Whitfield County Schools Quote
Title: Technology - Data Governance Program
Deadline: 6/17/2024 2:00 PM (UTC-05:00) Eastern Time (US & Canada)
Status: Awarded
Quote Number: WCS-IT-2024-028
Description: Whitfield County Schools aims to enhance its data security, ensure compliance with regulations, and improve overall data management efficiency.
Documents:
Documents as of 6/3/2024 |
---|
RFQ_Data_Governance_Program_WCS_IT_2024_028.pdf |
Addition 1
Posted: 8/8/2024
Type of Addition: Award Information
Overview: Awarded to CDW-G at June 18th Board Meeting
Amount: $57,307.25
Question 1
Posted: 6/10/2024
Question: RFQ Reference: "Access Control and Permissions Management: Granular control over access permissions to sensitive data. Automated enforcement of access controls based on user roles and data sensitivity." Question: What specific roles within your educational institution are configured within your current access control system, and do you utilize a hybrid model combining elements of role-based (RBAC) and attribute-based access control (ABAC) to manage permissions effectively in your multi-user environment? RFQ Reference: "Data Monitoring and Alerting: Real-time monitoring of data access, file activity, and permission changes. Automated alerts for suspicious or unauthorized activities." Question: What specific integration challenges have you encountered with your existing real-time monitoring tools, especially in terms of scaling to accommodate data growth and maintaining performance during peak usage periods in your educational setting? RFQ Reference: "Data Governance Dashboard: Centralized dashboard for monitoring data governance metrics, compliance status, and security posture." Question: What essential metrics and KPIs do you need to be displayed on the Data Governance Dashboard, such as incident response times, user compliance rates, or data integrity scores? How are these metrics intended to enhance strategic decision-making and operational compliance in your school system? RFQ Reference: "Scalability Concerns: Scalability to support the growing volume of data and users." Question: Could you specify the expected growth rate of your data volumes and user base over the next five years? Are there particular scalability milestones or thresholds, such as data size or number of concurrent users, that our solution should be prepared to handle effectively? RFQ Reference: "Risk Management: Requirements for identifying and managing data security risks." Question: How do you currently identify and manage potential data security risks, and what specific functionalities or features do you expect the new solution to provide to assist in these efforts? For instance, are you looking for automated risk assessment tools, real-time threat detection, or predictive analytics capabilities? RFQ Reference: "Custom Reporting: Requirements for custom reporting capabilities within the data governance solution." Question: What specific custom reporting capabilities do you require from the data governance solution? Could you detail the types of reports you need, such as compliance audits, risk assessments, or user activity analyses, and how you utilize these reports in your strategic decision-making? RFQ Reference: "Third-party Collaborations: Integration with third-party services or vendors in data processes." Question: Are there third-party services or vendors involved in your data processes that the solution must seamlessly integrate with? If so, could you specify which services or vendors are critical and describe the nature of the data exchanges or interactions that need to be supported? RFQ Reference: "Cloud vs. On-Premise: Strategic direction for future technology deployments." Question: What is the district’s strategic direction regarding the adoption of cloud versus on-premise solutions for future technology deployments? Are there specific considerations or constraints, such as data security or infrastructure readiness, that are influencing this decision? RFQ Reference: "Performance Metrics: Criteria for evaluating the success of the data governance solution." Question: What performance metrics are considered crucial for evaluating the success of the implemented data governance solution? For instance, are you focusing on metrics related to system responsiveness, user adoption rates, error reduction in data handling, or compliance with regulatory standards? RFQ Reference: "Data Encryption: Requirements for encryption of data at rest and in transit." Question: What specific requirements do you have for data encryption both at rest and in transit? Does your district mandate particular encryption standards, such as AES-256 or RSA? Are there scenarios or types of data that necessitate different levels of encryption? RFQ Reference: "User Authentication: Expectations for user authentication mechanisms within the data governance framework." Question: What types of user authentication mechanisms are you aiming to support within the data governance framework? For instance, are you considering multifactor authentication, biometric verification, or single sign-on (SSO) capabilities, and how do these fit into your overall security policy? RFQ Reference: "Data Deletion Policies: Requirements for data retention and deletion within the data governance framework." Question: Could you specify the policies around data retention and deletion that need to be managed within the solution? Are there particular types of data, such as student records or employee information, that have specific retention periods or deletion protocols according to state regulations or district policies? RFQ Reference: "Mobile Access: Requirements for mobile access to the data governance system." Question: Is mobile access to the data governance system required for your stakeholders, and if so, what are the primary security implications or concerns that need to be addressed? For example, are there specific authentication methods or data encryption levels you require for mobile access to ensure data security? RFQ Reference: "Change Management: Procedures and expectations for managing changes in IT projects." Question: How does the district manage change within IT projects, particularly in terms of introducing new data governance systems? Are there specific roles or processes that the vendor is expected to fulfill, such as providing training, documentation, or support during the transition? What are the critical success factors you consider when assessing the effectiveness of change management practices in your IT projects?
