EncryptionSPEC Grand Rapids

Document Sample
EncryptionSPEC Grand Rapids Powered By Docstoc
					    Campus Desktop Encryption

                 RFP# 1011-1352
             Information Technology Department
                 143 Bostwick Avenue NE
               Grand Rapids, MI 49503-3295

RFP Number: 1011-8144                        Page 1 of 30
                                           Table of Contents
QUICK FACTS ................................................................................................................ 3

1.0      Purpose and Conditions ..................................................................................... 4

   1.1     Purpose for the Request for Proposal ................................................................ 4
   1.2     GRCC Background ............................................................................................ 4
   1.3     Definitions .......................................................................................................... 5
   1.4     Rules and Conditions ......................................................................................... 6
   1.5     Contracts .......................................................................................................... 11
   1.6     Tobacco Free ................................................................................................... 11
2.0      RFP Response Requirements .......................................................................... 11

   2.1     Company Historty, Expertise, Personnel .......................................................... 12
   2.2     Reference Information .................................................................................... 121
3.0      Evaluation and Selection Criteria..................................................................... 12

   3.1     Selection Criteria .............................................................................................. 12
   3.2     Evaluation Criteria ............................................................................................ 13
4.0      Requirements & Standards .............................................................................. 14

   4.1     Requirements ................................................................................................... 14
   4.2     Insurance Requirements .................................................................................. 25
5.0      Quality and Performance Standards……… ……………………………………27
6.0      Pricing………………………………………………………………………………….27
7.0      Taxes……………………………………………………………………………………29


RFP Number: 1011-1352                                                                                          Page 2 of 30
                             QUICK FACTS

RFP Number:                          1011-1352

Title:                               Campus Desktop Encryption project

Issue Date:                          Thursday, December 9, 2010

Pre Bid Meeting Date:                N/A

Proposal Due Date:                   1:30PM, Thursday, January 13, 2011

GRCC Contact:                        Mansfield Matthewson
                                     Director of Purchasing

Email:                               mmatthew@grcc.edu

GRCC Proposal Mailed Delivery:       Mansfield Matthewson
                                     Director of Purchasing
                                     Grand Rapids Community College
                                     143 Bostwick NE
                                     Grand Rapids, MI 49503

GRCC Proposal Hand Delivery:         Mansfield Matthewson
                                     Director of Purchasing
                                     Grand Rapids Community College
                                     Peter C. Cook Administration Building
                                     415 Fulton St. E.
                                     Grand Rapids, MI 49503

Vendors intending to submit a response to this RFP should read this document in
its entirety and plan to attend the pre bid meeting as specified when planning to
submit a proposal.

RFP Number: 1011-1352                                                 Page 3 of 30
1.0   Purpose and Conditions

      1.1    Purpose for the Request for Proposal
      The purpose of this Request for Proposal (RFP) is to purchase and implement a data
      encryption solution that will be used campus-wide to reduce the college’s risk of data
      loss due to stolen or lost equipment or malicious activity. Grand Rapids Community
      College (GRCC) currently has no such system in place. The proposed Desktop
      Encryption product should meet the PCI (Payment Card Industry) DSS requirements and
      HIPPA HITECH requirements for a secure encryption system using the Advanced
      Encryption Standard (AES).

      The selected solution will be installing through attrition and in phases, depending on the
      current state of the employees current computer system. Therefore, the selected
      solution must be scalable to support a phased and gradual rollout.

      Vendors wishing to submit a proposal(s) for this RFP should read this document
      completely before submitting their response.

      1.2    GRCC Background

      The Grand Rapids Board of Education founded Grand Rapids Junior College (GRJC) in
      1914 after the University of Michigan’s faculty passed a resolution was which
      encouraged the establishment of junior colleges in Michigan. Now named Grand Rapids
      Community College (GRCC), the eight-block downtown campus is comprised of several
      classroom buildings, which includes a learning center (including the Diversity Learning
      Center) and library, the Spectrum Theater, the Applied Technology Center (which
      features a green roof), a remodeled music building, a field house with natatorium, a
      student center, Bostwick Commons, and the Calkins Science Center. GRCC also added
      the off-campus Wealthy Learning Corner to serve the East Hills and Eastown
      neighborhoods and the Westside Learning Corner to serve the west side of Grand

      In addition, GRCC has two Michigan Technical Education Centers (M-TECs) in West
      Michigan. The Patrick Thompson M-TEC, part of GRCC's Lakeshore Campus located in
      Holland, opened in Fall 2000 in partnership with the Ottawa Area Intermediate School
      District. The Leslie E. Tassell M-TEC ® in Grand Rapids opened in 2002. This world-
      class facility offers training in manufacturing, auto service, and building and construction
      trades. GRCC also offers courses at a variety of off-campus locations including GVSU's
      Meijer Campus in Holland and numerous local high schools.

RFP Number: 1011-1352                                                              Page 4 of 30
      In Fall 2009, more than 19,000 students enrolled in more than 1,900 liberal arts and
      occupational courses. The diverse student body represents students from Kent and
      surrounding counties as well as students from across the U.S. and 22 other nations.
      GRCC serves another 10,000 learners by non-credit instructional opportunities. In
      addition to traditional classroom environments, students may also receive instruction
      through community and distant service-learning offerings, seminars, workshops, training
      classes, distance learning options and other educational formats.

      GRCC employs a faculty of more than 250 full-time and 350 part-time members as well
      as a staff of 650, each focused on the College’s priorities to be student-centered,
      collaborative, and flexible. Throughout its 90-year history of academic excellence, GRCC
      has maintained a solid reputation as a premier transfer institution.         The College is
      nationally recognized for both its liberal arts and occupational programs.

      To increase capacity to meet unprecedented demand, GRCC acquired the former
      campus of Davenport University on Fulton St. in downtown Grand Rapids and began
      courses at Sneden Hall as of Fall 2009. Wednesday, August 25, 2010 the former
      Davenport Campus was renamed the DeVos Campus.

