Campus Desktop Encryption
Information Technology Department
143 Bostwick Avenue NE
Grand Rapids, MI 49503-3295
RFP Number: 1011-8144 Page 1 of 30
Table of Contents
QUICK FACTS ................................................................................................................ 3
1.0 Purpose and Conditions ..................................................................................... 4
1.1 Purpose for the Request for Proposal ................................................................ 4
1.2 GRCC Background ............................................................................................ 4
1.3 Definitions .......................................................................................................... 5
1.4 Rules and Conditions ......................................................................................... 6
1.5 Contracts .......................................................................................................... 11
1.6 Tobacco Free ................................................................................................... 11
2.0 RFP Response Requirements .......................................................................... 11
2.1 Company Historty, Expertise, Personnel .......................................................... 12
2.2 Reference Information .................................................................................... 121
3.0 Evaluation and Selection Criteria..................................................................... 12
3.1 Selection Criteria .............................................................................................. 12
3.2 Evaluation Criteria ............................................................................................ 13
4.0 Requirements & Standards .............................................................................. 14
4.1 Requirements ................................................................................................... 14
4.2 Insurance Requirements .................................................................................. 25
5.0 Quality and Performance Standards……… ……………………………………27
APPENDIX A: FAIR EMPLOYMENT PRACTICES AGREEMENT .............................. 28
RFP Number: 1011-1352 Page 2 of 30
RFP Number: 1011-1352
Title: Campus Desktop Encryption project
Issue Date: Thursday, December 9, 2010
Pre Bid Meeting Date: N/A
Proposal Due Date: 1:30PM, Thursday, January 13, 2011
GRCC Contact: Mansfield Matthewson
Director of Purchasing
GRCC Proposal Mailed Delivery: Mansfield Matthewson
Director of Purchasing
Grand Rapids Community College
143 Bostwick NE
Grand Rapids, MI 49503
GRCC Proposal Hand Delivery: Mansfield Matthewson
Director of Purchasing
Grand Rapids Community College
Peter C. Cook Administration Building
415 Fulton St. E.
Grand Rapids, MI 49503
Vendors intending to submit a response to this RFP should read this document in
its entirety and plan to attend the pre bid meeting as specified when planning to
submit a proposal.
RFP Number: 1011-1352 Page 3 of 30
1.0 Purpose and Conditions
1.1 Purpose for the Request for Proposal
The purpose of this Request for Proposal (RFP) is to purchase and implement a data
encryption solution that will be used campus-wide to reduce the college’s risk of data
loss due to stolen or lost equipment or malicious activity. Grand Rapids Community
College (GRCC) currently has no such system in place. The proposed Desktop
Encryption product should meet the PCI (Payment Card Industry) DSS requirements and
HIPPA HITECH requirements for a secure encryption system using the Advanced
Encryption Standard (AES).
The selected solution will be installing through attrition and in phases, depending on the
current state of the employees current computer system. Therefore, the selected
solution must be scalable to support a phased and gradual rollout.
Vendors wishing to submit a proposal(s) for this RFP should read this document
completely before submitting their response.
1.2 GRCC Background
The Grand Rapids Board of Education founded Grand Rapids Junior College (GRJC) in
1914 after the University of Michigan’s faculty passed a resolution was which
encouraged the establishment of junior colleges in Michigan. Now named Grand Rapids
Community College (GRCC), the eight-block downtown campus is comprised of several
classroom buildings, which includes a learning center (including the Diversity Learning
Center) and library, the Spectrum Theater, the Applied Technology Center (which
features a green roof), a remodeled music building, a field house with natatorium, a
student center, Bostwick Commons, and the Calkins Science Center. GRCC also added
the off-campus Wealthy Learning Corner to serve the East Hills and Eastown
neighborhoods and the Westside Learning Corner to serve the west side of Grand
In addition, GRCC has two Michigan Technical Education Centers (M-TECs) in West
Michigan. The Patrick Thompson M-TEC, part of GRCC's Lakeshore Campus located in
Holland, opened in Fall 2000 in partnership with the Ottawa Area Intermediate School
District. The Leslie E. Tassell M-TEC ® in Grand Rapids opened in 2002. This world-
class facility offers training in manufacturing, auto service, and building and construction
trades. GRCC also offers courses at a variety of off-campus locations including GVSU's
Meijer Campus in Holland and numerous local high schools.
RFP Number: 1011-1352 Page 4 of 30
In Fall 2009, more than 19,000 students enrolled in more than 1,900 liberal arts and
occupational courses. The diverse student body represents students from Kent and
surrounding counties as well as students from across the U.S. and 22 other nations.
GRCC serves another 10,000 learners by non-credit instructional opportunities. In
addition to traditional classroom environments, students may also receive instruction
through community and distant service-learning offerings, seminars, workshops, training
classes, distance learning options and other educational formats.
GRCC employs a faculty of more than 250 full-time and 350 part-time members as well
as a staff of 650, each focused on the College’s priorities to be student-centered,
collaborative, and flexible. Throughout its 90-year history of academic excellence, GRCC
has maintained a solid reputation as a premier transfer institution. The College is
nationally recognized for both its liberal arts and occupational programs.
To increase capacity to meet unprecedented demand, GRCC acquired the former
campus of Davenport University on Fulton St. in downtown Grand Rapids and began
courses at Sneden Hall as of Fall 2009. Wednesday, August 25, 2010 the former
Davenport Campus was renamed the DeVos Campus.
Please see GRCC’s website (http://www.grcc.edu/) for additional information.