Response: RFQ Reference: "Access Control and Permissions Management: Granular control over access permissions to sensitive data. Automated enforcement of access controls based on user roles and data sensitivity." Question: What specific roles within your educational institution are configured within your current access control system, and do you utilize a hybrid model combining elements of role-based (RBAC) and attribute-based access control (ABAC) to manage permissions effectively in your multi-user environment? We currently use AD groups and Google Groups to grant access and permissions to systems and files. We currently cannot implement ABAC which we are aware of. RFQ Reference: "Data Monitoring and Alerting: Real-time monitoring of data access, file activity, and permission changes. Automated alerts for suspicious or unauthorized activities." Question: What specific integration challenges have you encountered with your existing real-time monitoring tools, especially in terms of scaling to accommodate data growth and maintaining performance during peak usage periods in your educational setting? We currently do not have anything in place. RFQ Reference: "Data Governance Dashboard: Centralized dashboard for monitoring data governance metrics, compliance status, and security posture." Question: What essential metrics and KPIs do you need to be displayed on the Data Governance Dashboard, such as incident response times, user compliance rates, or data integrity scores? How are these metrics intended to enhance strategic decision-making and operational compliance in your school system? We would be interested in seeing what your proposed solution offers. The goal would be to utilize these KPIs to make strategic decisions and future staff training decisions. RFQ Reference: "Scalability Concerns: Scalability to support the growing volume of data and users." Question: Could you specify the expected growth rate of your data volumes and user base over the next five years? Are there particular scalability milestones or thresholds, such as data size or number of concurrent users, that our solution should be prepared to handle effectively? We are currently seeing an increase of ~10TB per year on Google Drive storage. RFQ Reference: "Risk Management: Requirements for identifying and managing data security risks." Question: How do you currently identify and manage potential data security risks, and what specific functionalities or features do you expect the new solution to provide to assist in these efforts? For instance, are you looking for automated risk assessment tools, real-time threat detection, or predictive analytics capabilities? We currently have no real solution. We are looking at all options that provide the most complete solution. RFQ Reference: "Custom Reporting: Requirements for custom reporting capabilities within the data governance solution." Question: What specific custom reporting capabilities do you require from the data governance solution? Could you detail the types of reports you need, such as compliance audits, risk assessments, or user activity analyses, and how you utilize these reports in your strategic decision-making? The items you listed would be a good start. Due to this being an open response, I do not know what all reports are available. Yes these would be used for designing future training and helping identifying perpetual issues. RFQ Reference: "Third-party Collaborations: Integration with third-party services or vendors in data processes." Question: Are there third-party services or vendors involved in your data processes that the solution must seamlessly integrate with? If so, could you specify which services or vendors are critical and describe the nature of the data exchanges or interactions that need to be supported? No, we have no current systems, you would need to focus on Google but provide information about other integrations you support. RFQ Reference: "Cloud vs. On-Premise: Strategic direction for future technology deployments." Question: What is the district’s strategic direction regarding the adoption of cloud versus on-premise solutions for future technology deployments? Are there specific considerations or constraints, such as data security or infrastructure readiness, that are influencing this decision? We would lean towards a cloud solution for our cloud solution. RFQ Reference: "Performance Metrics: Criteria for evaluating the success of the data governance solution." Question: What performance metrics are considered crucial for evaluating the success of the implemented data governance solution? For instance, are you focusing on metrics related to system responsiveness, user adoption rates, error reduction in data handling, or compliance with regulatory standards? Speed of identifying events, ability to quickly and easily rectify those events, the amount of staffs time to rectify the event. The decrease of total Data exposures reduced dramatically. RFQ Reference: "Data Encryption: Requirements for encryption of data at rest and in transit." Question: What specific requirements do you have for data encryption both at rest and in transit? Does your district mandate particular encryption standards, such as AES-256 or RSA? Are there scenarios or types of data that necessitate different levels of encryption? We currently do not have specific encryption standards, so we would appreciate any guidance in this area in building a policy. RFQ Reference: "User Authentication: Expectations for user authentication mechanisms within the data governance framework." Question: What types of user authentication mechanisms are you aiming to support within the data governance framework? For instance, are you considering multifactor authentication, biometric verification, or single sign-on (SSO) capabilities, and how do these fit into your overall security policy? We would want SSO with MFA for my admin staff. If staff would be logging in, we would need to talk through this. RFQ Reference: "Data Deletion Policies: Requirements for data retention and deletion within the data governance framework." Question: Could you specify the policies around data retention and deletion that need to be managed within the solution? Are there particular types of data, such as student records or employee information, that have specific retention periods or deletion protocols according to state regulations or district policies? We currently do not have a policy for end-user data. We would like to establish one with the setup of the new system. RFQ Reference: "Mobile Access: Requirements for mobile access to the data governance system." Question: Is mobile access to the data governance system required for your stakeholders, and if so, what are the primary security implications or concerns that need to be addressed? For example, are there specific authentication methods or data encryption levels you require for mobile access to ensure data security? If available, we would like an app on our phones that would help secure files/data saved to the local phone. RFQ Reference: "Change Management: Procedures and expectations for managing changes in IT projects." Question: How does the district manage change within IT projects, particularly in terms of introducing new data governance systems? Are there specific roles or processes that the vendor is expected to fulfill, such as providing training, documentation, or support during the transition? What are the critical success factors you consider when assessing the effectiveness of change management practices in your IT projects? We would expect training, documentation and assistance with building policies and best practices around Data Governance.
