Skip to Main Content Skip to Left Navigation Skip to Footer
Commerce Seal montage illustrating the work Commerce does
 
Print without left or right navigation

RFI Shared Service Center

***Update 6/05/2007***

Amendment 0001 to this RFI - Document amended 06/05/2007. Addition found under paragraph “2. Scope” and is found in red text. Page numbers in table of context were thus updated to correctly show all information. Info can be found on page 7 of 22. This added paragraph under “2. Scope” is the only addition - nothing else has changed.

General Information

Document Type:

Request for Information

Reference Number:

OCIORFI Shared Service Center

Posted Date:

May 25, 2007

Archive Date:

July 01, 2007

Original Response Date:

Jun 25, 2007

Current Response Date:

Jun 25, 2007

Classification Code:

D -- Information technology services, including telecommunications services

SetAsides:

TBD

Naics Code:

541519 -- Other Computer Related Services

Contracting Office Address

    Department of Commerce, Office of the Secretary, Commercial Acquisitions Solutions, 1401 Constitution Ave, NW, Room 6520 Washington, DC 20230

Point of Contact

    Douglas Smith, Contracting Officer, Phone 202-482-6436, Fax 202-482-4988, Email DSmith@doc.gov

Description:

This is a Request for Information for a Department-wide Shared Service Center to support E-mail, Calendaring, IM, and Mobile Devices. The Department of Commerce (DoC) is issuing this Request for Information (RFI) to identify responsible potential sources and obtain information in regards to setting up this shared service center. This is an essential step in determining market interest. In order to minimize costs both to potentially interested parties and the Government, this notice is issued to determine market interest and feasibility as well as determining marketing strategies for the potential procurement of a shared service center. Should interest be determined sufficient, a formal solicitation may be forthcoming. Interested parties should provide a statement of interest on company letterhead by no later than 1:00pm on Monday, June 25, 2007. Responses are preferred via email, but hard copy and fax will be accepted.

The statement shall address at a minimum, the items laid out in the below attached Project Information Document (PID). Additionally the following information should be provided: (1) capability and experience in building shared service centers; (2) financial capability to justify potential award of such a contract; (3) Company point of contact, phone no. and e-mail address; (4) indication of the size of your business – whether large, small, or any sub-category of small business. Set-asides for small businesses and small disadvantaged businesses are under evaluation. This Request for Information is solely for the Government’s use as a market research tool. This is not expressing a firm requirement and a solicitation may not be issued. If determined necessary, both a synopsis and solicitation for requirements would be expected in the August-September time frame. If a requirement were to go out, DoC plans on using the streamlined method of combining the synopsis and solicitation, which will be posted to Fed Biz Ops in accordance with FAR 12.603. All responsible sources may submit information to this RFI, which shall be considered. Not responding does not preclude anyone from offering on a resulting solicitation. This announcement should not be construed as a commitment or authorization to incur costs in anticipation of an award; the Government is not bound to make any awards under this announcement.

All questions relating to this announcement shall be addressed to the Contracting Officer: Douglas Smith, Phone 202 482-6436, Fax 202 482-4988, Email DSmith@doc.gov


If mailing your response, please address it to:

U. S. Department of Commerce/Office of the Secretary

Office of Acquisition Management

Attn: Douglas Smith, Room 6520

1401 Constitution Ave, NW

Washington, DC 20230

Department of Commerce

Shared Service Center
Supporting E-Mail, Calendaring, IM and Mobile Devices
Project Information Document

Table of Contents

1. Introduction

Project Objective

The objective of the project is to expand the current, simplistic electronic communication and calendaring functions to more robust, “total” communication capabilities which includes enterprise content management tools and integrated voice and video capabilities. Traditionally, there has been a gap in technology between private sector initiatives and the current state of the public sector. Closing that gap is an imperative for the Department to realize its mission. Private industry is readily moving toward implementing an Integrated Messaging System.

To enable the DoC transition to the next level, DoC Senior Management supports the adoption of a strategic vision of the future that would include the creation of a centrally located and centrally managed infrastructure and creation of a shared services model. The initial objective should be the migration of all DoC components to a single electronic communication and calendaring platform.

2. Scope

The expected outcomes of the project are:

Phase 1

    1. Recommend the technical, hardware and software and requirements to create a DoC service center to support at a minimum of 50,000 E-Mail, calendar, IM and mobile users on the DoC standard MS Outlook 2003 and Exchange 2007 product.

