Vendor Conference Power Point Presentation
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
905
On Slideshare
905
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
1
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Texas Health and Human Services Commission (HHSC ) Information Technology Audit of Wireless Technology Security Request for Proposals # 529-07-0111 Vendor Conference January 2, 2008
  • 2.
    • Welcome
    • Introductions
      • Steve Bailey and Thomas Spears, Enterprise Contract and Procurement Services (ECPS)
      • Sherice Williams-Patty, HUB Coordinator, Administrative Services Development (ASD)
      • David Griffith, Director, HHSC Internal Audit
      • Annick Barton, IT Audit Manager
      • David Brown, Assistant General Counsel
    • Housekeeping Items
  • 3. HHSC Procurement Roles
    • ECPS - Responsible for procurement activity
    • HUB - Responsible for HUB activity
    • Program - Responsible for project scope, requirements, performance, results, contract management/monitoring
    • Legal - Questions/answers and legal activity
  • 4. Vendor Conference Overview
      • Procurement Activities
      • HUB Items
      • RFP Overview
      • Questions Submittal
      • Break
      • Preliminary Responses to Questions
      • Closing Comments
  • 5.
    • Procurement Activities
      • Questions & Answers
      • Sole Contact, Mary Townsend, ECPS
      • Procurement Schedule
      • Solicitation Access
      • Submission Requirements
      • Solicitation Changes
      • Screening & Evaluation
      • Award Information
  • 6. HUB Subcontracting Plan (HSP) Requirements
  • 7. Agenda Topics
    • RFP Section 4.0 Historically Underutilized Business
    • Participation Requirements
    • HUB Subcontracting Plan
    • Self Performance HSP
    • HSP Prime Contractor Progress Assessment Report
  • 8.
    • HUB Participation Goals
    • Potential Subcontracting Opportunities
    • Vendor Intends to Subcontract
    • Minority or Women Trade Organizations
    • Self Performance
    • HSP Changes After Contract Award
    • Reporting and Compliance with the HSP
    RFP Section 4.0 - Historically Underutilized Business Participation Requirements
  • 9. Self Performance Declaration Company Information HSP Information Page If more than 20, provide attached list HUB GOALS
  • 10. One page for each area subcontracted (listed on page 1) List Line # and Subcontracting Opportunity HSP Information Page
  • 11. Protégé performing the work HSP Information Page Skip to Sections 8 and 10
  • 12. Professional Services Category HSP Information Page Good Faith Efforts to find Texas Certified HUB Vendors Contact HUB Trade Organization Written Notification Requirements
  • 13. List 3 HUBs Contacted for this Subcontracting Opportunity HSP Information Page
  • 14. List Subs to be used (HUBs & Non-HUBs) for this Subcontracting Opportunity HSP Information Page
  • 15. Reason why HUB was not selected for this Subcontracting Opportunity HSP Information Page
  • 16. Self Performance Explanation Signature Affirms that True and Correct Information is Provided HSP Information Page
  • 17.
    • Required with
    • ALL Pay Requests
    • Required even if
    • not subcontracting
    • List ALL Sub
    • payments
    • (HUBs & Non-
    • HUBs)
    HSP Prime Contractor Progress Assessment Report ATTACHMENT “E”
  • 18. HSP ASSISTANCE FROM CPA
    • HUB Subcontracting Plan (HSP) Forms
    • Step-by-step instructions and an audio on “ How to Complete an HSP ” is located on the Comptroller of Public Accountants (CPA’s) website at: http://www.cpa.state.tx.us/procurement/prog/hub/hub-forms/hsp_project.wmv
    • How to Complete an HSP
    • Play Windows Media Version (7.7 mb download)
    • Play Macromedia Flash version (10.8 mb download)
    • Read Video Transcript (.rtf file) (160k download)
    • Play QuickTime (mp4) version (24 MB download)
  • 19. Administrative Services Development HUB Program Office
    • Sherice Williams-Patty, HUB Administrator
    • Administrative Services Development
    • - (512) 424-6903
    • - [email_address]
    • Carlos Balderas, HUB Administrator
    • Administrative Services Development
    • - (512) 424-6896
    • - [email_address]
    • Robert L. Hall, C.P.M.