Question 2
Posted: 6/11/2024
Question: Data Volume & Growth: What is the current total data volume (in terabytes or petabytes) across all your data repositories (GCP, Azure, on-prem)? What are your projected annual data growth rates for each of these environments? Data Types & Sensitivity: What are the predominant types of data you store (structured, unstructured, semi-structured)? Roughly what percentage of your data would you classify as highly sensitive (e.g., PII, PHI, financial data)? Data Locations & Accessibility: Are there any specific regions or zones where the majority of your data resides? Do you have any data stored in less accessible tiers of storage (e.g., coldline, archive) that need to be included in the governance program? Data Processing & Workloads: What types of data processing workloads are most common in your environment (e.g., batch processing, real-time analytics, machine learning)? How frequently is your data accessed and modified? Data Retention & Archival: What are your current data retention policies for different data types? Do you have any existing data archival processes in place?
Response: Data Volume & Growth: What is the current total data volume (in terabytes or petabytes) across all your data repositories (GCP, Azure, on-prem)? Already answered What are your projected annual data growth rates for each of these environments? Already Answered Data Types & Sensitivity: What are the predominant types of data you store (structured, unstructured, semi-structured)? Unstructured Roughly what percentage of your data would you classify as highly sensitive (e.g., PII, PHI, financial data)? Unknown, that is why we are asking for this solution. Data Locations & Accessibility: Are there any specific regions or zones where the majority of your data resides? All data should be in the US Do you have any data stored in less accessible tiers of storage (e.g., coldline, archive) that need to be included in the governance program? No Data Processing & Workloads: What types of data processing workloads are most common in your environment (e.g., batch processing, real-time analytics, machine learning)? None in our Google Environment How frequently is your data accessed and modified? Daily Data Retention & Archival: What are your current data retention policies for different data types? We keep data forever Do you have any existing data archival processes in place? No
Question 3
Posted: 6/12/2024
Question: Point 2 under "Data Discovery and Classification" in Exhibit A - "Classification of data based on sensitivity, compliance requirements, and business relevance." Q) Please detail the number of existing data sources. Point 2 under Access Control and Permissions Management in Exhibit A - "Granular control over access permissions to sensitive data." Q) How many users are expected to use this solution? Point 2 under Compliance and Reporting in Exhibit A - "Generation of compliance reports and audit trails." How many reports does the vendor have to provide? Point 1 under Data Governance Dashboard in Exhibit A - "Centralized dashboard for monitoring data governance metrics, compliance status, and security posture." Q) What metrics does the vendor need to provide? Please elaborate on the term "security posture" Point 1 under User Behavior Analytics in Exhibit A - "Detection of anomalous user behavior indicative of insider threats or data breaches." Q) Please disclose the data sources (Size, format, etc) that will be used for the User Behavior Analytics. Point 1 under "Integration and Scalability Analytics" in Exhibit A Q) What is the current architecture in place? Point 4 under Evaluation Criteria - "Compliance with the specified requirements and scope of work" Q) Could the bidder please provide the expected amount for the RFQ? Q) Does the vendor have to create a data warehouse to transform the data for the required feature? Q) Can work for this project be done outside of U.S territory? Q) Can the project be carried out onsite or offsite? Q) Could you please disclose what software licenses the bidder has in place? Any preferences? Q) Please elaborate on what security measures are expected from the vendor? Q) What resources are expected to be provided by the vendor for this project? Q) Is the bidder open to the inclusion of maintenance within the proposal?
Response: Point 2 under "Data Discovery and Classification" in Exhibit A - "Classification of data based on sensitivity, compliance requirements, and business relevance." Q) Please detail the number of existing data sources. Sources would be from end user devices. Sources to be evaluated would be Google Point 2 under Access Control and Permissions Management in Exhibit A - "Granular control over access permissions to sensitive data." Q) How many users are expected to use this solution? Depends on your solution Point 2 under Compliance and Reporting in Exhibit A - "Generation of compliance reports and audit trails." How many reports does the vendor have to provide? The solution should be providing reports as needed from day one. Point 1 under Data Governance Dashboard in Exhibit A - "Centralized dashboard for monitoring data governance metrics, compliance status, and security posture." Q) What metrics does the vendor need to provide? You should be able to demo your preposed solution and show a dashboard that identifies high concerns, and stats on the solution and data being monitored. Please elaborate on the term "security posture" Identify data that is exposed that contains secured data. Point 1 under User Behavior Analytics in Exhibit A - "Detection of anomalous user behavior indicative of insider threats or data breaches." Q) Please disclose the data sources (Size, format, etc) that will be used for the User Behavior Analytics. Already answered Point 1 under "Integration and Scalability Analytics" in Exhibit A Q) What is the current architecture in place? Already Answered Point 4 under Evaluation Criteria - "Compliance with the specified requirements and scope of work" Q) Could the bidder please provide the expected amount for the RFQ? Already Answered Q) Does the vendor have to create a data warehouse to transform the data for the required feature? I do not know your proposed solution and it’s requirements, so I can’t answer this question. Q) Can work for this project be done outside of U.S territory? No Q) Can the project be carried out onsite or offsite? Depends on the solution proposed. Q) Could you please disclose what software licenses the bidder has in place? I am not the bidder I can not answer what license you have in place. Any preferences? N/A Q) Please elaborate on what security measures are expected from the vendor? Follow NIST and CISA standards Q) What resources are expected to be provided by the vendor for this project? Whatever is needed for deployment Q) Is the bidder open to the inclusion of maintenance within the proposal? I am not the bidder so I do not know if you are open to this.
