Hawaii Department of Attorney General Child Support

---

Hawaii Department of Attorney General Child Support Enforcement Agency Procurement Requirements for Completing Information Security & Privacy Policies and Procedures Procurement Objective The agency is looking for a vendor to complete a set of policies and procedures on information security and privacy based on the current system infrastructure, which shall help the agency to meet requirements prescribed by the Internal Revenue Services (IRS) and the federal Office of Child Support Enforcement (OCSE), an office of the Administration for Children & Families. Vendor Qualifications The interested vendor shall meet the following minimum credentials for this solicitation 1) Have at least three years of experience in writing policies & procedures; 2) Have knowledge and experience in information technology security and privacy issues; 3) Have some experience in project management; and 4) Provide three trade references Agency’s Responsibilities The agency has some information security and privacy policies in draft form. The documents will be furnished to the vendor at the inception of the project. The vendor is not required to stay at the agency’s premise for the project; however, the agency will provide a workstation when the vendor is on site. Scope of Work For child support enforcement purposes, the agency does data exchange with the IRS and the OCSE; therefore, the agency must abide by these agencies’ information security and privacy rules. Those rules are documented in the IRS Publication 1075, National Institute of Standards & Technology (NIST) Special Publication 800, and the federal child support enforcement system certification requirements under the federal Personal Responsibility & Work Opportunity Reconciliation Act (PRWORA). The agency is subject to their audit periodically. One finding in the latest IRS audit is that the agency lacks of a complete set of policies and procedures on information security and privacy. The vendor selected for the project shall accomplish the following:  Obtain an overall understanding of the agency’s system infrastructure and aforementioned requirements;  Provide a project plan that has milestones to clearly identify the progress and conduct a biweekly status meeting with the agency’s project manager;  Be familiar with the standards and policies of State of Hawaii, Office of Information Management & Technology (OIMT) and inter-departmental relationship between OIMT and the agency. OIMT provides the management oversight over the State’s information technology and system infrastructure;

 Create or update Service Level Agreements and Memorandum of Understanding between the agency and other state departments such as OIMT and its subordinate agency, Information & Communication Service Division; and  Complete a set of the policies and procedures including updating the agency’s existing system certification document by the end of the project. Invoice Procedures The vendor shall follow the steps listed below when invoicing the agency:  Submit an invoice along with the project status report on a monthly basis to the agency’s project manager for review and approval;  Ensure to have a tax clearance, labor certificate, and a Certificate of Good Standing pursuant to Hawaii Revised Statutes (HRS) §103D-310(c) and Hawaii Administrative Rules (HAR) §3122-112 at the time of submitting the invoice (otherwise, the invoice cannot be processed); and  Keep track of the cumulative total of monthly charges to the project and be aware that it must not exceed the bid price. Bid Submittal Requirement Interested vendors shall submit a document indicating the projected duration, the overall approach of the project, and the bid price.