Presentation is loading. Please wait.

Presentation is loading. Please wait.

State Kickoff Webinar State of Utah Cloud Solutions

Published byAngela Evans Modified over 7 years ago

Similar presentations

Presentation on theme: "State Kickoff Webinar State of Utah Cloud Solutions"— Presentation transcript:

1 State Kickoff Webinar State of Utah Cloud Solutions 2016-2026
November 22, 2016

2 Agenda RFP Process & Evaluation Cloud Solutions Service Descriptions
Master Agreement Overview Participating Addendum Process Due Diligence for Security & Data Controls Tips to Consider When Moving to the Cloud

3 RFP Process & Evaluation

4 Sourcing Team Chris Hughes, Lead (UT) Stephen Fazekas (VT)
Ceotrid Gilbert (WI) Roger Gibson (NJ) Jennifer Salts (UT) Michael Brown (CO) Elaine Williams (TN) Shannon Berry, CDC NASPO ValuePoint

5 ICT Advisory Council Richard Boes (VT) David J Meyer (WI)
Debbie Dennis (OR) Steve Siegler (MO) Ron Baldwin (MT) Michael DeAngelo (WA) Victor Chakravarty (MA) Jennifer Salts (UT) Brenda Rix (WA) Steve Nichols (GA) Jim Butler (CA) Rob Lloyd (CSJ) Doug Robinson, NASCIO Dean Johnson, NASTD

6 RFP Process Release Date: December 21, 2015
RFP Amendments: Amended 10 times Closing Date: March 20, 2016 Proposals Received: 58 (6 Offerors found non-responsive)

7 Minimum Mandatory Requirements
Signature Page Cover Letter Acknowledgement of Amendments Executive Summary General Requirements Re-Certification Business Profile Scope of Experience Financials Contract Manager Cost Proposal Submitted

8 Evaluation Criteria & Points Possible
Business Information Business Profile Scope of Experience General Information Billing and Pricing Practices 25 Scope and Variety of Cloud Solutions 25 Best Practices Organization and Staffing Contract Manager

9 Evaluation Criteria & Possible Points
Technical Requirements Technical Requirements 50 Subcontractors Working with Purchasing Entities 50 Customer Service 50 Security Information 50 Privacy and Security 50 Migration and Redeployment Plan 50 Service or Data Recover 50 Data Protection Service Level Agreements 50 Data Disposal

10 Evaluation Criteria & Possible Points
Technical Requirements Cont’d Performance Measures & Reporting 50 Cloud Security Alliance 50 Service Provisioning Backup and Disaster Plan 50 Solution Administration 50 Hosting and Provisioning 50 Trial and Testing Periods 50 Integration and Customization 50 Marketing Plan Value Added Services Supporting Infrastructure 50 Alignment of Cloud Computing 50

11 Evaluation Rating Matrix
Scores were assigned on a 1 through 5 scale as follows: 1 = Poor, fails to address the requirements in the RFP 2 = Fair, addresses the requirements in the RFP unsatisfactorily 3 = Good, addresses all requirements in the RFP satisfactorily 4 = Very Good, addresses all requirements in the RFP and may exceed some 5 = Superior, addresses all requirements in the RFP and exceeds them

12 Evaluation Calculations & Award Determination
In order to be eligible for an award, a proposal is required to score a minimum of 70% of the total technical points available. A total of 1325 points were available in this stage of the evaluation process for proposals that included IaaS, PaaS, or a combination of all three categories. The Lead State and the evaluation committee determined, based on the proposals received, that the Hosting and Provisioning category did not apply to offerors that only submitted SaaS solutions. As such, a total of 1275 points were available in this stage of the evaluation process for proposals that were specific to SaaS.

13 Evaluation Calculations & Award Determination Cont’d
During the technical evaluation phase, the evaluation committee determined that the proposals that received an average score of 4 or higher per category provided sufficient information to the evaluation committee to demonstrate that their proposals exceeded the addressed requirements of the category. Overall, the evaluation committee determined that these proposals would allow Participating Entities an opportunity to make a best value determination based on the proposals provided by the offerors. The evaluation committee determined that proposals that received an average score of 3 or lower per category did not provide sufficient information to demonstrate to the evaluation committee that their proposals met the requirements of the category.

