HWI Antivirus 2014 RFP_Final
Content
Hilton Worldwide, Inc.
Anti-virus Solution for 2014
Request for Proposal
August 9, 2013
Contents
1
RFP BACKGROUND MATERIALS.................................................................................................................
1.1
1.2
1.3
1.4
1.5
1.6
1.7
2
INTRODUCTION..............................................................................................................................................
PROSPECTIVE AGREEMENT & ACKNOWLEDGEMENTS.......................................................................................
VENDOR SELECTION CRITERIA.......................................................................................................................
RFP SCHEDULE............................................................................................................................................
QUESTIONS & ANSWERS (Q&A).....................................................................................................................
PROSPECTIVE VENDOR SESSIONS..................................................................................................................
ADDITIONAL RFP TERMS AND CONDITIONS.....................................................................................................
SCOPE AND STRATEGY SECTION OF ANTI-VIRUS SOLUTION................................................................
2.1
2.2
2.3
2.4
3
SUBJECT OF RFP..........................................................................................................................................
PROPOSED STRATEGY...................................................................................................................................
KEY GOALS...................................................................................................................................................
TARGET DATES..............................................................................................................................................
VENDOR PROPOSAL FORMAT...................................................................................................................
3.1
3.2
3.3
3.4
3.5
3.6
3.7
3.8
3.9
4
GENERAL INFORMATION................................................................................................................................
SOLUTION FUNCTIONALITY............................................................................................................................
VENDOR CAPABILITIES..................................................................................................................................
SOLUTION COSTS........................................................................................................................................
IMPLEMENTATION TIMELINE...........................................................................................................................
PROFILES....................................................................................................................................................
METHODOLOGY...........................................................................................................................................
OTHER INFORMATION/SIGNATURES REQUIRED...............................................................................................
SUPPORTING DOCUMENTATION.....................................................................................................................
SOLUTION REQUIREMENTS.......................................................................................................................
4.1
4.2
5
OPERATING PLATFORM MODEL.....................................................................................................................
DEPLOYMENT MODEL...................................................................................................................................
SCOPE OF WORK........................................................................................................................................
5.1
5.2
5.3
5.4
BACKGROUND..............................................................................................................................................
ARCHITECTURE............................................................................................................................................
PILOT TESTING............................................................................................................................................
TRANSITION/DEPLOYMENT SUPPORT............................................................................................................
6
PROJECT DELIVERABLES.........................................................................................................................
7
EXHIBIT A - CURRENT STATE OPERATING PLATFORM MODEL............................................................
8
EXHIBIT B - CURRENT STATE DEPLOYMENT MODEL.............................................................................
9
EXHIBIT E - CURRENT STATE ENVIRONMENT.........................................................................................
10
EXHIBIT F - ENTERPRISE SECURITY REQUIREMENTS...........................................................................
11
EXHIBIT G – BUSINESS ENTITY INFORMATION FORM............................................................................
Revised/Updated 11/04/2010 sbt
PLEASE COMPLETE AND SUBMIT WITH RFP RESPONSE..............................................................................
12
EXHIBIT U.....................................................................................................................................................
THIS PAGE INTENTIONALLY LEFT BLANK........................................................................................................
13
EXHIBIT V – SERVICES AGREEMENT........................................................................................................
14
EXHIBIT W - PRICING..................................................................................................................................
15
EXHIBIT Y - WMBE REPORTING.................................................................................................................
16
EXHIBIT Z – HILTON ENTERPRISE METHODOLOGY...............................................................................
Revised/Updated 11/04/2010 sbt
1 RFP Background Materials
This section of the document provides general information regarding required services, vendor
selection criteria, and response guidelines.
1.1 Introduction
Hilton Worldwide, Inc., is requesting proposals to provide Antivirus Solution. All terms and
conditions, guidelines, and provisions stated throughout the RFP apply to Hilton Worldwide,
Inc., and its subsidiaries, affiliates, partners, and joint ventures and to each of their officers,
directors, agents and employees (collectively “HWI”), as well as to any HWI trade names,
trademarks, service marks, or logos.
1.2 Prospective Agreement & Acknowledgements
It is HWI’s intent to form a long-term relationship with our chosen vendor(s).
Price quotes should hold for at least a period of six months from bid submission. At any time
beginning with the commencement of this RFP, where an awarded bid participant is not able
to meet its RFP quotes and Agreement commitments, HWI reserves the right to cancel any
Agreement and put the product(s) and/or service(s) back out for bid.
Award recipients will be expected to enter into Agreement with HWI immediately following
the bid award. A Service Level Agreement and pricing schedule will be added to the
Services Agreement and will be negotiated in advance of the bid award.
Participants who for any reason must withdraw or are withdrawn from the RFP process at
any point will continue to be held to the terms and conditions set forth in the Confidentiality
and Non Disclosure Agreement, the Letter of Intent, and the provisions contained within the
RFP Background Materials.
By signing Exhibit U, you acknowledge that you understand the unique and proprietary
nature of the confidential information extended as a result of this RFP, and agree that in the
event of an actual or alleged breach hereof (e.g., to produce any of the bid products without
express written approval by HWI), or under any other circumstances whatsoever, in all
likelihood HWI may suffer great and irreparable injury. In such event, HWI’s remedies at law
may not be adequate, and HWI shall therefore be entitled to seek equitable relief (including
without limitation injunctive relief, specific performance or other equitable remedies) in
addition to all other remedies provided hereunder or available at law. Unless otherwise
determined by HWI, the governing law shall be the state of New York.
1.3 Vendor Selection Criteria
Responses may be evaluated using criteria in accordance with HWI’s strategic goals including,
but not limited to, the following (and not necessarily in order of importance):
1
2
3
4
Total cost of the solution
Adherence to PCI DSS Guidelines
Ease of implementation and deployment
Geographical Presence
Revised/Updated 11/04/2010 sbt
1.4 RFP Schedule
Action
Item #
Action Item Description
Performed By
Due Date / Time
1.
Electronic distribution of RFP
HWI
August 9, 2013
2.
Electronic submission of Questions to HWI
RFP Participant
August 16, 2013
3.
Questions & Answers Teleconference call
HWI
August 23,2013
4.
Hard copy and electronic copy of RFP Responses
back to HWI
RFP Participant
5.
Optional Prospective Vendor Sessions
HWI& RFP
Participant
TBD
6.
HWI bid evaluation
HWI& RFP Project
Team
TBD
August 30, 2013
The above schedule may change at HWI’s sole discretion. All prospective Vendors shall be
notified should any of the above change.
1.5 Questions & Answers (Q&A)
Prospective Vendors will be given an opportunity to submit questions during a specified
period as noted in the above RFP Schedule. ALL questions must be submitted to HWI in
electronic format using the RFP Q&A Template. NO phone calls or personal meetings aside
from the Prospective Vendor Sessions will be accepted. HWI will provide all Prospective
Vendors with an electronic copy of all Q&A minus any information that could be construed as
confidential or reveal the Prospective Vendor’s identify, at HWI’s sole discretion.
RFP Q&A
TEMPLATE.xls
ALL RFP questions should be directed in electronic format, using the RFP Q&A Template, with
“Anti-virus Solution for 2014 Q&A” as the Subject Header to:
Stuart B. Thomas
Director, RFP Management
Email: [email protected]
Revised/Updated 11/04/2010 sbt
1.6 Prospective Vendor Sessions
Prospective vendors may be invited to present their proposals in person. Vendors should be
prepared to give a presentation to review their responses.
Responses & Delivery Instructions
A. ALL responses must be in the specified format as indicated in section 3. All returned
responses that do not conform to the specified format shall be disqualified at HWI’s
discretion.
B. All Proposals must be received by August 23, 2013, at 5:00 PM Central time.
1. HWI requires one (1) copy of all responses as an email attachment in original
format (e.g. MS Word, MS Excel). Do NOT convert any document into a format
other than what you originally received. Please follow the guidelines below.
a. Send emails to:
[email protected]
Email Subject should read:
“Anti-virus Solution for 2014 – Prospective Vendor’s Name”
2. HWI shall require one (1) hard copy of all responses.
All hard copies should be sent by UPS or FedEx to:
Stuart B. Thomas
Hilton Worldwide, Inc.
