0% found this document useful (0 votes)
114 views10 pages

RFP for IT Managed Services in Middleburg

Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
114 views10 pages

RFP for IT Managed Services in Middleburg

Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Request for Proposals for IT Managed Services

RFP #2024-0716
Deadline: 4:00 p.m., Monday, September 16, 2024

SECTION 1 GENERAL INFORMATION


Synopsis

The Town of Middleburg, Virginia, seeks sealed proposals from experienced and qualified firms
that wish to provide Information Technology (IT) Managed Services for the Town. Services
include, but are not limited to: personal computer and mobile device support for Town
employees and officials; server installation, maintenance and repair; management of switches,
routers, firewalls, and wireless access points; backup and disaster recovery mechanisms for
critical systems; security and protection of Town systems, including 24/7/365 monitoring; and
other ancillary services as may be required.

The Town is requesting proposals for managed services that are based on a fixed monthly price
(per user or per device) and inclusive of all aspects listed below. More details in the Proposal
section.

Background

The Town of Middleburg is a municipal government organization that serves 700 residents, over
230 businesses, and tens of thousands of visitors each year. The Town has 15 full-time
employees, 2 part-time employees, and contracts its water/wastewater services to an
independent firm. One of the Town’s Departments is a 24/7 Police Department. The Town
Council is comprised of 8 members, and they appoint numerous advisory bodies.

The Town recently occupied a new Town Hall where all departments are housed at a single
location. However, the Town maintains IT assets at other locations, including the Wastewater
Treatment Plant and Water Treatment Plant(s).

The Town is seeking a contractor experienced in small business/government IT services,


recognizing that funds are limited for both monthly support and ongoing hardware replacement.
However, the Town also recognizes the importance of properly securing the Town’s assets and
investing in new technology to keep us moving forward effectively. Achieving the right balance of
cost and services is crucial.
RFP for IT Managed Services
Middleburg, VA

Project Overview / Scope

The Town is seeking a contractor with experience to manage and support our IT infrastructure
and users.

A. Infrastructure

Manage and provide technical support services for the Town’s key infrastructure:
1. Enterprise network equipment, including configuration, patch management,
monitoring, firewall services, and server monitoring and management.
• Patch management includes but is not limited to ensuring that patches are
installed at a specific interval (monthly, for example), at the best day and
time of the week for the Town, and the provider is aware when patches fail
to install properly and engages in manual remediation where needed.
• Firewall services include but are not limited to troubleshooting and
remediation of firewall related services, managing content filtering at the
firewall level (whitelisting or blacklisting sites or categories of sites for
individuals or groups of users as needed, for example), updating firmware
no less often than quarterly (sooner where critical security updates are
released), monitoring for uptime, renewing subscriptions, and consulting on
periodic refreshing of the firewall hardware.
• Server monitoring and management includes but is not limited to
implementing toolsets for proper alerting on common issues (drive failures;
low disk space alerts; resource [CPU, RAM, etc.] overutilization, etc.) and
responding to alerts to pre-emptively solve issues before they lead to an
outage.
2. Microsoft Active Directory (local Domain Controller), Azure services, and M365 E3
licenses (Cloud-based).
3. Microsoft online Exchange email, individual user email accounts, SPAM filtering, real-
time monitoring of suspicious activity, and enforcement of MFA to ensure ongoing
security of the Town’s information.
4. Coordination with the Town’s Financial software provider, which is Southern
Software’s FMS suite of modules and is hosted on site on a server owned by the
Town. The IT provider would be expected to provide remote access to Southern
Software, coordinate with Southern Software programmers and support staff,
troubleshoot upload/download or connectivity issues, and generally ensure that the
Town’s network environment allows full utilization of the FMS product.
5. Internal (secure) and public WiFi. These systems must be fully segregated to avoid
public access to internal devices and files. Provider must have experience
implementing and managing VLANs and ACLs to ensure public WiFi does not have
access to internal Town systems.
6. Networking infrastructure, which was upgraded as part of the move to the new Town
Hall to Aruba Networks switches, Aruba wireless access points, and a Fortinet
firewall.
RFP for IT Managed Services
Middleburg, VA