    2. Assess equipment in each bureau to determine usability in the shared service center.

Phase 2

    1. Build out the shared service center (at a to be determined government or vendor selected site selected by DoC).

    2. Create a single directory service as the authoritative authorization source.

Phase 3

    1. Support the migration of users into the shared service center.

    2. Provide back up disaster recovery and fail over capabilities.

The scope of the project does not include:

    • Migration of any users (users will be begin to migrated over an 18 month period once the shared service is operational)

    • Completing a desktop inventory

    • Upgrading any desktops

    • Maintaining any instance of a legacy system

*The following information shown in red was added in Amendment 0001 to this RFI. Please make sure to address this in any potential response.

The Department of Commerce is considering locating the shared service center in a government operated facility. To that end NOAA offers the following location(s) in which a center may be sited.

Largo Maryland currently has the following available:

100 sq ft of conditioned raised floor space

30KVA on the PDU (all systems are on Generator Backup)

8 tons of cooling

Network capacity is >700Mbps on the Gigabit link to SSMC

24x7 secure access

Office space for two outside the computer room

All costs at the Largo center are reimbursable and would need to be captured as part of the project. Standard footage charges are $34 per sq foot. No operators or engineering staff are available.

Other sites include Boulder CO, Ft. Worth TX and Ashville, NC, however these centers currently lack capacity in one or more of the major categories (space, power, cooling) and would require build-out in one or more of these areas. However these sites may be considered in a disaster recovery or COOP site scenario.

Connectivity to the following sites from Boulder is via Commodity Internet except for Silver Spring which is reached by Internet2.

Connection to these sites from Largo is via Commodity Internet, TLS or via I2.

(end of additional info added from Amendment 0001)

3. Roles and Responsibilities

The Contractor will operate the Shared Service Center (SSC) as a separate entity. There will be a set of Service Level Agreements (SLA), Key Performance Indicators (KPI) and reporting established between the users and the Shared Service Center.

Day to day management of the shared service center is the responsibility of the Service Center Manager who is responsible to the Bureau CIO. The DoC CIO will incorporate into the Bureau CIO’s annual performance evaluation several KPI’s related to the shared service center.

4. Anticipated Period of Performance

The anticipated period of performance of a potential contract is as follows:

Phase 1 Design and Build - 6 months from date of contract

Phase 2 Operational and Manage – 1 base year and 4 option years

5. Place of Performance

Unless otherwise stated, all work is to be performed at a DoC site; travel to selected DOC sites may be required.

6. Security Requirements

The Government and the contractor recognize that certain contractor employees performing under this contract will have access to sensitive Government information. Therefore, the Government and the contractor agree that the Government may conduct security investigations for any contractor employee performing under this contract, who, in the Contracting Officer’s judgment, is engaged in a function requiring public trust. Contractor employees considered to be engaged in public trust functions include: (1) employees who may have regular access to sensitive information, and (2) corporate officials actively engaged in making employment decisions relating to those employees engaged in public trust functions. The contractor may request a determination by the Contracting Officer as to whether a particular employee is engaged in a function requiring public trust.

The Government and the contractor agree that all contractor employees engaged in public trust functions shall complete a FD-229, “FBI Finger Print Chart” and an SF 85P, “Questionnaire for Public Trust Positions.” These security forms and self-addressed envelopes can be obtained through the Contracting Officer. Because of the sensitive nature of the information provided on these forms, the contractor shall require its affected employees to submit the forms in a sealed envelope to the Contracting Officer or to the Department of Commerce Office of Security, as directed. In compliance with the Privacy Act, neither the employee’s supervisor nor other contractor personnel shall have a role in completing these forms, nor shall they have access to them. Upon the DoC Security Officer’s receipt of the security forms, the contractor may allow its employees engaged in public trust functions to begin work under the contract. However, the Government reserves the right to limit such employees’ access to sensitive information, pending completion of security determinations.

The contractor agrees to allow the DoC Office of Security access to contractor employees and records in order to determine the suitability of contractor employees for contract work in public trust. Where the DoC Security Officer has information indicating that an unfavorable security determination might result, it shall consult with the contracting Officer on a need to know basis. Before an unfavorable decision is rendered by the DOC Security Officer, the affected employee shall be provided an opportunity to respond to the information developed. The Contracting Officer is not required to give said employee an additional opportunity to respond to the decision rendered by the DOC Security Officer.

