Embed Size (px)
Citation preview
TEXAS LOTTERY COMMISSION
REQUEST FOR PROPOSAL FOR
SECURITY STUDY SERVICES
#362-18-0003
RESPONSES TO PROPOSERS’
QUESTIONS
December 7, 2017
2
REQUEST FOR PROPOSALS
FOR
SECURITY STUDY SERVICES
RESPONSES TO PROPOSERS’
QUESTIONS
Note to All Prospective Proposers:
The following responses include questions raised and answers provided during the pre-proposal
conference held on November 17 and questions submitted in writing by the RFP deadline.
In its answers to the following questions, the Texas Lottery (TLC) has attempted to provide both
accurate and thorough responses. Some answers may clarify or modify the RFP, and every
Prospective Proposer is on notice of each answer’s content. Answers that modify the RFP are so
noted. Answers apply only to the facts as presented in each specific question.
Proposers shall review all sections of the RFP along with this document to ensure a complete
understanding of the requirements. Any exceptions to the RFP shall be noted in the proposal, as
required under Section 2.7 of the RFP.
It is recommended that Proposers review the pre-Proposal conference video located on the Texas
Lottery’s website at:
http://www.txlottery.org/export/sites/lottery/About_Us/Doing_Business_with_TLC/Procurement
/
Please note: Any questions regarding the HUB Subcontracting Plan (HSP) are in a separate
document that will be updated throughout the procurement process.
PRE-PROPOSAL CONFERENCE QUESTIONS AND RESPONSES – November 17, 2017. There were no questions received during the Pre-Proposal Conference.
WRITTEN QUESTIONS RECEIVED BY November 29, 2017 @ 4 P.M.
1. As per section 4.6.1, we respectfully request a list of, “…(1) any employee or
representative of the Texas Lottery (including the Texas Lottery Executive Director and its
commissioners)….” As we are a partnership, having a list of executives and commissioners
will aide us in our check for independence.
RESPONSE: Please see Exhibit No. 1.
3
2. Approximately how many hours does TLC anticipate for completion of the security study,
based on prior studies performed?
RESPONSE: Texas Lottery is looking to prospective Proposers to determine the number of hours needed to complete the security study based on their risk assessment. Also, see the response to Question No. 3.
3. Can TLC provide the number of hours required for each of the prior two studies?
RESPONSE: Approximately 1,275 hours for the 2014 security study and 1,534 hours for the 2016 security study.
4. Has TLC gained any internal efficiencies as a result of the recurring nature of the security
study? If so, how do you anticipate these would impact performance of the upcoming
security study?
RESPONSE: Any efficiencies gained from previous security studies will not impact performance of the upcoming security study.
5. Is TLC open to proposals that identify potential added efficiencies and/or value, provided
all legislative requirements are met as part of the proposed approach?
RESPONSE: Please see RFP section 6.14 (Offered Option)
6. Having had the security study performed numerous times with different service providers, are there
any key lessons learned with those providers in terms of what works well and what doesn’t, with
regard to TLC’s goals, resources, culture and constraints?
RESPONSE: The Texas Lottery declines to answer.
7. Regarding RFP Section 6.2.8, Required Third-Party Audits and/or Assurances (on pages 55 – 56
of the RFP): In the second bullet, the RFP states that certain prime vendors are required to provide
the following assurances via an independent third party: “Service Organization Control (SOC) 1,
Type II, engagement of the Lottery Operator performed in accordance with Statement on Standards
for Attestation Engagements (SSAE) 16, Reporting on Controls at a Service Organization.”
Will these reports be in the most current audit standard, SSAE 18, for the 2017 reports?
RESPONSE: Yes, the reports complied with the SSAE 16 requirements, the SSAE 18 was
not in effect for this audit period.
8. Regarding RFP Section 6.3.4, Item (m) – Other security aspects of lottery operations (on page 59
of the RFP): Has the TLC identified any potential additional areas it might like included in the
4
review (e.g., any new products or services that the Lottery would like reviewed)? If yes, please
provide detail.
RESPONSE: Per RFP Section 6.3.4 (m), examinations of other aspects of TLC operations
will be based upon the results of the risk assessment.
