← Back

Municipal Multifactor Authentication (MFA).pdf

Parsed source · 50,838 chars

0 WASHINGTON TOWNSHIP 2026 Multifactor Authentication (MFA) Bid Number: RFP-2026-02 REQUEST FOR PROPOSALS ISSUED BY: Audrey Brown Email: browna@washingtontwpmi.org Submit Bids to: Charter Township of Washington Audrey Brown, Clerk 57900 Van Dyke Rd., Washington Twp., MI 48094 (586) 786-0010 Proposal Due: July 29, 2026 1 NOTICE OFFER TO RECEIVE BID FOR THE CHARTER TOWNSHIP OF WASHINGTON 2026 Multifactor Authentication (MFA) BID NO. RFP-2026-02 OVERVIEW The Charter Township of Washington Clerk’s Office is soliciting a Request for Proposal (RFP) from qualified Managed IT Services Providers (MSPs) for Multifactor Authentication (MFA). The townships objectives for the future include not only standard technology support services, but also to improve and update the network and IT infrastructure. It is the Township’s requirement to work with a single organization to provide IT services. 1. SUBMISSION AND RECEIPT OF BIDS Sealed bids will be received by the Charter Township of Washington at the office of the Township Clerk, 57900 Van Dyke Rd., Washington Twp., Michigan, 48094 until 10:00 a.m. local time July 29, 2026. The bids will be publicly opened and read aloud immediately following the 10:00 a.m. deadline. Bids to receive consideration shall be received prior to the specified deadline time. NO LATE BIDS WILL BE ACCEPTED. Bids are considered received when in the possession of the Washington Township Clerk’s Office. All bids must be labeled RFP-2026-02 Multifactor Authentication (MFA). Bids must be sealed when submitted. Bids must be typewritten or printed in ink and legibly prepared. Bids having erasures or corrections thereon may be rejected unless explained or initialed by bidder. Bids must be received at the Township Clerk’s Office by the stated deadline. 2. ADDITIONAL BID INFORMATION Unless otherwise specified, the Township reserves the right to accept any item in the bids. Bidders may submit on any item or group of items, provided however, that the unit prices are shown as required. It is the vendor’s responsibility to acquire knowledge of any change, modifications or additions to the bid documents. Any vendor who submits a bid and later claims it had no knowledge of any change, modifications or additions made by the Charter Township of Washington to the bid specifications, shall be bound by the bid, including any changes, modifications or additions made by the Charter Township of Washington to the bid specifications, and that vendor fails to accept the bid award, the Charter Township of Washington may pursue costs and expenses to re-bid the item from that vendor. 2 The Charter Township of Washington officially distributes bid documents through the BidNet website. Only those vendors who obtain bid documents through the BidNet website are guaranteed access to receive addendum information. 3. ALTERNATE BIDS Bidders are cautioned that any alternate bid, unless requested by the Township, or any changes, insertions, or omissions to the terms and conditions, specifications, or any other requirements of this bid, may be considered non-responsive and in the opinion of the Township, may result in rejection of the bid. 4. QUANTITIES All quantities stated, unless indicated otherwise, are estimates and the Township reserves the right to increase or decrease the quantity at the unit price bid as best fits it need. 5. TAXES, TERMS AND CONDITIONS The Charter Township of Washington is exempt from Federal Excise, State Sales Tax and Personal Property Tax. 6. AWARD The bid will be awarded to the responsible, responsive bidder whose bid, conforming to this solicitation, will be most advantageous to the Township, with price and other factors considered. The Charter Township of Washington reserves the right to accept any bid, to reject any or all bids, or waive irregularities in any bid in the best interest of the Township. Township reserves the right to perform a site visit at the bidder’s place of business. Bidders may submit bids on any item or groups of items provided unit prices are clearly shown and a notation is made on the bid document clearly indicating bidder’s intent. 7. CONTRACT & CHANGE ORDERS A. Firm Prices - Once the Contract is awarded, the prices offered by the successful bidder shall remain firm for the duration of the contract. No different or additional items will become part of this contract with the exception of a change order. No oral statement of any person shall modify or otherwise change, or affect the terms, conditions or specifications stated in the resulting contract. All change orders to the contract will be in writing and at the discretion and approval of the Township. No change order will be binding unless signed by an authorized representative of the Township and Proposer. B. Formal Change Management Process- Vendor shall implement a documented change management process. All changes to Township systems, configurations, or services shall be classified as: (a) Emergency Change — immediate action for active incidents; notify Township within one (1) hour, document within twenty-four (24) hours; (b) Standard Change — routine pre-approved low-risk changes; (c) Normal Change — all other changes requiring a written Change Request submitted to the Township's designated contact at least forty-eight (48) hours in advance, including scope, impact assessment, implementation window, and rollback plan. No Normal Change may be implemented without written Township approval. Vendor shall maintain a change log reviewed in monthly reporting. C. Implementation Plan —The successful vendor must prepare and submit a final implementation plan and timeline within fourteen (14) days of contract execution. The plan shall include: (a) a detailed project schedule with named milestones and completion dates; (b) identification of all Township staff dependencies and required Township actions; (c) a communication plan including cadence and format of status updates; (d) a 3 risk register identifying top transition risks and mitigation strategies; (e) a parallel- operations or cutover plan ensuring zero interruption to Township business; and (f) documented acceptance criteria for each major milestone. The Township reserves the right to withhold payment for any milestone until written acceptance is provided. 