This RFO and offers may be made a part of the LPA purchase order document and DFPI’s Agreement file.

Offers to this RFO shall contain all information requested and submitted in the format described.  It is the offeror’s responsibility to provide all required data and information necessary for DFPI’s comparison team to determine and verify the offeror’s ability to perform services identified in the attached EXHIBIT A: SCOPE OF WORK (SOW) and EXHIBIT B1: COST WORKSHEET. All documents listed on the ATTACHMENT 1: RFO CHECKLIST must be submitted or the offer shall be considered nonresponsive. All documents must be combined in one file in the order of the Required Attachment Checklist.

DFPI shall compare only those offers from offerors who are currently certified to provide the services described herein under an existing TDDC MSA agreement.

It is important to note that offers submitted are not considered “confidential” under the Public Records Act.  Any offer to the RFO marked confidential or containing stipulations restricting public access to its contents shall not be accepted.

Offerors requiring clarification of the intent and content of this RFO can submit written questions to: 

Lee Peters
solicitation4@dfpi.ca.gov

To ensure a response, questions must be received by September 26, 2024 at 5:00 PM PST.

If revision of any part of this RFO becomes necessary, or if additional data is necessary to clarify any of its provisions, an addendum shall be issued. DFPI reserves the right to amend, alter or change the RFO at any time prior to the deadline of the RFO.

At the time offers are reviewed, each offer shall be checked for the presence or absence of required information in conformance with the submission requirements. 

DFPI shall then review offers which meet the submission requirements to determine its responsiveness. If a response is missing information required in either Attachments, it may be deemed not responsive.  Further review is subject to DFPI’s discretion.

1. DFPI reserves the right at any time to reject any or all offers. 
    
2. All offers and related documents submitted in response to this RFO become public information and the property of the State of California and shall be retained for official purposes. 
    
3. All offer development costs are the Offeror’s responsibility and shall not be chargeable to DFPI. 
    
4. The selected Offeror shall not commence work until the Purchase Order has been fully approved and authorization has been received from DFPI. 
    
5. This order will be issued under a Department of General Services (DGS) Leveraged Procurement Agreement (LPA). Terms and Conditions set forth in the agreement and will be incorporated into the contract by reference. (Please refer to specific LPA for Terms and Conditions.)

The ATTACHMENT 1: RFO CHECKLIST is no longer required but attached for your reference. The submission will not be accepted unless all required attachment fields have been completed. 

The California State certified DVBE or Small Business Bidder(s) or the Bidder, who is using Subcontractors, must complete this declaration when submitting a proposal to this TDDC MSA, before contract award. More information and the Bidder Declarations form (including Bidder Declaration Instructions) can be found by following this link:

https://www.documents.dgs.ca.gov/dgs/fmc/gs/pd/gspd05-105.pdf
 
The Bidder, who completes the Bidder Declaration form, must sign on the bottom of the form to be considered responsive. 

The successful bidder as a result of this TDDC MSA will be required to sign the Payee Data Record, STD 204, before contract award. More information and the STD 204 form can be found by following this link: 

http://www.documents.dgs.ca.gov/dgs/fmc/pdf/std204.pdf

Pursuant to Public Contract Code section 2010, if a bidder or proposer executes or renews a contract of one hundred thousand dollars ($100,000) or more on or after January 1, 2017, the bidder or proposer hereby certifies compliance with the following:

1. CALIFORNIA CIVIL RIGHTS LAWS: For contracts of one hundred thousand dollars ($100,000) or more executed or renewed after January 1, 2017, the contractor certifies compliance with the Unruh Civil Rights Act (Section 51 of the Civil Code) and the Fair Employment and Housing Act (Section 12960 of the Government Code); and

2. EMPLOYER DISCRIMINATORY POLICIES: For contracts of one hundred thousand dollars ($100,000) or more executed or renewed after January 1, 2017, if a Contractor has an internal policy against a sovereign nation or peoples recognized by the United States government, the Contractor certifies that such policies are not used in violation of the Unruh Civil Rights Act (Section 51 of the Civil Code) or the Fair Employment and Housing Act (Section 12960 of the Government Code).