9. May we recreate Attachment H (Cost Proposal) in Microsoft Word so that we can expand the
number of rows in the table to account for all of our proposed team members?
RESPONSE: Yes, but the format must be the same.
10. Section 2.5.7 Submission of Proposal. Would it be acceptable to submit any electronic copies on
USBs rather than compact disks?
RESPONSE: Yes.
11. Section 6.3.4 Statutory Requirements item (m). Could you elaborate on what the other security
aspects may include?
RESPONSE: See response to Question No. 8.
12. Section 6.5 Conferences. Is in person attendance required for all conferences or can some be
conducted remotely?
RESPONSE: In-person attendance is not required for all conferences. Some conferences
may be conducted remotely with prior TLC approval.
13. Section 6.9 Presentation of Results. Could you quantify the potential number of meetings that
could occur to present results?
RESPONSE: Historically, there has been one presentation to TLC management and one
presentation at the December Commission meeting (after the study has been completed
and before it is provided to the Governor and the Legislature).
14. What is the number of servers in the environment? (Please break down the number physical vs.
virtual.)
RESPONSE: The TLC will provide this information to the Successful Proposer.
5
15. What are the server operating systems used? (e.g., Windows Server 2008 R2, HP UX, RHE Linux,
etc.)
RESPONSE: The TLC will provide this information to the Successful Proposer.
16. What is the virtualization platform used? (e.g., VMware, Hyper V, etc.)
RESPONSE: The TLC will provide this information to the Successful Proposer.
17. What are the database platforms used? (e.g., Oracle, SQL Server 2012, Informix, etc.)
RESPONSE: The TLC will provide this information to the Successful Proposer.
18. How many Lottery personnel would be involved for interviews for the risk assessment and security
audit?
RESPONSE: It is the Texas Lottery’s expectation that the Successful Proposer shall
review the entire scope of the study and make its own recommendations.
19. Can you breakout the number of departments in scope?
RESPONSE: See Exhibit No. 1 and response to Question No. 18.
20. Can you breakout the number of IT personnel?
RESPONSE: See Exhibit No. 1.
21. How many end users does the Lottery have?
RESPONSE: See Exhibit No 1.
22. How many retailers are in scope for the assessment and can a random selection of retailers be used
for testing?
RESPONSE: See response to Question No. 18.
23. Are all Lottery offices in scope and required to be assessed or can a random sample of locations be
used?
RESPONSE: The Successful Proposer shall be responsible for determining whether visits
to additional locations are necessary based on results of the risk assessment.
6
24. Beyond the IGT data center, central warehouse and administrative offices in Austin, are all of the
other IGT sales and technical services facilities in scope? If yes, can a random sample of these
locations be tested or do all of them need to be tested?
RESPONSE: See response to Question No. 23.
25. Can fees for services for the risk assessment be provided in the proposal while the fees for the
security audit be dependent upon the risk assessment? Or should fees for both be included?
RESPONSE: Please refer to Section 2.10 and Attachment H, all fees must be included in
the Total “Not to Exceed” Professional Fee. The fees must be inclusive of both the risk
assessment and the security study.
26. Does the Lottery currently use any cybersecurity frameworks for assessing risks, such as ISO
27001, PCI DSS, NIST CSF or 800-53, COBIT or other?
RESPONSE: Yes.
27. Additionally, after review of the RFP, we would need to take exception to several provisions within
the RFP terms and conditions and would seek to negotiate a mutually agreeable contract. At this
proposal stage, would the Texas Lottery Commission disqualify or reduce evaluation points for any
of the following proposed exceptions to the Terms & Conditions in the RFP? For example, we
would seek to:
(i) Clarify the Texas Lottery’s access, including such that access shall not include records or
facilities containing confidential information or proprietary information of proposer or proposer’s
other clients.
(ii) Focus indemnification.
(iii) Provide for representations in lieu of warranties.
(iv) Provide for mutuality in termination rights; (v) clarify Texas Lottery’s ownership of final
deliverables vs. Consultant’s ownership of (and ability to retain) working papers and general skills
and know-how;
(vi) Clarify no third-party beneficiaries.
(vii) Delete the performance bond requirement and USUFRUCT obligations as inapplicable to this
type of work.
