CONSULTING AND TECHNICAL SERVICES+ (CATS+)
TASK ORDER REQUEST FOR PROPOSALS (TORFP)
DEPARTMENT OF INFORMATION TECHNOLOGY (DOIT)
SOLICITATION NUMBER F50B0600063
DATA MANAGEMENT AND ANALYTIC SERVICES
ISSUE DATE: JULY 9, 2020
NOTICE TO OFFEROR
MINORITY BUSINESS ENTERPRISES ARE ENCOURAGED TO
RESPOND TO THIS SOLICITATION.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology ii
DEPARTMENT OF INFORMATION TECHNOLOGY
(DOIT)
KEY INFORMATION SUMMARY SHEET
Solicitation Title:
Data Management and Analytic Services
Solicitation Number (TORFP#):
F50B0600063
Functional Area:
Functional Area 10 – IT Management Consulting Services
TORFP Issue Date:
July 9, 2020
TORFP Issuing Office:
Department of Information Technology (DOIT)
Department Location:
100 Community Place, Crownsville, MD 21032
TO Procurement Officer:
Dominic Edet
e-mail:
dominic.edet@maryland.gov
TO Manager:
Julia Fischer
100 Community Place, Crownsville, MD 21032
e-mail:
Office Phone:
julia.fischer@maryland.gov
410-697-9430
TO Proposals are to be sent to:
dominic.edet@maryland.gov
Attention: Dominic Edet
TO Pre-proposal Conference:
July 24, 2020 at 10:00 AM Via Virtual Environment
See Attachment A for instructions.
TO Proposals Due (Closing) Date
and Time:
August 7, 2020 at 1:00 PM Local Time
Offerors are reminded that a completed Feedback Form is
required if a no-bid decision is made (see Section 5).
MBE Subcontracting Goal:
10%
VSBE Subcontracting Goal:
0%
Task Order Type:
Fixed Price and Time and Materials
Task Order Duration:
Three (3) year base period commencing from the Effective Date
with two (2) one (1) year option periods exercisable at the
State’s discretion
Primary Place of Performance:
100 Community Place, Crownsville, MD 21032
SBR Designation:
Yes
Federal Funding:
No
Questions Due Date and Time
July 31, 2020 at 2:00 PM Local Time
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology iii
TABLE OF CONTENTS – TORFP
1 Minimum Qualifications ...................................................................................................................... 6
1.1 Offeror Personnel Minimum Qualifications ................................................................................ 6
2 TO Contractor Requirements: Scope of Work .................................................................................. 7
2.1 Summary Statement ..................................................................................................................... 7
2.2 Background and Purpose ............................................................................................................. 7
2.3 Requirements ............................................................................................................................... 8
2.4 Deliverables ................................................................................................................................. 9
2.5 Change Orders ........................................................................................................................... 10
2.6 Service Level Agreement (SLA) ............................................................................................... 10
3 TO Contractor Requirements: General ........................................................................................... 11
3.1 Task Order Initiation Requirements .......................................................................................... 11
3.2 Invoicing .................................................................................................................................... 11
3.3 Disaster Recovery and Data ...................................................................................................... 14
3.4 Insurance Requirements ............................................................................................................ 15
3.5 Cyber Risk/Data Breach Insurance ............................................................................................ 16
3.6 Security Requirements ............................................................................................................... 16
3.7 SOC 2 Type 2 Audit Report ...................................................................................................... 22
3.8 Experience and Personnel .......................................................................................................... 24
3.9 Minority Business Enterprise (MBE) Reports ........................................................................... 25
3.10 Veteran Small Business Enterprise (VSBE) Reports ................................................................ 25
3.11 Work Orders .............................................................................................................................. 26
3.12 TORFP Subject to CATS+ Master Contract ............................................................................. 27
3.13 Contract Management Oversight Activities .............................................................................. 27
3.14 Source Code Escrow .................................................................................................................. 27
3.15 Purchasing and Recycling Electronic Products ......................................................................... 28
3.16 Change Control and Advance Notice ........................................................................................ 28
3.17 No-Cost Extensions ................................................................................................................... 28
4 TORFP Instructions ........................................................................................................................... 30
4.1 TO Pre-Proposal Conference ..................................................................................................... 30
4.2 Questions ................................................................................................................................... 30
4.3 TO Proposal Due (Closing) Date and Time .............................................................................. 30
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology iv
4.4 Award Basis ............................................................................................................................... 31
4.5 Oral Presentations ...................................................................................................................... 31
4.6 Limitation of Liability ............................................................................................................... 31
4.7 MBE Participation Goal ............................................................................................................ 31
4.8 VSBE Goal ................................................................................................................................ 31
4.9 Living Wage Requirements ....................................................................................................... 31
4.10 Federal Funding Acknowledgement .......................................................................................... 32
4.11 Conflict of Interest Affidavit and Disclosure ............................................................................ 32
4.12 Non-Disclosure Agreement ....................................................................................................... 32
4.13 HIPAA - Business Associate Agreement .................................................................................. 32
4.14 Mercury and Products That Contain Mercury ........................................................................... 32
4.15 Location of the Performance of Services Disclosure ................................................................ 32
4.16 Department of Human Services (DHS) Hiring Agreement ....................................................... 32
4.17 Small Business Reserve (SBR) Set-Aside ................................................................................. 33
4.18 Bonds ......................................................................................................................................... 33
5 TO Proposal Format .......................................................................................................................... 34
5.1 Required Response .................................................................................................................... 34
5.2 One Part Submission ................................................................................................................. 34
5.3 TO Proposal Packaging and Delivery........................................................................................ 34
5.4 Volume I - TO Technical Proposal ............................................................................................ 34
6 Evaluation and Selection Process ...................................................................................................... 38
6.1 Evaluation Committee ............................................................................................................... 38
6.2 TO Technical Proposal Evaluation Criteria ............................................................................... 38
6.3 Selection Procedures.................................................................................................................. 38
6.4 Documents Required upon Notice of Recommendation for Task Order Award ....................... 39
7 TORFP ATTACHMENTS AND APPENDICES ............................................................................ 40
Attachment A. TO Pre-Proposal Conference Response Form ......................................................... 42
Attachment B. Financial Proposal ...................................................................................................... 43
Attachment C. Bid/Proposal Affidavit ................................................................................................ 44
Attachment D. Minority Business Enterprise (MBE) Forms ........................................................... 45
Attachment E. Veteran-Owned Small Business Enterprise (VSBE) Forms ................................... 46
Attachment F. Maryland Living Wage Affidavit of Agreement for Service Contracts ................ 47
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology v
Attachment G. Federal Funds Attachments ....................................................................................... 49
Attachment H. Conflict of Interest Affidavit and Disclosure ........................................................... 50
Attachment I. Non-Disclosure Agreement (TO Contractor) ........................................................... 51
Attachment J. HIPAA Business Associate Agreement ..................................................................... 59
Attachment K. Mercury Affidavit ....................................................................................................... 60
Attachment L. Location of the Performance of Services Disclosure ............................................... 61
Attachment M. Task Order .................................................................................................................. 62
Attachment N. DHS Hiring Agreement .............................................................................................. 66
Appendix 1. Abbreviations and Definitions ................................................................................... 67
Appendix 2. Offeror Information Sheet ......................................................................................... 70
Appendix 3. Criminal Background Check Affidavit .................................................................... 71
Appendix 4 Labor Classification Personnel Resume Summary ................................................. 72
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 6
1 Minimum Qualifications
1.1 Offeror Personnel Minimum Qualifications
The personnel proposed under this TORFP must meet all minimum qualifications for the labor category
proposed. (http://doit.maryland.gov/contracts/Documents/CATSPlus2016/060B2490023-
2016CATSPlus2016RFP.pdf).
And subsequent Amendment #4 & Amendment see:
http://doit.maryland.gov/contracts/Documents/CATSPlus2016/060B2490023-
2016_Section2.10_Amendment.pdf
THE REMAINDER OF THIS PAGE IS INTENTIONALLY LEFT BLANK
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 7
2 TO Contractor Requirements: Scope of Work
2.1 Summary Statement
2.1.1 The Department of Information Technology (DoIT) is issuing this CATS+ TORFP in order
to obtain multiple Master Contractors to provide professional data management and data analytic
consulting services for the State of Maryland. The services are broken into 4 categories as described
in Section 2.3.
The services will be provided through Work Orders issued hereunder (see Section 3.11).
2.1.2 DoIT anticipates issuing a Work Order immediately upon Task Order award.
2.1.3 DoIT intends to award a Task Order to up to ten (10) Master Contractors proposing a team
of resources and a Staffing Plan that can best satisfy the Task Order requirements.
Master Contractors are advised that, should a solicitation or other competitive award be initiated as a
result of activity or recommendations arising from this Task Order, the Master Contractor awarded
this Task Order may not be eligible to compete if such activity constitutes assisting in the drafting of
specifications, requirement, or design thereof.
2.1.4 A Task Order award does not assure a TO Contractor that it will receive all State business
under the Task Order.
2.2 Background and Purpose
DoIT is responsible for applying and safeguarding the state’s most valuable asset, data, for the purpose of
improving government efficiencies, reducing government costs and lowering risk to Executive Branch, State
Agencies and Coordinating Offices, so as to better serve the citizens of Maryland.
A wealth of data exists across the State under the operation of State Agencies. Unlocking this data would
allow the State to identify and drive meaningful change to make a difference for the citizens of Maryland,
identify inefficiencies, create jobs and economic growth, adjust policies, and predict and prepare for
otherwise unexpected events.
The challenge to the State is how best to organize this data into information, identify meaningful
applications, and develop policies and programs to focus the State on what is most important to the State and
the citizens of Maryland. In realizing this challenge, there are several opportunities that present themselves
that will require coordination, consideration and resolve to design and orchestrate a program that delivers
results.
In addition, there is an extraordinary opportunity in sharing, unification and analysis of the underlying data
sets by placing them under the lens of advanced analytical tools, data scientists, State program experts and
policymakers that are now possible and commonly available across the State and the country.
2.2.1 State Staff and Roles
The TO Manager will provide the Work Order scope of services
2.2.2 Other State Responsibilities
A. The State will provide normal office working facilities and equipment reasonably necessary for
TO Contractor Personnel performance under this Task Order.
B. The State will provide required information, data, documentation, and test data to facilitate TO
Contractor Personnel performance of the work.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 8
2.3 Requirements
Under this task order, the TO Contractor shall perform data management and data analytics services as
required by a Work Order. Work Orders will be issued under a category included in this TO. The services
are broken into 4 categories. TO Contractors are not required to respond to all categories. The categories
include the following (identified subcategories are by way of example only):
A. Data Management and Governance
1) Data strategy and governance development
2) Data inventory
3) Data maturity assessment
4) Data quality assessment
B. Data Analytics
1) Data development
2) Data analysis (descriptive, predictive, and prescriptive)
3) Extract, Transform, Load (ETL)
4) Business Intelligence (BI)
5) Data visualization
6) Big Data System Architecture
C. Machine Learning and Programming
1) Machine Learning (ML) model development and testing
D. Data Program Management
1) Documentation, training, outreach, and other services related to state projects will
all be included under this TORFP.
Policies and methodologies used by the TO Contractor will adhere to state supported models and practices.
These may include, but are not limited to, the DAMA Data Management Body of Knowledge (DMBOK) and
Capability Maturity Model Integration (CMMI) Data Maturity Model (DMM) benchmarking agencies’ data
strategy, data governance, data quality, data operations, platform and architecture, and supporting processes.
The processes to be adopted will be defined when each Work Order is released.
2.3.1 Required Project Policies, Guidelines and Methodologies
The TO Contractor must comply with all applicable laws, regulations, policies, standards and guidelines
affecting Information Technology projects, which may be created or changed periodically. The TO
Contractor is required to review all applicable links provided below and state compliance in its response.
It is the responsibility of the TO Contractor to ensure adherence and to remain abreast of new or revised
laws, regulations, policies, standards and guidelines affecting project execution. These include, but are not
limited to:
A. The State of Maryland System Development Life Cycle (SDLC) methodology at:
www.DoIT.maryland.gov - keyword: SDLC;
B. The State of Maryland Information Technology Security Policy and Standards at:
www.DoIT.maryland.gov - keyword: Security Policy;
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 9
C. The State of Maryland Information Technology Non-Visual Standards at:
http://doit.maryland.gov/policies/Pages/ContractPolicies.aspx;
D. The State of Maryland Information Technology Project Oversight at: www.DoIT.maryland.gov
- keyword: IT Project Oversight;
E. The TO Contractor shall follow project management methodologies consistent with the most
recent edition of the Project Management Institute’s Project Management Body of Knowledge
Guide; and
F. The TO Contractor Personnel shall follow a consistent methodology for all Task Order
activities.
2.4 Deliverables
2.4.1 Deliverable Submission
A. The TO Contractor shall request the TO Manager confirm receipt of each deliverable by
sending an e-mail identifying the deliverable name and date of receipt.
B. Unless specified otherwise, written deliverables shall be submitted in PDF.
C. A standard deliverable review cycle will be elaborated and agreed-upon between the State and
the TO Contractor. This review process is entered into when the TO Contractor completes a
deliverable.
D. For any written deliverable, the TO Manager may request a draft version of the deliverable, to
comply with the minimum deliverable quality criteria listed in Section 2.4.3 Minimum
Deliverable Quality. Drafts of each final deliverable, except status reports, are required at least
two weeks in advance of when the final deliverables are due (with the exception of deliverables
due at the beginning of the project where this lead-time is not possible, or where draft delivery
date is explicitly specified). Draft versions of a deliverable shall comply with the minimum
deliverable quality criteria listed in Section 2.4.3 Minimum Deliverable Quality.
2.4.2 Deliverable Acceptance
A. A final deliverable shall satisfy the scope and requirements of this TORFP and the Work Order
for that deliverable, including the quality and acceptance criteria for a final deliverable as
defined in Section 2.4.4 Deliverable Descriptions/Acceptance Criteria.
B. The TO Manager will review a final deliverable to determine compliance with the acceptance
criteria as defined for that deliverable.
C. The TO Manager will issue to the TO Contractor a notice of acceptance or rejection of the
deliverable.
D. In the event of rejection, the notice will identify any deliverable deficiencies or non-
conformities. The TO Contractor shall correct deficiencies and resubmit the corrected
deliverable for acceptance within the agreed-upon period for correction.
E. At the TO Manager’s discretion, subsequent project tasks may not continue until deliverable
deficiencies are rectified and accepted by the TO Manager or the TO Manager has specifically
issued, in writing, a waiver for conditional continuance of project tasks.
2.4.3 Minimum Deliverable Quality
The TO Contractor shall subject each deliverable to its internal quality-control process prior to
submitting the deliverable to the State.
Each deliverable shall meet the following minimum acceptance criteria:
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 10
A. Be presented in a format appropriate for the subject matter and depth of discussion.
B. Be organized in a manner that presents a logical flow of the deliverable’s content.
C. Represent information reasonably known at the time of submittal.
D. In each section of the deliverable, include only information relevant to that section of the
deliverable.
E. Contain content and presentation consistent with industry best practices in terms of deliverable
completeness, clarity, and quality.
F. Meets the acceptance criteria applicable to that deliverable, including any State policies,
functional or non-functional requirements, or industry standards.
G. Contains no structural errors such as poor grammar, misspellings or incorrect punctuation.
H. Must contain the date, author, and page numbers. When applicable for a deliverable, a revision
table must be included.
I. A draft written deliverable may contain limited structural errors such as incorrect punctuation
and shall represent a significant level of completeness toward the associated final written
deliverable. The draft written deliverable shall otherwise comply with minimum deliverable
quality criteria above.