7. Police Department systems, which have different security requirements. However,


providing select shared drives across the local network is preferred.
8. Manage domain registration for the Town’s .gov website (hosting is provided by
CivicPlus). Assess and consult on improvements needed as it relates to ongoing SPF,
DMARC and DKIM requirements.
9. Help troubleshoot network connections to other IP devices, such as Xerox machines,
smart TVs, A/V systems, security and access control servers, and live meeting
broadcast equipment.
10. The Town uses Comcast Business Internet and Business Voice Edge telephony
services, with equipment provided by Comcast. The IT provider is expected to
interact with Comcast on an as-needed basis on behalf of the Town to troubleshoot
connectivity/network issues in order to identify if issues are internal issues or
Comcast issues.

B. Personal Computers and Devices

Manage all purchasing, technical support, setup, and replacements for personal
computers and mobile devices provided by the Town of Middleburg to staff and officials:
1. Provide help desk services for all Town staff. May include offsite support and limited
on-site support, as needed.
• Provide levels of support based on severity of the issue being faced.
• The Town’s business hours are 8:30am-5:00pm, with limited evening
meetings that begin at 6:00pm.
• General support issues during business hours should be responded to in a
tiered manner:
• Issues impacting ability to conduct regular business and/or
affecting multiple employees should be addressed immediately as
an emergency in a timeframe appropriate for the situation
(preferred: within 30 minutes).
• Issues affecting one staff member should be responded to in a
defined timeframe (preferred: within 2 hours).
• Non-urgent matters or requests should be responded to within 2
business days, unless further time is requested.
2. Personal computers primarily consist of Lenovo desktops and laptops (one user has a
MacBookPro). Most computers are upgraded to Windows Pro 11.
• Identify appropriate replacement schedules for existing hardware.
• Identify if costs to set up and configure new/upgraded devices are included
in the managed services fee or will be charged separately with each device
setup/replacement.
3. Propose, install, maintain, and test anti-virus/malware software for PCs. If the cost of
this software is in addition to the monthly user fee, please indicate in your proposal.
4. Support mobile-device-management (MDM) for Town-owned iPhones (5) and iPads
(18). The Town currently uses JAMF. Identify monthly per user or device fee, if in
addition to the monthly managed services fee.
RFP for IT Managed Services
Middleburg, VA

5. Manage and support VPN and remote-desktop protocols for secure remote access to
devices, including MFA for VPN access.
6. Serve as licensing agent for M365.
7. Serve as the licensing agent for additional 3rd party subscriptions that may not be
eligible for direct relationship by the Town.

C. Disaster Planning and Recovery


Develop and implement disaster recovery (DR) plans:
1. Review existing plan(s) at time of contract award and suggest edits/revisions as
appropriate. Review no less often than annually. Review immediately when major
technology improvements occur (server refresh, for example) regardless of when the
most recent review took place otherwise.
2. Ensure image-based backup of on-premise servers and network drives are taken by a
standby backup appliance, and occur no less than hourly (preferred). Backup
appliance must have the ability to spin up the most recent server backup image to
host the server functionality while server repair or replacement occurs. Include
cloud-based replication options. If cloud-based replication results in additional cost to
the Town, please identify in your proposal.
3. Backup all Town Microsoft 365 data to a separate and independent cloud solution,
apart from Microsoft’s cloud environment. Microsoft 365 data includes all user
mailboxes (email), Contacts, Calendar, SharePoint, OneDrive and Teams data located
in the Town Microsoft 365 tenant. Microsoft 365 backups should take place no less
often than daily.
4. Create plan to restore the Town’s systems within 24 hours of a security or disaster
event. Possible events include:
• Malware event infecting one or more PCs, one or more network drives,
and/or one or more servers.
• Malicious effort to destroy Town records.
• Building flood, fire, or other event that damages the Town’s server room or
otherwise renders the current on-premise servers unable to function.
• Loss of functionality of the Town Hall requiring the Town to set up a remote
Town Hall facility at a completely separate location.
5. Provide monitoring so that the Town can comply with Code of Virginia Section 2.2-
5514 to report any breach of electronic systems or exposure of protected data.
6. Test DR plan at least twice per year, simulating various types of security events, such
as malware attack, server crash, or building destruction, as described above.
7. Provide quarterly trainings for staff on topics of phishing, malware, viruses, social
engineering, and other types of risks to the security of our systems.
8. Provide quarterly phish testing simulations. Report on results, including any instances
where staff clicked on links or interacted with the phishing simulation environment
by, for example, inputting their credentials into the phishing simulation environment.
9. Coordinate with Loudoun County and other agencies (including state and federal
governments) to ensure implementation of best practices for data security and
integrity.
RFP for IT Managed Services
Middleburg, VA