(viii) Clarify insurance requirements, including notification shall be in accordance with the
respective policy, professional liability is per claim, and providing for confidentiality of
professional liability declaration pages.
(ix) Remove liquidated damages provisions and clarifying applicable remedies; (x) clarify
background investigations applicability.
(xi) And address mutual limitations of liability.
Are the above terms and conditions negotiable and appropriate exceptions to submit in our Letter
of Transmittal with the proposed alternative language included?
7
Please advise if any of the above exceptions would cause disqualification or be deemed
nonresponsive.
Does Texas Lottery anticipate the ability to negotiate each, and if not, which are problematic and
why?
RESPONSE: Pursuant to Section 2.7.2, all exceptions must be noted in the Letter of
Transmittal of the Proposal. Exceptions are reviewed on a case by case basis with the
Apparent Successful Proposer. Please note some provisions are required by Texas law
and/or identified as essential for state contracts in the Texas Comptrollers Management
Guide and will be included in any contract resulting from the RFP.
COMMISSIONERS
TEXAS LOTTERY COMMISSION ORGANIZATIONAL STRUCTURE
EXECUTIVE DIVISION
LEGAL SERVICES
DIVISION
OFFICE OF THE
CONTROLLER
MEDIA
RELATIONS
DIVISION
GOVERNMENTAL
AFFAIRS
DIVISION
HUMAN
RESOURCES
DIVISION
ADMINISTRATION
DIVISION
INTERNAL AUDIT CHARITABLE BINGO
OPERATIONS DIVISION
ENFORCEMENT
DIVISION
LOTTERY
OPERATIONS
DIVISION
OMBUDS
10/31/2017
EXHIBIT NO. 1
COMMISSIONERS
J. Winston Krause, ChairmanCarmen Arrieta-Candelaria
Doug LoweRobert Rivera
1 Vacancy
CHARITABLE BINGO
OPERATIONS DIRECTOR
Alfonso RoyalINTERNAL AUDIT EXECUTIVE DIRECTOR
Gary Grief
TEXAS LOTTERY COMMISSION
Commissioner Reports
10/31/2017
EXECUTIVE DIRECTOR
Gary Grief
TEXAS LOTTERY
COMMISSION
Executive Division Reports
EXECUTIVE
ADMINISTRATION
COORDINATORS
Sheila SanchezMary Beth Simpson
GOVERNMENTAL
AFFAIRS
DIRECTOR
Nelda Trevino
ADMINISTRATION
DIRECTOR
Mike Fernandez
CONTROLLER
Kathy Pyka
MEDIA
RELATIONS
DIRECTOR
Kelly Cripe
LOTTERY
OPERATIONS
DIRECTOR
Michael Anger
HUMAN
RESOURCES
DIRECTOR
Jan Thomas
ENFORCEMENT
DIRECTOR
Mario Valdez
LEGAL SERVICES
GENERAL
COUNSEL
Bob Biard
OMBUDS
Shirley Culver
10/31/2017
DIRECTOR
Alfonso D. Royal III SPECIAL ASSISTANT
Worlanda Neal
SAN ANTONIO - IV
Juan MartinezPhillip Barcena
HOUSTON - III
Brad EtnyreVirginia Clayton
Jay Scott
DALLAS - II
