vendor conference power point presentation
TRANSCRIPT
Texas Health and Human Texas Health and Human Services Commission (HHSCServices Commission (HHSC))
Information Technology Audit of Information Technology Audit of Wireless Technology SecurityWireless Technology Security
Request for Proposals # 529-07-Request for Proposals # 529-07-01110111
Vendor Conference January 2, 2008Vendor Conference January 2, 2008
WelcomeWelcome
IntroductionsIntroductions Steve Bailey and Thomas Spears, Enterprise Steve Bailey and Thomas Spears, Enterprise
Contract and Procurement Services (ECPS)Contract and Procurement Services (ECPS) Sherice Williams-Patty, HUB Coordinator, Sherice Williams-Patty, HUB Coordinator,
Administrative Services Development (ASD)Administrative Services Development (ASD) David Griffith, Director, HHSC Internal AuditDavid Griffith, Director, HHSC Internal Audit Annick Barton, IT Audit Manager Annick Barton, IT Audit Manager David Brown, Assistant General CounselDavid Brown, Assistant General Counsel
Housekeeping ItemsHousekeeping Items
HHSC Procurement RolesHHSC Procurement Roles
ECPSECPS- Responsible for procurement activity- Responsible for procurement activity HUBHUB- Responsible for HUB activity - Responsible for HUB activity ProgramProgram- Responsible for project scope, - Responsible for project scope,
requirements, performance, results, contract requirements, performance, results, contract management/monitoringmanagement/monitoring
LegalLegal- Questions/answers and legal activity- Questions/answers and legal activity
Vendor Conference OverviewVendor Conference Overview
Procurement ActivitiesProcurement Activities
HUB ItemsHUB Items
RFP OverviewRFP Overview
Questions SubmittalQuestions Submittal
Break Break
Preliminary Responses to QuestionsPreliminary Responses to Questions
Closing CommentsClosing Comments
Procurement ActivitiesProcurement Activities
Questions & Answers Questions & Answers Sole Contact, Mary Townsend, ECPSSole Contact, Mary Townsend, ECPS Procurement Schedule Procurement Schedule Solicitation Access Solicitation Access Submission RequirementsSubmission Requirements Solicitation ChangesSolicitation Changes Screening & EvaluationScreening & Evaluation Award InformationAward Information
HUB Subcontracting HUB Subcontracting PlanPlan
(HSP) Requirements(HSP) Requirements
AgendaAgenda TopicsTopics
• RFP Section 4.0 Historically Underutilized RFP Section 4.0 Historically Underutilized
Business Business
Participation RequirementsParticipation Requirements
• HUB Subcontracting PlanHUB Subcontracting Plan
• Self Performance HSP Self Performance HSP
• HSP Prime Contractor Progress Assessment HSP Prime Contractor Progress Assessment
ReportReport
• HUB Participation GoalsHUB Participation Goals
• Potential Subcontracting OpportunitiesPotential Subcontracting Opportunities
• Vendor Intends to Subcontract Vendor Intends to Subcontract
• Minority or Women Trade Organizations Minority or Women Trade Organizations
• Self PerformanceSelf Performance
• HSP Changes After Contract AwardHSP Changes After Contract Award
• Reporting and Compliance with the HSPReporting and Compliance with the HSP
RFP Section 4.0 - Historically Underutilized RFP Section 4.0 - Historically Underutilized
Business Participation RequirementsBusiness Participation Requirements
Self Performance Declaration
Company Information
HSP Information Page
If more than 20, provide attached list
HUB GOALS
One page for each area
subcontracted(listed on page
1)
List Line # and Subcontracting
Opportunity
HSP Information Page
Protégé performing the work
HSP Information Page
Skip to Sections
8 and 10
Professional Services Category
HSP Information Page
Good Faith Efforts to find Texas Certified HUB VendorsContact HUB Trade Organization
Written Notification Requirements
List 3 HUBs Contacted
for this Subcontractin
g Opportunity
HSP Information Page
List Subs to be used (HUBs & Non-HUBs) for
this Subcontracting
Opportunity
HSP Information Page
Reason why HUB was not selected
for this Subcontracting
Opportunity
HSP Information Page
Self Performanc
e Explanation
Signature Affirms that True and Correct Information is Provided
HSP Information Page
HUB Subcontracting Plan (HSP)
Prime Contractor Progress Assessment Report This form must be completed and submitted to the contracting agency each month to document compliance with your HSP.