The Contractor agrees to remove any employee from work under this contract if the Contracting Officer (based upon the recommendation of the DOC Security Officer) determines that the employee’s involvement under this contract is inconsistent with the best security interests of the Department. Such decisions are not subject to equitable adjustment under the contract.

7. Shared Service Center Requirements

    7.1 E-mail

      The CONTRACTOR will provide Microsoft Exchange 2007 as the mail server solution and Microsoft Outlook 2003 as the client solution and also support Thunderbird, Microsoft Entourage and Apple Mail as clients. The CONTRACTOR will also provide for the use of Blackberry devices. The average user will have a mailbox of 300MB. With raid (redundant array of inexpensive disks) the size of the data is approximately 34 TB prior to archiving requirements.

      The CONTRACTOR will provide archiving tools and alternative storage solutions for up to an average 2.5 GB of storage space per user.

      The CONTRACTOR should also factor in a 5- 10 % growth in mailboxes and an industry standard percentage for E-Mail volume growth.

    7.2 Calendaring/Scheduling

      The CONTRACTOR will provide the standard integrated calendaring and scheduling services provided with Microsoft Exchange and Microsoft Outlook.

    7.3 Instant Messaging

      The CONTRACTOR will provide instant messaging functionality.

    7.4 Address Book

      The CONTRACTOR will provide the integrated address services provided with Microsoft Exchange and Outlook.

    7.5 Network Connections

      This CONTRACTOR’s proposed solution shall work in conjunction with all Bureau network connections equal to or better than exists today without conflict.

    7.6 Automatic Fail-Over

      The CONTRACTOR will provide fail-over capabilities in the architecture of the exchange server clusters. Fail-over from the primary server to a secondary server occurs within 5 minutes or less, resulting in no loss of mail. This is an automatic feature, with no intervention required by an operator.

    7.7 Disaster Recovery

      The CONTRACTOR will provide a daily backup of all e-mail and two months of off-site backup tape retention. In the event of a catastrophic hardware failure to the primary and secondary server in the cluster, the CONTRACTOR will restore e-mail services to a new hardware platform within a defined period.( 2-4 hours for E-Mail to be operational and 24 -48 hours for full restoration) This will provide full Continuity of Operations in the event of an emergency and loss of the primary server environment.

    7.8 Spam Filtering

      The CONTRACTOR will provide Anti-Spam filtering incoming e-mail messages for all accounts using an acceptable anti spam filtering appliance.

    7.9 Anti Virus and Anti Spyware Protection

      The CONTRACTOR will provide two layers of virus and spyware protection. First, all Internet inbound and outbound messages will be scanned for viruses. Second, all internally bound e-mail will be scanned on the Exchange clusters.

    7.10 Web Mail Access Backup

      The CONTRACTOR will provide the use of Microsoft’s Outlook Web Mail Access. This solution allows all e-mail customers the ability to access their mail from anywhere in the world using any of the major web browsers, such as Microsoft’s Internet Explorer, the open source Mozilla browser, or Apple’s Safari web browser.

    7.11 Blackberry (or other mobile device) Support

      The CONTRACTOR proposes to offer full technical and functional support for all Blackberry or other handheld e-mail services. E-mail redirection will be accomplished via a dedicated Blackberry Enterprise or other Server. DoC bureaus shall provide Blackberry devices and cellular carrier services.

      The CONTRACTOR will provide failover support within specific service level requirements so that it is transparent to the users.

    7.12 Access and Remote Access

      The CONTRACTOR will provide appropriate connectivity for each bureau. This will ensure that e-mail services delivery operates at peak performance.

      The CONTRACTOR must integrate with DoC’s existing network infrastructure. DoC’s existing Virtual Private Networks, wireless connections, and high speed and/or dial-up connections will continue to access all e-mail capabilities offered by this proposal. Additionally, as mentioned above, the Microsoft Outlook Web Mail access is available directly on the Internet.

    7.13 Training for Shared Service Center Systems Administration

      The CONTRACTOR will provide system administrator training as required by DoC through the Contracting Officer.