14 Evaluation Calculations
In the opinion of the evaluation committee, 38 proposals received technical scores that met or exceeded the minimum technical point requirements outlined in the RFP and moved on to cost evaluation. Cost Proposals were evaluated as outlined in the Solicitation #CH All 38 offerors provided a price schedule with a minimum discount from its Cloud Solutions and received the maximum points available of147.2. The following slide includes the offerors whose proposals met the minimum point threshold.

15 Awards AT&T (Paas, IaaS, SaaS)
Insight Public Sector (Paas, IaaS, SaaS) Verizon (IaaS) ATOS Inc. (Paas, IaaS, SaaS) Teradata (IaaS) Logicworks (Paas, IaaS) Carahsoft (Paas, IaaS, SaaS) Collab9 Inc. (SaaS) Oracle America (Paas, IaaS, SaaS) CDW Govt. (Paas, IaaS, SaaS) Contact Solutions (SaaS) Century Link (Paas, IaaS, SaaS) Broadvoice (SaaS) SHI (Paas, IaaS, SaaS) FireEye (SaaS) Smartronix (Paas, IaaS, SaaS) CGI (IaaS, SaaS) GuideSoft (SaaS) Strategic Communication (Paas, IaaS, SaaS) Cisco Sys (Paas, IaaS, SaaS) Quest (SaaS) CSRA (Paas, IaaS, SaaS) TCC Software Solutions (Paas, IaaS, SaaS) Retarus (SaaS) Day 1 Solutions (Paas, IaaS, SaaS) Workday (SaaS) Unisys (Paas, IaaS, SaaS) DLT Solutions (Paas, IaaS, SaaS) VMware Inc. (IaaS, SaaS) Cherry Road (Paas, IaaS, SaaS) Emergent (Paas, IaaS, SaaS) Environmental Sys. Research (ESRI) (Paas, IaaS, SaaS) A&T Systems (IaaS) EMC Corp. (IaaS) IBM (Paas, IaaS, SaaS) IMMX Group (IaaS) Info Reiance (IaaS, SaaS) NTT Data Inc (IaaS)

16 Conclusion Based on the justifications outlined above, the 38 offerors identified above provide the best value to the State and each has been awarded a contract, subject to successful negotiations of the terms and conditions. 16 Contracts Fully Executed to date

17 Cloud Solutions Service Descriptions

18 Solution Offerings Master Agreements provide Participating Entities with access to technical capabilities that run in cloud environments and meet the NIST Essential Characteristics Sub-categories in scope are the three NIST Service Models, Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS) Offerings are available from direct OEM providers, aggregators, business partners and resellers to provide a full range of cloud based solutions and services

19 Examples of SaaS SaaS Solutions - cloud-based phone systems, unified communications, enterprise resource planning (ERP) and modules, desktop as a service, programs to combat fraud, waste and abuse, data analytics, , security, workforce management, mobile case management and more. Click on “Summary Document” under the “Documents” on Cloud Providers listing on NVP Cloud Solutions Portfolio web site

20 Examples of PaaS PaaS Solutions – include application development through a variety of platforms both directly from awarded solution providers and through business partners. Including access to a variety of service providers that can help develop PaaS solutions. Click on “Summary Document” under the “Documents” on Cloud Providers listing on NVP Cloud Solutions Portfolio web site

21 Examples of IaaS IaaS Solutions – include cloud hosting services, combining IaaS with a range of managed services and system integration to deliver secure, scalable and reliable computing and storage solutions and more. Click on “Summary Document” under the “Documents” on Cloud Providers listing on NVP Cloud Solutions Portfolio web site