D. Security

Implement a holistic security posture, to include the following goals:


1. Deploy and enforce ATP scanning at M365 on inbound emails
2. Deploy and enforce link/URL re-write at M365 as a secondary measure of protection
against malicious email links being received
3. Critical and high severity patches are to be installed within 30-days of their release
across all equipment, preferably sooner once tested and confirmed stable.
4. Deploy and monitor an MDR or XDR to workstations and servers on-premises for
security monitoring, alerting and remediation of on-premise security events.
5. Deploy a security monitoring solution for M365, for alerting and remediation of
M365 events that are common indicators of compromise.
6. Conduct internal vulnerability scans no less than annually. Provide results as a part of
the ongoing review process, to collaboratively address and plan for remediation of
concerning findings.
7. Deploy and implement a protective DNS filtering service at the individual system level.
8. Deploy and manage a password manager, that has the capability to report and
remediate known cracked passwords on the dark web, and eliminate potential for
browser exfiltration of browser-based password managers
9. Monitor the dark web, and alert when user credentials are exposed, to proactively
ensure the user credentials are rotated for safekeeping of the potentially breached
account
10. Deploy a zero-trust application solution on each end user workstation and server
system.
11. Firewall events are monitored by a security operations team 24/7
12. Ensure firewall security implemented adheres to best practices as it relates to current
security requirements, including but not limited to Content Filtering, IDS/IPS, and Geo-
IP Filtering

E. Strategic Planning and Budgeting

Work with Town Manager to plan future IT needs and funding requirements:
Provide regular management reports of the Town’s systems, user requests, outstanding
issues, or major concerns. Develop replacement schedule for PCs and devices. Review
other critical hardware for longevity and replacement cycles, including roadmap of future
technology. Assist with consideration of implementing new technology or ideas to
improve services and increase efficiencies. Develop annual budget for IT needs. Meet at
least quarterly with Town Manager for ongoing IT review.
RFP for IT Managed Services
Middleburg, VA

F. Other Services

1. Conduct searches of email accounts to comply with requests under the Virginia
Freedom of Information Act (FOIA).
2. Ensure files and emails are archived in accordance with the Virginia Public Records
Retention Act.
3. Answer phones live vs. auto-attendants, voicemail, or other non-live solution.
4. Has and produces evidence of adequate errors and omissions, business liability and
workers’ comp insurance to protect the Town.
5. Demonstrate capability to respond in person to Town operational needs in the
timelines as defined above.
6. Demonstrate adequate level of staffing to meet the Town’s expectations.

Current User List:


- 15 Full-Time Staff (M365 E3)
- 2 Part-Time Staff (M365 E3)
- 8 Town Council Members (online Exchange only, no M365 license)
- 3 Additional Email Accounts (no M365 license)
RFP for IT Managed Services
Middleburg, VA

SECTION 2
PROPOSAL REQUIREMENTS

Please provide the following information about your firm or team. Proposals should
respond to all requirements of this RFP to the maximum extent possible. However,
brevity and clarity of Proposals are expected. In order to assist the selection
committee, proposals from Offerors must be submitted in the same sequence shown
below.

Tab 1: Introductory Letter

The introductory letter shall name the person or persons authorized to sign
contracts and represent the firm or team in any negotiations and provide a very
general overview of the firm and the firm’s relevant expertise.