755 Crossover Lane, AW/B2
MEMPHIS, TN 38117
a. <<HARD COPY INSTRUCTIONS E.G.: Hard copy should be in 3-ring binders
and include tabs indicating the following documents listed below in the
following order:
i. Original INITIALED RFP Background Materials
ii.Two business cards of the Prospective Vendor’s primary point of contact
1.7 Additional RFP Terms and Conditions
A. Nothing contained in the RFP shall grant to participants any usage or license
rights whatsoever to Hilton’s trade names, trademarks, service marks or logos in
any way or manner.
B. Prospective Vendor shall NOT use, except as expressly permitted in this RFP, or
disclose, distribute or transfer ANY samples, information, documents, and
Revised/Updated 11/04/2010 sbt
C.
D.
E.
F.
G.
H.
I.
J.
specifications that have been received in relation to this RFP without prior
written consent by Hilton.
Prospective Vendor shall DESTROY all samples, information, documents, and
specifications received from HWI in relation to this RFP upon bid award decision
notification or upon notice from HWI.
Prospective Vendor agrees to use any distributor that is designated by HWI to
distribute product unless Prospective Vendor can produce documentation to
demonstrate that such a move would violate a contractual agreement between
Prospective Vendor and current Prospective Vendor distributor(s); refusal shall
automatically grant HWI the right to assign the area or hotels within the area to
another supplier / manufacturer without violating the agreed upon terms and
conditions of any bid or contract in place and without affecting pricing for all
other areas or hotel(s)
Any resultant agreement will be non-exclusive, meaning that Hilton reserves the
right to utilize other suppliers for any of the services described in the RFP, if
deemed appropriate. HWI reserves the right to award all, a portion, or none of
the products or services to any Prospective Vendor.
Any data or response that is either missing or incomplete shall at Hilton’s
discretion be considered a “no bid” for that particular item or portion of the RFP.
This Request for Proposal does not constitute an offer to enter into any contract
and it does not commit Hilton to entering into any contract for all or any part of
the proposals submitted. HWI is under no obligation to disclose the reasons for
refusal or acceptance. Any such agreement would arise only as a result of the
execution and delivery of a formal definitive written agreement. You specifically
covenant and agree that no person claiming by, under or through you shall bring
any claim against Hilton or any person related to HWI based upon this RFP as a
result of a failure to agree on or enter into such agreement, or for any other reason
related to the project, other than pursuant to the aforementioned agreements if it
is executed and delivered. However, submission of a proposal in response to this
RFP does create certain binding obligations on the part of the Prospective Vendor,
as further set forth herein, in consideration of HWI time and expense in reviewing,
considering, selecting and negotiating such proposals. Each Prospective Vendor
submitting a proposal is solely responsible for the costs and expenses incurred by
it in the preparation and presentation of the proposal and any other related costs
and expenses, and these cannot be charged to Hilton. All supporting
documentation and manuals submitted with this proposal will become the
property of Hilton.
Unless expressly agreed by HWI in writing, all material submitted by any
Prospective Vendor is not to be considered confidential and will not be treated as
confidential or proprietary regardless of markings. Without limiting the
foregoing, HWI reserves the right to make copies of each proposal submitted by
Prospective Vendors.
Responses not received by the due date will not be considered. ALL responses
MUST be submitted in the format requested or the entire bid shall be considered
null and void at HWI discretion.
Data provided are estimates and shall not bind HWI to meet such estimates at
any time. While HWI believes that the information contained in this document is
correct, HWI gives no warranty in relation to such information (including any
other information provided in connection with this project) and HWI accepts no
responsibility or liability for any errors, inaccuracies or omissions in or from such
information. HWI reserves the right to amend this RFP in any manner prior to
contract award.
Revised/Updated 11/04/2010 sbt
K. Even though a proposal may be rejected, HWI reserves the right to use any
concept or ideas contained therein, without incurring any liability.
L. HWI may elect in its discretion to enter into negotiations with more than one
Prospective Vendor simultaneously and enter into an agreement with any
supplier or suppliers in negotiations without prior notification to any other
Prospective Vendor negotiating with HWI.
M. Unless otherwise determined by HWI , all bids are considered “best and final”
N. All bids should include all information solicited by this RFP, plus any additional
data, prints and literature that the Prospective Vendor deems pertinent to the
understanding and evaluation of this proposal within the constraints of this RFP.
Any corrections or changes to this RFP will be made by addendum at HWI’s sole
discretion. Interpretations, corrections or changes made in any other manner will
not be binding and the Prospective Vendor shall not rely on any such
interpretations, corrections and changes. Each person submitting a proposal
thereby indemnifies and holds harmless HWI, its hotels and each of their owners,
partners, subsidiaries, affiliates, franchisees, and each of such persons’ or entities’
officers, directors, agents, contractors, subcontractors, guests, residents, visitors,
licensees, invitees, permitees and employees (collectively referred to as the
"Indemnitees"), and each of them, against and from any and all allegations,
demands, claims, liabilities, damages, fines, penalties or costs of whatsoever
nature (including reasonable attorney's fees), and whether by reason of death of
or injury to any person or loss of or damage to any property or otherwise
(“Claims”), arising out of or in any way connected with this RFP, including without
limitation any Claims related to infringement by Prospective Vendor of the rights
of any person, including without limitation, copyright, patent, trade secret, trade
mark, artist rights, droit moral, privacy, publicity or other intellectual property
laws.
O. Any alteration of any portion of the RFP Main Document by an RFP participant will
result in disqualification of RFP participant at HWI sole discretion.
P. Prospective Vendors are prohibited from directly contacting team members of
Hilton Supply Management, Hilton or any participating HWI Brand or corporate
department during the RFP process regarding the RFP. All communication should
be directed to Stuart B. Thomas.
Q. Prospective Vendors will be required to provide all products and services
pursuant to the terms of the SERVICES AGREEMENT.
R. By submitting a proposal, a Prospective Vendor agrees to all terms of this RFP
and Hilton will rely upon such agreement in this regard when it evaluates which
proposal to select. If a Prospective Vendor’s proposal is selected and the
Prospective Vendor attempts to renegotiate its agreement to these terms, Hilton
will have relied to its detriment on such prior agreement in selecting the
proposal rather than other proposals and such Prospective Vendor will be
responsible for all costs and expenses related thereto. In choosing to submit a
proposal in response to this RFP, a Prospective Vendor is agreeing to these terms
and conditions set forth in this RFP and that the services to be provided are
mission critical services and any delay in this process would severely impact HWI
core business. Since the final proposal will be selected in reliance upon
Prospective Vendors’ response to this RFP both this RFP and such proposal will be
incorporated into the final agreement for products and services.
S. HWI has the right to reject any or all proposals, and, in particular, to reject a
proposal not accompanied by data required by this RFP or a proposal that is in any
way incomplete or irregular. Hilton also reserves the right to:
Revised/Updated 11/04/2010 sbt
Reject any and all proposals received in response to this RFP, and will not be
bound to the lowest proposed price
Waive or modify minor irregularities in proposals received, after prior
notification to the Prospective Vendor
Adjust any Prospective Vendor’s expected cost, based on determination by
HWI that the selection of said Prospective Vendor will incur additional cost by
HWI
Adapt all or any part of a Prospective Vendor’s proposal
Negotiate separately with any source whatsoever in any way necessary to
service the best interests of HWI
Require and request additional information from the Prospective Vendor and
conduct necessary investigations to determine the accuracy of proposal
information
Require oral presentations and/or operational documents of the system,
service, products, or equipment proposed
Revised/Updated 11/04/2010 sbt
2 Scope and Strategy Section of Anti-Virus Solution
2.1 Subject of RFP
This RFP is intended to solicit responses from vendors to Anti-Virus Solution for the Hilton
Worldwide, Inc., HWI business.
The RFP is soliciting proposals to select an endpoint anti-virus solution to replace the
one currently HWI is using on all properties and Corporate Offices.
License for the current anti-virus solution HWI have expires on the 29 th June 2014.
Currently, there are more than 79K computers deployed in 4000+
properties/Corporate Offices across 70+ countries. Total number of computers is
expected to be 85K+ in 2014.
2.2 Proposed Strategy
The current proposed strategy for this effort is to:
Review proposals and select the vendor can meet HWI’s requirements.
Pilot the new solution at a small number of properties and run in parallel at least for a
period of two weeks.
Resolve any issues during pilot period and update documentation
Complete deployment at the rest of the properties and Corporate Offices.
2.3 Key Goals
Remove the current anti-virus solution and deploy the new solution via automated
means.
