MIS Department Policy & Procedure
RFP/RFI Checklist
Questions for Vendor
Do you use current SSL/TLS protocols (TLS 1.2 or 1.3) and secure cipher suites (256-bit AES encryption or stronger)?
Which strong user authentication mechanisms, (2FA) does your company use for backend admin?
Provide options for secure sign-in to the system - Single sign-on systems such as SAML to integrate with common authentication systems such as Active Directory or Azure AD.
Provide protection against data loss and a comprehensive data backup and restoration plan
Is all sensitive data encrypted both in transit and at rest, using industry standard encryption algorithms and protocols?
Does your software provide mechanisms to protect against SQL injection and other injection attacks.
How do you ensure that personal identifiable information (PII) and other sensitive data are handled according to relevant data protection laws and regulations?
Do you follow industry standard best practices for virus protection/malware?
Do you perform background checks on staff?
Does your software require admin rights for utilization/updates?
What is your guaranteed system availability/up-time?
What is your process to comply with litigation requests, FOIA and records retention?
Do you support desktop and mobile access?
Is your system compatible with Google Workspace?
Are you compatible with modern Internet browsers Chrome (preferred) and Edge?
Is your system SOC2 certified?
Are you FedRAMP or StateRAMP certified?
Question for Team
What are the hardware/software requirements for this project now?
_____________________________________________________________________________
_____________________________________________________________________________
_____________________________________________________________________________
_____________________________________________________________________________
In the next 3-5 years?
_____________________________________________________________________________
_____________________________________________________________________________
_____________________________________________________________________________
When the review process shows either no hardware or minimal hardware will be involved, push and ask questions such as:
What circumstance would change this minimal requirement?
______________________________________________________________________
What hardware/software have other customers had to purchase to implement your solution?
______________________________________________________________________
What should we plan for 3-5 years down the road?
______________________________________________________________________
Overview
Creep by the end of the onboarding process?
_____________________________________________________________________________
_____________________________________________________________________________
_____________________________________________________________________________
Creep expected from MIS staff by the end of the onboarding process?
_____________________________________________________________________________
_____________________________________________________________________________
_____________________________________________________________________________
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article