Request for proposals (RFP): Technology Optimization Initiative


Legal Aid of Southeastern Pennsylvania (LASP) is seeking an experienced technology consultant to improve its IT security posture, achieve a higher Technology Maturity Level (TML), and solidify its core cloud infrastructure. Proposals are due by Friday, Aug. 30, 2024 at 8 p.m. to rfp@lasp.org.

Legal Aid of Southeastern PA

625 Swede Street

Norristown, PA 19401

Request for Proposals (RFP) issued: Aug. 1, 2024

Proposals due by Friday, Aug. 30, 2024 at 8 p.m.

Contact: Phillip Hammond, Director of Operations

rfp@lasp.org

Please see document for specifics.

RFP (10-page PDF)


About LASP

Legal Aid of Southeastern PA (LASP)’s mission is to provide quality legal representation to low-income and vulnerable people in Bucks, Chester, Delaware and Montgomery Counties in Pennsylvania, to empower them to solve problems without legal representation through legal education and increased access to the courts, and to change community practices and systems that cause or aggravate poverty.

LASP was created on Jan. 1, 2001, when four legal services programs joined forces: Bucks County Legal Aid Society, Montgomery County Legal Aid Service, Legal Aid of Chester County, and Delaware County Legal Assistance Association.

Project Objectives and Scope of Services

Legal Aid of Southeastern Pennsylvania (LASP) is seeking an experienced technology consultant to improve its IT security posture, achieve a higher Technology Maturity Level (TML), and solidify its core cloud infrastructure. The selected consultant will be responsible for implementing the following key systems and capabilities across two phases.

The total budget for this project is $83,000. The project must be completed by June 30, 2025, and LASP expects all work to be completed by May 30, 2025.

The selected consultant shall provide the following services to LASP to fulfill the stated project objectives:

Phase I

1. Email Security Implementation

  • Deploy and configure Microsoft 365 Email Security, Enterprise anti-spam, anti-spoofing, and anti-impersonation solutions.

  • Resolve any existing quarantine issues and provide comprehensive training to staff on the new email security measures.

2. SharePoint Online Migration

  • Migrate all file shares from branch and main offices to SharePoint Online.

  • Configure SharePoint policies, sites, and security settings per organizational requirements.

  • Develop and implement standardized file naming conventions and office share processes.

  • Provide hands-on training to staff on using SharePoint Online and the new file management processes.

3. Identity and Access Management

  • Implement Multi-Factor Authentication (MFA) for all user accounts.

  • Configure Single Sign-On (SSO) and Conditional Access (CA) policies based on organizational needs.

  • Deliver training to staff on the usage and importance of MFA, SSO, and CA controls.

Phase II

4. Mobile Device Management

  • Set up and configure the Microsoft Intune Mobile Device Management (MDM) platform for Windows 10/11 Pro devices.

  • Develop and implement security and compliance profiles for managed devices.

  • Migrate devices from Active Directory to Azure Active Directory.

  • Provide training to staff on MDM processes and policies.

5. Mobile Application Management

  • Implement the Intune Mobile Application Management (MAM) platform for Android and iOS devices.

  • Push and secure Microsoft Apps on BYOD devices using FaceID or PIN authentication.

  • Develop and implement MAM policies and guidelines for secure app usage.

6. Autopilot Deployment

  • Configure Microsoft Intune Autopilot for automatic deployment of Microsoft Apps, VPN clients, printers, and other line-of-business (LOB) applications.

  • Establish and document processes for Autopilot-based application and device provisioning.

7. Knowledge Transfer and Documentation

  • Provide comprehensive knowledge transfer to LASP’s IT staff on all implemented systems and processes.

  • Develop and deliver detailed documentation, including configuration guides, process workflows, and training materials.

The consultant shall work closely with LASP’s IT team throughout the project to ensure successful implementation, configuration, and adoption of the specified solutions, ultimately enhancing the organization's security posture, technology maturity, and cloud infrastructure.