22 Master Agreement Overview

23 Master Agreement Overview
New Master Agreements Initial Term Starting date will vary based on execution of each Master Agreement All Master Agreements require annual requalification and are subject to performance review All Master Agreements will terminate in 2026 Note: This RFP allows the possibility for new vendors to submit proposals every 2 years and participate in the contract portfolio

24 Master Agreement Overview
The objective of the NASPO ValuePoint – Utah Cloud Solutions Master Agreements is to provide States and their authorized end users with a contract vehicles that provide access to qualified contractors that may meet the needs of your organization when considering Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS) solutions. While vendor alignment with cloud security standards were evaluated (CSA STAR, NIST, ISO, and IEC), it is the responsibility of the end user to thoroughly review services, SLAs, terms and conditions, and risks involved before executing a PA and SOW.

25 Master Agreement Overview
Data Security - Data Security was a major component of the RFP, evaluation process, and Master Agreement. Cloud Security Alliance recommendations were incorporated into the RFP requirements and resulting Master Agreements. Must meet NIST characteristics (i.e. be a true cloud services provider) Must meet security requirements, which leverage the following cloud-focused security frameworks: CSA STAR ISO/IEC 27017 NIST SP (basis for FedRAMP)

26 Master Agreement Overview
The Master Agreements include SLA’s that outline security controls the Contractor employs specific to the data they are prepared to handle. We encourage participating state CIO’s and CPO’s to evaluate each Master Agreement receiving a service category award (SaaS, PaaS, or IaaS) in order to compare services and security standards before making a determination as to which Contractor’s cloud solution and security controls best meets their program objectives and state laws. Utah has worked diligently to negotiate vendor exceptions and additional terms and conditions in favor of participating states in each Master Agreement in order to lessen the negotiation burden during the PA execution. However, it is a state’s responsibility to review and negotiate any unique terms specific to their state law if the MA terms do not meet their needs.

27 Master Agreement Overview
NASPO ValuePoint Administrative Fee - one-quarter of one percent (0.25% or ) no later than sixty (60) days following the end of each calendar quarter. States are allowed to require that an additional fee be paid directly to the state only on purchases made by Purchasing Entities within that state. For all such requests, the fee level, payment method and schedule for such reports and payments will be incorporated into the Participating Addendum that is made a part of the Master Agreement.

28 Contract Lead, State of Utah
Questions Contract Lead, State of Utah Chris Hughes Phone: Spencer Hall Phone:

29 Participating Addendum Process

30 Cloud Solutions open to all 50 States
All 50 states and The District of Columbia have executed a Cooperative MOA, allowing them to be eligible to use any NASPO ValuePoint cooperative Master Agreement.

31 Participating Entity’s / Eligible Customer’s Responsibility
Ensuring that its organizational policies and guidelines are followed – CPO and CIO collaboration/cooperation is strongly encouraged before any PA is executed Reviewing the vendor’s response to the Solicitation, including the CSA documents, to ensure the vendor meets its requirements Complying with its organizational security and privacy requirements Establishing their approval process for contracting for a Cloud Solutions – consider referencing in PA so contractors are aware of their process

32 Opportunities for Participation
Three Basic Options for Participation 1. State signs a Participating Addendum for entire state - Every legally eligible entity in the state can participate 2. State signs a Participating Addendum for non state entities - Every legally eligible entity that is not a STATE agency can participate 3. State does not sign a Participating Addendum Political subdivisions wishing to participate may contact the NASPO ValuePoint Cooperative Development Coordinator who will contact the STATE CHIEF PROCUREMENT OFFICIAL asking for approval for that entity to sign their own Participating Addendum. Entities may be given approval on an individual basis or State CPO may give approval to all entities within the state to execute their own Participating Addendums.

