ISIRS vendor list
The Enterprise Security Office and Procurement Services teamed up to create the ISIRS vendor list for agencies faced with an urgent need for Information Security Incident Response Services (ISIRS).
The ISIRS vendor list is a nonbinding open list of qualified contractors who have submitted a response to Request for Qualification (RFQ) 102-2090-13, and have satisfied all requirements to be added to the list (see section 5 of the RFQ).
This list is NOT a price agreement and DOES NOT replace the need to conduct a procurement process.
ISIRS are categorized as follows (select a category to view the vendor list section):
Anyone wishing to contract for services may use the ISIRS vendor list to help find qualified vendors, but must follow all required statutes, rules, and policies when conducting the procurement.
|Agency has an urgent (but not emergency) need for a vendor to perform services in one of the ISIRS categories.
- Determine which category will cover the needed service.
- Determine the estimated value of the engagement to determine the
procurement method (agency may work with vendors on the ISIRS list to
assist in determinint estimated value).
Conduct solicitation process (if applicable):
- Small procurement: Agency may direct award to vendor of choice (not limited to vendors on the ISIRS list).
- Intermediate procurement: Agency may conduct an
intermediate Invitation to Bid, Request for Proposal, Request for Quote,
Evaluate and award as you would any procurement at the same threshold.
Enter into a contract with the successful offeror.
- Draft solicitation and post to ORPIN.
- Agency may include the vendors from the ISIRS vendor list by using the NOTICE feature in ORPIN. (Do not use INVITE feature).
- The advertising time of the solicitation needs to be
reasonable for prospective vendors and satisfy all applicable statute,
rules, and policies.
- Contract template - To streamline the negotiation process, each vendor on the list has agreed to use the attached contract template.
- Exhibit A - Statement of work template
- Exhibit B - Insurance requirements template
- Risk assessment - To assist in assessing the risk and determining the insurance levels, use the one-page risk assessment.
Agencies are encouraged to engage early and often with their Office of State Chief Information Officer (OSCIO) Senior IT Portfolio Manager.
Review the Information Technology Investment Oversight Policy to identify IT investment thresholds that require OSCIO approval, and then review the procedure for submission instructions.