      Please see GRCC’s website (http://www.grcc.edu/) for additional information.

1.3   Context

                About GRCC Information Technology:
                    Supports approximately 1,500 staff systems
                       First stage implementation of 500 staff systems initially
                       About 2 IT staff administrating the product (See Section 2.2)

                About GRCC customers
                    Approximately 16,000 students
                    Approximately 30,000 alumni

      1.4       Definitions

RFP Number: 1011-1352                                                               Page 5 of 30
           1.4.1    The term "Vendor" means a business firm submitting a proposal/quote.
           1.4.2    The terms "College" and “GRCC” mean the Grand Rapids Community
           1.4.3    The term IT means the Information Technology Services unit of GRCC
           1.4.4    The term “Respondent” means vendors that submit an official response to
                    this RFP by the Submission Due Date.

     1.5   Rules and Conditions

           1.5.1    Communication
          Any and all communication with GRCC shall be accomplished
                           through the Purchasing Department, using the contact information
                           provided in the Quick Facts page of this RFP. Any Vendors that
                           deviate from this requirement will be subject to disqualification.

           1.5.2    Pre Bid Meeting

           1.5.3    Vendor Questions
          Any questions regarding interpretation or intent must be made in
                           written form and emailed to Mansfield Matthewson, Director of
                           Purchasing, at mmatthew@grcc.edu by 5:00 PM, Monday,
                           January 3, 2011.
          Vendors who have indicated intent to respond will be e-mailed
                           answers to all questions received by         5:00PM, Wednesday,
                           January 5, 2011.

           1.5.4    RFP Response Criteria
          Vendors must follow the format of the RFP using the section titles
                           and numbers of each information request (e.g., 1.10 – Warranty).
                           If a reference to an attached document is used as part of the
                           response to an information request, the reference must be
                           specific. For example, “See page “8”, paragraph three.”

RFP Number: 1011-1352                                                             Page 6 of 30
      Proposals that do not follow the Rules and Conditions contained
                        herein, follow the described format of this RFP, and/or do not
                        provide responses to information requested            may not be

      The official copy of the proposal submitted must contain complete
                        responses and related materials.
      The official copy must contain the signature of a duly constituted
                        corporate official legally capable of binding the Vendor.

                        THREE copies of the proposal shall be included.         Additionally,
                        ONE electronic media (CD, USB drive) copy of the proposal is
                        requested. The College will accomplish distribution to proper
                        personnel. Emails, telegrams, faxes, phone or any other form of
                        response other than sealed hard copies are not acceptable and
                        will not be regarded as official submissions by the vendor.

      Proposal Submission
                        The official sealed copy of your proposal must be received in the
                        Purchasing Department of Grand Rapids Community College no
                        later than 1:30PM, Thursday, January 13, 2011. Bids must be
                        clearly marked Campus Desktop Encryption Project – RFP

                        Mailed responses to:
                        Grand Rapids Community College
                        Mansfield Matthewson
                        Director of Purchasing
                        143 Bostwick NE
                        Grand Rapids, MI 49503

                        Delivered Responses to:
                        Mansfield Matthewson
                        Director of Purchasing
                        Grand Rapids Community College

RFP Number: 1011-1352                                                         Page 7 of 30
                          Peter C. Cook Administration Building
                          415 Fulton St. E.
                          Grand Rapids, MI 49503

         GRCC will not consider or examine late responses.
         GRCC will consider amended responses only if received by the
                          Purchasing Department on or before the Submission Due Date
                          shown on the Quick Facts page of this RFP.
         GRCC reserves the right to reject any and all proposals, wholly or
                          in part, and waive any irregularities in the RFP process.
         If any changes are made to this RFP by any party other than
                          GRCC, the original document in GRCC’s files takes precedence.
         In the event it becomes necessary to revise any part of this RFP,
                          an addendum will be provided to all Vendors who have indicated
                          their intent to respond.
         All proposals must include all elements listed in the RFP
                          Response Requirements section below.

          1.5.5    Delivery/Pickup
         Shipping and handling of any equipment acquired by GRCC as a
                          result of this RFP must be quoted F.O.B. our dock and delivered
                          to the following address:

                                 Grand Rapids Community College
                                 151 Fountain NE
                                 Grand Rapids, MI 49503
                                 Attn: Shipping & Receiving
          1.5.6    Warranty
                   Reponses must specify the exact period(s) of warranty coverage for all
                   specified equipment. Vendors should provide quotes for additional
                   warranty periods for the equipment specified in this RFP.

          1.5.7    Proprietary Information
         Vendors must provide a corporate financial statement. Reponses
                          will be opened, read publicly and will be made a matter of public

RFP Number: 1011-1352                                                           Page 8 of 30
                          record and as such may be reviewed by any interested party.
                          Pricing and contracts cannot be considered proprietary.

          1.5.8    Freedom of Information Act
         Respondents are advised that all materials submitted to GRCC for
                          consideration in response to this solicitation will be considered the
                          property of Grand Rapids Community College and will not as a
                          matter of course be treated as confidential information.
         GRCC reserves the right to distribute or not to distribute materials
                          and information submitted by Respondents as it sees fit and/or as
                          required by applicable law.
         If a Respondent wishes to supply any information, which it
                          believes is exempt from disclosure under the Act, that Respondent
                          should summarize such information in a separate envelope. Each
                          page submitted should be clearly marked "Confidential," but
                          otherwise be presented in the same manner as the Proposal.
                          However, any such information is provided entirely at the
                          Respondent's own risk and Grand Rapids Community College
                          assumes no liability for any loss or damage that may result from
                          the College’s disclosure at any time of any information provided by
                          the Respondent in connection with its proposal.

