FAQ: IT Policy Development

Basic Information

Will you accept proposals from both teams and individual consultants?
We are open to working with teams or individual consultants. For any team proposals, please supply a resume for at least the team lead.

What is the expected time frame for this work?
The project is expected to commence on October 07, 2024. The detailed timeline will be discussed and agreed upon with the selected consultant.

General Questions

What specific areas will the IT policies cover?
The IT policies will address various aspects including data protection and privacy, incident response, access control, security awareness training, IT asset management, business continuity and disaster recovery, acceptable use, remote work security, and internal data retention.

Who will be responsible for developing the IT policies?
The selected consultant will work closely with Brilliant Corners’ management team and IT department to develop the IT policies. They will conduct assessments, gather requirements, and draft policies aligned with our organizational objectives and compliance requirements. The policies will be evaluated by a Policy Committee before implementation.

How will the consultant ensure compliance with relevant regulations, such as HIPAA and GDPR?
The consultant will have expertise in IT policy development and compliance with relevant regulations, including HIPAA, GDPR, and other applicable laws. They will incorporate these regulatory requirements into the IT policies and provide guidance on implementation and enforcement to ensure compliance.

Training and Collaboration

Will staff members receive training on the new IT policies?
Yes, staff members will receive comprehensive training on the new IT policies to ensure understanding and adherence. The IT department will provide these policies to all staff during our cybersecurity training sessions. Front-end staff will be required to acknowledge the policies. Additionally, we will evaluate any recommendations from the consultant before finalizing and implementing the training.

Can consultants propose modifications to the scope of work outlined in the RFP?
Yes, consultants are encouraged to propose modifications or additional services that they believe would enhance the effectiveness of the project. Any proposed modifications will be evaluated based on their alignment with Brilliant Corners’ objectives and budget constraints.

Selection Process and Access to Documentation

How will the consultant selection process be conducted?
The consultant selection process will involve reviewing proposals received in response to the RFP, conducting interviews or presentations with shortlisted candidates, and evaluating qualifications, experience, and proposed approaches. The selection committee will make a final decision based on these criteria.

Can consultants collaborate with internal IT staff during the project?
Yes, consultants are encouraged to collaborate with Brilliant Corners’ internal IT staff members to leverage their knowledge of the organization’s IT infrastructure and operations. Close collaboration between the consultant and internal IT staff will ensure the development of policies that are practical, effective, and aligned with organizational goals.

Will Brilliant Corners provide access to existing IT documentation and policies for review by the consultant?
Yes, by request, Brilliant Corners provides a handbook to staff with existing IT documentation and policies.

What level of involvement is expected from Brilliant Corners’ staff during the development of the IT policies?
The IT staff will be mainly actively involved in providing input and feedback throughout the development process to ensure the policies meet organizational needs and compliance requirements.

Brilliant Corners IT Environment

Can the consultant recommend specific tools or solutions to support the implementation of the IT policies, such as cybersecurity software or compliance management platforms?
No at the moment. We aim to implement the policies first and leverage existing tools such as Microsoft Compliance.

Are there any specific software or technology platforms that the IT policies must address?
Yes, the IT policies should address platforms including Salesforce, Box.com, Intacct, and Microsoft O365 Tools.

What is Brilliant Corners’ IT infrastructure or operations that candidates should be aware of?
The IT department utilizes predominately Software as a Service (SaaS) solutions in its IT environment and provides Windows Computers and iPhone devices to staff. Additionally, the organization operates within a hybrid work environment, where staff work both remotely and in-office.

Additional Inquiries

Where can I direct additional questions or inquiries about the IT Policies RFP?
For additional questions or inquiries about the IT Policies RFP, please contact Juan Barillas, IT Manager, at jbarillas@brilliantcorners.org