Complete deployment by 29th June 2014.
Enable centralized management/reporting capabilities for Hilton Enterprise Security,
Architecture, Hotel and Corporate Support Teams
Enable localized management/reporting capabilities for Field IT Teams/Hotel General
Managers
2.4 Target Dates
All properties / Corporate Offices should be running on new software by 29th June
2014 as current Endpoint Security product license expires.
Depends on how quickly new clients can be deployed/old clients can be removed, the
dates may change. (The “Go Live” date is set to minus three months before the 29 th
June 2014 deadline.
ID
Target Completion
Date
Activity
1
31/Jan/14
Architecture/Design Phase Complete
3
07/Mar/14
Build Phase Complete
4
15/Mar/14
Deployment of Product to Test for UAT
5
22/Mar/14
Test Phase Complete
6
01/Apr/14
Go Live (Start Date for Client Deployment)
Revised/Updated 11/04/2010 sbt
29/Jun/14
Revised/Updated 11/04/2010 sbt
Client Deployment Complete
3 Vendor Proposal Format
Please provide the following minimum information in the proposal, in the format outlined
below:
3.1 General Information
3.1.1 High level understanding of Scope of Work
3.1.2 Contact Person(s)
3.2 Solution Functionality
3.2.1 Operating Platform Model: Provide a target operating platform model of
your solution per instructions in section 4.1
3.2.2 Deployment Model: Provide a target deployment model of your solution per
instructions in section 4.2
3.3 Vendor Capabilities
3.3.1 General
3.3.1.1 Provide evidence of similar implementations and solution strengths
3.3.1.2 How long this product been on the market?
3.3.1.3 Any awards or industry recognition?
3.3.1.4 Any independent performance / execution benchmark?
3.3.1.5 How much market share does product occupy?
3.3.1.6 How many users/clients using the product (split home vs enterprise
users)?
3.3.2 Management Console Features / Requirements
3.3.2.1 What platforms / operating systems does your management server
product run on?
3.3.2.2 Describe hardware requirements for the management servers
3.3.2.3 Does management server work on virtual environment? If so, are there
any additional requirements for virtual environment?
Revised/Updated 11/04/2010 sbt
3.3.2.4 Does management console/server support load balancing?
3.3.2.5 How many clients does Management Console support?
3.3.2.6 What are the failover/redundancy capabilities?
3.3.2.7 Support remote installation on multi-domain/local domain/workgroup
environment
3.3.2.8 Ability to remove the existing/previous AV solution on client machines.
3.3.2.9 Automatic grouping of clients based on their computer name, IP address,
domain name, OS version on the management console.
3.3.2.10
Single management console for controlling entire environment
3.3.2.11
Role-based administration support
3.3.2.12
Active Directory support and integration on a multidomain/workgroup environment. (no trust between domains)
3.3.2.13
Ability to scan defined IP subnets periodically to detect machines
without client installed.
3.3.2.14
Web based console feature to allow large number of local IT
Admins/Support Desk Engineers/Hotel GMs to control their own sites.
3.3.2.15
Ability to setup email alerting for individual sites.
3.3.2.16
Ability to cleanup of old computers automatically. (i.e. computers
that are note reported 60+ days)
3.3.3 Database Features / Requirements
3.3.3.1 What platforms / operating systems does your database product run on?
3.3.3.2 Does database server work on virtual environment? If so, are there any
additional requirements for virtual environment?
3.3.3.3 What database does your product use/support?
3.3.3.4 How many databases will be required? (i.e. per management console, etc.)
3.3.3.5 What is the initial database size and expected growth rate per client?
3.3.3.6 Does each client require to make direct connection to the database?
3.3.3.7 Describe backup requirements for the database(s).
Revised/Updated 11/04/2010 sbt
3.3.3.8 If a database recovery is required, how current must the database be
made?
3.3.3.9 Is mirroring/replication of database supported? (for disaster recovery
and/or load balancing)
3.3.4 Update Distribution Points
3.3.4.1 What platforms / operating systems does your update distribution product
run on?
3.3.4.2 Describe the footprint of the product (i.e. usage of memory/CPU/diskspace
resources)
3.3.4.3 Ability to schedule software and signature updates separately
3.3.4.4 Bandwidth throttling
3.3.4.5 Load balancing support to distribute to load between update distribution
points and create redundancy when local update distribution point goes
down.
3.3.5 Reporting
3.3.5.1 Executive reporting for global view of Hilton estate (i.e. total number of
clients, top 10 infections, top 10 sites with infections, etc.)
3.3.5.2 Operational reporting for IT admin/support teams (i.e. high-risk alerts to
take immediate action on, machines did not perform scheduled scans
more than a month, etc.)
3.3.5.3 Outbreak reporting for specific malware (i.e. report showing where
malware activity first detected and how it extended to other sites)
3.3.5.4 Enhanced reporting capabilities to create custom reports
3.3.5.5 Ability to email scheduled reports
3.3.5.6 Multiple file format support (HTML, CSV, PDF, XLS, etc.)
3.3.6 External Logging
3.3.6.1 Log shipping to 3rd Party SIEM systems (LogLogic, Splunk, other Syslog,
etc.)
3.3.6.2 SNMP reporting support
3.3.7 Endpoint Features / Requirements
Revised/Updated 11/04/2010 sbt
3.3.7.1 What platforms / operating systems does your client product run on?
(Please include all supported operating systems, including POS ones such
as Windows CE, Embedded, POSReady2009, etc.)
3.3.7.2 Describe the footprint of the client product on idle and on scanning (i.e.
usage of memory/CPU/diskspace resources)
3.3.7.3 Minimum and recommended hardware/software requirements
3.3.7.4 Localization support (Can client automatically switch to the language
based on “regional” settings configured on the user profile?)
3.3.7.5 Management and reporting when client is out of the company network
(i.e. reporting status of AV client when the user at home)
3.3.7.6 Malware Protection
3.3.7.6.1Proactive suspicious activity detection
3.3.7.6.2Any statistics on how quickly signatures getting released (i.e. zero-day
attacks, etc.)
3.3.7.6.3Cloud based protection
3.3.7.6.3.1
How does cloud detection work
3.3.7.6.3.2
Bandwidth requirements
3.3.7.6.4Are there any “offline” cleanup tool available? (i.e. bootable disk for
scanning/cleaning)
3.3.7.7 Tamper Protection
3.3.7.8 Protect specific registry keys / services / configuration files (this includes
general OS components, not specific to client product)
3.3.7.9 Password protection for unwanted removal of the client product.
3.3.7.10
Allow specific processes/tools to interact with the client product (i.e.
software distribution agent to stop on-access scanner while
copying/downloading data to the client computer)
3.3.7.11
Role based security and access control on the client (i.e. regular
users can only scan/clean viruses but cannot change configuration, etc.)
3.3.7.12
Client Update
3.3.7.12.1
Location awareness / Automatically detect closest update
distribution point or update from internet location when connected out
of the company network
Revised/Updated 11/04/2010 sbt
3.3.7.12.2
Bandwidth throttling / limiting download rate for large software
updates
3.3.7.12.3
Schedule software and signature updates separately (i.e. signature
updates every 30 mins, software updates randomly between 8am – 8pm,
etc.)
3.3.7.13
Application Control
3.3.7.13.1
Blocking unwanted/unapproved applications
3.3.7.13.2
Blocking applications based on users profile/group (i.e. allow PsExec
to IT Manager but block for regular users, etc.)
3.3.7.13.3
Audit mode for monitoring application usage (i.e. detect but do not
block the application)
3.3.7.13.4
Ability to prompt users for sending application usage requests (i.e.
prompting user a form to submit request for allowing a blocked
application)
3.3.7.14
Host Firewall
3.3.7.14.1
Ability to create firewall inbound/outbound rules for network
ports/applications
3.3.7.14.2
Location awareness/profile selection based on IP address or DNS
resolution
3.3.7.14.3
Intrusion Prevention System
3.3.7.15
Web Control
3.3.7.15.1
Block malicious websites
3.3.7.15.2
Block specific/custom defined websites
3.3.7.15.3
While-list specific/custom defined websites
3.3.7.16
Data Leak Protection
3.3.7.16.1
Ability to monitor or block files depending on their content
3.3.7.16.2
Ability to monitor or block files depending on the destination they
are being copied
3.3.7.16.3
Pre-defined content rules (i.e. credit card numbers, social security
numbers, etc.)