2.4.4 Deliverable Descriptions/Acceptance Criteria
Deliverables and acceptance criteria will be defined in each Work Order.
2.5 Change Orders
A. If the TO Contractor is required to perform work beyond the scope of this TORFP, or there is a
work reduction due to unforeseen scope changes, a TO Change Order is required. The TO
Contractor and TO Manager shall negotiate a mutually acceptable price modification based on
the TO Contractor’s proposed rates in the Master Contract and scope of the work change.
B. No scope of work changes shall be performed until a change order is approved by DoIT and
executed by the TO Procurement Officer.
2.6 Service Level Agreement (SLA)
THIS SECTION IS NOT APPLICABLE TO THIS TORFP.
THE REMAINDER OF THIS PAGE IS INTENTIONALLY LEFT BLANK
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 11
3 TO Contractor Requirements: General
3.1 Task Order Initiation Requirements
3.1.1 Kickoff Meeting
TO Contractor shall schedule and hold a kickoff meeting within 10 Business Days of the Notice
To Proceed (“NTP”) Date for each Work Order. At the kickoff meeting, the TO Contractor shall
furnish an updated project plan describing the activities for the TO Contractor.
3.1.2 Return and Maintenance of State Data
A. Upon termination or the expiration of a Work Order term, the TO Contractor shall:
1) Return to the State all State data in either the form it was provided to the TO Contractor
or in a mutually agreed format along with the schema necessary to read such data;
2) Preserve, maintain, and protect all State data until the earlier of a direction by the State to
delete such data or the expiration of 90 days (“the retention period”) from the date of
termination or expiration of the TO Agreement term;
3) After the retention period, the TO Contractor shall securely dispose of and permanently
delete all State data in all of its forms, such as disk, CD/DVD, backup tape and paper
such that it is not recoverable, according to National Institute of Standards and
Technology (NIST)-approved methods with certificates of destruction to be provided to
the State; and
4) Prepare an accurate accounting from which the State may reconcile all outstanding
accounts. The final monthly invoice for the services provided hereunder shall include all
charges for the 90-day data retention period.
B. During any period of service suspension, the TO Contractor shall maintain all State data in its
then existing form, unless otherwise directed in writing by the TO Manager.
C. In addition to the foregoing, the State shall be entitled to any post-termination/expiration
assistance generally made available by TO Contractor with respect to the services.
3.2 Invoicing
3.2.1 Definitions
A. “Proper Invoice” means a bill, written document, or electronic transmission, readable by the
agency, provided by a vendor requesting an amount that is due and payable by law under a
written procurement contract for property received or services rendered that meets the
requirements of COMAR 21.06.09.02 and includes the information required in Section 3.2.2
below.
B. “Late Payment” means any amount that is due and payable by law under a written procurement
contract, without deferral, delay, or set-off under COMAR 21.02.07.03, and remains unpaid
more than 45 days after an agency receives a Proper Invoice.
C. “Payment” includes all required processing and authorization by the Comptroller of the
Treasury, as provided under COMAR 21.02.07, and may be deferred, delayed, or set-off as
applicable under COMAR 21.02.07.03.
3.2.2 General
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 12
A. Invoice payments to the TO Contractor shall be governed by the terms and conditions of the
CATS+ Master Contract.
B. The TO Contractor shall e-mail the original of each invoice and signed authorization to invoice
to the TO Manager at the email address provided in the Key Information Summary Sheet and
the DoIT Fiscal Office at doitfiscal.invoiceservice@maryland.gov
.
C. All invoices for services shall be verified by the TO Contractor as accurate at the time of
submission.
D. Invoices submitted without the required information cannot be processed for payment. A Proper
Invoice, required as Payment documentation, must include the following information, without
error:
1) TO Contractor name and address;
2) Remittance address;
3) Federal taxpayer identification (FEIN) number, social security number, as appropriate;
4) Invoice period (i.e. time period during which services covered by invoice were
performed);
5) Invoice date;
6) Invoice number;
7) State assigned TO Agreement number;
8) State assigned (Blanket) Purchase Order number(s);
9) Goods or services provided;
10) Amount due; and
11) Any additional documentation required by regulation or the Task Order.
E. Invoices that contain both fixed price and time and material items shall clearly identify the
items as either fixed price or time and material billing.
F. DoIT reserves the right to reduce or withhold payment in the event the TO Contractor does not
provide DoIT with all required deliverables within the time frame specified in the Work Order
or otherwise breaches the terms and conditions of the Task Order or Work Order until such time
as the TO Contractor brings itself into full compliance.
G. The State is generally exempt from federal excise taxes, Maryland sales and use taxes, District
of Columbia sales taxes and transportation taxes. The TO Contractor; however, is not exempt
from such sales and use taxes and may be liable for the same.
Invoices for final payment shall be clearly marked as “FINAL” and submitted when all work
requirements have been completed and no further charges are to be incurred under the TO
Agreement. In no event shall any invoice be submitted later than 60 calendar days from the TO
Agreement termination date.
3.2.3 Invoice Submission Schedule
The TO Contractor shall submit invoices in accordance with the following schedule:
A. Items of work for which there is one-time pricing shall be billed in the month following the
acceptance of the work by DoIT.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 13
B. Items of work for which there is annual pricing shall be billed in equal monthly installments for
the applicable Task Order year commencing in the month following the performance of the
services.
C. Invoices shall be submitted monthly and within 30 days of delivery of goods and services
unless otherwise stated in the TO Proposal or agreed.
3.2.4 Deliverable Invoicing
Deliverable invoices submitted for payment shall be accompanied by notice(s) of acceptance issued
by the State. Payment of invoices will be withheld if the invoice is not accompanied by a State
issued notice of acceptance. Payment for deliverables will only be made upon completion and
acceptance of the deliverables.
3.2.5 Time and Materials Invoicing
A. Time and Material invoices submitted for payment shall be accompanied by notice(s) of
acceptance issued by the State. Include for each person covered by the invoice the following,
individually listed per person: name, hours worked, summary of work performed, hourly labor
rate, invoice amount and a copy of each person’s timesheet for the period signed by the TO
Manager.
B. Time Sheet Reporting -- Within three (3) business days after the 15th and last day of the month,
the TO Contractor shall submit a semi-monthly timesheet for the preceding half month
providing data for all resources provided under the Task Order.
At a minimum, each semi-monthly timesheet shall show:
1) Title: “Time Sheet for [xxxxx]”
2) Issuing company name, address, and telephone number
3) For each employee /resource:
a) Employee / resource name
b) For each Period ending date, e.g., “Period Ending: mm/dd/yyyy” (Periods run 1st
through 15th and 16th through last day of the month.
i) Tasks completed that week and the associated deliverable names and ID#s
ii) Number of hours worked each day
iii) Total number of hours worked that Period
iv) Period variance above or below 40 hours
v) Annual number of hours planned under the Task Order
vi) Annual number of hours worked to date
vii) Balance of hours remaining
viii) Annual variance to date (Sum of periodic variances)
4) Signature and date lines for the TO Manager
5) Time sheets shall be submitted to the TO Manager prior to invoicing.
3.2.6 For the purposes of this Task Order an amount will not be deemed due and payable if:
A. The amount invoiced is inconsistent with the Task Order.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 14
B. The proper invoice has not been received by the party or office specified in the Task Order.
C. The invoice or performance is in dispute or the TO Contractor has failed to otherwise comply
with the provisions of the Task Order.
D. The item or services have not been accepted.
E. The quantity of items delivered is less than the quantity ordered.
F. The items or services do not meet the quality requirements of the Task Order
G. If the Task Order provides for progress payments, the proper invoice for the progress payment
has not been submitted pursuant to the schedule.
H. If the Task Order provides for withholding a retainage and the invoice is for the retainage, not
all stipulated conditions for release of the retainage have been met.
I. The TO Contractor has not submitted satisfactory documentation or other evidence reasonably
required by the TO Procurement Officer or by the contract concerning performance under the
contract and compliance with its provisions.
3.2.7 Travel Reimbursement
Travel will not be reimbursed under this TORFP.
3.2.8 Retainage
This solicitation does not require retainage.
3.3 Liquidated Damages
MBE Liquidated damages are identified in Attachment M.
3.4 Disaster Recovery and Data
3.4.1 Redundancy, Data Backup and Disaster Recovery
A. Unless specified otherwise in the Work Order, TO Contractor shall maintain or cause to
be maintained disaster avoidance procedures designed to safeguard State data and other
confidential information, TO Contractor’s processing capability and the availability of
hosted services, in each case throughout the TO Agreement term. Any force majeure
provisions of this Task Order do not limit the TO Contractor’s obligations under this
provision.
B. The TO Contractor shall have robust contingency and DR plans in place to ensure that
the services provided under this TO Agreement will be maintained in the event of
disruption to the TO Contractor/subcontractor’s operations (including, but not limited to,
disruption to information technology systems), however caused.
C. The contingency and DR plans must be designed to ensure that services under this TO
Agreement are restored after a disruption within twenty-four (24) hours from
notification and a recovery point objective of one (1) hour or less prior to the outage in
order to avoid unacceptable consequences due to the unavailability of services.
D. The TO Contractor shall test the contingency/DR plans at least twice annually to
identify any changes that need to be made to the plan(s) to ensure a minimum
interruption of service. Coordination shall be made with the State to ensure limited
system downtime when testing is conducted. At least one (1) annual test shall include
backup media restoration and failover / fallback operations at the DR location. The TO
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 15
Contractor shall send TO Manager a notice of completion following completion of DR
testing.
E. Such contingency and DR plans shall be available for DoIT to inspect and practically
test at any reasonable time, and subject to regular updating, revising, and testing
throughout the term of the TO Agreement.
3.4.2 Data Export/Import
The TO Contractor shall, at no additional cost or charge to the State, in an industry
standard/non-proprietary format:
A. Perform a full or partial import/export of State data within 24 hours of a request;
B. Provide to the State the ability to import/export data at will and provide the State with
any access and instructions which are needed for the State to import or export data.
Any import or export shall be in a secure format per the Security Requirements.
3.4.3 Data Ownership and Access
A. Data, databases and derived data products created, collected, manipulated, or directly
purchased as part of a TORFP are the property of the State. The purchasing State agency
is considered the custodian of the data and determines the use, access, distribution and
other conditions based on appropriate State statutes and regulations.
B. Public jurisdiction user accounts and public jurisdiction data shall not be accessed,
except (1) in the course of data center operations, (2) in response to service or technical
issues, (3) as required by the express terms of the Task Order, including as necessary to
perform the services hereunder or (4) at the State’s written request.
C. The TO Contractor shall limit access to and possession of State data to only TO
Contractor Personnel whose responsibilities reasonably require such access or
possession and shall train such TO Contractor Personnel on the confidentiality
obligations set forth herein.
D. At no time shall any data or processes – that either belong to or are intended for the use
of the State or its officers, agents or employees – be copied, disclosed or retained by the
TO Contractor or any party related to the TO Contractor for subsequent use in any
transaction that does not include the State.
E. The TO Contractor shall not use any information collected in connection with the
services furnished under this Contract for any purpose other than fulfilling such services.
F. Sections 3.3.1 – 3.3.3 survive expiration or termination of the TO Agreement.
Additionally, the TO Contractor shall flow down the provisions of Sections 3.3.1-3.3.3
(or the substance thereof) in all subcontracts.
3.4.4 Insurance Requirements
A. Offeror shall confirm that, as of the date of its proposal, the insurance policies
incorporated into its Master Contract are still current and effective at the required
levels (See Master Contract Section 2.7).
B. The Offeror shall also confirm that any insurance policies intended to satisfy the
requirements of this TORFP are issued by a company that is licensed to do business
in the State of Maryland.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 16
C. The recommended awardee must provide a certificate(s) of insurance with the
prescribed coverages, limits and requirements within five (5) Business Days from
notice of recommended award. During the period of performance for multi-year
contracts the TO Contractor shall update certificates of insurance annually, or as
otherwise directed by the TO Manager.
3.5 Cyber Risk/Data Breach Insurance
A. The TO Contractor shall possess and maintain throughout the TO Agreement term and for
three (3) years thereafter, Cyber Risk/ Data Breach insurance (either separately or as part of
a broad Professional Liability or Errors and Omissions Insurance) with limits of at least US
five million ($5,000,000) per claim.
B. Any “insured vs. insured” exclusions will be modified accordingly to allow the State
additional insured status without prejudicing the State’s rights under the policy(ies).
Coverage shall be sufficiently broad to respond to the TO Contractor’s duties and
obligations under the Contract and shall include, but not be limited to, claims involving
privacy violations, information theft, damage to or destruction of electronic information,
release of Sensitive Data, and alteration of electronic information, extortion and network
security.
C. The policy shall provide coverage for, not by way of limitation, breach response costs as
well as regulatory fines and penalties as well as credit monitoring expenses with limits
sufficient to respond to these obligations.
3.6 Security Requirements
3.6.1 Employee Identification
A. TO Contractor Personnel shall display their company ID badge in a visible location at all times
while on State premises. Upon request of authorized State personnel, each such TO Contractor
Personnel shall provide additional photo identification.
B. TO Contractor Personnel shall cooperate with State site requirements, including but not limited
to, being prepared to be escorted at all times, and providing information for State badge
issuance.
C. TO Contractor shall remove any TO Contractor Personnel from working on the Task Order
where the State determines, in its sole discretion, that said TO Contractor Personnel has not
adhered to the Security requirements specified herein.
D. The State reserves the right to request that the TO Contractor submit proof of employment
authorization of non-United States Citizens, prior to commencement of work under the Task
Order.
E. Unless otherwise specified, the cost of complying with all security requirements specified
herein are the sole responsibility and obligation of the TO Contractor and its subcontractors and
no such costs shall be passed through to or reimbursed by the State or any of its agencies or
units.
3.6.2 Criminal Background Checks
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 17
A. The TO Contractor shall have a State and Federal criminal background investigation performed
for all TO Contractor employees, agents, and subcontractors performing services under the
State contract prior to the commencement of any work under the State contract. This check may
be performed by a public or private entity. The criminal background investigations will be
conducted at the TO Contractor’s expense. Even if a criminal background investigation has
been obtained pursuant to a prior agreement with the State, a new one shall be performed for
each individual providing service under the State contract.
B. The TO Contractor has the responsibility of reporting to the State any positive criminal history
of any TO Contractor employee, agent, or subcontractor as soon as this information becomes
available. The TO Contractor shall perform annual updates on their criminal background
investigation for all TO Contractor employees, agents, and subcontractors performing services
under the State contract.
C. Persons with a criminal record may not perform services under this TO Agreement unless prior
written approval is obtained from the Contract Monitor. The Contract Monitor reserves the
right to reject any individual based upon the results of the background check. Decisions of the
Contract Monitor as to acceptability of a candidate are final. The State reserves the right to
refuse any individual TO Contractor Personnel to work on State premises, based upon certain
specified criminal convictions, as specified by the State.
D. The CJIS criminal record check of each TO Contractor Personnel who will work on State
premises shall be reviewed by the TO Contractor for convictions of any of the following crimes
described in the Annotated Code of Maryland, Criminal Law Article:
1) §§ 6-101 through 6-104, 6-201 through 6-205, 6-409 (various crimes against property);
2) any crime within Title 7, Subtitle 1 (various crimes involving theft);
3) §§ 7-301 through 7-303, 7-313 through 7-317 (various crimes involving
telecommunications and electronics);
4) §§ 8-201 through 8-302, 8-501 through 8-523 (various crimes involving fraud);
5) §§9-101 through 9-417, 9-601 through 9-604, 9-701 through 9-706.1 (various crimes
against public administration); or
6) a crime of violence as defined in CL § 14-101(a).
