isaca security template for contracts ?? · web viewisaca security template for contracts

Download ISACA Security Template for Contracts ?? · Web viewISACA Security Template for Contracts

Post on 04-Feb-2018




0 download

Embed Size (px)


Module 18

ContentsIntroduction2Example RFP (LMS Learning Management System Based Example)3Statement of Work63Nondisclosure Agreement67Data and Information Ownership and Custodian Reciprocal Agreement72Service Level Agreement100Satisfaction Factors Template106Memorandum of Understanding108Third Party Due Care Checklist112Associated BUSTECHGA Course Offerings116Building Security Into Contractual Agreements: Bid Specifications, SLAs and MOUs116Building Security Into Contractual Agreements: SLAs and MOUs116About the Author117


This module is a supplement to Module 18 for those looking for examples of forms including form templates.

Example RFP (LMS Learning Management System Based Example)

Module 18Vendor Management Forms

General Information

PB&G ENTERPRISES (Customer) is soliciting proposals for new Learning Management System / LMS systems for their organization, which provides services to its member credit unions. The intent of this Request for Proposal (RFP) document is to secure under contract all materials, engineering, equipment, installation, supervision, and training services to implement this new system to meet the business requirements detailed in this RFP.

A vendor, by submitting the bid, represents that they possess the capabilities, hardware, software and personnel necessary to provide an efficient and successful installation of properly operating systems.


Vendors are requested to confirm/update their firms name, address, information, and primary contact below in the space provided.

Company Name

Street Address

City, State and Zip Code

Primary Contact Name & Title

Phone Numbers

Email address


Bid Instructions and Guidelines

All respondents to this RFP must agree to the terms and conditions of this section. Vendors must meet the requirements and specification details contained in this RFP and any addenda that may be issued by PB&G ENTERPRISES Any exceptions must be noted in your response.

Prior to submitting bids, each vendor is requested to carefully consider the amount and character of the work to be done as well as the difficulties involved in its proper execution. Vendors should include in their bids all costs deemed necessary to cover all contingencies essential to successfully installing the specified systems. Any cost not specifically itemized in the proposal shall not be incurred unless specifically agreed upon, in writing. No claims for compensation will be considered or allowed for extra work resulting from lack of knowledge of any existing conditions on the part of the vendor.

Ownership - All copies of this request, and all proposals and attachments will remain the property of PB&G ENTERPRISES. Vendors may copy this document for the purpose of responding to this request. All copies of this document must be returned to PB&G ENTERPRISES upon request. Submitted proposals are to be considered the property of PB&G ENTERPRISES and will not be returned.

Implied Offer to do Business - This RFP is not an offer to enter into an agreement with any party, but rather a request to receive proposals from entities interested in providing services outlined within. PB&G ENTERPRISES or any affiliate, subsidiary, etc. shall not be obligated for the payment of any sums whatsoever to any recipient of this RFP, nor shall PB&G ENTERPRISES be under any obligation to any such recipient in any manner whatsoever with regard to the subject matter of this RFP, until and unless a formal written agreement is executed by PB&G ENTERPRISES.

Presentation - Selected vendors, at PB&G ENTERPRISESs discretion, may be asked to provide a formal proposal presentation and or demonstration. A requested presentation or demonstration will not imply a commitment or award. Should a presentation be requested, PB&G ENTERPRISES may provide vendor with a defined format or outline.

Incurred Costs - Vendor shall bear its own costs and expenses. PB&G ENTERPRISES will not be responsible for any costs incurred by a vendor in preparing, delivering or presenting responses to this RFP, unless otherwise agreed to in writing by the vendor and PB&G ENTERPRISES.

