Request for Proposal (RFP) For Data and Cybersecurity Assessment
Objective
Immigration Equality and Immigration Equality Action Fund (hereafter known as “IE”) is requesting proposals from Data and Cybersecurity Consultants to assess and enhance cyber and data security at IE.
- Conduct detailed data and cybersecurity assessment of IE including:
- Overall technology effectiveness and security
- Technology policies and procedures
- User desktop use
- Work tools security, use and policies, for tools including but not limited to Windstream, LastPass, Salesforce, MS Office 365 including SharePoint, Teams, and OneDrive, email system, Adobe, and other systems used by IE
- Social media accounts security
- Banking access and accounts security
- Current prioritization of existing project and resources
- IT staffing and support
- Data and Cybersecurity Insurance coverage
- Connectivity and networks review
- Provide a detailed assessment report including risks and recommendations for future improvements including prioritization and budget estimates for recommended improvements in order to ensure a secure cyber and data environment. Recommendations must be structured as projects for ease of execution.
Timeline
RFP Issue Date: February 7, 2024
Proposal Submission Deadline: March 6, 2024
Finalist Interviews: March 28-April 5, 2024
Vendor Selection and Notification Milestone: April 12, 2024
Kickoff Meeting Milestone: April 24, 2024
Detailed Project Plan Submission Deadline: May 3, 2024
Initial Assessment Milestone: July 8, 2024
Risk Prioritization Milestone: August 9, 2024
Interim Progress Report Submission Deadline: August 23, 2024
Final Assessment and Recommendations Milestone: September 18, 2024
Final Report Submission Deadline: October 4, 2024
Presentation and Q&A Session Milestone: October 23, 2024
Target Project Closure: November 1, 2024
Organizational Background
In 1994, a group of talented LGBTQ attorneys gathered together and decided that it was time for change. From a small meeting room in the LGBT Community Center of New York City, the Lesbian and Gay Immigration Rights Task Force (what would one day be known as Immigration Equality) was born. At the time, it had been only four years since the U.S. government lifted its ban on “homosexual” immigrants from entering the country. It was also the first year that the Justice Department formally recognized sexual orientation as a fundamentally protected human right for refugees.
Since our founding, Immigration Equality has fought and won giant victories in the halls of Congress, in the arena of public opinion, and in the federal courts, including a repeal of the ban on immigration and travel for people living with HIV, and making green cards available for married same-sex binational couples
We boast a 99% success rate in our cases – fighting for asylum seekers, detained individuals, and families seeking equal rights for themselves and their loved ones.
Currently, IE has 18 remote staff across North America. Each staff has a laptop and most staff have office printers in their home workspaces.
Our office hours are 9:30am-5:30pm, EST Monday through Friday. Though we do have staff on flex schedules that work slightly outside of these work hours.
Response Instructions
Please submit an electronic copy (PDF) sent via email, of your response to this RFP no later than March 6, 2024.
Contact Information
At no time shall any representative of IE be contacted, unless pre-approved by Jennifer Carrel.
All questions and contact by the firms are to be made only to:
Jennifer Carrel
Deputy Director
Immigration Equality | Action Fund
594 Dean Street; Brooklyn, NY 11238
Direct Dial: (212) 714-2864
Mobile: (917) 288-3813
jcarrel@immigrationequality.org
Format
An evaluation committee made up of the Board Security Committee and additional IE staff will review all submitted RFPs. Follow up interviews may be conducted with a short list of finalists. Information and/or factors gathered during interviews, negotiations, and any reference checks, in addition to the evaluation criteria rankings, shall be the sole and exclusive property of IE. IE reserves the right to contact references other than, and/or in addition to, those furnished by your consulting firm.
IE shall not be responsible or liable in any manner for the risks, costs, or expenses incurred by any consultant in the preparation of its response to this RFP.
All collaborative work and deliverables must be in Microsoft Office software for ease of use by IE staff.
Evaluation Criteria
Specific attention will be paid to:
- Organization and capabilities
- Credentials, experience and reputation of the consulting team working with institutional clients
- Background and quality of the technical and customer service
- Competitiveness of fees for our non-profit organization
- Performance reporting capabilities
- Quality of existing client relationships and references
- Commitment to social responsibility and non-discrimination
Finalist Presentations
Firms selected as finalists should be prepared to conduct a short presentation and Q&A session with the IE Board Security Committee. Finalists should be prepared to answer detailed questions regarding their proposals.
Confidentiality
All information presented in this RFP, including information disclosed by IE during the selection process, is to be considered strictly confidential. Information must not be released to external parties without the express written consent of IE.
All responses and other materials submitted in response to this RFP will become the property of IE. IE assumes no obligation and shall incur no liability regarding confidentiality of all or any portion of a response or any other material submitted in response to this RFP unless expressly agreed in writing to protect specifically identified information.
Content
The written proposal should include the following details:
- Your firm’s profile and certifications;
- The services that you provide;
- Your size and years in business;
- Your firm’s qualifications and experience, with specific emphasis on the non-profit sector;
- Your staff’s depth and qualifications, with a specific comment on the level of staff who would be made available to IE;
- Who would be made available to complete the work in our RFP;
- A detailed description of your assessment methodology;
- References (non-profit clients preferred) and sample client list;
- A detailed breakdown of project costs and requested payment schedule
- Your firm’s non-discrimination policy, and diversity, equity, and inclusion statement.
A. Firm Strength and Stability
- Please disclose any and all conflicts of interest your organization has in serving as our data and cybersecurity consultant. Disclose whether your firm has any financial or other affiliation with any staff or Board members. If any such affiliations exist, how does your firm protect against conflict of interest?
- Is the firm willing to disclose upon client request, the dollar amount and nature of all material beneficial relationships that the firm or any affiliate of the firm, engages in with investment manager clients? If not, please explain.
- Describe any material litigation, regulatory, or legal proceedings in which your firm or any of the principals are or have been involved over the past five years. Specifically highlight this information for the consultant(s) for our account.
- Describe the levels of insurance coverage, including the amounts of errors and omission insurance and any other professional liability insurance your firm currently has in force.
- What do you believe sets your organization’s services apart from the competition, and allows your firm to generate superior performance and service levels?
- Describe your firm’s experience and capability for providing education to IE staff, as it relates to IT best practices and security issues.
- Describe the continuing education your staff participates in on an ongoing basis, and how your organization stays on top of technical and security advances.
B. Service Structure & Accessibility
- Provide the location of the office that will serve IE and biographies of the key consulting personnel assigned to our account. Please identify who would be our main representative who would perform the analytical work on the relationship and who would serve as the back-up consultant in situations when the proposed lead consultant is not available. What is the average number of client relationships per consultant?
- Tell us about the support professionals who would be responsible for this account. Explain how the team dedicated to our account would function. List any senior staff departures in the past two years and explain the reason for the departure.
- Should project issues occur, what would escalation and resolution processes look like?
- How accessible and available would you be for the Deputy Director for questions regarding service, project status, results, and general inquiries?
- What is your quality standard for returning telephone calls and/or emails?
C. Performance Reporting
- Comment on your process for providing performance measurement reports.
- How frequently do you plan to provide performance measurement reports.
D. Fee Proposal
- Please describe the fees proposed by your organization for providing the cyber and data security assessment services as described herein to IE. Fully itemize all fees and include the requested payment schedule. The target budget allocation is approximately $15,000.
Thank you for taking the time to respond to IE’s request for proposal for data and cybersecurity assessment services! Your effort is deeply appreciated, and we will respond shortly.