E. TO Contractor Personnel with access to systems supporting the State or to State data who have
been convicted of a felony or of a crime involving telecommunications and electronics from the
above list of crimes shall not be permitted to work on State premises under this TO Agreement;
TO Contractor Personnel who have been convicted within the past five (5) years of a
misdemeanor from the above list of crimes shall not be permitted to work on State premises.
F. A particular on-site location covered by this TO Agreement may require more restrictive
conditions regarding the nature of prior criminal convictions that would result in TO Contractor
Personnel not being permitted to work on those premises. Upon receipt of a location’s more
restrictive conditions regarding criminal convictions, the TO Contractor shall provide an
updated certification regarding the TO Contractor Personnel working at or assigned to those
premises
3.6.3 On-Site Security Requirement(s)
A. Failure to comply with the following, may result in TO Contractor Personnel being barred from
entrance or leaving any site until such time that the State’s conditions and queries are satisfied:
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 18
1) TO Contractor Personnel may be subject to random security checks when entering and
leaving State secured areas. The State reserves the right to require TO Contractor
Personnel to be accompanied while in secured premises.
2) Some State sites, especially those premises of the Department of Public Safety and
Correctional Services, require each person entering the premises to document and
inventory items (such as tools and equipment) being brought onto the site, and to submit
to a physical search of his or her person. Therefore, TO Contractor Personnel shall
always have available an inventory list of tools being brought onto a site and be prepared
to present the inventory list to the State staff or an officer upon arrival for review, as well
as present the tools or equipment for inspection. Before leaving the site, the TO
Contractor Personnel will again present the inventory list and the tools or equipment for
inspection. Upon both entering the site and leaving the site, State staff or a correctional or
police officer may search TO Contractor Personnel. Depending upon facility rules,
specific tools or personal items may be prohibited from being brought into the facility.
B. Any TO Contractor Personnel who enters the premises of a facility under the jurisdiction of the
Department may be searched, fingerprinted (for the purpose of a criminal history background
check), photographed and required to wear an identification card issued by the Department.
C. TO Contractor personnel shall not violate Md. Code Ann., Criminal Law Art. Section 9-410
through 9-417 and such other security policies of the agency that controls the facility to which
the TO Contractor Personnel seeks access. The failure of any of the TO Contractor Personnel to
comply with any provision of the TO Agreement is sufficient grounds for the State to
immediately terminate the TO Agreement for default.
3.6.4 Information Technology
The TO Contractor shall:
A. Implement Administrative, physical, and technical safeguards to protect State data that are no
less rigorous than accepted industry best practices for information security.
B. Ensure that all such safeguards, including the manner in which State data is collected, accessed,
used, stored, processed, disposed of and disclosed, comply with applicable data protection and
privacy laws as well as the terms and conditions of the TO Agreement; and
C. The TO Contractor, and TO Contractor Personnel, shall (i) abide by all applicable federal, State
and local laws, rules and regulations concerning security of Information Systems and
Information Technology and (ii) comply with and adhere to the State IT Security Policy and
Standards as each may be amended or revised from time to time. Updated and revised versions
of the State IT Policy and Standards are available online at www.doit.maryland.gov – keyword:
Security Policy.
3.6.5 Data Protection and Controls
A. TO Contractor shall ensure a secure environment for all State data and any hardware and
software (including but not limited to servers, network and data components) to be provided or
used in connection with the performance of the TO Agreement (and Work Orders thereunder)
and shall apply or cause application of appropriate controls so as to maintain such a secure
environment (“Security Best Practices”). Such Security Best Practices shall comply with an
accepted industry standard, such as the NIST cybersecurity framework.
B. To ensure appropriate data protection safeguards are in place, the TO Contractor shall
implement and maintain the following controls at all times throughout the term of the TO
Agreement (the TO Contractor may augment this list with additional controls):
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 19
1) Establish separate production, test, and training environments for systems supporting the
services provided under this TO Agreement and ensure that production data is not
replicated in test and/or training environment(s) unless it has been previously
anonymized or otherwise modified to protect the confidentiality of Sensitive Data
elements. The TO Contractor shall ensure the appropriate separation of production and
non-production environments by applying the data protection and control requirements.
2) Apply hardware and software hardening procedures as recommended by Center for
Internet Security (CIS) guides https://www.cisecurity.org/, Security Technical
Implementation Guides (STIG) http://iase.disa.mil/Pages/index.aspx, or similar industry
best practices to reduce the TO Contractor/subcontractor’s systems’ surface of
vulnerability, eliminating as many security risks as possible and documenting what is not
feasible and/or not performed according to best practices. Any hardening practices not
implemented shall be documented with a plan of action and milestones including any
compensating control. These procedures may include but are not limited to removal of
unnecessary software, disabling or removing unnecessary services, removal of
unnecessary usernames or logins, and the deactivation of unneeded features in the TO
Contractor/subcontractor’s system configuration files.
3) Ensure that State data is not comingled with non-State data through the proper
application of compartmentalization security measures.
4) Apply data encryption to protect Sensitive Data at all times, including in transit, at rest,
and when archived for backup purposes. Unless otherwise directed, the TO Contractor is
responsible for the encryption of all Sensitive Data.
5) For all State data the TO Contractor manages or controls, data encryption shall be applied
to such data in transit over untrusted networks. Encryption algorithms which are utilized
for encrypting data shall comply with current Federal Information Processing Standards
(FIPS), “Security Requirements for Cryptographic Modules”, FIPS PUB 140-2:
http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm
6) Enable appropriate logging parameters to monitor user access activities, authorized and
failed access attempts, system exceptions, and critical information security events as
recommended by the operating system and application manufacturers and information
security standards, including Maryland Department of Information Technology’s
Information Security Policy.
7) Retain the aforementioned logs and review them at least daily to identify suspicious or
questionable activity for investigation and documentation as to their cause and
remediation, if required. The Department shall have the right to inspect these policies and
procedures and the TO Contractor or subcontractor’s performance to confirm the
effectiveness of these measures for the services being provided under this TO
Agreement.
8) Ensure system and network environments are separated by properly configured and
updated firewalls.
9) Restrict network connections between trusted and untrusted networks by physically
and/or logically isolating systems from unsolicited and unauthenticated network traffic.
10) By default, “deny all” and only allow access by exception.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 20
11) Review at least annually the aforementioned network connections, documenting and
confirming the business justification for the use of all service, protocols, and ports
allowed, including the rationale or compensating controls implemented for those
protocols considered insecure but necessary.
12) Perform regular vulnerability testing of operating system, application, and network
devices. Such testing is expected to identify outdated software versions; missing software
patches; device or software misconfigurations; and to validate compliance with or
deviations from the security policies applicable to this TO Agreement. TO Contractor
shall evaluate all identified vulnerabilities for potential adverse effect on security and
integrity and remediate the vulnerability no later than 30 days following the earlier of
vulnerability’s identification or public disclosure, or document why remediation action is
unnecessary or unsuitable. The Department shall have the right to inspect the TO
Contractor’s policies and procedures and the results of vulnerability testing to confirm
the effectiveness of these measures for the services being provided under this TO
Agreement.
13) Enforce strong user authentication and password control measures to minimize the
opportunity for unauthorized access through compromise of the user access controls. At a
minimum, the implemented measures should be consistent with the most current
Maryland Department of Information Technology’s Information Security Policy
(http://doit.maryland.gov/support/Pages/SecurityPolicies.aspx
), including specific
requirements for password length, complexity, history, and account lockout.
14) Ensure State Data is not processed, transferred, or stored outside of the United States
(“U.S.”). The TO Contractor shall provide its services to the State and the State’s end
users solely from data centers in the U.S. Unless granted an exception in writing by the
State, the TO Contractor shall not allow TO Contractor Personnel to store State data on
portable devices, including personal computers, except for devices that are used and kept
only at its U.S. data centers. The TO Contractor shall permit the TO Contractor Personnel
to access State data remotely only as required to provide technical support.
15) Ensure TO Contractor’s Personnel shall not connect any of its own equipment to a State
LAN/WAN without prior written approval by the State, which may be revoked at any
time for any reason. The TO Contractor/subcontractor shall complete any necessary
paperwork as directed and coordinated with the TO Agreement Monitor to obtain
approval by the State to connect TO Contractor/subcontractor-owned equipment to a
State LAN/WAN.
16) Ensure that anti-virus and anti-malware software is installed and maintained on all
systems supporting the services provided under this TO Agreement; that the anti-virus
and anti-malware software is automatically updated; and that the software is configured
to actively scan and detect threats to the system for remediation. The TO Contractor shall
perform routine vulnerability scans and take corrective actions for any findings.
17) Conduct regular external vulnerability testing designed to examine the service provider’s
security profile from the Internet without benefit of access to internal systems and
networks behind the external security perimeter. Evaluate all identified vulnerabilities on
Internet-facing devices for potential adverse effect on the service’s security and integrity
and remediate the vulnerability promptly or document why remediation action is
unnecessary or unsuitable. DoIT shall have the right to inspect these policies and
procedures and the performance of vulnerability testing to confirm the effectiveness of
these measures for the services being provided under this TO Agreement.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 21
3.6.6 Access to Security Logs and Reports
A. For a SaaS or non-State hosted solution, the TO Contractor shall provide reports to the State in
a mutually agreeable format.
B. Reports shall include latency statistics, user access, user access IP address, user access history
and security logs for all State files related to this Task Order.
3.6.7 Security Plan
A. The TO Contractor shall protect State data according to a written security policy (“Security
Plan”) no less rigorous than that of the State, and shall supply a copy of such policy to the State
for validation, with any appropriate updates, on an annual basis.
B. The Security Plan shall detail the steps and processes employed by the TO Contractor as well as
the features and characteristics which will ensure compliance with the security requirements of
the TO Agreement.
3.6.8 PCI Compliance
A. TO Contractor shall at all times comply, and ensure compliance with, all applicable Payment
Card Industry ("PCI") Data Security Standards (“DSS”), including any and all changes thereto.
TO Contractor shall provide DoIT with documented evidence of current compliance to PCI
DSS within 30 days of an Department request.
B. The TO Contractor shall annually furnish to the State evidence of the PCI Security Standards
Council’s (SSC) acceptance or attestation of the TO Contractor’s conformance to the relevant
PCI DSS requirements by a third party certified to perform compliance assessments.
C. The TO Contractor shall ensure that the scope of the annual SOC 2 Type II Report specified
under Section 3.9 includes testing to confirm the PCI assessment results.
3.6.9 Security Incident Response
A. The TO Contractor shall notify DoIT when any TO Contractor system that may access, process,
or store State data or State systems experiences a Security Incident or a Data Breach as follows:
1) notify DoIT within twenty-four (24) hours of the discovery of a Security Incident by
providing notice via written or electronic correspondence to the TO Manager,
Department chief information officer and Department chief information security officer;
2) notify DoIT within two (2) hours if there is a threat to TO Contractor’s Solution as it
pertains to the use, disclosure, and security of State data; and
3) provide written notice to DoIT within one (1) Business Day after TO Contractor’s
discovery of unauthorized use or disclosure of State data and thereafter all information
the State (or Department) requests concerning such unauthorized use or disclosure.
B. TO Contractor’s notice shall identify:
1) the nature of the unauthorized use or disclosure;
2) the State data used or disclosed,
3) who made the unauthorized use or received the unauthorized disclosure;
4) what the TO Contractor has done or shall do to mitigate any deleterious effect of the
unauthorized use or disclosure; and
5) what corrective action the TO Contractor has taken or shall take to prevent future similar
unauthorized use or disclosure.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 22
6) The TO Contractor shall provide such other information, including a written report, as
reasonably requested by the State.
C. The TO Contractor may need to communicate with outside parties regarding a Security
Incident, which may include contacting law enforcement, fielding media inquiries and seeking
external expertise as mutually agreed upon, defined by law or contained in the TO Agreement.
Discussing Security Incidents with the State should be handled on an urgent as-needed basis, as
part of TO Contractor communication and mitigation processes as mutually agreed upon,
defined by law or contained in the TO Agreement.
D. The TO Contractor shall comply with all applicable laws that require the notification of
individuals in the event of unauthorized release of State data or other event requiring
notification, and, where notification is required, assume responsibility for informing all such
individuals in accordance with applicable law and to indemnify and hold harmless the State (or
Department) and its officials and employees from and against any claims, damages, and actions
related to the event requiring notification.
3.6.10 Data Breach Responsibilities
A. If the TO Contractor reasonably believes or has actual knowledge of a Data Breach, the TO
Contractor shall, unless otherwise directed:
1) Notify the appropriate State-identified contact as soon as possible, but at minimum
within 4 hours by telephone in accordance with the agreed upon security plan or security
procedures unless a shorter time is required by applicable law;
2) Cooperate with the State to investigate and resolve the data breach;
3) Promptly implement commercially reasonable remedial measures to remedy the Data
Breach; and
4) Document responsive actions taken related to the Data Breach, including any post-
incident review of events and actions taken to make changes in business practices in
providing the services.
B. If a Data Breach is a direct result of the TO Contractor’s breach of its TO Agreement obligation
to encrypt State data or otherwise prevent its release, the TO Contractor shall bear the costs
associated with (1) the investigation and resolution of the data breach; (2) notifications to
individuals, regulators or others required by State law; (3) a credit monitoring service required
by State or federal law; (4) a website or a toll-free number and call center for affected
individuals required by State law; and (5) complete all corrective actions as reasonably
determined by TO Contractor based on root cause; all [(1) through (5)] subject to the TO
Agreement’s limitation of liability.
3.6.11 The State shall, at its discretion, have the right to review and assess the TO Contractor’s
compliance to the security requirements and standards defined in the TO Agreement.
3.6.12 Sections 3.6.1 – 3.6.11 shall survive expiration or termination of the TO Agreement.
Additionally, the TO Contractor shall flow down the provisions of Sections 3.6.1-3.6.12 (or the
substance thereof) in all subcontracts.
3.7 SOC 2 Type 2 Audit Report
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 23
3.7.1 The applicable trust principles are Security, Availability, Processing Integrity,
Confidentiality, and Privacy as defined in the Guidance (defined in Section 3.7.2 below).
3.7.2 In the event the TO Contractor provides services for identified critical functions, handles
Sensitive Data, or hosts any related implemented system for the State under the Contract, the TO
Contractor shall have an annual audit performed by an independent audit firm of the TO
Contractor’s handling of Sensitive Data or DoIT’s critical functions. Critical functions are identified
as all aspects and functionality of the Solution including any add-on modules and shall address all
areas relating to Information Technology security and operational processes. These services
provided by the TO Contractor that shall be covered by the audit will collectively be referred to as
the “Information Functions and Processes.” Such audits shall be performed in accordance with audit
guidance: Reporting on Controls at a Service Organization Relevant to Security, Availability,
Processing Integrity, Confidentiality, or Privacy (SOC 2) as published by the American Institute of
Certified Public Accountants (AICPA) and as updated from time to time, or according to the most
current audit guidance promulgated by the AICPA or similarly-recognized professional organization,
as agreed to by DoIT, to assess the security of outsourced client functions or data (collectively, the
“Guidance”) as follows:
A. The type of audit to be performed in accordance with the Guidance is a SOC 2 Type 2
Audit (referred to as the “SOC 2 Audit” or “SOC 2 Report”). All SOC2 Audit Reports
shall be submitted to the Contract Monitor as specified in Section F below. The initial
SOC 2 Audit shall be completed within a timeframe to be specified by the State. The
audit period covered by the initial SOC 2 Audit shall start with the Contract Effective
Date unless otherwise agreed to in writing by the Contract Monitor. All subsequent
SOC 2 Audits after this initial audit shall be performed at a minimum on an annual
basis throughout the Term of the Contract, and shall cover a 12-month audit period or
such portion of the year that the TO Contractor furnished services.