Revised/Updated 11/04/2010 sbt
3.3.7.16.4
Ability to use mathematical algorithms for detecting certain content
(i.e. detecting credit card numbers with CC algorithm, not via regular
expressions like 16 digit number starting with 45, etc.)
3.3.7.17
Device Control
3.3.7.17.1
Ability to block devices on make/model
3.3.7.17.2
Ability to allow/block devices based on user profile/group (i.e. allow
USB keys only to department heads)
3.3.7.17.3
Protection against hardware keyloggers
3.3.7.17.4
Blocking network connection when hybrid connection detected (i.e.
wireless/Bluetooth connected to a public network while the machine has
connected physically to LAN)
3.3.7.18
Patch Assessment
3.3.7.18.1
Does client support patch assessment and report missing Microsoft
and 3rd party patches?
3.3.7.18.2
Does the patch assessment support integration of local WSUS and/or
SCCM implementation?
3.3.7.18.3
Ability to remediate missing patches (i.e. force to update Java
Runtime,)
3.3.7.19
Encryption
3.3.7.19.1
Does client support full-disk encryption or integrated to another
encryption product?
3.3.7.19.2
Does client support file-based encryption? (i.e. enabling encryption
of user files / documents, etc.)
3.3.7.19.3
Can encryption automatically be activated on mobile devices? (i.e.
laptops, tablets, etc.)
3.3.7.19.4
Does full-disk encryption support pre-boot authentication?
3.3.7.19.5
Describe the encryption algorithm used/supported for encryption
3.3.7.19.6
Ability to prevent unwanted encryption (i.e. not encrypting
removable disks on cameras or mobile phones)
Revised/Updated 11/04/2010 sbt
3.3.8 Support and Maintenance
3.3.8.1 24/7 product support (Please describe your support model in detail,
whether there is a direct reporting technical account manager available or
not)
3.3.8.2 24/7 sample analysis and signature release. (Please describe sample
submission – new signature release process end to end with timelines)
3.3.8.3 Online threat database with detailed information (i.e. malware’s behavior,
registry keys/files/services it is creating on the machine, network
ports/domains it is using, etc.)
3.4 Solution Costs
3.4.1 Provide a pricing model and costs for your solution as described in Exhibit
W.
3.5 Implementation Timeline
Provide project plan indicating major milestones and resource loading to meet with
timeline described in section 2.4
3.6 Profiles
Attach profiles and resumes of key staff members engaging on the implementation
project
3.7 Methodology
Provide a statement as to willingness to comply with HWI’s Methodology as
described in 6
3.8 Other Information/Signatures Required
3.8.1 Exhibit U: Provide a signed copy by an authorized company representative
3.8.2 Exhibit Y: Provide your response as indicated
3.9 Supporting Documentation
Attach any other supporting documentation relevant to the Anti-virus Solution for
2014.
Revised/Updated 11/04/2010 sbt
4 Solution Requirements
4.1 Operating Platform Model
Please provide a detailed architecture diagram of your solution, including a detailed
explanation of all applications that comprise your solution. (Reference Exhibit A for
Client current state operating platform model and associated application descriptions.)
Client’s assumption is that the current operating platform will remain same or there will
be minimal changes/additions. But the vendor can propose changes (i.e. cloud based
management consoles, etc.) in order to deliver better service at lower costs.
4.2 Deployment Model
Please provide detailed model depicting how your solution is deployed, including a
detailed explanation of all infrastructure components required to support your solution.
(Reference Exhibit B for Client current state deployment model and infrastructure
details.)
In the current state model, 75K+ clients divided into 7 different consoles in geographical
or functional structure. Client’s requirement to have a single point of management in the
target state rather than multiple consoles if possible.
Reference Exhibit E for current state environment details.
Revised/Updated 11/04/2010 sbt
5 Scope of Work
5.1 Background
Details of scope of work required as part of scope of this RFP Addendum have been defined
in the preceding sections. This section introduces an additional body of work that is required
to be bundled along with these services.
5.2 Architecture
Please provide architecture diagram of the various components of the total solution and use
sub-sections to provide additional detail, as necessary, e.g. to describe operational vs
development work or expected future work.
5.3 Pilot Testing
Vendor is expected to provide resources, support and status reporting during pilot testing
phase.
5.4 Transition/Deployment Support
Vendor is expected to provide full project management, architecture, and development
resources for migrating from the existing state to the target state. Please provide in your
response a detailed plan of how you will support Hilton through the transition. This should
include high-level task durations and key resources you will provide during the transition
project and key resources you expect to have available from Hilton. Provide profiles for
resources expected to be deployed to the project.
Revised/Updated 11/04/2010 sbt
6 Project Deliverables
In addition to responses provided to this RFI, respondents are expected to work with
HWI project teams to fully define the target solution and associated SLAs in advance
of agreement execution. It is expected that the respondent will collaborate with the
HWI project team and will adhere to the Hilton Enterprise Methodology for the
initiation of this engagement and for any projects subsequently initiated. The Hilton
Enterprise Methodology is a blend of Six Sigma tools and UML standards that
prescribe deliverables according to a pre-defined project lifecycle, as follows:
Figure 1: Hilton Enterprise Methodology
The methodology is to be followed throughout the project, and is comprised of the
following phases. As needed, gate meetings will be held at the end of each phase.
Strategy – A pre-project phase to determine if the request/demand should become
a project via a council/board approval. Define project goals, objectives, strategy,
estimated cost, NPV, and analyze some use cases for current processes.
Architecture – The first project phase. Define business and technology
architecture including operating platform, business domain, and technology
deployment models, validate NPV and objectives, develop detailed
implementation plans, and define detailed requirements for target process.
Revised/Updated 11/04/2010 sbt
Design – Validate final requirements, define detailed data initialization plan, design
detailed solution including data model and software models, and design detailed
training, communication, and change management materials.
Build – Build target solution, configure products, develop and unit test code, run
code reviews, develop detailed test and deployment plans, and build detailed
training, communication, and change management materials.
Test – Conduct all testing, including regression, integration, quality assurance, user
acceptance testing, performance testing, and finalize and test detailed
deployment plan. Verify all testing results, data and application readiness, and
training completion.
Run – Complete deployment activities, resolve deployment issues/defects, and
achieve steady state.
Monitor: Ensure that monitors are in place and knowledge has been transferred to
support teams. During this phase an analysis will be completed to measure
performance against stated goals and objectives for the project.
Revised/Updated 11/04/2010 sbt
7 Exhibit A - Current State Operating Platform Model
Server Inventory
8 Exhibit B - Current State Deployment Model
AV-Architecture.pdf
Revised/Updated 11/04/2010 sbt
9 Exhibit E - Current State Environment
Total number of sites/clients per console:
Console
Sites
Clients
North America - 1
1482
16274
North America – 2
1296
16055
North America – 3
624
10827
South America and HGVC
Properties
45 hotels + 59 HGV
resorts
4678
Europe / Middle East / Africa
269
12804
Asia Pacific
83
7722
Corporate Offices
16 + remote users
11546
Revised/Updated 11/04/2010 sbt
10 Exhibit F - Enterprise Security Requirements
Security Review
Documentation Requirements.pdf
Revised/Updated 11/04/2010 sbt
SIG_SIGv6.2.xls
11 Exhibit G – Business Entity Information Form
Please complete and submit with RFP response
BUSINESS ENTITY
PARTICIPANT INFORMATION_United States.pdf
Revised/Updated 11/04/2010 sbt
12 Exhibit U
Signature of Authorized Representative
I, _______________________, an authorized representative of _________________________, the
Prospective Vendor, submitting a proposal in response to this RFP, have read and fully
understand all sections of the Request for Proposal, and acknowledge and agree that an
Agreement may be entered into with Hilton Worldwide, Inc., that shall contain, at a
minimum, the services, rates and pricing as set forth herein. I further understand that the
issuance of this RFP and subsequent receipt of the response to this RFP does not obligate
Hilton Worldwide, Inc., to purchase any goods or services from our company.
Name (Print)
Signature
Title
Company
Phone
Date
Revised/Updated 11/04/2010 sbt
13 Exhibit W - Pricing
Anti
Virus_RFP_Pricing Worksheet.xls
Revised/Updated 11/04/2010 sbt
14 Exhibit Z – Hilton Enterprise Methodology
Hilton Enterprise
Methodology Overview_0912.pptx
Revised/Updated 11/04/2010 sbt
Anti-virus Solution for 2014
Request for Proposal
August 9, 2013
Contents
1
RFP BACKGROUND MATERIALS.................................................................................................................