The California Civil Rights Laws and its instructions are available as a fill and print PDF at: 
https://www.dgs.ca.gov/-/media/Divisions/OLS/Forms/CALIFORNIA-CIVIL-RIGHTS-LAWS-ATTACHMENT.ashx

The California State certified DVBE bidder(s) must complete this declaration when submitting a proposal to this TDDC MSA before contract award. More information and the DVBE Declarations form can be found by following this link:

https://www.documents.dgs.ca.gov/dgs/fmc/gs/pd/pd_843.pdf

Provide a resume for each identified member AND subcontracting member of the contract team detailing experience meeting the State’s and base schedule’s requirements. Resume entries should clearly demonstrate the experience and/or training requirements described in the EXHIBIT A: SCOPE OF WORK (SOW). An acceptable resume must include the individual’s experience and education, any applicable credentials and certifications, current work history and a summary of similar work performed. Sufficient detail must be included to confirm the experience cited, including an explicit statement regarding the total cumulative time for the similar work performed on each project.

Submission of this attachment is mandatory. Failure to complete and return this attachment with your offer may cause your offer to be rejected and deemed nonresponsive. 

List below three (3) references for services performed within the last five (5) years, which are similar to the statement of work to be performed in this contract. Note, references cannot be from DFPI or from the Department of Business Oversight.

Copy of the complete TDDC MSA agreement, (including the cover pages with the Department of General Services logo, TDDC MSA analyst name and/or signature, and price schedule).

GenAI Technology Use & Reporting 

The State of California seeks to realize the potential benefits of GenAI, through the development and deployment of GenAI tools, while balancing the risks of these new technologies. 

Bidder / Offeror / Contractor must notify the State in writing if their solution or service includes, or makes available, any GenAI, including GenAI from third parties or subcontractors. 

The State has developed a GenAI Reporting and Factsheet (STD 1000) to be completed by the Bidder / Offeror / Contractor. Failure to submit the GenAI Reporting and Factsheet (STD 1000) will result in disqualification of the Bidder / Offeror / Contractor. Failure to report GenAI to the State may void any resulting contract. The State reserves its right to seek any and all relief it may be entitled to as a result of such non-disclosure. 

Upon receipt of a Bidder / Offeror / Contractor GenAI Reporting and Factsheet (STD 1000), the state reserves the right to incorporate GenAI Special Provisions into the final contract or reject bids/offers that present an unacceptable level of risk to the state. 

The Department of Financial Protection and Innovation (DFPI) provides protection to consumers and services to businesses engaged in financial transactions. The Department regulates a variety of financial services, products, and professionals.  The Department oversees the operations of state-licensed financial institutions, including banks, credit unions, money transmitters, issuers of payment instruments and travelers’ checks, and premium finance companies. Additionally, the Department licenses and regulates a variety of financial service providers, including securities brokers and dealers, investment advisers, deferred deposit transaction originators (commonly known as payday loans) and certain fiduciaries and lenders.  The Department also regulates the offer and sale of securities, franchises, and off exchange commodities. 

The DFPI has five offices, located in four cities: Sacramento, San Francisco, Los Angeles (2), and San Diego.  The Sacramento office is the headquarter office and the main Information Technology hub. The Information Technology Services Division (ITSD) provides IT Services for DFPI.  ITSD is responsible for providing systems support, maintenance, enhancements, and new development. 

The Information Technology Services Division (ITSD) provides Information Technology services for DFPI. ITSD is responsible for providing systems support, maintenance, enhancements, and new development.

The RFO, LPA (TDDC MSA), and Offeror’s offer are hereby attached to this contract by this reference.