B. The SOC 2 Audit shall report on the suitability of the design and operating
effectiveness of controls over the Information Functions and Processes to meet the
requirements of the Contract, including the Security Requirements identified in Section
3.6.
C. The audit scope of each year’s SOC 2 Report may need to be adjusted (including the
inclusion or omission of the relevant trust services principles of Security, Availability,
Processing Integrity, Confidentiality, and Privacy) to accommodate any changes to the
environment since the last SOC 2 Report. Such changes may include but are not
limited to the addition of Information Functions and Processes through modifications to
the Contract or due to changes in Information Technology or the operational
infrastructure. The TO Contractor shall ensure that the audit scope of each year’s SOC
2 Report engagement shall accommodate these changes by including in the SOC 2
Report all appropriate controls related to the current environment supporting the
Information Functions and/or Processes, including those controls required by the
Contract.
D. The scope of the SOC 2 Report shall include work performed by any subcontractors
that provide essential support to the TO Contractor or essential support to the
Information Functions and Processes provided to DoIT under the Contract. The TO
Contractor shall ensure the audit includes all such subcontractors operating in
performance of the Contract.
E. All SOC 2 Audits, including those of the TO Contractor, shall be performed at no
additional expense to DoIT.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 24
F. The TO Contractor shall provide to the Contract Monitor, within 30 calendar days of
the issuance of each SOC 2 Report, a complete copy of the final SOC 2 Report(s) and a
documented corrective action plan addressing each audit finding or exception contained
in the SOC 2 Report. The corrective action plan shall identify in detail the remedial
action to be taken by the TO Contractor along with the date(s) when each remedial
action is to be implemented.
G. If the TO Contractor currently has an annual, independent information security
assessment performed that includes the operations, systems, and repositories of the
Information Functions and Processes being provided to DoIT under the TO Agreement,
and if that assessment generally conforms to the content and objective of the Guidance,
DoIT will determine in consultation with appropriate State government technology and
audit authorities whether the TO Contractor’s current information security assessments
are acceptable in lieu of the SOC 2 Report(s).
H. If the TO Contractor fails during the TO Agreement term to obtain an annual SOC 2
Report by the date, DoIT shall have the right to retain an independent audit firm to
perform an audit engagement of a SOC 2 Report of the Information Functions and
Processes utilized or provided by the TO Contractor and under the TO Agreement. The
TO Contractor agrees to allow the independent audit firm to access its facility/ies for
purposes of conducting this audit engagement(s), and will provide the necessary
support and cooperation to the independent audit firm that is required to perform the
audit engagement of the SOC 2 Report. DoIT will invoice the TO Contractor for the
expense of the SOC 2 Report(s), or deduct the cost from future payments to the TO
Contractor.
3.8 Experience and Personnel
3.8.1 ROLES AND RESPONSIBILITIES
Personnel roles and responsibilities under the Task Order:
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 25
A. TO Procurement Officer – The TO Procurement Officer has the primary responsibility for the
management of the TORFP process, for the resolution of TO Agreement scope issues, and for
authorizing any changes to the TO Agreement.
B. TO Manager - The TO Manager has the primary responsibility for the management of the
work performed under the TO Agreement, administrative functions, including issuing written
directions, and for ensuring compliance with the terms and conditions of the CATS+ Master
Contract.
The TO Manager will assign tasks to the personnel provided under this TORFP and will track
and monitor the work being performed through the monthly accounting of hours’ deliverable
for work types; actual work produced will be reconciled with the hours reported.
C. TO Contractor – The TO Contractor is the CATS+ Master Contractor awarded this Task
Order. The TO Contractor shall provide human resources as necessary to perform the services
described in Work Orders issued hereunder.
D. TO Contractor Manager – The TO Contractor Manager will serve as primary point of contact
with the TO Manager to regularly discuss progress of tasks, upcoming tasking, historical
performance, and resolution of any issues that may arise pertaining to the TO Contractor
Personnel. The TO Contractor Manager will serve as liaison between the TO Manager and the
senior TO Contractor management.
E. TO Contractor Personnel – Any official, employee, agent, Subcontractor, or Subcontractor
agents of the TO Contractor who is involved with the Task Order over the course of the Task
Order period of performance.
F. Key Personnel – A subset of TO Contractor Personnel whose departure during the performance
period will have, in the State’s opinion, a substantial negative impact on Task Order
performance. Key Personnel proposed as part of the TO Proposal shall start as of TO
Agreement issuance unless specified otherwise in this TORFP or the Offeror’s TO Technical
Proposal. Key Personnel may be identified after Task Order award.
3.8.2 Personnel Experience
Personnel experience will be identified in the Work Order.
3.8.3 TO Contractor Personnel Maintain Certifications
Any TO Contractor Personnel provided under this TORFP shall maintain in good standing any
required professional certifications for the duration of the TO Agreement.
3.8.4 Work Hours
A. Business Hours Support: TO Contractor shall assign TO Contractor Personnel to support
Normal State Business Hours
B. Needs beyond the hours described may be defined in a Work Order.
C. State-Mandated Closings: TO Contractor Personnel shall be required to participate in any State-
mandated closings. In this event, the TO Contractor will be notified in writing by the TO
Manager of these details.
3.9 Minority Business Enterprise (MBE) Reports
There is a 10% MBE Participation Goal for this Task Order.
3.10 Veteran Small Business Enterprise (VSBE) Reports
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 26
There is no VSBE Goal for this Task Order.
3.11 Work Orders
A. Services and resources will be provided via a Work Order process. Work Orders will be
awarded to the TO Contractor whose proposal in response to a DoIT issued scope of work is
determined by DoIT to be the most advantageous to the State. Following Work Order award,
the awarded TO Contractor will then develop and deliver the services defined in the Work
Order, however, work shall not begin in advance of a fully executed Work Order. A Work
Order may be issued for either fixed price or time and materials (T&M) pricing. T&M Work
Orders will be issued in accordance with pre-approved Labor Categories with the fully loaded
rates proposed.
B. The TO Manager will e-mail a Work Order Request (See sample at
http://doit.maryland.gov/contracts/Documents/CATSPlus/CATS+WorkOrderSample.pdf
)
to the TO Contractor(s) to provide services or resources that are within the scope of this
TORFP. The Work Order Request will include:
1) Technical requirements and description of the service or resources needed
2) Performance objectives and/or deliverables, as applicable
3) Due date and time for submitting a response to the request, and
4) Required place(s) where work must be performed
C. The TO Contractor shall e-mail a response to the TO Manager within the specified time and
include at a minimum:
1) A response that details the TO Contractor’s understanding of the work;
2) A price to complete the Work Order Request using the format provided using the format
provided (see online sample);
3) A description of proposed resources required to perform the requested tasks, with labor
categories listed in accordance with Appendix 4;
4) An explanation of how tasks shall be completed. This description shall include proposed
subcontractors and related tasks;
5) State-furnished information, work site, and/or access to equipment, facilities, or
personnel; and
6) The proposed personnel resources, including any subcontractor personnel, to complete
the task.
D. For a T&M Work Order, the TO Manager will review the response and will confirm the
proposed labor rates are consistent with this TORFP. For a fixed price Work Order, the TO
Manager will review the response and will confirm the proposed prices are acceptable.
E. The TO Manager may contact the TO Contractor to obtain additional information, clarification
or revision to the Work Order, and will provide the Work Order to the TO Procurement Officer
for a determination of compliance with the TO Agreement and a determination whether a
change order is appropriate. Written TO Procurement Officer approval is required before Work
Order execution by the State.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 27
F. Proposed personnel on any type of Work Order shall be subject to Department approval. The
TO Contractor shall furnish resumes of proposed personnel specifying the labor category(ies)
proposed. The TO Manager shall have the option to interview the proposed personnel and, in
the event of an interview or not, shall notify the TO Contractor of acceptance or denial of the
personnel.
G. Performance of services under a Work Order shall commence consistent with an NTP issued by
the TO Manager for such Work Order.
3.12 TORFP Subject to CATS+ Master Contract
In addition to the requirements of this TORFP, the Master Contractors are subject to all terms and conditions
contained in the CATS+ RFP issued by the Maryland Department of Information Technology (DoIT) and
subsequent Master Contract Project Number 060B2490023, including any amendments, including but not
limited to:
A. Custom Software, Custom Source Code, Data;
B. Hardware and software costs procured as part of the TORFP cannot exceed 49 percent of the
total Task Order value;
C. Material costs shall be passed through with no mark-up by the TO Contractor;
D. No-Visual Access
E. By responding to this TORFP and accepting a Task Order award, an Offeror specifically agrees
that for any software, hardware or hosting service that it proposes in response to this TORFP,
the State will have the right to purchase from another source, instead of from the selected
Offeror.
All times specified in this document are local time, defined as Eastern Standard Time or Eastern
Daylight Time, whichever is in effect.
3.13 Contract Management Oversight Activities
A. DoIT is responsible for contract management oversight on the CATS+ Master Contract. As
part of that oversight, DoIT has implemented a process for self-reporting contract management
activities of Task Orders under CATS+. This process typically applies to active TOs for
operations and maintenance services valued at $1 million or greater, but all CATS+ Task
Orders are subject to review.
B. A sample of the TO Contractor Self-Reporting Checklist is available on the CATS+ website at
http://doit.maryland.gov/contracts/Documents/CATSPlus/CATS+Self-
ReportingChecklistSample.pdf. DoIT may send initial checklists out to applicable/selected TO
Contractors approximately three months after the award date for a Task Orders. The TO
Contractor shall complete and return the checklist as instructed on the form. Subsequently, at
six month intervals from the due date on the initial checklist, the TO Contractor shall update
and resend the checklist to DoIT.
3.14 Source Code Escrow
Source Code Escrow applies to this TO Agreement. The TO Contractor shall perform source code escrow as
described herein.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 28
A. The State will be named as a beneficiary under an escrow agreement (“Escrow Agreement”) that
shall be entered into between the TO Contractor and an escrow agent (“Escrow Agent”) within 45
days of the date hereof pursuant to which TO Contractor shall deliver a Source Code Escrow
Package to Escrow Agent. The term “Source Code Escrow Package” means: a) a complete copy in
machine-readable form of the source code and executable code of the software licensed to the State
under the TO Agreement; b) a complete copy of any existing design documentation and user
documentation; and/or c) complete instructions for compiling and linking every part of the source
code into executable code for purposes of enabling verification of the completeness of the source
code as provided below.
B. The Escrow Agreement shall govern the maintenance and release of the Source Code Escrow
Package, and TO Contractor agrees to update, enhance, or otherwise modify such Source Code
Escrow Package promptly upon each release of a new version of any component thereof. TO
Contractor shall pay all fees and expenses charged by Escrow Agent, including, but not limited to,
fees and expenses related to the State being a named beneficiary under the Escrow Agreement. The
State shall treat the Source Code Escrow Package as TO Contractor’s confidential information.
Under all circumstances, the Source Code Escrow Package shall remain the property of TO
Contractor. The State shall only use the Source Code Escrow Package as contemplated in the Task
Order (including, but not limited to confidentiality provisions and usage restrictions). The Escrow
Agent shall maintain the Source Code Escrow Package in a repository located in the United States.
C. In the event that the Escrow Agent either ceases providing escrow services to TO Contractor or TO
Contractor determines in its reasonable business judgment that the Escrow Agent is no longer
providing acceptable services, TO Contractor shall replace the Escrow Agent with another escrow
agent, using an agreement which provides the State with rights no less advantageous than those in
the Escrow Agreement. In such case, the new escrow agent shall be substituted in all ways for this
and all references herein to Escrow Agent shall be deemed to include such substitute escrow agent.
D. TO Contractor shall inform the State of the availability of an escrow for any third party software
provided.
E. The Escrow must provide for release of the Software Escrow Package by the Escrow Agent to the
State’s possession immediately upon any voluntary or involuntary filing of bankruptcy or any other
insolvency proceeding, including but not limited to a general assignment for the benefit of creditors
and the appointment of a receiver for business or assetsthe appointment of a receiver for business or
assets; TO Contractor’s dissolution or liquidation, voluntary or otherwise;; or TO Contractor’s
discontinuance of support or failure to support in accordance with this TO Agreement any software
system.
3.15 Change Control and Advance Notice
A. Unless otherwise specified in an applicable Service Level Agreement, the Contractor shall give
seven (7) days advance notice to the State of any upgrades or modifications that may affect
service availability and performance.
B. Contractor may not modify the functionality or features of any SaaS provided hereunder if such
modification materially degrades the functionality of the SaaS.
3.16 No-Cost Extensions
In the event there are unspent funds remaining on the TO Agreement, prior to the TO’s expiration date the
TO Procurement Officer may modify the TO Agreement to extend the TO Agreement beyond its expiration
date for the performance of work within the TO’s scope of work. Notwithstanding anything to the contrary,
no funds may be added to the TO Agreement in connection with any such extension.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 29
THE REMAINDER OF THIS PAGE IS INTENTIONALLY LEFT BLANK
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 30
4 TORFP Instructions
4.1 TO Pre-Proposal Conference
4.1.1 A pre-proposal conference (Conference) will be held at the date and time indicated on the
Key Information Summary Sheet.
4.1.2 Attendance at the Conference is not mandatory, but all interested parties are encouraged to
attend in order to facilitate better preparation of their proposals.
4.1.3 Following the Conference, the attendance record and summary of the Conference will be
distributed via e-mail to all Master Contractors known to have received a copy of this TORFP.
4.1.4 In order to assure adequate accommodations at the Conference, please e-mail the Pre-
Proposal Conference Response Form (Attachment A) no later than the time and date indicated on
the form. In addition, if there is a need for sign language interpretation and/or other special
accommodations due to a disability, please notify the TO Procurement Officer at least five (5)
business days prior to the Conference date. DoIT will make a reasonable effort to provide such
special accommodation.
4.2 Questions
4.2.1 All questions shall identify in the subject line the Solicitation Number and Title
F50B0600063 – Data Management and Analytic Services and shall be submitted in writing via e-
mail to the TO Procurement Officer no later than the date and time specified the Key Information
Summary Sheet.
4.2.2 Answers to all questions that are not clearly specific only to the requestor will be provided to
all Master Contractors who are known to have received a copy of the TORFP.
4.2.3 The statements and interpretations contained in responses to any questions, whether
responded to verbally or in writing, are not binding on DoIT unless it issues an amendment in
writing.
4.3 TO Proposal Due (Closing) Date and Time
4.3.1 TO Proposals, in the number and form set forth in Section 5 TO Proposal Format, must be
received by the TO Procurement Officer no later than the TO Proposal due date and time indicated
on the Key Information Summary Sheet in order to be considered.
4.3.2 Requests for extension of this date or time shall not be granted.
4.3.3 Offerors submitting TO Proposals should allow sufficient delivery time to ensure timely
receipt by the TO Procurement Officer. Except as provided in COMAR 21.05.03.02.F and
21.05.02.10, TO Proposals received after the due date and time listed in the Key Information
Summary Sheet will not be considered.
4.3.4 The date and time of an e-mail submission is determined by the date and time of arrival in
the e-mail address indicated on the Key Information Summary Sheet.
4.3.5 TO Proposals may be modified or withdrawn by written notice received by the TO
Procurement Officer before the time and date set forth in the Key Information Summary Sheet for
receipt of TO Proposals.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 31
4.4 Award Basis
Based upon an evaluation of TO Proposal responses as provided in Section 6.4, below, up to ten (10) Master
Contractors will be awarded a Task Order. A specific TO Agreement, Attachment M, will then be entered
into between the State and the selected Master Contractors, which will bind the selected Master Contractors
(TO Contractor) to the contents of their respective TO Proposals.
