Department and the Commonwealth assume no responsibility if a prospective Bidder’s/awarded Bidder’s designated email address is not current, or if technical problems, including those with the prospective Bidder’s/awarded Bidder’s computer, network or internet service provider (ISP) cause email communications sent to/from the prospective Bidder/Awarded Bidder and the Purchasing Department to be lost or rejected by any means including email or spam filtering.
A. Locating Bid Q&ALog into COMMBUYS, locate the Bid, acknowledge receipt of the Bid, and scroll down to the bottom of the Bid Header page. The “Bid Q&A” button allows Bidders access to the Bid Q&A page.
19
B. Useful CommBuys LinksInterested Bidders must submit their response using COMMBUYS. Bidders must allow enough time to upload their bid documents prior to the end date and time listed in the calendar. Only bids fully loaded will be accepted.
Useful Links:
Job aid on how to submit a quote: http://www.mass.gov/anf/docs/osd/commbuys/create-a-quote.pdf
Webcast: How to Locate and Respond to a Bid in CommBuys, which will familiarize bidders with CommBuys terminology, basic navigation, and provide guidance for locating bid opportunities in CommBuys and submitting an online quote.
Bidder may contact the CommBuys Help Desk at [email protected] or call during normal business hours (8AM – 5PM, Monday – Friday) at 1-888-627-8283 or 617-720-3197.
Physical Bidders’ Conference (in person) The Bidders’ Conference is the physical conference conducted by the SST for the purpose of informing prospective Bidders about general RFQ information and answering questions from prospective Bidders. Attendance is mandatory. Please refer to the CommBuys website for any updated information, including the location, time and date of the Bidders’ Conference.
Initial Selected Bidder’s Meeting and Oral Presentation Selected Bidders who are asked to participate in the Initial Selected Bidder’s Meeting and Oral Presentations / Service Demonstrations will be expected to prioritize this in their schedules. The SST will make every effort to find a mutually convenient time for the Bidder and the SST. However, failure to appear at the scheduled time of the presentation/demonstration may result in disqualification, reduction of points or other action that the SST deems appropriate.
Site Inspection MassIT will at its sole discretion ask Initial Selected Bidders to provide MassIT with the opportunity to visit their hosting sites and the sites of customers similar to the Commonwealth who currently use Bidders’ services. MassIT will post on CommBuys details regarding any such site visits.
XIII. Additional Mandatory Submission Requirements All Bidders will be required to complete, execute and return the following three (3) documents found under the “Specifications” tab on the CommBuys page for this solicitation:
A. Standard Contract Form
20
By executing the Standard Contract Form, the Bidder certifies under the pains and penalties of perjury that it has submitted a Response to a Request for Quote (RFQ) issued by MassIT and that this Response is the Bidder's offer as evidenced by the execution by the Bidder's authorized signatory, that the Bidder's Response may be subject to negotiation by the Department, and that the terms of the RFQ, the Bidder's Response and any negotiated terms shall be deemed accepted by the Department and included as part of the Contract upon execution of the Standard Contract Form by the Department's authorized signatory.
B. Business Reference Form
The Business Reference Form is provided at Attachment B hereto. Bidders must provide all requested information on this form for three (3) business references. In completing this form, note that the “Bidder” is the name of the company submitting a Response to this RFQ and the “RFQ Name/Title” and the “RFQ Number” can be found on the cover of the RFQ and on the Summary Tab on CommBuys in the Document Number field. Also, please note that: “Reference Name” is the name of the organization (if not applicable, then name of the individual) that is providing the reference; “Contact” is the name of the individual inside the organization that will provide the reference; and the “Address,” “Phone #” and “Fax/Internet Address” are those of the “Contact” so that the SST may be able to reach them.
C. Other RFQ Attachments1. Resumes of all staff to be assigned to the implementation of the Pilot
All required forms may be found at the website for the Massachusetts Operational Services Division: http://www.mass.gov/osd. They are also included under the Terms tab on the CommBuys web page where this RFQ is posted
XIV. Review Rights Responses to this RFQ may be reviewed and evaluated by any person(s) at the discretion of MassIT including non-allied and independent consultants retained by MassIT now or in the future, for the sole purpose of obtaining an analysis of responses. Any and all Bidders may be asked to further explain or clarify in writing areas of their response during the review process. MassIT retains the right to request further information from Bidders.
XV. System and Data Security
Section 6 of the Commonwealth Terms and Conditions states:
"Confidentiality. The Contractor shall comply with M.G.L. C. 66A if the Contractor becomes a "holder" of "personal data". The Contractor shall also protect the physical security and restrict any access to personal or other Department data in the Contractor's possession, or used by the Contractor in the performance of a Contract, which shall include, but is not limited to the Department's public records, documents, files, software, equipment or systems."
21
In addition to the foregoing requirements, the Bidder MUST agree that as part of its work effort under the agreement entered pursuant to this RFQ, the Bidder will be required to work on or with MassMail and various agency email systems, each of them an information technology system that contains electronic personal data, in order to fulfill part of its specified tasks. For purposes of this work effort, electronic personal data includes data provided by the Commonwealth to the winning Bidder which may physically reside at a location owned and/or controlled by the Commonwealth or winning Bidder. In connection with such data, the winning Bidder will implement the maximum feasible safeguards reasonably needed to:
Ensure the security, confidentiality and integrity of electronic personal data and personal information;
Prevent unauthorized access to electronic personal data or personal information or any other Commonwealth Data from any public or private network;
Prevent unauthorized physical access to any information technology resources involved in the winning Bidder's performance of a contract entered under this RFQ;
Prevent interception and manipulation of data during transmission to and from any servers; and
Allow MassIT Security Personnel immediate and complete access to their facilities upon MassIT’s request;
Notify MassIT immediately if any breach of such system or of the security, confidentiality, or integrity of electronic personal data or personal information occurs.
This list is not comprehensive. There are additional security-related legal requirements in Exhibit I-1 - Mandatory Legal Security Requirements and Exhibit J - Mandatory Legal Privacy Requirements.
