Contents
hide
🔹 RFP Snapshot (At a Glance)
| Item | Details |
|---|---|
| Issuing Organization | NorthWest Senior & Disability Services (NWSDS) |
| Location | Oregon (Multi-county, 6 facilities) |
| RFP Title | IT Infrastructure Assessment and Improvement Analysis |
| RFP Issue Date | December 12, 2025 |
| Proposal Due Date | January 9, 2026 (Close of Business) |
| Submission Mode | Email (PDF only) |
| Contract Type | Fixed-Fee (Preferred) |
| Project Start | February 2026 (Estimated) |
| Optional Follow-On | Phase II Implementation Support |
🔹 Buyer Profile (Important for Positioning)
| Area | Insight for Bidders |
|---|---|
| Sector | Public / Human Services / Healthcare-adjacent |
| Data Sensitivity | Handles PHI and regulated data |
| Environment | ~400 staff, on-site + remote |
| Priority Drivers | Security, compliance, modernization, cost efficiency |
| Risk Tolerance | Low (public sector + healthcare data) |
🔹 Scope Fit Checklist (Go / No-Go Indicator)
| Scope Area | Required | Bidder Self-Check |
|---|---|---|
| IT Infrastructure Assessment | ✅ Mandatory | ⬜ Yes / ⬜ No |
| Network (WAN/LAN/VPN/Wi-Fi) Analysis | ✅ Mandatory | ⬜ Yes / ⬜ No |
| Cybersecurity & Threat Assessment | ✅ Mandatory | ⬜ Yes / ⬜ No |
| HIPAA / HITECH Compliance Review | ✅ Mandatory | ⬜ Yes / ⬜ No |
| NIST SP 800-53 Alignment | ✅ Mandatory | ⬜ Yes / ⬜ No |
| Oregon Data Protection Compliance | ✅ Mandatory | ⬜ Yes / ⬜ No |
| Cloud / Hybrid Architecture Review | ✅ Mandatory | ⬜ Yes / ⬜ No |
| Cost-Benefit & Modernization Roadmap | ✅ Mandatory | ⬜ Yes / ⬜ No |
| Phase II Implementation (Optional) | Optional | ⬜ Proposed / ⬜ Not Proposed |
🔹 Hidden Complexity (What Proposal Writers Must Notice)
| Area | Why It Matters |
|---|---|
| Zero Trust (ZTNA) | Indicates maturity expectations beyond basic security |
| Business Impact Analysis (BIA) | Signals alignment with mission-critical services |
| Governance & ITSM | Evaluators care about process, not just tools |
| Cost-Benefit Dashboard | Pricing narrative must be defensible |
| Editable Deliverables | They expect usable artifacts, not just PDFs |
🔹 Mandatory Deliverables Checklist
| Deliverable | Required |
|---|---|
| Executive Summary | ✅ |
| Executive Briefing Session | ✅ |
| Comprehensive Assessment Report | ✅ |
| Risk Register (NIST-based) | ✅ |
| Infrastructure Modernization Roadmap | ✅ |
| 3-Year Budget Estimates (CapEx + OpEx) | ✅ |
| Network & System Diagrams | ✅ |
| Compliance Gap Matrix | ✅ |
| Sample Prior Deliverable (Redacted) | ✅ |
🔹 Proposal Submission Requirements
| Requirement | Notes |
|---|---|
| Relevant Experience | Minimum 3 comparable assessments |
| Sector Preference | Healthcare / Human Services / Public Sector |
| Methodology | ITIL, NIST, COBIT preferred |
| AI Usage Disclosure | Mandatory |
| Team Certifications | CISSP, CISM, CCNP, PMP expected |
| References | Minimum 3 |
| Insurance | $2M Cyber Liability (Mandatory) |
| Data Protection Plan | Mandatory |
| Conflict of Interest Statement | Mandatory |
🔹 Evaluation Criteria (Scoring Focus)
| Evaluation Factor | Weight | Strategic Insight |
|---|---|---|
| Technical Methodology | 25% | Strongest scoring lever |
| Cost & Value | 20% | Must justify realism |
| Relevant Experience | 15% | Sector alignment critical |
| Sample Deliverables | 10% | Show maturity |
| References | 10% | Comparable scale matters |
| Security & Compliance | 10% | Non-negotiable |
| Oregon / Local Presence | 10% | Can influence tie-breakers |
🔹 Timeline & Key Dates
| Milestone | Date |
|---|---|
| RFP Issued | December 12, 2025 |
| Questions Due | January 2, 2026 |
| Proposal Due | January 9, 2026 |
| Award Notification | January 23, 2026 |
| Project Kickoff | February 9, 2026 |
🔹 Risk Flags for Bidders (Strategic)
| Risk Area | What to Watch |
|---|---|
| Underpricing | Likely to score poorly |
| Generic Cyber Language | Penalized |
| Weak Compliance Narrative | High risk |
| Missing Sample Deliverables | Score loss |
| No Healthcare Experience | Competitive disadvantage |
🎯 Who Should Bid on This RFP?
Best Fit
-
IT consulting firms with healthcare or human services experience
-
Cybersecurity + infrastructure assessment specialists
-
Firms strong in governance, compliance, and modernization roadmaps
Poor Fit
-
MSPs focused only on operations
-
Vendors without compliance experience
-
Tool-only or product-reseller companies
Considering bidding on this RFP?
Before committing resources, ensure your bid strategy, pricing realism, and compliance positioning align with the evaluation model.
👉 Request a Bid Strategy Review
👉 Download our RFP Analysis Checklist (PDF)
👉 Explore more public-sector IT RFP insights