4.5 Oral Presentations
Master Contractors and proposed TO Contractor Personnel may be required to make an oral presentation to
State representatives. Master Contractors must confirm in writing any substantive oral clarification of, or
change in, their Proposals made in the course of discussions. Any such written clarifications or changes then
become part of the Master Contractor’s TO Proposal.
The TO Procurement Officer will notify Master Contractors of the time and place of oral presentations and
interviews, should interviews be scheduled separately.
4.6 Limitation of Liability
The TO Contractor’s liability is limited in accordance with the Limitations of Liability section of the CATS+
Master Contract. TO Contractor’s liability for this TORFP is limited to two (2) times the total TO Agreement
amount.
4.7 MBE Participation Goal
This TORFP has a MBE goal as stated in the Key Information Summary Sheet above, representing a
percentage of total fees paid for services under this Task Order.
4.7.1 A Master Contractor that responds to this TORFP shall complete, sign, and submit all
required MBE documentation at the time of TO Proposal submission (See Attachment D Minority
Business Enterprise Forms). Failure of the Master Contractor to complete, sign, and submit all
required MBE documentation at the time of TO Proposal submission will result in the State’s
rejection of the Master Contractor’s TO Proposal.
4.7.2 In 2014, Maryland adopted new regulations as part of its Minority Business Enterprise
(MBE) program concerning MBE primes. Those new regulations, which became effective June 9,
2014 and are being applied to this task order, provide that when a certified MBE firm participates as
a prime contractor on a contract, an agency may count the distinct, clearly defined portion of the
work of the contract that the certified MBE firm performs with its own forces toward fulfilling up to
fifty-percent (50%) of the MBE participation goal (overall) and up to one hundred percent (100%) of
not more than one of the MBE participation subgoals, if any, established for the contract. Please see
the attached MBE forms and instructions.
4.8 VSBE Goal
There is no VSBE participation goal for this procurement.
4.9 Living Wage Requirements
The Master Contractor shall abide by the Living Wage requirements under Title 18, State Finance and
Procurement Article, Annotated Code of Maryland and the regulations proposed by the Commissioner of
Labor and Industry.
All TO Proposals shall be accompanied by a completed Living Wage Affidavit of Agreement, Attachment
F of this TORFP.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 32
4.10 Federal Funding Acknowledgement
This Task Order does not contain Federal funds.
4.11 Conflict of Interest Affidavit and Disclosure
4.11.1 Offerors shall complete and sign the Conflict of Interest Affidavit and Disclosure
(Attachment H) and submit it with their Proposals. All Offerors are advised that if a TO Agreement
is awarded as a result of this solicitation, the TO Contractor’s Personnel who perform or control
work under this TO Agreement and each of the participating subcontractor personnel who perform
or control work under this TO Agreement shall be required to complete agreements substantially
similar to Attachment H, conflict of interest Affidavit and Disclosure.
4.11.2 If the TO Procurement Officer makes a determination that facts or circumstances exist that
give rise to or could in the future give rise to a conflict of interest within the meaning of COMAR
21.05.08.08A, the TO Procurement Officer may reject an Offeror’s TO Proposal under COMAR
21.06.02.03B.
4.11.3 Master Contractors should be aware that the State Ethics Law, Md. Code Ann., General
Provisions Article, Title 5, might limit the selected Master Contractor's ability to participate in future
related procurements, depending upon specific circumstances.
4.11.4 By submitting a Conflict of Interest Affidavit and Disclosure, the Offeror shall be construed
as certifying all TO Contractor Personnel and Subcontractors are without a conflict of interest as
defined in COMAR 21.05.08.08A.
4.12 Non-Disclosure Agreement
4.12.1 Non-Disclosure Agreement (Offeror)
A Non-Disclosure Agreement (Offeror) is required for this solicitation.
4.12.2 Non-Disclosure Agreement (TO Contractor)
All Offerors are advised that this solicitation and any TO Agreement(s) be subject to the terms of the
Non-Disclosure Agreement (NDA) contained in this solicitation as Attachment I. This Agreement
must be provided within five (5) Business Days of notification of recommended award; however, to
expedite processing, it is suggested that this document be completed and submitted with the TO
Proposal.
4.13 HIPAA - Business Associate Agreement
A HIPAA Business Associate Agreement is not required for this procurement.
4.14 Mercury and Products That Contain Mercury
This solicitation does not include the procurement of products known to include mercury as a component.
4.15 Location of the Performance of Services Disclosure
The Offeror is required to complete the Location of the Performance of Services Disclosure. A copy of this
Disclosure is included as Attachment L. The Disclosure must be provided with the TO Proposal.
4.16 Department of Human Services (DHS) Hiring Agreement
A Department of Human Services Agreement is not required for this procurement.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 33
4.17 Small Business Reserve (SBR) Set-Aside
This solicitation does not include a Small Business Reserve requirement.
4.18 Bonds
This solicitation does not require bonds.
THE REMAINDER OF THIS PAGE IS INTENTIONALLY LEFT BLANK
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 34
5 TO Proposal Format
5.1 Required Response
Each Master Contractor receiving this CATS+ TORFP shall respond no later than the submission due date
and time designated in the Key Information Summary Sheet. Each Master Contractor is required to submit
one of two possible responses: 1) a TO Proposal; or 2) a completed Master Contractor Feedback Form
(available online within the Master Contractor Admin System). The feedback form helps the State
understand for future contract development why Master Contractors did not submit proposals. The form is
accessible via the CATS+ Master Contractor login screen and clicking on TORFP Feedback Response Form
from the menu.
A TO Proposal shall conform to the requirements of this CATS+ TORFP.
5.2 One Part Submission
Offerors shall submit a TO Technical Proposal.
5.3 TO Proposal Packaging and Delivery
5.3.1 Provide no pricing information in the TO Technical Proposal.
5.3.2 Offerors shall submit TO Proposals by e-mail to the TO Procurement Officer address listed
on the Key Information Summary Sheet. TO Proposals delivered by facsimile will not be considered.
5.3.3 E-mail submissions
A. TO Proposals must be password protected and submitted via email
B. The TO Procurement Officer will only contact those Offerors with TO Proposals that
are reasonably susceptible for award.
C. TO Proposals submitted via e-mail must not exceed 10 Mb. If a submission exceeds
this size, split the submission into two or more parts and include the appropriate part
number in the subject (e.g., part 1 of 2) after the subject line information below.
D. The e-mail submission subject line shall state the TORFP F50B0600063 and
“Technical”.
5.3.4 One Part Submission: Offerors shall provide their TO Proposal as follows:
A. TO Technical Proposal consisting of:
1) TO Technical Proposal and all supporting material in Microsoft Word format,
version 2007 or greater, and
2) the TO Technical Proposal in searchable Adobe PDF format.
5.3.5 Offerors may submit TO Proposals as described below to the email address provided in the
Key Information Summary Sheet.
5.4 Volume I - TO Technical Proposal
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 35
IMPORTANT: Provide no pricing information in the TO Technical Proposal (Volume I). In addition to
the instructions below, responses in the Offeror’s TO Technical Proposal shall reference the organization and
numbering of Sections in the TORFP (e.g., “Section 2.2.1 Response . . .; “Section 2.2.2 Response . . .,”). All
pages of both TO Proposal volumes shall be consecutively numbered from beginning (Page 1) to end (Page
“x”).
5.4.1 The TO Technical Proposal shall include the following information in the order specified as
follows:
A. Proposed Services:
1) Executive Summary: A one-page summary describing the Offeror’s understanding of the
TORFP scope of work (Sections 2-3) and proposed solution, and the categories that the
Offeror is responding to.
2) Capability Statement: A detailed description of the Offeror’s capability of the services in
the categories that the Offeror is responding to, as listed in the TORFP scope of work.
3) Assumptions: A description of any assumptions formed by the Offeror in developing the
TO Technical Proposal.
4) Tools the Master Contractor owns and proposes for use to meet any requirements in
Sections 2-3.
5) The Offeror shall identify the location(s) from which it proposes to provide services,
including, if applicable, any current facilities that it operates, and any required
construction to satisfy the State’s requirements as outlined in this TORFP.
6) The Offeror shall provide a Backup solution/ strategy recommendation as part of the TO
Proposal.
7) Disaster Recovery and Security Model description - For hosted services, the Offeror shall
include its DR strategy, and for on premise, a description of a recommended DR strategy.
8) Non-Compete Clause Prohibition:
DoIT seeks to maximize the retention of personnel working under this Task Order whenever there is
a transition of the Task Order from one contractor to another to minimize disruption due to a change
in contractor and maximize the maintenance of institutional knowledge accumulated by such
personnel. To help achieve this objective of staff retention, each Offeror shall agree that if awarded
the Task Order, the Offeror’s employees and agents filling the positions set forth in the staffing
requirements working on the State contract shall be free to work for the contractor awarded the State
contract notwithstanding any non-compete clauses to which the employee(s) may be subject. The
Offeror agrees not to enforce any non-compete restrictions against the State with regard to these
employees and agents if a different vendor succeeds it in the performance of the Task Order. To
evidence compliance with this noncompete clause prohibition, each Offeror must include an
affirmative statement in the TO Technical Proposal that the Offeror, if awarded a Task Order, agrees
that its employees and agents shall not be restricted from working with or for any successor
contractor that is awarded the State business.
B. Master Contractor Information Sheet and Transmittal Letter
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 36
The Offeror Information Sheet (see Appendix 2) and a Transmittal Letter shall accompany the
TO Technical Proposal. The purpose of the Transmittal Letter is to transmit the TO Proposal
and acknowledge the receipt of any addenda to this TORFP issued before the TO Proposal due
date and time. Transmittal Letter should be brief, be signed by an individual who is authorized
to commit the Offeror to its TO Proposal and the requirements as stated in this TORFP, and
contain acknowledgement of all addenda to this TORFP issued before the TO Proposal due
date.
C. Minimum Qualifications Documentation (If applicable)
The Offeror shall submit any Minimum Qualifications documentation that may be required, as
set forth in TORFP Section 1.
D. Subcontractors
Identify all proposed Subcontractors, including MBEs, and their roles in the performance of the
scope of work hereunder.
E. Overall Offeror team organizational chart
Provide an overall team organizational chart with all team resources available to fulfill the Task
Order scope of work.
F. Master Contractor and Subcontractor Experience and Capabilities
1) Provide up to three examples of engagements or contracts the Master Contractor or
Subcontractor, if applicable, has completed that were similar to the requested scope of
work. Include contact information for each client organization complete with the
following:
a) Name of organization.
b) Point of contact name, title, e-mail and telephone number (point of contact shall
be accessible and knowledgeable regarding experience)
c) Services provided as they relate to the scope of work.
d) Start and end dates for each example engagement or contract.
e) Current Master Contractor team personnel who participated on the engagement.
f) If the Master Contractor is no longer providing the services, explain why not.
2) State of Maryland Experience: If applicable, the Master Contractor shall submit a list of
all contracts it currently holds or has held within the past five years with any entity of the
State of Maryland.
For each identified contract, the Master Contractor shall provide the following (if not
already provided in sub paragraph A above):
a) Contract or task order name
b) Name of organization.
c) Point of contact name, title, e-mail, and telephone number (point of contact shall
be accessible and knowledgeable regarding experience)
d) Start and end dates for each engagement or contract. If the Master Contractor is
no longer providing the services, explain why not.
e) Dollar value of the contract.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 37
f) Indicate if the contract was terminated before the original expiration date.
g) Indicate if any renewal options were not exercised.
NOTE: State of Maryland experience can be included as part of G.1 above as engagement or contract
experience. State of Maryland experience is neither required nor given more weight in proposal evaluations.
G. Expected State Assistance
Provide an estimate of expectation concerning participation by State personnel.
H. Confidentiality
A Master Contractor should give specific attention to the identification of those portions of its
proposal that it considers confidential, proprietary commercial information or trade secrets,
and provide justification why such materials, upon request, should not be disclosed by the
State under the Public Information Act, Title 4, of the General Provisions Article of the
Annotated Code of Maryland. Master Contractors are advised that, upon request for this
information from a third party, the TO Procurement Officer will be required to make an
independent determination regarding whether the information may be disclosed.
Offeror shall furnish a list that identifies each section of the TO Technical Proposal where, in
the Offeror’s opinion, the Offeror’s response should not be disclosed by the State under the
Public Information Act.
THE REMAINDER OF THIS PAGE IS INTENTIONALLY LEFT BLANK
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 38
6 Evaluation and Selection Process
Up to ten (10) Master Contractors will be selected from among all eligible Master Contractors within the
appropriate category responding to the CATS+ TORFP. In making the TO Agreement award determination,
all information submitted in accordance with Section 5 will be considered.
6.1 Evaluation Committee
Evaluation of TO Proposals will be performed in accordance with COMAR 21.05.03 by a committee
established for that purpose and based on the evaluation criteria set forth below. The Evaluation Committee
will review TO Proposals, participate in Offeror oral presentations and discussions, and provide input to the
TO Procurement Officer. DoIT reserves the right to utilize the services of individuals outside of the
established Evaluation Committee for advice and assistance, as deemed appropriate.
During the evaluation process, the TO Procurement Officer may determine at any time that a particular
Offeror is not susceptible for award.
6.2 TO Technical Proposal Evaluation Criteria
The criteria to be used to evaluate each TO Technical Proposal are listed below in descending order of
importance. Unless stated otherwise, any sub-criteria within each criterion have equal weight.
6.2.1 Offeror’s Technical Response to TORFP Requirements (See TORFP § 5.4)
The State prefers an Offeror’s response to work requirements in the TORFP that illustrates a comprehensive
understanding of work requirements and mastery of the subject matter, including an explanation of how the
work will be performed. TO Proposals, which include limited responses to work requirements such as
“concur or will comply”, will receive a lower ranking than those TO proposals that demonstrate an
understanding of the work requirements and include plans to meet or exceed them.
6.2.2 Offeror Qualifications and Capabilities, including proposed subcontractors (See TORFP §
5.4)
Past performance will be evaluated for relevancy (similar size and scope), recency (within
the past five (5) years), and performance feedback (reference checks).
6.2.3 Demonstration of how the Master Contractor plans to staff the task order at the levels set
forth in the TORFP and for potential future resource requests.
6.3 Selection Procedures
TO Technical Proposals shall be evaluated based on the criteria set forth above in Section 6.2. TO Proposals
will be assessed throughout the evaluation process for compliance with the minimum qualifications listed in
Section 1 of this TORFP, and quality of responses to Section 5.4 TO Technical Proposal. Failure to meet the
minimum qualifications shall render a TO Proposal not reasonably susceptible for award. The TO
Procurement Officer will notify those Offerors who have not been selected to perform the work.
A. TO Technical Proposals will be evaluated for technical merit and ranked. Oral presentations
and discussions may be held to assure full understanding of the State’s requirements and of the
qualified Offeror’s proposals and abilities to perform, and to facilitate arrival at a TO
Agreement that is most advantageous to the State.
B. When in the best interest of the State, the TO Procurement Officer may permit Qualified
Offerors to revise their initial Proposals and submit, in writing, Best and Final Offers (BAFOs).
The State may make an award without issuing a request for a BAFO.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 39
C. The Procurement Officer shall make a determination recommending award of the TO to the
responsible Offeror who has the TO Proposal determined to be the most advantageous to the
State, considering price and the evaluation criteria set forth above. All Master Contractors
submitting a TO Proposal shall receive written notice from the TO Procurement Officer
identifying the awardee.