About GRCC Information Technology:
Supports approximately 1,500 staff systems
First stage implementation of 500 staff systems initially
About 2 IT staff administrating the product (See Section 2.2)
About GRCC customers
Approximately 16,000 students
Approximately 30,000 alumni
RFP Number: 1011-1352 Page 5 of 30
1.4.1 The term "Vendor" means a business firm submitting a proposal/quote.
1.4.2 The terms "College" and “GRCC” mean the Grand Rapids Community
1.4.3 The term IT means the Information Technology Services unit of GRCC
1.4.4 The term “Respondent” means vendors that submit an official response to
this RFP by the Submission Due Date.
1.5 Rules and Conditions
18.104.22.168 Any and all communication with GRCC shall be accomplished
through the Purchasing Department, using the contact information
provided in the Quick Facts page of this RFP. Any Vendors that
deviate from this requirement will be subject to disqualification.
1.5.2 Pre Bid Meeting
1.5.3 Vendor Questions
22.214.171.124 Any questions regarding interpretation or intent must be made in
written form and emailed to Mansfield Matthewson, Director of
Purchasing, at email@example.com by 5:00 PM, Monday,
January 3, 2011.
126.96.36.199 Vendors who have indicated intent to respond will be e-mailed
answers to all questions received by 5:00PM, Wednesday,
January 5, 2011.
1.5.4 RFP Response Criteria
188.8.131.52 Vendors must follow the format of the RFP using the section titles
and numbers of each information request (e.g., 1.10 – Warranty).
If a reference to an attached document is used as part of the
response to an information request, the reference must be
specific. For example, “See page “8”, paragraph three.”
RFP Number: 1011-1352 Page 6 of 30
184.108.40.206 Proposals that do not follow the Rules and Conditions contained
herein, follow the described format of this RFP, and/or do not
provide responses to information requested may not be
220.127.116.11 The official copy of the proposal submitted must contain complete
responses and related materials.
18.104.22.168 The official copy must contain the signature of a duly constituted
corporate official legally capable of binding the Vendor.
THREE copies of the proposal shall be included. Additionally,
ONE electronic media (CD, USB drive) copy of the proposal is
requested. The College will accomplish distribution to proper
personnel. Emails, telegrams, faxes, phone or any other form of
response other than sealed hard copies are not acceptable and
will not be regarded as official submissions by the vendor.
22.214.171.124 Proposal Submission
The official sealed copy of your proposal must be received in the
Purchasing Department of Grand Rapids Community College no
later than 1:30PM, Thursday, January 13, 2011. Bids must be
clearly marked Campus Desktop Encryption Project – RFP
Mailed responses to:
Grand Rapids Community College
Director of Purchasing
143 Bostwick NE
Grand Rapids, MI 49503
Delivered Responses to:
Director of Purchasing
Grand Rapids Community College
RFP Number: 1011-1352 Page 7 of 30
Peter C. Cook Administration Building
415 Fulton St. E.
Grand Rapids, MI 49503
126.96.36.199 GRCC will not consider or examine late responses.
188.8.131.52 GRCC will consider amended responses only if received by the
Purchasing Department on or before the Submission Due Date
shown on the Quick Facts page of this RFP.
184.108.40.206 GRCC reserves the right to reject any and all proposals, wholly or
in part, and waive any irregularities in the RFP process.
220.127.116.11 If any changes are made to this RFP by any party other than
GRCC, the original document in GRCC’s files takes precedence.
18.104.22.168 In the event it becomes necessary to revise any part of this RFP,
an addendum will be provided to all Vendors who have indicated
their intent to respond.
22.214.171.124 All proposals must include all elements listed in the RFP
Response Requirements section below.
126.96.36.199 Shipping and handling of any equipment acquired by GRCC as a
result of this RFP must be quoted F.O.B. our dock and delivered
to the following address:
Grand Rapids Community College
151 Fountain NE
Grand Rapids, MI 49503
Attn: Shipping & Receiving
Reponses must specify the exact period(s) of warranty coverage for all
specified equipment. Vendors should provide quotes for additional
warranty periods for the equipment specified in this RFP.
1.5.7 Proprietary Information
188.8.131.52 Vendors must provide a corporate financial statement. Reponses
will be opened, read publicly and will be made a matter of public
RFP Number: 1011-1352 Page 8 of 30
record and as such may be reviewed by any interested party.
Pricing and contracts cannot be considered proprietary.
1.5.8 Freedom of Information Act
184.108.40.206 Respondents are advised that all materials submitted to GRCC for
consideration in response to this solicitation will be considered the
property of Grand Rapids Community College and will not as a
matter of course be treated as confidential information.
220.127.116.11 GRCC reserves the right to distribute or not to distribute materials
and information submitted by Respondents as it sees fit and/or as
required by applicable law.
18.104.22.168 If a Respondent wishes to supply any information, which it
believes is exempt from disclosure under the Act, that Respondent
should summarize such information in a separate envelope. Each
page submitted should be clearly marked "Confidential," but
otherwise be presented in the same manner as the Proposal.
However, any such information is provided entirely at the
Respondent's own risk and Grand Rapids Community College
assumes no liability for any loss or damage that may result from
the College’s disclosure at any time of any information provided by
the Respondent in connection with its proposal.
