ISIRS vendor list

The Enterprise Security Office and Procurement Services teamed up to create the ISIRS vendor list​ for agencies faced with an urgent need for Information Security Incident Response Services (ISIRS).

The ISIRS vendor list is a nonbinding open list of qualified contractors who have submitted a response to Request for Qualification (RFQ) 102-2090-13, and have satisfied all requirements to be added to the list (see section 5 of the RFQ).  

​This list is NOT a price agreement and DOES NOT replace the need to conduct a procurement process.​​​

Vendor list categories

ISIRS are categorized as follows (select a category to view the vendor list section):

Anyone wishing to contract for services may use the ISIRS vendor list​ to help find qualified vendors, but must follow all required statutes, rules, and policies when conducting the procurem​ent.

​Agency has an urgent (but not emergency) need for a vendor to perform services in one of the ISIRS categories.
  1. ​Determine which category will cover the needed service.
  2. Determine the estimated value of the engagement to determine the procurement method (agency may work with vendors on the ISIRS list to assist in determinint estimated value). 
    • Small procurement:  Agency ​may direct award to vendor of choice (not limited to vendors on the ISIRS list).​​
    • Intermediate procurement:  Agency may conduct an intermediate Invitation to Bid, Request for Proposal, Request for Quote, etc.
  3. Conduct solicitation process (if applicable):
    • Draft solicitation and post to ORPIN.
    • Agency may include the vendors from the ISIRS vendor list by using the NOTICE feature in ORPIN. (Do not use INVITE feature).
    • The advertising time of the solicitation needs to be reasonable for prospective vendors and satisfy all applicable statute, rules, and policies.
  4. Evaluate and award as you would any procurement at the same threshold.  
  5. Enter into a contract with the successful offeror.
  • Contract template - To streamline the negotiation process, each vendor on the list has agreed to use the attached contract template.
  • Exhibit A - Statement of work template
  • Exhibit B - Insurance requirements template
  • Risk assessment​ - To assist in assessing the risk and determining the insurance levels, use the one-page risk assessment.
Agencies are encouraged to engage early and often with their Office of State Chief Information Officer (OSCIO) Senior IT Portfolio Manager.
Review the Information Technology Investment Oversight Policy​ to identify IT investment thresholds that require OSCIO approval, and then review the procedure for submission instructions.


Cinnamon Albin
DAS Enterprise Security Office