1.1
1.2
1.3
1.4
1.5
1.6
1.7
2
INTRODUCTION..............................................................................................................................................
PROSPECTIVE AGREEMENT & ACKNOWLEDGEMENTS.......................................................................................
VENDOR SELECTION CRITERIA.......................................................................................................................
RFP SCHEDULE............................................................................................................................................
QUESTIONS & ANSWERS (Q&A).....................................................................................................................
PROSPECTIVE VENDOR SESSIONS..................................................................................................................
ADDITIONAL RFP TERMS AND CONDITIONS.....................................................................................................
SCOPE AND STRATEGY SECTION OF ANTI-VIRUS SOLUTION................................................................
2.1
2.2
2.3
2.4
3
SUBJECT OF RFP..........................................................................................................................................
PROPOSED STRATEGY...................................................................................................................................
KEY GOALS...................................................................................................................................................
TARGET DATES..............................................................................................................................................
VENDOR PROPOSAL FORMAT...................................................................................................................
3.1
3.2
3.3
3.4
3.5
3.6
3.7
3.8
3.9
4
GENERAL INFORMATION................................................................................................................................
SOLUTION FUNCTIONALITY............................................................................................................................
VENDOR CAPABILITIES..................................................................................................................................
SOLUTION COSTS........................................................................................................................................
IMPLEMENTATION TIMELINE...........................................................................................................................
PROFILES....................................................................................................................................................
METHODOLOGY...........................................................................................................................................
OTHER INFORMATION/SIGNATURES REQUIRED...............................................................................................
SUPPORTING DOCUMENTATION.....................................................................................................................
SOLUTION REQUIREMENTS.......................................................................................................................
4.1
4.2
5
OPERATING PLATFORM MODEL.....................................................................................................................
DEPLOYMENT MODEL...................................................................................................................................
SCOPE OF WORK........................................................................................................................................
5.1
5.2
5.3
5.4
BACKGROUND..............................................................................................................................................
ARCHITECTURE............................................................................................................................................
PILOT TESTING............................................................................................................................................
TRANSITION/DEPLOYMENT SUPPORT............................................................................................................
6
PROJECT DELIVERABLES.........................................................................................................................
7
EXHIBIT A - CURRENT STATE OPERATING PLATFORM MODEL............................................................
8
EXHIBIT B - CURRENT STATE DEPLOYMENT MODEL.............................................................................
9
EXHIBIT E - CURRENT STATE ENVIRONMENT.........................................................................................
10
EXHIBIT F - ENTERPRISE SECURITY REQUIREMENTS...........................................................................
11
EXHIBIT G – BUSINESS ENTITY INFORMATION FORM............................................................................
Revised/Updated 11/04/2010 sbt
PLEASE COMPLETE AND SUBMIT WITH RFP RESPONSE..............................................................................
12
EXHIBIT U.....................................................................................................................................................
THIS PAGE INTENTIONALLY LEFT BLANK........................................................................................................
13
EXHIBIT V – SERVICES AGREEMENT........................................................................................................
14
EXHIBIT W - PRICING..................................................................................................................................
15
EXHIBIT Y - WMBE REPORTING.................................................................................................................
16
EXHIBIT Z – HILTON ENTERPRISE METHODOLOGY...............................................................................
Revised/Updated 11/04/2010 sbt
1 RFP Background Materials
This section of the document provides general information regarding required services, vendor
selection criteria, and response guidelines.
1.1 Introduction
Hilton Worldwide, Inc., is requesting proposals to provide Antivirus Solution. All terms and
conditions, guidelines, and provisions stated throughout the RFP apply to Hilton Worldwide,
Inc., and its subsidiaries, affiliates, partners, and joint ventures and to each of their officers,
directors, agents and employees (collectively “HWI”), as well as to any HWI trade names,
trademarks, service marks, or logos.
1.2 Prospective Agreement & Acknowledgements
It is HWI’s intent to form a long-term relationship with our chosen vendor(s).
Price quotes should hold for at least a period of six months from bid submission. At any time
beginning with the commencement of this RFP, where an awarded bid participant is not able
to meet its RFP quotes and Agreement commitments, HWI reserves the right to cancel any
Agreement and put the product(s) and/or service(s) back out for bid.
Award recipients will be expected to enter into Agreement with HWI immediately following
the bid award. A Service Level Agreement and pricing schedule will be added to the
Services Agreement and will be negotiated in advance of the bid award.
Participants who for any reason must withdraw or are withdrawn from the RFP process at
any point will continue to be held to the terms and conditions set forth in the Confidentiality
and Non Disclosure Agreement, the Letter of Intent, and the provisions contained within the
RFP Background Materials.
By signing Exhibit U, you acknowledge that you understand the unique and proprietary
nature of the confidential information extended as a result of this RFP, and agree that in the
event of an actual or alleged breach hereof (e.g., to produce any of the bid products without
express written approval by HWI), or under any other circumstances whatsoever, in all
likelihood HWI may suffer great and irreparable injury. In such event, HWI’s remedies at law
may not be adequate, and HWI shall therefore be entitled to seek equitable relief (including
without limitation injunctive relief, specific performance or other equitable remedies) in
addition to all other remedies provided hereunder or available at law. Unless otherwise
determined by HWI, the governing law shall be the state of New York.
1.3 Vendor Selection Criteria
Responses may be evaluated using criteria in accordance with HWI’s strategic goals including,
but not limited to, the following (and not necessarily in order of importance):
1
2
3
4
Total cost of the solution
Adherence to PCI DSS Guidelines
Ease of implementation and deployment
Geographical Presence
Revised/Updated 11/04/2010 sbt
1.4 RFP Schedule
Action
Item #
Action Item Description
Performed By
Due Date / Time
1.
Electronic distribution of RFP
HWI
August 9, 2013
2.
Electronic submission of Questions to HWI
RFP Participant
August 16, 2013
3.
Questions & Answers Teleconference call
HWI
August 23,2013
4.
Hard copy and electronic copy of RFP Responses
back to HWI
RFP Participant
5.
Optional Prospective Vendor Sessions
HWI& RFP
Participant
TBD
6.
HWI bid evaluation
HWI& RFP Project
Team
TBD
August 30, 2013
The above schedule may change at HWI’s sole discretion. All prospective Vendors shall be
notified should any of the above change.
1.5 Questions & Answers (Q&A)
Prospective Vendors will be given an opportunity to submit questions during a specified
period as noted in the above RFP Schedule. ALL questions must be submitted to HWI in
electronic format using the RFP Q&A Template. NO phone calls or personal meetings aside
from the Prospective Vendor Sessions will be accepted. HWI will provide all Prospective
Vendors with an electronic copy of all Q&A minus any information that could be construed as
confidential or reveal the Prospective Vendor’s identify, at HWI’s sole discretion.
RFP Q&A
TEMPLATE.xls
ALL RFP questions should be directed in electronic format, using the RFP Q&A Template, with
“Anti-virus Solution for 2014 Q&A” as the Subject Header to:
Stuart B. Thomas
Director, RFP Management
Email: [email protected]
Revised/Updated 11/04/2010 sbt
1.6 Prospective Vendor Sessions
Prospective vendors may be invited to present their proposals in person. Vendors should be
prepared to give a presentation to review their responses.
Responses & Delivery Instructions
A. ALL responses must be in the specified format as indicated in section 3. All returned
responses that do not conform to the specified format shall be disqualified at HWI’s
discretion.
B. All Proposals must be received by August 23, 2013, at 5:00 PM Central time.
1. HWI requires one (1) copy of all responses as an email attachment in original
format (e.g. MS Word, MS Excel). Do NOT convert any document into a format
other than what you originally received. Please follow the guidelines below.
a. Send emails to:
[email protected]
Email Subject should read:
“Anti-virus Solution for 2014 – Prospective Vendor’s Name”
2. HWI shall require one (1) hard copy of all responses.
All hard copies should be sent by UPS or FedEx to:
Stuart B. Thomas
Hilton Worldwide, Inc.
