City of Conroe Sealed Solicitation
Title: RFP 0410-2025 Cyber and Physical Security Threat Assessment Services
Deadline: 4/17/2025 2:00 PM (UTC-06:00) Central Time (US & Canada)
Status: Cancelled
Solicitation Number: RFP 0410-2025
Description: Cyber and Physical Security Threat Assessment Services
Pre-Bid Meeting Date: 4/1/2025 8:30 AM
Pre-Bid Meeting Details: 401 Sgt. Ed Holcomb Blvd S - Public Works Classroom
Documents:
| Documents as of 3/21/2025 |
|---|
| RFP_Security_Threat_Assessment_Services.pdf |
Addition 1
Posted: 3/27/2025
Type of Addition: Addendum #1
Deadline: 4/10/2025 2:00 PM
Solicitation #: 0410-2025
Documents:
Addition 2
Posted: 3/27/2025
Type of Addition: Addendum #2
Overview: Correction #3 to #2
Deadline: 4/1/2025 2:00 PM
Solicitation #: 0410-2025
Documents:
Addition 3
Posted: 3/28/2025
Type of Addition: Addendum #3
Deadline: 4/10/2025 2:00 PM
Pre-Bid Meeting Details: Date and Time: Tuesday April 2, 2025 @ 8:30AMLocation: 401 Sgt Ed Holcomb Blvd., S.Conroe, Texas 77304Public Works Classroom
Solicitation #: 0410-2025
Documents:
Addition 4
Posted: 3/28/2025
Type of Addition: Addendum #4
Overview: Correction for pre bid date April 1, 2025
Deadline: 4/10/2025 2:00 PM
Documents:
Addition 5
Posted: 4/1/2025
Type of Addition: Addendum #5
Overview: Change deadline date
Solicitation #: 0410-2025
Documents:
Addition 6
Posted: 4/7/2025
Type of Addition: Addendum 6
Overview: Questions and Answers - 1-61
Documents:
Addition 7
Posted: 4/7/2025
Type of Addition: Addendum 6
Overview: Cancel RFP in it's entirety. A new RFP will be revised to eliminate the Cyber Security. This will be resolicited as a physical security threat assessment only.
Addition 8
Posted: 4/7/2025
Type of Addition: Addendum 6
Overview: Cancel RFP in it's entirety.
Documents:
Question 1
Posted: 3/26/2025
Question: Who will I be addressing the bid to?
Response: . The City utilizes the Vendor Registry electronic submission method for one copy per Proposer or deliver two (2) copies of your proposal sealed and appropriately marked “RFP# 0410-2025 Cyber and Physical Security Threat Assessment Services“, to the Purchasing Department, 401 Sgt Ed Holcomb Blvd, Conroe Texas 77304. Proposals will be publicly opened and the respondents’ names read aloud on Thursday April 10, 2025, at 2:00 p.m. in the Dean Towery Service Center Conference Room. Proposals not delivered by this time will be returned unopened
Question 2
Posted: 3/26/2025
Question: Can I schedule to meet with someone to gather more information and do a site walk of each of the buildings on the RFP?
Response: Addendum uploaded for pre bid meeting
Question 3
Posted: 3/27/2025
Question: Does this project fall under AIWA compliance requirements?
Response: No
Question 4
Posted: 3/27/2025
Question: Is the pre-bid meeting mandatory?
Response: No this is not mandatory
Question 5
Posted: 3/27/2025
Question: The Addendum #1 has the date as Tuesday, April 2nd. April 2nd is a Wed. Can you confirm the date for the pre-bid meeting? Also, the addendum wording makes mention of affirming Addendum #3. Just want to clarify that there is only one addendum at this time. Thank you.
Response: Corrected
Question 6
Posted: 3/27/2025
Question: Does the City have a schedule for start of project and requested date for deliverables or will that be negotiable during vendor selection? Is it expected that the project work will all be within the 2025 calendar year?
Response: No
Question 7
Posted: 3/27/2025
Question: Will there be an opportunity to join the pre-bid meeting via teleconference?
Response: No, the site visits will be at the water plant.