XVI. Warranties and Representations In addition to the representation and warranties in the SOW, Bidder must warrant and represent the following:
a. It has the right, power and authority to enter into and perform its obligations under any agreement entered under this RFQ; (ii) the individual executing any agreement entered under this RFQ is authorized to do so; (iii) nothing contained in any agreement entered under this RFQ or the performance of such agreement(s) will cause Bidder to materially breach any other contract or obligation; Bidder has obtained or will obtain, in accordance with the terms of such agreement(s), from Bidder employees, contractors, agents and subcontractors, sufficient rights to grant MassIT the rights granted in the Contract.
b. Bidder is, and will remain during the Term of any agreement entered under this RFQ in compliance with all laws of the Commonwealth relating to taxes, wage reporting, and the withholding and remitting of child support.
c. Bidder Obligations. Bidder acknowledges that its obligations under any agreement entered under this RFQ will include the following:
1. Nonconformities in Deliverables and services will be resolved in accordance with the Warranty obligations set forth in this Agreement.
22
2. With respect to the Services, Bidder shall maintain and update a Defect and Nonconformity List and prominently post Then-current Defect and Nonconformity List in a manner easily accessible to MassIT at all times during the Term.
3. The Deliverables delivered under the Contract shall adhere to the MassIT Standards set forth at www.mass.gov/MassIT.
d. Bidder and its subcontractors are sufficiently staffed and equipped to fulfill Bidder’s obligations under any agreement entered under this RFQ;
e. Bidder’s Services will be performed:
1. By appropriately qualified and trained personnel;
2. With due care and diligence and to a high standard of quality as is customary in the industry;
3. In compliance with the terms and conditions of this RFQ and any Agreement entered hereunder; and
4. In accordance with all applicable professional standards for the field of expertise;
f. Deliverables delivered under this Agreement will substantially conform with the Mandatory Tasks and Deliverable descriptions set forth in this Agreement;
g. All media on which Bidder provides any software under this Agreement shall be free from defects;
h. All software delivered by Bidder under this Agreement shall be free of Trojan horses, back doors, and other malicious code;
i. Bidder has obtained all rights, grants, assignments, conveyances, licenses, permissions and authorizations necessary or incidental to any materials owned by third parties supplied by Bidder for incorporation in the Mandatory Services or the Deliverables to be developed;
j. Documentation provided by Bidder under any agreement entered into under this RFQ shall be in sufficient detail so as to allow suitably skilled, trained, and educated MassIT personnel to understand the operation of the Mandatory Services and Deliverables. Bidder shall promptly, at no additional cost to MassIT make corrections to any documentation that does not conform to this warranty; and
k. The system created or modified by Bidder as indicated in any agreement entered under his RFQ shall operate in substantial conformance with the specifications set forth in this RFQ and any agreement entered hereunder or in Document Deliverables delivered hereunder for this System or modifications for a minimum of one year (the “Warranty Period”) after the “go-live date” for any component included in the system, where “go-live date” shall mean the date referenced in the project plan on which such component is to be put into service and actually used by end users other than for the purposes of testing or piloting. If Bidder’s improper implementation of a module or component causes a prior module or component to fail to comply with the above warranty and such failure is identified during the Warranty Period for the new module or component, then Bidder will correct the applicable defect as described below. Notwithstanding the expiration or earlier termination of the Warranty Period, Bidder shall resolve all nonconformities identified during the Warranty Period in accordance with this Section XVII.
23
During the Warranty Period, Bidder shall correct any Severity Level I, II or III defects at no charge to MassIT.As used in this section, Severity Level I, II and III are defined as follows:
Severity Level I: This is either a safety issue or an issue that affects a central requirement for which there is no workaround. It prevents either use or testing of the system.
Severity Level II: This is an issue that affects a central requirement for which there is a workaround, where use or testing of the system can proceed in a degraded mode, or an issue that affects a non-central requirement for which there is no workaround, where the feature cannot be used.
Severity Level III: This is an issue that affects a non-central requirement for which there is a workaround, or a cosmetic issue, i.e. information is correctly shown but the appearance is wrong, such as misspelled words, wrong font, wrong indentation, etc.
XVII. Resulting Contract
Order of Precedence. The order of precedence of any agreement entered under this RFQ shall be as follows:
(1) the Commonwealth’s Terms and Conditions;
(2) the Commonwealth’s Standard Contract Form;
(3) the Commonwealth’s RFR ITS19, ITS48, ITS41DesignatedITD.ITS58 or ITS53, as applicable;
(4) the Bidder’s response thereto;
(5) RFQ ITD- 16-19 Commonwealth of Massachusetts Cloud Email, Communications, Collaboration, and Productivity Suite Services (6) any subscription, license agreement or other agreement negotiated between and executed by the parties; and
(7) the Bidder’s response hereto (including all amendments thereto and responses to requests for clarification or requests for best and final offer).
XVIII. Miscellaneous By submitting a proposal in response to this RFQ, Bidders agree to the following terms:
1. The Commonwealth will not pay for any costs other than those set forth in the Bidder’s response to this RFQ.
2. All bids submitted in response to this RFQ must be valid for a minimum of three hundred sixty (360) calendar days.
3. Extraneous marketing or promotional materials are discouraged and such information will not be factored into the evaluation of Bidders
24
4. At its sole discretion, MassIT will determine whether it requires Bidder oral presentations, and which Bidders it will select for the same. Similarly, MassIT will determine whether it will seek technical corrections, clarifications, and one or more best and final offers.
XIX. RFQ – Other Specifications
A. Bidder CommunicationsBidders are prohibited from communicating directly with any employee of MASSIT regarding this RFQ, except as specified in this RFR, and no other individual Commonwealth employee or representative is authorized to provide any information or respond to any question or inquiry concerning this RFQ. Bidders may contact the contact person for this RFR in the event this RFQ is incomplete or the bidder is having trouble obtaining any required attachments electronically through COMMBUYS.
B. Reasonable Accommodation Bidders with disabilities or hardships that seek reasonable accommodation, which may include the receipt of RFQ information in an alternative format, must communicate such requests in writing to the contact person. Requests for accommodation will be addressed on a case-by-case basis. A bidder requesting accommodation must submit a written statement which describes the bidder’s disability and the requested accommodation to the contact person for the RFQ. MASSIT reserves the right to reject unreasonable requests.