755 Crossover Lane, AW/B2
MEMPHIS, TN 38117
a. <<HARD COPY INSTRUCTIONS E.G.: Hard copy should be in 3-ring binders
and include tabs indicating the following documents listed below in the
following order:
i. Original INITIALED RFP Background Materials
ii.Two business cards of the Prospective Vendor’s primary point of contact
1.7 Additional RFP Terms and Conditions
A. Nothing contained in the RFP shall grant to participants any usage or license
rights whatsoever to Hilton’s trade names, trademarks, service marks or logos in
any way or manner.
B. Prospective Vendor shall NOT use, except as expressly permitted in this RFP, or
disclose, distribute or transfer ANY samples, information, documents, and
Revised/Updated 11/04/2010 sbt
C.
D.
E.
F.
G.
H.
I.
J.
specifications that have been received in relation to this RFP without prior
written consent by Hilton.
Prospective Vendor shall DESTROY all samples, information, documents, and
specifications received from HWI in relation to this RFP upon bid award decision
notification or upon notice from HWI.
Prospective Vendor agrees to use any distributor that is designated by HWI to
distribute product unless Prospective Vendor can produce documentation to
demonstrate that such a move would violate a contractual agreement between
Prospective Vendor and current Prospective Vendor distributor(s); refusal shall
automatically grant HWI the right to assign the area or hotels within the area to
another supplier / manufacturer without violating the agreed upon terms and
conditions of any bid or contract in place and without affecting pricing for all
other areas or hotel(s)
Any resultant agreement will be non-exclusive, meaning that Hilton reserves the
right to utilize other suppliers for any of the services described in the RFP, if
deemed appropriate. HWI reserves the right to award all, a portion, or none of
the products or services to any Prospective Vendor.
Any data or response that is either missing or incomplete shall at Hilton’s
discretion be considered a “no bid” for that particular item or portion of the RFP.
This Request for Proposal does not constitute an offer to enter into any contract
and it does not commit Hilton to entering into any contract for all or any part of
the proposals submitted. HWI is under no obligation to disclose the reasons for
refusal or acceptance. Any such agreement would arise only as a result of the
execution and delivery of a formal definitive written agreement. You specifically
covenant and agree that no person claiming by, under or through you shall bring
any claim against Hilton or any person related to HWI based upon this RFP as a
result of a failure to agree on or enter into such agreement, or for any other reason
related to the project, other than pursuant to the aforementioned agreements if it
is executed and delivered. However, submission of a proposal in response to this
RFP does create certain binding obligations on the part of the Prospective Vendor,
as further set forth herein, in consideration of HWI time and expense in reviewing,
considering, selecting and negotiating such proposals. Each Prospective Vendor
submitting a proposal is solely responsible for the costs and expenses incurred by
it in the preparation and presentation of the proposal and any other related costs
and expenses, and these cannot be charged to Hilton. All supporting
documentation and manuals submitted with this proposal will become the
property of Hilton.
Unless expressly agreed by HWI in writing, all material submitted by any
Prospective Vendor is not to be considered confidential and will not be treated as
confidential or proprietary regardless of markings. Without limiting the
foregoing, HWI reserves the right to make copies of each proposal submitted by
Prospective Vendors.
Responses not received by the due date will not be considered. ALL responses
MUST be submitted in the format requested or the entire bid shall be considered
null and void at HWI discretion.
Data provided are estimates and shall not bind HWI to meet such estimates at
any time. While HWI believes that the information contained in this document is
correct, HWI gives no warranty in relation to such information (including any
other information provided in connection with this project) and HWI accepts no
responsibility or liability for any errors, inaccuracies or omissions in or from such
information. HWI reserves the right to amend this RFP in any manner prior to
contract award.
Revised/Updated 11/04/2010 sbt
K. Even though a proposal may be rejected, HWI reserves the right to use any
concept or ideas contained therein, without incurring any liability.
L. HWI may elect in its discretion to enter into negotiations with more than one
Prospective Vendor simultaneously and enter into an agreement with any
supplier or suppliers in negotiations without prior notification to any other
Prospective Vendor negotiating with HWI.
M. Unless otherwise determined by HWI , all bids are considered “best and final”
N. All bids should include all information solicited by this RFP, plus any additional
data, prints and literature that the Prospective Vendor deems pertinent to the
understanding and evaluation of this proposal within the constraints of this RFP.
Any corrections or changes to this RFP will be made by addendum at HWI’s sole
discretion. Interpretations, corrections or changes made in any other manner will
not be binding and the Prospective Vendor shall not rely on any such
interpretations, corrections and changes. Each person submitting a proposal
thereby indemnifies and holds harmless HWI, its hotels and each of their owners,
partners, subsidiaries, affiliates, franchisees, and each of such persons’ or entities’
officers, directors, agents, contractors, subcontractors, guests, residents, visitors,
licensees, invitees, permitees and employees (collectively referred to as the
"Indemnitees"), and each of them, against and from any and all allegations,
demands, claims, liabilities, damages, fines, penalties or costs of whatsoever
nature (including reasonable attorney's fees), and whether by reason of death of
or injury to any person or loss of or damage to any property or otherwise
(“Claims”), arising out of or in any way connected with this RFP, including without
limitation any Claims related to infringement by Prospective Vendor of the rights
of any person, including without limitation, copyright, patent, trade secret, trade
mark, artist rights, droit moral, privacy, publicity or other intellectual property
laws.
O. Any alteration of any portion of the RFP Main Document by an RFP participant will
result in disqualification of RFP participant at HWI sole discretion.
P. Prospective Vendors are prohibited from directly contacting team members of
Hilton Supply Management, Hilton or any participating HWI Brand or corporate
department during the RFP process regarding the RFP. All communication should
be directed to Stuart B. Thomas.
Q. Prospective Vendors will be required to provide all products and services
pursuant to the terms of the SERVICES AGREEMENT.
R. By submitting a proposal, a Prospective Vendor agrees to all terms of this RFP
and Hilton will rely upon such agreement in this regard when it evaluates which
proposal to select. If a Prospective Vendor’s proposal is selected and the
Prospective Vendor attempts to renegotiate its agreement to these terms, Hilton
will have relied to its detriment on such prior agreement in selecting the
proposal rather than other proposals and such Prospective Vendor will be
responsible for all costs and expenses related thereto. In choosing to submit a
proposal in response to this RFP, a Prospective Vendor is agreeing to these terms
and conditions set forth in this RFP and that the services to be provided are
mission critical services and any delay in this process would severely impact HWI
core business. Since the final proposal will be selected in reliance upon
Prospective Vendors’ response to this RFP both this RFP and such proposal will be
incorporated into the final agreement for products and services.
S. HWI has the right to reject any or all proposals, and, in particular, to reject a
proposal not accompanied by data required by this RFP or a proposal that is in any
way incomplete or irregular. Hilton also reserves the right to:
Revised/Updated 11/04/2010 sbt
Reject any and all proposals received in response to this RFP, and will not be
bound to the lowest proposed price
Waive or modify minor irregularities in proposals received, after prior
notification to the Prospective Vendor
Adjust any Prospective Vendor’s expected cost, based on determination by
HWI that the selection of said Prospective Vendor will incur additional cost by
HWI
Adapt all or any part of a Prospective Vendor’s proposal
Negotiate separately with any source whatsoever in any way necessary to
service the best interests of HWI
Require and request additional information from the Prospective Vendor and
conduct necessary investigations to determine the accuracy of proposal
information
Require oral presentations and/or operational documents of the system,
service, products, or equipment proposed
Revised/Updated 11/04/2010 sbt
2 Scope and Strategy Section of Anti-Virus Solution
2.1 Subject of RFP
This RFP is intended to solicit responses from vendors to Anti-Virus Solution for the Hilton
Worldwide, Inc., HWI business.
The RFP is soliciting proposals to select an endpoint anti-virus solution to replace the
one currently HWI is using on all properties and Corporate Offices.
License for the current anti-virus solution HWI have expires on the 29 th June 2014.
Currently, there are more than 79K computers deployed in 4000+
properties/Corporate Offices across 70+ countries. Total number of computers is
expected to be 85K+ in 2014.
2.2 Proposed Strategy
The current proposed strategy for this effort is to:
Review proposals and select the vendor can meet HWI’s requirements.
Pilot the new solution at a small number of properties and run in parallel at least for a
period of two weeks.
Resolve any issues during pilot period and update documentation
Complete deployment at the rest of the properties and Corporate Offices.
2.3 Key Goals
Remove the current anti-virus solution and deploy the new solution via automated
means.
Complete deployment by 29th June 2014.