8. CONTRACT TERMINATION The Township reserves the right, upon ninety (90) days written notice, to terminate this contract for failure of vendor to comply with terms and conditions set forth herein. Nonperformance on the part of the vendor shall constitute breach of contract and shall nullify any and all contractual obligations between the seller and the purchaser. 9. WITHDRAWALS OF BIDS Bids may be withdrawn before the due date in person by a bidder, or authorized representative, provided their identity is made known and a receipt is signed for the bid, but only if the withdrawal is made prior to the stated bid deadline. In case of error by the bidder in making up a bid, the Township may, by discretion, reject such a bid upon presentation of a letter by the bidder which sets forth the error, the cause thereof and sufficient evidence to substantiate the claim. Upon expiration of the due date, proposer acknowledges and agrees that such bid may not be withdrawn or cancelled by the proposer for a period of ninety (90) days following the due date. In the event that proposers bid is accepted by the township within such ninety (90) day period, the proposer shall be required to perform in accordance with the terms and conditions contained herein. If no contract has been executed by the Township within ninety (90) days following the due date, any proposer may withdraw the bid and deposit. By mutual consent between the township and the proposers, this time period may be extended. 10. DEFAULT CONDITIONS In case of default by the contractor, the Charter Township of Washington may procure the articles or services from other sources and hold the bidder responsible for any excess cost occasioned thereby. In case of error by the bidder relating to a Contract, the Township may, by discretion upon presentation of a written explanation by the bidder substantiating the error, reject the Contract and award to the next qualified bidder. Such error may be subject to default conditions. 11. INFRINGEMENTS AND INDEMNIFICATIONS The bidder, if awarded a contract, agrees to protect, defend and save the Township and herein, its officials, employees, departments, and agents, harmless against; any demand for payment for the use of any patented material, process, or device that may enter into the manufacture, construction, or from a part of the work covered by either order or contract; and from suits or a charge of every nature and description brought against it for, or on account of, any injuries or damages received or sustained by the parties by or from any of the facts of the contractor, the contractor’s employees, or agents; from all liability claims, demands, judgments and expenses to persons or property occasioned, wholly, or in part, by the acts or omissions of the bidder, contractor, agents or employee. 12. INVOICING The Contractor must submit numbered invoices on a monthly basis specifying: Property Location, Department, Date of Service, Total Dollar Amount of each service provided, and Purchase Order # (when applicable). Invoices shall not be sent until all work is completed; Partial invoices will not be accepted. 4 All invoices shall be sent to: accountspayable@washingtontwpmi.org Washington Township Attn: Accounts Payable 57900 Van Dyke Rd. Washington Twp., MI 48094 13. INSURANCE (REQUIRED FOR WORK ON OR WITHIN TOWNSHIP PROPERTY/FACILITIES) The proper, if awarded a contract, shall maintain insurance coverage for the duration of the contract. A Certificate of Insurance indicating carrier, limits, exemptions and the following wording included under the Description of Operations/Locations/Vehicles, must state “It is understood an agreed that the following shall be Additional Insureds: The Township of Washington, including all elected and appointed officials, all employees and volunteers, all boards, commissions and/or authorities and their board members, employees and volunteers” must be submitted to Washington Township within the sealed bid. The proper furnishing labor on the township/public premises does agree to have his workers covered by Worker’s Compensation and furnish a Certificate of Insurance showing coverage for bodily injury and property damage and Worker’s Compensation. A. Cyber Liability Insurance Requirement: The awarded vendor shall maintain Cyber Liability Insurance with minimum limits of $2,000,000 per occurrence / $4,000,000 aggregate covering data breach, cyber extortion, network security liability, and first-party breach response costs. The Township of Washington shall be named as an Additional Insured. Certificate of Insurance evidencing this coverage shall be provided with the sealed bid. 1. INTRODUCTION The Charter Township of Washington is soliciting proposals from qualified vendors to provide, implement, configure, and support a Multifactor Authentication (MFA) solution for approximately seventy (70) users/workstations across municipal departments. The Municipality seeks a secure, user-friendly MFA platform that integrates with existing systems and enhances cybersecurity protections for municipal operations, employee accounts, remote access, cloud applications, and administrative systems. The selected vendor shall provide all necessary licensing, implementation services, configuration, testing, training, documentation, and ongoing support. 