1.5.9 Non-discrimination in Employment
22.214.171.124 Equal Opportunity
126.96.36.199.1 Grand Rapids Community College, as an Equal Opportunity
Employer, complies with federal and state laws prohibiting
discrimination, including Title VI and Title VII (with
Amendments) of the 1964 Civil Rights Act, Title IX of the
Educational Amendment of 1972, Section 504 of the
Rehabilitation Act of 1974 as amended 38 USCO20-12. It
is the policy of the Board of Trustees that no person, on the
basis of race, sex, color, religion, national origin or ancestry,
age, marital status, handicap, sexual orientation or veteran
status, shall be discriminated against in employment,
educational programs and activities, or admission. Inquiries
or complaints should be addressed to Kathy Keating/EEO
RFP Number: 1011-1352 Page 9 of 30
Office, 143 Bostwick NE, and Grand Rapids 49503-3295,
188.8.131.52 Fair Employment Practice Agreement
Grand Rapids Community College requests that the
enclosed Fair Employment Practice Agreement (Appendix
“A”) be submitted with the Vendor’s proposal, however
submission is not mandatory.
Non-Discrimination for all contracts for goods or services which
the Contractor enters into in connection with performance of
services under this Contract, the Contractor agrees as follows:
The Contractor shall not discriminate against any employee or applicant
for employment because of age, color, disability, familial status, height,
marital status, national origin, political affiliation, race, religion,
sex/gender, sexual orientation, veteran status, or weight. The Contractor
shall take affirmative action to insure that applicants are employed and
employees are treated during employment without regard to their age,
color, disability, familial status, height, marital status, national origin,
political affiliation, race, religion, sex/gender, sexual orientation, veteran
status, or weight. Such action shall include, but not be limited to, the
following: employment, upgrading, demotion or transfer, recruitment
advertising, layoff or termination, rates of pay or other
forms of compensation, and selection for training including
1.5.12 The Contractor shall comply with all published rules, regulations,
directives, and orders of the Michigan Civil Rights Commission (“the
The Contractor shall furnish and file compliance reports within such time
and upon such forms as provided by GRCC. Said forms may also elicit
information as to the practices, policies, program and employment
statistics of the Contractor and any subcontractors or suppliers, and the
Contractor shall permit access to books, records and accounts by GRCC
and/or its agent, for purposes of investigation to ascertain compliance
with this Contract For Construction and with rules, regulations, and orders
of the Commission.
1.5.14 GRCC believes that it economically makes good business sense and
contributes to the economic growth of West Michigan to make every
reasonable, opportunity for minority / women / disabled-person business
enterprises (M/W/DBE) to participate in GRCC’s contracts as suppliers,
contractors and subcontractors performing work for GRCC. Therefore,
the Contractor is strongly encouraged to actively locate and include
M/W/DBE’s in its procurement efforts and to increase the amount of
business done with these enterprises. A M/W/DBE is defined as a
privately or publicly owned business organization whose ownership is at
least 51% owned, controlled and actively managed by one or more
minority/women/disabled persons as defined by federal law. The
Contractor shall, upon request, provide reports within such time and upon
RFP Number: 1011-1352 Page 10 of 30
such forms as provided by GRCC as to its good faith efforts to provide
opportunities for M/W/DBE’s.
1.5.15 The Contractor shall include, or incorporate by reference, the provisions
of the foregoing or orders of the Commission, and shall provide in every
subcontractor’s and suppliers subcontract or purchase order that said
provisions shall be binding on its subcontractors and suppliers.
1.6.1 Any contract(s) resulting from this RFP:
184.108.40.206 Shall be governed under, and the rights and obligations of the
parties hereto be determined in accordance with, the laws of the
State of Michigan; and
220.127.116.11 Shall incorporate the responses of the successful Vendor and such
responses shall constitute material terms of any contracts; and
18.104.22.168 Are dependent upon approval by the College’s Board of Trustees.
1.6.2 GRCC reserves the right to terminate the contract within thirty (30) days
of written notice and prior to any Contract Termination data, if either
service, equipment or contract performance and conduct, as judged by
GRCC, does not meet acceptable standards.
1.6.3 A Vendor must attach any Contracts, Support Agreements, End User
License Agreements and/or any Hardware, Software, or Support use
Terms and Conditions or Contracts that must be completed, applicable to
any services or products acquired by GRCC as a result of this RFP.
1.7 Tobacco Free
1.7.1 GRCC is a tobacco free campus. All individuals including students,
faculty/staff, suppliers, contractors/subcontractors and visitors are
prohibited from smoking in College buildings, vehicles and premises. All
individuals are expected to acknowledge the tobacco free policy and
provide full compliance. See www.grcc.edu/tobaccofree for additional
2.0 RFP Response Requirements
Proposals submitted must include the following:
RFP Number: 1011-1352 Page 11 of 30
1.8 Company History, Expertise, Personnel
1.8.1 Each Vendor must provide a brief description of its company, including
the date established, and the organization’s experience and history in
providing commercial custodial services.
1.8.2 Each Vendor shall include a brief description of the professional and
technical experiences, background, qualifications and expertise of the
organization’s key personnel to be assigned to this project.
1.9 Reference Information
1.9.1 Each vendor must provide brief descriptions of providing similar products
and/or services at similar organizations within the last five years.
1.9.2 Each vendor must provide at five references with past/present similar
environment and/or similar products (local Michigan higher education
institutions preferred. References should include institution name, contact
name, address, phone, fax and email address and contact information for
the specific person who is knowledgeable about the vendor’s record and
performance. References may be contacted for consultation and/or site
visits at our discretion.
1.9.3 References must not be from a person, company or organization with any
interest, financial or otherwise, in the Vendor organization.