Enable centralized management/reporting capabilities for Hilton Enterprise Security,
Architecture, Hotel and Corporate Support Teams
Enable localized management/reporting capabilities for Field IT Teams/Hotel General
Managers
2.4 Target Dates
All properties / Corporate Offices should be running on new software by 29th June
2014 as current Endpoint Security product license expires.
Depends on how quickly new clients can be deployed/old clients can be removed, the
dates may change. (The “Go Live” date is set to minus three months before the 29 th
June 2014 deadline.
ID
Target Completion
Date
Activity
1
31/Jan/14
Architecture/Design Phase Complete
3
07/Mar/14
Build Phase Complete
4
15/Mar/14
Deployment of Product to Test for UAT
5
22/Mar/14
Test Phase Complete
6
01/Apr/14
Go Live (Start Date for Client Deployment)
Revised/Updated 11/04/2010 sbt
29/Jun/14
Revised/Updated 11/04/2010 sbt
Client Deployment Complete
3 Vendor Proposal Format
Please provide the following minimum information in the proposal, in the format outlined
below:
3.1 General Information
3.1.1 High level understanding of Scope of Work
3.1.2 Contact Person(s)
3.2 Solution Functionality
3.2.1 Operating Platform Model: Provide a target operating platform model of
your solution per instructions in section 4.1
3.2.2 Deployment Model: Provide a target deployment model of your solution per
instructions in section 4.2
3.3 Vendor Capabilities
3.3.1 General
3.3.1.1 Provide evidence of similar implementations and solution strengths
3.3.1.2 How long this product been on the market?
3.3.1.3 Any awards or industry recognition?
3.3.1.4 Any independent performance / execution benchmark?
3.3.1.5 How much market share does product occupy?
3.3.1.6 How many users/clients using the product (split home vs enterprise
users)?
3.3.2 Management Console Features / Requirements
3.3.2.1 What platforms / operating systems does your management server
product run on?
3.3.2.2 Describe hardware requirements for the management servers
3.3.2.3 Does management server work on virtual environment? If so, are there
any additional requirements for virtual environment?
Revised/Updated 11/04/2010 sbt
3.3.2.4 Does management console/server support load balancing?
3.3.2.5 How many clients does Management Console support?
3.3.2.6 What are the failover/redundancy capabilities?
3.3.2.7 Support remote installation on multi-domain/local domain/workgroup
environment
3.3.2.8 Ability to remove the existing/previous AV solution on client machines.
3.3.2.9 Automatic grouping of clients based on their computer name, IP address,
domain name, OS version on the management console.
3.3.2.10
Single management console for controlling entire environment
3.3.2.11
Role-based administration support
3.3.2.12
Active Directory support and integration on a multidomain/workgroup environment. (no trust between domains)
3.3.2.13
Ability to scan defined IP subnets periodically to detect machines
without client installed.
3.3.2.14
Web based console feature to allow large number of local IT
Admins/Support Desk Engineers/Hotel GMs to control their own sites.
3.3.2.15
Ability to setup email alerting for individual sites.
3.3.2.16
Ability to cleanup of old computers automatically. (i.e. computers
that are note reported 60+ days)
3.3.3 Database Features / Requirements
3.3.3.1 What platforms / operating systems does your database product run on?
3.3.3.2 Does database server work on virtual environment? If so, are there any
additional requirements for virtual environment?
3.3.3.3 What database does your product use/support?
3.3.3.4 How many databases will be required? (i.e. per management console, etc.)
3.3.3.5 What is the initial database size and expected growth rate per client?
3.3.3.6 Does each client require to make direct connection to the database?
3.3.3.7 Describe backup requirements for the database(s).
Revised/Updated 11/04/2010 sbt
3.3.3.8 If a database recovery is required, how current must the database be
made?
3.3.3.9 Is mirroring/replication of database supported? (for disaster recovery
and/or load balancing)
3.3.4 Update Distribution Points
3.3.4.1 What platforms / operating systems does your update distribution product
run on?
3.3.4.2 Describe the footprint of the product (i.e. usage of memory/CPU/diskspace
resources)
3.3.4.3 Ability to schedule software and signature updates separately
3.3.4.4 Bandwidth throttling
3.3.4.5 Load balancing support to distribute to load between update distribution
points and create redundancy when local update distribution point goes
down.
3.3.5 Reporting
3.3.5.1 Executive reporting for global view of Hilton estate (i.e. total number of
clients, top 10 infections, top 10 sites with infections, etc.)
3.3.5.2 Operational reporting for IT admin/support teams (i.e. high-risk alerts to
take immediate action on, machines did not perform scheduled scans
more than a month, etc.)
3.3.5.3 Outbreak reporting for specific malware (i.e. report showing where
malware activity first detected and how it extended to other sites)
3.3.5.4 Enhanced reporting capabilities to create custom reports
3.3.5.5 Ability to email scheduled reports
3.3.5.6 Multiple file format support (HTML, CSV, PDF, XLS, etc.)
3.3.6 External Logging
3.3.6.1 Log shipping to 3rd Party SIEM systems (LogLogic, Splunk, other Syslog,
etc.)
3.3.6.2 SNMP reporting support
3.3.7 Endpoint Features / Requirements
Revised/Updated 11/04/2010 sbt
3.3.7.1 What platforms / operating systems does your client product run on?
(Please include all supported operating systems, including POS ones such
as Windows CE, Embedded, POSReady2009, etc.)
3.3.7.2 Describe the footprint of the client product on idle and on scanning (i.e.
usage of memory/CPU/diskspace resources)
3.3.7.3 Minimum and recommended hardware/software requirements
3.3.7.4 Localization support (Can client automatically switch to the language
based on “regional” settings configured on the user profile?)
3.3.7.5 Management and reporting when client is out of the company network
(i.e. reporting status of AV client when the user at home)
3.3.7.6 Malware Protection
3.3.7.6.1Proactive suspicious activity detection
3.3.7.6.2Any statistics on how quickly signatures getting released (i.e. zero-day
attacks, etc.)
3.3.7.6.3Cloud based protection
3.3.7.6.3.1
How does cloud detection work
3.3.7.6.3.2
Bandwidth requirements
3.3.7.6.4Are there any “offline” cleanup tool available? (i.e. bootable disk for
scanning/cleaning)
3.3.7.7 Tamper Protection
3.3.7.8 Protect specific registry keys / services / configuration files (this includes
general OS components, not specific to client product)
3.3.7.9 Password protection for unwanted removal of the client product.
3.3.7.10
Allow specific processes/tools to interact with the client product (i.e.
software distribution agent to stop on-access scanner while
copying/downloading data to the client computer)
3.3.7.11
Role based security and access control on the client (i.e. regular
users can only scan/clean viruses but cannot change configuration, etc.)
3.3.7.12
Client Update
3.3.7.12.1
Location awareness / Automatically detect closest update
distribution point or update from internet location when connected out
of the company network
Revised/Updated 11/04/2010 sbt
3.3.7.12.2
Bandwidth throttling / limiting download rate for large software
updates
3.3.7.12.3
Schedule software and signature updates separately (i.e. signature
updates every 30 mins, software updates randomly between 8am – 8pm,
etc.)
3.3.7.13
Application Control
3.3.7.13.1
Blocking unwanted/unapproved applications
3.3.7.13.2
Blocking applications based on users profile/group (i.e. allow PsExec
to IT Manager but block for regular users, etc.)
3.3.7.13.3
Audit mode for monitoring application usage (i.e. detect but do not
block the application)
3.3.7.13.4
Ability to prompt users for sending application usage requests (i.e.
prompting user a form to submit request for allowing a blocked
application)
3.3.7.14
Host Firewall
3.3.7.14.1
Ability to create firewall inbound/outbound rules for network
ports/applications
3.3.7.14.2
Location awareness/profile selection based on IP address or DNS
resolution
3.3.7.14.3
Intrusion Prevention System
3.3.7.15
Web Control
3.3.7.15.1
Block malicious websites
3.3.7.15.2
Block specific/custom defined websites
3.3.7.15.3
While-list specific/custom defined websites
3.3.7.16
Data Leak Protection
3.3.7.16.1
Ability to monitor or block files depending on their content
3.3.7.16.2
Ability to monitor or block files depending on the destination they
are being copied
3.3.7.16.3
Pre-defined content rules (i.e. credit card numbers, social security
numbers, etc.)