    7.14 Training for Shared Service Center Customer Support

      The CONTRACTOR will provide customer training for customer service support where appropriate, as dictated by DoC through the Contracting Officer.

    7.15 Training for End-Users

      The CONTRACTOR will provide a comprehensive user guide that will be made available electronically. DoC will provide additional Microsoft Outlook training through their existing training program. This shall become the sole propertyof DoC.

    7.16 Conformance

      The CONTRACTOR will provide a solution that is in conformance with the DoC’s Technical IT Architecture. The CONTRACTOR will also conform to DoC Admin Order 200-0 that includes all IT Security requirements.

    7.17 Test Lab Equipment

      The CONTRACTOR will have a test lab environment that supports the technologies and infrastructure that are already in production within DoC. This environment will be used in testing any extension of Microsoft/Outlook to DoC.

    7.18 Support Desk

      The CONTRACTOR will provide a Support Desk with appropriate staffing to meet the requirements in Appendix B.

    7.19 Certification and Accreditation

      The CONTRACTOR is responsible for meeting and maintaining all Certification and Accreditation requirements and preparing all accreditation documentation.

    7.20 Risk Mitigation Strategy

      The CONTRACTOR will identify the magnitude of potential risks that might be encountered during the implementation of a new e-mail system. Upon award, the CONTRACTOR shall state what steps will be taken to be taken to mitigate those risks. These risks include:

          A. Assurance of high-quality on-site support at DoC

          B. User acceptance of the new mail system

          C. Migration of content to the new mail system

          D. Availability of service to VIPs on travel

8. Deliverables

    8.1. Shared Service Center Technical Design

      8.1.1 Requirement:

      Define the architectural and other changes required to establish a centrally managed shared service center within a current DoC data center to support all DoC bureau E-Mail, Calendaring, IM, Mobile Devices and Collaboration activities to be run on MS Outlook Exchange 2007. At a minimum , the support center includes:

        • All required infrastructure to support the current user requirements as defined, plus a certain level of growth on MS Outlook2003 and Exchange 2007

        • Maintaining all directory services requirements

        • Tier I,II and III help desk responsibilities

        • Administrative duties and policy compliance

        • Failover capability

        • COOP and Disaster Recovery

      8.1.2 Deliverables:

      The Contractor shall provide all deliverables, including but not limited to:

        1. “Technical architecture design” of a shared service environment to support a minimum of 50,000 users with appropriate COOP and Disaster Recovery capabilities. (see Appendix A)

        2. Definition and description of all network communication requirements for maintaining current level of service (s).

        3. An approved architecture design plan in sufficient detail to build the shared service center environment .

        4. Optional:

          a. Provide alternative hosting scenarios.

    8.2. Operational shared service center

    8.2.1 Requirements

      The Contractor shall perform the following in connection with their operations of the shared service center:

        1. Implement selected architectural design for the centrally managed shared service center; and

        2. Create the centralized (DoC wide) directory services environment .

      8.2.2 Deliverables:

      The contractor dshall provide all deliverables, including but not limited to:

        1. Stand up a centralized support center for electronic messaging (see Appendix B)

        2. Activation and acceptance test all systems, network connections and interfaces.

        3. A centralized directory services capability, as defined.

        4. A directory schema that supports name@DoC.gov with aliases as required.

          a. Directory shall be the authoritative authentication source and support HSPD12 initiatives.

          b. Link all existing directories (address books) as aliases to enable the continued use of existing addresses and linkages to existing processes and workflow application.

        5. Meet all compliance and C&A requirements.

        6. Multi media Training Plan

    8.3. Staffing

    The Contractor shall provide a listing of the staff expected to be assigned to the project. This shall include:

      • An organization chart of the project team

      • Skill sets deemed required to complete the project

      • Resumes of all staff expected to be on the project

      • Duration of the proposed staff who are scheduled to be on the project

      • Government will accept or reject proposed people to product team including replacements.

    8.4. Options

        A. Provision of required client and server licenses

          Provide pricing for required MS Outlook 2003 Client, Exchange 2007Cal’s, Live Communicator Client and Server licenses. (The Bureaus reserve the right to supply the licenses from other sources.)

        B. Acquisition of Hardware

          Provide pricing for additional required Exchange 2007, Live Communicator and other hardware. (The Bureaus reserve the right to supply the hardware from other sources.)