2. BACKGROUND INFORMATION 2.1 Municipality Overview Washington Township is a municipal government organization serving approximately 28,000 residents. The Municipality operates multiple departments including administration, finance, fire, public works, and community development. The Municipality currently maintains approximately: • 70 user accounts/workstations 5 • Microsoft Windows desktop and laptop systems • Microsoft 365 and Google environment • Remote access/VPN connectivity • Active Directory or Azure Active Directory/Entra ID environment • Various line-of-business applications The Municipality seeks to improve cybersecurity posture and comply with cybersecurity best practices through implementation of MFA protections. 2.2 Current Environment Vendors should assume the Municipality currently operates: • Microsoft Windows 10 and/or Windows 11 workstations • Google platform • Active Directory and/or Microsoft Entra ID • VPN or remote access solution • Hybrid or cloud-based services Vendors may recommend additional infrastructure components as necessary. 3. PROJECT OBJECTIVES The Municipality’s objectives include: 1. Implement MFA for approximately 70 users/workstations. 2. Secure Google accounts and administrative access. 3. Protect remote access and VPN connectivity. 4. Reduce risk of unauthorized access and credential compromise. 5. Improve compliance with cybersecurity insurance and regulatory requirements. 6. Deploy a user-friendly and manageable solution. 7. Minimize operational disruption during deployment. 8. Provide centralized administration and reporting capabilities. 9. Ensure scalability for future growth. 10. Establish ongoing support and maintenance. 4. SCOPE OF WORK The selected vendor shall provide a turnkey MFA solution and implementation services including, but not limited to, the following: 4.1 Project Management The vendor shall: • Assign a dedicated project manager • Conduct project kickoff meetings • Develop implementation schedules • Coordinate with municipal IT staff • Provide status updates throughout implementation 6 4.2 Assessment and Planning Vendor shall: • Review current infrastructure • Identify integration requirements • Document implementation plan • Identify any prerequisites or licensing needs • Develop migration and rollback procedures 4.3 MFA Solution Implementation Vendor shall: • Configure MFA solution • Integrate with and/or Active Directory • Configure user enrollment procedures • Configure authentication policies • Configure conditional access policies if applicable • Configure administrative accounts with enhanced protections • Configure remote access/VPN integration if applicable • Configure mobile authentication methods • Configure backup authentication methods 4.4 Authentication Methods The solution should support one or more of the following: • Mobile authenticator application • Push notifications • SMS authentication • Voice call authentication • Hardware tokens (optional) • FIDO2/WebAuthn security keys (preferred) • Biometric authentication where supported 4.5 Testing and Validation Vendor shall: • Conduct functional testing • Verify authentication workflows • Test failover and recovery processes • Validate security configurations • Assist with pilot testing • Resolve implementation issues 4.6 Deployment Vendor shall: • Assist with phased rollout 7 • Support user onboarding and enrollment • Provide cutover support • Minimize disruption to municipal operations 4.7 Documentation Vendor shall provide: • System configuration documentation • Administrative procedures • User enrollment instructions • Troubleshooting procedures • Support contact information • Disaster recovery recommendations 5. TECHNICAL REQUIREMENTS 5.1 General Requirements The proposed MFA solution shall: • Be commercially available and currently supported • Support approximately 70 users with scalability for future expansion • Provide centralized management console • Provide audit logging and reporting • Support role-based administration • Support secure cloud and/or on-premises deployment • Include high availability options • Support policy-based authentication rules 5.2 Microsoft Integration The solution shall integrate with: • Microsoft 365 • Microsoft Entra ID (Azure AD) • Active Directory • Windows login where applicable • VPN and remote access systems 5.3 Security Requirements The solution shall: • Use encrypted communications • Support modern authentication protocols • Support SAML, OAuth, or OpenID Connect where applicable • Provide secure administrative controls • Support conditional access policies • Support account lockout and alerting features 8 • Maintain audit logs 5.4 Administrative Features The solution should provide: • User provisioning and deprovisioning • Self-service enrollment • Self-service password reset integration (optional) • Reporting dashboards • Authentication logs • Policy management • Device management • Alerting capabilities 5.5 End User Requirements The solution should: • Be easy for end users to operate • Support iOS and Android devices • Minimize login interruptions • Provide simple enrollment procedures • Support backup authentication methods 5.6 Compliance and Best Practices The solution should align with: • Cybersecurity insurance requirements • NIST cybersecurity guidance • CIS Controls • CJIS requirements if applicable • Applicable state and federal regulations 6. VENDOR QUALIFICATIONS Vendors shall provide the following information: 6.1 Company Information • Company name and address • Years in business • Primary contact information • Organization structure • Number of employees 6.2 Experience Vendor shall demonstrate: 9 • Experience implementing MFA solutions • Experience supporting municipal or government clients • Experience with Google environments • Experience with organizations of similar size 6.3 References Provide at least three (3) references for similar projects completed within the last five (5) years, including: • Organization name • Contact person • Phone number • Email address • Description of project • Number of users supported 6.4 Certifications Provide relevant certifications including but not limited to: • Microsoft partner status • Security certifications • Vendor-specific certifications • Other applicable credentials 7. PROJECT TIMELINE The Municipality anticipates the following schedule: Milestone Date RFP Issued July 1, 2026 Questions Due July 17, 2026 Proposal Due Date July 29, 2026 Anticipated Approval Board of Trustees Meeting August 19, 2026 Project Kickoff Within 30 days from Approval Pilot Group Deployment (approx. 