Joe RodriguesAnthony Akins
ODESSA - I
Annette Sellers
ACCOUNTING
SERVICES
COORDINATOR
Examiners
Carlos HinojosaRobyn Trevino
TEXAS LOTTERY COMMISSION
Charitable Bingo Operations Division
South AUSTIN – V
Mario CastellanosJean Humes
Marshall McDade, CPALeia Villaret
LICENSING AND
ACCOUNTING MANAGER
Desira Glenn
LICENSING SERVICES
COORDINATOR
Sherri Wood
Specialists
Donna HoustonMichelle Metzler
Kym Rusch
SAN ANTONIO
AUDIT
COORDINATOR
LEAD AUDIT
COORDINATOR
Joy Bishop, CGAP
North AUSTIN – V
Mary Volpe
COMPLIANCE SERVICES
COORDINATOR
Angelica Navarro
COMPLIANCE
SPECIALIST
Veronica DrewEvelyn Serna
HOUSTON
AUDIT
COORDINATOR
Nicole Domain, CGAP
EDUCATION
Alice BanksJoel Lawrence
vacant (1)
vacant (1)
10/31/2017
vacant (1)
vacant (2)
DESK REVIEW
AUDITORS
DALLAS
AUDIT
COORDINATOR
vacant (1)
vacant (3)
vacant (1)
Accountants
Telina GreysonKarin Hoffman
MEDIA RELATIONS
DIRECTOR
Kelly Cripe
Media Relations Division
EXECUTIVE
ASSISTANT
Myra Zamora
TEXAS LOTTERY COMMISSION
INFORMATION
SPECIALIST AUDIO-VISUAL
SPECIALISTS
Philip Bates
10/31/2017
vacant (3)
vacant (1)
GENERAL COUNSEL
Bob Biard
TEXAS LOTTERY COMMISSION
Legal Services Division
ASSISTANT GENERAL
COUNSELS
Lea GareyRyan Mindell
Deanne Rienstra
ADMINISTRATIVE
ASSISTANTS
Mary RuizTarah Lossman
LEGAL ASSISTANTS
Dorota CarsonTamra FowlerJennifer JonesAmy Jensen
OPEN
RECORDS
COORDINATOR
Katelind Powers
Deputy General Counsel
Andy Marker
ENFORCEMENT
ATTORNEYS
Kristen Guthrie (.5 FTE)Steve White
PROGRAM SPECIALIST
Debbie Jamieson
10/31/2017
GOVERNMENTAL
AFFAIRS DIRECTOR
Nelda Trevino
TEXAS LOTTERY COMMISSION
Governmental Affairs Division
GOVERNMENTAL AFFAIRS
LIAISON
Fritz Reinig
GOVERNMENTAL AFFAIRS
LIAISON
Melissa Villaseñor
EXECUTIVE
ASSISTANT
Felicia Harris
10/31/2017
TEXAS LOTTERY
COMMISSIONLottery Operations Division LOTTERY OPERATIONS
DIVISION DIRECTOR
Michael Anger
EXECUTIVE
ASSISTANT
Merry Mendoza
DRAWINGS &
VALIDATIONS
MANAGER
Ray Page
ADMINISTRATIVEASSISTANT
Rocio Mayorga
ADMINISTRATIVE
ASSISTANT
Lisa Anderson
*Claim Center Coordinators
OPERATIONAL PLANNING
AND PERFORMANCE
COORDINATOR
Angie Bland
SECURITY
MANAGER
James Carney
RETAILER
SERVICES
MANAGER Ed Rogers
PRODUCTS
MANAGER
Robert Tirloni
ADVERTISING &
PROMOTIONS
MANAGER
Heidi Moreno
10/31/2017
ASSISTANT
RETAILER
SERVICES
MANAGER David Veselka
RETAILER SERVICES
SUPERVISOR
vacant (1)
RETAIL
DISTRIBUTION/
SPECIAL
PROJECTS
COORDINATOR
Michelle Young
WAREHOUSE
SPECIALISTS
Bob McKeeLeroy Moreno
Neal Tellier
ACCOUNTING
& TAX ENF.
