Washington State Department of Department of Social and Health Services
ITPS Work Request
Solicitation number: ITPS #1724-642
Project name: IT Security Analyst
Performance Period: from 08/15/2017 to 9/30/2018
This solicitation is issued by the Department of Social and Health Services (DSHS) pursuant to the Information Technology Professional Services (ITPS) program which is separately coordinated by the Washington State Department of Enterprise Services (DES).
DES separately maintains a group of categorized notification lists or "pools" of IT service providers within the state's solicitation notification system (WEBS) for state purchasers to advertise their solicitations to when they seek competitive proposals for their IT business needs. This is one of those solicitations.
The categories of lists are shown below and they identify common IT business needs of state government. This solicitation specifies one or more of those categories (checked).
The only IT service providers who should be able to view and download this solicitation are on the notification list in WEBS for the category checked below.
NOTE: If this is not the case, and you are viewing this solicitation, you received it by some other means outside of WEBS and the Purchaser will not entertain a proposal from you.For further detail, see Bidder Eligibility.
Solicitation ScheduleSolicitation posting date: 07/17/17
Questions due: 7/24/17
Answers published: 7/27/17
Complaints due: 8/10/17
Proposals due: 8/17/17, 3 PM PT
Evaluations:8/21/17-8/30/17
Solicitation Coordinator
Name:Angela Williams
Title: Solicitation Coordinator
Phone: 360.664.6046
Email: / Categories
ITPS_08215_01. IT Funding & Financial Analysis
ITPS_08215_02. IT Business Analysis
ITPS_08215_03. Continuity/Disaster Recovery
ITPS_08215_04. IT Project Management
ITPS_08215_05. Project Quality Assurance
ITPS_08215_06. Software Testing
ITPS_08215_07. Client/Server & Web Services
ITPS_08215_08. Database Services
ITPS_08215_09. GIS Services
ITPS_08215_10. Infrastructure Services
ITPS_08215_11. Mainframe Services
ITPS_08215_12. Mobile Services
Washington State Department of Social and Health Services (DSHS)
ITPS Work Request –1724-642 / 1
1.Bidder Eligibility
Proposals to this solicitation will only be entertained from companies who are currently on the WEBS notification list for the technical service category(ies) checked on the cover page.
The notification lists are separately administered by DES, not the Solicitation Coordinator. Addition to notification lists is a prerequisite to submitting a proposal to this or any other ITPS Work Request and is separately accomplished by submitting a program agreement (DES Master Contract 08215) to DES. For further detail, refer to the DES ITPS Webpage.
NOTE: Master contract submittals received by DES prior to the 20th of each month; but no later, will be reviewed for compliance on the 20th. Those companies will be added to the applicable notification lists in WEBS at the beginning of the month following receipt. Submittals received after the 20th will be processed the following month. DES cannot expedite this schedule to facilitate a company’s ability to meet the due date of a currently posted solicitation such as this one.
2.Definitions
“Agency” means a government entity of the state of Washington.
“COTS” means Commercial Off TheShelf.
“Department” means the State of Washington, Department of Social and Health Services (DSHS).
“DES” means the Washington state Department of Enterprise Services, any division, section, office, unit or other entity of DES or any of the officers or other officials lawfully representing DES.
“Notification List” means a list within WEBS which is categorized by technical service category for state purchasers to use for notification purposes when they seek competitive bids or proposals. A company must first register in WEBS and complete this agreement in order to be added to any notification list.
“Purchaser”means the authorized user of the program who may or actually does make purchases of material, supplies, services, and/or equipment under the resulting Work Order.Includes any Washington state agency and any authorized party to the Master Contracts Usage Agreement (MCUA).Includes institutions of higher education, boards, commissions, nonprofit corporations andpolitical subdivisions such as counties, cities, school districts, or public utility districts.
“Solicitation” means the process of notifying prospective bidders of a request for competitive bids or proposals. Also includes reference to the actual documents used for that process, along with all amendments or revisions thereto.
“Technical Service Category” means an information technology skill categorized by common IT business need of state government described and set forth in this agreement.