Project Deliverables

1. Phase I Deliverables:

o   Implemented and configured Microsoft 365 Email Security, Enterprise anti-spam, anti-spoofing, and anti-impersonation solutions

o   Resolved quarantine issues and delivered staff training materials/sessions on email security

o   Migrated all file shares from branch and main offices to SharePoint Online

o   Configured SharePoint policies, sites, and security settings

o   Documented file naming conventions and office share processes

o   Conducted SharePoint Online training for staff

o   Implemented Multi-Factor Authentication (MFA) for all user accounts

o   Configured Single Sign-On (SSO) and Conditional Access (CA) policies

o   Delivered training materials and sessions on MFA, SSO, and CA

2. Phase II Deliverables:

o   Implemented and configured Microsoft Intune Mobile Device Management (MDM) platform for Windows 10/11 Pro devices

o   Developed security and compliance profiles for managed devices

o   Migrated devices from Active Directory to Azure Active Directory

o   Conducted training on MDM processes and policies

o   Implemented Intune Mobile Application Management (MAM) platform for Android and iOS devices

o   Pushed and secured Microsoft Apps on BYOD devices with FaceID or PIN

o   Developed MAM policies and guidelines for secure app usage

o   Configured Microsoft Intune Autopilot for automatic deployment of apps, VPN, printers, and LOB applications

o   Documented processes for Autopilot-based application and device provisioning

3. Knowledge Transfer and Documentation:

o   Comprehensive knowledge transfer sessions for LASP’s IT staff and end user training for LASP staff

o   Detailed documentation, including configuration guides, process workflows, and training materials

4. Project Management Deliverables:

o   Project plan with milestones, timelines, and resource requirements

o   Regular project status reports and meetings

o   Risk management and issue resolution plans

o   Testing and acceptance criteria for each phase

o   Project closure report and lessons learned

Submission and Point of Contact Information

Proposals are due by 8:00 pm EST on August 30, 2024.

The Point of Contact for this RFP is Phillip Hammond.

Submit inquiries via email to rfp@lasp.org. Subject: LASP TOI RFP questions.

Submit proposals via email to rfp@lasp.org. Subject: LASP TOI RFP proposal. Proposals can be sent via attachment, links, or any platform that delivers a PDF. A proposal is considered submitted on time if an email containing the RFP delivery methods noted above is received in the inbox before the date and time noted above.

If you do not receive confirmation of your proposal confirmation within two business days, please contact the Point of Contact.

Project Timeline

  • RFP issued: August 1, 2024

  • Project questions due: August 9, 2024

  • Questions back to the community: August 16, 2024

  • RFP proposals due: August 30, 2024

  • Contract awarded: September 20, 2024

  • Project deliverables must be completed by May 30, 2025

Evaluation Criteria

Proposals will be evaluated based on the contractor’s responsiveness and quality of submission to the RFP, qualifications, examples of prior work or experiences, references and the total price quoted for all items covered by the RFP.

The following will be reviewed, scored, and a decision made based on the responses:

1.  Technical Expertise and Experience:

o   Demonstrated experience in implementing and configuring Microsoft 365 security solutions, SharePoint Online, Azure Active Directory, Microsoft Intune, and related technologies.

o   Proven track record of successful migrations and deployments of similar scope and complexity.

o   Certifications and expertise of the proposed project team members.

2. Project Approach and Methodology:

o   Clarity and comprehensiveness of the proposed project plan, including milestones, timelines, and resource allocation.

o   Effectiveness of the risk management and issue resolution strategies.

o   Robustness of the testing and acceptance criteria for each phase.

o   Alignment of the proposed approach with industry best practices and standards.

3. Training and Knowledge Transfer:

o   Quality and comprehensiveness of the proposed training materials and sessions.

o   Effectiveness of the knowledge transfer plan for LASP’s IT staff.

o   Clarity and completeness of the documentation, including configuration guides, process workflows, and training materials.

4. Project Management and Communication:

o   Effectiveness of the proposed project management processes, including regular status reports and meetings.

o   Quality of the communication plan and stakeholder management approach.

o   Ability to provide timely and clear responses to requests for information or clarification.

5. Cost and Value Proposition:

o   Overall cost-effectiveness of the proposed solution, including licensing, implementation, and ongoing support costs.

o   Demonstrated ability to deliver value and achieve the desired outcomes within the specified budget.

o   Transparency in pricing and potential for cost savings or operational efficiencies.

6. Vendor Reliability and Support:

o   Financial stability and long-term viability of the vendor.

o   Availability of post-implementation support and maintenance services.

o   Quality of the vendor's customer references and satisfaction ratings.

7. Security and Compliance:

o   Adherence to relevant security and compliance standards.

o   Robustness of the proposed security and compliance profiles for managed devices.

o   Ability to meet LASP’s specific security and data protection requirements.