Tab 2: Relevant Experience/References

a. This section should provide information regarding the firm’s or team’s qualifications and
experience in relation to the subjects the RFP is intended to cover.
b. Discuss firm’s or team’s qualifications to perform the work of the size and nature
described in this RFP.
c. Discuss experience with similarly-sized entities and/or local governments.
d. Discuss the firm’s or team’s familiarity with the Town of Middleburg.
e. Discuss avoidance of conflict of interest, including any business, familial, or personal
connections with Town Council members or Town staff.

Tab 3: Approach to Addressing the Opportunity


a. Provide a written work plan outlining in detail how the Offeror proposes to
perform the services required. Please respond to each item listed in the project
overview/scope, as appropriate.
b. Describe how the Offeror proposes to ensure sufficient staffing is available to
serve the Town’s needs.
c. Provide detail on the Offeror’s response timelines for particular issues or needs,
such as critical issues, medium priority issues, and low priority issues.
d. Discuss how often the Offeror will be onsite with the Town/staff.
e. Provide a cost proposal in a separate sealed envelope. Costs should be on a fixed-
price, per month basis. The monthly cost can be defined on a per user basis or on
a per device basis.
a. Define how the cost is derived. Please note that Councilmembers, while
having email addresses, only use iPads and require minimal support, so
they have traditionally not been included in the per user count.
b. Please indicate any costs in addition to the base managed services costs
(such as, online data storage costs, anti-virus software costs, other
potential fees or costs).
c. Identify any other costs that may be charged on an ad-hoc basis and
provide hourly rates (such as, setup/replacement of PCs – if charged
RFP for IT Managed Services
Middleburg, VA

separately, replacement/reconfiguration of servers, switchers, or firewalls,


etc.).
f. The Town of Middleburg anticipates a 2-year initial term, beginning January 1,
2025, with the option of up to 2 additional extensions of 2-years each. The Town’s
Standard Contract Terms are attached and will be required of any contractor.
a. Exceptions to the Standard Terms should be noted in your proposal.
b. Please describe how you would plan for a smooth transition between the
Town’s current contractor and your firm so that Town operations can
continue in a seamless manner.

SECTION 3: SELECTION PROCESS

Evaluation Criteria

Responses to the Town’s Request for Proposals will be ranked out of 100 points. The
ranking will be based upon the following criteria:

1. Experience and Knowledge: Demonstrable examples of successfully managing similarly-


sized entities, to include examples of protecting against and/or recovering from disaster
/security breach situations. (30 points)
2. Proposed Work Plan: Ability to accomplish the scope of the project. (30 points)
3. Pricing: Cost proposal. (25 points)
4. Administrative Skills: Ability of the Offeror to provide clear and consistent
communications with the Town staff and leadership. Attention to detail and quality of
reports provided to the Town. (15 points)

A committee consisting of members of the Town staff, to include the possibility of least
one elected official and industry experts, will evaluate all eligible qualifications according
to the criteria. Scores of the evaluation committee members will be totaled to determine
the top-rated firms.

After evaluation of the Proposals, Middleburg may engage in individual discussions and
interviews with two or more Offerors deemed fully qualified, responsible and suitable on
the basis of initial responses, and with professional competence to perform the services
required. Repetitive informal interviews are permitted. Proposers shall be encouraged to
elaborate on their qualifications, performance data, and staff expertise relevant to the
proposed opportunity. At this time, the Town may request additional information as it
relates to cost proposals and monthly fees.

At the conclusion of the informal interviews and on the basis of evaluation factors set
forth herein and the information provided and developed in the selection process to this
point, Middleburg shall rank, in the order of preference, the interviewed proposers
whose professional qualifications and proposed intentions are deemed most meritorious.

Negotiations shall then be conducted with top ranked Offeror(s) and if a contract or
contracts satisfactory and advantageous to the Offeror can be negotiated at fees
RFP for IT Managed Services
Middleburg, VA

considered fair and reasonable, then Middleburg Town Staff shall make a
recommendation to the Middleburg Town Council with regard to a contract(s) with that
Offeror(s). Middleburg reserves the right to invite firms and teams to submit a Best and
Final Offer, (BAFO), if, in the Town’s determination, such action is warranted. If
satisfactory terms cannot be reached with the top Offeror, the Town may choose
negotiate with another Offeror. The Middleburg Town Council shall retain final approval
of any/all contracts generated as a result, from this RFP.