1.9.4 GRCC, at its sole discretion, may contact other known clients of the
Vendor for references.
1.9.5 GRCC may eliminate from further consideration in the RFP process any
Vendor who, in the opinion of GRCC, receives an overall unfavorable
report from client references.
3.0 Evaluation and Selection Criteria
1.10 Selection Criteria
1.10.1 The College reserves the right to reject any and all proposals, wholly or in
part, and waive any irregularities in the RFP process.
1.10.2 GRCC will determine which responses are to be considered for
evaluation and will determine the successful Vendor.
1.10.3 A team led by the Facilities Department and the Purchasing Department,
following GRCC’s policies and procedures, will conduct the evaluation
and selection process.
RFP Number: 1011-1352 Page 12 of 30
1.11 Evaluation Criteria
The evaluation of responses will be based on, but not limited to
1.11.1 Vendor’s ability to meet all the requirements and specifications
contained in this RFP
1.11.2 Cost, best value to GRCC
1.11.3 Alignment with GRCC Mission, Vision, Values and Ends.
1.11.4 Ability to meet GRCC’s service and timeline requirements
1.11.5 Financial strength of the Vendor
1.11.6 Quality of Proposal documentation and/or presentation
1.11.7 Vendor’s experience in public higher education
1.11.8 Vendor’s solicited and unsolicited references
The evaluation criteria listed below summarizes the elements that will be considered when
evaluating submitted proposals. .
Evaluation Criteria Weight
Technical and Operational Capabilities
Meets technical and operational requirements of RFP
Completeness of fault tolerant solutions
Performance characteristics support anticipated need and growth
Adaptability to increased load and incorporate new technology 25%
Follows industry standards and best practice adherence
Product feature support and timely delivery to market
Webinar Demonstration (those Vendors selected for final phase of
Complete Cost of System
Maintenance (detailed) 25%
Ease of Implementation
Simplicity of configuration, installation and operation
Flexibility of solution to align with changing site needs
Solution alignment with industry best practices
Ease of upgrades and modifications
Number and range of desktops supported
Vendor and Manufacturer Relations
Pre and Post Sales Technical Knowledge and Support
Sales Staff Knowledge and Responsiveness
Ease of doing business 10%
Future upgrade path and investment protection
Ability to deliver support and maintenance
RFP Number: 1011-1352 Page 13 of 30
o Technical support staff knowledge
o Timeliness of follow-up to support calls
o Vendor interest in building long term support relationship
o Long term discount arrangements
Customer references (past, present, similar environ. & products)
History of experience
Ability to deliver and install on time
Vendor RFP Process
Response organization 5%
Completeness of response
Evaluations from above will be tabulated to determine finalists. Approximately two to
three finalists will be chosen based on the evaluation of their proposals.
The College reserves the right to reject any and all proposals, wholly or in part, and
waive any minor irregularities in the RFP process.
4.0 Requirements & Standards
The requirements listed below are based on the collaboration of various units at GRCC. The
requirements are based upon internally identified needs and drawn from multiple presentations
made to College staff and seen by staff at various conferences. It is not the intent or the desire
of the College to preclude any qualified vendor from responding to this RFP.
Vendors must indicate the ability of the proposed system to fulfill/provide the following list of
requirements and desired features and specify whether the particular feature that satisfies the
requirement is standard “out of the box”, configurable, or is capable through customization.
4.1. Business/background Requirements
4.1.1. Provide a list of customers including Company Name, Industry, and
number of licenses.
4.1.2. Provide a list of your solution partners.
4.1.3. How many full-time employees do you employ?
22.214.171.124. How many of those full-time employees are dedicated to
4.1.4. Provide Information showing your company’s financial standing.
4.1.5. Provide a technology roadmap for the proposed solution.
4.2. Professional Services
4.2.1. Provide a list of professional service you provide for customer in the
beginning stages of implementing you product and their associated cost.
4.3. Training: training courses/ options offered for the following:
RFP Number: 1011-1352 Page 14 of 30
4.4. Will you be using third parties services if Grand Rapids Community College
elects to have you install your product?
4.4.1. If applicable, provide a list of third parties(e.g., consultants, service
providers) that you have certified to provide implementation services on
4.5. Maintenance/Update services:
4.5.1. List all services included in your software maintenance/update program
4.5.2. How long are your maintenance agreements for?
4.5.3. What is the normal revision cycle for standard releases?
4.5.4. Provide an example of the documentation normally provided with your
standard releases .
4.5.5. What is your notification process to clients in the case of hot fixes or
4.5.6. How quickly are bug fixes generated or released from the time that the
problem or issue is initially reported or discovered?
4.6. Support Services
4.6.1. What services are included in your support service program
4.6.2. Is there a accessible knowledge base
4.6.3. Is the knowledge base accessible to:
4.6.4. Levels of Service
126.96.36.199. Do you provide on-site support
188.8.131.52. What are your hours of availability
184.108.40.206. What is your response time
220.127.116.11. What categories of users do you support( end user, helpdesk,
4.6.5. List additional offerings not listed above
4.7. Solution Architecture/Overview
Functionality and Features:
Provide a summary of your product’s features, addressing the specific requirements in Section
18.104.22.168 through 22.214.171.124
126.96.36.199. Security and encryption
188.8.131.52. Authentication and authorization
184.108.40.206. Key management
220.127.116.11. Backup and recovery
RFP Number: 1011-1352 Page 15 of 30
18.104.22.168. Security administration
4.7.2. Product Architecture
22.214.171.124. What are the end user minimum hardware requirements for
126.96.36.199. What is the amount of disk space used by your product,
including storage space and working space?
