State of Georgia
Georgia Technology Authority
Request For Qualified Contractors (RFQC)
Appendix E
Prospective Service Provider Questionnaire
Services Integration Initiative
Market Test And Rebid For Infrastructure Services
RFQC No. 98000-0000001647
December 15, 2015
This document contains confidential and proprietary information of GTA and Customers. It is furnished
for the purpose of facilitating Service Provider response to this RFQC. Except with the express prior
written permission of GTA this document and the information contained herein may not be published,
disclosed, or used for any other purpose.
Georgia Technology Authority
Appendix E: PSP Statement Questionnaire
Instructions: Prospective Service Providers must submit responses for each question row with a “Y” (Yes) or
“N” (No) response and Client Reference Number(s), at least one but no more than 3 per question, from Appendix
H. RFQC questions are for informational purposes so any Prospective Service Providers “N” (No) responses will
not be used for disqualification purposes. Prospective Service Provider will be aware that the State has the
following constraints:











Service Provider may not use foreign-based facilities, systems, processes or personnel for any function of
the Services.
All state data must be kept within the continental US.
Services will comply with the Policies, Standards and Guidelines as published by GTA
(http://gta.georgia.gov/psg/book-page/enterprise-policies-standards-and-guidelines)
All services and solution sets will be compliant with federal security guidelines (e.g. NIST, FISMA) and
auditable by state and federal entities.
Federal regulations (e.g. HIPAA, MARS-E, SSA, IRS Pub.1075, FERPA, and CJIS) will apply to all
relevant services and data.
Leveraged (shared) facilities need to show controls and audits that meet state and federal requirements (e.g.
IRS and HIPAA).
All services will go through the centralized (MSI) service desk and service catalog.
A service integrator function will be utilized to facilitate a common delivery to customers and for
standardized cross functional tools and processes; there will be different ways for services to be plugged
into the platform.
Service Towers can be broken down and awarded to providers in smaller components of different service
categories.
A state-wide virtually private network will be available for provider usage and access to the state facilities.
The state consolidated data center (NADC) will still be required by the State for at least the medium term
(5+ years).
PSP Company Name:
Question
#
Question
PSP
Response
“Y” or “N”
Appendix
H Client
Ref. #
Common Questions for all Services
CMN-1
Does the Prospective Service Provider have experience in migrating existing
services managed by an incumbent to new service/technology options?
CMN-2
Does the Prospective Service Provider dedicate resources to customer
accounts and ensure dedicated staff have knowledge of the customer
environments?
CMN-3
Does the Prospective Service Provider provide transparency to customers on
the currency and licensing for the underlying software within the services you
provide?
CMN-4
Does the Prospective Service Provider have experience tracking, reporting,
and notifying compliance for customer owned and Service Provider owned
software licenses to support the provided services?
RFQC No. 98000-0000001647
Infrastructure Services
Page 2 of 5
Georgia Technology Authority
Appendix E: PSP Statement Questionnaire
PSP Company Name:
Question
#
CMN-5
Question
PSP
Response
“Y” or “N”
Appendix
H Client
Ref. #
Does the Prospective Service Provider have experience providing
marketing/service awareness and sales to new and existing customers for
clients?
Server Services
SVR-1
Can the Prospective Service Provider offer a solution for cloud based hosting
for application development/test environment?
SVR-2
Has the Prospective Service Provider provided Server solutions that includes
Host Intrusion Protection (HIPS) and Virus/Malware protection?
SVR-3
Can the Prospective Service Provider manage the server instances that have
been built by other Service Providers?
SVR-4
Has the Prospective Service Provider provided Server solutions with
differentiated tiers of service (e.g. Bronze, Silver, and Gold) that have
different entitlements of service, function, and quality?
SVR-5
Can the Prospective Service Provider turn down server instances when they
are not required (e.g. not charge for Dev/Test environments not in use)?
SVR-6
Has the Prospective Service Provider delivered a solution that included
transitioning a consolidation of service instances volumes from a Customer
dedicated environment to a leveraged (shared) environment?