C. CostsCosts which are not specifically identified in the bidder’s response, and accepted by MASSIT as part of a contract, will not be compensated under any contract awarded pursuant to this RFQ. The Commonwealth will not be responsible for any costs or expenses incurred by bidders responding to this RFQ.
D. Acceptance of Response ContentThe entire contents of the Bidder’s response shall be binding on the Bidder. The specifications and contents of a successful bidder’s response may be incorporated into the contract.
E. Public RecordsALL RESPONSES AND RELATED DOCUMENTS SUBMITTED IN RESPONSE TO THIS PROCUREMENT INCLUDING THE WINNING BID BECOME public RECORDS AND ARE SUBJECT TO THE MASSACHUSETTS PUBLIC RECORDS LAW, M.G.L. C. 66, § 10 AND M.G.L. C. 4, § 7, SUBSECTION 26. ANY STATEMENTS IN SUBMITTED RESPONSES THAT ARE INCONSISTENT WITH THESE STATUTES WILL BE DISREGARDED, PROVIDED, HOWEVER, THAT ALL DOCUMENTS RELATING TO SECURITY SOLUTION OR FACILITIES SHALL NOT BE TREATED AS PUBLIC RECORDS.
25
MassIT will not return to Bidder(s) any proposals or materials they submit in response to this RFR.
F. ConfidentialityBidders shall demonstrate that they can comply with all state and federal laws and regulations relating to confidentiality and privacy, and security of personal information, including but not limited to G.L. c. 93H, G.L. c. 66A, and associated regulations.
G. Incorporation of RFQThis RFQ and the selected bidder’s response will be incorporated into any contract awarded as a result of this RFQ to that bidder. The entire contents of the Bidder(s)’s response shall be binding on the Bidder(s).
H. Option to Modify Scope of WorkMassIT reserves the right, at its sole discretion and at any time after release of the RFQ and during the contract term, to modify, increase, reduce or terminate any requirements under the contract, whenever MassIT deems necessary or reasonable to reflect any change in policy or program goals. MassIT additionally reserves the right, at its sole discretion and at any time after release of the RFQ and during the contract term, to amend the contract to implement state or federal statutory or regulatory requirements, judicial orders, settlement agreements, or any state or federal initiatives or changes affecting MassIT agencies. In the event of a change in the scope of work for any contract tasks or portions thereof, MassIT will provide written notice to the contractor and will initiate negotiations with the contractor.
MassIT reserves the right to amend the contract accordingly, including payments under, or maximum obligation of the contract.
I. Authorizations and AppropriationsAny contract awarded under this RFQ is subject to all necessary federal and state approvals, as applicable, including the Office of the Comptroller, and is subject to appropriation of sufficient funding, as determined by MassIT.
J. Electronic Communication/Update of Bidder’s/Contractor’s Contact InformationIt is the responsibility of the prospective bidder and awarded contractor to keep current the email address of the bidder’s contact person and prospective contract manager, if awarded a contract, and to monitor that email inbox for communications from the SST, including requests for clarification. The SST and the Commonwealth assume no responsibility if a prospective bidder’s/awarded contractor’s designated email address is not current, or if technical problems, including those with the prospective Bidder’s/awarded contractor’s computer, network or internet service provider (ISP) cause email communications sent to/from the prospective bidder/awarded contractor and the SST to be lost or rejected by any means including e-mail or spam filtering.
K. Restriction on the Use of the Commonwealth Seal
26
Bidder(s) and the successful Bidder(s)(s) are not allowed to display the Commonwealth of Massachusetts Seal in their bid package or subsequent marketing materials if they are awarded a Contract because use of the coat of arms and the Great Seal of the Commonwealth for advertising or commercial purposes is prohibited by law.
L. Payment ProvisionsAll payments shall be made in accordance with the Commonwealth’s bill paying policy. If the parties negotiate additional responsibilities that call for additional compensation, the scope of the additional responsibilities and compensation will be reflected in an amendment to the SOW and will be shown as a separate line item on the invoice.
• The successful Bidder(s) shall maintain detailed records that substantiate claims for payment.
• The successful Bidder(s) shall submit invoices for payment in sufficient detail to adequately substantiate amounts invoiced, as follows: The attachment shall show the agreed-upon payment amount; Any deductions owed MassIT
M. Contractor and Subcontracting Teaming Partners Policies
Subcontractors may be used to perform work under the Agreement only upon MassIT’s prior written approval. Every contract entered into between the successful Bidder(s) and a subcontractor is subject to MassIT’s prior written approval, and a copy of each such contract must be provided to MassIT upon its request, whether in draft form or as executed, at the time of MassIT’s request.
MassIT requires that:
• Primary Contractors are responsible for the satisfactory performance and adequate oversight of its subcontractors.
• Subcontractors are required to comply with the same federal and state laws and regulations and applicable contract requirements as the successful Bidder(s). MassIT reserves the right to reject any subcontractor that the Bidder(s) may propose.
• The substitution of one subcontractor for another may be made only with prior written approval of MassIT.
Termination of Subcontracts. In the event successful Bidder(s) receives a notice of termination from any key subcontractor under any subcontract, the successful Bidder(s) shall promptly notify MassIT of such notice of termination and, if the parties believe that it is in the best interests of the project for the key subcontractor to continue performance of the subcontract, use commercially reasonable efforts to prevent such termination, although nothing in this Section shall require Bidder(s) to increase the fees to be paid to such key subcontractor in order to prevent such termination.
The successful Bidder(s) shall use commercially reasonable efforts to promptly mitigate any damages and/or additional costs that may be incurred by MassIT as a result of such termination, if it occurs.
27
The termination of any subcontract shall not eliminate or reduce Bidder(s)’s obligations hereunder. In the event any subcontract with a key subcontractor is terminated during the Agreement, the successful Bidder(s) shall promptly notify MassIT of such termination and: (a) promptly locate a suitable replacement for such subcontractor, if necessary; or (b) obtain the rights to any technology, know-how, expertise, labor, personnel or any other rights, in each case as necessary to fulfill the obligations of successful Bidder(s) under this Agreement.
N. HIPAA: Business Associate Contractual Obligations. Bidders are notified that, although the Pilot will not involve such agencies, Phase I, if embarked upon by MassIT, will involve departments meeting the definition of a Covered Entity under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). MassIT has included in this RFQ and the Bidder must agree to language in the resulting contract sufficient language establishing the successful Bidder’s contractual obligations, that MassIT will require in order for MassIT to comply with HIPAA and the privacy and security regulations promulgated thereunder (45 CFR Parts 160, 162, and 164) (the Privacy and Security Rules). Minimum Bid Duration.
