Savid Technologies

RFP Template

Upcoming events
  • Thursday, May 24th 2012 Information Security Program WebinarAttend our webinar and receive direction on developing a high level strategy and plan for your company’s Information Security Program

    Register Now →
  • Thursday, June 14th 2012 “What happens after they break in?” Lunch and LearnAttend our luncheon to gain insight from the FBI on what happens after a break in.

    Register Now →
More Events →

How to Write a Request for Proposal (RFP)

The first thing to address when learning how to write an RFP is to understand that there is no standardized or absolute format for an RFP. Your RFP should be structured in a manner that best conveys all aspects of your project to potential vendors.

To get started, download our RFP template and get your project notes ready.

Common elements of an RFP include the following:

  • Company background
  • Project description
  • Schedule
  • Technical and infrastructure background
  • Scope and methodology
  • References
  • Estimated project duration
  • Assumptions and agreements
  • Required Output formats (XML, etc)
  • Sample Reports
  • For additional information or clarification
  • Basis for award of contract
  • Anticipated selection schedule

Technical Elements and various tasks include:

  • External Network Vulnerability Assessment and Penetration Testing
  • Internal Network Vulnerability Assessment and Penetration Testing
  • Web Application Penetration Testing
  • Dial-In / RAS Security Testing
  • DMZ or Network Architecture Designs / Reviews
  • Wireless Network Assessment and Penetration Testing
  • Virtual Infrastructure Security Assessment
  • Server Configuration Reviews
  • Firewall and Router Configuration Reviews
  • VPN Configuration Reviews
  • Voice over IP Assessments
  • Social Engineering Assessments
  • Physical Security Reviews
  • Software Source Code Reviews
  • Application Threat Modeling and Design Reviews
  • Information Security Policy and Procedure Development or Review
  • Information Security Risk Assessment
  • Security Awareness Program Development or Review
  • Incident Response Program Development or Review
  • Secure SDLC Program Development or Review
  • PCI Quarterly Scans
  • PCI Report on Compliance Assessment or Gap Analysis

Begin by converting your project notes into formal sentences that are concise and descriptive. Avoid industry jargon and unnecessary adjectives as much as possible but ensure you itemize any compliance or regulatory requirements that need to be met. This will allow you to clearly outline your project to the potential vendors.

The most important elements of the RFP are the requirements sections. Be as descriptive and detailed as possible in these sections. The requirements portion of the RFP contains most of the information that will determine the estimated cost of your project and should be well thought out by all stakeholders in your project. RFPs that have vague requirements often result in wasted interview time and high cost estimates to compensate for the unknown.

After filling in the basics of the RFP template, have several individuals who will be participating in the project review the RFP. We recommend that the IT staff, compliance staff, and audit staff review the RFP. Each group may have different requirements for reporting, data, or schedules. Also, the goal of this revision process is to ensure that each individual is getting a relatively equal understanding of the project. If you find inconsistencies, be sure to fill in the gaps by adding any other elements to the RFP that you feel are necessary to thoroughly outline your project.

Learning how to write an RFP can be time-consuming. However, when it comes to evaluating the capabilities of various security vendors it is a must.

News

More News →

Services
Industries
Recent Blog Posts
Latest Tweet
© 2012 Savid Technologies, Inc. - Privacy Policy
Top ↑