The URL can be used to link to this page

20220225073927047 Scope Questions for IT Strategic Plan1. What is driving the need to complete all the work within 90 days of award contract? In our experience, these types of engagements usually extend between four to six months. o Previous IT Strategic Plan updates have not taken longer than three months. However, the District recognizes that we worked with the same vendor for the previous plan updates, and this vendor likely had more knowledge of the District and IT Department through those projects. The District would not like to see the project timeline any longer than 6 months. 2. How many IT staff should we anticipate interviewing and what are their roles? (e.g., 1 IT Manager, 1 Network Administrator, etc.) o Four (4) IT Staff. IT Manager, Network Administrator, and two Information Technology Systems Specialists. 3. How many department/business unit interviews should we anticipate interviewing? o Twelve (12) departments. The District did a stake holder survey in Q4 2020. These results can be provided to the awarded contractor to determine if the surveys are necessary or if a shorter, modified survey can be substituted, or even using the recent 2020 stakeholder survey in place of the interviews. Please clearly outline these options in your RFP timeline and cost if you would like to consider these options. 4. Does the District utilize any third parties for management or operations for any aspect of the IT environment? If yes, please describe. o The closest thing to third parties the IT department utilizes would be our Security Operations center -as-a-Service (SOCaaS) vendor. 5. How close did the District come to completing the projects described in the last IT strategic plan? o Complete 6. For the external network penetration testing, how many target systems (e.g., firewalls, gateway devices, web servers, etc.) should we include in the scope? o Fifteen (15) 7. For the internal network penetration testing, how many target systems (e.g., servers, network devices, connected printers, and workstations) should we include in the scope? o We currently manage twenty (20) 24-bit subnets. Most are not full, but all subnets are expected to be evaluated. 8. For wireless network penetration testing, how many distinct SSIDs and locations should we include in the scope? o 1 location (the Wastewater Treatment Plant) and five (5) SSID’s 9. Under Section III: Deliverables, bullet #6 lists “IT focused Disaster Recovery Plan” as an expected deliverable. We view the development of a DR Plan a distinct and separate engagement that has its own set of data collection, analysis, and deliverable development, including a business impact analysis, DR infrastructure assessment, the DR plan itself, and a table top test. This could take anywhere from 4 to 6 months to develop. Is this what the District is expecting for the development of an IT focused Disaster Recovery Plan? o This item was added to the scope as the District has experienced emergency situations in the last few years. If this portion of the project takes longer that the Strategic Plan update, that is acceptable. The IT Strategic Plan will be the priority until the final reports and executive presentation is complete. 10. Is the PowerPoint presentation to District officials and the presentation of the executive summary to the Board of Directors the only presentations that we should include in the scope? o This is sufficient. 11. Is there a budget amount or range that the vendor should keep in mind when developing the fee budget for this engagement? o The District has $40,000 budgeted for this project.