1. In order to implement the statement of work, the Contractor, in consultation with the DFPI CIO, DFPI PPMO Manager, DFPI ADU Manager, Contract Manager, and/or other appropriate DFPI staff shall prepare work authorizations further defining tasks to be completed, expected deliverables and conditions of acceptance.  Each work authorization shall be prepared in accordance with the attached sample contained in EXHIBIT A1: WORK AUTHORIZATION, which is incorporated into this contract.  
    
   1. It is understood and agreed by both parties to this Contract that all the terms and conditions of this Contract shall remain in force with the inclusion of any such Work Authorization. Such Work Authorization shall in no way constitute a contract other than as provided pursuant to this Contract nor in any way amend or supersede any of the other provisions of this Contract. 
   2. Each Work Authorization shall consist of a detailed statement of the purpose, objective, or goals to be undertaken by the Contractor, an estimated time schedule for the provisions of these services by the Contractor, the name of the Contractor personnel to be assigned, the Contractor's estimated work hours required to accomplish the purpose, objective or goals, the Contractor's billing rates per work hour, and the Contractor's estimated total cost of the Work Authorization. 
   3. All Work Authorizations must be in writing prior to beginning work and signed by the Contractor Representative, DFPI CIO, DFPI PPMO Manager, DFPI ADU Manager, DFPI Contract Manager and/or other appropriate DFPI staff identified on the WA.
   4. The State has the right to require the Contractor to stop or suspend work on any Work Authorization pursuant to the “Stop Work” provision of the General Provisions. 
   5. Personnel resources will not be expended (at a cost to the State) on task accomplishment in excess of estimated work hours required unless the procedure below is followed: 
       
      1. If, in the performance of the work, the Contractor determines that a Work Authorization to be performed under this Contract cannot be accomplished within the estimated work hours, the Contractor will immediately notify the State in writing of the Contractor's estimate of the work hours which will be required to complete the Work Authorization in full. Upon receipt of such notification, the State may:
          
         1. Alter the Work Authorization to authorize the Contractor to expend the estimated additional work hours of service in excess of the original estimate necessary to accomplish the Work Authorization, or 
         2. Terminate the Work Authorization, or 
         3. Alter the scope of the Work Authorization in order to define tasks that can be accomplished within the remaining estimated work hours. 

For each applicable task and/or deliverable, The ITSD Project Manager (PM) will provide the contractor with a written (email) response within five (5) business days of receipt of a deliverable. This written response will indicate either acceptance or rejection of the deliverable. If the deliverable is accepted, the contractor may invoice DFPI for that deliverable in accordance with the contract. If the deliverable is rejected, the PM will provide a detailed explanation as to why the deliverable was not sufficient.  Additionally, all tasks shall be performed in close coordination and approval of DFPI Information Technology Office and Program Management. Deliverables shall be subject to testing prior to final acceptance.

Information security is defined as the preservation of the confidentiality, integrity, and availability of information.  A secure environment is required to protect confidential information. All records received, handled, or viewed by the contractor and/or consultants shall be securely maintained, and they shall protect the data from unauthorized access, use or disclosure. 

Additionally:

• The contractor must adhere to State Administrative Manual (SAM), Section 5300, which includes the National Institute of Standards and Technology (NIST) SP 800-53 and Federal Information Security Modernization Act (FISMA), Statewide Information Management Manual (SIMM) 5300-A, and 5300-B, Federal Information Processing Standards (FIPS) Publication 140-2 and American National Standards Institute (ANSI). 
   
• The Contractor is required to read and acknowledge DFPI’s Acceptable Use policy.  DFPI’s Acceptable Use Policy form must be signed and returned within 30 days of the Contract approval.
   
• The Contractor, if applicable, is required to complete the DFPI Security Training provided by DFPI’s Information Security Unit.
   