COORDINATOR
vacant (1)
RETAILER
SERVICES
SPECIALISTS
Nancy GuerraJesse Nelson
Ida OrtizFred Pitre
Juanita Rylee
vacant (1)
RETAILER
SERVICES
COORDINATOR
Clay KiddRETAILER
SERVICES
SPECIALISTS
Kathy AlvisJoel Garza
Donna LewisLaura Loveday
Eduardo MoralesRita Perkins
Sandra Salazar
COMMUNICATIONS
SERVICES
COORDINATOR
Michelle Byrd
CAMP
SPECIALIST
Lenora Taylor
COMMUNICATIONS
SPECIALISTS
Madelyn AdlerLiz Dombi
Jessica DupaloClayton Proctor
Ana Pastor RodriguezStephen Shook
Juan Sicilia-CruzKimberly Schwenk
Stewart Smylievacant (1)
RECEPTIONIST
Debbie Heath
FORENSICS
COORDINATOR
Amy Snell
INVESTIGATOR
Otis May
SECURITY
ANALYSTS
Patrick HenniganEric Pressler
Rebecca Wilson
OPERATIONAL &
SPECIAL PROJECTS
COORDINATOR
Fattah Elyabouri
FIELD CLAIM CENTER
SUPERVISOR
Marianne McIntyre
Abilene
Sam Wallace*Liz Smyser
Amarillo
Pam Lamkin*Nicole Cowling
Dallas
Anna Lancarte*Gena Bloomquist
Stanley DavisPaula Moreno
John Rodriguez
Beaumont
Maurena Ramsey-Durden
Corpus Christi
Sandra Rivera*David Case
El Paso
Norma Crosby* Marina Perez
Victoria
Catherine Rojas Mary Martinez
Tyler
Debbie Arnette*Trish Dwyer
San Antonio
Elizabeth Garcia*David West
Odessa
Jo Ann Melendez-Gonzales*Sandra Carrillo
McAllen
Reymundo Rodriguez*Rolando Reyna
Lubbock
Melinda Garcia*Amanda Perez
Laredo
Juanita Cantu*Jose Montoya
Fort Worth
Nicolette Rodriquez*Debra BoardArt Zepeda
Houston
Rildon De La O*Matthew DelPrato Carol CarmoucheJadira ValenciaSherry Philipp
Joe TorresCashina Williams
VALIDATIONS
SUPERVISOR
Tami Pimentel
Austin
CLAIMS &
PAYMENT
SPECIALISTS
Katrina AndersonWes Barnes
Shawn GalarzaArthur Gutierrez
Theresa MelendezSonya PalmerBrandon RyleeEdna Walker
DRAWINGS
SUPERVISOR
Conchita Daniel
DRAWINGS
COORDINATORS
Della GuidryScott Hiles
Vincente LeCornuShaunna Neal
Kalyn Scott DRAWINGS
SPECIALISTS
Douglas BooneStephen CruzBailey Curwick
Andrea JohnsonEdward LeBlanc
Gregory GogonasShontoya Watt
Christopher Wells
ADVERTISING
CONTRACT
COORDINATOR
Liesa Perez
ADVERTISING
CONTRACT
SPECIALIST
Laurenne Smith
PROMOTIONS
COORDINATOR
Dana Ross
PROMOTIONS
SPECIALISTS
Amy BerryMeghann Howard
Laura Walker
BRAND STRATEGY
COORDINATOR
Andrew Leeper
ADMINISTRATIVE
ASSISTANT
vacant (1)
OPERATIONAL &
SPECIAL PROJECTS
COORDINATOR
Rene McCoy
DRAW GAME
COORDINATOR
Julie Terrell
DRAW GAME
SPECIALISTS
Angela BrionesLyndi Thomas
RETAILER
DEVELOPMENT
COORDINATOR
Teresa Edwards
SCRATCH TICKET
COORDINATOR
Dale Bowersock
SCRATCH TICKET
SPECIALISTS
Aura AndradeJessica Burrola
Lee RobbinsWill Russ
360˚ MARKETING
PLANNING
COORDINATOR
Ami Smith
vacant (1)
vacant (1)
vacant (1)
vacant (1)
INFORMATION ANAYLYST
David Wilkinson
vacant (2)
TEXAS LOTTERY COMMISSION
Office of the Controller
CONTROLLER
Kathy Pyka
FINANCIAL
ACCOUNTING&
REPORTING MANAGER
Stacy Schuhmann
EXECUTIVE
ASSISTANT
Casey Austin
ACCOUNTS
PAYABLE
Anthony VelaCarmen CastroJeanette DavisLaurice Lewis
Katherine MelsonMaria Perez
GENERAL LEDGER
Diana DunnahooDeborah EasleyMichael Guidry