Revised/Updated 11/04/2010 sbt
3.3.7.16.4
Ability to use mathematical algorithms for detecting certain content
(i.e. detecting credit card numbers with CC algorithm, not via regular
expressions like 16 digit number starting with 45, etc.)
3.3.7.17
Device Control
3.3.7.17.1
Ability to block devices on make/model
3.3.7.17.2
Ability to allow/block devices based on user profile/group (i.e. allow
USB keys only to department heads)
3.3.7.17.3
Protection against hardware keyloggers
3.3.7.17.4
Blocking network connection when hybrid connection detected (i.e.
wireless/Bluetooth connected to a public network while the machine has
connected physically to LAN)
3.3.7.18
Patch Assessment
3.3.7.18.1
Does client support patch assessment and report missing Microsoft
and 3rd party patches?
3.3.7.18.2
Does the patch assessment support integration of local WSUS and/or
SCCM implementation?
3.3.7.18.3
Ability to remediate missing patches (i.e. force to update Java
Runtime,)
3.3.7.19
Encryption
3.3.7.19.1
Does client support full-disk encryption or integrated to another
encryption product?
3.3.7.19.2
Does client support file-based encryption? (i.e. enabling encryption
of user files / documents, etc.)
3.3.7.19.3
Can encryption automatically be activated on mobile devices? (i.e.
laptops, tablets, etc.)
3.3.7.19.4
Does full-disk encryption support pre-boot authentication?
3.3.7.19.5
Describe the encryption algorithm used/supported for encryption
3.3.7.19.6
Ability to prevent unwanted encryption (i.e. not encrypting
removable disks on cameras or mobile phones)
Revised/Updated 11/04/2010 sbt
3.3.8 Support and Maintenance
3.3.8.1 24/7 product support (Please describe your support model in detail,
whether there is a direct reporting technical account manager available or
not)
3.3.8.2 24/7 sample analysis and signature release. (Please describe sample
submission – new signature release process end to end with timelines)
3.3.8.3 Online threat database with detailed information (i.e. malware’s behavior,
registry keys/files/services it is creating on the machine, network
ports/domains it is using, etc.)
3.4 Solution Costs
3.4.1 Provide a pricing model and costs for your solution as described in Exhibit
W.
3.5 Implementation Timeline
Provide project plan indicating major milestones and resource loading to meet with
timeline described in section 2.4
3.6 Profiles
Attach profiles and resumes of key staff members engaging on the implementation
project
3.7 Methodology
Provide a statement as to willingness to comply with HWI’s Methodology as
described in 6
3.8 Other Information/Signatures Required
3.8.1 Exhibit U: Provide a signed copy by an authorized company representative
3.8.2 Exhibit Y: Provide your response as indicated
3.9 Supporting Documentation
Attach any other supporting documentation relevant to the Anti-virus Solution for
2014.
Revised/Updated 11/04/2010 sbt
4 Solution Requirements
4.1 Operating Platform Model
Please provide a detailed architecture diagram of your solution, including a detailed
explanation of all applications that comprise your solution. (Reference Exhibit A for
Client current state operating platform model and associated application descriptions.)
Client’s assumption is that the current operating platform will remain same or there will
be minimal changes/additions. But the vendor can propose changes (i.e. cloud based
management consoles, etc.) in order to deliver better service at lower costs.
4.2 Deployment Model
Please provide detailed model depicting how your solution is deployed, including a
detailed explanation of all infrastructure components required to support your solution.
(Reference Exhibit B for Client current state deployment model and infrastructure
details.)
In the current state model, 75K+ clients divided into 7 different consoles in geographical
or functional structure. Client’s requirement to have a single point of management in the
target state rather than multiple consoles if possible.
Reference Exhibit E for current state environment details.
Revised/Updated 11/04/2010 sbt
5 Scope of Work
5.1 Background
Details of scope of work required as part of scope of this RFP Addendum have been defined
in the preceding sections. This section introduces an additional body of work that is required
to be bundled along with these services.
5.2 Architecture
Please provide architecture diagram of the various components of the total solution and use
sub-sections to provide additional detail, as necessary, e.g. to describe operational vs
development work or expected future work.
5.3 Pilot Testing
Vendor is expected to provide resources, support and status reporting during pilot testing
phase.
5.4 Transition/Deployment Support
Vendor is expected to provide full project management, architecture, and development
resources for migrating from the existing state to the target state. Please provide in your
response a detailed plan of how you will support Hilton through the transition. This should
include high-level task durations and key resources you will provide during the transition
project and key resources you expect to have available from Hilton. Provide profiles for
resources expected to be deployed to the project.
Revised/Updated 11/04/2010 sbt
6 Project Deliverables
In addition to responses provided to this RFI, respondents are expected to work with
HWI project teams to fully define the target solution and associated SLAs in advance
of agreement execution. It is expected that the respondent will collaborate with the
HWI project team and will adhere to the Hilton Enterprise Methodology for the
initiation of this engagement and for any projects subsequently initiated. The Hilton
Enterprise Methodology is a blend of Six Sigma tools and UML standards that
prescribe deliverables according to a pre-defined project lifecycle, as follows:
Figure 1: Hilton Enterprise Methodology
The methodology is to be followed throughout the project, and is comprised of the
following phases. As needed, gate meetings will be held at the end of each phase.
Strategy – A pre-project phase to determine if the request/demand should become
a project via a council/board approval. Define project goals, objectives, strategy,
estimated cost, NPV, and analyze some use cases for current processes.
Architecture – The first project phase. Define business and technology
architecture including operating platform, business domain, and technology
deployment models, validate NPV and objectives, develop detailed
implementation plans, and define detailed requirements for target process.
Revised/Updated 11/04/2010 sbt
Design – Validate final requirements, define detailed data initialization plan, design
detailed solution including data model and software models, and design detailed
training, communication, and change management materials.
Build – Build target solution, configure products, develop and unit test code, run
code reviews, develop detailed test and deployment plans, and build detailed
training, communication, and change management materials.
Test – Conduct all testing, including regression, integration, quality assurance, user
acceptance testing, performance testing, and finalize and test detailed
deployment plan. Verify all testing results, data and application readiness, and
training completion.
Run – Complete deployment activities, resolve deployment issues/defects, and
achieve steady state.
Monitor: Ensure that monitors are in place and knowledge has been transferred to
support teams. During this phase an analysis will be completed to measure
performance against stated goals and objectives for the project.
Revised/Updated 11/04/2010 sbt
7 Exhibit A - Current State Operating Platform Model
Server Inventory
8 Exhibit B - Current State Deployment Model
AV-Architecture.pdf
Revised/Updated 11/04/2010 sbt
9 Exhibit E - Current State Environment
Total number of sites/clients per console:
Console
Sites
Clients
North America - 1
1482
16274
North America – 2
1296
16055
North America – 3
624
10827
South America and HGVC
Properties
45 hotels + 59 HGV
resorts
4678
Europe / Middle East / Africa
269
12804
Asia Pacific
83
7722
Corporate Offices
16 + remote users
11546
Revised/Updated 11/04/2010 sbt
10 Exhibit F - Enterprise Security Requirements
Security Review
Documentation Requirements.pdf
Revised/Updated 11/04/2010 sbt
SIG_SIGv6.2.xls
11 Exhibit G – Business Entity Information Form
Please complete and submit with RFP response
BUSINESS ENTITY
PARTICIPANT INFORMATION_United States.pdf
Revised/Updated 11/04/2010 sbt
12 Exhibit U
Signature of Authorized Representative
I, _______________________, an authorized representative of _________________________, the
Prospective Vendor, submitting a proposal in response to this RFP, have read and fully
understand all sections of the Request for Proposal, and acknowledge and agree that an
Agreement may be entered into with Hilton Worldwide, Inc., that shall contain, at a
minimum, the services, rates and pricing as set forth herein. I further understand that the
issuance of this RFP and subsequent receipt of the response to this RFP does not obligate
Hilton Worldwide, Inc., to purchase any goods or services from our company.
Name (Print)
Signature
Title
Company
Phone
Date
Revised/Updated 11/04/2010 sbt
13 Exhibit W - Pricing
Anti
Virus_RFP_Pricing Worksheet.xls
Revised/Updated 11/04/2010 sbt
14 Exhibit Z – Hilton Enterprise Methodology
Hilton Enterprise
Methodology Overview_0912.pptx
Revised/Updated 11/04/2010 sbt