Database Services
DB-1
Does the Prospective Service Provider have a distinct Database Management
Service Offering?
Mainframe Services
MF-1
Has the Prospective Service Provider transitioned mainframe services from a
Customer dedicated environment to a leveraged (shared) environment?
MF-2
Can the Prospective Service Provider provide a Mainframe services with
limited or no minimum usage?
Print -Mail Services
PRM-1
Does the Prospective Service Provider Print services solution include mail
inserts and metered postage?
PRM-2
Does the Prospective Service Provider Print services solution allow for
Production Print and Mail services from non-Mainframe applications?
PRM-3
Has the Prospective Service Provider transitioned print services from a
Customer dedicated environment to a leveraged (shared) environment?
Storage Services
ST-1
Has the Prospective Service Provider migrated clients from legacy storage
solutions, such as a consolidated tiered Storage allocations in a customer
dedicated environment, to a leveraged (shared) environment?
RFQC No. 98000-0000001647
Infrastructure Services
Page 3 of 5
Georgia Technology Authority
Appendix E: PSP Statement Questionnaire
PSP Company Name:
Question
#
Question
ST-2
Does the Prospective Service Provider you utilize automated tools to assist in
managing authorized software for storage services (i.e. aid in policing user
compliance to state policies)?
PSP
Response
“Y” or “N”
Appendix
H Client
Ref. #
Backup & Restore Services
BR-1
Can the Prospective Service Provider offer Backup solutions which include
virtual and leveraged (shared) environments for the backup targets?
BR-2
Does the Prospective Service Provider have an option to only backup and
restore services (i.e. storage service support and device support is provided by
another Service Provider)?
End User Computing Services
EUC-1
Does the Prospective Service Provider have an End User Computing solution
that does not require the state to make capital purchases of the devices?
EUC-2
Does the Prospective Service Provider End User Computing solution include
providing automated device management services (e.g. Patching, Virus Scan,
Image management, asset inventory validation)?
EUC-3
Can the Prospective Service Provider offer a Virtual Desktop solution?
EUC-4
Has the Prospective Service Provider provided a Wireless Management
solution that includes wireless security?
EUC-5
Has the Prospective Service Provider provided EUC solutions with
differentiated tiers of service (e.g. Bronze, Silver, and Gold) that have
different entitlements of service, function, and quality?
Security Services
SC-1
Can the Prospective Service Provider provide add-on services multi-factor
authentication for multiple platform in an infrastructure environment that has
other Service Providers managing the directory service?
SC-2
Does the Prospective Service Provider Security services include tracking
Governance, Risk Management, and Compliance (GRE/GRC) with security
requirements and controls?
SC-3
Has the Prospective Service Provider provided Security services as
independent offerings to clients (i.e. where device management and
infrastructure are managed by other parties)?
SC-4
Does the Prospective Service Provider operate a US based Security
Operations Center?
Disaster Recovery Services
DR-1
Does the Prospective Service Provider have experience in managing Disaster
Recovery for a wide variety of infrastructure assets and facilities?
RFQC No. 98000-0000001647
Infrastructure Services
Page 4 of 5
Georgia Technology Authority
Appendix E: PSP Statement Questionnaire
PSP Company Name:
Question
#
Question
DR-2
Has the Prospective Service Provider provided clients Disaster Recovery
services as a separate service? (i.e. where infrastructure management is done
by other parties)
DR-3
Does the Prospective Service Provider have experience in providing "hot site"
services for critical applications and associated infrastructure?
PSP
Response
“Y” or “N”
Appendix
H Client
Ref. #
Data Center Management Services
DC-1
Has the Prospective Service Provider have experience in their Data Center
Management services with a flexible model for changing volumes of work?
DC-2
Does the Prospective Service Provider offer collocation services to multiple
business entities out of customer owned facilities as part of their Data Center
Management Solution offering?
DC-3
Does the Prospective Service Provider have an offering to provide support for
the State's existing data centers and all associated workloads (e.g. tape moves,
rack and stack, physical security, asset management, storage, mainframe, and
colocation services)?
RFQC No. 98000-0000001647
Infrastructure Services
Page 5 of 5