Professional Documents
Culture Documents
Contents
1
INTRODUCTION..............................................................................................................................................
PROSPECTIVE AGREEMENT & ACKNOWLEDGEMENTS.......................................................................................
VENDOR SELECTION CRITERIA.......................................................................................................................
RFP SCHEDULE............................................................................................................................................
QUESTIONS & ANSWERS (Q&A).....................................................................................................................
PROSPECTIVE VENDOR SESSIONS..................................................................................................................
ADDITIONAL RFP TERMS AND CONDITIONS.....................................................................................................
SCOPE AND STRATEGY SECTION OF ANTI-VIRUS SOLUTION................................................................
2.1
2.2
2.3
2.4
3
SUBJECT OF RFP..........................................................................................................................................
PROPOSED STRATEGY...................................................................................................................................
KEY GOALS...................................................................................................................................................
TARGET DATES..............................................................................................................................................
VENDOR PROPOSAL FORMAT...................................................................................................................
3.1
3.2
3.3
3.4
3.5
3.6
3.7
3.8
3.9
4
GENERAL INFORMATION................................................................................................................................
SOLUTION FUNCTIONALITY............................................................................................................................
VENDOR CAPABILITIES..................................................................................................................................
SOLUTION COSTS........................................................................................................................................
IMPLEMENTATION TIMELINE...........................................................................................................................
PROFILES....................................................................................................................................................
METHODOLOGY...........................................................................................................................................
OTHER INFORMATION/SIGNATURES REQUIRED...............................................................................................
SUPPORTING DOCUMENTATION.....................................................................................................................
SOLUTION REQUIREMENTS.......................................................................................................................
4.1
4.2
5
5.1
5.2
5.3
5.4
BACKGROUND..............................................................................................................................................
ARCHITECTURE............................................................................................................................................
PILOT TESTING............................................................................................................................................
TRANSITION/DEPLOYMENT SUPPORT............................................................................................................
PROJECT DELIVERABLES.........................................................................................................................
10
11
EXHIBIT U.....................................................................................................................................................
14
EXHIBIT W - PRICING..................................................................................................................................
15
16
1.1 Introduction
Hilton Worldwide, Inc., is requesting proposals to provide Antivirus Solution. All terms and
conditions, guidelines, and provisions stated throughout the RFP apply to Hilton Worldwide,
Inc., and its subsidiaries, affiliates, partners, and joint ventures and to each of their officers,
directors, agents and employees (collectively HWI), as well as to any HWI trade names,
trademarks, service marks, or logos.
Performed By
1.
HWI
August 9, 2013
2.
RFP Participant
3.
HWI
August 23,2013
4.
RFP Participant
5.
HWI& RFP
Participant
TBD
6.
TBD
The above schedule may change at HWIs sole discretion. All prospective Vendors shall be
notified should any of the above change.
RFP Q&A
TEMPLATE.xls
ALL RFP questions should be directed in electronic format, using the RFP Q&A Template, with
Anti-virus Solution for 2014 Q&A as the Subject Header to:
Stuart B. Thomas
Director, RFP Management
Email: stuart.thomas@hilton.com
C.
D.
E.
F.
G.
H.
I.
J.
specifications that have been received in relation to this RFP without prior
written consent by Hilton.
Prospective Vendor shall DESTROY all samples, information, documents, and
specifications received from HWI in relation to this RFP upon bid award decision
notification or upon notice from HWI.
Prospective Vendor agrees to use any distributor that is designated by HWI to
distribute product unless Prospective Vendor can produce documentation to
demonstrate that such a move would violate a contractual agreement between
Prospective Vendor and current Prospective Vendor distributor(s); refusal shall
automatically grant HWI the right to assign the area or hotels within the area to
another supplier / manufacturer without violating the agreed upon terms and
conditions of any bid or contract in place and without affecting pricing for all
other areas or hotel(s)
Any resultant agreement will be non-exclusive, meaning that Hilton reserves the
right to utilize other suppliers for any of the services described in the RFP, if
deemed appropriate. HWI reserves the right to award all, a portion, or none of
the products or services to any Prospective Vendor.
Any data or response that is either missing or incomplete shall at Hiltons
discretion be considered a no bid for that particular item or portion of the RFP.
This Request for Proposal does not constitute an offer to enter into any contract
and it does not commit Hilton to entering into any contract for all or any part of
the proposals submitted. HWI is under no obligation to disclose the reasons for
refusal or acceptance. Any such agreement would arise only as a result of the
execution and delivery of a formal definitive written agreement. You specifically
covenant and agree that no person claiming by, under or through you shall bring
any claim against Hilton or any person related to HWI based upon this RFP as a
result of a failure to agree on or enter into such agreement, or for any other reason
related to the project, other than pursuant to the aforementioned agreements if it
is executed and delivered. However, submission of a proposal in response to this
RFP does create certain binding obligations on the part of the Prospective Vendor,
as further set forth herein, in consideration of HWI time and expense in reviewing,
considering, selecting and negotiating such proposals. Each Prospective Vendor
submitting a proposal is solely responsible for the costs and expenses incurred by
it in the preparation and presentation of the proposal and any other related costs
and expenses, and these cannot be charged to Hilton. All supporting
documentation and manuals submitted with this proposal will become the
property of Hilton.
Unless expressly agreed by HWI in writing, all material submitted by any
Prospective Vendor is not to be considered confidential and will not be treated as
confidential or proprietary regardless of markings. Without limiting the
foregoing, HWI reserves the right to make copies of each proposal submitted by
Prospective Vendors.
Responses not received by the due date will not be considered. ALL responses
MUST be submitted in the format requested or the entire bid shall be considered
null and void at HWI discretion.
Data provided are estimates and shall not bind HWI to meet such estimates at
any time. While HWI believes that the information contained in this document is
correct, HWI gives no warranty in relation to such information (including any
other information provided in connection with this project) and HWI accepts no
responsibility or liability for any errors, inaccuracies or omissions in or from such
information. HWI reserves the right to amend this RFP in any manner prior to
contract award.
K. Even though a proposal may be rejected, HWI reserves the right to use any
concept or ideas contained therein, without incurring any liability.
L. HWI may elect in its discretion to enter into negotiations with more than one
Prospective Vendor simultaneously and enter into an agreement with any
supplier or suppliers in negotiations without prior notification to any other
Prospective Vendor negotiating with HWI.
M. Unless otherwise determined by HWI , all bids are considered best and final
N. All bids should include all information solicited by this RFP, plus any additional
data, prints and literature that the Prospective Vendor deems pertinent to the
understanding and evaluation of this proposal within the constraints of this RFP.
Any corrections or changes to this RFP will be made by addendum at HWIs sole
discretion. Interpretations, corrections or changes made in any other manner will
not be binding and the Prospective Vendor shall not rely on any such
interpretations, corrections and changes. Each person submitting a proposal
thereby indemnifies and holds harmless HWI, its hotels and each of their owners,
partners, subsidiaries, affiliates, franchisees, and each of such persons or entities
officers, directors, agents, contractors, subcontractors, guests, residents, visitors,
licensees, invitees, permitees and employees (collectively referred to as the
"Indemnitees"), and each of them, against and from any and all allegations,
demands, claims, liabilities, damages, fines, penalties or costs of whatsoever
nature (including reasonable attorney's fees), and whether by reason of death of
or injury to any person or loss of or damage to any property or otherwise
(Claims), arising out of or in any way connected with this RFP, including without
limitation any Claims related to infringement by Prospective Vendor of the rights
of any person, including without limitation, copyright, patent, trade secret, trade
mark, artist rights, droit moral, privacy, publicity or other intellectual property
laws.
O. Any alteration of any portion of the RFP Main Document by an RFP participant will
result in disqualification of RFP participant at HWI sole discretion.
P. Prospective Vendors are prohibited from directly contacting team members of
Hilton Supply Management, Hilton or any participating HWI Brand or corporate
department during the RFP process regarding the RFP. All communication should
be directed to Stuart B. Thomas.
Q. Prospective Vendors will be required to provide all products and services
pursuant to the terms of the SERVICES AGREEMENT.
R. By submitting a proposal, a Prospective Vendor agrees to all terms of this RFP
and Hilton will rely upon such agreement in this regard when it evaluates which
proposal to select. If a Prospective Vendors proposal is selected and the
Prospective Vendor attempts to renegotiate its agreement to these terms, Hilton
will have relied to its detriment on such prior agreement in selecting the
proposal rather than other proposals and such Prospective Vendor will be
responsible for all costs and expenses related thereto. In choosing to submit a
proposal in response to this RFP, a Prospective Vendor is agreeing to these terms
and conditions set forth in this RFP and that the services to be provided are
mission critical services and any delay in this process would severely impact HWI
core business. Since the final proposal will be selected in reliance upon
Prospective Vendors response to this RFP both this RFP and such proposal will be
incorporated into the final agreement for products and services.
S. HWI has the right to reject any or all proposals, and, in particular, to reject a
proposal not accompanied by data required by this RFP or a proposal that is in any
way incomplete or irregular. Hilton also reserves the right to:
Revised/Updated 11/04/2010 sbt
Reject any and all proposals received in response to this RFP, and will not be
bound to the lowest proposed price
Waive or modify minor irregularities in proposals received, after prior
notification to the Prospective Vendor
Adjust any Prospective Vendors expected cost, based on determination by
HWI that the selection of said Prospective Vendor will incur additional cost by
HWI
Adapt all or any part of a Prospective Vendors proposal
Negotiate separately with any source whatsoever in any way necessary to
service the best interests of HWI
Require and request additional information from the Prospective Vendor and
conduct necessary investigations to determine the accuracy of proposal
information
Require oral presentations and/or operational documents of the system,
service, products, or equipment proposed
The RFP is soliciting proposals to select an endpoint anti-virus solution to replace the
one currently HWI is using on all properties and Corporate Offices.
License for the current anti-virus solution HWI have expires on the 29 th June 2014.
Currently, there are more than 79K computers deployed in 4000+
properties/Corporate Offices across 70+ countries. Total number of computers is
expected to be 85K+ in 2014.
Review proposals and select the vendor can meet HWIs requirements.
Pilot the new solution at a small number of properties and run in parallel at least for a
period of two weeks.
Resolve any issues during pilot period and update documentation
Complete deployment at the rest of the properties and Corporate Offices.
Remove the current anti-virus solution and deploy the new solution via automated
means.
Complete deployment by 29th June 2014.
Enable centralized management/reporting capabilities for Hilton Enterprise Security,
Architecture, Hotel and Corporate Support Teams
Enable localized management/reporting capabilities for Field IT Teams/Hotel General
Managers
All properties / Corporate Offices should be running on new software by 29th June
2014 as current Endpoint Security product license expires.
Depends on how quickly new clients can be deployed/old clients can be removed, the
dates may change. (The Go Live date is set to minus three months before the 29 th
June 2014 deadline.
ID
Target Completion
Date
Activity
31/Jan/14
07/Mar/14
15/Mar/14
22/Mar/14
01/Apr/14
29/Jun/14
3.3.2.11
3.3.2.12
Active Directory support and integration on a multidomain/workgroup environment. (no trust between domains)
3.3.2.13
Ability to scan defined IP subnets periodically to detect machines
without client installed.
3.3.2.14
Web based console feature to allow large number of local IT
Admins/Support Desk Engineers/Hotel GMs to control their own sites.
3.3.2.15
3.3.2.16
Ability to cleanup of old computers automatically. (i.e. computers
that are note reported 60+ days)
3.3.3 Database Features / Requirements
3.3.3.1 What platforms / operating systems does your database product run on?
3.3.3.2 Does database server work on virtual environment? If so, are there any
additional requirements for virtual environment?
3.3.3.3 What database does your product use/support?
3.3.3.4 How many databases will be required? (i.e. per management console, etc.)
3.3.3.5 What is the initial database size and expected growth rate per client?
3.3.3.6 Does each client require to make direct connection to the database?
3.3.3.7 Describe backup requirements for the database(s).
3.3.7.1 What platforms / operating systems does your client product run on?
(Please include all supported operating systems, including POS ones such
as Windows CE, Embedded, POSReady2009, etc.)
3.3.7.2 Describe the footprint of the client product on idle and on scanning (i.e.
usage of memory/CPU/diskspace resources)
3.3.7.3 Minimum and recommended hardware/software requirements
3.3.7.4 Localization support (Can client automatically switch to the language
based on regional settings configured on the user profile?)
3.3.7.5 Management and reporting when client is out of the company network
(i.e. reporting status of AV client when the user at home)
3.3.7.6 Malware Protection
3.3.7.6.1Proactive suspicious activity detection
3.3.7.6.2Any statistics on how quickly signatures getting released (i.e. zero-day
attacks, etc.)
3.3.7.6.3Cloud based protection
3.3.7.6.3.1
3.3.7.6.3.2
Bandwidth requirements
3.3.7.6.4Are there any offline cleanup tool available? (i.e. bootable disk for
scanning/cleaning)
3.3.7.7 Tamper Protection
3.3.7.8 Protect specific registry keys / services / configuration files (this includes
general OS components, not specific to client product)
3.3.7.9 Password protection for unwanted removal of the client product.
3.3.7.10
Allow specific processes/tools to interact with the client product (i.e.
software distribution agent to stop on-access scanner while
copying/downloading data to the client computer)
3.3.7.11
Role based security and access control on the client (i.e. regular
users can only scan/clean viruses but cannot change configuration, etc.)
3.3.7.12
Client Update
3.3.7.12.1
Location awareness / Automatically detect closest update
distribution point or update from internet location when connected out
of the company network
3.3.7.12.2
Bandwidth throttling / limiting download rate for large software
updates
3.3.7.12.3
Schedule software and signature updates separately (i.e. signature
updates every 30 mins, software updates randomly between 8am 8pm,
etc.)
3.3.7.13
Application Control
3.3.7.13.1
3.3.7.13.2
Blocking applications based on users profile/group (i.e. allow PsExec
to IT Manager but block for regular users, etc.)
3.3.7.13.3
Audit mode for monitoring application usage (i.e. detect but do not
block the application)
3.3.7.13.4
Ability to prompt users for sending application usage requests (i.e.
prompting user a form to submit request for allowing a blocked
application)
3.3.7.14
Host Firewall
3.3.7.14.1
Ability to create firewall inbound/outbound rules for network
ports/applications
3.3.7.14.2
Location awareness/profile selection based on IP address or DNS
resolution
3.3.7.14.3
3.3.7.15
Web Control
3.3.7.15.1
3.3.7.15.2
3.3.7.15.3
3.3.7.16
3.3.7.16.1
3.3.7.16.2
Ability to monitor or block files depending on the destination they
are being copied
3.3.7.16.3
Pre-defined content rules (i.e. credit card numbers, social security
numbers, etc.)
3.3.7.16.4
Ability to use mathematical algorithms for detecting certain content
(i.e. detecting credit card numbers with CC algorithm, not via regular
expressions like 16 digit number starting with 45, etc.)
3.3.7.17
Device Control
3.3.7.17.1
3.3.7.17.2
Ability to allow/block devices based on user profile/group (i.e. allow
USB keys only to department heads)
3.3.7.17.3
3.3.7.17.4
Blocking network connection when hybrid connection detected (i.e.
wireless/Bluetooth connected to a public network while the machine has
connected physically to LAN)
3.3.7.18
Patch Assessment
3.3.7.18.1
Does client support patch assessment and report missing Microsoft
and 3rd party patches?
3.3.7.18.2
Does the patch assessment support integration of local WSUS and/or
SCCM implementation?
3.3.7.18.3
Ability to remediate missing patches (i.e. force to update Java
Runtime,)
3.3.7.19
Encryption
3.3.7.19.1
Does client support full-disk encryption or integrated to another
encryption product?
3.3.7.19.2
Does client support file-based encryption? (i.e. enabling encryption
of user files / documents, etc.)
3.3.7.19.3
Can encryption automatically be activated on mobile devices? (i.e.
laptops, tablets, etc.)
3.3.7.19.4
3.3.7.19.5
3.3.7.19.6
Ability to prevent unwanted encryption (i.e. not encrypting
removable disks on cameras or mobile phones)
3.6 Profiles
Attach profiles and resumes of key staff members engaging on the implementation
project
3.7 Methodology
Provide a statement as to willingness to comply with HWIs Methodology as
described in 6
4 Solution Requirements
4.1 Operating Platform Model
Please provide a detailed architecture diagram of your solution, including a detailed
explanation of all applications that comprise your solution. (Reference Exhibit A for
Client current state operating platform model and associated application descriptions.)
Clients assumption is that the current operating platform will remain same or there will
be minimal changes/additions. But the vendor can propose changes (i.e. cloud based
management consoles, etc.) in order to deliver better service at lower costs.
5 Scope of Work
5.1 Background
Details of scope of work required as part of scope of this RFP Addendum have been defined
in the preceding sections. This section introduces an additional body of work that is required
to be bundled along with these services.
5.2 Architecture
Please provide architecture diagram of the various components of the total solution and use
sub-sections to provide additional detail, as necessary, e.g. to describe operational vs
development work or expected future work.
6 Project Deliverables
In addition to responses provided to this RFI, respondents are expected to work with
HWI project teams to fully define the target solution and associated SLAs in advance
of agreement execution. It is expected that the respondent will collaborate with the
HWI project team and will adhere to the Hilton Enterprise Methodology for the
initiation of this engagement and for any projects subsequently initiated. The Hilton
Enterprise Methodology is a blend of Six Sigma tools and UML standards that
prescribe deliverables according to a pre-defined project lifecycle, as follows:
Design Validate final requirements, define detailed data initialization plan, design
detailed solution including data model and software models, and design detailed
training, communication, and change management materials.
Build Build target solution, configure products, develop and unit test code, run
code reviews, develop detailed test and deployment plans, and build detailed
training, communication, and change management materials.
Test Conduct all testing, including regression, integration, quality assurance, user
acceptance testing, performance testing, and finalize and test detailed
deployment plan. Verify all testing results, data and application readiness, and
training completion.
Run Complete deployment activities, resolve deployment issues/defects, and
achieve steady state.
Monitor: Ensure that monitors are in place and knowledge has been transferred to
support teams. During this phase an analysis will be completed to measure
performance against stated goals and objectives for the project.
Server Inventory
AV-Architecture.pdf
Sites
Clients
North America - 1
1482
16274
North America 2
1296
16055
North America 3
624
10827
45 hotels + 59 HGV
resorts
4678
269
12804
Asia Pacific
83
7722
Corporate Offices
16 + remote users
11546
Security Review
Documentation Requirements.pdf
SIG_SIGv6.2.xls
BUSINESS ENTITY
PARTICIPANT INFORMATION_United States.pdf
12 Exhibit U
Signature of Authorized Representative
I, _______________________, an authorized representative of _________________________, the
Prospective Vendor, submitting a proposal in response to this RFP, have read and fully
understand all sections of the Request for Proposal, and acknowledge and agree that an
Agreement may be entered into with Hilton Worldwide, Inc., that shall contain, at a
minimum, the services, rates and pricing as set forth herein. I further understand that the
issuance of this RFP and subsequent receipt of the response to this RFP does not obligate
Hilton Worldwide, Inc., to purchase any goods or services from our company.
Name (Print)
Signature
Title
Company
Phone
Date
13 Exhibit W - Pricing
Anti
Virus_RFP_Pricing Worksheet.xls
Hilton Enterprise
Methodology Overview_0912.pptx