Pre-Proposal Meeting

No pre-proposal meeting will be held, unless determined to be necessary at a later date.

An onsite visit will be permitted during regular business hours for interested proposers to
review the Town’s current infrastructure at the Middleburg Town Hall.

Questions/Additional Information
All questions or clarifications related to this RFP must be submitted to Danny Davis via
email at ddavis@middleburgva.gov . All questions must be submitted before the close of
business (5:00pm) Wednesday, September 4, 2024. All questions and Middleburg’s
responses will be posted on the Middleburg web site: www.middleburgva.gov no later
than 6:00pm Friday, September 6, 2024, as an official addendum. It is the responsibility of
those submitting questions and those interested in responding to this RFP to review
any/all questions and responses.
Submission of a proposal will be required to identify that the proposer has read and
complied with any and all addenda.

Submittal Deadline
The deadline for submittal of proposals in response to this RFP is Monday, September 16,
2024, at 4:00pm

Proposals should be delivered in a sealed envelope as follows:

In person or via courier (UPS, FedEx, etc.): Via mail (USPS):


Danny Davis Danny Davis
Town of Middleburg Town of Middleburg
10 West Marshall St. P.O. Box 187
Middleburg, VA 20117 Middleburg, VA 20118

Please provide one (1) original in a sealed envelope.

Please also submit an electronic version of the proposal in either one of two
ways:
- on a USB flash drive in the sealed envelope with the hard copy proposal, or
- via email after the submission deadline (after 9/16 @ 4pm) to ddavis@middleburgva.gov
RFP for IT Managed Services
Middleburg, VA

Proprietary and Confidential Information


The Town of Middleburg is subject to the Virginia Freedom of Information Act (“the Act”),
and no action by the Town required by the Act will constitute a violation of this provision.
Nonetheless, the Town will keep confidential, subject to the terms of this paragraph and to
the extent permitted by law, Proprietary Information submitted in response to this
Request for Proposal. For purposes of this paragraph, “Proprietary Information” means all
confidential and/or proprietary knowledge, data or information in which the Offeror has a
protectable interest, including: (a) trade secrets, inventions, ideas, know-how,
improvements, discoveries, developments, designs and techniques; (b) information
regarding research and development, new products marketing and selling, business plans,
licenses, records, facility locations, documentation, software programs, price lists, contract
prices for purchase and sale of the Offeror’s services, customer lists, prospect lists, pricing
on business proposals to new and existing customers, supplier pricing, equipment
configurations, ledgers and general information, employee records, mailing lists, accounts
receivable and payable ledgers, budgets, financial and other records of the Offeror; and (c)
information regarding the skills and compensation of other employees of the Offeror.
“Proprietary Information” does not include, however, information that is publicly available
or readily ascertainable by independent investigation.

To qualify Proprietary Information for protection from disclosure, the Offeror must: 1)
request protection of the Proprietary Information before, or contemporaneously with,
submission of the Proposal; 2) identify the Proprietary Information to be protected; and 3)
state the reasons why the information is proprietary. The Offeror cannot designate as
Proprietary Information a) an entire proposal; b) any portion of a proposal that does not
contain Proprietary Information; c) line-item prices; or d) the total proposal price. The
Town will provide notice to the Offeror of any request for public records that might require
disclosure of proprietary and confidential information and provide reasonable advance
notice of the Town’s intent with regard to honoring such a request.

Cooperative Procurement

It is the Town of Middleburg’s intention to make any contract issued as a result of this RFP
available for use by one or more other public bodies, or public agencies or institutions or
localities of the several states, of the United States or its territories, as cooperative
procurement, permitted under the Code of Virginia Section 2.2-4304.

Cancellation

Middleburg reserves the right to cancel this Request for Proposals at any time. Middleburg
reserves the right to waive minor informalities or discrepancies contained in any Proposal.

You might also like