10 users) [To be proposed by vendor in Appendix D] Full Deployment Complete (all 70 users enrolled) [To be proposed by vendor in Appendix D] Training Completion and Formal Acceptance [To be proposed by vendor in Appendix D] The Municipality reserves the right to modify the schedule. 8. TRAINING AND DOCUMENTATION The vendor shall provide: 10 8.1 Administrator Training Training for municipal IT staff covering: • System administration • User management • Policy configuration • Reporting and monitoring • Troubleshooting procedures • Security best practices 8.2 End User Training Vendor shall provide: • User enrollment instructions • End-user training materials • Quick reference guides • FAQ documentation 8.3 Documentation Requirements Documentation shall be provided electronically in Microsoft Office and/or PDF format. 9. SUPPORT AND MAINTENANCE REQUIREMENTS Vendor shall describe: • Support hours • Help desk procedures • Escalation procedures • Response times • Maintenance windows • Software update procedures • Service level agreements (SLAs) • Minimum platform uptime SLA of 99.9% (monthly) for MFA authentication services. Vendors must define in their proposal the remedies, credits, or escalation procedures that apply if uptime falls below this threshold. Note: MFA outages have the potential to lock all users out of Township systems immediately; uptime and incident response for this service are therefore critical. • Warranty information 9.1 Preferred Support Levels The Municipality prefers: • Business-hours support minimum • Emergency after-hours support availability • Remote support capabilities • Online ticketing system 11 10. SECURITY AND COMPLIANCE REQUIREMENTS The vendor shall: • Maintain confidentiality of municipal information • Follow cybersecurity best practices • Notify Municipality of security incidents affecting services • Comply with applicable data privacy laws • Provide secure handling of credentials and authentication data Vendor shall disclose: • Data hosting locations • Security certifications • Incident response procedures • Data retention policies 11. PROPOSAL SUBMISSION REQUIREMENTS 11.1 Submission Format – See Appendix J RFP Submittal Checklist 12. EVALUATION CRITERIA Proposals will be evaluated based on the following criteria: Criteria Weight Technical Solution 30% Vendor Experience and Qualifications 20% Implementation Approach 15% Support and Maintenance 15% Cost Proposal 15% References 5% The Municipality reserves the right to: • Reject any or all proposals • Request additional information • Conduct interviews or demonstrations • Negotiate with selected vendors • Award in whole or in part 13. TERMS AND CONDITIONS 13.1 Reservation of Rights The Municipality reserves the right to: • Waive informalities or irregularities • Reject any or all proposals 12 • Accept proposals deemed in the best interest of the Municipality • Cancel the RFP at any time 13.2 Costs All costs incurred in preparation of proposals shall be the responsibility of the vendor. 13.3 Insurance Requirements The selected vendor shall provide proof of: • General liability insurance • Professional liability/errors and omissions insurance • Workers compensation insurance • Cyber liability insurance Coverage limits shall be determined by the Municipality. 13.4 Confidentiality Vendor shall maintain confidentiality of municipal information. 13.5 Compliance with Laws Vendor shall comply with all applicable federal, state, and local laws. 14. PRICING PROPOSAL FORM (Appendix C: Cost of Services) Vendors shall submit all pricing information using the standardized Cost of Services form provided in Appendix C. No separate pricing proposal is required in this section. Any pricing submitted outside of Appendix C will not be evaluated. APPENDIX B – OPTIONAL SERVICES The Municipality may consider optional pricing for: • Privileged access management • Single sign-on (SSO) • Conditional access configuration • Security awareness training • Endpoint protection integration • Passwordless authentication • Advanced reporting • Managed security services 13 APPENDIX A – CURRENT ENVIRONMENT QUESTIONNAIRE RFP - 2026-02 – Multifactor Authentication (MFA) Vendors should address the following: 11. Describe your recommended MFA solution. 12. Describe Google capabilities. 13. Describe deployment requirements. 14. Describe licensing model. 15. Describe administrative features. 16. Describe reporting and logging capabilities. 17. Describe support services. 18. Describe disaster recovery capabilities. 19. Describe mobile device requirements. 20. Describe hardware token options. 21. Describe implementation timeline. 22. Identify any subcontractors. 