188.8.131.52. What are your management server hardware and software
4.7.3. Architecture: Provide an overall description of your product’s structure.
Provide specific information related to
184.108.40.206. Standards-What standards does your product follows/supports
220.127.116.11. Scalability-Discuss and show your product scales and include
references of current customers/installations of similar size,
scope, and complexity to our organization
18.104.22.168. Interoperability- Our current environment use LDAP, Active
Directory, and EDir.
22.214.171.124.1. Will you product integrate with LDAP for single sign
126.96.36.199.2. Will your product integrate with Active Directory for
single sign on?
188.8.131.52.3. Will your product integrate with EDir for single sign
184.108.40.206.4. How will your product allow our different units to
manage their keys and devices according to their
220.127.116.11.5. Does your product integrate with Windows Bitlocker
7 drive encryption?
18.104.22.168.6. Can Bitlocker 7 functionality be centrally managed
22.214.171.124.7. Does your product allow logging, reporting, auditing
capability the same as your native encryption?
126.96.36.199.8. Does your support helpdesk challenge/response
for forgotten Bitlocker 7 passwords?
4.8. Centralized Management
Summarize how your product supports centralized management.
4.8.1. Are there any additional modules or applications needed for the
management of your product, in addition to the basic encryption
RFP Number: 1011-1352 Page 16 of 30
4.8.2. Does your product have the ability to integrate with third-party security or
system management tools?
4.8.3. Does your product have the flexibility and adaptability to manage
products in an environment that (a) has a varying number of users, (b) a
variety of operating systems, and (c) a variety of management options
and a variety of end-user devices? Yes/No Explain
4.9 Reporting, Auditing and Compliance
Summarize how your product meets our auditing and reporting requirements,
addressing the specific requirements in Section 3.6, highlighting any features of
your product that can enhance our needs in these areas. In your description,
address the following
4.9.1 Is your products audit functionality integrated with the basic product
(e.g., is an additional module required)
4.9.2 Type of data is collected
4.9.3 Security management and control of audit data
4.9.4 Does your product have archiving features for audit data
4.9.5 PCI, DSS requirements and HIPPA HITECH requirements for a secure
system using the Advance Encryption Standards (AES)
4.10 Installation, Configuration, and Deployment Explain how your product supports
flexibility in installation and configuration options within our existing IT environment.
4.10.1 Will the installation of your product affect the configuration of our
infrastructure, such as firewall configuration settings
4.11 Specific Product Requirements
For each requirement in this section, please provide a concise explanation of
how your proposed solution will meet the specific requirement, including any
additional detail requested in the requirement subsections
4.11.1 Functionality and Features
188.8.131.52 Security and Encryption. The security of the data is of prime
importance. The solution must provide secure state-of-the-art
encryption algorithms to include
184.108.40.206.1 Does your product have the option for 128/256
encryption key lengths
220.127.116.11.2 Is your product FIPS compliant (US customers
only) per http://csrc.nist.gov/publications/fi ps/fi
18.104.22.168.3 Does your product protection in all states of the
RFP Number: 1011-1352 Page 17 of 30
22.214.171.124.4 Does your product have defense against attacks
during all stages of the boot process.
126.96.36.199.5 Does your product have the ability to withstand
attacks using alternate boot media
188.8.131.52.6 Does your product have the ability to forced
encryption on entire removable media, including
pre-existing data. Note: Re-formatting of devices
to meet this criterion is acceptable although not
184.108.40.206.7 Does your product have the ability for removable
media to be encrypted by one user and read by
other authorized user(s). Note: Feature to be
used for team collaboration in enterprise
4.11.2 Authentication and Authorization
The solution must provide the following
220.127.116.11 Does your product have the capability to setup and
administrate role-based access control
18.104.22.168 Optional multi-user authentication for critical security
22.214.171.124 Support for multi-factor authentication and/or token-based
authentication systems to achieve higher security
classification levels and/or to mitigate risks involving
improper password management(card reader/bio scan)
126.96.36.199 Does your solution have the ability for an administrator to
lock-down and/or “kill” end-user device(s) if the device(s)
is(are) believed to be missing or compromised, including
the capability to disable all accounts and/or delete keys
necessary to decrypt the data
188.8.131.52 Does your solution include role-based, hierarchical
administrative and access control that includes
184.108.40.206.1 Definition of administrative and access control
roles that provide different levels of access to
the software and its functionality
220.127.116.11.2 Ability to assign specific tasks/functions to
specific administrative roles
18.104.22.168.3 Ability to assign global administrative and
access control to specific, defined set of
policies and configurations
22.214.171.124.4 Ability to establish local administrative and
access control roles that allow local level
administrators to modify local policies and
RFP Number: 1011-1352 Page 18 of 30
configurations but restrict access to global
policies and configurations
126.96.36.199.5 Ability to delegate limited access by local-
level administrator to global policies or
configurations, if required
188.8.131.52.6 Ability to revoke prior administrator privileges
by current administrator at that level or above
(e.g., no administrative lockout)
184.108.40.206.7 Support external authentication mechanisms
(e.g., LDAP and AD) for administrative
220.127.116.11.8 Securely authenticate and encrypt any
interface to external authentication
18.104.22.168.9 Ability to configure and enforce rules for
strong passwords (e.g., no consecutive
characters, Include/exclude special
characters, require upper and/or lower case,
set minimum length)
22.214.171.124.10 Single-sign on from pre-boot authentication to
Windows for greater ease-of-use to include
password synchronization so that, if the
Windows password changes, the pre-boot
password account is automatically updated so
that the passwords remain synchronized
4.11.3 Key Management
The key management has to be compatible with existing IT
Infrastructures and must work with a wide range of deployment scenarios.
Does your solution provide?
126.96.36.199 Key server administration, utilizing central administration
methodology like Public Key Infrastructure of distributing
key authority to any number of servers in authority chain
188.8.131.52 Does Key recovery include
184.108.40.206.1 Administrative key recovery capability
220.127.116.11.2 Split key functionality for administrative key
18.104.22.168.3 Optional notification to end-user (or client as
in workstation) of administrative key recovery
22.214.171.124.4 Self-service mechanism for end-user to
retrieve lost key, even when not connected
network to retrieve lost key. Note: This is
crucial for laptop and mobile PDA solutions
126.96.36.199 Ability to run key server database and key management
interface on separate servers
RFP Number: 1011-1352 Page 19 of 30
188.8.131.52 Ability for hardware-based security modules that provide
physical tamper-resistant environment for secure key
storage and processing
4.11.4 Backup and Recovery- Disaster recovery and business continuity are
major issues for enterprises. The solution must easily facilitate recovery
from a number of different failure scenarios. Does your solution support
184.108.40.206 Data recovery in case of OS failure, hardware failure (other
than physical failure of the hard disk), or loss of contact
with the client assigned to the device (e.g., employee
termination or death)
220.127.116.11 Provisions for the backup and recovery of the
18.104.22.168 Mechanism to recover forgotten passwords, online and
4.12 Product Architecture
4.12.1 Product Environment – General- Our organization seeks an enterprise
encryption security solution that supports the general features outlined
below. Does you solution support
22.214.171.124 Ability to scale to 3000
126.96.36.199 Ability to scale in terms of management options (i.e., fixed
devices, mobile devices, email security, file sharing, etc.)
188.8.131.52 Integration with LDAP or Active Directory (Explain if
product requires or performs any changes to the Active
184.108.40.206 Ability to be configured for redundancy or high availability
220.127.116.11 Ability to load-balance the services
18.104.22.168 Single solution suite that supports the following clients
Windows XP, SP2
22.214.171.124 Single solution suite that supports the following server
• Microsoft Windows 2003 (32- and 64-bit)
• Microsoft Windows 2000
• Novell Netware
• Microsoft Windows 2008
126.96.36.199 Single solution suite that supports the following mobile
device operating systems
• Palm OS
RFP Number: 1011-1352 Page 20 of 30
• Windows Mobile 5.0
• RIM OS
• Symbian OS
188.8.131.52 Single solution suite that supports a variety of end-user
devices to include
• Laptops / notebooks
• Tablet computers
• Digital cameras
• Portable / smart phones
184.108.40.206 Various disk configurations/storage architectures to
• RAID levels
220.127.116.11 Does your solution support all forms of removable media,
including but not limited to
• USB flash drives
• External USB hard drives
• Compact flash cards
• SD cards
• Zip drives
• Floppy drives
18.104.22.168 Does your product support shared workstations where
multiple users may use the same machine
22.214.171.124 Does your Product support Multiple partitions on a disk or
126.96.36.199 Does your product support partial encryption on both
permanent and removable media for data storage
flexibility. Software is configurable to allow a portion of
removable media to be encrypted, while leaving some of
the device unencrypted
188.8.131.52 Does your product support disk imaging.
184.108.40.206 Is your product compatible
220.127.116.11.1 Novell Zenworks
18.104.22.168.2 Symantec Ghost
22.214.171.124 Is your product compliant with disk sanitization procedures
in accordance with the US Department of Defense
5220.22-M Clearing and Sanitization Matrix.
RFP Number: 1011-1352 Page 21 of 30
4.12.2 Integration with Existing IT Infrastructure
Our enterprise would like to leverage our investment in existing
infrastructure when deploying new solutions. This reduces capital costs,
reduces the number of new components being installed and places less
strain on our IT resources, the following requirements outline those
products, standards, and protocols used in our infrastructure and with
which your encryption product should integrate. Is your solution
compatible and will it integrate with the following:
126.96.36.199 Is your product compatibility with major anti-virus malware
vendors to include
188.8.131.52 Does your product have interoperability with Desktop
Management Solutions to include
184.108.40.206 Does your product have interoperability with imaging
solutions to include
220.127.116.11 Will your product integrate with E-Dir authentication system
to leverage existing investment in current systems?
18.104.22.168 Additional integration support for authentication and
account provisioning or integration with the following
22.214.171.124.1 Will your product integrate with -- Active
126.96.36.199.2 Will your product integrate with LDAP
188.8.131.52.3 Directory Services – Novell NDS
184.108.40.206.4 Backward compatible with NT domain
220.127.116.11.5 PKI public key infrastructure
18.104.22.168.6 US DoD CAC cards
22.214.171.124.7 Shibboleth/OASIS SAML (Note: Shibboleth
is standards-based, open source middleware
software which provides Web Single SignOn
(SSO). It supports the OASIS SAML v1.1
126.96.36.199 Support for virtualization software to include: Add products
RFP Number: 1011-1352 Page 22 of 30
188.8.131.52 Interoperability with shared environments to include
184.108.40.206 Integration with tape backup solution.
4.13 Administration and Management
Central management is a critical ability in an enterprise-class solution with
hundreds or thousands of users. It is important to provide a consistent and
effective level of security in a heterogeneous environment with various types of
end-user devices (e.g., desktops, laptops, removable media, PDAs, etc.) running
on differing operating systems. The solution must
4.13.1 Provide effective central management for an installed base of 500 or
4.13.2 Be easy to configure and/or customize for different locations and / or end-
users, both locally and remotely
4.13.3 Be easy to support by both local and remote support teams including
remote recovery, remote access in both locked and unlocked states
4.13.4 Securely authenticate and encrypt all communications between the
management station/application and clients
4.13.5 Provide an alert or “phone-home” capability in the event someone tries to
“brute force” a device
4.13.6 Be able to run the management server under a virtual machine (e.g.,
4.14 Reporting, Auditing and Compliance
4.14.1 Centralized, automated logging of current encryption state for all client
4.14.2 Local, secure logging of audit data on client devices
4.14.3 Ability to configure auditing to include the collection of the following types
of data: authentication date and time, local decryption and encryption
activity, local policy and administrative changes
4.14.4 Audit trails for end-user functions that include the following data elements
4.14.5 Audit trails for administrative functions that include the following data
RFP Number: 1011-1352 Page 23 of 30
4.14.6 Access control to view audit data (e.g., role based access)
4.14.7 Secure storage of audit data
4.14.8 Encryption of audit logs
4.14.9 Auditing of access to audit logs (e.g., time/date of access, user name
4.14.10 Ability to archive audit logs
4.14.11 Reporting functionality
4.14.12 Integrated audit capability
4.14.13 Interoperable with computer forensic solutions to include
• Guidance Software Encase Product Suite
• Technology Pathways Product
4.15 Configuration, Installation, and Deployment
Installation and maintenance of the software must be simple, painless and
minimally disruptive. It has to be easily deployed on a large number of clients
(2,000+) with minimal administrative effort. Does your solution support
4.15.1 Centrally-managed, network-based, remote installation of product to a
large number of devices, either using external software delivery or via
the operating system native software distribution format, such as
Windows’ MSI format files
4.15.2 Use of automated installation scripts / installers with no interaction
required by user or local administrator
4.15.3 Audit trails for administrative functions related to configuration, installation
or update of the product
4.15.4 Minimal configuration changes to existing network infrastructure, such as
firewall settings, for product installation and/or updates to reduce impact
on the organization
4.15.5 Ability to securely manage encrypted clients by Wake-On-LAN
4.15.6 Ability to granularly restrict local configuration by end-user and/or local
4.15.7 An encryption process that is resilient to unexpected lockups and/or
operating system failure during the actual encryption process
4.15.8 Ability to suspend and resume the encryption process for a given disk to
provide flexibility when migrating extremely large disks
4.16 Insurance Requirements
RFP Number: 1011-1352 Page 24 of 30
The bidder shall agree to indemnify and save Grand Rapids Community College,
its officers, agents and employees, from and against any and all liability, claims,
demands, or damages, caused by negligent act or omission, misfeasance, or
malfeasance of the bidder, its agents, servants, or employees, including fines,
fees, expenses, penalties, or suit proceedings, actions and costs of action, and
attorney’s fees for trial and on appeal, and any kind and nature arising or growing
out of the action of the bidder connected with the appeal, and any kind and
nature arising or growing out of the action of the bidder connected with the
performance of agreement, whether by act or omission of the bidder, its agents,
servants, employees or others; unless said claim for liability is caused by
negligence, misfeasance or malfeasance of GRCC or its agents, or employees.
Vendors whose proposals are determined by the evaluation team to meet or exceed the
requirements of this RFP may be requested to come on campus to provide an overview of
their proposal(s), respond to questions from the evaluation team and demonstrate the
proposed equipment. The presentation can be an additional weighted evaluation factor in
6.0 Quality and Performance Standards
6.1 Successful bidder shall include a description of their quality program
program, including complaint resolution and corrective action procedures.
6.2 Successful bidder shall describe metrics that are tracked, the frequency at which
they are tracked and guaranteed level of performance. Submission of quality and
performance history is also encouraged.
7.1 Please provide all solution pricing for the total, proposed solution according to the
information provided in this request for proposal.
7.2 Vendors must provide detailed pricing for their proposals making certain to
itemize/detail the costs for all proposed products and services. Please:
• Provide a catalog of all items, including hardware, software, and support services
that are generally used in your solution(s), providing a description of each
item and its associated list price.
• Give your pricing/licensing for enterprise solutions, including any discount tiers.
• Indicate any and all limitation to your enterprise pricing
• What consortium discounting do you may provide, such as GSA schedule 70,
E&I, MiDEAL and the like.
RFP Number: 1011-1352 Page 25 of 30
• Itemize all items, including hardware, software, and support services that you
propose for our enterprise, providing a description of each item, its
associated list price, and its discounted price, if applicable. For each item,
indicate which costs are one-time and which items are recurring. Note: If
you are providing more than one solution, list each solution separately
according to the instructions above.
• Provide prices for any additional special services, such as on-site, end-user
training, customization, and certification training (if applicable) according
to the information provided in Section 2.2
7.3 Provide a total cost for each proposed solution, backed by the detail used for
7.4 Any items, products or services that would result in additional charges must be
clearly presented and explained.
7.5 Outline the pricing structure of your company. Pricing must be provided to
include all costs related to the agreement.
7.6 Vendors must indicate what items have warranties and what the duration of the
warranties are. Any quotas or limits of service must be clearly identified and
remedies or additional costs explained.
7.7 All prices and rates are guaranteed to be firm for the first year. Please indicate
pricing and/or discount percentage commitments for subsequent years (i.e.
specific prices/discounts for years two and three; percentage increase
maximums, or other defined methods). GRCC reserves the right to exercise the
option to extend or close any awarded contract at the expiration of year one.
7.8 Any shipping costs to be incurred by the College must be quoted FOB our dock.
Shipping costs must be provided by item and sub-totaled by system.
7.9 In addition to what has been specified, Suppliers are encouraged to provide
“expressive bid” alternate pricing/proposals by suggesting alternate
specifications, technology, terms and conditions, service conditions, etc. that
could result in flexibility and cost savings for Grand Rapids Community College
and for the Vendor. Vendors must insure that their alternate proposal meets or
exceeds requirements and specifications as detailed throughout this RFP.
7.10 GRCC may issue a clarification request, in writing, to one or all bidders. A
clarification request does not allow a bidder to change its proposal.
GRCC may enter into negotiations with bidders on price or technical
clarifications. Additionally GRCC mayl negotiate with the vendor(s) to reach an
agreement that best meets the overall needs and desires of the College
RFP Number: 1011-1352 Page 26 of 30
7.12 Best and Final Offer
GRCC may request a Best and Final Offer (BAFO) from each bidder determined
to be in the competitive range. Each bidder must respond in writing with its
BAFO by the deadline established by GRCC Purchasing.
There is no guarantee that any bidder will be allowed an opportunity to
engage in negotiations or to submit a BAFO under this Section.
7.12 Payment terms will be net 30 days upon delivery of products and following
completion of any services and receipt of invoice.
8.1 Grand Rapids Community College is exempt from Michigan Sales Tax
and will furnish a tax exempt certificate upon request.
RFP Number: 1011-1352 Page 27 of 30
RFP Number: 1011-1352 Page 28 of 30
Fair Employment Practices Agreement
This rider is attached to and made a part of the bidding form agreement between
the Grand Rapids Community College and
Name of Company
During the performance of this contract, the above named firm agrees as follows:
1. Will not discriminate against any employee or applicant for employment because of race, color,
religion, sexual orientation, gender, age, national origin, height, weight, marital status, disability, or
status as a veteran (“protected classes”) unless necessary as a bona fide occupational qualification.
Said company will take action to ensure that applicants are employed without regard to their
membership in a protected class, as defined above. Such action shall include but not be limited to the
following: employment, upgrading, demotion or transfer, recruitment or recruitment advertising, layoff,
recall, or termination, rates of pay or other forms of compensation, and a selection for training,
including apprenticeship. He/She agrees to post in conspicuous places, available to employees and
applicants for employment, notices to be provided by the contracting officer setting forth the
provisions of this nondiscrimination clause.
2. Will, in all solicitations or advertisements for employees placed by or on behalf of the company, state
that all qualified applicants will receive consideration for employment without regard to race, color,
religion, sexual orientation, gender, age, national origin, height, weight, marital status, disability, or
status as a veteran unless necessary as a bona fide occupational qualification.
3. Will, as applicable, provide a written notice of the companies’ commitments under the Fair
Employment Practices Agreement to each labor union representative or worker(s) with which he/she
has a collective bargaining agreement or other contract understanding. He/She further agrees to post
a copy of the notice in conspicuous places available to employees and applicants for employment.
4. Will furnish all information and reports as requested by Grand Rapids Community College, including
pertinent books, records, and accounts to ascertain compliance with Grand Rapids Community
College nondiscrimination policies.
5. In the event of noncompliance with the nondiscrimination clauses of this contract or with any of the
said policies, this contract may be canceled, terminated, or suspended in whole or in part, and the
said company may be declared ineligible for further contracts in accordance with procedures
established by the Grand Rapids Community College and such other sanctions may be imposed and
remedies involved as provided by rule, regulation, order or statement of policy of the College or as
otherwise provided by law.
6. The following provisions are required by the Elliot-Larson Civil Rights Act: The company and, where
applicable, sub-contractors shall not discriminate against any employee or applicant for employment,
to be employed in the performance of this contract, with respect to his/her hire tenure, terms,
conditions or privileges of employment, because of his/her f race, color, religion, sexual orientation,
gender, age, national origin, height, weight, marital status, disability, or status as a veteran unless
necessary as a bona fide occupational qualification
7. MINORITY OWNERSHIP
Public Act 428 of 1980 requires that the minority business owner or woman business owner own
more than 50% of the shares or interest in the business and share in more than 50% of the net profit
or loss of the shares or interest in the business which accrues to shareholders who are members of a
minority or a woman owned business.
RFP Number: 1011-1352 Page 29 of 30
Completion of this Form is Requested for Monitoring Purposes
CONTROL AND OPERATION
P.A. 428 of 1980 requires the minority or women to exercise the power to make policy
decisions and be involved in the day-to-day management of the business.
Please check the following applicable criteria:
Company Name:________________________ Phone:____________________________
Type of Business: __________________________________________________________
_____Independent Firm, or Owned/Controlled by:__________________________________
Corporate Address of Parent Firm_____________________________________________
Personnel as of (Payroll Date)
ALL PERSONS PERSONS OF PERSONS
JOB CATEGORIES M F TOTALS COLOR OF COLOR
M F TOTALS
Officials & Managers
Name of person providing data (please print):_______________________________________
Questions concerning the Fair Employment Practices Agreement should be directed to Labor
Relations (616) 234-3453
RFP Number: 1011-1352 Page 30 of 30