          1.5.9    Non-discrimination in Employment
         Equal Opportunity
              Grand Rapids Community College, as an Equal Opportunity
                                 Employer, complies with federal and state laws prohibiting
                                 discrimination, including Title VI and Title VII (with
                                 Amendments) of the 1964 Civil Rights Act, Title IX of the
                                 Educational Amendment of 1972, Section 504 of the
                                 Rehabilitation Act of 1974 as amended 38 USCO20-12. It
                                 is the policy of the Board of Trustees that no person, on the
                                 basis of race, sex, color, religion, national origin or ancestry,
                                 age, marital status, handicap, sexual orientation or veteran
                                 status, shall be discriminated against in employment,
                                 educational programs and activities, or admission. Inquiries
                                 or complaints should be addressed to Kathy Keating/EEO

RFP Number: 1011-1352                                                             Page 9 of 30
                                Office, 143 Bostwick NE, and Grand Rapids 49503-3295,
                                (616) 234-3453.
       Fair Employment Practice Agreement
                                 Grand Rapids Community College requests that the
                                 enclosed Fair Employment Practice Agreement (Appendix
                                 “A”) be submitted with the Vendor’s proposal, however
                                 submission is not mandatory.

          1.5.10 Non-Discrimination
                          Non-Discrimination for all contracts for goods or services which
                          the Contractor enters into in connection with performance of
                          services under this Contract, the Contractor agrees as follows:
                 The Contractor shall not discriminate against any employee or applicant
                 for employment because of age, color, disability, familial status, height,
                 marital status, national origin, political affiliation, race, religion,
                 sex/gender, sexual orientation, veteran status, or weight. The Contractor
                 shall take affirmative action to insure that applicants are employed and
                 employees are treated during employment without regard to their age,
                 color, disability, familial status, height, marital status, national origin,
                 political affiliation, race, religion, sex/gender, sexual orientation, veteran
                 status, or weight. Such action shall include, but not be limited to, the
                 following: employment, upgrading, demotion or transfer, recruitment
                 advertising, layoff or termination, rates of pay or other
                 forms of compensation, and selection for training including
          1.5.12 The Contractor shall comply with all published rules, regulations,
                 directives, and orders of the Michigan Civil Rights Commission (“the
                 The Contractor shall furnish and file compliance reports within such time
                 and upon such forms as provided by GRCC. Said forms may also elicit
                 information as to the practices, policies, program and employment
                 statistics of the Contractor and any subcontractors or suppliers, and the
                 Contractor shall permit access to books, records and accounts by GRCC
                 and/or its agent, for purposes of investigation to ascertain compliance
                 with this Contract For Construction and with rules, regulations, and orders
                 of the Commission.
          1.5.14 GRCC believes that it economically makes good business sense and
                 contributes to the economic growth of West Michigan to make every
                 reasonable, opportunity for minority / women / disabled-person business
                 enterprises (M/W/DBE) to participate in GRCC’s contracts as suppliers,
                 contractors and subcontractors performing work for GRCC. Therefore,
                 the Contractor is strongly encouraged to actively locate and include
                 M/W/DBE’s in its procurement efforts and to increase the amount of
                 business done with these enterprises. A M/W/DBE is defined as a
                 privately or publicly owned business organization whose ownership is at
                 least 51% owned, controlled and actively managed by one or more
                 minority/women/disabled persons as defined by federal law. The
                 Contractor shall, upon request, provide reports within such time and upon

RFP Number: 1011-1352                                                         Page 10 of 30
                      such forms as provided by GRCC as to its good faith efforts to provide
                      opportunities for M/W/DBE’s.
               1.5.15 The Contractor shall include, or incorporate by reference, the provisions
                      of the foregoing or orders of the Commission, and shall provide in every
                      subcontractor’s and suppliers subcontract or purchase order that said
                      provisions shall be binding on its subcontractors and suppliers.

      1.6      Contracts
               1.6.1   Any contract(s) resulting from this RFP:
          Shall be governed under, and the rights and obligations of the
                             parties hereto be determined in accordance with, the laws of the
                             State of Michigan; and
          Shall incorporate the responses of the successful Vendor and such
                             responses shall constitute material terms of any contracts; and
          Are dependent upon approval by the College’s Board of Trustees.

               1.6.2   GRCC reserves the right to terminate the contract within thirty (30) days
                       of written notice and prior to any Contract Termination data, if either
                       service, equipment or contract performance and conduct, as judged by
                       GRCC, does not meet acceptable standards.

               1.6.3   A Vendor must attach any Contracts, Support Agreements, End User
                       License Agreements and/or any Hardware, Software, or Support use
                       Terms and Conditions or Contracts that must be completed, applicable to
                       any services or products acquired by GRCC as a result of this RFP.

      1.7      Tobacco Free
               1.7.1   GRCC is a tobacco free campus. All individuals including students,
                       faculty/staff,   suppliers,   contractors/subcontractors   and   visitors   are
                       prohibited from smoking in College buildings, vehicles and premises. All
                       individuals are expected to acknowledge the tobacco free policy and
                       provide full compliance. See www.grcc.edu/tobaccofree for additional

2.0   RFP Response Requirements
            Proposals submitted must include the following:

RFP Number: 1011-1352                                                               Page 11 of 30
      1.8    Company History, Expertise, Personnel
             1.8.1   Each Vendor must provide a brief description of its company, including
                     the date established, and the organization’s experience and history in
                     providing commercial custodial services.
             1.8.2   Each Vendor shall include a brief description of the professional and
                     technical experiences, background, qualifications and expertise of the
                     organization’s key personnel to be assigned to this project.

      1.9    Reference Information
             1.9.1   Each vendor must provide brief descriptions of providing similar products
                     and/or services at similar organizations within the last five years.
             1.9.2   Each vendor must provide at five references with past/present similar
                     environment and/or similar products (local Michigan higher education
                     institutions preferred. References should include institution name, contact
                     name, address, phone, fax and email address and contact information for
                     the specific person who is knowledgeable about the vendor’s record and
                     performance. References may be contacted for consultation and/or site
                     visits at our discretion.
             1.9.3   References must not be from a person, company or organization with any
                     interest, financial or otherwise, in the Vendor organization.
             1.9.4   GRCC, at its sole discretion, may contact other known clients of the
                     Vendor for references.
             1.9.5   GRCC may eliminate from further consideration in the RFP process any
                     Vendor who, in the opinion of GRCC, receives an overall unfavorable
                     report from client references.

3.0    Evaluation and Selection Criteria
      1.10   Selection Criteria
             1.10.1 The College reserves the right to reject any and all proposals, wholly or in
                     part, and waive any irregularities in the RFP process.
             1.10.2 GRCC will determine which responses are to be considered for
                     evaluation and will determine the successful Vendor.
             1.10.3 A team led by the Facilities Department and the Purchasing Department,
                     following GRCC’s policies and procedures, will conduct the evaluation
                     and selection process.

RFP Number: 1011-1352                                                                Page 12 of 30
      1.11   Evaluation Criteria
             The evaluation of responses will be based on, but not limited to
                  1.11.1 Vendor’s ability to meet all the requirements and specifications
                          contained in this RFP
                  1.11.2 Cost, best value to GRCC
                  1.11.3 Alignment with GRCC Mission, Vision, Values and Ends.
                  1.11.4 Ability to meet GRCC’s service and timeline requirements
                  1.11.5 Financial strength of the Vendor
                  1.11.6 Quality of Proposal documentation and/or presentation
                  1.11.7 Vendor’s experience in public higher education
                  1.11.8 Vendor’s solicited and unsolicited references

The evaluation criteria listed below summarizes the elements that will be considered when
evaluating submitted proposals. .

 Evaluation Criteria                                                Weight
 Technical and Operational Capabilities
  Meets technical and operational requirements of RFP
  Completeness of fault tolerant solutions
  Performance characteristics support anticipated need and growth
  Adaptability to increased load and incorporate new technology    25%
  Follows industry standards and best practice adherence
  Product feature support and timely delivery to market
  Webinar Demonstration (those Vendors selected for final phase of
    evaluation stages)
 Complete Cost of System
  Software
  Warranty
  Maintenance (detailed)                                           25%
  Support
  Installation
  Implementation
 Ease of Implementation
  Simplicity of configuration, installation and operation
  Flexibility of solution to align with changing site needs
  Solution alignment with industry best practices
  Ease of upgrades and modifications
  Number and range of desktops supported
 Vendor and Manufacturer Relations
  Pre and Post Sales Technical Knowledge and Support
  Sales Staff Knowledge and Responsiveness
  Ease of doing business                                           10%
  Training
  Future upgrade path and investment protection
  Ability to deliver support and maintenance

RFP Number: 1011-1352                                                           Page 13 of 30
       o Technical support staff knowledge
       o Timeliness of follow-up to support calls
  Vendor/customer partnering
       o Vendor interest in building long term support relationship
       o Long term discount arrangements
 Vendor Background
  Customer references (past, present, similar environ. & products)
  History of experience
  Ability to deliver and install on time
 Vendor RFP Process
  Response organization                                                        5%
  Completeness of response

       Evaluations from above will be tabulated to determine finalists. Approximately two to
       three finalists will be chosen based on the evaluation of their proposals.
       The College reserves the right to reject any and all proposals, wholly or in part, and
       waive any minor irregularities in the RFP process.

4.0    Requirements & Standards
The requirements listed below are based on the collaboration of various units at GRCC. The
requirements are based upon internally identified needs and drawn from multiple presentations
made to College staff and seen by staff at various conferences. It is not the intent or the desire
of the College to preclude any qualified vendor from responding to this RFP.

Vendors must indicate the ability of the proposed system to fulfill/provide the following list of
requirements and desired features and specify whether the particular feature that satisfies the
requirement is standard “out of the box”, configurable, or is capable through customization.

       4.1.    Business/background Requirements
               4.1.1. Provide a list of customers including Company Name, Industry, and
                      number of licenses.
               4.1.2. Provide a list of your solution partners.
               4.1.3. How many full-time employees do you employ?
               How many of those full-time employees are dedicated to
                                 desktop encryption?
               4.1.4. Provide Information showing your company’s financial standing.
               4.1.5. Provide a technology roadmap for the proposed solution.
       4.2.    Professional Services
               4.2.1. Provide a list of professional service you provide for customer in the
                      beginning stages of implementing you product and their associated cost.
       4.3.    Training: training courses/ options offered for the following:
                                      Technicians/Engineers
                                      Helpdesk Staff
                                      System Administrators

RFP Number: 1011-1352                                                             Page 14 of 30
       4.4.   Will you be using third parties services if Grand Rapids Community College
              elects to have you install your product?
              4.4.1. If applicable, provide a list of third parties(e.g., consultants, service
                     providers) that you have certified to provide implementation services on
                     your behalf
       4.5.   Maintenance/Update services:
              4.5.1. List all services included in your software maintenance/update program
              4.5.2. How long are your maintenance agreements for?
              4.5.3. What is the normal revision cycle for standard releases?
              4.5.4. Provide an example of the documentation normally provided with your
                     standard releases .
              4.5.5. What is your notification process to clients in the case of hot fixes or
                     emergency releases
              4.5.6. How quickly are bug fixes generated or released from the time that the
                     problem or issue is initially reported or discovered?
       4.6.   Support Services
              4.6.1. What services are included in your support service program
              4.6.2. Is there a accessible knowledge base
              4.6.3. Is the knowledge base accessible to:
                             System administrators
                             End Users
                             Helpdesk Staff
                             Technicians
              4.6.4. Levels of Service
               Do you provide on-site support
               What are your hours of availability
               What is your response time
               What categories of users do you support( end user, helpdesk,
                                 technician, engineers)
              4.6.5. List additional offerings not listed above
       4.7.   Solution Architecture/Overview
Functionality and Features:
Provide a summary of your product’s features, addressing the specific requirements in Section through
               Security and encryption
               Authentication and authorization
               Key management
               Backup and recovery