14 Appendix B – Vendor Questionnaire RFP-2026-02 – Multifactor Authentication (MFA) 1. Required Cybersecurity and Compliance Questions (answers may be attached and must be labeled “Appendix B – Vendor Questionnaire): a. Describe your firm’s process for responding to ransomware and cybersecurity incidents. How do you communicate with municipal clients during an active incident, and what is your typical response timeline for similarly sized municipal clients? b. List the cybersecurity frameworks (e.g., NIST CSF 2.0, CIS Controls v8) your firm uses. Provide documentation of your most recent third-party security assessment or SOC 2 audit. c. Have you or any of your subcontractors experienced a data breach, ransomware attack, or security incident in the past five (5) years that affected client data? If yes, describe the incident and remediation steps taken. 2. Third-Party Application Coverage - Provide a complete list of all third-party software applications supported under the base monthly fee and identify any that trigger additional charges. Specify your process and cost structure for adding specialized application support mid-contract. Confirm which Microsoft 365 features are included in standard support (Teams, SharePoint, Entra ID/Azure AD, Defender for Office 365, Intune) and whether advanced security and compliance features (DLP, eDiscovery, Information Protection) are included or billed separately. 3. Describe your staff retention and succession plan for the dedicated support team assigned to this contract. What guarantees does your firm provide in the event of key personnel turnover? Qualifications and Experience 4. Provide background/history of your company, including year the firm was established, number of employees, etc. 5. Have you ever failed to complete any work awarded to you? If so, please explain. 6. Please attach additional information relative to the firm’s ability to carry out the terms of this contract. Your response should include or discuss the following in addition to any other information: a. Total number of full-time and part-time employees b. Employee turnover for the last 3 years c. Identify those in your firm who would be responsible for this project, including on- site supervision and provide their credentials. Service 7. Explain how the company ensures quality service to their clients; average number of technicians assigned to a client; needs of client are met, and the location proximity of technicians assigned to Washington Township. 8. Vendor shall provide a complete list of all subcontractors, third-party software platforms, cloud service providers, and offshore support resources that will have access to Township systems or data. For each, provide: company name, nature of services, data access scope, country of operations, and applicable security certifications (SOC 2, ISO 27001, FedRAMP, etc.). Vendor shall notify the Township in writing within ten (10) business days of any 15 addition, substitution, or termination of a subcontractor. Vendor remains solely responsible for the acts, omissions, and security posture of all subcontractors. Vendor shall provide a list of all subcontractors and third-party platforms that will have access to Township systems or data, including company name and the nature of their role. Vendor shall notify the Township within ten (10) business days of any change in subcontractors. Vendor remains fully responsible for the actions of all subcontractors and shall ensure they carry appropriate insurance coverage. 16 Appendix C – Cost of Services RFP-2026-02 – Multifactor Authentication (MFA) Vendors shall provide detailed pricing including: Item Quantity Per Seat Unit Cost Multi- year Total Cost MFA User Licenses 70 $ $ $ $ Implementation Services Lump Sum $ $ $ $ Project Management Lump Sum $ $ $ $ Training Services Lump Sum $ $ $ $ Support and Maintenance (Annual) 1 Year $ $ $ $ Optional Hardware Tokens Quantity $ $ $ $ Optional Professional Services Hours $ $ $ $ Additional Pricing Information Vendor shall identify: • Any recurring subscription fees • Renewal pricing • Optional costs • Travel expenses • Additional licensing costs • Escalation rates 17 Appendix D – Implementation Plan ***Insert Implementation Plan Here*** Vendor’s implementation plan must address, at minimum, the following elements: • Proposed project schedule with named milestones and estimated completion dates (aligned to the timeline in Section 7) • Pilot group approach: identification of pilot user group (recommended: 5–10 users), pilot duration, and acceptance criteria before full rollout o Recommendation to begin on South end of Township hall for pilot program (Accounting/Clerks departments) • Township staff dependencies: specific actions or decisions required from Township personnel, and estimated time commitments o 8 Township departments in full/70 users ▪ Accounting, Assessing, Building, Clerks, DPW, Fire, Planning, Supervisor • Rollback plan: procedures to revert to the prior authentication state if implementation fails or causes unacceptable disruption • Communication plan: frequency and format of status updates to Township during implementation • Risk register: top three to five transition risks, likelihood, and proposed mitigation strategies 18 Appendix E - Professional Reference Information RFP-2026-02 – Multifactor Authentication (MFA) Bidder Name: ___________________________________ PROFESSIONAL REFERENCES: List a minimum of three (3) and up to five (5) municipal government clients of comparable size (population 10,000–100,000 or 40–200 employees) where cybersecurity assessment or managed IT services were provided within the past four (4) years. References from commercial clients are acceptable only as supplemental to the required municipal references. Reference 1 COMPANY NAME: ____________________________________________________________ Organization type (municipality/township/county/other): ________________________________ Population served or employee count: ________________________________ Contact Person: _____________________ Title: _________________ Phone: ____________ E-Mail: _________________________________________________________________ Address: ______________________________________ State: _______ Zip: _____________ Contract value and duration: _____________________________________________________ Services provided: ____________________________________________________________ Date(s) of Service(s): __________________________________________________________ Description of any significant cybersecurity incidents during the contract and how they were handled: ____________________________________________________________________ Reference 2 COMPANY NAME: ____________________________________________________________ Organization type (municipality/township/county/other): ________________________________ Population served or employee count: ________________________________ Contact Person: _____________________ Title: _________________ Phone: ____________ E-Mail: ______________________________________________________________________ Address: _________________________________________ State: _______ Zip: __________ Contract value and duration: _____________________________________________________ Services provided: _____________________________________________________________ Date(s) of Service(s): ___________________________________________________________ Description of any significant cybersecurity incidents during the contract and how they were handled: _____________________________________________________________________ Reference 3 COMPANY NAME: ____________________________________________________________ Organization type (municipality/township/county/other): ________________________________ Population served or employee count: ________________________________ Contact Person: _____________________ Title: __________________ Phone: ___________ E-Mail: ______________________________________________________________________ Address: ________________________________________ State: _______ Zip: ___________ Contract value and duration: _____________________________________________________ Services provided: _____________________________________________________________ Date(s) of Service(s): ___________________________________________________________ Description of any significant cybersecurity incidents during the contract and how they were handled: _____________________________________________________________________ 19 Financial Qualifications 9. Financial Qualifications: Vendor shall demonstrate financial stability sufficient to perform the contract for its full term. Provide the following: (a) most recent two (2) years of audited financial statements or, for privately held firms, a letter of financial health from a licensed CPA; (b) a statement of bonding capacity; (c) disclosure of any pending or active litigation, regulatory investigations, or judgments exceeding $50,000; (d) disclosure of any bankruptcy filings within the past seven (7) years; and (e) bank reference information as follows: a. Bank name: _________________________________________________ b. Contact Person: _____________________________________________ c. Contact Person Title: __________________________________________ d. Contact Person Phone number: _________________________________ e. Contact Person Email: ________________________________________ f. Bank address. ______________________________________________ 20 Appendix F - Signature Page RFP-2026-02 – Multifactor Authentication (MFA) The undersigned represents that he or she: 1. is duly authorized to make binding offers on behalf of the company, 2. has read and understands all information, terms, and conditions in the RFP, 3. certifies that the proposal documents contained herein were obtained directly from the MITN website, www.mitn.info, and is an official copy of the Authorized Version. 4. has not engaged in any collusive actions with any other potential proposers for this RFP, 5. hereby offers to enter into a binding contract with Washington Township for the products and services herein offered, if selected by Washington Township within 7 days from proposal award, 6. certify that it, its principals, and its key employees are not “Iran linked businesses,” as that term is described in the Iran Economic Sanctions Act, P.A. 2012, No. 517, codified as MCL 129.311, et seq. 7. acknowledges the following addenda _________________ issued as part of the RFP: 8. The vendor shall not disclose assessment findings without written authorization from the Municipality.Exceptions to Solicitation and/or Standard Contract: NO______ YES_____ (include attached statement) Name (clearly printed or typed): _____________________________________________ Signature of Authorized Representative: _______________________________________ Title: ___________________________________________________________________ Company: ______________________________________________________________ Federal Employee Identification Number (FEIN) Tax ID: __________________________ DUNS Number: __________________________________________________________ Payment Terms: ________________________ Warranty: ________________________ Date: _______________ Contact Person of company representative for matters regarding this RFP CONTACT NAME: _______________________POSITION: _______________________ E-MAIL: ________________________________________________________________ ADDRESS/CITY/STATE/ZIP: _______________________________________________ PHONE : ________________________________________FAX : __________________ 21 Appendix G – Non-Collusion Affidavit Vendor: ___________________________________________________________________________ (1) Affiant is (enter contract title) ________________________________________________________ of _____________________________________________, "the Contractor." Affiant has personal