Contract/Requisition Number: Date of Award: Object Code: (mm/dd/yyyy) (Agency Use Only)
Contracting Agency/University Name:
Contractor (Company) Name: State of Texas VID #:
Point of Contact: Phone #:
Reporting Period: - Jan. - Feb. - Mar. - Apr. - May - Jun. - Jul. - Aug. - Sept. - Oct. - Nov. - Dec. (Check only one Month)
Total Contract Amount Paid this Reporting Period to Contractor: $
Report HUB and Non-HUB subcontractor information
Subcontractor’s Name Subcontractor’s VID or HUB Certificate Number
Total Contract $ Amount from HSP with Subcontractor
Total $ Amount Paid This Period to Subcontractor
Total Contract $ Amount Paid
to Date to Subcontractor
Object Code (agency use only)
$ $ $
$ $ $
$ $ $
$ $ $
$ $ $
$ $ $
$ $ $
$ $ $
$ $ $
$ $ $
$ $ $
$ $ $
$ $ $
$ $ $
$ $ $
$ $ $
$ $ $
$ $ $
$ $ $
TOTALS: $ $ $
Signature: Title: Date:
HSP-PAR Rev. 9/05
• Required with ALL Pay Requests
• Required even if not subcontracting
• List ALL Sub payments (HUBs & Non- HUBs)
HSP Prime Contractor Progress Assessment Report
ATTACHMENT “E”
HSP ASSISTANCE FROM CPA
HUB Subcontracting Plan (HSP) Forms
Step-by-step instructions and an audio on “How to Complete an HSP ” is located on the Comptroller of Public Accountants (CPA’s) website at: http://www.cpa.state.tx.us/procurement/prog/hub/hub-forms/hsp_project.wmv
How to Complete an HSP
Play Windows Media Version (7.7 mb download)Play Macromedia Flash version (10.8 mb download)Read Video Transcript (.rtf file) (160k download)Play QuickTime (mp4) version (24 MB download)
Administrative Services Administrative Services Development HUB Program OfficeDevelopment HUB Program Office
Sherice Williams-Patty, HUB AdministratorSherice Williams-Patty, HUB AdministratorAdministrative Services Development Administrative Services Development - (512) 424-6903- (512) 424-6903- - [email protected]@hhsc.state.tx.us
Carlos Balderas, HUB Administrator Carlos Balderas, HUB Administrator Administrative Services Development Administrative Services Development - (512) 424-6896- (512) 424-6896- - [email protected]@hhsc.state.tx.us
Robert L. Hall, C.P.M.Robert L. Hall, C.P.M. Administrative Services Development Director Administrative Services Development Director
- (512) 424-6596- (512) 424-6596- - [email protected]@hhsc.state.tx.us
RFP Overview: IT Audit of RFP Overview: IT Audit of Wireless Technology Wireless Technology
SecuritySecurity
HHSC Internal Audit HHSC Internal Audit
Annick M. Barton, IT Audit Annick M. Barton, IT Audit ManagerManager
January 2, 2008January 2, 2008
IT Audit of Wireless Technology IT Audit of Wireless Technology SecuritySecurity
Mission and ObjectivesMission and Objectives Scope of WorkScope of Work Project ScheduleProject Schedule Key Performance Requirements Key Performance Requirements Cost ProposalCost Proposal
Mission Mission (Section 1.4 and 1.5)(Section 1.4 and 1.5)
To engage an independent audit services To engage an independent audit services contractor to evaluate wireless technology contractor to evaluate wireless technology security in Health and Human Services security in Health and Human Services agencies agencies
Audit services must be conducted in Audit services must be conducted in accordance with auditing standards issued by accordance with auditing standards issued by the IIA, GAO, and ISACAthe IIA, GAO, and ISACA
Experience and expertise of the Respondent’s Experience and expertise of the Respondent’s key professional staff is a significant factor in key professional staff is a significant factor in selection of the audit services contractorselection of the audit services contractor
Objectives Objectives (Section 1.5)(Section 1.5)
Determine whether:Determine whether:A.A. Agency decisions to use wireless technology are Agency decisions to use wireless technology are
supported by an analysis of business needs, impacts on supported by an analysis of business needs, impacts on the technology infrastructure, data and system risks, the technology infrastructure, data and system risks, and associated benefits and costs.and associated benefits and costs.
B.B. HHS enterprise contract provisions and information HHS enterprise contract provisions and information technology standards and policies adequately address technology standards and policies adequately address wireless technology risk areas and are aligned with wireless technology risk areas and are aligned with State and Federal requirements and best practices.State and Federal requirements and best practices.
C.C. HHS agency contract provisions and information HHS agency contract provisions and information technology policies, procedures, and practices technology policies, procedures, and practices adequately address wireless technology risk areas and adequately address wireless technology risk areas and are consistent with HHS enterprise standards and are consistent with HHS enterprise standards and policies, State and Federal requirements, and best policies, State and Federal requirements, and best practices.practices.
Objectives Objectives (Section 1.5)(Section 1.5)
Determine whether:Determine whether:D.D. Wireless network access points and servers that Wireless network access points and servers that
support Blackberry/Personal Digital Assistant services support Blackberry/Personal Digital Assistant services are appropriately secured to help ensure HHS data are appropriately secured to help ensure HHS data and systems are protected from unauthorized and systems are protected from unauthorized disclosure, use, modification, or destruction.disclosure, use, modification, or destruction.