33 Participation Option #1: State Entity
Step by Step: States may have submitted Intents to Participate during solicitation, this will provide the information for contractors to contact states interested in signing a Participating Addendum. States may also contact contractors directly to begin Participating Addendum process. State Chief Procurement Officials and State Chief Information Officer (or their designated representative), will be the signatory on the Participating Addendum unless the PA sets out an alternative approval process. They will also be the NASPO ValuePoint point of contact throughout the process. (See Model Participating Agreement) State completes the draft Participating Addendum for each contractor and then forwards the draft to the contractor. Negotiations will be handled directly between state and contractor. Upon agreement, the state sends a final copy of Participating Addendum to the contractor for signature. Contractor signs Participating Addendum and sends back to state for signature. State sends fully executed copy to both contractor and NASPO ValuePoint at - Executed Participating Addendum will be maintained in a repository.

34 Participation Option #1: State Entity
From Model Participating Addendum for Cloud Solutions Master Agreement “Participation: This NASPO ValuePoint Master Agreement may be used by all state agencies, institutions of higher institution, political subdivisions and other entities authorized to use statewide contracts in the State of [xxxxxxx]. Issues of interpretation and eligibility for participation are solely within the authority of the State Chief Procurement Official.”  “Access to Cloud Solutions Services Requires State CIO Approval: Unless otherwise stipulated in this Participating Addendum, specific services accessed through the NASPO ValuePoint cooperative Master Agreements for Cloud Solutions by state executive branch agencies are subject to the authority and prior approval of the State Chief Information Officer’s Office. The State Chief Information Officer means the individual designated by the state Governor within the Executive Branch with enterprise-wide responsibilities for leadership and management of information technology resources of a state.”

35 Participation Option #2 Non State Entity
Step by Step: States may have submitted Intents to Participate during solicitation, this will provide the information for contractors to contact states interested in signing a Participating Addendum.States may also contact contractors directly to begin Participating Addendum process. State Chief Procurement Officials (or their designated representative), will be the signatory on the Participating Addendum. They will also be the NASPO ValuePoint point of contact throughout the process. State completes the draft Participating Addendum for each contractor and then forwards the draft to the contractor. Negotiations will be handled directly between state and contractor. Upon agreement, the state sends a final copy of Participating Addendum to the contractor for signature. Contractor signs Participating Addendum and sends back to state for signature. State sends fully executed copy to both contractor and NASPO ValuePoint at - Executed Participating Addendum will be maintained in a repository.

36 Participation Option #3 Non State Entity & No State PA
Step by Step: An request should be sent to from entity ( may also be sent from contractor). The needs to provide the following details: main point of contact from entity, full name of entity, phone number, address and physical address. NASPO ValuePoint will State Chief Procurement Officer requesting approval for the entity to execute a Participating Addendum. NASPO ValuePoint will both contractor and entity with the permission from Chief Procurement Official to proceed to complete the Participating Addendum. Entity completes the draft Participating Addendum for contractor and then forwards the draft to the contractor. Negotiations will be handled directly between entity and contractor. Upon agreement, the entity sends a final copy of Participating Addendum to the contractor for signature. Contractor signs Participating Addendum and sends back to entity for signature. Entity sends fully executed copy to both contractor and NASPO ValuePoint at - Executed Participating Addendum will be maintained in a repository.

37 Participating Addendum (PA)
May include a States own Administrative Fee Include State specific terms and conditions Identify options for State agencies and/or local governments, special districts, and public education jurisdictions May request state-specific reporting or other requirements Select Contractors and outline any limits Outline how project SOW’s will be executed (through CIO’s IT Divisions or through CPO’s Procurement Divisions) May include a reference to SLAs, including a review and amendment procedures

38 Participating Addendum (PA)
Model Participating Addendum template is available on each Cloud Solutions Master Agreement page on Executed Participating Addendum will be maintained on the website at and in a repository. Participating states and entities will be identified on the map of the USA on each Master Agreement page at Only submit completed and negotiated PA’s with signatures from both parties. Submit completed PA’s in PDF Format to

39 Cloud Solutions PA Ensure organizational policies and guidelines are followed including IT Governance. Review the Cloud Solution Provider’s contract and supporting documents, including the CSA documents, to ensure it meets the Participating Entity’s requirements – Master Agreements and RFP Responses can be found on the NASPO ValuePoint website at Comply with organizational Information Security and Privacy requirements. Consider including approval process and a key point of contact for your state to manage the PA and orders from the PA.

40 Participating Entity Due Diligence

41 Data Security Data classification: 1st step in determining the security controls. CIO’s and CPO’s should consider: Understand the Breach Notification Laws (for PII or personally identifiable information) in your jurisdiction - 47 out of 50 States have these laws (exceptions are Alabama, New Mexico, South Dakota) Determine the sensitivity of the data and if PII is involved Risk level set by consequences of exposure Most frameworks use three tier classification model (e.g. Low, Medium, High; Official, Secret, Top Secret) From Cloud Solutions Getting the Security and Controls Right PowerPoint

42 Data Classification and Security Controls
Understand the customer’s responsibilities (e.g. for IaaS and PaaS, customer defines requirement for encryption) Leverage industry standard certifications to demonstrate compliance for cloud security controls – use information from the Cloud Security Alliance tools to short-list vendors. Review the certification or compliance documents in detail – vendor may not comply with the specific controls that your organization needs Identify specific controls and request additional certifications to comply with privacy requirements when PII is involved (for example ISO/IEC 27018) From Cloud Solutions Getting the Security and Controls Right PowerPoint

43 Using Cloud Security Alliance Tools
Cloud Controls Matrix (CCM) - security controls framework for cloud Consensus Assessment Initiative Questionnaire (CAIQ) - assessment tool based on CCM CSA STAR (Security, Trust and Assurance Registry) - provider Assurance Program. Leverages CCM & CAIQ as its foundation Provided by the Cloud Security Alliance see: Cloud Solutions Getting the Security and Controls Right PowerPoint

44 CSA Cloud Controls Matrix
133 Controls in Cloud Control Matrix v 3.0.1 Provided by the Cloud Security Alliance see: Cloud Solutions Getting the Security and Controls Right PowerPoint

45 Tips to Consider When moving to the Cloud Solution

46 Tips to Consider In an effort to promote successful projects under the Cloud Solutions Portfolio, the Lead State attended the Gartner Sourcing & Strategic Vendor Relations Summit. The following slides contain information from this summit and provides end users with information to consider as project SOW’s are developed.

47 Nail Your Business Case
SOW Must Be Complete — No Gray Areas! Understand the application and what is in scope and out of scope Clarify Ownership of Tasks and Deliverables – essential for IaaS and PaaS Do Not Rely on Generic Definitions Document Business Value Expectations Define Cost to Manage Risk and Quality (Security, Archiving, Backup, DR as related to the application)

48 SLA Can Not Be An Afterthought
Link to organizations SMART Objectives: Specific, Measurable, Actionable, Relevant and Time-Bound Review SLA(s) and Terms and Conditions included in the ValuePoint-Utah Master Agreement for service commitments, remedies, and penalties. Ensure SLA(s) aligns with organizational SMART objectives and business needs It is the State’s responsibility to negotiate and modify the PA if the SLA(s) and Terms and Conditions don’t align Closely evaluate all Terms and Conditions for SLA(s) exclusions Consider review process for adjustments to SLA(s) over time

49 Exit Strategy Is A Must Have
Structure Your PA to enable an exit. Review MA and PA termination disentanglement clauses and develop you exit plan in advance. Consider terms and conditions for disengagement and make sure they meet your needs of include additional requirements in PA if necessary. Plan for Costs, Schedules and Responsibilities.

50 Final Recommendations
Clearly define the scope and objectives of your cloud application. Align with expectations of key stakeholders. Transition planning must be part of your strategy. Evaluate the comprehensiveness and achievability of the transition plan. Jointly manage the transition plan and escalate issues before they become risks. Measure and proactively manage transition processes to achieve success.

51 Questions

52 For Questions or Information Contact
Dugan Petty Education & Outreach Coordinator for IT NASPO ValuePoint (503) (PST) Shannon Berry, CPM Cooperative Development Coordinator NASPO ValuePoint (775) (PST)

Download ppt "State Kickoff Webinar State of Utah Cloud Solutions"

Similar presentations

WSCA/NASPO Contract For Managed Print Services

WSCA/NASPO Contract For Managed Print Services
Procurement.