knowledge of the matters set forth in this Affidavit and is competent to testify about them. (2) The Contractor has submitted to the Charter Township of Washington, a "Bid" to enter into the above referenced Contract, also referred to in this Affidavit as "the Work." (3) This Non-collusion Affidavit is executed by Affiant for inclusion with the submission to the Charter Township of Washington of the Bid and may be relied upon by the Township in considering the Bid. (4) Affiant is fully informed about the preparation and contents of the Bid and of all pertinent circumstances surrounding the Bid, has not entered into any contract, combination, conspiracy or other act prohibited by federal, State or any other local Law. The Bid is genuine and is not a collusive or sham Bid. (5) Neither the Contractor nor any of the Contractor 's of the Charter Township of Washington, officers, partners, directors, agents, representatives, employees or parties in interest, including this Affiant, have in any way entered or proposed to enter into any combination to prevent the making of any Bid, or to fix any prices (including overhead, profit or other costs) for the Bid; or have made any agreement, or given or promised any consideration to induce any other person not to Bid for the Work, or to Bid at a specified price; or have secured, proposed or intended to secure through any agreement an unlawful advantage against the Charter Township of Washington or any other person interested in the Work. (6) No officer or employee of the Charter Township of Washington is personally or financially interested, directly or indirectly, in the Bid, or any Contract which may be under it, or in the purchase or sale of any materials or supplies for the Work to which it relates, or any portion of any expected profits thereto. (7) The Bid is not intended to secure an unfair advantage or benefit from the Charter Township of Washington or in favor of any person interested in the proposed Contract. (8) The prices bid are fair and proper and are not tainted by any collusion, conspiracy, connivance, or unlawful agreement on the part of the Contractor or any other of the Contractor 's of the Charter Township of Washington, officers, partners, directors, agents, representatives, employees or parties in interest, including this Affiant; and neither the Contractor nor any of its Charter Township of Washington, officers, partners, directors, agents, representatives, employees or parties in interest, including this Affiant, have divulged any information regarding the Bid or any data about the Bid to any other person. __________________________________________________________________________________Printed Name Signature Date __________________________________________________________________________________ STATE OF MICHIGAN, COUNTY OF ________________ Before me, a Notary Public commissioned, qualified and acting, personally appeared (enter name of the person signing this Affidavit) ____________________________________ to me well known to be the person described in and who signed this Affidavit, who being by me first duly sworn upon oath, says that he/she is the attorney-in-fact for (enter Contractor 's Name) _____________________________________________________, that he/she has been authorized by (enter name of individual, partnership name, or the authorized governing body of the Contractor) ________________________________________ to execute this Affidavit on behalf of the named Contractor in favor of the Charter Township of Washington, MICHIGAN, for the uses and purposes mentioned. Subscribed and sworn to before me this _____ day of _________________, 20___. Notary Public: _________________________________ My Commission Expires: _________________________ 22 Appendix H - Conflict of Interest: ______To the best of our knowledge, the undersigned has no potential conflict of interest due to any other Township contracts, or property interest for this proposal. OR ______The undersigned firm by attachment to this form submits information which may be a potential conflict of interest due to other Township contracts, or property interest for this proposal. d. Attach and label “Attachment H – Conflict of Interest Potential Conflict” COMPANY NAME: Contact Person Title Phone E-Mail Address Date(s) and Type of Service(s) Print Name: _____________________________________________ Title: __________ Signature of Authorized Representative: _____________________________________ Company: _____________________________________________________________ Federal Employee Identification Number (FEIN) Tax ID: _________________________ DUNS Number: ________________________________________________________ Payment Terms: ___________________ Warranty: ______________ Date: _______________ 23 Appendix I – Non-Iran Linked Businesses By signing the proposal/bid, I certify and agree on behalf of myself and the company submitting the proposal the following: (1) that I am duly authorized to legally bind the company submitting this bid; and (2) that the company submitting this bid is not an “Iran-linked business,” as that term is defined in Section 2(e) of the Iran Economic Sanctions Act, Michigan Public Act No. 517 of 2012; and (3) that I and the company submitting this bid will immediately comply with any further certifications or information submissions requested by The Charter Township of Washington in this regard. Print Name: ___________________________________________Title: ____________ Signature: _____________________________________________________________ 24 Appendix J – COMPLIANCE/DISCLOSURE/INDEMNIFICATIONS MICHIGAN IDENTITY THEFT PROTECTION ACT COMPLIANCE Michigan Legal Compliance: the Vendor shall comply with all applicable federal, state, and local laws relating to