Question 4
Posted: 6/12/2024
Question: 1. Data Discovery and Classification: - Can you provide more details on what you mean by "sensitive data" and how it will be defined in the scope of work? - Are there specific data types or categories that need to be prioritized for automated discovery and classification? 2. Access Control and Permissions Management: - Can you provide more information on the user roles that will be defined for access control and permissions management? 3. Data Monitoring and Alerting: - Can you provide more details on what you mean by "real-time monitoring of data access, file activity, and permission changes"? - Are there specific types of data or systems that need to be monitored for suspicious or unauthorized activities? 4. Data Governance Dashboard: - Can you provide more details on what you mean by "centralized dashboard for monitoring data governance metrics, compliance status, and security posture"? - Are there specific metrics or KPIs that need to be tracked on the dashboard? 5. User Behavior Analytics (UBA): - Can you provide more details on what you mean by "anomalous user behavior indicative of insider threats or data breaches"? - How will behavioral profiling be used to identify and address potential insider threats or data breaches? 6. Integration and Scalability: - Can you provide more details on the preferred integration? - Are there specific scalability requirements for the growing volume of data and users that need to be supported? 7. General: - What are the current limitations that you are facing with the existing system? - What are the pain points you want to be solved upon implementing the new product? - Can you disclose the budget allocated for this procurement?
Response: Data Discovery and Classification: - Can you provide more details on what you mean by "sensitive data" and how it will be defined in the scope of work? As defined by NIST and CISA Are there specific data types or categories that need to be prioritized for automated discovery and classification? Yes Access Control and Permissions Management: - Can you provide more information on the user roles that will be defined for access control and permissions management? This depends on your solution and how it is managed. Data Monitoring and Alerting: - Can you provide more details on what you mean by "real-time monitoring of data access, file activity, and permission changes"? No Are there specific types of data or systems that need to be monitored for suspicious or unauthorized activities? Google Workspace Data Governance Dashboard: - Can you provide more details on what you mean by "centralized dashboard for monitoring data governance metrics, compliance status, and security posture"? No Are there specific metrics or KPIs that need to be tracked on the dashboard? Already answered User Behavior Analytics (UBA): - Can you provide more details on what you mean by "anomalous user behavior indicative of insider threats or data breaches"? This is stated in the NIST and CISA standards How will behavioral profiling be used to identify and address potential insider threats or data breaches? By identifying potential threats before they occur. Integration and Scalability: - Can you provide more details on the preferred integration? Already answered Are there specific scalability requirements for the growing volume of data and users that need to be supported? It must support our Google Workspace growth. General: - What are the current limitations that you are facing with the existing system? No existing system What are the pain points you want to be solved upon implementing the new product? - Can you disclose the budget allocated for this procurement? Data Leak Potentials. No
Question 5
Posted: 6/12/2024
Question: Due to the short turnaround time between the Q&A and RFP submittal deadline, is it possible to extend the RFQ due date by 1 week? Many of the answers to the questions need to be factored into the pricing model.
Response: No
Question 6
Posted: 6/12/2024
Question: Should the Quote include an easy to use solution to discover dependencies, exposed data and comply with FERPA & CIPA, for example?
Response: You should compile the quote with whatever data you would like to support your proposal as long as it meets the RFQ requirements.
Question 7
Posted: 6/12/2024
Question: Dear Whitfield county Schools We are seeking detailed proposals for a comprehensive data governance program. In order to ensure that your proposal aligns with our requirements, please provide detailed responses to the queries listed below. We appreciate your thoroughness and adherence to our format guidelines to facilitate our review process. Documentation Specifications * What are the required formats for the deliverables related to this RFQ? * Are there any specific font type, font size, or page layout requirements for the submission of reports and other documentation? Systems Overview * Could you provide a list of all existing systems that will be included under the Data Governance program? * What technologies and platforms are these systems currently built on? Data Volume and System Usage * For each system mentioned, what is the current volume of records or the overall database size? * Approximately how many users access each of these systems regularly? * What has been the historical annual growth rate in data volume for these systems over the past 3-5 years? Projected Growth * What is the anticipated percentage increase in the size of each system's data over the next year? Over the next five years? * What is the expected percentage growth in the user base for each system over the same periods? Cloud Infrastructure and Preferences * Does your organization currently utilize any cloud infrastructure for data storage or processing? * If so, who are your current cloud service providers, and what services are they providing? * Does your organization have a preference for any particular cloud service provider or technology for future implementations?
Response: Documentation Specifications * What are the required formats for the deliverables related to this RFQ? PDF * Are there any specific font type, font size, or page layout requirements for the submission of reports and other documentation? No Systems Overview * Could you provide a list of all existing systems that will be included under the Data Governance program? Already Answered * What technologies and platforms are these systems currently built on? N/A Data Volume and System Usage * For each system mentioned, what is the current volume of records or the overall database size? Already Answered * Approximately how many users access each of these systems regularly? 15000 * What has been the historical annual growth rate in data volume for these systems over the past 3-5 years? Already Answered Projected Growth * What is the anticipated percentage increase in the size of each system's data over the next year? Already Answered Over the next five years? * What is the expected percentage growth in the user base for each system over the same periods? less than 2% Cloud Infrastructure and Preferences * Does your organization currently utilize any cloud infrastructure for data storage or processing? Already Answered * If so, who are your current cloud service providers, and what services are they providing?Already Answered * Does your organization have a preference for any particular cloud service provider or technology for future implementations? Must be in the US.