Question 8
Posted: 3/28/2025
Question: Can you provide more detailed objectives for the cybersecurity and physical threat assessment? What are the key outcomes the city hopes to achieve?
Response: See Addendum #6
Question 9
Posted: 3/28/2025
Question: What are the specific tasks or deliverables that should be included in the scope of work that are not explicitly mentioned in the RFP?
Response: Just locate threat vulnerabilities in the listed locations.
Question 10
Posted: 3/28/2025
Question: How do we RSVP for Pre-Bid meeting?
Response: No RSVP required
Question 11
Posted: 3/28/2025
Question: Can you please confirm the Pre-Bid meeting day and time, the addendums are still incorrect as posted?
Response: Date and Time: Tuesday April 2, 2025 @ 8:30AM Location: 401 Sgt Ed Holcomb Blvd., S. Conroe, Texas 77304 Public Works Classroom
Question 12
Posted: 3/28/2025
Question: Can you confirm the RFP due date is 4/10/25?
Response: Yes, it is 4/10/2025 @2:00PM
Question 13
Posted: 3/28/2025
Question: Given the Pre-Bid meeting is 4/2 and the questions are due by 4/7, and the RFP is due 4/10, could we please get a 2 week extension on the RFP due date?
Response: See timeline on RFP
Question 14
Posted: 3/28/2025
Question: What is the expected award and implementation completion date?
Response: • Evaluation Period: April 10 - April 15, 2025 • Vendor Selection: TBD • Contract Start Date: TBD
Question 15
Posted: 3/28/2025
Question: We received answers that said that we were looking at the wrong RFP, there was no pre-bid meeting. Then received notice that the prebid was Tuesday, April 2nd- Tuesday is the 1st and we asked for clarification- please confirm if the date is the 1st or 2nd??Sealed Solicitation | Vendor Registry City of Conroe Sealed Solicitation Submit Bid Submit Question Title: RFP 0410-2025 Cyber and Physical Security Threat Assessment Services Deadline: 4/10/2025 2:00 PM (UTC-06:00) Central Time (US & Canada) Status: Open Solicitation Number: RFP 0410-2025 Description: Cyber and Physical Security Threat Assessment Services ________________________________________ Documents: Documents as of 3/21/2025 RFP_Security_Threat_Assessment_Services.pdf • All • Additions • Questions Posted: 3/26/2025 Question: Who will I be addressing the bid to? Response: . The City utilizes the Vendor Registry electronic submission method for one copy per Proposer or deliver two (2) copies of your proposal sealed and appropriately marked “RFP# 0410-2025 Cyber and Physical Security Threat Assessment Services“, to the Purchasing Department, 401 Sgt Ed Holcomb Blvd, Conroe Texas 77304. Proposals will be publicly opened and the respondents’ names read aloud on Thursday April 10, 2025, at 2:00 p.m. in the Dean Towery Service Center Conference Room. Proposals not delivered by this time will be returned unopened Posted: 3/26/2025 Question: Can I schedule to meet with someone to gather more information and do a site walk of each of the buildings on the RFP? Response: Addendum uploaded for pre bid meeting Posted: 3/27/2025 Question: Does this project fall under AIWA compliance requirements? Response: No Posted: 3/27/2025 Question: Is the pre-bid meeting mandatory? Response: No this is not mandatory Posted: 3/27/2025 Question: The Addendum #1 has the date as Tuesday, April 2nd. April 2nd is a Wed. Can you confirm the date for the pre-bid meeting? Also, the addendum wording makes mention of affirming Addendum #3. Just want to clarify that there is only one addendum at this time. Thank you. Response: Corrected Posted: 3/27/2025 Question: Will there be an opportunity to join the pre-bid meeting via teleconference? Response: No, the site visits will be at the water plant.
Response: Addendum for pre-bid has been corrected to reflect April 1, 2025
Question 16
Posted: 4/1/2025
Question: Are there any specific pain points or challenges in the current IT environment that you would like us to address as a priority?
Response: No
Question 17
Posted: 4/3/2025
Question: Please confirm that only the five facilities (Dean Towery Service Center, Southwest Wastewater Treatment Plant, Conroe Central Wastewater Treatment Plant, Water Plant #6, and Water Plant #14) listed in the RFP are to be included in the project scope of work?
