The Firemen s Annuity & Benefit Fund of Chicago, Illinois

Similar documents
Request for Proposal for Open End Infrastructure Equity Fund

DELHAIZE AMERICA PHARMACIES AND WELFARE BENEFIT PLAN HIPAA SECURITY POLICY (9/1/2016 VERSION)

Request for Proposal. Legal Counsel to Serve as Fiduciary Counsel

Request for Information FIDUCIARY & GOVERNANCE REVIEW AND EVALUATION

REQUEST FOR PROPOSAL ACTUARIAL SERVICES

Request for Information OUTSIDE COUNSEL (SINGLE OR MULTIPLE)

Cyber ERM Proposal Form

APPLICATION FOR DATA BREACH AND PRIVACY LIABILITY, DATA BREACH LOSS TO INSURED AND ELECTRONIC MEDIA LIABILITY INSURANCE

Cyber Risk Proposal Form

The Policemen's Annuity and Benefit Fund of Chicago. Request for Proposal ("RFP") For Real Estate Brokerage Services

HIPAA AND ONLINE BACKUP WHAT YOU NEED TO KNOW ABOUT

IN THE CIRCUIT COURT OF COUNTY, ILLINOIS. ) ) ) ) No. ) ) ) QUALIFIED ILLINOIS DOMESTIC RELATIONS ORDER

IV. SERVICES TO BE PROVIDED See Exhibit A Statement of Work. V. PROPOSAL AND SUBMISSION INFORMATION

REQUEST FOR PROPOSAL FOR ACTUARIAL SERVICES RFP

HIPAA Compliance Guide

Request for Proposal General Ledger Software

Individual and Third-Party Access to Medical Records

PrintFleet Enterprise 2.2 Security Overview

STATE OF FLORIDA AGENCY FOR HEALTH CARE ADMINISTRATION REQUEST FOR INFORMATION AHCA RFI /16

DATA PROCESSING AGREEMENT (GDPR, Privacy Shield, and Standard Contractual Clauses)

May 12, Due Diligence Request. To Whom It May Concern:

Request for Proposal Defined Contribution Consultant 2017

Request for Proposal. MWDBE Real Estate Investment. July 31, 2017

REQUEST FOR PROPOSAL FISCAL YEAR 2017 NOTEBOOK REFRESH. Page 1 of 14

Request for Proposal. Outside Legal Counsel. July 2017

Request for Proposal for Non-Core Real Estate Investment March 2014

POLICEMEN S ANNUITY AND BENEFIT FUND OF CHICAGO, ILLINOIS

MEMORANDUM OF UNDERSTANDING for DATA SHARING BETWEEN DISTRICT AND SCCOE

REQUEST FOR PROPOSAL PENETRATION ( PEN ) TESTING SERVICES

Request for Proposal. Legislative Consulting Services

SPRINT CLOUDCOMPUTE INFRASTRUCTURE SERVICES PRODUCT ANNEX

APPLICATION for: TechGuard Liability Insurance Claims Made Basis. Underwritten by Underwriters at Lloyd s, London

Request for Proposal. Real Estate Debt Investment. June 17, 2016

Banks Sheridan Limited Data Protection Privacy Policy 19 May 2018

Investor Presentation

Vermont State Colleges Request for Proposals Backup RPF 11/13/2017

MUNICIPAL EMPLOYEES ANNUITY AND BENEFIT FUND OF CHICAGO

The Fund is governed by Illinois Compiled Statutes, which can be viewed at:

POLICEMEN S ANNUITY AND BENEFIT FUND OF CHICAGO (PABF) Request for Proposals

What types of personal information is collected and why? Our privacy commitment to you. Personal information. What is personal information?

NAPBS BACKGROUND SCREENING AGENCY ACCREDITATION PROGRAM ACCREDITATION STANDARD AND AUDIT CRITERIA Version 2.0. Potential Verification for Onsite Audit

Data Processing Addendum

REQUEST FOR PROPOSAL Security Baseline Review Project

Regenstrief Center for Healthcare Engineering HIPAA Compliance Policy

Federal Reserve Banks Operating Circular No. 5 ELECTRONIC ACCESS

REQUEST FOR PROPOSALS FOR IT Services Eng & Maintenance Services

SD-WAN as a Service Schedule Terms and Conditions & SLA

DATA PROTECTION ADDENDUM

All Sorts UK Limited Data Protection Policy 17 th May 2018

Department of Management Services REQUEST FOR INFORMATION. Comprehensive Surgical and Medical Procedures Entity

Data Processing Appendix

Our privacy commitment to you. What types of personal information is collected and why? About us. Personal information. What is personal information?