Posted: 8/8/2024
Type of Addition: Award Information
Overview: Awarded to CDW-G at June 18th Board Meeting
Amount: $57,307.25
Posted: 6/10/2024
Question: RFQ Reference: "Access Control and Permissions Management: Granular control over access permissions to sensitive data. Automated enforcement of access controls based on user roles and data sensitivity." Question: What specific roles within your educational institution are configured within your current access control system, and do you utilize a hybrid model combining elements of role-based (RBAC) and attribute-based access control (ABAC) to manage permissions effectively in your multi-user environment? RFQ Reference: "Data Monitoring and Alerting: Real-time monitoring of data access, file activity, and permission changes. Automated alerts for suspicious or unauthorized activities." Question: What specific integration challenges have you encountered with your existing real-time monitoring tools, especially in terms of scaling to accommodate data growth and maintaining performance during peak usage periods in your educational setting? RFQ Reference: "Data Governance Dashboard: Centralized dashboard for monitoring data governance metrics, compliance status, and security posture." Question: What essential metrics and KPIs do you need to be displayed on the Data Governance Dashboard, such as incident response times, user compliance rates, or data integrity scores? How are these metrics intended to enhance strategic decision-making and operational compliance in your school system? RFQ Reference: "Scalability Concerns: Scalability to support the growing volume of data and users." Question: Could you specify the expected growth rate of your data volumes and user base over the next five years? Are there particular scalability milestones or thresholds, such as data size or number of concurrent users, that our solution should be prepared to handle effectively? RFQ Reference: "Risk Management: Requirements for identifying and managing data security risks." Question: How do you currently identify and manage potential data security risks, and what specific functionalities or features do you expect the new solution to provide to assist in these efforts? For instance, are you looking for automated risk assessment tools, real-time threat detection, or predictive analytics capabilities? RFQ Reference: "Custom Reporting: Requirements for custom reporting capabilities within the data governance solution." Question: What specific custom reporting capabilities do you require from the data governance solution? Could you detail the types of reports you need, such as compliance audits, risk assessments, or user activity analyses, and how you utilize these reports in your strategic decision-making? RFQ Reference: "Third-party Collaborations: Integration with third-party services or vendors in data processes." Question: Are there third-party services or vendors involved in your data processes that the solution must seamlessly integrate with? If so, could you specify which services or vendors are critical and describe the nature of the data exchanges or interactions that need to be supported? RFQ Reference: "Cloud vs. On-Premise: Strategic direction for future technology deployments." Question: What is the district’s strategic direction regarding the adoption of cloud versus on-premise solutions for future technology deployments? Are there specific considerations or constraints, such as data security or infrastructure readiness, that are influencing this decision? RFQ Reference: "Performance Metrics: Criteria for evaluating the success of the data governance solution." Question: What performance metrics are considered crucial for evaluating the success of the implemented data governance solution? For instance, are you focusing on metrics related to system responsiveness, user adoption rates, error reduction in data handling, or compliance with regulatory standards? RFQ Reference: "Data Encryption: Requirements for encryption of data at rest and in transit." Question: What specific requirements do you have for data encryption both at rest and in transit? Does your district mandate particular encryption standards, such as AES-256 or RSA? Are there scenarios or types of data that necessitate different levels of encryption? RFQ Reference: "User Authentication: Expectations for user authentication mechanisms within the data governance framework." Question: What types of user authentication mechanisms are you aiming to support within the data governance framework? For instance, are you considering multifactor authentication, biometric verification, or single sign-on (SSO) capabilities, and how do these fit into your overall security policy? RFQ Reference: "Data Deletion Policies: Requirements for data retention and deletion within the data governance framework." Question: Could you specify the policies around data retention and deletion that need to be managed within the solution? Are there particular types of data, such as student records or employee information, that have specific retention periods or deletion protocols according to state regulations or district policies? RFQ Reference: "Mobile Access: Requirements for mobile access to the data governance system." Question: Is mobile access to the data governance system required for your stakeholders, and if so, what are the primary security implications or concerns that need to be addressed? For example, are there specific authentication methods or data encryption levels you require for mobile access to ensure data security? RFQ Reference: "Change Management: Procedures and expectations for managing changes in IT projects." Question: How does the district manage change within IT projects, particularly in terms of introducing new data governance systems? Are there specific roles or processes that the vendor is expected to fulfill, such as providing training, documentation, or support during the transition? What are the critical success factors you consider when assessing the effectiveness of change management practices in your IT projects?