RFP Number: 1011-1352                                                           Page 15 of 30
              Security administration
            4.7.2. Product Architecture
              What are the end user minimum hardware requirements for
                                        processor
                                        memory
                                        disk space
              What is the amount of disk space used by your product,
                                including storage space and working space?
              What are your management server hardware and software
            4.7.3.   Architecture: Provide an overall description of your product’s structure.
                     Provide specific information related to
              Standards-What standards does your product follows/supports
              Scalability-Discuss and show your product scales and include
                                references of current customers/installations of similar size,
                                scope, and complexity to our organization
              Interoperability- Our current environment use LDAP, Active
                                Directory, and EDir.
                       Will you product integrate with LDAP for single sign
                                           on authentication?
                       Will your product integrate with Active Directory for
                                           single sign on?
                       Will your product integrate with EDir for single sign
                       How will your product allow our different units to
                                           manage their keys and devices according to their
                                           unique needs
                       Does your product integrate with Windows Bitlocker
                                           7 drive encryption?
                        Can Bitlocker 7 functionality be centrally managed
                                            and administered?
                        Does your product allow logging, reporting, auditing
                                            capability the same as your native encryption?
                        Does your support helpdesk challenge/response
                                            for forgotten Bitlocker 7 passwords?
     4.8.   Centralized Management
            Summarize how your product supports centralized management.
            4.8.1. Are there any additional modules or applications needed for the
                   management of your product, in addition to the basic encryption

RFP Number: 1011-1352                                                           Page 16 of 30
            4.8.2. Does your product have the ability to integrate with third-party security or
                   system management tools?
            4.8.3. Does your product have the flexibility and adaptability to manage
                   products in an environment that (a) has a varying number of users, (b) a
                   variety of operating systems, and (c) a variety of management options
                   and a variety of end-user devices? Yes/No Explain
     4.9 Reporting, Auditing and Compliance
            Summarize how your product meets our auditing and reporting requirements,
            addressing the specific requirements in Section 3.6, highlighting any features of
            your product that can enhance our needs in these areas. In your description,
            address the following
            4.9.1    Is your products audit functionality integrated with the basic product
                    (e.g., is an additional module required)
            4.9.2    Type of data is collected
            4.9.3    Security management and control of audit data
            4.9.4    Does your product have archiving features for audit data
            4.9.5    PCI, DSS requirements and HIPPA HITECH requirements for a secure
                     system using the Advance Encryption Standards (AES)

     4.10 Installation, Configuration, and Deployment Explain how your product supports
        flexibility in installation and configuration options within our existing IT environment.
             4.10.1 Will the installation of your product affect the configuration of our
                    infrastructure, such as firewall configuration settings
     4.11   Specific Product Requirements
            For each requirement in this section, please provide a concise explanation of
            how your proposed solution will meet the specific requirement, including any
            additional detail requested in the requirement subsections
            4.11.1 Functionality and Features
            Security and Encryption. The security of the data is of prime
                              importance. The solution must provide secure state-of-the-art
                              encryption algorithms to include
                      Does your product have the option for 128/256
                                           encryption key lengths
                      Is your product FIPS compliant (US customers
                                            only) per http://csrc.nist.gov/publications/fi ps/fi
                                            ps197/fi ps-197.pdf
                      Does your product protection in all states of the
                                                  Off
                                                  on
                                                  standby
                                                  hibernate
                                                  online

RFP Number: 1011-1352                                                            Page 17 of 30
                                               Offline
                     Does your product have defense against attacks
                                          during all stages of the boot process.
                     Does your product have the ability to withstand
                                          attacks using alternate boot media
                     Does your product have the ability to forced
                                          encryption on entire removable media, including
                                          pre-existing data. Note: Re-formatting of devices
                                          to meet this criterion is acceptable although not
                     Does your product have the ability for removable
                                          media to be encrypted by one user and read by
                                          other authorized user(s). Note: Feature to be
                                          used for team collaboration in enterprise
          4.11.2 Authentication and Authorization
                  The solution must provide the following
               Does your product have the capability to setup and
                                 administrate role-based access control
               Optional multi-user authentication for critical security

               Support for multi-factor authentication and/or token-based
                                 authentication systems to achieve higher security
                                 classification levels and/or to mitigate risks involving
                                 improper password management(card reader/bio scan)
               Does your solution have the ability for an administrator to
                                 lock-down and/or “kill” end-user device(s) if the device(s)
                                 is(are) believed to be missing or compromised, including
                                 the capability to disable all accounts and/or delete keys
                                 necessary to decrypt the data
               Does your solution include role-based, hierarchical
                                 administrative and access control that includes
                          Definition of administrative and access control
                                              roles that provide different levels of access to
                                              the software and its functionality
                          Ability to assign specific tasks/functions to
                                              specific administrative roles
                          Ability to assign global administrative and
                                              access control to specific, defined set of
                                              policies and configurations
                          Ability to establish local administrative and
                                              access control roles that allow local level
                                              administrators to modify local policies and

RFP Number: 1011-1352                                                         Page 18 of 30
                                           configurations but restrict access to global
                                           policies and configurations
                        Ability to delegate limited access by local-
                                           level administrator to global policies or
                                           configurations, if required
                        Ability to revoke prior administrator privileges
                                           by current administrator at that level or above
                                           (e.g., no administrative lockout)
                       Support external authentication mechanisms
                                           (e.g., LDAP and AD) for administrative
                       Securely authenticate and encrypt any
                                           interface  to    external authentication
                       Ability to configure and enforce rules for
                                           strong passwords (e.g., no consecutive
                                           characters,      Include/exclude     special
                                           characters, require upper and/or lower case,
                                           set minimum length)
                     Single-sign on from pre-boot authentication to
                                          Windows for greater ease-of-use to include
                                          password synchronization so that, if the
                                          Windows password changes, the pre-boot
                                          password account is automatically updated so
                                          that the passwords remain synchronized
          4.11.3 Key Management
                The key management has to be compatible with existing IT
                Infrastructures and must work with a wide range of deployment scenarios.
                Does your solution provide?
            Key server administration, utilizing central administration
                              methodology like Public Key Infrastructure of distributing
                              key authority to any number of servers in authority chain
            Does Key recovery include
                       Administrative key recovery capability
                       Split key functionality for administrative key
                       Optional notification to end-user (or client as
                                           in workstation) of administrative key recovery
                       Self-service mechanism for end-user to
                                           retrieve lost key, even when not connected
                                           network to retrieve lost key. Note: This is
                                           crucial for laptop and mobile PDA solutions
            Ability to run key server database and key management
                              interface on separate servers