Cyber Security Risk Information Sharing Program (CRISP) Overview, Budget Projection and Proposed Funding Allocation

Request for Information OpenText - File360 Document Imaging Service and Support

Cyber ERM Proposal Form

the AuctionACCESS system). The Dealership unconditionally guarantees all purchases and other transactions may or initiated using any Dealership accoun

MILLER COUNTY AMBULANCE DISTRICT. Request for Proposals: EMS Ambulance Billing Services Closing May 9th, 2014

403(b) Glossary 401(k) Plan: 403(b) Plan: 457(b) Plan (Governmental):

CAPITAL WORKPAPERS TO PREPARED DIRECT TESTIMONY OF GAVIN H. WORDEN ON BEHALF OF SOUTHERN CALIFORNIA GAS COMPANY BEFORE THE PUBLIC UTILITIES COMMISSION

Customer GDPR Data Processing Agreement

CBSA PRIVACY POLICY. Canadian Business Strategy Association Page 1

Association of Service Providers for Employability and Career Training ( ASPECT ) PRIVACY CODE

ARE YOU HIP WITH HIPAA?

7750 East Broadway Boulevard, Suite A-200, Tucson, AZ

CYBER RISK INSURANCE. Proposal Form

Annexure B. To the [directors of name of benefit administrator] 1 and to the Registrar of Pension Funds

2018 Recreation Center Dectron Unit - R22 Refrigerant

March 1. HIPAA Privacy Policy

MentorcliQ Data Processing Agreement

Business Income Tax Return Engagement Letter

FOR COMMENT PERIOD NOT YET APPROVED AS NEW STANDARD

ON24 DATA PROCESSING ADDENDUM

DATA PROCESSING TERMS AND CONDITIONS

Professional Indemnity Insurance for Surveyors (and related professions) Proposal Form

EU Data Processing Addendum

INFORMATION AND CYBER SECURITY POLICY V1.1

Federal Reserve Bank Operating Circular 12 Effective June 4, Multilateral Settlement

Combined Liability Insurance for Financial Technology Companies Proposal Form

Request for Information Health Insurance Exchange Platform and Customer Service Center

Conflict of Interest Policy for Board Members of KDE e.v.

Subject: Protecting cardholder data in support of the Payment Card Industry (PCI) Data Security Standards

ebanking Agreement and Disclosure

INCIDENT RESPONSE PLAN

Privacy and Data Breach Protection Modular application form

Welcome. Understanding Your SURS Benefits (Tier I and II)

[ ] an individual, [ ] a corporation (please mark appropriate box), duly organized under the

H 7789 S T A T E O F R H O D E I S L A N D

Annex to II.6 MANDATORY PROVIDENT FUND SCHEMES ORDINANCE (CAP. 485) INTERNAL CONTROLS OF REGISTERED SCHEMES

Interests in trusts Part

TEMPLATE LARGE PHYSICIAN PRACTICE ACQUISITION DUE DILIGENCE INFORMATION REQUEST

Claims Made Basis. Underwritten by Underwriters at Lloyd s, London

Cyber, Data Risk and Media Insurance Application form

VILLAGE OF ORLAND PARK

THIRD-PARTY MANAGEMENT OF INFORMATION RESOURCES

Streamline and integrate your claims processing

Professional Indemnity Insurance for the Designing and Consulting Department of Contractors Proposal Form

Chesapeake Regional Information System for Our Patients, Inc. ( CRISP ) HIE Participation Agreement (HIE and Direct Service)

PRIVACY IMPACT ASSESSMENT

Request for Information: Provider Directory Data Management Service for MNsure

Statement of Guidance Nature, Accessibility and Retention of Records

Transcription:

The Firemen s Annuity & Benefit Fund of Chicago, Illinois REQUEST FOR INFORMATION (RFI) RISK AND FUNCTIONAL REQUIREMENTS ASSESSMENT FOR INFORMATION TECHNOLOGY INFRASTRUCTURE AND RELATED SYSTEMS 1 P age

Background: This Request for Information ( RFI ) is issued by the Firemen s Annuity and Benefit Fund of Chicago (the FABF or the Fund ) to solicit information from Respondents ( Firm or Respondent ), with the possibility of engaging a Respondent to provide a risk and functional requirements assessment of the FABF s information technology infrastructure and related systems. The Fund seeks to gather information from a number of Respondents qualified to provide expert advice and assistance with respect to the FABF s information technology infrastructure. The FABF is a statutorily created public pension plan administered pursuant to Article VI of the Illinois Pension Code. 40 ILCS 5/6-1 et seq. The FABF has 16 full-time staff members and is governed by an eight-member Board of Trustees (the Board ). Information about the Fund s Information Technology Infrastructure: Most of the FABF staff members utilize DataFlex applications. DataFlex is a visual tool the Fund has used for about twenty-five years to build and manage in-house Windows applications. Applications are modified and updated in-house as needs and requirements change. Employee time clocks are captured using a time keeping software called Wasp Time that uses a barcode swipe machine to temporarily store employee swipes to an embedded Microsoft SQL database. Time clocks are retrieved daily using a DataFlex application. DataFlex is deployed in a client-server environment. Currently, the FABF has about 20 workstations within the office that have installed DataFlex locally. These workstations need to be updated periodically whenever there is a release of a new build or version of DataFlex software. On the back end, the FABF stores the production data and DataFlex applications on a dedicated Virtual Windows Server. Additionally, the FABF has a test environment for DataFlex applications and data identical to what is in the server. The FABF has three servers: Application server, Local Application Backup server, and a DocuWare server. These three servers are deployed in a single virtual machine and are backed up twice a day on a onsite backup machine. This onsite backup machine is also replicated to the cloud with data encryption and secured transmission using site to site IPSec VPN tunnel with encryption (2048 bit or higher) and SSH (Secure Socket Shell) communications between servers. The FABF uses the service of Microsoft Office 365 to handle internal emails for both FABF Staff and Trustees of the Board. Other resources are also used with Office 365 such as online-based Microsoft Word, Excel, OneDrive, etc. All emails are configured to archive all email folders every 5 minutes using MailStore. The FABF hosts its own website using IP Switch WS_FTP server. The website is consistently updated using a text editor called Brackets. The FABF prints its own checks. The payroll department uses DataFlex to process both FABF participant benefits and FABF staff salary. DataFlex Applications produce a data file in either.csv or. ddt formats to be used for check printing. We use Secure32 Software for printing checks that uses configured forms to match the fields in.csv or. ddt files. In addition, Secure32 uses a Microsoft SQL database to store authorized users and its passwords, signatures, account numbers, and other sensitive data information. 2 P age

Secure32 also uses a dongle as layer of security to open the Secure32 application. Without the dongle, the user could not use or open the application. The Fund also maintains and stores data regarding its participants that contains personal information that is confidential pursuant to the Illinois Personal Information Protection Act (the Privacy Act ) and the Health Insurance Portability and Accountability Act of 1996 ( HIPPA ). Such information must be maintained on the FABF server in compliance with the Privacy Act and HIPPA. FABF Pension Administration Statistics: December 31, 2017 Item Quantity Number of Active Members 4589 Number of Retirees and Beneficiaries receiving Monthly Payments 5074 Number of Retirees and Beneficiaries with Healthcare Deductions ~1709 Number of Tiers 2 Number of Contributing Employers 1 Annual number of New Annuities (Employee, Spouse and Child) 341 Annual number of Disabilities (Ordinary, Duty and Occupational) 20 Requested Information The Fund seeks to gather the following information from qualified Firms. Firms may also provide the Fund with any information the Firm deems relevant in order for the Fund to consider possible engagement with a Firm able to undertake a risk and functional requirements assessment of the Fund s information technology infrastructure and related systems. Firm Overview 1. Provide background on the Firm s capabilities to provide an assessment of the risk and functional requirements of the Fund s information technology infrastructure and related systems. Services 2. Provide information on the Firm s ability to perform the following services for the Fund: a. Perform a complete risk assessment of the FABF s information technology infrastructure and related systems, including the security levels of such systems. b. Provide a detailed report assessing the risks to the FABF s information technology infrastructure and related software, including recommended actions to mitigate identified risks. c. Provide information technology and cyber security policy recommendations to the FABF. d. Provide business continuity and disaster recovery plan recommendations to the FABF. 3 P age