Bidders responses/bids made in response to this RFQ must remain in effect for at least one year from the date of bid submission.
XX. Appendix 1 Required Terms
A. Bidder’s Contact InformationIt is the Bidder’s responsibility to keep the Bidder’s Contract Manager Information current. If this information changes, the Bidder must notify the Contract Manager by email immediately, using the address located on the Contract’s “Issuer(s)” tab in the “Contact Information” section.
The Commonwealth assumes no responsibility if a Bidder’s designated email address is not current, or if technical problems, including those with the Bidder’s computer, network or internet service provider (ISP), cause e-mail communications between the Bidder and the SST to be lost or rejected by any means including email or spam filtering.
B. PublicityAny Bidder awarded a contract under this RFQ is prohibited from selling or distributing any information collected or derived from the Contract, including lists of participating Entities, Commonwealth employee names, telephone numbers or addresses, or any other information except as specifically authorized by the SST.
28
XXI. Appendix 2 Required IT Terms Enterprise Policy and Standards
Information Technology. Required for Information Technology contracts. All IT systems and applications developed by, or for Executive department agencies or operating within the Massachusetts Access to Government Network (MAGNet), must conform with the Enterprise Information Technology Policies, Standards and Procedures promulgated by the Commonwealth’s CIO. Non-conforming IT systems cannot be deployed unless the purchasing agency and their contractor have jointly applied for and received in writing from the Commonwealth’s CIO or his designee, notice that a specified deviation will be permitted. The Enterprise Information Technology Policies & Standards, with the exception of the Enterprise Public Access Policy For e-Government Applications and the Enterprise Public Access For e-Government Applications Standards, are available at mass.gov/itd. The Enterprise Public Access Policy For e-Government Applications and the Enterprise Public Access For e-Government Applications Standards are available in hard copy from the purchasing agency. Purchasing agencies may also obtain a current copy of these documents, on behalf of their contractor, by contacting the Information Technology Division's CommonHelp group at [email protected] or 1 (866) 888-2808.
Please Note: Given the pace of information technology innovation, purchasing agencies and their contractors are encouraged to contact the Information Technology Division's CommonHelp group at [email protected] or 1 (866) 888-2808 to signal a system or application design and development initiative. Such advance notice helps to ensure conformance with the relevant Enterprise Technology Policies, Standards and Procedures.
Contractor delivery of IT systems and applications that fail to conform to the Commonwealth’s Enterprise Information Technology Policies, Standards and Procedures, absent the Commonwealth CIO’s grant of written permission for a deviation, shall constitute breach of any contract entered as a result of this Request for Response and any subsequent Request for Quotes. The Commonwealth may choose to require the contractor, at his own cost, to re-engineer the non-conforming system for the purpose of bringing it into compliance with Commonwealth Enterprise Information Technology Policies, Standards and Procedures.
Information Technology - Clarification of Language in Section 11, Indemnification of the Commonwealth Terms and Conditions. Required for the following object codes within the “Expenditure Classification Handbook” as issued by the Office of the Comptroller:
OBJECT CODE TITLEU01 TELECOMMUNICATION SERVICES DATA
U02 TELECOMMUNICATION SERVICES VOICE
U03 SOFTWARE AND INFORMATION TECHNOLOGY (IT) LICENSES
U04 INFORMATION TECHNOLOGY (IT) CHARGEBACK
U05 INFORMATION TECHNOLOGY (IT) TEMPORARY STAFF AUGMENTATION PROFESSIONALS
U06 INFORMATION TECHNOLOGY (IT) CABLING
U07 INFORMATION TECHNOLOGY (IT) EQUIPMENT
U08 INFORMATION TECHNOLOGY (IT) EQUIPMENT TELP LEASE-PURCHASE
29
OBJECT CODE TITLEU09 INFORMATION TECHNOLOGY (IT) EQUIPMENT RENTAL OR
LEASE
U10 INFORMATION TECHNOLOGY (IT) EQUIPMENT MAINTENANCE AND REPAIR
U11 INFORMATION TECHNOLOGY (IT) CONTRACT SERVICES
U75 ADVANCE ADMINISTRATIVE EXPENSES
U98 REIMBURSEMENT FOR TRAVEL EXPENSES FOT IT PROFESSIONALS
30
Pursuant to Section 11. Indemnification of the Commonwealth Terms and Conditions, the term “other damages” shall include, but shall not be limited to, the reasonable costs the Commonwealth incurs to repair, return, replace or seek cover (purchase of comparable substitute commodities and services) under a contract. “Other damages” shall not include damages to the Commonwealth as a result of third party claims, provided, however, that the foregoing in no way limits the Commonwealth’s right of recovery for personal injury or property damages or patent and copyright infringement under Section 11 nor the Commonwealth’s ability to join the contractor as a third party defendant. Further, the term “other damages” shall not include, and in no event shall the contractor be liable for, damages for the Commonwealth’s use of contractor provided products or services, loss of Commonwealth records, or data (or other intangible property), loss of use of equipment, lost revenue, lost savings or lost profits of the Commonwealth. In no event shall “other damages” exceed the greater of $100,000, or two times the value of the product or service (as defined in the contract scope of work) that is the subject of the claim. Section 11 sets forth the contractor’s entire liability under a contract. Nothing in this section shall limit the Commonwealth’s ability to negotiate higher limitations of liability in a particular contract, provided that any such limitation must specifically reference Section 11 of the Commonwealth Terms and Conditions.
XXII. Glossary In addition to the definitions found in 801 CMR 21.00, which apply to all procurements for goods and services, the definitions found below apply to this RFQ.
Apparent Winning Bidder(s) – Refers to the Bidder initially selected by the SST. An apparent winning bidder is not confirmed until an agreement has been fully executed by all parties.
Bid or Response - generally refers to the offer submitted in response to a Solicitation or Request for Quote (RFQ).
Bidder - An individual or organization proposing to enter into a Contract to provide a Commodity or Service, or both, to or for a Department or the State.
Canceled Contract or Project – A contract that is terminated or amended to less than the original term or scope, or a project that is canceled
Contract – The agreement resulting from this RFQ, which will be comprised of the following documents in the following order of precedence: (1) the Commonwealth Standard Terms and Conditions; (2) the Commonwealth’s Standard Form Contract; (3) Requests for Response ITD19, ITS41, ITS48DesignatedITD and ITS58 (“RFRs”) ; (4) [Vendor Abbreviation]’s response thereto; (5) the Request for Quotes RFQ 16-19 (“RFQ”); (6) this SOW and any other documents negotiated between the parties under the RFQ; and (7) [Vendor Abbreviation]’s response to the RFQ.
31
Customer – refers to an “Eligible Entity” within the Commonwealth of Massachusetts, including Commonwealth of Massachusetts’ agencies, authorities, boards, commissions, departments, divisions, municipalities and public sector educational institutions, and to other states. In the initial phases described herein (the Pilot and the potential Phase i), includes MassIT and the Executive Department of the Commonwealth.
Customer Data – refers to any and all data provided by Customer and any data derived therefrom, including metadata.
Hardened – refers to an established data center, facility or portion of a facility with industry-standard protections for data, equipment and software. Protection is provided in layers and is referred to as defense in depth. Protecting in layers means to protect at the host level, the application level, the operating system level, the user level, the physical level and all the sublevels in between. Each level requires a unique method of security.
Evaluation – The process, conducted by the Procurement Management Team, of reviewing, scoring and ranking the submitted bids/Responses related to this RFQ.
Mandatory – requirements are threshold requirements.
o These requirements must be met, although they may be met through proposed customizations (e.g., configuration, tool integration, custom coding – but not a core change (i.e., where code would be maintained either as an integrated part of the core software application or as a known branch to the core application code) to the underlying software product).
o Preference will be given to those Responses for which the highest number and/or most fundamental Mandatory Requirements can be met through configuration.
o If the Response contains a Mandatory requirement that is not met or is met through a core change, the Response may be eliminated from further evaluation and consideration.
Personal data – refers to data in specific categories and formats as defined in Mass. Gen. Laws c. 66A.
Pilot – An initial, limited installation or implementation of a proposed solution to a requirement. In the case of this RFQ 16-19, A pilot is limited in scope and time to an agreed-upon amount and number.
Pilot Cap – refers to the maximum amount, including Change Orders, expended by the end user, MassIT for the Commonwealth, on the pilot phase, including all services agreed to in any executed contract.
Service – refers to cloud-based offerings by a vendor or third-party sub-contractor.
Service Provider – the primary vendor or third-party sub-contractor providing contracted services to the Commonwealth.
SST – See Procurement Management Team
32
Strategic Sourcing Team (SST) - Representatives from various eligible entities and interested stakeholders that design procurements, develop specifications, conduct Solicitations evaluate Bids and award Statewide or Department Contracts. The SST also monitors Contractor performance through performance measures and the level of customer satisfaction throughout the life of the Contract.
Response – The Bidder’s complete submission in response to a Solicitation, in other words, a “Bid” or “Proposal.”
SaaS (“Software-as-a-Service”) – means the capability provided to the consumer to use the provider’s applications running on a cloud infrastructure. In a SaaS solution, applications are accessible from client devices (potentially including all of desktops, laptops, tablets and smart phones) through a thin-client interface such as a Web browser (e.g., Web-based email) or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
Solution – refers to the totality of the SaaS solution described herein, including email, conferencing, instance messaging, desktop collaboration services and an office productivity suite (word processing, spreadsheets, presentations, calendars, to do list, etc.)
Scattered Files – scattered .pst (and similar) file based email archive stores located throughout the agencies and secretariats of the Commonwealth.
.
33
Attachments
The following attachments are hereby incorporated as if fully set forth herein.
A. Attachment A – SaaS Terms
B. Attachment B – Accessibility Obligations
C. Attachment C – Business Reference
D. Attachment D – ITS58 Reseller Certification Letter
34
ATTACHMENT A
SAAS TERMS The following legal terms apply to subscriptions to cloud offerings (each referred to as the “Service”) by an eligible entity (“Customer”) within the Commonwealth of Massachusetts (“Commonwealth”). These terms shall supplement any terms provided by the service provider (“Service Provider”). Changes to the terms below that adversely affect the Commonwealth must be approved by legal counsel at the Massachusetts Office of Information Technology; however, terms may be removed without approval if Service Provider’s terms contain similar provisions that are no less protective of the Commonwealth than the provisions contained herein. These terms must be attached to and made part of the executed contract.
DEFINITIONS
Cloud offerings include the following:
“Infrastructure-as-a-Service” (IaaS) means the capability provided to the consumer is to provision processing, storage, networks and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed application; and possibly limited control of select networking components (e.g., host firewalls).
“Platform-as-a-Service” (PaaS) means the capability provided to the consumer to deploy onto the cloud infrastructure consumer-created or -acquired applications created using programming languages and tools supported by the provider. This capability does not necessarily preclude the use of compatible programming languages, libraries, services and tools from other sources. The consumer does not manage or control the underlying cloud infrastructure, including network, servers, operating systems or storage, but has control over the deployed applications and possibly application hosting environment configurations.
“Software-as-a-Service” (SaaS) means the capability provided to the consumer to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin-client interface such as a Web browser (e.g., Web-based email) or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
SUBSCRIPTION TERMS 1. Service Provider grants to Customer a license or right to (i) access and use the Service, (ii) for SaaS, use underlying software as embodied or used in the service, and (iii) view, copy, download (if applicable), and use documentation.
1
2. No terms, including a standard click-through license or website terms of use or privacy policy, shall apply to Customer unless Customer has expressly agreed to such terms by including them in a signed agreement.
SUPPORT AND TRAINING1. Service Provider must provide technical support via online helpdesk and toll-free phone number, at minimum during Business Hours (Monday through Friday from 8:00 a.m. to 6:00 p.m. Eastern Time), and 24x7x365 if required by Customer and requested prior to contract execution.
2. Service Provider must make training available online to users. Training must be accessible, per the Commonwealth Web Accessibility Standards.
3. All support and training shall be provided at no additional cost to Customer, except for customized support and training expressly requested by Customer.
SERVICE LEVELSService Provider must provide a Service Level Agreement (SLA) that contains, at minimum, the following terms:
Uptime; scheduled maintenance
1. SLA must include (1) specified guaranteed annual or monthly uptime percentage, at minimum 99.99%; and (2) definition of uptime and how it is calculated.
2. For purposes of calculating uptime percentage, scheduled maintenance may be excluded up to ten (10) hours per month, but unscheduled maintenance and any scheduled maintenance in excess of ten (10) hours must be included as downtime
3. Scheduled maintenance must occur: with at least two (2) business days’ advance notice; at agreed-upon times when a minimum number of users will be using the system; and in no event during Business Hours.
Defects; other SLA metrics
4. SLA must include: (1) response and resolution times for defects; (2) at least three levels of defect classifications (severe, medium, low); and (3) any other applicable performance metrics (e.g., latency, transaction time) based on industry standards.
5. While the Service Provider may initially classify defects, Customer determines final classification of defects.
Remedies
6. SLA must include remedies for failure to meet guaranteed uptime percentage, response and resolution times, and other metrics, which may include fee reductions, credits, and extensions in service period at no cost. Such remedies shall be issued by Service Provider with no action required from Customer.
2
7. Repeated or consistent failures to meet SLA metrics result in (1) a refund of all fees paid by Customer for the period in which the failure occurred; (2) participation by Service Provider in a root cause analysis and corrective action plan at Customer’s request; and (3) a right for Customer to terminate without penalty and without waiver of any rights upon written notice to Service Provider.
Reports
8. Service Provider will provide Customer with a written report (which may be electronic) of performance metrics, including uptime percentage and record of service support requests, classifications, and response and resolution times, at least quarterly or as requested by Customer. Customer may independently audit the report at Customer’s expense.
9. Representatives of Service Provider and Customer shall meet as often as may be reasonably requested by either party to review the performance of the Service and to discuss technical plans, financial matters, system performance, service levels, and any other matters related to this Agreement.
10. Service Provider will provide to Customer regular status reports during unscheduled downtime, at least twice per day or upon request.
11. Service Provider will provide Customer with root cause analysis within thirty (30) days of unscheduled downtime at no additional cost.
Changes to SLA
12. Service Provider may not change the SLA in any manner that adversely affects Customer or degrades the service levels applicable to Customer, without Customer’s written approval.
UPDATES AND UPGRADES1. Service Provider will make updates and upgrades available to Customer at no additional cost when Service Provider makes such updates and upgrades generally available to its users.
2. No update, upgrade or other change to the Service may decrease the Service’s functionality, adversely affect Customer’s use of or access to the Service, or increase the cost of the Service to Customer.
3. Service Provider will notify Customer at least sixty (60) days in advance prior to any major update or upgrade.
4. Service Provider will notify Customer at least five (5) business days in advance prior to any minor update or upgrade, including hotfixes and installation of service packs, except in the case of an emergency such as a security breach.
CUSTOMER DATA1. Customer retains full right and title to data provided by Customer and any data derived therefrom, including metadata (collectively, the “Customer Data”).
3
2. Service Provider shall not collect, access, or use user-specific Customer Data except as strictly necessary to provide Service to Customer. No information regarding Customer’s use of the Service may be disclosed, provided, rented or sold to any third party for any reason unless required by law or regulation or by an order of a court of competent jurisdiction. This obligation shall extend beyond the term of the Agreement in perpetuity.
3. Service Provider shall not use any information collected in connection with the Agreement, including the Customer Data, for any purpose other than fulfilling its obligations under the Agreement.
4. At no time may any data or processes which either belong to Customer, or are intended for Customer’s exclusive use, be copied, disclosed, or retained by Service Provider for subsequent use in any transaction that does not include Customer.
5. Customer Data must remain at all times within the continental United States. Service Provider must disclose to Customer the identity of any third-party host of Customer Data prior to the signing of this Agreement.
6. Customer may export the Customer Data at any time during the term of the Agreement or for up to three (3) months after the term (so long as the Customer Data remains in the Service Provider’s possession) in an agreed-upon file format and medium.
7. Three (3) months after the termination or expiration of the Agreement or upon Customer’s earlier written request, and in any event after Customer has had an opportunity to export and recover the Customer Data, Service Provider shall at its own expense destroy and erase from all systems it directly or indirectly uses or controls all tangible or intangible forms of the Customer Data and Customer’s Confidential Information, in whole or in part, and all copies thereof except such records as are required by law. To the extent that any applicable law prevents Service Provider from destroying or erasing Customer Data as described in the preceding sentence, Service Provider shall retain, in its then current state, all such Customer Data then within its right of control or possession in accordance with the confidentiality, security and other requirements of this Agreement, and perform its obligations under this section as soon as such law no longer prevents it from doing so. Service Provider shall, upon request, send a written certification to Customer certifying that it has destroyed the Customer Data and Confidential Information in compliance with this section.
DATA PRIVACY AND SECURITY1. Service Provider must comply with all applicable laws related to data privacy and security.
2. Service Provider shall not access Customer user accounts, or Customer Data, except in the course of data center operations, response to service or technical issues, as required by the express terms of this Agreement, or at Customer’s written request.
3. Service Provider may not share Customer Data with its parent company, other affiliate, or any other third party without Customer’s express written consent.
4. Prior to contract execution, Service Provider and Customer must cooperate and hold a meeting to determine whether:
a. “Personal data,” as defined in Mass. Gen. Laws c. 66A, will be stored or used in the Service. If so, then Service Provider is a “holder” of “personal data”, as such terms are defined in M.G.L. c. 66A, solely to the extent that the obligations of a holder are applicable to Service Provider’s delivery of services under the Agreement. The Customer remains responsible for all other obligations of a holder set forth in M.G.L. c. 66A.
4
b. Any sensitive or personal information will be stored or used in the Service that is subject to any law, rule or regulation providing for specific compliance obligations (e.g., M.G.L. c. 93H and 201 CMR 17.00, HIPAA, FERPA, IRS Pub. 1075). If so, then Service Provider must document in the Agreement how the Service complies with such law.
