Talk to Our Experts  

Information Risk Management Blog

SAMPLE RFP Questions: SOC Build/Optimization Services

[fa icon="calendar"] Sep 6, 2017 6:02:47 AM / by Chandra Prakash Suryawanshi

Chandra Prakash Suryawanshi

  • Provide a brief overview and history of your organization, highlighting specific experience in projects of this type. Key individual expertise should be set forth in detail.
  • Describe the organizational structure of your company and provide the following information:
  • A corporate organizational chart, including subsidiaries, affiliates, list of the board of directors, list of key personnel

b. The total number of W-2 employees

c. The turnover rate for the previous twelve months

d. Brief overview of the type of product or services provide

3. Please provide three current customers’ contact information, each from a different company. If possible, include references where your company is providing services similar in size and scope to what is being requested in this RFP. Include the following for each reference:

a. Company Name

b. Customer Contact with phone number and email address

c. Brief overview of the type of product or services provided

4. Please list your top three (3) service competitors.

5. What differentiates your company from other vendors that provide these services? What is your competitive advantage? Please provide examples.

a. How have these factors been put into play in other organizations?

6. Please document and explain how your company would meet the following Deliverable Expectations. Please explain in detail each of the following deliverables in your response.

d. Maturity Assessment/Gap Analysis

e. Deployment Plan

f. Resource/Role Needs

g. Training Plans/Needs

h. Deployment Assistance

2. Please explain what your assessment/implementation methodology looks like? Please break your company’s methodology for assessment/implementation down by phase.

3. Please describe each phase, the associated tasks and tools needed. Please include deliverables as well as an estimated timeline.

4. Please provide an explanation of the tools used to perform this work.

a. Is the work performed dependent on (company name) purchase of any tools/methodologies beyond what is proposed by your company in this RFP?

b. What Industry or Proprietary tools do you utilize to help make recommendations? Would (company name) have complete access to utilize these tools?

5. Please provide a summary of your companies experience performing previous work completed. The previous experience should include cited examples of large organizations where the vendor has assisted in the development of a SOC/CDC design, including references to regional and global location, industry, and starting state of the implementation (updating a mature SOC to current standards vs. starting from no SOC and building it from scratch).

6. How many times have you successfully implemented your proposed solution in other engagements with companies similar to (company name)? Please provide examples and supporting documents/whitepapers/etc.

7. What are the main challenges and risks that your company has faced during similar engagements completed for other clients.

8. How does your company overcome these risks and challenges?

9. (Company Name) expectation is that resources deployed will have experience working with large enterprises in the deployment of a SOC/Cyber Security Defense Center.

a. The assigned resources should have experience in working in or with a SOC/CDC should have; a deep knowledge of security concepts (including advanced cyber-threats), documented credentials supporting their expertise in the field, background in incident response/CSIRT services and incident handling.

i. Please outline the team members, their role and their titles. Please provide details of the types of experience and qualifications that your resources have on similar projects.

ii. Does your company use subcontractors in the delivery of these Services?

iii.

10. Pricing

NOTE: The information for this section should be provided totally separate from the remainder of your RFP response and labeled Pricing Response.

a. Outline in this section all costs involved with providing the above services and tasks for (company name). Please be thorough in your explanation and methodology and detail any assumptions made in your assessment.

b. Is your pricing model based on an hourly rate, results-based, flat fee or other? Please explain your model, what is included in any fee and identify all rates for any staffing that would be used in providing these services.

c. Identify any other costs for these services.

d. Provide a total cost for completing the service and an explanation of methodology or process used to arrive at this price.

11. After reading the requirements listed above, what risks do you foresee that could impact the success of this RFP? How would you resolve these risks?

12. As part of your response, please include additional appendices as applicable. Do not include any marketing materials.

Topics: Managed SOC

Chandra Prakash Suryawanshi

Written by Chandra Prakash Suryawanshi

Chandra Prakash has over 16 years of experience in the Information Security and Risk Management industry. He has worked extensively with customers across APAC and Middle East in helping them with their information security challenges. He has an MBA in Information Science from Hartford University, USA and is certified CISSP, CISA, SANS GSEC, ISO 27001 LI and BS 25999 LA professional.

     

Subscribe