Write a RFP (Request for Proposal) for a vendor.
Vendor Minimum Requirements
Prior to submitting proposals, all vendors must provide a statement that they have met or exceeded each of the following requirements:
Must be in business for at least the last five consecutive years
Report annual gross sales of at least one million U.S. dollars
Present at least three references of previous engagements—within the last three years—that are materially similar to the requirements contained in this document
Must have at least one person who will be a primary participant in delivering products and services who holds a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or equivalent security certification
Cannot have any active managed security service provider contracts with any other agency of this state
Must maintain at least one permanent office in this state
Must provide samples of previous reports for other clients, sensitive information omitted, that contain three of the following activities:
Risk assessment
Vulnerability assessment
Penetration test
Source code review
Business Continuity Plan/Disaster Recovery Plan (BCP/DRP)