“Washington’s Electronic Business Solution or WEBS” means DES’s web-based solicitation notification system.
“Work Order” means a contractual document incorporated by reference to this solicitation and executed between an eligible purchaser and a company. Each Work Order shall be the result of a Work Request (competitive solicitation).
A Work Order generally contains project objectives, description of work, timeline and period of performance, compensation and payment, company responsibilities, purchaser responsibilities, special terms and conditions, signature block, etc., and incorporates this solicitation by reference.
“Work Request” means a purchaser’s solicitation that requests bids or proposals specific to their requirements. An ITPS work request will specify a technical service category(ies) and purchasers will only entertain bids or proposals from companies who are on the notification lists for the technical service category(ies) specified.
“You” means the person or firm, completing this agreement, and includes all of its officers and employees.
3.Project Description
a.Agency Background
The Department of Social and Health Services (DSHS) is Washington's largest state agency. In any given month, DSHS provides some type of shelter, care, protection and/or support to 2.7million of our state's 7million people. The Department is divided into six direct service administrations and two support administrations.
The Department’s Economic Services Administration (ESA) provides help nearly one out of every four Washington residents for assistance with cash, food, child support, child care, disability determination, transition to employment, and other services. Each day, more than 4,000 ESA employees provide families and individuals across the state with the resources and support they need to build better lives. In 2013, ESA served more than 1.5 million people – representing approximately 22 percent of all Washington State residents.
ESA’s core services focus on:
(1)Poverty Reduction & Self-Sufficiency – Helping low-income people meet their basic needs and achieve economic independence through cash grants, food, and medical assistance; employment-focused services; and subsidized child care. Major programs include Temporary Assistance for Needy Families (TANF) and WorkFirst (Washington’s Welfare to Work program); Basic Food (formerly the Food Stamp Program); Aged, Blind, or Disabled; Pregnant Women’s Assistance; Refugee Cash Assistance; Working Connections Child Care; and medical assistance.
(2)Child Support Enforcement & Financial Recovery – Ensuring parents live up to the responsibility of supporting their children and improving the self-sufficiency of families through increased financial and medical support. In addition to child support, the administration’s collection of other debts owed to the Department protects taxpayers, while helping programs meet current expenditures and provide financial assistance, medical care and other benefits and services to those in need.
(3)Disability Determination – Determining whether individuals applying for Social Security disability benefits have a disability that prevents them from working. Under contract with the Social Security Administration, Disability Determination Services determines whether individuals qualify for benefits from the Social Security Administration and for medical assistance.
b.Project Background
The Department of Social and Health Services (DSHS) is implementing a number of commercial off the shelf (COTS) components and modifying several business processes to modernize the Department’s Medicaid/CHIP eligibility and enrollment systems against internal and external threats to the security of confidential client data. As part of the security modernization, the IBM mainframe environment will be upgraded with the following components:
(1)InfoSphereGuardium Data Activity Monitor – prevents unauthorized data (e.g. files & databases) access, alerts on changes or leaks to help ensure data integrity, automates compliance controls and protects against internal and external threats;
(2)RACF Server for VM – Securing and auditing access to all critical mainframe resources.
c.Location/Place of Performance
The work is expected to occur at DSHS offices in Olympia, WA. A hotel cubical will be provided at the Department’s Economic Services Administration (ESA) during regular business hours (8am to 5pm, Monday through Friday). The street address of the ESA office is 724Quince Street SE, Olympia WA.
d.Scope of Work
As a key member of the IT Security Team, the IT Security Analyst will work with the IT Security Administrator to manage and monitor the new IBM mainframe security controls to proactively identify malicious internal and external threats. A strong background in Information Technology with experience analyzing emerging threats and risks is important. This position will report to the IT Security Administrator.
Key responsibilities include the following:
(1)Participate in the creation of enterprise security documents (e.g. policies, standards, baselines, guidelines, and procedures) under the direction of the IT Security Administrator.