Response: Correct
Question 18
Posted: 4/3/2025
Question: How will the findings be used and who is the primary audience for the assessment findings and recommendations?
Response: TBD
Question 19
Posted: 4/3/2025
Question: Is the vendor expected to develop and write emergency preparedness plans?
Response: Just locate threat vulnerabilities in the listed locations.
Question 20
Posted: 4/3/2025
Question: Is the vendor expected to develop security and write operational procedures?
Response: Just locate threat vulnerabilities in the listed locations.
Question 21
Posted: 4/3/2025
Question: Will vendors be provided access to network diagrams, asset inventories, or system architecture for the water/wastewater facilities and service center?
Response: You will have access to system architecture for the water/wastewater facilities and service center
Question 22
Posted: 4/3/2025
Question: The RFP mentions smart technologies—can the City specify which facilities currently use IoT, SCADA, or ICS systems, and what those platforms are?
Response: SCADA
Question 23
Posted: 4/3/2025
Question: Are any critical systems or infrastructure outsourced to managed service providers or third-party vendors, and are those in-scope for the assessment?
Response: No
Question 24
Posted: 4/3/2025
Question: Are there any known restrictions on performing on-site inspections, interviews, or system analysis at the identified facilities?
Response: No Known
Question 25
Posted: 4/3/2025
Question: Should we assume equal effort for all five locations, or does the City expect a heavier focus on particular sites (e.g., those with more critical functions)?
Response: Just locate threat vulnerabilities in the listed locations.
Question 26
Posted: 4/3/2025
Question: Are travel or accommodation expenses reimbursable, or should those be included in the fixed-price proposal?
Response: No
Question 27
Posted: 4/3/2025
Question: Has the City previously conducted cyber or physical security assessments at these facilities? If so, will those be made available for review?
Response: Yes
Question 28
Posted: 4/3/2025
Question: Will the City consider modifications to the Terms, Conditions, and Clauses outlined in the RFP? If so, how should proposed modifications be submitted?
Response: No
Question 29
Posted: 4/3/2025
Question: What is the budget allocated for this project?
Response: TBD
Question 30
Posted: 4/3/2025
Question: Will the sign-in sheet for the pre-bid meeting be made public available or posted on the bid site?
Response: Yes
Question 31
Posted: 4/7/2025
Question: What cybersecurity measures or policies are currently in place for critical infrastructure?
Response: Various.
Question 32
Posted: 4/7/2025
Question: Are there interconnected systems between the facilities (e.g., SCADA systems, ICS, IoT devices)? If so, are they a security concern?
Response: SCADA, no
Posted: 3/27/2025
Type of Addition: Addendum #1
Deadline: 4/10/2025 2:00 PM
Solicitation #: 0410-2025
Documents:
Posted: 3/27/2025
Type of Addition: Addendum #2
Overview: Correction #3 to #2
Deadline: 4/1/2025 2:00 PM
Solicitation #: 0410-2025
Documents:
Posted: 3/28/2025
Type of Addition: Addendum #3
Deadline: 4/10/2025 2:00 PM
Pre-Bid Meeting Details: Date and Time: Tuesday April 2, 2025 @ 8:30AMLocation: 401 Sgt Ed Holcomb Blvd., S.Conroe, Texas 77304Public Works Classroom
Solicitation #: 0410-2025
Documents:
Posted: 3/28/2025
Type of Addition: Addendum #4
Overview: Correction for pre bid date April 1, 2025
Deadline: 4/10/2025 2:00 PM
Documents:
Posted: 4/1/2025
Type of Addition: Addendum #5
Overview: Change deadline date
Solicitation #: 0410-2025
Documents:
Posted: 4/7/2025
Type of Addition: Addendum 6
Overview: Questions and Answers - 1-61
Documents:
Posted: 4/7/2025
Type of Addition: Addendum 6
Overview: Cancel RFP in it's entirety. A new RFP will be revised to eliminate the Cyber Security. This will be resolicited as a physical security threat assessment only.
Posted: 4/7/2025
Type of Addition: Addendum 6
Overview: Cancel RFP in it's entirety.