Viridiana HernandezIris Medina
BUDGET
Carrie CurtisMichelle Glass
PAYROLL
Diana Cullen
FINANCIAL ANALYSIS
Annika Guarnero- WilliamsTia Pair
FINANCIAL
OPERATIONS MANAGER
Kelly Stuckey
10/31/2017
vacant (1)
vacant (1)
TEXAS LOTTERY COMMISSION
Administration Division
ADMINISTRATION
DIVISION DIRECTOR
Mike FernandezEXECUTIVE ASSISTANT
INFORMATION
TECHNOLOGY
MANAGER
Joan Kotal
NETWORK
Jason CannadayKevin Krick
COMPUTER
OPERATORS
Freddy MonrealJoel Geister
QA ANALYST
David GravesAbel Perez
Teresa Hamilton Suzanne Robinson
SUPPORT SERVICES
MANAGER
Toni Erickson
ADMINISTRATIVE
ASSISTANT
Cheryl Pessall
FACILITIES
COORDINATOR
Rick Robinson
STAFF SERVICES
OFFICERS
Judd AerniDebora FeitosaBrent Hubbard
Gayle MairKusol Maka
Norberto PerezGreg Pyles
Robbie Sims
MAILROOM
SPECIALISTS/VEHICLE
DRIVERS
Larry DugarKimberly Lewis
PUBLICATION &
GRAPHICS
COORDINATOR
Roger PratherGRAPHIC
DESIGNERS
Karen GuzmanKaitlyn Maxwell
HUB
COORDINATOR
Eric Williams
PURCHASERS
Donna GoldsmithScott Merryman
Sidney Valle
COMPLIANCE
COORDINATOR
Jeffery Manners
BUSINESS CONTINUITY
COORDINATOR
Emily Quitta-Carney
INFORMATION
SECURITY OFFICER
Michael Day
10/31/2017
DATABASE
COORDINATOR
James Lown
DAY OPERATIONS
COORDINATOR
Mario Sanchez
POLICIES AND
PROCEDURES
COORDINATOR
Peter Strouthes
TELECOMM
Xavier Turner
TECHNICAL SUPPORT
SUPERVISOR
Michael Stoddard
CONTRACT
SPECIALIST
Sonya Bebley
DATABASE
ADMINISTRATORS
Greg MartinezSenthil Karunanidhi EVENING OPERATIONS
COORDINATOR
Allan Bagby
COMPUTER
OPERATORS
Brenda WilliamsRonny Jones
PC TECHS
Jose GarzaSam Martinez
PROGRAMMING
COORDINATOR
TEAM 1
Gaming/Finance/Web
Mike Jones
WEB ADMINISTRATORS
Scott SemegranCylinda Dominguez
PROGRAMMERS
Raul FlandesThomas Fowler
Janani RajagopalanAnny Varghese
PROGRAMMING
COORDINATOR
TEAM 2
TLC Management Applications
Amy Swartz
PROGRAMMERS
Charles CrissStephanie Farinelli
Mike NicholsTimothy Smith
QA ANALYST
Rosanna DischertVeda Hickman
SYSTEMS
ADMINISTRATOR
Candy Salinas
SYSTEM ANALYST
Phil Huckabee
CONTRACTS
MANAGEMENT &
PROCUREMENT
MANAGER
Angela Zgabay-Zgarba
PURCHASING
MANAGER
Debbie Pina
FACILITIES
MANAGER
Tammy Williams
vacant (1)
vacant (1)
vacant (1)
vacant (1)
STATE
CONSOLIDATION
SPECIALIST
Joe Smith
vacant (1)
HUMAN RESOURCES
DIRECTOR
Jan Thomas
SELECTIONS
COORDINATOR
Lisa Glenn
TEXAS LOTTERY COMMISSION
Human Resources Division
BENEFITS
COORDINATOR
Jami Dudley
HR STAFF
SERVICES
OFFICER
Jessica Herrera
AGENCY
TIMEKEEPER
Leslie Casarez
PAYROLL/
COMPENSATION
SPECIALIST
Eliza Ortega
10/31/2017
ENFORCEMENT
DIRECTOR
Mario Valdez
TEXAS LOTTERY COMMISSION
Enforcement Division
10/31/2017
EXECUTIVE
ASSISTANT
Andrea Hendrix
INVESTIGATORS
NORTH
Thomas Hanson*Anthony KozakSteven MorganCarlos Salinas
INVESTIGATORS
SOUTH
John Graham* Tammy Boddy
Charlaine BrannonDaniel Heinz
Marcie Mendoza
BACKGROUND
INVESTIGATORS
Michael Jones*Steven Bilbo
Albert Sanchez
INTAKE COORDINATOR
Brenda Carrales
*Team Leader
INVESTIGATIVE
PROGRAM SUPPORT
SPECIALIST
vacant (1)