Procurement.
Enterprise Content Management Pre-Proposal Conference for RFP No. ISD2006ECM-SS December 6, 2006 California Administrative Office of the Courts Information.

Enterprise Content Management Pre-Proposal Conference for RFP No. ISD2006ECM-SS December 6, 2006 California Administrative Office of the Courts Information.
TECHNOLOGY SOLUTIONS FOR GOVERNMENT AND EDUCATION 1 Senate Bill 20: DIR Implementation STATE AGENCY WEBINAR| AUGUST 12, 2015 Texas Department of Information.

TECHNOLOGY SOLUTIONS FOR GOVERNMENT AND EDUCATION 1 Senate Bill 20: DIR Implementation STATE AGENCY WEBINAR| AUGUST 12, 2015 Texas Department of Information.
BTS730 Communications Management Chapter 10, Information Technology Management, 5ed.

BTS730 Communications Management Chapter 10, Information Technology Management, 5ed.
© Cloud Security Alliance, 2015 Sean Cordero, Chair CCM Laura Posey, Chair CAIQ.

© Cloud Security Alliance, 2015 Sean Cordero, Chair CCM Laura Posey, Chair CAIQ.
GWAC Ordering Procedures Overview

GWAC Ordering Procedures Overview
Roles and Responsibilities

Roles and Responsibilities
Computer Equipment Master Agreement 2015-2020 April 7, 2015 11:00 AM Pacific Time.

Computer Equipment Master Agreement April 7, :00 AM Pacific Time.
Submitting IT Purchasing Statements of Work to DIR SB 20 COMPLIANCE FOR TEXAS STATE AGENCIES TECHNOLOGY SOLUTIONS FOR GOVERNMENT AND EDUCATION.

Submitting IT Purchasing Statements of Work to DIR SB 20 COMPLIANCE FOR TEXAS STATE AGENCIES TECHNOLOGY SOLUTIONS FOR GOVERNMENT AND EDUCATION.
DGS Recommendations to the Governor’s Task Force on Contracting & Procurement Review Report Overview August 12, 2002.

DGS Recommendations to the Governor’s Task Force on Contracting & Procurement Review Report Overview August 12, 2002.
RECOMMENDATIONS OF THE GOVERNOR ’ S TASK FORCE ON CONTRACTING AND PROCUREMENT REVIEW Report Overview PD Customer Forum September 2002.

RECOMMENDATIONS OF THE GOVERNOR ’ S TASK FORCE ON CONTRACTING AND PROCUREMENT REVIEW Report Overview PD Customer Forum September 2002.
NASPO ValuePoint Aftermarket Automotive Parts Cynthia Okoroike State of California December 2015.

NASPO ValuePoint Aftermarket Automotive Parts Cynthia Okoroike State of California December 2015.
DATA BREACH & CREDIT MONITORING SERVICES STATE OF IDAHO Division of Purchasing NASPO ValuePoint.

DATA BREACH & CREDIT MONITORING SERVICES STATE OF IDAHO Division of Purchasing NASPO ValuePoint.
Public Safety Video and Vehicle Mounted Equipment OK-MA-145 Pre-Proposal Webinar May 6, 2016.

Public Safety Video and Vehicle Mounted Equipment OK-MA-145 Pre-Proposal Webinar May 6, 2016.
Cloud Solutions: Getting the Security and Controls Right July 20, 2016.

Cloud Solutions: Getting the Security and Controls Right July 20, 2016.
Contract Compliance Training

Contract Compliance Training
Procurement & Strategic Sourcing

Procurement & Strategic Sourcing
State of Utah Small Package Delivery Services States Kickoff Webinar

State of Utah Small Package Delivery Services States Kickoff Webinar
Processes and Procedures for Contracting at UO

Processes and Procedures for Contracting at UO

Similar presentations

Ads by Google