If either of the above is true, then Service Provider and Customer must review the Service specifications to determine whether the Service is appropriate for the level of sensitivity of the data to be stored or used in the Service, and how Customer and Service Provider will comply with applicable laws. Service Provider and Customer must document the results of this discussion and attach the document to the Agreement.5. Service Provider shall provide a secure environment for Customer Data, and any hardware and software, including servers, network and data components provided by Service Provider as part of its performance under this Agreement, in order to protect, and prevent unauthorized access to and use or modification of, the Service and Customer Data.
6. Service Provider will encrypt personal and non-public Customer Data in transit and at rest.
7. Customer Data must be partitioned from other data in such a manner that access to it will not be impacted or forfeited due to e-discovery, search and seizure or other actions by third parties obtaining or attempting to obtain Service Provider’s records, information or data for reasons or activities that are not directly related to Customer’s business.
8. In the event of any breach of the Service’s security that adversely affects Customer Data or Service Provider’s obligations with respect thereto, or any evidence that leads Service Provider to reasonably believe that such a breach is imminent, Service Provider shall immediately (and in no event more than twenty-four hours after discovering such breach) notify Customer. Service Provider shall identify the affected Customer Data and inform Customer of the actions it is taking or will take to reduce the risk of further loss to Customer. Service Provider shall provide Customer the opportunity to participate in the investigation of the breach and to exercise control over reporting the unauthorized disclosure, to the extent permitted by law.
9. In the event that personally identifiable information is compromised, Service Provider shall be responsible for providing breach notification to data owners in coordination with Customer and the Commonwealth as required by M.G.L. ch. 93H or other applicable law or Commonwealth policy.
10. Service Provider shall indemnify, defend, and hold Customer harmless from and against any and all fines, criminal or civil penalties, judgments, damages and assessments, including reasonable expenses suffered by, accrued against, charged to or recoverable from the Commonwealth, on account of the failure of Service Provider to perform its obligations pursuant to this Section.
WARRANTYAt minimum, Service Provider must warrant that:
1. Service Provider has acquired any and all rights, grants, assignments, conveyances, licenses, permissions and authorizations necessary for Service Provider to provide the Service to Customer;
2. The Service will perform materially as described in the Agreement;
5
3. Service Provider will provide to Customer commercially reasonable continuous and uninterrupted access to the Service, and will not interfere with Customer’s access to and use of the Service during the term of the Agreement;
4. The Service is compatible with and will operate successfully with any environment (including web browser and operating system) specified by Service Provider in its documentation;
5. The Service will be performed in accordance with industry standards, provided however that if a conflicting specific standard is provided in this Agreement or the documentation provided by Service Provider, such specific standard will prevail;
6. Service Provider will maintain adequate and qualified staff and subcontractors to perform its obligations under this Agreement; and
7. Service Provider and its employees, subcontractors, partners and third party providers have taken all necessary and reasonable measures to ensure that all software provided under this Agreement shall be free of Trojan horses, back doors, known security vulnerabilities, malicious code, degradation, or breach of privacy or security.
ACCESSIBILITYFor SaaS and PaaS, Service Provider must comply with the Commonwealth’s established standards for accessibility as described in a separate attachment. If such attachment is not provided, the Service Provider must request the accessibility terms from Customer. The accessibility terms provide, among other things, that Service Provider must (1) give Customer a VPAT or other results of accessibility testing prior to contract execution; (2) provide Customer with access to the Service so that Customer can conduct accessibility testing, and cooperate with Customer or third party accessibility testing of the Service; and (3) make available, both prior to and during the course of the engagement, Service Provider personnel to discuss accessibility and compliance with the Commonwealth’s accessibility standards.
SUBCONTRACTORS1. Before and during the term of this Agreement, Service Provider must notify Customer prior to any subcontractor providing any services, directly or indirectly, to Customer under this Agreement that materially affect the Service being provided to Customer, including: hosting; data storage; security and data integrity; payment; and disaster recovery. Customer must approve all such subcontractors identified after the effective date of the Agreement.
2. Service Provider is responsible for its subcontractors’ compliance with the Agreement, and shall be fully liable for the actions and omissions of subcontractors as if such actions or omissions were performed by Service Provider.
DISASTER RECOVERY 1. Service Provider agrees to maintain and follow a disaster recovery plan designed to maintain Customer access to the Service, and to prevent the unintended destruction or loss of Customer Data. The disaster recovery plan shall provide for and be followed by Service Provider such that in no event shall the Service be unavailable to Customer for a period in excess of twenty-four (24) hours.
6
2. If Customer designates the Service as mission-critical, as determined by Customer in its sole discretion: (1) Service Provider shall review and test the disaster recovery plan regularly, at minimum twice annually; (2) Service Provider shall back up Customer Data no less than twice daily in an off-site “hardened” facility located within the continental United States; and (3) in the event of Service failure, Service Provider shall be able to restore the Service, including Customer Data, with loss of no more than twelve (12) hours of Customer Data and transactions prior to failure.
RECORDS AND AUDIT1. Records. Service Provider shall maintain accurate, reasonably detailed records pertaining to:
(i) The substantiation of claims for payment under this Agreement, and
(ii) Service Levels, including service availability and downtime.
2. Records Retention. Service Provider shall keep such records for a minimum retention period of seven (7) years from the date of creation, and will preserve all such records for five (5) years after termination of this Agreement. No applicable records may be discarded or destroyed during the course of any litigation, claim, negotiation, audit or other inquiry involving this Agreement.
3. Audit of Records. Customer or its designated agent shall have the right, upon reasonable notice to Service Provider, to audit, review and copy, or contract with a third party to audit, any and all records collected by Service Provider pursuant to item (1) above, as well as any other Service Provider records that may reasonably relate to Customer’s use of the Service, no more than twice per calendar year. Such records will be made available to Customer at no cost in a format that can be downloaded or otherwise duplicated.
TRANSITION ASSISTANCE1. Service Provider shall reasonably cooperate with other parties in connection with all services to be delivered under this Agreement, including without limitation any successor provider to whom Customer Data is to be transferred in connection with termination. Service Provide shall assist Customer in exporting and extracting the Customer Data, in a format usable without the use of the Service and as agreed to by Customer, at no additional cost. Any transition services requested by Customer involving additional knowledge transfer and support may be subject to a separate transition SOW on a time and materials basis either for a fixed fee or at rates to be mutually agreed upon by the parties.