• As part of this contract, the Contractor shall be responsible for all costs incurred by the DFPI due to any and every security incident resulting from the Contractor’s failure to perform or negligent acts of its personnel, and resulting in an unauthorized disclosure, release, access, review, destruction, loss, theft, or misuse of an information asset. If the contractor experiences an actual or potential loss of data or breach of data security, the contractor shall, within two (2) hours of its discovery thereof, report the loss or security breach to the DFPI Information Security Office at security@dfpi.ca.gov. If DFPI determines that notice to the individual(s) whose data has been lost or breached is appropriate, the contractor will bear any, and all costs associated with the notice or any mitigation selected by the DFPI (California Civil Code s. 1798.29(a) [agency] and California Civ. Code s. 1798.82(a) (j 1-3) [person or business]). These costs include, but are not limited to, consultant time, material costs, postage, media announcements, and other identifiable costs associated with the breach or loss of data. 
   
• Prior to expiration of the contract, if applicable, the contractor shall return all State property, including security badges to the DFPI ITSD Primary Contact.

Awarded vendor's Cost Worksheet will be inserted here in the final agreement.

1. CommercialGeneralLiability
   
   Contractor shall maintain general liability on an occurrence form with limits not less than $1,000,000 per occurrence and $2,000,000 aggregate for bodily injury and property damage liability. The policy shall include coverage for liabilities arising out of premises, operations, independent Contractors, products, completed operations, personal and advertising injury, and liability assumed under an insured Agreement. This insurance shall apply separately to each insured against which claim is made, or suit is brought subject to the Contractor’s limit of liability. The policy must name The State of California, its officers, agents, and employees as additional insured, but only with respect to work performed under the Contract.
    
2. Automobile Liability
   
   If Contractor has commercially owned autos, Contractor shall maintain motor vehicle liability with limits not less than $1,000,000 combined single limit per accident. Such insurance shall cover liability arising out of a motor vehicle including owned, hired, and non-owned motor vehicles. The policy must name The State of California, its officers, agents, and employees as additional insured, but only with respect to work performed under the Contract.
   
   If the Contractor has personally owned autos, by signing this Agreement, the Contractor certifies that the Contractor and any employees, subcontractors or servants possess valid automobile coverage in accordance with California Vehicle Code Sections 16450 to 16457, inclusive. The State reserves the right to request proof at any time.
   
   If auto ownership is unknown, Contractor shall maintain motor vehicle liability with limits not less than $1,000,000 combined single limit per accident. Such insurance shall cover liability arising out of a motor vehicle including owned, hired, and non-owned motor vehicles. The policy must name The State of California, its officers, agents, and employees as additional insured, but only with respect to work performed under the Contract.
   
   If Contractor will not have any commercially owned vehicles used during the life of this Agreement, by signing this Agreement, the Contractor certifies that the Contractor and any employees, subcontractors or servants possess valid automobile coverage in accordance with California Vehicle Code Sections 16450 to 16457, inclusive. The State reserves the right to request proof at any time.
    
3. Workers’ Compensationand Employer’s Liability
   
   The Contractor shall maintain statutory worker’s compensation and employer’s liability coverage for all its employees who will be engaged in the performance of the Contract. In addition, employer’s liability limits of $1,000,000 are required. If applicable, Contractor shall provide coverage for all its employees for any injuries or claims under the U.S. Longshoremen’s and Harbor Workers’ Compensation Act, the Jones Act or under laws, regulations, or statutes applicable to maritime employees. By signing this Contract, Contractor acknowledges compliance with these regulations. A Waiver of Subrogation or Right to Recover endorsement in favor of the State of California must be attached to the certificate.
    
4. ProfessionalLiability
   
   If Contract has exposure of a professional nature, including Consultants, Doctors, Engineers, and other professions, Contractor shall maintain Professional Liability covering any damages caused by a negligent error, act, or omission with limits not less than $1,000,000 per claim and $2,000,000 policy aggregate. The Retroactive Date must be shown and must be before the date of the Contract or the beginning of Contract work. Insurance must be maintained, and evidence of insurance must be provided for at least five (5) years after completion of the Contract of work. If coverage is canceled or non-renewed, and not replaced with another claims-made policy form with a Retroactive Date prior to the Contract effective date, the Contractor must purchase “extended reporting” coverage for a minimum of five (5) years after completion of work.
    