8. Scalability and Future-Proofing:

o   Ability of the proposed solution to adapt to future growth or changes in requirements.

o   Compatibility with emerging technologies and future Microsoft product roadmaps.

o   Flexibility to integrate with other systems or platforms, if needed.

Proposal Format

1. Executive Summary

o   Brief overview of the vendor's understanding of the project requirements

o   High-level approach and proposed solution

o   Key differentiators and value proposition

2. Company Overview

o   Company background, history, and core competencies

o   Consultant’s name, email address, websites, federal tax ID number or social security number; include primary contact information

o   Relevant experience and expertise in similar projects

o   Certifications and partnerships (e.g., Microsoft Gold Partner)

o   Any relevant conflicts of interest or pending lawsuits in which the consultant is a party.

3. Proposed Solution

o   Detailed description of the proposed technical solution for each phase

o   Explanation of how the solution addresses the RFP requirements

4. Project Approach and Methodology

o   Project management approach, including milestones and timelines

o   Risk management and issue resolution strategies

o   Testing and acceptance criteria for each phase

o   Quality assurance and control processes

5. Implementation Plan

o   Step-by-step implementation plan for each phase

o   Migration strategies and data migration approaches

o   Deployment and configuration processes

6. Training and Knowledge Transfer

o   Proposed training plan and curriculum for end-users and IT staff

o   Knowledge transfer strategy and approach

o   Documentation and reference materials

7. Project Team and Staffing

o   Roles and responsibilities of the project team members

o   Qualifications, certifications, and relevant experience of key personnel

o   Resource allocation and staffing plan

8. Project Management and Communication

o   Project governance structure and communication plan

o   Status reporting and meeting schedules

o   Escalation and decision-making processes

9. Support and Maintenance

o   Post-implementation support and maintenance services

o   Service level agreements (SLAs) and response times

o   Incident management and problem resolution processes

10. Cost Proposal

o   Detailed breakdown of project costs, including licensing, implementation, and ongoing support

o  Payment terms and conditions

o   Pricing assumptions and potential cost savings

11. References and Case Studies

o   List of relevant client references and contact information

o   Case studies or success stories from similar projects

12. Assumptions and Dependencies

o   List of assumptions made in the proposal

o   Dependencies on LASP’s resources or infrastructure

13. Appendices

o   Additional supporting documents, such as vendor certifications, product datasheets, or sample deliverables

Vendors should aim to provide clear, concise, and well-structured proposals that address all the requirements outlined in the RFP. They should also be prepared to give presentations or demonstrations to further clarify their proposed solution and approach if requested.

Terms and Conditions

LASP reserves the right to modify or withdraw this RFP or its associated timeline at any time.

LASP also retains the right to cancel or reissue the RFP without prior notice.

LASP may choose to waive minor administrative non-conformities found in any submitted response.

LASP will not reimburse consultants for any costs incurred in preparing responses or proposals for this RFP.

LASP reserves the right to negotiate contractual terms with the selected consultant, award the contract to other than the lowest cost provider, reject all proposals, and extend the deadline for submission proposals.

All responses, proposals, accompanying documentation, and other materials submitted in response to this RFP become the property of LASP and will not be returned to the submitting parties.

If subcontractors are used, their involvement must be clearly outlined in the proposal, including their identities. The primary consultant is solely responsible for the entire performance, regardless of subcontractor involvement. Any substitution of subcontractors must receive written approval from LASP.

Issuing this RFP does not obligate LASP to enter into a contractual agreement. LASP reserves the right to refrain from contracting with any consultant who has responded to this RFP, regardless of the evaluation of their response. This decision does not affect LASP's ability to contract with other consultants. LASP also reserves the right to request an interview and/or demonstration from any consultant before entering into a contract.

Consultant’s Liability Insurance

The consultant and any subcontractors shall procure and maintain appropriate insurance coverage for the duration of this project. This shall include insurance against claims for bodily injury, property damage, and cybersecurity risks associated with the protection of data in their possession or any LASP data to which they have access. The consultant shall provide proof of insurance to LASP prior to contract execution and commencement of work.

The insurance coverage shall meet or exceed the following minimum requirements:

  • Comprehensive or Commercial General Liability - $1,000,000 per occurrence

  • Professional Liability or Errors & Omissions - $1,000,000 per claim

  • Workers' Compensation coverage as mandated by the laws of the State of Pennsylvania


RFP (10-page PDF) (download, print, share!)