Documents:
Posted: 3/26/2025
Question: Who will I be addressing the bid to?
Response: . The City utilizes the Vendor Registry electronic submission method for one copy per Proposer or deliver two (2) copies of your proposal sealed and appropriately marked “RFP# 0410-2025 Cyber and Physical Security Threat Assessment Services“, to the Purchasing Department, 401 Sgt Ed Holcomb Blvd, Conroe Texas 77304. Proposals will be publicly opened and the respondents’ names read aloud on Thursday April 10, 2025, at 2:00 p.m. in the Dean Towery Service Center Conference Room. Proposals not delivered by this time will be returned unopened
Posted: 3/26/2025
Question: Can I schedule to meet with someone to gather more information and do a site walk of each of the buildings on the RFP?
Response: Addendum uploaded for pre bid meeting
Posted: 3/27/2025
Question: Does this project fall under AIWA compliance requirements?
Response: No
Posted: 3/27/2025
Question: Is the pre-bid meeting mandatory?
Response: No this is not mandatory
Posted: 3/27/2025
Question: The Addendum #1 has the date as Tuesday, April 2nd. April 2nd is a Wed. Can you confirm the date for the pre-bid meeting? Also, the addendum wording makes mention of affirming Addendum #3. Just want to clarify that there is only one addendum at this time. Thank you.
Response: Corrected
Posted: 3/27/2025
Question: Does the City have a schedule for start of project and requested date for deliverables or will that be negotiable during vendor selection? Is it expected that the project work will all be within the 2025 calendar year?
Response: No
Posted: 3/27/2025
Question: Will there be an opportunity to join the pre-bid meeting via teleconference?
Response: No, the site visits will be at the water plant.
Posted: 3/28/2025
Question: Can you provide more detailed objectives for the cybersecurity and physical threat assessment? What are the key outcomes the city hopes to achieve?
Response: See Addendum #6
Posted: 3/28/2025
Question: What are the specific tasks or deliverables that should be included in the scope of work that are not explicitly mentioned in the RFP?
Response: Just locate threat vulnerabilities in the listed locations.
Posted: 3/28/2025
Question: How do we RSVP for Pre-Bid meeting?
Response: No RSVP required
Posted: 3/28/2025
Question: Can you please confirm the Pre-Bid meeting day and time, the addendums are still incorrect as posted?
Response: Date and Time: Tuesday April 2, 2025 @ 8:30AM Location: 401 Sgt Ed Holcomb Blvd., S. Conroe, Texas 77304 Public Works Classroom
Posted: 3/28/2025
Question: Can you confirm the RFP due date is 4/10/25?
Response: Yes, it is 4/10/2025 @2:00PM
Posted: 3/28/2025
Question: Given the Pre-Bid meeting is 4/2 and the questions are due by 4/7, and the RFP is due 4/10, could we please get a 2 week extension on the RFP due date?
Response: See timeline on RFP
Posted: 3/28/2025
Question: What is the expected award and implementation completion date?