    • Administrative Services Development Director
    • - (512) 424-6596
    • - [email_address]
  • 20. RFP Overview: IT Audit of Wireless Technology Security HHSC Internal Audit Annick M. Barton, IT Audit Manager January 2, 2008
  • 21. IT Audit of Wireless Technology Security
    • Mission and Objectives
    • Scope of Work
    • Project Schedule
    • Key Performance Requirements
    • Cost Proposal
  • 22. Mission (Section 1.4 and 1.5)
    • To engage an independent audit services contractor to evaluate wireless technology security in Health and Human Services agencies
    • Audit services must be conducted in accordance with auditing standards issued by the IIA, GAO, and ISACA
    • Experience and expertise of the Respondent’s key professional staff is a significant factor in selection of the audit services contractor
  • 23. Objectives (Section 1.5)
    • Determine whether:
    • A. Agency decisions to use wireless technology are supported by an analysis of business needs, impacts on the technology infrastructure, data and system risks, and associated benefits and costs.
    • B. HHS enterprise contract provisions and information technology standards and policies adequately address wireless technology risk areas and are aligned with State and Federal requirements and best practices.
    • C. HHS agency contract provisions and information technology policies, procedures, and practices adequately address wireless technology risk areas and are consistent with HHS enterprise standards and policies, State and Federal requirements, and best practices.
  • 24. Objectives (Section 1.5)
    • Determine whether:
    • D. Wireless network access points and servers that support Blackberry/Personal Digital Assistant services are appropriately secured to help ensure HHS data and systems are protected from unauthorized disclosure, use, modification, or destruction.
    • E. Wireless network devices are appropriately secured to help ensure HHS data and systems are protected from unauthorized disclosure, use, modification, or destruction.
    • F. Effective mechanisms are in place for detecting, monitoring, and responding to wireless security exposures and incidents.
  • 25. Scope of Work (Section 2.2 and 2.5)
    • Information Technology Audit of Wireless Technology Security across all HHS agencies (DADS, DARS, DFPS, DSHS, and HHSC)
    • Audit Planning, Fieldwork, and Reporting Phases
  • 26. Scope of Work (Section 2.2 and 2.5)
    • Audit Scope
      • HHS agency and applicable vendor/contractor activities
      • Includes assessment of wireless access points that are rogue or unapproved
      • Includes evaluation of security controls related to wireless technology hardware, software, and devices (such as laptops, PDAs and related servers, and printers)
  • 27. Scope of Work (Section 2.2 and 2.5)
    • Audit Scope
      • HHS agency owned or leased facilities
      • Any locations that house HHS employees in Texas
      • Data centers housing HHS data located in Texas
  • 28. Project Schedule (Section 2.1)
    • Detailed project schedule of work and timelines
    • Resulting in Final Audit Report submitted no later than 120 business days after the contract effective date
    • Anticipated contract effective date: April 15, 2008
    • Draft Report due no later than 89 business days after the contract effective date (August 22, 2008)
  • 29. Key Performance Requirements (Section 2.3 and Attachment A)
    • Contractor must meet Key Performance Requirements and subscribe to associated liquidated damages for failure to perform
    • Respondent must indicate in its proposal acceptance or rejection of each Key Performance Requirement, including (if rejected) basis for rejection and proposed modifications
    • If timeline for any deliverable not met, contractor must provide Daily Status Report
  • 30. Key Performance Requirements (Section 2.3 and Attachment A)
    • Attachment A outlines Performance Area, Standards and Measures, and Liquidated Damages
    • Example:
      • List of Audit Project Personnel can be accepted or rejected by the Internal Audit Director
      • Once personnel are approved, contractor may not make changes without written approval of the Internal Audit Director
      • Liquidated damages for noncompliance are $10,000 per occurrence plus $500 per day for each project member changed
  • 31. Cost Proposal (Section 3.14.2 and Attachment B)
    • Separate costs must be provided for each audit phase and audit objective
    • Include any business, economic, legal, programmatic, or practical assumptions that underlie the Cost Proposal
    • Separately identify value-added benefits, costs-savings and cost-avoidance measures and the effect on the Cost Proposal and Scope of Work
    • HHSC reserves the right to select the objectives to be performed to obtain best value for HHSC
  • 32. Texas Health and Human Services Commission (HHSC ) Questions Submittal Followed by Break
  • 33. Closing Comments
    • Office of General Counsel
      • Collusion
      • Conflict of Interest
      • Permissible contacts