6.4 Documents Required upon Notice of Recommendation for Task Order Award
Upon receipt of a Notification of Recommendation for Task Order award, the apparent awardee shall
complete and furnish the documents and attestations as directed in Table 1 of Section 7 – TORFP
Attachments and Appendices.
Commencement of work in response to a TO Agreement shall be initiated only upon the completed
documents and attestations, plus:
A. Issuance of a fully executed TO Agreement,
B. Purchase Order, and
C. By a Notice to Proceed authorized by the TO Procurement Officer.
THE REMAINDER OF THIS PAGE IS INTENTIONALLY LEFT BLANK
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 40
7 TORFP ATTACHMENTS AND APPENDICES
Instructions Page
A TO Proposal submitted by an Offeror must be accompanied by the completed forms and/or affidavits
identified as “With TO Proposal” in the “When to Submit” column in Table 1 below. All forms and
affidavits applicable to this TORFP, including any applicable instructions and/or terms, are identified in the
Table 1.
• For e-mail submissions, submit one (1) copy of each with signatures.
All Offerors are advised that if a Task Order is awarded as a result of this solicitation, the successful Offeror
will be required to complete certain forms and affidavits after notification of recommended award. The list
of forms and affidavits that must be provided is described in Table 1 below in the “When to Submit” column.
For documents required after award, submit one (1) copy of each document within the appropriate number of
days after notification of recommended award, as listed in Table 1 below in the “When to Submit” column.
Table 1: TORFP ATTACHMENTS AND APPENDICES
When to Submit
Label
Attachment Name
Before Proposal A Pre-Proposal Conference Response Form
N/A B Financial Proposal Instructions and Form
With Proposal C Bid/Proposal Affidavit (see link at
http://procurement.maryland.gov/wp-
content/uploads/sites/12/2018/04/AttachmentC-
Bid_Proposal-Affidavit.pdf)
With Proposal D MBE Forms D-1A (see link at
http://procurement.maryland.gov/wp-
content/uploads/sites/12/2018/05/AttachmentDMBE-
Forms-1.pdf)
IMPORTANT: If this RFP contains different
Categories, a separate Attachment D-1A is to be
submitted for each Category where there is a MBE goal.
10 Business Days after
recommended award
D MBE Forms D-1B, D-1C,D-2, D-3A, D-3B (see link at
http://procurement.maryland.gov/wp-
content/uploads/sites/12/2018/05/AttachmentDMBE-
Forms-1.pdf)
Important: Attachment D-1C, if a waiver has been
requested, is also required within 10 days of
recommended award.
As directed in forms D MBE Forms D-4A, D-4B, D-5 (see link at
http://procurement.maryland.gov/wp-
content/uploads/sites/12/2018/05/AttachmentDMBE-
Forms-1.pdf)
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 41
When to Submit
Label
Attachment Name
With Proposal F Maryland Living Wage Requirements for Service
Contracts and Affidavit of Agreement (see link at
http://procurement.maryland.gov/wp-
content/uploads/sites/12/2018/04/AttachmentF-
LivingWageAffidavit.pdf)
With Proposal H Conflict of Interest Affidavit and Disclosure (see link at
http://procurement.maryland.gov/wp-
content/uploads/sites/12/2018/05/AttachmentH-Conflict-
of-InterestAffidavit.pdf)
5 Business Days after
recommended award –
However, suggested
with Proposal
I Non-Disclosure Agreement (Contractor) (see link at
http://procurement.maryland.gov/wp-
content/uploads/sites/12/2018/04/Attachment-I-Non-
DisclosureAgreementContractor.pdf)
With Proposal L Location of the Performance of Services Disclosure (see
link at
http://procurement.maryland.gov/wp-
content/uploads/sites/12/2018/04/Attachment-L-
PerformanceofServicesDisclosure.pdf)
5 Business Days after
recommended award
M Sample Task Order (included in this TORFP)
5 Business Days after
recommended award
N DHS Hiring Agreement (see link at
http://procurement.maryland.gov/wp-
content/uploads/sites/12/2018/04/Attachment-O-
DHSHiringAgreement.pdf
When to Submit
Label
Appendix Name
n/a 1 Abbreviations and Definitions (included in this RFP)
With Proposal 2 Offeror Information Sheet (see link at
http://procurement.maryland.gov/wp-
content/uploads/sites/12/2018/04/Appendix2-
Bidder_OfferorInformationSheet.pdf)
With Proposal 4 Labor Classification Personnel Resume Form
5 Business Days after
recommended award
Evidence of meeting insurance requirements (see
Section 3.4); 1 copy
10 Business Days after
recommended award
PEP; 1 copy
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 42
Attachment A. TO Pre-Proposal Conference Response Form
Solicitation Number F50B0600063
Data Management and Analytic Services
A TO Pre-proposal conference will be held on July 24, 2020 at 10:00 AM Local Time.
Please return this form by July 20, 2020 at 2:00 PM Local Time, advising whether or not you plan to attend.
The completed form should be returned via e-mail to the TO Procurement Officer at the contact information
below:
Dominic Edet
dominic.edet2@maryland.gov
.
Please indicate:
Yes, the following representatives will attend.
Attendees (Check the TORFP for limits to the number of attendees allowed):
1.
2.
3.
No, we will not attend.
Please specify whether any reasonable accommodations are requested (see TORFP § 4.1“TO Pre-
proposal conference”):
Offeror:
Offeror Name (please print or type)
By:
Signature/Seal
Printed Name:
Printed Name
Title:
Title
Date:
Date
Instructions in Order to Attend the TO Pre-Proposal Conference
Due to Social Distancing Guideline, Pre-proposal will be held via a conference call using Maryland’s Google
Hangouts platform. If you plan to be in attendance, please submit this form including your email address
indicating your availability. An invite will be emailed to you for the Pre-proposal meeting.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 43
Attachment B. Financial Proposal
No financial information is requested at this time. All financial information will be requested and
evaluated at the Work Order level.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 45
Attachment D. Minority Business Enterprise (MBE) Forms
See link at http://procurement.maryland.gov/wp-content/uploads/sites/12/2018/05/AttachmentDMBE-
Forms-1.pdf.
This solicitation includes a Minority Business Enterprise (MBE) participation goal of 10% percent and all of
the following subgoals:
percent for African American-owned MBE firms;
percent for Hispanic American-owned MBE firms;
percent for Asian American-owned MBE firms;
percent for Women-owned MBE firms.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 46
Attachment E. Veteran-Owned Small Business Enterprise (VSBE) Forms
This solicitation does not include a Veteran-Owned Small Business Enterprise goal.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 47
Attachment F. Maryland Living Wage Affidavit of Agreement for Service
Contracts
See link at http://procurement.maryland.gov/wp-content/uploads/sites/12/2018/04/AttachmentF-
LivingWageAffidavit.pdf to complete the Affidavit.
A. This contract is subject to the Living Wage requirements under Md. Code Ann., State Finance and
Procurement Article, Title 18, and the regulations proposed by the Commissioner of Labor and
Industry (Commissioner). The Living Wage generally applies to a Contractor or subcontractor who
performs work on a State contract for services that is valued at $100,000 or more. An employee is
subject to the Living Wage if he/she is at least 18 years old or will turn 18 during the duration of the
contract; works at least 13 consecutive weeks on the State Contract and spends at least one-half of
the employee’s time during any work week on the State Contract.
B. The Living Wage Law does not apply to:
(1) A Contractor who:
(a) Has a State contract for services valued at less than $100,000, or
(b) Employs 10 or fewer employees and has a State contract for services valued at less
than $500,000.
(2) A subcontractor who:
(a) Performs work on a State contract for services valued at less than $100,000,
(b) Employs 10 or fewer employees and performs work on a State contract for services
valued at less than $500,000, or
(c) Performs work for a Contractor not covered by the Living Wage Law as defined in
B(1)(b) above, or B (3) or C below.
(3) Service contracts for the following:
(a) Services with a Public Service Company;
(b) Services with a nonprofit organization;
(c) Services with an officer or other entity that is in the Executive Branch of the State
government and is authorized by law to enter into a procurement (“Unit”); or
(d) Services between a Unit and a County or Baltimore City.
C. If the Unit responsible for the State contract for services determines that application of the Living
Wage would conflict with any applicable Federal program, the Living Wage does not apply to the
contract or program.
D. A Contractor must not split or subdivide a State contract for services, pay an employee through a
third party, or treat an employee as an independent Contractor or assign work to employees to avoid
the imposition of any of the requirements of Md. Code Ann., State Finance and Procurement Article,
Title 18.
E. Each Contractor/subcontractor, subject to the Living Wage Law, shall post in a prominent and easily
accessible place at the work site(s) of covered employees a notice of the Living Wage Rates,
employee rights under the law, and the name, address, and telephone number of the Commissioner.
F. The Commissioner shall adjust the wage rates by the annual average increase or decrease, if any, in
the Consumer Price Index for all urban consumers for the Washington/Baltimore metropolitan area,
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 48
or any successor index, for the previous calendar year, no later than 90 days after the start of each
fiscal year. The Commissioner shall publish any adjustments to the wage rates on the Division of
Labor and Industry’s website. An employer subject to the Living Wage Law must comply with the
rate requirements during the initial term of the contract and all subsequent renewal periods, including
any increases in the wage rate, required by the Commissioner, automatically upon the effective date
of the revised wage rate.
G. A Contractor/subcontractor who reduces the wages paid to an employee based on the employer’s
share of the health insurance premium, as provided in Md. Code Ann., State Finance and Procurement
Article, §18-103(c), shall not lower an employee’s wage rate below the minimum wage as set in Md.
Code Ann., Labor and Employment Article, §3-413. A Contractor/subcontractor who reduces the
wages paid to an employee based on the employer’s share of health insurance premium shall comply
with any record reporting requirements established by the Commissioner.
H. A Contractor/subcontractor may reduce the wage rates paid under Md. Code Ann., State Finance and
Procurement Article, §18-103(a), by no more than 50 cents of the hourly cost of the employer’s
contribution to an employee’s deferred compensation plan. A Contractor/subcontractor who reduces
the wages paid to an employee based on the employer’s contribution to an employee’s deferred
compensation plan shall not lower the employee’s wage rate below the minimum wage as set in Md.
Code Ann., Labor and Employment Article, §3-413.
I. Under Md. Code Ann., State Finance and Procurement Article, Title 18, if the Commissioner
determines that the Contractor/subcontractor violated a provision of this title or regulations of the
Commissioner, the Contractor/subcontractor shall pay restitution to each affected employee, and the
State may assess liquidated damages of $20 per day for each employee paid less than the Living
Wage.
J. Information pertaining to reporting obligations may be found by going to the Division of Labor and
Industry website http://www.dllr.state.md.us/labor/prev/livingwage.shmtl
and clicking on Living
Wage for State Service Contracts
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 49
Attachment G. Federal Funds Attachments
This solicitation does not include a Federal Funds Attachment.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 50
Attachment H. Conflict of Interest Affidavit and Disclosure
See link at http://procurement.maryland.gov/wp-content/uploads/sites/12/2018/04/AttachmentH-
ConflictofInterestAffidavit.pdf.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 51
Attachment I. Non-Disclosure Agreement (TO Contractor)
THIS NON-DISCLOSURE AGREEMENT (“Agreement”) is made by and between the State of
Maryland (the “State”), acting by and through the Department of Information Technology (“DoIT”), and
_____________________________________________ (the “TO Contractor”).
RECITALS
WHEREAS, the TO Contractor has been awarded a contract (the “TO Agreement”) following the
solicitation for Data Management and Analytic Services, Solicitation F50B0600063 and
WHEREAS, in order for the TO Contractor to perform the work required under the TO Agreement,
it will be necessary for the State at times to provide the TO Contractor and the TO Contractor’s employees,
agents, and subcontractors (collectively the “TO Contractor’s Personnel”) with access to certain information
the State deems confidential information (the “Confidential Information”).
NOW, THEREFORE, in consideration of being given access to the Confidential Information in
connection with the solicitation and the TO Agreement, and for other good and valuable consideration, the
receipt and sufficiency of which the parties acknowledge, the parties do hereby agree as follows:
1. Regardless of the form, format, or media on or in which the Confidential Information is provided and
regardless of whether any such Confidential Information is marked as such, “Confidential Information” means
(1) any and all information provided by or made available by the State to the TO Contractor in connection with
the TO Agreement and (2) any and all personally identifiable information (PII) (including but not limited to
personal information as defined in Md. Ann. Code, General Provisions §4-101(h)) and protected health
information (PHI) that is provided by a person or entity to the TO Contractor in connection with this TO
Agreement. Confidential Information includes, by way of example only, information that the TO Contractor
views, takes notes from, copies (if the State agrees in writing to permit copying), possesses or is otherwise
provided access to and use of by the State in relation to the TO Agreement.
2. The TO Contractor shall not, without the State’s prior written consent, copy, disclose, publish, release,
transfer, disseminate, use, or allow access for any purpose or in any form, any Confidential Information except
for the sole and exclusive purpose of performing under the TO Agreement. The TO Contractor shall limit
access to the Confidential Information to the TO Contractor’s Personnel who have a demonstrable need to
know such Confidential Information in order to perform under the TO Agreement and who have agreed in
writing to be bound by confidentiality restrictions no less stringent than those contained herein. The names of
the TO Contractor’s Personnel are attached hereto and made a part hereof as Attachment I-2. TO Contractor
shall update Attachment I-2 by adding additional names (whether TO Contractor’s Personnel or a
subcontractor’s personnel) as needed, from time to time.
3. If the TO Contractor intends to disseminate any portion of the Confidential Information to non-
employee agents who are assisting in the TO Contractor’s performance of the TO Agreement or will otherwise
have a role in performing any aspect of the TO Agreement, the TO Contractor shall first obtain the written
consent of the State to any such dissemination. The State may grant, deny, or condition any such consent, as
it may deem appropriate in its sole and absolute subjective discretion.
4. The TO Contractor hereby agrees to hold the Confidential Information in trust and in strictest
confidence, adopt or establish operating procedures and physical security measures, and take all other
measures necessary to protect the Confidential Information from inadvertent release or disclosure to
unauthorized third parties and to prevent all or any portion of the Confidential Information from falling into
the public domain or into the possession of persons not bound to maintain the confidentiality of the
Confidential Information.
5. The TO Contractor shall promptly advise the State in writing if it learns of any unauthorized use,
misappropriation, or disclosure of the Confidential Information by any of the TO Contractor’s Personnel or
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 52
the TO Contractor’s former Personnel. TO Contractor shall cooperate, at its own expense, with the State in
seeking injunctive or other equitable relief against any such person(s).
6. The TO Contractor shall, at its own expense, return to DoIT all Confidential Information in its care,
custody, control or possession upon request of DoIT or on termination of the TO Agreement.
7. A breach of this Agreement by the TO Contractor or the TO Contractor’s Personnel shall constitute a
breach of the TO Agreement between the TO Contractor and the State.
8. TO Contractor acknowledges that any failure by the TO Contractor or the TO Contractor’s Personnel
to abide by the terms and conditions of use of the Confidential Information may cause irreparable harm to the
State and that monetary damages may be inadequate to compensate the State for such breach. Accordingly,
the TO Contractor agrees that the State may obtain an injunction to prevent the disclosure, copying or improper
use of the Confidential Information. The TO Contractor consents to personal jurisdiction in the Maryland State
Courts. The State’s rights and remedies hereunder are cumulative and the State expressly reserves any and all
rights, remedies, claims and actions that it may have now or in the future to protect the Confidential
Information and seek damages from the TO Contractor and the TO Contractor’s Personnel for a failure to
comply with the requirements of this Agreement. In the event the State suffers any losses, damages, liabilities,
expenses, or costs (including, by way of example only, attorneys’ fees and disbursements) that are attributable,
in whole or in part to any failure by the TO Contractor or any of the TO Contractor’s Personnel to comply with
the requirements of this Agreement, the TO Contractor shall hold harmless and indemnify the State from and
against any such losses, damages, liabilities, expenses, and costs.