Response: • Evaluation Period: April 10 - April 15, 2025 • Vendor Selection: TBD • Contract Start Date: TBD
Posted: 3/28/2025
Question: We received answers that said that we were looking at the wrong RFP, there was no pre-bid meeting. Then received notice that the prebid was Tuesday, April 2nd- Tuesday is the 1st and we asked for clarification- please confirm if the date is the 1st or 2nd??Sealed Solicitation | Vendor Registry City of Conroe Sealed Solicitation Submit Bid Submit Question Title: RFP 0410-2025 Cyber and Physical Security Threat Assessment Services Deadline: 4/10/2025 2:00 PM (UTC-06:00) Central Time (US & Canada) Status: Open Solicitation Number: RFP 0410-2025 Description: Cyber and Physical Security Threat Assessment Services ________________________________________ Documents: Documents as of 3/21/2025 RFP_Security_Threat_Assessment_Services.pdf • All • Additions • Questions Posted: 3/26/2025 Question: Who will I be addressing the bid to? Response: . The City utilizes the Vendor Registry electronic submission method for one copy per Proposer or deliver two (2) copies of your proposal sealed and appropriately marked “RFP# 0410-2025 Cyber and Physical Security Threat Assessment Services“, to the Purchasing Department, 401 Sgt Ed Holcomb Blvd, Conroe Texas 77304. Proposals will be publicly opened and the respondents’ names read aloud on Thursday April 10, 2025, at 2:00 p.m. in the Dean Towery Service Center Conference Room. Proposals not delivered by this time will be returned unopened Posted: 3/26/2025 Question: Can I schedule to meet with someone to gather more information and do a site walk of each of the buildings on the RFP? Response: Addendum uploaded for pre bid meeting Posted: 3/27/2025 Question: Does this project fall under AIWA compliance requirements? Response: No Posted: 3/27/2025 Question: Is the pre-bid meeting mandatory? Response: No this is not mandatory Posted: 3/27/2025 Question: The Addendum #1 has the date as Tuesday, April 2nd. April 2nd is a Wed. Can you confirm the date for the pre-bid meeting? Also, the addendum wording makes mention of affirming Addendum #3. Just want to clarify that there is only one addendum at this time. Thank you. Response: Corrected Posted: 3/27/2025 Question: Will there be an opportunity to join the pre-bid meeting via teleconference? Response: No, the site visits will be at the water plant.
Response: Addendum for pre-bid has been corrected to reflect April 1, 2025
Posted: 4/1/2025
Question: Are there any specific pain points or challenges in the current IT environment that you would like us to address as a priority?
Response: No
Posted: 4/3/2025
Question: Please confirm that only the five facilities (Dean Towery Service Center, Southwest Wastewater Treatment Plant, Conroe Central Wastewater Treatment Plant, Water Plant #6, and Water Plant #14) listed in the RFP are to be included in the project scope of work?
Response: Correct
Posted: 4/3/2025
Question: How will the findings be used and who is the primary audience for the assessment findings and recommendations?
Response: TBD
Posted: 4/3/2025
Question: Is the vendor expected to develop and write emergency preparedness plans?
Response: Just locate threat vulnerabilities in the listed locations.
Posted: 4/3/2025
Question: Is the vendor expected to develop security and write operational procedures?
Response: Just locate threat vulnerabilities in the listed locations.
Posted: 4/3/2025
Question: Will vendors be provided access to network diagrams, asset inventories, or system architecture for the water/wastewater facilities and service center?
Response: You will have access to system architecture for the water/wastewater facilities and service center
Posted: 4/3/2025
Question: The RFP mentions smart technologies—can the City specify which facilities currently use IoT, SCADA, or ICS systems, and what those platforms are?
Response: SCADA
Posted: 4/3/2025
Question: Are any critical systems or infrastructure outsourced to managed service providers or third-party vendors, and are those in-scope for the assessment?
Response: No
Posted: 4/3/2025
Question: Are there any known restrictions on performing on-site inspections, interviews, or system analysis at the identified facilities?
Response: No Known
Posted: 4/3/2025
Question: Should we assume equal effort for all five locations, or does the City expect a heavier focus on particular sites (e.g., those with more critical functions)?
Response: Just locate threat vulnerabilities in the listed locations.
Posted: 4/3/2025
Question: Are travel or accommodation expenses reimbursable, or should those be included in the fixed-price proposal?
Response: No
Posted: 4/3/2025
Question: Has the City previously conducted cyber or physical security assessments at these facilities? If so, will those be made available for review?
Response: Yes
Posted: 4/3/2025
Question: Will the City consider modifications to the Terms, Conditions, and Clauses outlined in the RFP? If so, how should proposed modifications be submitted?
Response: No
Posted: 4/3/2025
Question: What is the budget allocated for this project?
Response: TBD
Posted: 4/3/2025
Question: Will the sign-in sheet for the pre-bid meeting be made public available or posted on the bid site?
Response: Yes
Posted: 4/7/2025
Question: What cybersecurity measures or policies are currently in place for critical infrastructure?
Response: Various.
Posted: 4/7/2025
Question: Are there interconnected systems between the facilities (e.g., SCADA systems, ICS, IoT devices)? If so, are they a security concern?
Response: SCADA, no