E.E. Wireless network devices are appropriately secured Wireless network devices are appropriately secured to help ensure HHS data and systems are protected to help ensure HHS data and systems are protected from unauthorized disclosure, use, modification, or from unauthorized disclosure, use, modification, or destruction. destruction.
F.F. Effective mechanisms are in place for detecting, Effective mechanisms are in place for detecting, monitoring, and responding to wireless security monitoring, and responding to wireless security exposures and incidents.exposures and incidents.
Scope of Work Scope of Work (Section 2.2 and (Section 2.2 and 2.5)2.5)
Information Technology Audit of Information Technology Audit of Wireless Technology Security across Wireless Technology Security across all HHS agencies (DADS, DARS, DFPS, all HHS agencies (DADS, DARS, DFPS, DSHS, and HHSC) DSHS, and HHSC)
Audit Planning, Fieldwork, and Audit Planning, Fieldwork, and Reporting PhasesReporting Phases
Scope of Work Scope of Work (Section 2.2 and (Section 2.2 and 2.5)2.5)
Audit ScopeAudit Scope HHS agency and applicable vendor/contractor HHS agency and applicable vendor/contractor
activitiesactivities Includes assessment of wireless access points that Includes assessment of wireless access points that
are rogue or unapprovedare rogue or unapproved Includes evaluation of security controls related to Includes evaluation of security controls related to
wireless technology hardware, software, and wireless technology hardware, software, and devices (such as laptops, PDAs and related servers, devices (such as laptops, PDAs and related servers, and printers)and printers)
Scope of Work Scope of Work (Section 2.2 and (Section 2.2 and 2.5)2.5)
Audit ScopeAudit Scope HHS agency owned or leased HHS agency owned or leased
facilitiesfacilities Any locations that house HHS Any locations that house HHS
employees in Texas employees in Texas Data centers housing HHS data Data centers housing HHS data
located in Texaslocated in Texas
Project Schedule Project Schedule (Section 2.1)(Section 2.1)
Detailed project schedule of work and Detailed project schedule of work and timelinestimelines
Resulting in Final Audit Report submitted no Resulting in Final Audit Report submitted no later than 120 business days after the later than 120 business days after the contract effective datecontract effective date
Anticipated contract effective date: April 15, Anticipated contract effective date: April 15, 20082008
Draft Report due no later than 89 business Draft Report due no later than 89 business days after the contract effective date (August days after the contract effective date (August 22, 2008)22, 2008)
Key Performance Key Performance Requirements Requirements
(Section 2.3 and Attachment A)(Section 2.3 and Attachment A) Contractor must meet Key Performance Contractor must meet Key Performance
Requirements and subscribe to associated Requirements and subscribe to associated liquidated damages for failure to performliquidated damages for failure to perform
Respondent must indicate in its proposal Respondent must indicate in its proposal acceptance or rejection of each Key acceptance or rejection of each Key Performance Requirement, including (if Performance Requirement, including (if rejected) basis for rejection and proposed rejected) basis for rejection and proposed modificationsmodifications
If timeline for any deliverable not met, If timeline for any deliverable not met, contractor must provide Daily Status Report contractor must provide Daily Status Report
Key Performance Key Performance Requirements Requirements (Section 2.3 and (Section 2.3 and
Attachment A)Attachment A) Attachment A outlines Performance Area, Attachment A outlines Performance Area,
Standards and Measures, and Liquidated Standards and Measures, and Liquidated DamagesDamages
Example: Example: List of Audit Project Personnel can be accepted or List of Audit Project Personnel can be accepted or
rejected by the Internal Audit Director rejected by the Internal Audit Director Once personnel are approved, contractor may not Once personnel are approved, contractor may not
make changes without written approval of the make changes without written approval of the Internal Audit Director Internal Audit Director
Liquidated damages for noncompliance are $10,000 Liquidated damages for noncompliance are $10,000 per occurrence plus $500 per day for each project per occurrence plus $500 per day for each project member changedmember changed
Cost Proposal Cost Proposal (Section 3.14.2 and Attachment B)(Section 3.14.2 and Attachment B)
Separate costs must be provided for each audit phase Separate costs must be provided for each audit phase and audit objectiveand audit objective
Include any business, economic, legal, programmatic, Include any business, economic, legal, programmatic, or practical assumptions that underlie the Cost or practical assumptions that underlie the Cost ProposalProposal
Separately identify value-added benefits, costs-Separately identify value-added benefits, costs-savings and cost-avoidance measures and the effect savings and cost-avoidance measures and the effect on the Cost Proposal and Scope of Workon the Cost Proposal and Scope of Work
HHSC reserves the right to select the objectives to be HHSC reserves the right to select the objectives to be performed to obtain best value for HHSC performed to obtain best value for HHSC
Texas Health and Human Texas Health and Human Services Commission (HHSCServices Commission (HHSC))
Questions SubmittalQuestions SubmittalFollowed by BreakFollowed by Break
Closing CommentsClosing Comments
Office of General CounselOffice of General Counsel
Collusion Collusion
Conflict of InterestConflict of Interest
Permissible contactsPermissible contacts