9. TO Contractor and each of the TO Contractor’s Personnel who receive or have access to any
Confidential Information shall execute a copy of an agreement substantially similar to this Agreement, in no
event less restrictive than as set forth in this Agreement, and the TO Contractor shall provide originals of such
executed Agreements to the State.
10. The parties further agree that:
a. This Agreement shall be governed by the laws of the State of Maryland;
b. The rights and obligations of the TO Contractor under this Agreement may not be assigned or
delegated, by operation of law or otherwise, without the prior written consent of the State;
c. The State makes no representations or warranties as to the accuracy or completeness of any
Confidential Information;
d. The invalidity or unenforceability of any provision of this Agreement shall not affect the validity or
enforceability of any other provision of this Agreement;
e. Signatures exchanged by facsimile are effective for all purposes hereunder to the same extent as
original signatures;
f. The Recitals are not merely prefatory but are an integral part hereof; and
g. The effective date of this Agreement shall be the same as the effective date of the TO Agreement
entered into by the parties.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 53
IN WITNESS WHEREOF, the parties have executed, by their duly authorized representatives, this
Agreement as of the day and year first above written.
TO Contractor: DoIT
By:
(seal)
By:
Printed Name: Printed Name:
Title: Title:
Date: Date:
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 54
I-2 NON-DISCLOSURE AGREEMENT
LIST OF CONTRACTOR’S EMPLOYEES AND AGENTS WHO WILL BE GIVEN
ACCESS TO THE CONFIDENTIAL INFORMATION
Printed Name and
Address of
Individual/Agent
Employee (E)
or Agent (A)
Signature Date
_______________________ __________ ____________________________ _________
_______________________ __________ ____________________________ _________
_______________________ __________ ____________________________ _________
_______________________ __________ ____________________________ _________
_______________________ __________ ____________________________ _________
_______________________ __________ ____________________________ _________
_______________________ __________ ____________________________ _________
_______________________ __________ ____________________________ _________
_______________________ __________ ____________________________ _________
_______________________ __________ ____________________________ _________
_______________________ __________ ____________________________ _________
_______________________ __________ ____________________________ _________
_______________________ __________ ____________________________ _________
_______________________ __________ ____________________________ _________
_______________________ __________ ____________________________ _________
_______________________ __________ ____________________________ _________
_______________________ __________ ____________________________ _________
_______________________ __________ ____________________________ _________
_______________________ __________ ____________________________ _________
_______________________ __________ ____________________________ _________
_______________________ __________ ____________________________ _________
_______________________ __________ ____________________________ _________
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 55
I-3 NON-DISCLOSURE AGREEMENT
CERTIFICATION TO ACCOMPANY RETURN OR DELETION OF CONFIDENTIAL
INFORMATION
I AFFIRM THAT:
To the best of my knowledge, information, and belief, and upon due inquiry, I hereby certify that: (i) all
Confidential Information which is the subject matter of that certain Non-Disclosure Agreement by and
between the State of Maryland and __________________ (“TO Contractor”) dated __________________,
20_____ (“Agreement”) is attached hereto and is hereby returned to the State in accordance with the terms
and conditions of the Agreement; and (ii) I am legally authorized to bind the TO Contractor to this
affirmation. Any and all Confidential Information that was stored electronically by me has been permanently
deleted from all of my systems or electronic storage devices where such Confidential Information may have
been stored.
I DO SOLEMNLY DECLARE AND AFFIRM UNDER THE PENALTIES OF PERJURY THAT
THE CONTENTS OF THIS AFFIDAVIT ARE TRUE AND CORRECT TO THE BEST OF MY
KNOWLEDGE, INFORMATION, AND BELIEF, HAVING MADE DUE INQUIRY.
DATE: ______________________________
NAME OF TO CONTRACTOR: __________________________
BY: _____________________________________________________________
(Signature)
TITLE:
____________________________________________________
(Authorized Representative and Affiant)
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 56
I-3 ALTERNATE NON-DISCLOSURE AGREEMENT (FOR SAAS)
THIS NON-DISCLOSURE AGREEMENT (“Agreement”) is made by and between the State of Maryland
(the “State”), acting by and through the Department of Information Technology (“DoIT”), and
_____________________________________________ (the “TO Contractor”).
RECITALS
WHEREAS, the TO Contractor has been awarded a contract (the “TO Agreement”) following the
solicitation for Data Management and Analytic Services, Solicitation # F50B0600063; and
WHEREAS, in order for the TO Contractor to perform the work required under the TO Agreement, it will
be necessary for the State at times to provide the TO Contractor and the TO Contractor’s employees, agents,
and subcontractors (collectively the “TO Contractor’s Personnel”) with access to certain information the
State deems confidential information (the “Confidential Information”).
NOW, THEREFORE, in consideration of being given access to the Confidential Information, and for other
good and valuable consideration, the receipt and sufficiency of which the parties acknowledge the parties do
hereby agree as follows:
1. Regardless of the form, format, or media on or in which the Confidential Information is provided and
regardless of whether any such Confidential Information is marked as such, Confidential Information
means (1) any and all information provided by or made available by the State to the TO Contractor in
connection with the TO Agreement and (2) any and all personally identifiable information (PII)
(including but not limited to personal information as defined in Md. Ann. Code, State Govt. § 10-
1301(c)) and protected health information (PHI) as defined in 45 CFR 160.103 that is provided by a
person or entity to the TO Contractor in connection with this TO Agreement. Confidential Information
includes, by way of example only, information that the TO Contractor views, takes notes from, copies
(if the State agrees in writing to permit copying), possesses or is otherwise provided access to and use
of by the State in relation to the TO Agreement.
2. TO Contractor shall not, without the State’s prior written consent, copy, disclose, publish, release,
transfer, disseminate, use, or allow access for any purpose or in any form, any Confidential Information
except for the sole and exclusive purpose of performing under the TO Agreement. TO Contractor shall
limit access to the Confidential Information to the TO Contractor’s Personnel who: (a) have a
demonstrable need to know such Confidential Information in order to perform under the TO
Agreement, (b) to whom it has advised of the terms of this Agreement, and (c) who have agreed in
writing to be bound by the terms of this Agreement. TO Contractor shall cause the TO Contractor’s
Personnel to whom Confidential Information is disclosed to comply with the terms of this Agreement,
and it shall be responsible for such compliance and fully liable for any failure to comply.
3. If the TO Contractor intends to disseminate any portion of the Confidential Information to non-
employee agents who are assisting in the TO Contractor’s performance of the TO Agreement or who
will otherwise have a role in performing any aspect of the TO Agreement, the TO Contractor shall first
obtain the written consent of the State to any such dissemination. The State may grant, deny, or
condition any such consent, as it may deem appropriate in its sole and absolute subjective discretion.
4. TO Contractor hereby agrees to hold the Confidential Information in trust and in strictest confidence,
to adopt or establish operating procedures and physical security measures, and to take all other
measures necessary to protect the Confidential Information from inadvertent release or disclosure to
unauthorized third parties and to prevent all or any portion of the Confidential Information from falling
into the public domain or into the possession of persons not bound to maintain the confidentiality of
the Confidential Information.
5. TO Contractor shall promptly advise the State in writing if it learns of any unauthorized use,
misappropriation, or disclosure of the Confidential Information by any of the TO Contractor’s
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 57
Personnel or the TO Contractor’s former Personnel. TO Contractor shall cooperate, at its own expense,
with the State in seeking injunctive or other equitable relief against any such person(s).
6. TO Contractor shall, at its own expense, return to DoIT all Confidential Information in its care,
custody, control or possession upon request of DoIT or on termination of the TO Agreement.
7. A breach of this Agreement by the TO Contractor or by the TO Contractor’s Personnel shall constitute
a breach of the TO Agreement between the TO Contractor and the State.
8. TO Contractor acknowledges that any failure by the TO Contractor or the TO Contractor’s Personnel
to abide by the terms and conditions of use of the Confidential Information may cause irreparable harm
to the State and that monetary damages may be inadequate to compensate the State for such breach.
Accordingly, the TO Contractor agrees that the State may obtain an injunction to prevent the
disclosure, copying or improper use of the Confidential Information. The TO Contractor consents to
personal jurisdiction in the Maryland State Courts. The State’s rights and remedies hereunder are
cumulative and the State expressly reserves any and all rights, remedies, claims and actions that it may
have now or in the future to protect the Confidential Information and to seek damages from the TO
Contractor and the TO Contractor’s Personnel for a failure to comply with the requirements of this
Agreement. In the event the State suffers any losses, damages, liabilities, expenses, or costs (including,
by way of example only, attorneys’ fees and disbursements) that are attributable, in whole or in part to
any failure by the TO Contractor or any of the TO Contractor’s Personnel to comply with the
requirements of this Agreement, the TO Contractor shall hold harmless and indemnify the State from
and against any such losses, damages, liabilities, expenses, and costs.
9. TO Contractor and each of the TO Contractor’s Personnel who receive or have access to any
Confidential Information shall execute a copy of an agreement substantially similar to this Agreement,
in no event less restrictive than as set forth in this Agreement, and the TO Contractor shall provide
originals of such executed Agreements to the State.
10. The parties further agree that:
a. This Agreement shall be governed by the laws of the State of Maryland;
b. The rights and obligations of the TO Contractor under this Agreement may not be assigned or
delegated, by operation of law or otherwise, without the prior written consent of the State;
c. The State makes no representations or warranties as to the accuracy or completeness of any
Confidential Information;
d. The invalidity or unenforceability of any provision of this Agreement shall not affect the validity or
enforceability of any other provision of this Agreement;
e. Signatures exchanged by facsimile are effective for all purposes hereunder to the same extent as
original signatures;
f. The Recitals are not merely prefatory but are an integral part hereof; and
g. The effective date of this Agreement shall be the same as the effective date of the TO Agreement
entered into by the parties.
IN WITNESS WHEREOF, the parties have executed, by their duly authorized representatives, this
Agreement as of the day and year first above written.
TO Contractor: _____________________________ DoIT
By: ____________________________(SEAL) By: __________________________________
Printed Name: _________________________ Printed Name: _________________________
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 58
Title: _________________________________ Title: _________________________________
Date: _________________________________ Date: _________________________________
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 59
Attachment J. HIPAA Business Associate Agreement
This solicitation does not require a HIPAA Business Associate Agreement.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 60
Attachment K. Mercury Affidavit
This solicitation does not include the procurement of products known to include mercury as a
component.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 61
Attachment L. Location of the Performance of Services Disclosure
See link at http://procurement.maryland.gov/wp-content/uploads/sites/12/2018/04/Attachment-L-
PerformanceofServicesDisclosure.pdf.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 62
Attachment M. Task Order
CATS+ TORFP# F50B0600063 OF
MASTER CONTRACT #060B2490023
This Task Order Agreement (“TO Agreement”) is made this day of Month, 20XX by and between
________________________________ whose principal business address is
___________________________________________ (TO Contractor) and the STATE OF MARYLAND,
DEPARTMENT OF INFORMATION TECHNOLOGY ([“DoIT”).
IN CONSIDERATION of the mutual promises, the covenants herein contained, and other good and valuable
consideration, the receipt and sufficiency of which are hereby acknowledged, the parties agree as follows:
1. Definitions. In this TO Agreement, the following words have the meanings indicated:
a. “CATS+ TORFP” means the Task Order Request for Proposals # [solicitationNumber], dated
MONTH DAY, YEAR, including any addenda and amendments.
b. “Master Contract” means the CATS+ Master Contract between the Maryland Department of
Information Technology and TO Contractor.
c. “TO Procurement Officer” means the individual identified in the CATS+ TORFP. The Department
may change the TO Procurement Officer at any time by written notice.
d. .
e. “TO Manager” means the individual identified in the CATS+ TORFP. DoIT may change the TO
Manager at any time by written notice to the TO Contractor.
f. “TO Technical Proposal” means the TO Contractor’s technical response to the CATS+ TORFP
dated date of TO Technical Proposal.
g. “TO Financial Proposal” means the TO Contractor’s financial response to the CATS+ TORFP
dated date of TO Financial Proposal.
h. “TO Proposal” collectively refers to the TO Technical Proposal and TO Financial Proposal.
2. Scope of Work
2.1 This TO Agreement incorporates all of the terms and conditions of the Master Contract and shall not
in any way amend, conflict with or supersede the Master Contract.
2.2 The TO Contractor shall, in full satisfaction of the specific requirements of this TO Agreement, provide
the services set forth in Section 3 of the CATS+ TORFP. These services shall be provided in
accordance with the Master Contract, this TO Agreement, and the following Exhibits, which are
attached and incorporated herein by reference. If there is any conflict among the Master Contract, this
TO Agreement, and these Exhibits, the terms of the Master Contract shall govern. If there is any
conflict between this TO Agreement and any of these Exhibits, the following order of precedence shall
determine the prevailing provision:
The TO Agreement,
Exhibit A – CATS+ TORFP
Exhibit B – TO Technical Proposal
2.3 The TO Procurement Officer may, at any time, by written order, make changes in the work within the
general scope of the TO Agreement. No other order, statement or conduct of the TO Procurement
Officer or any other person shall be treated as a change or entitle the TO Contractor to an equitable
adjustment under this Section. Except as otherwise provided in this TO Agreement, if any change
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 63
under this Section causes an increase or decrease in the TO Contractor’s cost of, or the time required
for, the performance of any part of the work, whether or not changed by the order, an equitable
adjustment in the TO Agreement price shall be made and the TO Agreement modified in writing
accordingly. The TO Contractor must assert in writing its right to an adjustment under this Section
within thirty (30) days of receipt of written change order and shall include a written statement setting
forth the nature and cost of such claim. No claim by the TO Contractor shall be allowed if asserted
after final payment under this TO Agreement. Failure to agree to an adjustment under this Section shall
be a dispute under the Disputes clause of the Master Contract. Nothing in this Section shall excuse the
TO Contractor from proceeding with the TO Agreement as changed.
3. Time for Performance
Unless terminated earlier as provided in the Master Contract, the term of this TO Agreement shall commence
as of the “Effective Date” and expire on the third (3d) anniversary thereof. At the sole option of the State,
this TO Agreement may be extended for two additional periods of one year each .
4. Consideration and Payment
4.1 The consideration to be paid the TO Contractor shall be done so in accordance with the CATS+
TORFP and shall not exceed $___________. Any work performed by the TO Contractor in excess of the
not-to-exceed ceiling amount of the TO Agreement without the prior written approval of the TO Manager is
at the TO Contractor’s risk of non-payment.
4.2 Payments to the TO Contractor shall be made as outlined Section 3 of the CATS+ TORFP, but no
later than thirty (30) days after the TO Manager’s receipt of a proper invoice for services provided by the TO
Contractor, acceptance by the TO Manager of services provided by the TO Contractor, and pursuant to the
conditions outlined in Section 4 of this Agreement.
4.3 Each invoice for services rendered must include the TO Contractor’s Federal Tax Identification
Number which is _____________. Charges for late payment of invoices other than as prescribed by Title 15,
Subtitle 1, of the State Finance and Procurement Article, Annotated Code of Maryland, as from time-to-time
amended, are prohibited. Invoices must be submitted to the TO Manager unless otherwise specified herein.