    8.5. Past Experience

      Please list any experience you have in building, managing and running a shared service center environment.

    8.6. Microsoft Application Experience

      Please include the following information in the table below in your response:

      1.

    What is your primary business (mission)?

      2.

    How long have you been providing Exchange in a hosted environment?

      3.

    What is your relationship with Microsoft? Do you have a signed Service Provider Licensing Agreement?

      4.

    What Certifications does your company have? Example:

      • Microsoft Certified Partner

      • Microsoft Exchange Service Provider License Agreement (SPLA)

      • Microsoft Gold Certification

      • Cisco Certification

      • HP/Dell/IBM/Suntone Certifications

      • International Quality Certifications (ISO 9000 family of standards)

      5.

    How many months over the last three years have you failed to met the terms of the SLA?

      6.

    What kind of backups do you do, and how often?

      7.

    How often do you practice restorations?

      8.

    How fast do you install security patches and updates?

      9.

    Please delineate past experience in building and managing and running a shared service center environment


    8.7. Bids / Cost

      Please provide a non binding estimate of:

        1. Time line for each phase to be completed

        2. Estimated costs for each phase and a total project cost.

        3. Detail the ongoing running costs ( monthly running costs)

        4. See Appendix B

9. Protection of Information

In accordance with FAR 15.207(b), information received in response to this Request For Information shall be safeguarded adequately from unauthorized disclosure.

10. Security

Unclassified.

Appendix A. Design Required Elements

Design Phase - Shared Service Center Requirements.

Architectural Plan Requirement Description

Address the following at a minimum

• Location and physical footprint of facilities

• Environmental controls

• Power requirements

• Connectivity requirements

    o Latency consistent with existing bandwidths within the DoC. Client/server response time will be on average 1 second for actions such as name look up etc

    o Connectivity requirements

      To/ from Email system facilities

      To/from each bureau to the mail facilities

• Remote Access

• Filtering / Scanning for anti-virus , anti spyware and anti-spam

    o Ability to allow the user to set a filtering profile for Anti Spam, spyware

    o Multiple providers for filtering/scanning (appliance preferred)

      § More than one scanning engine from separate providers

    o Filtering/scanning at the email server (real time and scheduled)

    o Filtering/scanning at the mail gateway

      § Inbound

      § Outbound

    o Real time updating of signatures for virus and spam

• Physical security

• Data storage

• Server configuration

• Application configuration

• Ability to manipulate the SMTP messages inbound / outbound to/from the mail system

• Service / server monitoring (e.g. HP OpenView, NetIQ, Tivoli)

• Real time replication

• Failover / Redundancy between clusters must be transparent to users, and synchronization must be real-time

• Network topology

    o Appliances

    o Switches

    o Routers

    o Firewall (DMZ)

• Backup/recovery of data (at least 3 months)

• Hardware requirements

• Scalability

    o Growth rate is anticipated to be 5%- 10% per year for accounts

    o Growth rate is anticipated to be similar to private sector growth for mail volume

• NOC Monitoring

• Disaster Recovery

• IPV6

• System availability

    o 24x7x365

    o 99.9% up time

• Expected Delivery times

    o Internal 10 seconds maximum

      § Internal Delivery time - measured from the time the email system has accepted a complete email message from an internal sender to the time it takes the email system to deliver the message to an internal recipient's mailbox.

    o External 15 seconds maximum

        § External Delivery Time- measured from the time the email system has accepted a complete email message from an internal sender to the time it takes the most outward facing SMTP gateway to make a connection to the external system listed in the MX record of the recipient's mail system, regardless of whether the connection is accepted or the recipient's mail system refuses the connection.

• Directory Services

    o Install and configure new directory for email system and establish trusts for synchronization with other directory service applications such as the Federal

    o Document directory structure

    o Capability to integrate/incorporate certificates

• Integration

    o Additional programs that are bureau specific which use the mail system for either communication or authentication

    o Enterprise collaboration system

    o Records management system

• System Administration

    o Ability to centralize system logs into a single interface

    o Ability to limit size of attachments/messages

    o Ability to limit number of addressees

    o Full text searches across entire mail system

    o Ability to add/lock/disable/remove accounts

    o Ability to have policy based management of desktop by organizational unit, by role, by user

    o Ability to restrict the ability to send/ receive to who/where mail is sent by user, and by domain (e.g. the ability to block internet mail)

    o Users are able to have all email forwarded to another valid email address for 30 days after the user leaves the agency

    o Ability to prevent inbound and outbound communication during a specified timeframe and for specific accounts

    o Ability to restrict / permit attachments

    o Ability to convert all incoming message text to plain text

    o Ability to create and maintain distribution lists

Appendix B. Build Plan Elements Required

Phase 2 – Build out the Shared Service Center

The shared service center must accommodate the following:

Operating Requirements

 

Operating 24/7 365 days

 

Standard hours of operation for support are: 5 a.m. to midnight. (EST) Seven days a week / 365 a year

Establishing for outsourced support providers that our standard hour’s requirement is 5a.m. – to midnight.

Extended support hours on a for fee basis 12:01 – 4:59 a.m.

To be quoted on a per hour basis

Outsourced support providers - quote additional charges to have extended support hours from 12:01a.m. – 4:59a.m.

DoC and bureau Leadership and their assistants must have their mailboxes synchronized to a separate mail server at COOP site. (At least, the capability todo thismust exist).

This capability will be above and beyond the “required” COOP/DR plan. This line item can be quoted after the discovery phase is complete and the scope of effort is documented.

Growth rate is anticipated to be 5%- 10% per year for accounts

Expectation is that the system performance will not diminish. Examples are: Delivery times, system response times, etc.

Growth rate is anticipated to be similar to private sector growth for mail volume

 

ITIL based Processes for support

 

Compliance

Requirement Description

Comments

The Federal Acquisition Regulation's Section 508 Provisions

The system shall meet all accessibility requirements in Sections 1194.21, Software Applications and Operating Systems, and 1194.22, Web-based internet information and applications, of the Rehabilitation Act of 1973, Section 508, Electronic and Information Technology, as amended.

HSPD12 Policy

 

HTTPS

 

SMTP

 

IMAP4 over SSL

 

POP3 over SSL

 

ESMTP w/AUTH requiring STARTTLS using port 25 and / or 587

Client only

LDAP and LDAP over SSL

 

NNTP

Client only

ICAL RFC 2445, 2446, 2447

 

IPV6

 

X.500

 

FIPS 140-2

 

Outsourced facilities must be on U.S. soil and staffed with U. S. Citizens who have appropriate security clearance and/or non disclosure

FAR clause?

1. FISMA/DoC Certification and Accreditation

http://csrc.nist.gov/publications/nistpubs/800-37/SP800-37-final.pdf

Security Requirements

Functionality – Security Requirement Description

Comments

Ability to support two factor authentication for remote access

http://www.whitehouse.gov/omb/memoranda/fy2006/m06-16.pdf

Ability to configure which elements are cleared out of the browser cache upon log out

At a minimum:

User Name

Password

Cookies

Personal Identifiable Information

Server Name

Any attachments downloaded or viewed

Encryption Certificates must be from known trusted certificate authorities

 

System is configurable to support DoC password policy settings

At a minimum:

Complexity

Expiration

Notifications

The system shall not permit a user's password to pass over the communication networks in clear text

 

Inbound/outbound connections, with exception of SMTP to/from external systems (STARTTLS must still be supported).

LDAP

 

Training Plan Requirement Description

Comments

Audience (Administrators, HW/SW Help Desk staff, Users)

 

Delivery Options

• Media (e.g. CBT, On-Line, On-Site, Handouts)

• Frequency

• Location

• On-going training

• Train the trainer

Training addresses migration from their current system (see bureau info at end of document) to the new target system

All training materials will remain with the client, and will have the ability to be updated by the client

 

Support Services Requirement Description

Comments

Propose a support plan that will address hours of operations, levels of support, and escalation procedures

5a.m. – midnight EST as normal operating hours

12:01a.m. – 4:59a.m. additional fee for service

Propose a communications plan to address all levels of communication events, methods, audience

 

DoC tier 2 or tier 3 support will have direct access to vendor(s) tier 2 or tier 3 support personnel

Examples: System outage, maintenance, etc.