Response: RFQ Reference: "Access Control and Permissions Management: Granular control over access permissions to sensitive data. Automated enforcement of access controls based on user roles and data sensitivity." Question: What specific roles within your educational institution are configured within your current access control system, and do you utilize a hybrid model combining elements of role-based (RBAC) and attribute-based access control (ABAC) to manage permissions effectively in your multi-user environment? We currently use AD groups and Google Groups to grant access and permissions to systems and files. We currently cannot implement ABAC which we are aware of. RFQ Reference: "Data Monitoring and Alerting: Real-time monitoring of data access, file activity, and permission changes. Automated alerts for suspicious or unauthorized activities." Question: What specific integration challenges have you encountered with your existing real-time monitoring tools, especially in terms of scaling to accommodate data growth and maintaining performance during peak usage periods in your educational setting? We currently do not have anything in place. RFQ Reference: "Data Governance Dashboard: Centralized dashboard for monitoring data governance metrics, compliance status, and security posture." Question: What essential metrics and KPIs do you need to be displayed on the Data Governance Dashboard, such as incident response times, user compliance rates, or data integrity scores? How are these metrics intended to enhance strategic decision-making and operational compliance in your school system? We would be interested in seeing what your proposed solution offers. The goal would be to utilize these KPIs to make strategic decisions and future staff training decisions. RFQ Reference: "Scalability Concerns: Scalability to support the growing volume of data and users." Question: Could you specify the expected growth rate of your data volumes and user base over the next five years? Are there particular scalability milestones or thresholds, such as data size or number of concurrent users, that our solution should be prepared to handle effectively? We are currently seeing an increase of ~10TB per year on Google Drive storage. RFQ Reference: "Risk Management: Requirements for identifying and managing data security risks." Question: How do you currently identify and manage potential data security risks, and what specific functionalities or features do you expect the new solution to provide to assist in these efforts? For instance, are you looking for automated risk assessment tools, real-time threat detection, or predictive analytics capabilities? We currently have no real solution. We are looking at all options that provide the most complete solution. RFQ Reference: "Custom Reporting: Requirements for custom reporting capabilities within the data governance solution." Question: What specific custom reporting capabilities do you require from the data governance solution? Could you detail the types of reports you need, such as compliance audits, risk assessments, or user activity analyses, and how you utilize these reports in your strategic decision-making? The items you listed would be a good start. Due to this being an open response, I do not know what all reports are available. Yes these would be used for designing future training and helping identifying perpetual issues. RFQ Reference: "Third-party Collaborations: Integration with third-party services or vendors in data processes." Question: Are there third-party services or vendors involved in your data processes that the solution must seamlessly integrate with? If so, could you specify which services or vendors are critical and describe the nature of the data exchanges or interactions that need to be supported? No, we have no current systems, you would need to focus on Google but provide information about other integrations you support. RFQ Reference: "Cloud vs. On-Premise: Strategic direction for future technology deployments." Question: What is the district’s strategic direction regarding the adoption of cloud versus on-premise solutions for future technology deployments? Are there specific considerations or constraints, such as data security or infrastructure readiness, that are influencing this decision? We would lean towards a cloud solution for our cloud solution. RFQ Reference: "Performance Metrics: Criteria for evaluating the success of the data governance solution." Question: What performance metrics are considered crucial for evaluating the success of the implemented data governance solution? For instance, are you focusing on metrics related to system responsiveness, user adoption rates, error reduction in data handling, or compliance with regulatory standards? Speed of identifying events, ability to quickly and easily rectify those events, the amount of staffs time to rectify the event. The decrease of total Data exposures reduced dramatically. RFQ Reference: "Data Encryption: Requirements for encryption of data at rest and in transit." Question: What specific requirements do you have for data encryption both at rest and in transit? Does your district mandate particular encryption standards, such as AES-256 or RSA? Are there scenarios or types of data that necessitate different levels of encryption? We currently do not have specific encryption standards, so we would appreciate any guidance in this area in building a policy. RFQ Reference: "User Authentication: Expectations for user authentication mechanisms within the data governance framework." Question: What types of user authentication mechanisms are you aiming to support within the data governance framework? For instance, are you considering multifactor authentication, biometric verification, or single sign-on (SSO) capabilities, and how do these fit into your overall security policy? We would want SSO with MFA for my admin staff. If staff would be logging in, we would need to talk through this. RFQ Reference: "Data Deletion Policies: Requirements for data retention and deletion within the data governance framework." Question: Could you specify the policies around data retention and deletion that need to be managed within the solution? Are there particular types of data, such as student records or employee information, that have specific retention periods or deletion protocols according to state regulations or district policies? We currently do not have a policy for end-user data. We would like to establish one with the setup of the new system. RFQ Reference: "Mobile Access: Requirements for mobile access to the data governance system." Question: Is mobile access to the data governance system required for your stakeholders, and if so, what are the primary security implications or concerns that need to be addressed? For example, are there specific authentication methods or data encryption levels you require for mobile access to ensure data security? If available, we would like an app on our phones that would help secure files/data saved to the local phone. RFQ Reference: "Change Management: Procedures and expectations for managing changes in IT projects." Question: How does the district manage change within IT projects, particularly in terms of introducing new data governance systems? Are there specific roles or processes that the vendor is expected to fulfill, such as providing training, documentation, or support during the transition? What are the critical success factors you consider when assessing the effectiveness of change management practices in your IT projects? We would expect training, documentation and assistance with building policies and best practices around Data Governance.