RFP Number: 1011-1352                                                      Page 19 of 30
                  Ability for hardware-based security modules that provide
                                    physical tamper-resistant environment for secure key
                                    storage and processing
            4.11.4 Backup and Recovery- Disaster recovery and business continuity are
                    major issues for enterprises. The solution must easily facilitate recovery
                    from a number of different failure scenarios. Does your solution support
                  Data recovery in case of OS failure, hardware failure (other
                                    than physical failure of the hard disk), or loss of contact
                                    with the client assigned to the device (e.g., employee
                                    termination or death)
                  Provisions for the backup          and    recovery    of    the
                                    administrative database
                  Mechanism to recover forgotten passwords, online and
     4.12   Product Architecture
            4.12.1 Product Environment – General- Our organization seeks an enterprise
                    encryption security solution that supports the general features outlined
                    below. Does you solution support
                  Ability to scale to 3000
                  Ability to scale in terms of management options (i.e., fixed
                                    devices, mobile devices, email security, file sharing, etc.)
                  Integration with LDAP or Active Directory (Explain if
                                    product requires or performs any changes to the Active
                                    Directory structure.)
                  Ability to be configured for redundancy or high availability
                  Ability to load-balance the services
                  Single solution suite that supports the following clients
                                   Windows 2000
                                   Windows XP, SP2
                                   Windows Vista
                                   Window 7
                                   Mac OS
                                   Linux

                  Single solution suite that supports the following server
                                    operating systems/platforms
                                    • Microsoft Windows 2003 (32- and 64-bit)
                                    • Microsoft Windows 2000
                                    • Unix
                                    • Linux
                                    • Novell Netware
                                    • Microsoft Windows 2008

                  Single solution suite that supports the following mobile
                                    device operating systems
                                    • Palm OS

RFP Number: 1011-1352                                                             Page 20 of 30
                               • Windows Mobile 5.0
                               • RIM OS
                               • Symbian OS
                               • Droid

            Single solution suite that supports a variety of end-user
                              devices to include
                               • Desktops
                               • Laptops / notebooks
                               • Tablet computers
                               • PDAs
                               • Digital cameras
                               • Portable / smart phones

            Various   disk   configurations/storage   architectures   to
                               • RAID levels
                               • SAN
                               • NAS

           Does your solution support all forms of removable media,
                              including but not limited to
                               • CDs
                               • DVDs
                               • USB flash drives
                               • External USB hard drives
                               • Compact flash cards
                               • SD cards
                               • LS120
                               • Zip drives
                               • Floppy drives
                               • Tapes

           Does your product support shared workstations where
                              multiple users may use the same machine
           Does your Product support Multiple partitions on a disk or
                              disk volume
            Does your product support partial encryption on both
                              permanent and removable media for data storage
                              flexibility. Software is configurable to allow a portion of
                              removable media to be encrypted, while leaving some of
                              the device unencrypted
            Does your product support disk imaging.
           Is your product compatible
               Novell Zenworks
               Symantec Ghost
           Is your product compliant with disk sanitization procedures
                              in accordance with the US Department of Defense
                              5220.22-M Clearing and Sanitization Matrix.

RFP Number: 1011-1352                                                     Page 21 of 30
          4.12.2 Integration with Existing IT Infrastructure
                  Our enterprise would like to leverage our investment in existing
                  infrastructure when deploying new solutions. This reduces capital costs,
                  reduces the number of new components being installed and places less
                  strain on our IT resources, the following requirements outline those
                  products, standards, and protocols used in our infrastructure and with
                  which your encryption product should integrate. Is your solution
                  compatible and will it integrate with the following:

               Is your product compatibility with major anti-virus malware
                                 vendors to include
                                    Symantec
                                    McAfee
                                    Norton

               Does your product have interoperability with Desktop
                                 Management Solutions to include
                                    Altiris
                                    Microsoft SMS
                                    Novell Zenworks

               Does your product have interoperability with imaging
                                 solutions to include
                                    Symantec Ghost
                                    Altiris
                                    Novell ZenWorks

               Will your product integrate with E-Dir authentication system
                                 to leverage existing investment in current systems?
               Additional integration support for authentication and
                                 account provisioning or integration with the following
                            Will your product integrate with -- Active
                            Will your product integrate with LDAP
                            Directory Services – Novell NDS
                            Backward compatible with NT domain
                            PKI public key infrastructure
                            US DoD CAC cards
                            Shibboleth/OASIS SAML (Note: Shibboleth
                                                is standards-based, open source middleware
                                                software which provides Web Single SignOn
                                                (SSO). It supports the OASIS SAML v1.1

               Support for virtualization software to include: Add products
                                 “Organization” uses
                                    VMWare
                                    Virtual Server

RFP Number: 1011-1352                                                        Page 22 of 30
                                      Virtual PC

                 Interoperability with shared environments to include
                                      MS Sharepoint
                                      MS Exchange

                 Integration with tape backup solution.
     4.13   Administration and Management
            Central management is a critical ability in an enterprise-class solution with
            hundreds or thousands of users. It is important to provide a consistent and
            effective level of security in a heterogeneous environment with various types of
            end-user devices (e.g., desktops, laptops, removable media, PDAs, etc.) running
            on differing operating systems. The solution must
            4.13.1 Provide effective central management for an installed base of 500 or
                    more clients
            4.13.2 Be easy to configure and/or customize for different locations and / or end-
                    users, both locally and remotely
            4.13.3 Be easy to support by both local and remote support teams including
                    remote recovery, remote access in both locked and unlocked states
            4.13.4 Securely authenticate and encrypt all communications between the
                    management station/application and clients
            4.13.5 Provide an alert or “phone-home” capability in the event someone tries to
                    “brute force” a device
            4.13.6 Be able to run the management server under a virtual machine (e.g.,
     4.14   Reporting, Auditing and Compliance
            4.14.1 Centralized, automated logging of current encryption state for all client
            4.14.2 Local, secure logging of audit data on client devices
            4.14.3 Ability to configure auditing to include the collection of the following types
                    of data: authentication date and time, local decryption and encryption
                    activity, local policy and administrative changes
            4.14.4 Audit trails for end-user functions that include the following data elements
                       Data Deletion
                       Account Creation
                       Data Modification
                       Addition

            4.14.5 Audit trails for administrative functions that include the following data
                       Data Deletion
                       Account Creation
                       Data Modification
                       Addition
                       Access Changes

RFP Number: 1011-1352                                                           Page 23 of 30
            4.14.6 Access control to view audit data (e.g., role based access)
            4.14.7 Secure storage of audit data
            4.14.8 Encryption of audit logs
            4.14.9 Auditing of access to audit logs (e.g., time/date of access, user name
                      accessing data)
            4.14.10    Ability to archive audit logs
            4.14.11     Reporting functionality
            4.14.12    Integrated audit capability
            4.14.13    Interoperable with computer forensic solutions to include
                       • Guidance Software Encase Product Suite
                       • Technology Pathways Product

     4.15   Configuration, Installation, and Deployment

            Installation and maintenance of the software must be simple, painless and
            minimally disruptive. It has to be easily deployed on a large number of clients
            (2,000+) with minimal administrative effort. Does your solution support

            4.15.1 Centrally-managed, network-based, remote installation of product to a
                    large number of devices, either using external software delivery or via
                    the operating system native software distribution format, such as
                    Windows’ MSI format files
            4.15.2 Use of automated installation scripts / installers with no interaction
                    required by user or local administrator
            4.15.3 Audit trails for administrative functions related to configuration, installation
                    or update of the product
            4.15.4 Minimal configuration changes to existing network infrastructure, such as
                    firewall settings, for product installation and/or updates to reduce impact
                    on the organization
            4.15.5 Ability to securely manage encrypted clients by Wake-On-LAN
            4.15.6 Ability to granularly restrict local configuration by end-user and/or local
            4.15.7 An encryption process that is resilient to unexpected lockups and/or
                    operating system failure during the actual encryption process
            4.15.8 Ability to suspend and resume the encryption process for a given disk to
                    provide flexibility when migrating extremely large disks

    4.16 Insurance Requirements


RFP Number: 1011-1352                                                             Page 24 of 30

                The bidder shall agree to indemnify and save Grand Rapids Community College,
                its officers, agents and employees, from and against any and all liability, claims,
                demands, or damages, caused by negligent act or omission, misfeasance, or
                malfeasance of the bidder, its agents, servants, or employees, including fines,
                fees, expenses, penalties, or suit proceedings, actions and costs of action, and
                attorney’s fees for trial and on appeal, and any kind and nature arising or growing
                out of the action of the bidder connected with the appeal, and any kind and
                nature arising or growing out of the action of the bidder connected with the
                performance of agreement, whether by act or omission of the bidder, its agents,
                servants, employees or others; unless said claim for liability is caused by
                negligence, misfeasance or malfeasance of GRCC or its agents, or employees.

5.0 Presentations
     Vendors whose proposals are determined by the evaluation team to meet or exceed the
     requirements of this RFP may be requested to come on campus to provide an overview of
     their proposal(s), respond to questions from the evaluation team and demonstrate the
     proposed equipment. The presentation can be an additional weighted evaluation factor in
     determining award.

6.0 Quality and Performance Standards
            6.1 Successful bidder shall include a description of their quality program
                program, including complaint resolution and corrective action procedures.

            6.2 Successful bidder shall describe metrics that are tracked, the frequency at which
                they are tracked and guaranteed level of performance. Submission of quality and
                performance history is also encouraged.

7.0   Pricing

      7.1       Please provide all solution pricing for the total, proposed solution according to the
                information provided in this request for proposal.
      7.2       Vendors must provide detailed pricing for their proposals making certain to
                itemize/detail the costs for all proposed products and services. Please:

              • Provide a catalog of all items, including hardware, software, and support services
                       that are generally used in your solution(s), providing a description of each
                       item and its associated list price.
              • Give your pricing/licensing for enterprise solutions, including any discount tiers.
              • Indicate any and all limitation to your enterprise pricing
              • What consortium discounting do you may provide, such as GSA schedule 70,
                      E&I, MiDEAL and the like.

RFP Number: 1011-1352                                                                Page 25 of 30
           • Itemize all items, including hardware, software, and support services that you
                    propose for our enterprise, providing a description of each item, its
                    associated list price, and its discounted price, if applicable. For each item,
                    indicate which costs are one-time and which items are recurring. Note: If
                    you are providing more than one solution, list each solution separately
                    according to the instructions above.
           • Provide prices for any additional special services, such as on-site, end-user
                    training, customization, and certification training (if applicable) according
                    to the information provided in Section 2.2
    7.3     Provide a total cost for each proposed solution, backed by the detail used for
            developing prices.

    7.4     Any items, products or services that would result in additional charges must be
            clearly presented and explained.
    7.5     Outline the pricing structure of your company. Pricing must be provided to
            include all costs related to the agreement.
    7.6     Vendors must indicate what items have warranties and what the duration of the
            warranties are. Any quotas or limits of service must be clearly identified and
            remedies or additional costs explained.
    7.7     All prices and rates are guaranteed to be firm for the first year. Please indicate
            pricing and/or discount percentage commitments for subsequent years (i.e.
            specific prices/discounts for years two and three; percentage increase
            maximums, or other defined methods). GRCC reserves the right to exercise the
            option to extend or close any awarded contract at the expiration of year one.
    7.8     Any shipping costs to be incurred by the College must be quoted FOB our dock.
            Shipping costs must be provided by item and sub-totaled by system.
    7.9     In addition to what has been specified, Suppliers are encouraged to provide
            “expressive    bid”   alternate    pricing/proposals    by    suggesting    alternate
            specifications, technology, terms and conditions, service conditions, etc. that
            could result in flexibility and cost savings for Grand Rapids Community College
            and for the Vendor. Vendors must insure that their alternate proposal meets or
            exceeds requirements and specifications as detailed throughout this RFP.
    7.10    GRCC may issue a clarification request, in writing, to one or all bidders. A
            clarification request does not allow a bidder to change its proposal.
    7.11    Negotiations
            GRCC may enter into negotiations with bidders on price or technical
            clarifications. Additionally GRCC mayl negotiate with the vendor(s) to reach an
            agreement that best meets the overall needs and desires of the College

RFP Number: 1011-1352                                                            Page 26 of 30
     7.12       Best and Final Offer
                GRCC may request a Best and Final Offer (BAFO) from each bidder determined
                to be in the competitive range. Each bidder must respond in writing with its
                BAFO by the deadline established by GRCC Purchasing.

                There is no guarantee that any bidder will be allowed an opportunity to
                engage in negotiations or to submit a BAFO under this Section.

            7.12 Payment terms will be net 30 days upon delivery of products and following
                completion of any services and receipt of invoice.

8.0 Taxes
                8.1    Grand Rapids Community College is exempt from Michigan Sales Tax
                       and will furnish a tax exempt certificate upon request.

RFP Number: 1011-1352                                                            Page 27 of 30
                        APPENDIX A:

RFP Number: 1011-1352                 Page 28 of 30
                           Fair Employment Practices Agreement

This rider is attached to and made a part of the bidding form agreement between
the Grand Rapids Community College and

Name of Company

During the performance of this contract, the above named firm agrees as follows:

1. Will not discriminate against any employee or applicant for employment because of race, color,
   religion, sexual orientation, gender, age, national origin, height, weight, marital status, disability, or
   status as a veteran (“protected classes”) unless necessary as a bona fide occupational qualification.
   Said company will take action to ensure that applicants are employed without regard to their
   membership in a protected class, as defined above. Such action shall include but not be limited to the
   following: employment, upgrading, demotion or transfer, recruitment or recruitment advertising, layoff,
   recall, or termination, rates of pay or other forms of compensation, and a selection for training,
   including apprenticeship. He/She agrees to post in conspicuous places, available to employees and
   applicants for employment, notices to be provided by the contracting officer setting forth the
   provisions of this nondiscrimination clause.

2. Will, in all solicitations or advertisements for employees placed by or on behalf of the company, state
   that all qualified applicants will receive consideration for employment without regard to race, color,
   religion, sexual orientation, gender, age, national origin, height, weight, marital status, disability, or
   status as a veteran unless necessary as a bona fide occupational qualification.

3. Will, as applicable, provide a written notice of the companies’ commitments under the Fair
   Employment Practices Agreement to each labor union representative or worker(s) with which he/she
   has a collective bargaining agreement or other contract understanding. He/She further agrees to post
   a copy of the notice in conspicuous places available to employees and applicants for employment.

4. Will furnish all information and reports as requested by Grand Rapids Community College, including
   pertinent books, records, and accounts to ascertain compliance with Grand Rapids Community
   College nondiscrimination policies.

5. In the event of noncompliance with the nondiscrimination clauses of this contract or with any of the
   said policies, this contract may be canceled, terminated, or suspended in whole or in part, and the
   said company may be declared ineligible for further contracts in accordance with procedures
   established by the Grand Rapids Community College and such other sanctions may be imposed and
   remedies involved as provided by rule, regulation, order or statement of policy of the College or as
   otherwise provided by law.

6. The following provisions are required by the Elliot-Larson Civil Rights Act: The company and, where
   applicable, sub-contractors shall not discriminate against any employee or applicant for employment,
   to be employed in the performance of this contract, with respect to his/her hire tenure, terms,
   conditions or privileges of employment, because of his/her f race, color, religion, sexual orientation,
   gender, age, national origin, height, weight, marital status, disability, or status as a veteran unless
   necessary as a bona fide occupational qualification

   Ownership Interest:
   Public Act 428 of 1980 requires that the minority business owner or woman business owner own
   more than 50% of the shares or interest in the business and share in more than 50% of the net profit
   or loss of the shares or interest in the business which accrues to shareholders who are members of a
   minority or a woman owned business.

RFP Number: 1011-1352                                                                      Page 29 of 30
    Completion of this Form is Requested for Monitoring Purposes

   P.A. 428 of 1980 requires the minority or women to exercise the power to make policy
   decisions and be involved in the day-to-day management of the business.

   Please check the following applicable criteria:



   Company Name:________________________             Phone:____________________________


   Type of Business: __________________________________________________________

   _____Independent Firm, or Owned/Controlled by:__________________________________

   Corporate Address of Parent Firm_____________________________________________

 Personnel as of (Payroll Date)

                          ALL PERSONS                       PERSONS OF          PERSONS
JOB CATEGORIES            M       F   TOTALS                    COLOR           OF COLOR
                                                              M           F     TOTALS
 Officials & Managers
 Sales Persons
 Crafts Persons
 Service Workers
 Laborers (Unskilled)
 All Others

Total Employees

Name of person providing data (please print):_______________________________________

Phone:_______________________ Date:_______________________________________

Title:_________________________ Signature:___________________________________

Questions concerning the Fair Employment Practices Agreement should be directed to Labor
   Relations (616) 234-3453

RFP Number: 1011-1352                                                     Page 30 of 30