Support for integration of bureau specific programs that use the mail system for authentication or communication

 

Desktop/Laptop Services Requirement Description

Comments

Provide minimum client configuration standards as well as bureau specific requirements

 

Assist each of the bureaus with client configuration standards

Validate system configuration

Installation Services Requirement Description

Comments

Install and configure servers for a shared services model in support of selected product

 

Document server configurations, appliance configurations, and application settings, security considerations

 

Install and configure additional appliances and networks

• Filtering/screening appliances

• Routers/Hubs/Switches

• Gateways

Document infrastructure topology and IP addressing scheme to be consistent with the needs of the C&A process

http://csrc.nist.gov/publications/nistpubs/800-37/SP800-37-final.pdf

Test all network connectivity to each of the bureaus as they are migrated into the shared infrastructure

 

Services

Requirement Description

Comments

Physical security

Refer to attached document – Manual of Security Policies and Procedures

FISMA/Doc Certification and Accreditation (C&A)

 

24 x 7 x 365 system availability

 

99.9% system up time

 

Application refresh schedule

• Server – Stable in-production release

• Client – Vendor will work with DoC point of contact to coordinate desktop client version upgrade

Must follow C&A process for each material change to the infrastructure or application which also includes testing compliance and security plans

New accounts are created or existing accounts modified within 8 clock hours

 

Accounts are locked/disabled when requested within 1 hour

 

Provide capability for users to have individual messages restored, individual folders restored, as well as users entire mailbox and folders restored

Data deleted within the past 7 days will be restored within 4 hours

Directory data must be synchronized in real time

 

Provide Intrusion Detection alerts

 

Support for integration of bureau specific programs that use the mail system for authentication or communication

 

Requirement Description

Comments

Quickly Resolve Incidents

• Time to respond to a call for assistance is within 1 minute

• Time to respond to a voice mail for assistance is within 30 minutes

• Time to respond to an email for assistance is within 1 hour

• Incidents resolved on first call at 60% of calls answered

• Mean elapsed time for resolution or circumvention of incident is for VIP’s 1 hour, all others 4 hours

• Incidents resolved within agreed SLA response times is 98% within agreed upon metrics

DoC tier 2 or above contacting vendor tier 2 or above within agreed upon standard hours for support

Maintain IT service quality

• Annual incidents requiring escalation to the vendor will be reduced by 3% if baseline is less than 95%

 

User Satisfaction

• Quarterly expected improvement of customer satisfaction rating is 3% if the baseline is less than 95%

10% of all calls must be surveyed

Minimize impacts of problems

• Ability for DoC support to log tickets into provider tracking system

• Repeat incidents and / or problems are no greater than 5% of total calls

System level problems

Release Management (Hardware/Software)

• All releases must use a release process approved by DoC

• All releases must be tested with DoC before implementation

• All releases must pass a DoC compatibility testing before implementation

• Must have rollback plan

 

Repeatable processes

• All new releases for server and client will be planned and coordinated with DoC

• Testing

• Escalation

• Software development life cycle

• Change management

• Auditing

• Notification

• Proactive maintenance

• Hardware upgrades

Must provide a plan to address processes described, no more than 20 pages

Manage quantity and quality of IT service

• No more than 3% of SLA targets missed at any review point

Vendor will be held accountable by DoC to resolve any and all issues regardless of who caused the issue.

IT Service Recovery

• Regular annual audits of the IT disaster recovery and business continuity plan

• Certify with DoC regular annual testing of plan

• Certify with DoC regular annual reviews of plan

• Participate/support DoC with their COOP/DR exercises in relation to mail systems

• Regular annual communication of recovery and continuity objectives with DoC

 

Appendix C – Financial Presentation

 
   

Cost

Cost Element

Build Phase 1

Operate Phase 2

Total

(Monthly per Unit)

           

Investment Costs

       
           
 

Engineering Support

       
 

Data Migration

       
 

Existing Hardware (DoC prorated share)

       
 

New Hardware

       
 

Hardware Upgrade

       
 

Training Costs

       
           
 

Total Development & Implementation Costs

       
           

Variable Cost - e-mail only

       
 

Exchange Administration (DoC prorated share)

       
 

Help Desk Support

       
 

Charge for Ethernet Service

       
           
 

Variable Cost

       
           
 

Total e-mail Cost including investment

       
           

Blackberry Support Cost

       
 

Blackberry Server Investment (paid up front)

       
 

Blackberry Support (DoC prorated share)

       
 

Blackberry Server Support

       
           
 

Total Blackberry Support Cost including investment

       
           

Total Cost to Department of Commerce