Identity Management System (IDMS)


[PDF]Identity Management System (IDMS) - Rackcdn.com000417b6df56f4ae5bbf-f6bd2cfeac0f4625637eac684e9e6a05.r25.cf1.rackcdn.com/...

7 downloads 238 Views 329KB Size

P.O. Box 3529 Portland, Oregon 97208

REQUEST FOR PROPOSALS for

Identity Management System (IDMS)

SOLICITATION NUMBER 2013-2168 October 14, 2013

PROPOSALS DUE:

NOT LATER THAN 11:00 AM, November 12, 2013 LATE PROPOSALS MAY NOT BE ACCEPTED

NOTE: A pre-proposal teleconference will be held on Tuesday, October 29th, from 1:00PM – 2:00 PM PDT. USA Toll-Free: (888) 622-5357, Participant Code: 308016. Participation is optional. This teleconference is intended to clarify the information provided in this RFP and to provide an opportunity for interested parties to ask questions regarding the Port’s requirements and process.

TABLE OF CONTENTS 1.

OVERVIEW .................................................................................................................................... 1 1.1 Introduction......................................................................................................................... 1 1.2 Background ......................................................................................................................... 1 1.3 Statement of Work .............................................................................................................. 1 1.4 Minimum Requirements ..................................................................................................... 3 1.5 Airport Security and Badging Requirements. ..................................................................... 3 1.6 Security Requirements. ....................................................................................................... 4

2.

PROPOSAL PROCESS ................................................................................................................... 5 2.1 General ................................................................................................................................ 5 2.2 Pre-Proposal Interpretation of Contract Documents ........................................................... 5 2.3 Intergovernmental Cooperative Purchasing ........................................................................ 5 2.4 Public Disclosure of Proposals ........................................................................................... 5 2.5 Submission of Proposals ..................................................................................................... 6 2.6 RFP Schedule...................................................................................................................... 6 2.7 Protests ................................................................................................................................ 7

3.

PROPOSAL CONTENT AND EVALUATION CRITERIA ......................................................... 8 3.1 Preparation .......................................................................................................................... 8 3.2 Format ................................................................................................................................. 8

4.

EVALUATION PROCEDURES................................................................................................... 11 4.1 Competitive Range. .......................................................................................................... 11 4.2 Evaluation Team Members. .............................................................................................. 11 4.3 Interviews/Demonstrations. .............................................................................................. 11

Exhibit A Exhibit B Exhibit C Exhibit D Exhibit E

Proposal Form System Requirements Checklist Technology Environment Fee Schedule Sample Contract

Solicitation No. 2013-2168

Page i

1. 1.1

OVERVIEW Introduction

The Port of Portland (Port) is soliciting proposals from experienced firms and individuals capable of providing and implementing an Identity Management System (IDMS) for use at Portland International Airport (PDX) and possibly other Port facilities. The system will be capable of managing employee and contractor identification; access to secure areas; and must integrate with multiple disparate Commercial off the Shelf (COTS) access control systems. Any proposals that are submitted and not properly marked as Sensitive Security Information (SSI) will be rejected. 1.2

Background

The Port is in the design phase of a Physical Access Control System (PACS) replacement project at PDX. The Port will be replacing the existing PACS, adding biometric access control devices and an Identity Management System (IDMS). The first phase of this project is the procurement and installation of an IDMS so that airport employee badging can be accomplished in advance of the PACS implementation. Last year PDX served over 14 million passengers through 18 passenger air carriers. The terminal houses approximately 30 concessions and other tenants, as well as hosting numerous vendors and contractors. The employee population holding Airport ID Badges is approximately 8,500. PDX is migrating towards biometric access verification, and biometric credential reference enrollment. The Port currently is using a Port-developed badging system, which integrates with multiple disparate systems. The new system is intended to be a vendor supplied and supported product that is configurable to meet the operational needs at PDX and potentially other Port locations. 1.3

Statement of Work 1.3.1

General. The successful proposer (Consultant) shall provide and implement an IDMS that will provide enrollment for new and renewal badging credentials with scalability to increase enrollments and system integration as necessary. The proposed IDMS must be complaint with the current Transportation Security Administration (TSA) regulations and Security Directives, which includes integration with a Designated Aviation Channeler (DAC). The specified product shall provide a web-based, self-service portal to allow approved tenants to pre-enroll employees and assign access privileges. The IDMS must be capable of integrating with the DAC (AAAE-TSC) utilizing Advanced Integration Services for processing of STA’s and CHRC’s, the Computer Based Training System (currently AAAE-IET), the Port’s custom Key Management System, JDEdwards for invoicing, and the AMAG Symmetry v6 (legacy PACS). Additionally, the IDMS must integrate with the new PACS (system TBD), a number of peripheral devices and the CBP e-Badge program when it is available. All integration requirements are identified in Exhibit B - Requirements Checklist.

1.3.2

Project Management. Consultant shall provide the necessary management, coordination and monitoring of all work activities throughout the term of the contract. Consultant shall provide, for approval by the Port Project Manager, a Project Management Plan that includes staffing, roles, responsibilities and skill sets for Consultant personnel assigned to the project as well as for those resources that will need to be provided by Port. Consultant shall designate a Project Manager who will be assigned for the duration of the project as the single point of contact for the Port’s PM. Consultant’s PM shall be responsible for managing and coordinating all aspects of the work including project management, administration, coordination, status meetings, other necessary meetings and meeting summaries, invoicing, project reporting and subcontractor management. The Port shall approve the initial appointment and any replacement of the Consultant’s PM during

Solicitation No. 2013-2168

Page 1

the project term. The Port shall have the right to require replacement of the Consultant’s PM at any time during the project On an ongoing basis, the Consultant’s PM shall prepare project status meeting agendas, conduct project status meetings, and provide written status reports to the Port Project Team members no less than bi-weekly throughout the duration of the project and more frequently if deemed necessary by the Port. At a minimum, the status reports shall include: a. b. c. d. e. f. g. h. i. 1.3.3

Tasks accomplished and milestones achieved since last meeting; Identification of issues impacting the project; Updates to project schedule and completion dates; Summary of next steps and upcoming milestones; Status of any contract change requests; Deliverables; Draft and final Project Management Plan; Bi-weekly (or more frequent) Project Status Agendas, Meetings and Reports; Additional meetings, meeting summaries, and project correspondence as required.

Security. Consultant shall ensure that ALL its employees who will have ANY kind of electronic or other sensitive access to system information, both onsite and/or remotely, shall retain a PDX Airport ID Badge during installation, warranty and ongoing maintenance phases. Individuals will be required to visit the PDX Security Badging Office (SBO) for fingerprinting and a second time for training and badging once a background check is cleared. Badge renewal also requires a visit to the PDX SBO. See also sections 1.5 and 1.6 below. Consultant shall be required to use a 2-Factor Authentication for any remote access necessary in the course of installation, warranty and ongoing maintenance phases. Remote access and 2-Factor Authentication required by the Port shall be provided and enforced by the Port. The Port will be responsible for security controls during the development, testing, quality assurance and implementation phases until the information system is accepted by, and turned over to the Port. Security controls must be consistent with industry best practices, including, but not limited to, the following: a) Ensure the latest operating system patches have been tested and applied to all components in a testing environment prior to live rollout; b) Ensure the latest security-related patches have been tested and applied to all components in a testing environment prior to live rollout; c) Run only services required to meet desired functionality (disable unused services); d) Enable only required protocols identify TCP/UDP ports required and disable access to TCP/UDP ports when or where applicable; e) Log unauthorized or invalid attempts to access privilege services or functions; f) Log all security related events and anomalies; g) Establish authentication requirements for access to sensitive data and privileged functions.

Solicitation No. 2013-2168

Page 2

1.3.4

Sensitive Security Information. It is anticipated that the detailed information in the proposers’ responses will include SSI due to the required interfaces with TSA Security Directives. All documents submitted that fall under 49 CFR, Part 1520, Sensitive Security Information criteria must be correctly marked.

1.3.5

Schedule. The Port’s desired implementation timeline is to begin work by March 6, 2014 following contract execution, and targeting initial system implementation by November 30, 2014 with final acceptance with the exiting AMAG PACS achieved by December 31, 2014. The Port will identify the selected new PACS by early 2015 and final acceptance testing will take place in September 2015. Consultant must be able to complete the new PACS interface and support final implementation to be completed no later than September 22, 2015.

1.3.6

System Acceptance. After the system is installed, tested, and operating normally for one month, Consultant shall complete a 30-day system acceptance test (SAT) on the entire system. The SAT shall demonstrate that the installed system is fully functional, properly installed, and stable. Consultant shall request approval to initiate the SAT. If the Port concurs that the system is fully installed and ready for testing, the SAT shall be started. Consultant shall maintain a log during the SAT inclusive of all events and issues. Major component failures during the SAT, such as system failures or unscheduled downtime, requiring replacement, major reprogramming and software re-installation, etc. shall restart the SAT. All software components shall be operational without downtime or programming problems for a complete monthly reporting cycle. Minor issues such as individual application bugs or minor reporting issues shall extend the SAT one day (minimum) for each occurrence, or the duration to repair the failure (whichever is longer). All events and follow-up shall be logged. If the system event was a result of user activities, the SAT shall be paused until these items have been addressed. After the correction has been tested, the SAT shall resume where the test was paused. At the conclusion of the SAT, a Port representative will sign-off on the results to constitute final acceptance.

1.4

1.5

Minimum Requirements 1.4.1

Proposer’s IDMS must be capable of integrating with multiple COTS Access Control Systems;

1.4.2

Proposer, at a minimum, must have at least two years of Identity Management System experience at a medium or large hub airport;

1.4.3

Proposer must be capable of integrating with the current Port DAC (AAAE-TSC) utilizing Advanced Integration Services for processing of STA’s and CHRC’s;

1.4.4

The solution must be able to integrate into the Port’s technology environment described in Exhibit C – Technology Environment.

Airport Security and Badging Requirements.

The successful proposer will be required to comply with all rules and regulations governing airport security, including but not limited to the security and badging requirements set forth in the PDX Rules, and regulations promulgated by the Transportation Security Administration (“TSA”) and the Federal Aviation Administration (“FAA”), as more fully described in the sample contract attached as Exhibit E. Bidders are encouraged to obtain and thoroughly review the PDX Rules (available at www.portofportland.com) and other governing rules and regulations before submitting a proposal.

Solicitation No. 2013-2168

Page 3

1.6

Security Requirements.

The successful proposer will be required to comply with all applicable security requirements for the premises, as more fully described in the sample contract attached as Exhibit E. Proposers are encouraged to obtain and thoroughly review applicable security requirements before submitting a proposal.

Solicitation No. 2013-2168

Page 4

2. 2.1

2.2

PROPOSAL PROCESS General 2.1.1

Evaluation. Proposals will be evaluated by a Port evaluation team. The evaluation will be in accordance with Section 3.2.2, Required Submissions and Evaluation Criteria, and may include requests by the team for additional information, oral discussions, site visits, and inquiries into the experience and responsibility of the proposer.

2.1.2

Obligation to Award. The issuance of this RFP, and the receipt and evaluation of proposals does not obligate the Port to award a contract. The Port will not pay any costs incurred in responding to this RFP. The Port may cancel this RFP or reject any or all proposals in accordance with ORS 279B.100.

2.1.3

Commencement of Work. The successful proposer may not commence work until receipt of a fully executed contract.

2.1.4

Questions. All questions relating to this RFP must be placed through the Port’s online bidding system at the Port’s website www.portofportland.com through the Business Opportunities vendor portal. Questions received fewer than five (5) business days prior to the deadline for receipt of proposals may not be considered.

Pre-Proposal Interpretation of Contract Documents 2.2.1

2.2.2 2.3

Changes to RFP 2.2.1.1

The Port reserves the right to make changes to the RFP. Changes will be made by written addendum which will be issued to all prospective proposers on the Port’s list of RFP holders.

2.2.1.2

Prospective proposers may request or suggest any change to the RFP by submitting a written request. The request shall specify the provision of the RFP in question, and contain an explanation for the requested change. The request must be submitted at least five (5) calendar days prior to the date set for receipt of proposals.

2.2.1.3

The evaluation team will evaluate all requests submitted, but reserves the right to determine whether to accept the requested change.

Amend or Withdraw Proposal. A proposer may amend or withdraw its proposal any time prior to the time and date established for submission of proposals.

Intergovernmental Cooperative Purchasing

The proposer submitting this proposal may agree to extend identical prices and services under the same terms and conditions to all public purchasing contracting agencies as defined in ORS 279A.200(1)(h). Quantities stated in this proposal reflect the Port’s usage only. Each participating agency will execute its own contract for its requirements. Any proposer, by written notification included with its proposal, may decline to extend the prices and terms of this proposal to any and/or all other public agencies. 2.4

Public Disclosure of Proposals 2.4.1

Any information provided to the Port pursuant to this RFP is subject to public disclosure pursuant to Oregon’s public records laws (ORS 192.410 to 192.505).

2.4.2

The general requirement for public disclosure is subject to a number of exemptions. Each page containing information deemed by the proposer to remain exempt from public disclosure after proposals have been evaluated (e.g., pages containing trade secret, economic development information, etc.) should be plainly marked. A general statement

Solicitation No. 2013-2168

Page 5

that all or certain parts of the proposal are exempt from public disclosure will not be effective unless each page on which those parts appear has been marked in accordance with this section.

2.5

2.4.3

The fact that a proposer marks certain information as exempt from disclosure does not mean that the information is necessarily exempt. The Port will make an independent determination regarding exemptions applicable to information that has been properly marked. Information that has not been properly marked may be disclosed in response to a public records request. When exempt information is mixed with nonexempt information, the nonexempt information must be disclosed. The Port will redact pages that include both exempt and nonexempt information to allow disclosure of the nonexempt information.

2.4.4

Unless expressly provided otherwise in this RFP or in a separate communication, the Port does not agree to withhold from public disclosure any information submitted in confidence by a proposer unless the information is otherwise exempt under Oregon law. The Port considers proposals submitted in response to this RFP to be submitted in confidence only until the Port’s evaluation is complete, and agrees not to disclose proposals until the Port has completed its evaluation of all proposals and publicly announced the results.

Submission of Proposals Requirements. Each proposer’s submission in response to this RFP must:

2.5.1

2.6

2.5.1.1

Include one original (marked as such), five copies of the original proposal, and one copy on a USB drive in Adobe or Microsoft format;

2.5.1.2

Be submitted in a sealed envelope that is plainly marked “Proposal to Provide Identity Management System (IDMS)” and that bears the proposer’s name and address; and

2.5.1.3

Be received by the Port’s Contracts and Procurement Manager, Craig Johnsen, at 7200 N.E. Airport Way, Portland, OR 97218 (Mailing address: PO Box 3529, Portland, OR 97208). The Port, at its option, may decline to consider late submissions.

RFP Schedule 2.6.1

Deadlines. The following schedule is tentative and subject to change at the sole discretion of the Port:

2.6.1.1

2.6.2



October 14, 2013

Issuance of RFP to prospective proposers



October 29, 2013

Pre-Proposal teleconference with prospective proposers



November 12, 2013

3 p.m. for receipt of proposals



December 11 & 13, 2013

Interviews/Demonstrations (if required)



January 13, 2014

Selection of apparent successful proposer announced



March 6, 2014

Contract begins

Period of Irrevocability. Proposals will be offers that are irrevocable for a period of sixty (60) days after the time and date proposals are due. Proposals will contain the name, address and telephone number of an individual or individuals with authority to bind the company during the period in which the proposal will be evaluated.

Solicitation No. 2013-2168

Page 6

2.7

Protests 2.7.1

Objections or Protests. A proposer or prospective proposer who wishes to object to or protest any aspect of this procurement must deliver a written protest to the Manager of Contracts and Procurement, 7200 N.E. Airport Way, Portland, OR 97218; mailing address, PO Box 3529, Portland, OR 97208; or Facsimile (503) 548-5812.

2.7.2

Timeliness 2.7.2.1

If the protest relates to matters that are apparent on the face of the solicitation documents or that are otherwise known or should have been known to the protester, the protest must be delivered no fewer than five (5) business days prior to the deadline for the Port’s receipt of offers.

2.7.2.2

If the protest relates to other matters, including but not limited to the award of the contract, it must be delivered as soon as possible, and in no event more than five (5) business days, after the protester knows or reasonably should have known of the award of the contract, the Port’s intent to award the contract, or other matters to which the protest is addressed.

2.7.3

Delivery. A protest is delivered, for the purposes of this paragraph, when it is actually received by the Port’s Contracts and Procurement Department staff.

