Request for Proposal (RFP)

The RFP can be a lengthy document that takes considerable time to complete. The RFP accomplishes several goals, including informing potential vendors of a product or service that is being sought, providing specific details on what it is that the organization wishes to purchase, and providing a basis from which to evaluate interested vendors. For IT products and services, the requirements should also include specifications for expected security features that may include the following (items might not be applicable in all situations):

The need for personnel to have a background investigation or security clearance

• Specific training or certification requirements for personnel

• Regulations or standards that must be adhered to

• Security tests or assessments that must be completed on products or networks

• Specific firewall, router, or intrusion detection settings or reviews

• Physical security checks

• Software security checks

• Threat modeling requirements

• Security policy reviews

• Expected best practices