privacy, security, confidentiality, use, disclosure, storage, transmission and disposal of Personal Information, including the Michigan Identity Theft Protection Act, MCL 445.61 et seq, as amended. Vendor shall implement security measures consistent with Michigan's Identity Theft Protection Act (MCL 445.61 et seq.). Vendor shall notify the Township within twenty-four (24) hours of any actual or suspected breach of resident personal information, including data affected and initial remediation steps. Vendor shall cooperate with the Township in fulfilling any statutory notification obligations and shall bear all breach response costs to the extent the breach is attributable to Vendor's acts or omissions. Print Name: ___________________________________________ Title: __________________ Signature: _____________________________________________ ____________________________________________________________________________ AI TOOL DISCLOSURE AND DATA GOVERNANCE AI Tool Disclosure: Vendor shall disclose, prior to contract execution and within ten (10) business days of any change, any artificial intelligence (AI) tools or automated systems used in the delivery of services that process Township data. Vendor shall identify the tool name, the nature of Township data processed, and whether Township data is used to train any AI model. Township data shall not be used to train any AI model without express written consent from the Township. Print Name: ___________________________________________ Title: ___________________ Signature: _____________________________________________ ____________________________________________________________ RANSOMWARE AND CYBERSECURITY INCIDENT RESPONSE Ransomware and Cybersecurity Incident Response: In the event of a ransomware or destructive malware incident affecting Township systems: (a) Vendor shall notify the Township within one (1) hour of detection and begin remediation immediately; (b) Vendor shall provide status updates every four (4) hours during the active incident; (c) no ransom payment shall be made on behalf of the Township without written authorization from the Township Supervisor; (d) Vendor's cyber liability insurance shall be the primary coverage for incident response and recovery costs where the incident originates from or propagates through Vendor-managed systems; and (e) Vendor shall provide a written post-incident report within fourteen (14) days Print Name: ___________________________________________ Title: __________________ Signature: _____________________________________________ ____________________________________________________________________________ CYBERSECURITY INDEMNIFICATION Vendor shall indemnify and hold harmless the ‘its elected and appointed officials, officers, employees, volunteers, agents, boards, commissions, representatives from and against any and all claims, demands, actions, causes of actions, damages, losses, liabilities, judgments, fines, penalties, costs and expenses, including attorney and legal fees arising from: (a) unauthorized access to Township data on Vendor-managed systems; (b) Vendor's failure to implement required security controls; (c) Vendor's violation of applicable data protection laws including MCL 445.61; and (d) ransomware incidents originating through Vendor-managed systems or tools. Print Name: ___________________________________________ Title: __________________ Signature: ____________________________________________ 25 Appendix K – RFP Submittal Checklist Task Submitted Background Material: Include a Title Page showing the bid name, bid due date, name of the Vendor and Vendor’s address, telephone number, and email address. Company Background: Provide a general overview of the company and history in field responding to the RFP, including any subcontractors and/or third parties Minor Deviations: Outline any minor deviations from specifications and state them clearly in the price bid Appendix A –Environnent Questionnaire Appendix B – Vendor Questionnaire Appendix C – Cost of Services - Breakdown per requirements mentioned under item #4 “Pricing” Appendix D – Implementation Plan - A timetable to include initial response, implementation; including how the changeover shall occur without interruption of daily business activity. Appendix E – Professional Reference Information - Vendor shall provide a minimum of three (3) and up to five (5) professional references from municipal government clients of comparable size (population 10,000–100,000 or 40–200 employees) where managed IT services were provided within the past four (4) years. References from commercial clients are acceptable only as supplemental to the municipal references. For each reference, provide: (a) organization name and type; (b) population served or employee count; (c) contract value and duration; (d) services provided; (e) named contact with current phone and email; and (f) a brief description of any significant cybersecurity incidents that occurred during the contract and how they were handled. The Township reserves the right to contact references without prior notice to the vendor. Complete and include the “Professional Reference Information” on page 11 of this solicitation. Appendix F – Signature Page Appendix G – Non-Collusion Affidavit Appendix H – Conflict of Interest Appendix I – Non-Iran Linked Businesses Appendix J – Compliance/Disclosure/Indemnifications Appendix K – RFP Submittal Checklist 26 AWARDED BIDDER ONLY: Awarded Bidder agrees to adhere to the attached bid documents, as approved by the Charter Township of Washington Board of Trustees on _________________________. Awarded To: ______________________________________ Total Amount: ____________________________________ Term: ___________________________________________ Printed Name Representative Signature Audrey Brown, Township Clerk Signature