2.7.4

Late Protests 2.7.4.1

The Port may decline to review a late protest.

2.7.4.2

A protest shall be deemed to include only the documents timely delivered pursuant to this paragraph. It must clearly state all of the grounds for the protest and must include all arguments and evidence in support of the protest. Testimonial evidence may be submitted by affidavit. The Port may investigate as it deems appropriate in reviewing the protest, and will issue a written response to the protest. The Port may proceed with contract award, execution, and performance while a protest is pending.

Solicitation No. 2013-2168

Page 7

3. 3.1

3.2

PROPOSAL CONTENT AND EVALUATION CRITERIA Preparation 3.1.1

Proposals should be prepared simply and economically, providing a straightforward, concise description of the proposer’s ability to satisfy the requirements of this RFP. Submissions of technical literature, display charts, or other supplemental materials are the responsibility and within the discretion of the proposer. The Port will not be liable for any expense incurred in the preparation of proposals. Firms interested in being considered for this work must submit the following written information for review by the evaluation team.

3.1.2

Proposers are encouraged to provide complete information in their written proposals. However, except as provided otherwise below, a proposal response to section 3.2.2 shall be in a font size no smaller than 10 points. Double-sided printing is strongly encouraged. Pages should be numbered consecutively and fastened in the upper left-hand corner only. There should be no other bindings, such as comb-binders, presentation folders, 3-ring binders, etc.

Format

Proposals shall conform to the following format: 3.2.1

Part I - Proposal Form. The proposal form follows this section of the RFP. Proposers must complete the Proposal Form (Exhibit A) and include it as the first page of their proposal.

3.2.2

Part II - Required Submissions and Evaluation Criteria. Proposals will be evaluated by the Port’s evaluation team based upon the criteria shown below. If no criteria weighting is shown, then the criteria are listed in their relative order of importance. Although some of the criteria may be given more weight than others, each proposer is expected to provide the Port with a comprehensive proposal which allows the Port to do a complete evaluation against the criteria. 3.2.2.1

Qualifications of Proposer - Weight 20 (a) Provide an executive summary of your firm, including number of years in business and financial health; (b) Describe your firm’s ability to provide the requested solution, implementation services, system configuration, and training; (c) Describe at least three engagements of similar scope and nature that your firm has performed for government agencies or transportation-related sites within the past five years. Specifically address designing, developing, implementing and supporting an Identity Management System which serve multiple airports or locations; manages multiple PACS and badge types; integrates with external systems including but not limited to: fingerprinting, background checks via approved Designated Aviation Channeler, ID verification and data extraction, computer based training and key management system. (d) Provide brief resumes of personnel who will be assigned to this project and outline the relevance of each person's experience to the scope of work described under Section 1.3;

Solicitation No. 2013-2168

Page 8

(e) Describe your team’s ability to work within a framework requiring close coordination between the Port's and the Consultant’s teams in order to be successful; (f)

3.2.2.2

Firms considered for award of contract may be required to submit audited financial statements for the past three years in order to demonstrate financial stability.

Project Approach and Project Management - Weight 20 (a) Identify the project team, roles, and responsibilities; indicate where this team has worked together on similar projects; indicate where the Port would participate in the project plan (b) Describe the approach to managing the project; (c) Describe the implementation strategy, phasing, and transition plans; (d) Provide the installation schedule, including major milestones, that meets or exceeds the Port’s desired implementation schedule listed in Section 1.3.5; (e) Provide recommended training plans and schedule; identify training options; (f)

Describe how the project team will work with the Port staff to configure and implement the solution;

(g) Identify anticipated responsibilities for the Port staff in order to ensure a successful implementation. (h) State where and how the proposal deviates from the general requirements of the RFP. 3.2.2.3

Solution Functionality and Technical design - Weight 30 (a) Describe the system solution and how it addresses the Port’s requirements; (b) Complete Exhibit B – System Requirements Checklist. Any additional costs must be included in Exhibit D – Fee Schedule; (c) Provide an overview of the system architecture; (d) Provide screen samples and data flows to highlight the system flow and integration; (e) Describe the technical environment including database, operating system, and reporting; (f)

Describe any required network or system interfaces;

(g) Describe end user access to the system; (h) Provide sample reports;