4.4 In addition to any other available remedies, if, in the opinion of the TO Procurement Officer, the TO
Contractor fails to perform in a satisfactory and timely manner, the TO Procurement Officer may refuse or
limit approval of any invoice for payment, and may cause payments to the TO Contractor to be reduced or
withheld until such time as the TO Contractor meets performance standards as established by the TO
Procurement Officer.
4.5 Liquidated Damages for MBE
1 The Master Contract requires the Master Contractor to comply in good faith with the MBE Program
and Master Contract provisions. The State and the Master Contractor acknowledge and agree that the
State will incur damages, including but not limited to loss of goodwill, detrimental impact on economic
development, and diversion of internal staff resources, if the Master Contractor does not comply in
good faith with the requirements of the MBE Program and MBE Contract provisions. The parties
further acknowledge and agree that the damages the State might reasonably be anticipated to accrue as
a result of such lack of compliance are difficult to ascertain with precision.
2 Therefore, upon issuance of a written determination by the State that the Master Contractor failed to
comply in good faith with one or more of the specified MBE Program requirements or MBE Contract
provisions, the Master Contractor shall pay liquidated damages to the State at the rates set forth below.
The Master Contractor expressly agrees that the State may withhold payment on any invoices as a set-
off against liquidated damages owed. The Master Contractor further agrees that for each specified
violation, the agreed upon liquidated damages are reasonably proximate to the loss the State is
anticipated to incur as a result of such violation.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 64
(a) Failure to submit each monthly payment report in full compliance with COMAR
21.11.03.13B (3): $XXX per day until the monthly report is submitted as required.
(b) Failure to include in its agreements with MBE subcontractors a provision requiring
submission of payment reports in full compliance with COMAR 21.11.03.13B (4): $XXX per MBE
subcontractor.
(c) Failure to comply with COMAR 21.11.03.12 in terminating, canceling, or changing the
scope of work/value of a contract with an MBE subcontractor and amendment of the MBE participation
schedule: the difference between the dollar value of the MBE participation commitment on the MBE
participation schedule for that specific MBE firm and the dollar value of the work performed by that
MBE firm for the Contract.
(d) Failure to meet the Master Contractor’s total MBE participation goal and sub goal
commitments: the difference between the dollar value of the total MBE participation commitment on
the MBE participation schedule and the MBE participation actually achieved.
(e) Failure to promptly pay all undisputed amounts to an MBE subcontractor in full compliance
with the prompt payment provisions of the Contract: $100.00 per day until the undisputed amount due
to the MBE subcontractor is paid.
2 Notwithstanding the assessment or availability of liquidated damages, the State reserves the right to
terminate the Task Order and exercise any and all other rights or remedies, which may be available
under the Task Order or Law.
SIGNATURES ON NEXT PAGE
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 65
IN WITNESS THEREOF, the parties have executed this TO Agreement as of the date hereinabove set forth.
TO Contractor Name
__________________________________ _________________________
By: Type or Print TO Contractor POC Date
Witness: _______________________
STATE OF MARYLAND, [ISSUINGAGENCYACRONYM]
________________________________ ____________________________
By: [procurementOfficerName], TO Procurement Officer Date
Witness: _______________________
Approved for form and legal sufficiency this ______ day of _________________ 20___.
_________________________
Assistant Attorney General
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 67
Appendix 1. Abbreviations and Definitions
For purposes of this TORFP, the following abbreviations or terms have the meanings indicated below:
Application Program Interface (API) - Code that allows two software programs to communicate with each
other
A. Acceptable Use Policy (AUP) - A written policy documenting constraints and practices that a
user must agree to in order to access a private network or the Internet
B. Access - The ability or the means necessary to read, write, modify, or communicate
data/information or otherwise use any information system resource
C. Business Day(s) – The official working days of the week to include Monday through Friday.
Official working days excluding State Holidays (see definition of “Normal State Business Hours”
below).
D. COMAR – Code of Maryland Regulations available on-line at
http://www.dsd.state.md.us/COMAR/ComarHome.html
.
E. Data Breach – The unauthorized acquisition, use, modification or disclosure of State data, or
other Sensitive Data
F. Department of Information Technology (DoIT) – the issuing agency.
G. Effective Date - The date of mutual TO Agreement execution by the parties
H. Enterprise License Agreement (ELA) – An agreement to license the entire population of an entity
(employees, on-site contractors, off-site contractors) accessing a software or service for a
specified period of time for a specified value.
I. Information System – A discrete set of information resources organized for the collection,
processing, maintenance, use, sharing, dissemination, or disposition of information.
J. Information Technology (IT) – All electronic information-processing hardware and software,
including: (a) maintenance; (b) telecommunications; and (c) associated consulting services
K. Key Personnel – All TO Contractor Personnel identified in the solicitation as such that are
essential to the work being performed under the Task Order.
L. Local Time – Time in the Eastern Time Zone as observed by the State of Maryland. Unless
otherwise specified, all stated times shall be Local Time, even if not expressly designated as
such.
M. Minority Business Enterprise (MBE) – Any legal entity certified as defined at COMAR
21.01.02.01B (54) which is certified by the Maryland Department of Transportation under
COMAR 21.11.03.
N. Normal State Business Hours - Normal State business hours are 8:00 a.m. – 5:00 p.m. Monday
through Friday except State Holidays, which can be found at: www.dbm.maryland.gov –
keyword: State Holidays.
O. Notice to Proceed (NTP) – A written notice from the TO Procurement Officer that work under
the Task Order, project or Work Order (as applicable) is to begin as of a specified date. The NTP
Date is the start date of work under the Task Order, project or Work Order. Additional NTPs may
be issued by either the TO Procurement Officer or the TO Manager regarding the start date for
any service included within this solicitation with a delayed or non-specified implementation date.
P. NTP Date – The date specified in a NTP for work on Task Order, project or Work Order to begin.
Q. Offeror – A Master Contractor that submits a Proposal in response to this TORFP.
R. Personally Identifiable Information (PII) – Any information about an individual maintained by
the State, including (1) any information that can be used to distinguish or trace an individual
identity, such as name, social security number, date and place of birth, mother’s maiden name, or
biometric records; and (2) any other information that is linked or linkable to an individual, such
as medical, educational, financial, and employment information.
S. Protected Health Information (PHI) – Information that relates to the past, present, or future
physical or mental health or condition of an individual; the provision of health care to an
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 68
individual; or the past, present, or future payment for the provision of health care to an
individual; and (i) that identifies the individual; or (ii) with respect to which there is a reasonable
basis to believe the information can be used to identify the individual.
T. Security Incident – A violation or imminent threat of violation of computer security policies,
Security Measures, acceptable use policies, or standard security practices. “Imminent threat of
violation” is a situation in which the organization has a factual basis for believing that a specific
incident is about to occur.
U. Security or Security Measures – The technology, policy and procedures that a) protects and b)
controls access to networks, systems, and data
V. Sensitive Data - Means PII; PHI; other proprietary or confidential data as defined by the State,
including but not limited to “personal information” under Md. Code Ann., Commercial Law §
14-3501(d) and Md. Code Ann., St. Govt. § 10-1301(c) and information not subject to
disclosure under the Public Information Act, Title 4 of the General Provisions Article; and
.information about an individual that (1) can be used to distinguish or trace an individual‘s
identity, such as name, social security number, date and place of birth, mother’s maiden name, or
biometric records; (2) is linked or linkable to an individual, such as medical, educational,
financial, and employment information.
W. Service Level Agreement (SLA) - Commitment by the TO Contractor to the Department that
defines the performance standards the TO Contractor is obligated to meet.
X. SLA Activation Date- The date on which SLA charges commence under this Task Order, which
may include, but to, the date of (a) completion of Transition in, (b) a delivery, or (c) releases of
work
Y. Software - The object code version of computer programs licensed pursuant to this TO
Agreement. Embedded code, firmware, internal code, microcode, and any other term referring to
software that is necessary for proper operation is included in this definition of Software. Software
includes all prior, current, and future versions of the Software and all maintenance updates and
error corrections. Software also includes any upgrades, updates, bug fixes, modified versions, or
backup copies of the Software licensed to the State by TO Contractor or an authorized distributor.
Z. Software as a Service (SaaS) - A software licensing and delivery model in which software is
licensed on a subscription basis and is centrally hosted. For the purposes of this TORFP, the
terms SaaS and PaaS are considered synonymous and the term SaaS will be used throughout this
document
AA. Solution - All Software, deliverables, services and activities necessary to fully provide and
support the TORFP scope of work. This definition of Solution includes all System
Documentation developed as a result of this TO Agreement. Also included are all Upgrades,
patches, break/fix activities, enhancements and general maintenance and support of the Solution
and its infrastructure.
BB. State – The State of Maryland.
CC. Source Code – Executable instructions for Software in its high level, human readable form which
are in turn interpreted, parsed and/or compiled to be executed as part of a computing system.
DD. System Availability – The period of time the Solution works as required excluding non-
operational periods associated with planned maintenance.
EE. System Documentation – Those materials necessary to wholly reproduce and fully operate the
most current deployed version of the Solution in a manner equivalent to the original Solution
including, but not limited to:
1) Source Code: this includes source code created by the TO Contractor or subcontractor(s)
and source code that is leveraged or extended by the TO Contractor for use in the Task
Order.
2) All associated rules, reports, forms, templates, scripts, data dictionaries and database
functionality.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 69
3) All associated configuration file details needed to duplicate the run time environment as
deployed in the current deployed version of the system.
4) All associated design details, flow charts, algorithms, processes, formulas, pseudo-code,
procedures, instructions, help files, programmer’s notes and other documentation.
5) A complete list of Third Party, open source, or commercial software components and
detailed configuration notes for each component necessary to reproduce the system (e.g.,
operating system, relational database, and rules engine software).
6) All associated user instructions and/or training materials for business users and technical
staff, including maintenance manuals, administrative guides and user how-to guides.
7) Operating procedures
FF. Task Order (TO) – The scope of work described in this TORFP.
GG. TO Agreement - The contract awarded to the successful Offeror pursuant to this Task Order
Request for Proposals, the form of which is attached to this TORFP as Attachment M.
HH. TO Contractor Personnel - Employees and agents and subcontractor employees and agents
performing work at the direction of the TO Contractor under the terms of the Task Order awarded
from this TORFP.
II. TO Proposal – As appropriate, either or both of an Offeror’s TO Technical or TO Financial
Proposal.
JJ. Technical Safeguards – The technology and the policy and procedures for its use that protect
State Data and control access to it.
KK. Third Party Software – Software and supporting documentation that:
8) are owned by a third party, not by the State, the TO Contractor, or a subcontractor,
9) are included in, or necessary or helpful to the operation, maintenance, support or
modification of the Solution; and
10) were specifically identified and listed as Third Party Software in the Proposal.
LL. Upgrade - A new release of any component of the Solution containing major new features,
functionality and/or performance improvements.
MM. Veteran-owned Small Business Enterprise (VSBE) – A business that is verified by the
Center for Verification and Evaluation (CVE) of the United States Department of Veterans
Affairs as a veteran-owned small business. See Code of Maryland Regulations (COMAR)
21.11.13.
NN. Work Order– A subset of work authorized by the TO Manager performed under the general scope
of this TORFP, which is defined in advance of TO Contractor fulfillment, and which may not
require a TO Agreement modification. Except as otherwise provided, any reference to the Task
Order shall be deemed to include reference to a Work Order.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 70
Appendix 2. Offeror Information Sheet
Offeror
Company Name
Street Address
City, State, Zip Code
TO Contractor Federal Employer Identification
Number (FEIN)
TO Contractor eMMA ID number
As of the date of Proposal submission, are you registered
to do business with the state of Maryland?
SBE / MBE/ VSBE Certification
SBE
Number:
Expiration Date:
VSBE
Number:
Expiration Date:
MBE
Number:
Expiration Date:
Categories to be applied to this solicitation (dual
certified firms must choose only one category).
Offeror Primary Contact
Name
Title
Office Telephone number (with area code)
Cell Telephone number (with area code)
e-mail address
Authorized Offer Signatory
Name
Title
Office Telephone number (with area code)
Cell Telephone number (with area code)
e-mail address
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 71
Appendix 3. Criminal Background Check Affidavit
AUTHORIZED REPRESENTATIVE
I HEREBY AFFIRM THAT:
I am the _________(Title)________________ and the duly authorized representative of ___(Master
Contractor)_______ and that I possess the legal authority to make this Affidavit on behalf of myself and the
business for which I am acting.
I hereby affirm that ____(Master Contractor)________ has complied with Section 2.4, Security
Requirements of the Department of Information Technology’s Consulting Technical Services Master
Contract Number 060B2490023 (CATS+) hereto as Exhibit A.
I hereby affirm that the ____(Master Contractor)________ has provided Maryland Transportation Authority
with a summary of the security clearance results for all of the candidates that will be working on Task Order
MICROSOFT DYNAMICS SL SOFTWARE TECHNICAL AND USER SUPPORT [solicitationNumber]
and all of these candidates have successfully passed all of the background checks required under Section
2.4.3.2 of the CATS + Master Contract. Master Contractors hereby agrees to provide security clearance
results for any additional candidates at least seven (7) days prior to the date the candidate commences work
on this Task Order.
I DO SOLEMNLY DECLARE AND AFFIRM UNDER THE PENALTIES OF PERJURY THAT THE
CONTENTS OF THIS AFFIDAVIT ARE TRUE AND CORRECT TO THE BEST OF MY
KNOWLEDGE, INFORMATION, AND BELIEF.
___________________________________________
Master Contractor
___________________________________________
Typed Name
___________________________________________
Signature
___________________________________________
Date
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 72
Appendix 4 Labor Classification Personnel Resume Summary
INSTRUCTIONS:
1. For each Key Personnel proposed, complete one Labor Category Personnel Resume Summary.
Additional information may be attached to each Labor Category Personnel Resume Summary that
may assist a full and complete understanding of the individual being proposed.
2. For this TORFP,
A. Master Contractors shall comply with all personnel requirements defined under the Master
Contract RFP 060B2490023.
B. Master Contractors shall propose the CATS+ Labor Category that best fits each proposed
resource. A Master Contractor may only propose against labor categories in the Master
Contractor’s CATS+ Master Contract Financial Proposal.
C. A Master Contractor’s entire TO Technical Proposal will be deemed not susceptible for award if
any of the following occurs:
1) Failure to follow these instructions.
2) Failure to propose a resource for each job title or labor category identified in the TORFP as
a required submission.
3) Failure of any proposed resource to meet minimum requirements as listed in this TORFP
and in the CATS+ Master Contract.
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 73
Appendix 4A LABOR CLASSIFICATION PERSONNEL RESUME SUMMARY
CATS+ TORFP # XXXXXXX
Proposed Individual:
Master Contractor:
CATS+ Labor Category:
Education:
Insert the education
description from the CATS+
RFP from Section 2.10 for
the applicable labor
category
Institution/Address
Degree or
Certification
Dates
Generalized Experience:
Insert the generalized
experience description from
the CATS+ RFP from
Section 2.10 for the
applicable labor category.
Start
End
Company/Job
Title
Relevant Work Experience
Specialized Experience:
Insert the specialized
experience description from
the CATS+ RFP from
Section 2.10 for the
applicable labor category,
TORFP Additional
Requirements
Minimum qualifications and
required certifications as
defined in Section 1 of this
TORFP.
Provide dates in the format
of MM/YY to MM/YY
Data Management and Analytic Services
Solicitation #: F50B0600063
CATS+ TORFP
TORFP for the Department of Information Technology 74
The information provided on this form for this labor category is true and correct to the best of my
knowledge:
TO Contractor Representative:
Proposed Individual:
Signature
Signature
Printed Name:
Printed Name
Date Date