(2)Perform daily incident detection and response operations. Monitor, investigate, research, and analyze intrusions, as well as develop and implement prevention tools and systems.
(3)Audit and review security and audit logs for applications and servers. Utilize tools to analyze attack patterns, inappropriate / out of policy activity, or access misuse. Report all violations to the appropriate personnel for review and corrective action.
(4)Analyze events and apply skill and judgement to escalate (as appropriate) relevant Information Security Event information. Take action to handle high severity issues including escalating to other security staff as necessary and assist with providing potential resolution or areas of improvement.
(5)Clearly and concisely document observations and findings. Create and maintain reports on performance indicators, as well as weekly/monthly metrics to maintain historical records and identify trends, etc.
(6)Provide IT security expertise for the agency. Working with executive team, staff, partners, and stakeholders, implement and support new and existing security policies and technologies.
(7)Assist with IT Security audits by providing the security metrics necessary to adequately assess them.
(8)Assist in the ongoing assessment of security controls utilized in ESA IT Solutions.
(9)Assist with the implementation of security controls and provide operational support to those implemented within ESA IT Solutions.
e.Period of Performance
The term of the initial contract (Work Order) will be for approximately fourteen(14) months commencing on 08/15/2017 or upon the execution date, whichever is later, until 9/30/2018.
The term of the contract (Work Order) may be extended by amendment for two (2) additional one (1) year periods as needed. Amendments extending the period of performance, if any, shall be at the sole discretion of DSHS.
f.Mandatory Requirements/Qualifications
The IT Security Analyst is required to have:
(1)4+ years of IT experience
(2)2+ years of experience in cyber security incident response and security operations
(3)Working knowledge and experience workingwith IBM InfoSphereGuardium Data Activity Monitor
(4)Experience evaluating cyber threats
(5)Understanding of common threats, penetration/intrusion techniques, and security operations
(6)Experience identifying and implement solutions to complex business problems
(7)Strong written and oral communication and interpersonal skills
(8)Keen attention to detail
(9)Highly self-motivated and directed
g.Acceptance Criteria
The vendor staff will follow established policies, deliverable expectations and timelines in meeting deadlines. Regular meetings will be held with vendor and State staff to develop the delivery schedule.
All deliverables and work products completed by the IT Security Analyst are subject to a detailed review and approval process by ESA’s IT Security Administrator, or designee.
Vendors are required to follow the requirements of the DSHS Data Security Requirements Exhibit. (See security section in Exhibit B, Sample Work Order (Contract).
h.Additional Expectations
Security & Confidentiality
The IT Security Analyst will comply with all State of Washington and Department policies regarding confidentiality and data security, including but not limited to:
- Confidentiality Agreement for each staff member.
- Allowing access only to staff that have an authorized business requirement to view the confidential information.
- No removal of confidential information from the Department’s systems.
On-Site Work
The IT Security Analyst will be required to perform work on site in Olympia, WA. See Section 3.c for the work location.
A security badge is required and will be provided to the Contractor for access into the work area and for agency computer access when necessary. The Contractor will be required to complete a non-disclosure agreement and annual Security Awareness training prior to starting work.
Additional Tasks/Deliverables
Vendor may complete additional tasks/deliverables at the request of DSHS. Scope of additional tasks/deliverables must be consistent with the scope of services in this Work Request.
4.Required Submittals
Bidders must include, at a minimum, the following electronic submittals attached to an email.
Bidders may propose one (1) resource in their proposal. However, Bidders may submit a maximum of two (2) proposals for this engagement. Please ensure that you are proposing your most qualified resource(s).
The proposal must include the signature of an authorized bidder representative on all documents requiring a signature.
Proposals which do not include any of the following required submittals will be rejected for non-responsiveness.
a.Administrative Requirements (Not Scored – Pass/Fail)
The Bidder must respond to every item in the same order in which they appear below. Proposals that do not follow the required order below, do not address all items (regardless of whether or not they are applicable), or is not answered in a satisfactory manner, may be rejected and disqualified from the solicitation process as “non-responsive.”