Posted: 6/11/2024
Question: Data Volume & Growth: What is the current total data volume (in terabytes or petabytes) across all your data repositories (GCP, Azure, on-prem)? What are your projected annual data growth rates for each of these environments? Data Types & Sensitivity: What are the predominant types of data you store (structured, unstructured, semi-structured)? Roughly what percentage of your data would you classify as highly sensitive (e.g., PII, PHI, financial data)? Data Locations & Accessibility: Are there any specific regions or zones where the majority of your data resides? Do you have any data stored in less accessible tiers of storage (e.g., coldline, archive) that need to be included in the governance program? Data Processing & Workloads: What types of data processing workloads are most common in your environment (e.g., batch processing, real-time analytics, machine learning)? How frequently is your data accessed and modified? Data Retention & Archival: What are your current data retention policies for different data types? Do you have any existing data archival processes in place?
Response: Data Volume & Growth: What is the current total data volume (in terabytes or petabytes) across all your data repositories (GCP, Azure, on-prem)? Already answered What are your projected annual data growth rates for each of these environments? Already Answered Data Types & Sensitivity: What are the predominant types of data you store (structured, unstructured, semi-structured)? Unstructured Roughly what percentage of your data would you classify as highly sensitive (e.g., PII, PHI, financial data)? Unknown, that is why we are asking for this solution. Data Locations & Accessibility: Are there any specific regions or zones where the majority of your data resides? All data should be in the US Do you have any data stored in less accessible tiers of storage (e.g., coldline, archive) that need to be included in the governance program? No Data Processing & Workloads: What types of data processing workloads are most common in your environment (e.g., batch processing, real-time analytics, machine learning)? None in our Google Environment How frequently is your data accessed and modified? Daily Data Retention & Archival: What are your current data retention policies for different data types? We keep data forever Do you have any existing data archival processes in place? No
Posted: 6/12/2024
Question: Point 2 under "Data Discovery and Classification" in Exhibit A - "Classification of data based on sensitivity, compliance requirements, and business relevance." Q) Please detail the number of existing data sources. Point 2 under Access Control and Permissions Management in Exhibit A - "Granular control over access permissions to sensitive data." Q) How many users are expected to use this solution? Point 2 under Compliance and Reporting in Exhibit A - "Generation of compliance reports and audit trails." How many reports does the vendor have to provide? Point 1 under Data Governance Dashboard in Exhibit A - "Centralized dashboard for monitoring data governance metrics, compliance status, and security posture." Q) What metrics does the vendor need to provide? Please elaborate on the term "security posture" Point 1 under User Behavior Analytics in Exhibit A - "Detection of anomalous user behavior indicative of insider threats or data breaches." Q) Please disclose the data sources (Size, format, etc) that will be used for the User Behavior Analytics. Point 1 under "Integration and Scalability Analytics" in Exhibit A Q) What is the current architecture in place? Point 4 under Evaluation Criteria - "Compliance with the specified requirements and scope of work" Q) Could the bidder please provide the expected amount for the RFQ? Q) Does the vendor have to create a data warehouse to transform the data for the required feature? Q) Can work for this project be done outside of U.S territory? Q) Can the project be carried out onsite or offsite? Q) Could you please disclose what software licenses the bidder has in place? Any preferences? Q) Please elaborate on what security measures are expected from the vendor? Q) What resources are expected to be provided by the vendor for this project? Q) Is the bidder open to the inclusion of maintenance within the proposal?
Response: Point 2 under "Data Discovery and Classification" in Exhibit A - "Classification of data based on sensitivity, compliance requirements, and business relevance." Q) Please detail the number of existing data sources. Sources would be from end user devices. Sources to be evaluated would be Google Point 2 under Access Control and Permissions Management in Exhibit A - "Granular control over access permissions to sensitive data." Q) How many users are expected to use this solution? Depends on your solution Point 2 under Compliance and Reporting in Exhibit A - "Generation of compliance reports and audit trails." How many reports does the vendor have to provide? The solution should be providing reports as needed from day one. Point 1 under Data Governance Dashboard in Exhibit A - "Centralized dashboard for monitoring data governance metrics, compliance status, and security posture." Q) What metrics does the vendor need to provide? You should be able to demo your preposed solution and show a dashboard that identifies high concerns, and stats on the solution and data being monitored. Please elaborate on the term "security posture" Identify data that is exposed that contains secured data. Point 1 under User Behavior Analytics in Exhibit A - "Detection of anomalous user behavior indicative of insider threats or data breaches." Q) Please disclose the data sources (Size, format, etc) that will be used for the User Behavior Analytics. Already answered Point 1 under "Integration and Scalability Analytics" in Exhibit A Q) What is the current architecture in place? Already Answered Point 4 under Evaluation Criteria - "Compliance with the specified requirements and scope of work" Q) Could the bidder please provide the expected amount for the RFQ? Already Answered Q) Does the vendor have to create a data warehouse to transform the data for the required feature? I do not know your proposed solution and it’s requirements, so I can’t answer this question. Q) Can work for this project be done outside of U.S territory? No Q) Can the project be carried out onsite or offsite? Depends on the solution proposed. Q) Could you please disclose what software licenses the bidder has in place? I am not the bidder I can not answer what license you have in place. Any preferences? N/A Q) Please elaborate on what security measures are expected from the vendor? Follow NIST and CISA standards Q) What resources are expected to be provided by the vendor for this project? Whatever is needed for deployment Q) Is the bidder open to the inclusion of maintenance within the proposal? I am not the bidder so I do not know if you are open to this.