Solicitation No. 2013-2168

(i)

Suggest any additional functionality that would benefit the Port not already identified in this RFP;

(j)

If a cloud (hosted) system is recommended, describe data handling practices, including provisions for data encryption, prevention of data loss, data recovery, uptime expectations and failover alternatives, segmentation from other customers, anti-malware protection, penetration testing, and the ability of the Port to obtain a local copy of the data;

Page 9

(k) State where and how the proposal deviates from the general requirements of the RFP. 3.2.2.4

System Support and Maintenance - Weight 10 (a) Describe anticipated Port staffing requirements for successful day-to-day ongoing operations; (b) Provide options for support and maintenance; (c) Explain your approach to ongoing product support; (d) Explain system upgrade cycles and upgrade methodology, explain the level of Port involvement during upgrades; (e) Provide samples of system maintenance and licensing agreements identifying provided support service levels.

3.2.2.5

Cost/Fees - Weight 20 (a) Complete and submit Exhibit D – Fee Schedule including licensing, any services associated with project implementation, and ongoing support costs for the first five years of system operation. Identify any other recommended services and costs; (b) Any reimbursable expenses contemplated for this work must not conflict with the Port Consultant Travel and Expense Policy included in Exhibit E – Sample Contract.

3.2.2.6

Solicitation No. 2013-2168

References (not weighted, but used to verify information provided in the proposal). Provide three references where Proposer’s product is installed. Proposer must include the organization, contact name, phone number and email, the manufacturer information, including version, contract date for completion and the date fully accepted. If there was a delay from original contract date Proposer should provide reason(s) for the delay, whether under Proposer or airports control.

Page 10

4.

EVALUATION PROCEDURES

4.1

Competitive Range.

4.2

An evaluation team will determine which proposals are within the competitive range in accordance with the evaluation criteria set forth in Section 3. Only those proposals determined to be within the competitive range will be considered for award. Evaluation Team Members. 4.2.1 One or more evaluation team members may conduct an initial evaluation of all proposals, using the evaluation criteria set forth in Section 3, and may identify a subset of proposals as finalists for further evaluation by the evaluation team. 4.2.2 After the initial evaluation, members of the evaluation team may perform any of their functions individually, or as a group consisting of two or more evaluation team members. 4.2.3 If particular functions are performed by individual evaluation team members or by a group consisting of less than the full evaluation team, the evaluation team members performing the functions shall report to the full team a summary of the information gathered or conclusions reached. 4.2.4 A report of final evaluation results and any recommendation regarding award of a contract may be made to the Executive Director or the Executive Director’s designee without the participation of all evaluation team members, provided that a majority of evaluation team members participate.

4.3

Interviews/Demonstrations. Selected proposers may be invited to participate in an interview/demonstration stage of the evaluation process. Proposers should be prepared to respond to questions related specifically to their proposals and other pertinent matters with respect to the RFP.

Solicitation No. 2013-2168

Page 11

EXHIBIT A Proposal Form Port of Portland Identity Management System (IDMS) Solicitation No. 2013-2168 The undersigned proposer submits this proposal in response to the Port’s Request for Proposal (RFP) for the contract named above. The proposer warrants that the proposer has carefully reviewed the RFP and that this proposal represents proposer’s full response to the requirements described in the RFP. The proposer further warrants that if this proposal is accepted, the proposer will contract with the Port, agrees to all terms and conditions found in the attached sample contract, and will provide all necessary labor, materials, equipment, and other means required to complete the work in accordance with the requirements of the RFP and contract documents. The proposer further warrants that the proposer has not and will not discriminate, in violation of ORS 279A.110, or any other local, state or federal law, against any minority, women or emerging small business enterprise or other protected individuals, in the development or presentation of this proposal, or in obtaining any required subcontract. The proposer hereby acknowledges the requirement to carry or indicates the ability to obtain the insurance required in Section 8 of the sample contract (Exhibit E). Indicate in the affirmative by initialing here: ______ The proposer hereby acknowledges receipt of Addendum Nos. ___,___,___,___,___ to this RFP.

Name of Proposer: Business Address:

Telephone Number: Fax Number: Email Address:

Authorized Signature: Printed/Typed Name: Title: Date:

Solicitation No. 2013-2168

Page 12