(1)Letter of Submittal
Bidders must include a signed Letter of Submittal on Bidder’s official business letterhead stationary as the first page of the proposal. Signing the Letter of Submittal indicates that the Bidder accepts the terms and conditions of this Work Request.
The Bidder’s Letter of Submittal must include the following:
(a)Name, address, principal place of business, telephone number, fax number, and e-mail address of legal entity or individual with whom a resulting Work Order (contract) would be written;
(b)The name of the contact person for this Work Request;
(c)A detailed list of all materials and enclosures included in the Proposal;
(d)A list of all Work Request amendments downloaded by the Bidder from WEBS and/or the DSHS Procurement Website, and listed in order by amendment number and date;
(e)A statement substantiating that the person signing the letter is authorized to contractually bind the Bidder;
(f)Identification of the page numbers on the Bidder’s proposal that are marked as “proprietary or confidential” information (see Section ___ for details);
(g)Any and all exceptions and/or revisions to the attached sample Work Order (contract)
Simply replacing the entirety of DSHS’ sample Work Order (contract) language with Bidder contract language will not suffice and will be considered as non-responsive. DSHS will not consider changes to contract language or negotiate any new language that is submitted after the bid deadline.
(h)A list identifying any current or former state employees who are employed by, or subcontracted with, the Bidder;
i.The list must include the name of the employee or subcontractor, the individual’s employment history with the state of Washington, and a statement of the individual’s involvement with the response to, or their proposed role in providing services under a Work Order (contract) resulting from this ITPS solicitation.
ii.If the Bidder has no employees or subcontractors that are current or former employees of the state of Washington, then the letter must so state
(i)Any statements describing variations between the Bidder’s proposal and the requirements of this Work Request; and
(j)A statement confirming that the Bidder holds a valid business license in the state of Washington, or is committed to becoming licensed within thirty (30) days of being determined the Apparent Successful Bidder, or be authorized to do business in the state.
b.Bidder Certification and Assurances Form – Exhibit A
Bidder must submit a completed Bidder Certification and Assurances Form, Exhibit A. Bidder must sign and include any other required attachments.
c.Price Worksheet
Bidders shall submit asingle, all-inclusive hourly rate for additional workin the following format.
a.1 Candidate Hourly Rate (SR, 200 points)Provide a single, all-inclusive hourly rate for the candidate
Hourly rates proposed must not exceed:
- $125.00 per hour; and
- Maximum hourly rate allowed under the bidder’s master contract with DES.
Proposed Hourly Rate for Candidate:
VENDOR RESPONSE (Parts a, b, and c):
Bidders shall submit their Admin-Cert-Price Submittal in the following format:
Expectation: One separate, scanned email attachment labeled in accordance with the file naming convention specified below.
Required Format: PDF
File naming convention: BidderName_ADMIN-CERT-PRICE.docx.
d.Non-Cost Submittal Template
Using the Vendor “Non-cost” Response Template, attach the self-authored template document (twenty-fivepages maximum; one-sided) answering the following questions. No form is provided for this submittal. Only the first twenty-five (25) pages will be considered. It is the bidder’s responsibility to determine how much of the available space to allocate to each question. Point award allotment among the questions has been established in accordance with primary stakeholder considerations.
Failure to provide this submittal as detailed herein will render a proposal non-responsive and cause it to be rejected.
b.1 Company Qualifications (SR, 100 points)Provide a brief summary of bidder’s organization and services. If any of the proposed staff are not bidder’s employees, then bidder shall provide a brief description of the organization providing proposed staff and their proposed role on the project.
Describe bidder’s experience providing services and/or technical consulting for similar projects.
Provide three (3) company references, including name, title, organization, telephone, email, and a brief description of the services provided on the engagement.
Bidder Response:
b.2 Candidate Qualifications (SR, 200 points)
Provide a brief summary of candidate’s experience and qualifications, including a description of the candidate’s experience providing services and/or technical consulting for similar projects.
Detail how the proposed candidate meets each of the following Section 3.f. Mandatory Requirements/Qualifications:
(1)4+ years of IT experience