Posted: 6/12/2024
Question: 1. Data Discovery and Classification: - Can you provide more details on what you mean by "sensitive data" and how it will be defined in the scope of work? - Are there specific data types or categories that need to be prioritized for automated discovery and classification? 2. Access Control and Permissions Management: - Can you provide more information on the user roles that will be defined for access control and permissions management? 3. Data Monitoring and Alerting: - Can you provide more details on what you mean by "real-time monitoring of data access, file activity, and permission changes"? - Are there specific types of data or systems that need to be monitored for suspicious or unauthorized activities? 4. Data Governance Dashboard: - Can you provide more details on what you mean by "centralized dashboard for monitoring data governance metrics, compliance status, and security posture"? - Are there specific metrics or KPIs that need to be tracked on the dashboard? 5. User Behavior Analytics (UBA): - Can you provide more details on what you mean by "anomalous user behavior indicative of insider threats or data breaches"? - How will behavioral profiling be used to identify and address potential insider threats or data breaches? 6. Integration and Scalability: - Can you provide more details on the preferred integration? - Are there specific scalability requirements for the growing volume of data and users that need to be supported? 7. General: - What are the current limitations that you are facing with the existing system? - What are the pain points you want to be solved upon implementing the new product? - Can you disclose the budget allocated for this procurement?
Response: Data Discovery and Classification: - Can you provide more details on what you mean by "sensitive data" and how it will be defined in the scope of work? As defined by NIST and CISA Are there specific data types or categories that need to be prioritized for automated discovery and classification? Yes Access Control and Permissions Management: - Can you provide more information on the user roles that will be defined for access control and permissions management? This depends on your solution and how it is managed. Data Monitoring and Alerting: - Can you provide more details on what you mean by "real-time monitoring of data access, file activity, and permission changes"? No Are there specific types of data or systems that need to be monitored for suspicious or unauthorized activities? Google Workspace Data Governance Dashboard: - Can you provide more details on what you mean by "centralized dashboard for monitoring data governance metrics, compliance status, and security posture"? No Are there specific metrics or KPIs that need to be tracked on the dashboard? Already answered User Behavior Analytics (UBA): - Can you provide more details on what you mean by "anomalous user behavior indicative of insider threats or data breaches"? This is stated in the NIST and CISA standards How will behavioral profiling be used to identify and address potential insider threats or data breaches? By identifying potential threats before they occur. Integration and Scalability: - Can you provide more details on the preferred integration? Already answered Are there specific scalability requirements for the growing volume of data and users that need to be supported? It must support our Google Workspace growth. General: - What are the current limitations that you are facing with the existing system? No existing system What are the pain points you want to be solved upon implementing the new product? - Can you disclose the budget allocated for this procurement? Data Leak Potentials. No
Posted: 6/12/2024
Question: Due to the short turnaround time between the Q&A and RFP submittal deadline, is it possible to extend the RFQ due date by 1 week? Many of the answers to the questions need to be factored into the pricing model.
Response: No
Posted: 6/12/2024
Question: Should the Quote include an easy to use solution to discover dependencies, exposed data and comply with FERPA & CIPA, for example?
Response: You should compile the quote with whatever data you would like to support your proposal as long as it meets the RFQ requirements.
Posted: 6/12/2024
Question: Dear Whitfield county Schools We are seeking detailed proposals for a comprehensive data governance program. In order to ensure that your proposal aligns with our requirements, please provide detailed responses to the queries listed below. We appreciate your thoroughness and adherence to our format guidelines to facilitate our review process. Documentation Specifications * What are the required formats for the deliverables related to this RFQ? * Are there any specific font type, font size, or page layout requirements for the submission of reports and other documentation? Systems Overview * Could you provide a list of all existing systems that will be included under the Data Governance program? * What technologies and platforms are these systems currently built on? Data Volume and System Usage * For each system mentioned, what is the current volume of records or the overall database size? * Approximately how many users access each of these systems regularly? * What has been the historical annual growth rate in data volume for these systems over the past 3-5 years? Projected Growth * What is the anticipated percentage increase in the size of each system's data over the next year? Over the next five years? * What is the expected percentage growth in the user base for each system over the same periods? Cloud Infrastructure and Preferences * Does your organization currently utilize any cloud infrastructure for data storage or processing? * If so, who are your current cloud service providers, and what services are they providing? * Does your organization have a preference for any particular cloud service provider or technology for future implementations?
Response: Documentation Specifications * What are the required formats for the deliverables related to this RFQ? PDF * Are there any specific font type, font size, or page layout requirements for the submission of reports and other documentation? No Systems Overview * Could you provide a list of all existing systems that will be included under the Data Governance program? Already Answered * What technologies and platforms are these systems currently built on? N/A Data Volume and System Usage * For each system mentioned, what is the current volume of records or the overall database size? Already Answered * Approximately how many users access each of these systems regularly? 15000 * What has been the historical annual growth rate in data volume for these systems over the past 3-5 years? Already Answered Projected Growth * What is the anticipated percentage increase in the size of each system's data over the next year? Already Answered Over the next five years? * What is the expected percentage growth in the user base for each system over the same periods? less than 2% Cloud Infrastructure and Preferences * Does your organization currently utilize any cloud infrastructure for data storage or processing? Already Answered * If so, who are your current cloud service providers, and what services are they providing?Already Answered * Does your organization have a preference for any particular cloud service provider or technology for future implementations? Must be in the US.