Confidentiality / Non-Disclosure All information about PB&G ENTERPRISES and affiliates, subsidiaries, etc., and their marketing data/plans, peripherals, supplies and service purchases is proprietary. This RFP and its contents are confidential and may not be disclosed to any third party without prior written consent of PB&G ENTERPRISES. Likewise, the contents of vendors proposal and all documentation will be held in confidence by PB&G ENTERPRISES and their consultants and may not be disclosed to any third party without prior written consent of vendor. This section shall not act to supersede any non-disclosure agreement in place between PB&G ENTERPRISES and vendor. All mutual proprietary agreements are hereby incorporated by reference.

During the period from now until a contract is awarded, all communications shall be with Pooka Bear of PB&G Enterprises, with a copy to Godiva of PB&G ENTERPRISES.

Modifications to RFP Specifications - PB&G ENTERPRISES reserves the right, at any time, to amend, supplement, withdraw or otherwise change this RFP. Addenda or amendments will be emailed or faxed to all vendors who have been provided copies of the RFP. If revisions are of such a magnitude, in the Customers opinion, to warrant the postponement of the date for receipt of proposals, an addendum will be issued announcing the new date.

No modification or interpretation of the specifications other than through the issuance of addenda will be binding upon the Customer. Vendors must notify PB&G Enterprises as soon as possible of any omissions or errors in the specifications so that those corrective addenda may be issued. PB&G Enterprises must receive such notification within seven (7) calendar days of the issuance of the RFP.

Questions Regarding this RFP - All questions regarding this RFP must be submitted in writing at any time on or before HH:MM mmddyyyy. Questions are to be submitted via email to PB&G Enterprises at proposal@pb& If requested, an email reply confirming the receipt of your email will be generated.

We will make every attempt to respond to questions as quickly as possible. If the questions affect the RFP Specifications, any new information or changes to this RFP will be sent to all vendors as time permits.

Due Date for Bid Submittal - The vendor must provide signed hard copies and electronic soft copies of their complete bid to the individuals specified in this section. Bids are to be submitted for review, not formally presented, unless so requested by either Customer or Consultant.

Submissions must be received or have a postmark

No Later than hh:mm on mmddyyyy

The Bid Submittal Deadline is Firm and Will Not Be Extended. Failure to provide a response by the date and time specified at the location as stated may result in the disqualification of that vendor from further consideration. It is vendors responsibility to ensure their responses are delivered to the exact location specified below by the date and time specified. Please deliver your proposal to the following:

Pooka Bear


PB&G Enterprises

100 Wheaton Drive

Anytown, Fl 99999

Withdrawal of Bid Response - Withdrawal of bid response will not be allowed for a period of 60 days following the bid deadline. Should you withdraw your bid, you will not be allowed to submit another bid for this project.

Right to Reject Bid - PB&G ENTERPRISES has the right to reject any and all bids, such as a bid not accompanied by the data required by this RFP, a bid that is non-compliant, or for reasons only known to PB&G ENTERPRISES and their telecommunications consultants.

Bid Format - Bids must be submitted on these forms (the RFP document will be provided electronically). All entries made by the vendor to the RFP document must be in a color other than black so as to be conspicuous. Attachments do not need to be in color as long as they are appropriately labeled as an attachment. All bids must be formatted for 8 1/2 x 11 inch paper .

All bid responses must be precise, to the point, and follow the form of this RFP. The complete proposal must include this document with point-by-point responses to the RFP and all other materials requested in the RFP. All questions asked in the RFP must be answered fully and concisely. If a question is redundant, please answer it again. Avoid ambiguous phrases like all reasonable effort.

Alternatives to the specification will be considered and evaluated, but only if they are in addition to, and not in place of, the stated requirements. Any exception must be clearly specified as such and the Customer reserves the right to reject any bids that do not comply with this instruction.

Each question must be responded to completely. References to other documents that are not included as part of the appendix will not be accepted.

Please do not include promotional materials unless they add substance to vendors proposal. Vendors are cautioned that proposals that do not conform to the guidelines required by this RFP will be subject to rejection without a complete review.

Clarification and Interpretation of RFP - The words "must" or "will" in this Request for Proposal (RFP) indicate mandatory requirements


View more >