2. If Customer determines in its sole discretion that a documented transition plan is necessary, then no later than sixty (60) days prior to termination, Service Provider and Customer shall jointly create a written Transition Plan Document identifying transition services to be provided and including an SOW if applicable. Both parties shall comply with the Transition Plan Document both prior to and after termination as needed.
7
8
ATTACHMENT BACCESSIBILITY OBLIGATIONS FOR RFQ BIDDERS
The successful Bidder (referred to herein as the “Vendor”) must comply with the Commonwealth’s established standards for accessibility as described herein.
Overview
The Commonwealth is legally obligated under multiple federal laws, its own Constitution, state statute and Governor-issued Executive Orders to ensure non-discrimination and equal access to state services on the part of persons with a disability and reasonable accommodations to state employees with a disability. To effectively meet its responsibilities, the Commonwealth must achieve accessibility in the acquisition, deployment and utilization of information technology. The Commonwealth defines accessibility to include compliance with its Enterprise Accessibility Standards and Web Accessibility Standards. These standards encompass the principles of Section 508 of the Federal Rehabilitation Act, the World Wide Web Consortium’s Web Content Authoring Guidelines, version 2, level AA (WCAG2 Standards), and the concept of usability for individuals with disabilities.
Bidders should thoroughly review the detailed accessibility obligations below. As a brief summary, Bidders and the Vendor must:
Prior to contract execution
Provide a VPAT or accessibility testing results for any pre-existing software, including Third Party Software, that Vendor is delivering to the Commonwealth
If Vendor is delivering a SaaS offering, provide access to the offering for accessibility testingCooperate with the Commonwealth on addressing accessibility issues and entering into a
mitigation letter if necessaryAfter contract execution
Build accessibility into every phase of the project Collaborate with the Commonwealth and the AAC on accessibility issues Test for accessibility before delivery and include testing results with all deliveries Cooperate with the Commonwealth’s accessibility testing after delivery Work to resolve any issues identified in testing and in the mitigation letter
Definitions
“Accessibility Audit Testing” is accessibility testing conducted on the Commonwealth’s behalf by a third party testing vendor engaged and paid for by the Commonwealth (an “Accessibility Testing Vendor”), as opposed to accessibility testing conducted by Vendor.
The “AT/IT List” is the Assistive Technology (“AT”)/Information Technology (“IT”) Environment List, which may be attached to the Solicitation or available at www.mass.gov/accessibility/.
1
“End User Deliverables” are any software, documentation, and other interfaces or materials, and any configuration, implementation, or customization thereof, used by end users (which may include internal end users, such as Commonwealth employees and contractors, and external end users, such as Commonwealth residents) and delivered by Vendor under the Solicitation. End User Deliverables include, without limitation: any configuration, implementation, or customization of Third Party Software or vendor software; and any updates, new releases, versions, upgrades, improvements, bug fixes, patches or other modifications to software.
“Enterprise Accessibility Standards” are the Enterprise Information Technology Accessibility Standards and the MassIT Web Accessibility Standards Version 2, available at www.mass.gov/accessibility/.
“Solicitation” refers to a Request for Response (RFR), Request for Quotes (RFQ), or other request for services to which these terms apply.
The term “software,” as used in these accessibility requirements, includes without limitation commercial off-the-shelf software (“COTS”) and software as a service or other cloud-based software (“SaaS”).
“Third Party Software” is software not published by Vendor.
A “VPAT” is a Voluntary Product Accessibility Template based on the standardized form developed by the Information Technology Industry Council. A VPAT shows how a software product meets key regulations of Section 508 of the Rehabilitation Act, which requires all agencies and departments of the U.S. federal government to make electronic information and technology accessible to federal employees and members of the public with disabilities.
2
ATTACHMENT CBusiness Reference Form
Bidder NameRFQ/RFRNumber:
RFQ/RFRName:
Number of References Required for this RFQ
Reference Company:
Reference Name:
Address: Street(City, ST, Zip):
Phone(s):
eMail:Services/Products Provided:
Reference Company:
Reference Name:
Address: Street
(City, ST, Zip):
Phone(s):
eMail:
Description of Services/Products Provided:
Reference Company:
Reference Name:
Address: Street
(City, ST, Zip):
Phone(s):
eMail:
Description of Services/Products Provided:
3
References will be contacted to confirm the bidder’s abilities and qualifications as stated in the bidder’s response. The department may deem the bidder’s response unresponsive if a reference is not obtainable from a listed reference after reasonable attempts.
4
ATTACHMENT D ITS58 Reseller Certification Letter
(To be signed by reseller and submitted on ITS58 vendor letterhead with bid, only if bidder is a software publisher contracting with a reseller under ITS58)
[Official Company Letterhead]
[Date]
[Issuer Name]
[Issuer Address]
Dear Mr./Ms. [Issuer Last Name]:
This letter affirms that our company has formally engaged with [Software Publisher Company Name] under the terms and conditions of Statewide Contract ITS58 Software Resellers for the purpose of responding to [RFQ Number and Title].
Our company has provided [Software Publisher Company Name] a pricing quote for [Product Name] in conformance with the terms and conditions of ITS48 for submission as part of their response to this RFQ. Our company hereby affirms its willingness to sign a three way agreement consistent with the requirements of ITS58 in conjunction with providing the software and services as proposed in [Software Publisher Company Name]’s bid.
Thank you,
Name
Title
Authorized ITS58 Software Reseller Company Name
Exhibits included in the “Exhibits” zip file on CommBuys
The following exhibits, available on CommBUYS on the same page on which this RFQ is posted, are hereby incorporated as if fully set forth herein:
Exhibit DescriptionExhibit A Commonwealth Statement of Work
Exhibit B Confidentiality Agreement
Exhibit C Accessibility Obligations
Exhibit D Current Environment
Exhibit E Current Email System Environment
Exhibit F Business Response Template
Exhibit G Cost Response Template
Exhibit I-1 Mandatory Legal Security Requirements
Exhibit I-2 Information on FedRAMP Security Requirements
Exhibit I-3 FedRAMP-Security-Controls-Preface-FINAL-1
Exhibit J Mandatory Legal Privacy Requirements
Exhibit K Mandatory Additional Legal Requirements
6