Project Team e. Development of information technology infrastructure and related systems functional requirements. f. Provide a detailed report describing any identified gaps in the needs of office staff and the capabilities of existing infrastructure and systems. g. Provide recommendations that would allow the FABF to meet the functional requirements detailed in said assessment. 3. Provide an organizational chart of the proposed team, primary point of contact, and the roles and responsibilities of the team members. Relevant Experience 4. Describe the Firm s risk and functional requirements assessment experience for similar assignments, specifically defined benefit pension fund plan assignments. 5. Provide three references of clients for whom the Firm has performed work similar to that discussed in this RFI. Include the reference name, title, company, address, telephone number, and a description of the services provided. 6. Provide information regarding the Firm s experience and track record of providing assessments for risk and functional requirements for governmental and/or corporate clients. Conflicts of Interest & Due Diligence 7. Please lists any potential conflicts of interest the Firm may encounter. 8. Has the Firm ever been involved in a lawsuit, regulatory proceeding or investigation in the last ten (10) years involving any services provided by the Firm? Compensation 9. Describe the Firm s compensation structure for the proposed services discussed in this RFI. State any special considerations with respect to billing or payment of fees and expenses that the Firm offers and that you believe would differentiate the Firm and make the Firm s services more cost effective to the FABF. MWDBE Disclosures 10. It is the policy of the Fund to encourage vendor participation involving Minority Business Enterprises, Women-owned Business Enterprises or a Business Owned by a Person with a Disability, as such terms are defined in the Illinois Business Enterprise for Minorities, Females and Persons with Disabilities Act. Respondents should disclose the following numerical data as part of the information provided to the Fund pursuant to this RFI: (a) The number of the Firm s staff who are (i) minority person, (ii) female, or (iii) persons with a disability; (b)the number of contracts, oral or written, that the Firm has in place for consulting services and professional and artistic services that constitute a (i) minority owned business, (ii) female owned business, or (iii) business owned by a person with a disability; and 4 P age

(c)the number of contracts, oral or written, that the Firm has in place for consulting services and professional and artistic services where more than 50% of services performed pursuant to a contract are performed by a (i) minority person, (ii) female, or (iii) persons with a disability but do not constitute a business owned by a minority, female or persons with a disability. Conclusion This RFI does not constitute an offer and should not be considered a contract with the FABF. This RFI is solely a request for information from qualified Firms capable of providing an assessment of the risk and functional requirements of the Fund s informational technology infrastructure. The term of any future engagement will be governed by the negotiated contract or agreement with the FABF. The Firm s response to this RFI is to be prepared at the Firm s sole cost and expense. The information that a Firm submits will be subject to the Illinois Freedom of Information Act (5 ILCS 140/1 et seq.) ( FOIA ). FOIA provides generally that all records in the custody or possession of a public body are presumed to be open to inspection or copying. The FABF will determine, in its sole discretion, whether the materials prepared in connection with this RFI are subject to public disclosure pursuant to FOIA. By submitting information pursuant to this RFI, the Firm agrees to indemnify, save, and hold the FABF harmless from and against any and all claims arising from or relating to FABF s complete or partial disclosure of the Firm s information if the FABF determines, in its sole discretion, that such disclosure is required by law. If a Firm is interested in providing any information to the Fund related to this RFI, please provide such information and have a representative from the Firm that is capable of binding the Firm with respect to the information provided execute where indicated below. Please email the Firm s information to info@fabf.org no later than 12:00 p.m. (CST) on April 13, 2018. COMPANY NAME: AUTHORIZED SIGNATORY: PRINT NAME: DATE: 5 P age

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback