CLOSED-RFP – Informal Solicitation for PCI Qualified Security Assessor Services, RFP-FAS-91415
Original Date Posted: September 15, 2015 9:02 amCity of Seattle PCI Compliance Program
Request for Proposals – Informal Solicitation
For PCI Qualified Security Assessor Services
Click here for the full RFP – posted 9/15/2015
Consultant must be approved to the City’s Consultant Roster under the IT – Payment Card Industry Compliance Assessment category by the submittal due date. See additional qualifications below and in the full RFP:
City Contact:
Nicholas Ziesmer, PCI Program Manager:
nicholas.ziesmer@seattle.gov
(206) 727-8433
Schedule: A breakdown of this solicitation’s timeline of events is provided below. The City reserves the right to modify this schedule at its discretion. Notification of any change will be communicated via the City Contact to the selected City Roster Consultants (“Firms”).
| Solicitation Release | Monday, 09-14-2015 |
| Deadline for Non Disclosure Agreement submissions (see Attachment A) | Thursday, 09-24-2015 |
| Deadline for written Q&A submissions | Thursday, 09-24-2015 |
| Q&A Responses Published to Proposers | Monday, 09-28-2015 |
| Deadline for Written Proposals(see Attachment B)
|
Monday, 10-5-2015 |
| Evaluation of Written Proposals and Reference Checks | Week of 10-5-2015 |
| Announcement of Finalist Proposers | Tuesday, 10-13-2015 |
| Interviews with Finalist Proposers | Week of 10-26-2015 |
| Announcement of Successful Proposer | Tuesday, 11-10-2015 |
| Finalize Contract / SOW | Monday, 11-23-2015 |
| Contract Execution(See Attachment C)
|
Tuesday, 12-1-2015 |
| Services Start Date | Tuesday, 3-1-2016 |
Unless authorized by the Project Manager, no other City official or employee may speak for the City regarding this solicitation until award is complete. Any Proposer contacting other City officials or employees does so at Proposer’s own risk. The City is not bound by such information.
Background: The City of Seattle is a Level 1 PCI entity, performing more than 12M credit card transactions annually, totaling more than $400M. The City received its most recent PCI Attestation of Compliance on June 30, 2015.
Environment. Please refer to the separately provided City of Seattle PCI Background Information document. This document is confidential and exempt from public disclosure. A non-disclosure agreement must be signed prior to receiving access to this information (See Attachment A).
Purpose: The City is engaged in an ongoing effort to sustain PCI compliance, and intends to select a Qualified Security Assessor for 2016. The City may explore the option of extending these services to 2017-2018.
Qualifications:
- Mandatory Qualifications.
- Have completed an assessment and corresponding Report on Compliance under PCI DSS 3.0 or higher.
- Ability to meet City’s timeline – to be provided in later section.
- Demonstrated experience working in a similarly large, complex, highly distributed IT environment.
- Experience working with Level 1 PCI merchants.
- Approval to City Consultant Roster for Information Technology – Payment Card Industry Compliance Assessment category.
- Desired Qualifications.
- Experience working in a public sector environment.
- Excellent communication (written and oral).
- Demonstrated bench strength of qualified QSA consultants with relevant experience conducting PCI DSS 3.0 or greater RoC assessments.
Posted under History/Archives categories 
Tags: PCI, QSA