5. Motor Truck Cargo Legal Liability
   
   If the Contractor will be transporting State property, Contractor shall maintain Motor Truck Cargo Legal Liability with a limit no less than the full amount of State-owned property, materials, and/or equipment being transported. The policy coverage shall be on a Special Coverage Form including loading & unloading.
    
6. Bailee’s Legal Liability
   
   If the Contractor will have State property in their care, custody, and/or control, including State property on their premise for storage, repair, and other conditions, Contractor shall maintain Bailee’s Legal Liability with a limit equal to the replacement value of State-owned property in Contractor’s care, custody, and control. The Contractor’s policy also must include coverage for state property, which is destroyed, including but not limited to by the following perils of fire, lightning, theft, burglary, robbery, windstorm, explosion, collision, floor, sprinkler leak, and earthquake.

1. Coverage Term - Coverage needs to be in force for the complete term of the Contract. If insurance expires during the term of the Contract, a new certificate must be received by the State at least ten (10) days prior to the expiration of this insurance. Any new insurance must still comply with the original terms of the Contract.
    
2. Policy Cancellation or Termination & Notice of Non-Renewal – Contractor and/or Permittee is responsible to notify the State within five business days before the effective date of any cancellation, non-renewal, or material change that affects required insurance coverage. In the event Contractor and/or Permittee fails to keep in effect at all times the specified insurance coverage, the State may, in addition to any other remedies it may have, terminate this Contract upon the occurrence of such event, subject to the provisions of this Contract.
    
3. Deductible – Contractor and/or Permittee is responsible for any deductible or self- insured retention contained within their insurance program.
    
4. Primary Clause – Any required insurance contained in this Contract shall be primary,and not excess or contributory, to any other insurance carried by the State.
    
5. Insurance Carrier Required Rating – All insurance companies must carry a rating acceptable to the Office of Risk and Insurance Management. If the Contractor and/or Permittee is self-insured for a portion or all its insurance, review of financial information including a letter of credit may be required.
    
6. Endorsements – Any required endorsements requested by the State must be physically attached to all requested certificates of insurance and not substituted by referring to such coverage on the certificate of insurance.
    
7. Inadequate Insurance – Inadequate or lack of insurance does not negate the Contractor and/or Permittee’s obligations under the Contract.
    
8. Satisfying an SIR – All insurance required by this Contract must allow the State to pay and/or act as the Contractor’s agent in satisfying any self-insured retention (SIR). The choice to pay and/or act as the Contractor’s agent in satisfying any SIR is at the State’s discretion.
    
9. Available Coverages/Limits – All coverage and limits available to the Contractor shall also be available and applicable to the State, regardless of the minimum limits required in Section three (3) Insurance Requirements.
    
10. Subcontractors – In the case of the Contractor and/or Permittee’s utilization of subcontracts to complete the Contracted Scope of Work (SOW), the Contractor and/or Permittee shall include all subcontractors as insured under the Contractor and/or Permittee’s insurance or supply evidence of insurance to the State equal to policies, coverages and limits required of the Contractor and/or Permittee.
     
11. Premiums – The Contractor/Permittee shall be responsible for any premium, deductible or self-insured retention in connection with any Required Insurance.
     
12. Required Insurance – By requiring the insurance herein, the Department does not represent that the insurance coverage and limits will necessarily be adequate to protect the Contractor/Permittee and such coverage and limits shall not be deemed as a limitation on the Contractor’s/Permittee’s liability under the indemnities granted to the Department in this Contract.
     
13. Insurance Certificate – The Contractor shall provide an insurance certificate evidencing the required insurance coverage before work commences under this Agreement.