Request for Proposal – Audit of Information Technology Operations at Westchester Library System

The Request for Proposal (RFP) for Audit of Information Technology (IT) Operations at Westchester Library System will be posted on: August, 20 2019 at 4:00PM EDT

Get the RFP

You may download the electronic copy of the RFP below:

Request for Proposal – Audit of Information Technology (IT) Operations at Westchester Library System (PDF)

You may download a free reader using the link below:
Adobe Reader (PDF)

Parties interested may also request a paper copy of the RFP document by emailing  In your request include:

  • Name and/or Department to whose attention the mailing should be addressed
  • Organization Name
  • Street Address
  • City, State, and Zip Code


All proposal responses to the RFP must be received no later than Friday, September 13, 2019 @ 4:00 pm EDT.
See the contents of the RFP document for the rules pertaining to submitting proposal responses.

Questions and Answers

We also sell monthly services that might be needed by WLS, depending upon the audit results. If we do the audit and recommend certain monthly services that we also sell, does that disqualify us from proposing sales of these monthly services from our company later on?
No. Being selected as the auditor would not disqualify a firm from providing additional services in the future.

The 38 library locations: Will we need to visit every single location for physical security and network reviews or is a “representative sample” combined with remote/WAN-based assesstment sufficient? Seems like site visit required for accurate assessment of 3.C.viii.
A representative sample should be sufficient. Based on preliminary findings a more exhaustive review could be conducted.

In terms of the VDI environment:
  • What is the purpose of this environment? For library employees? Public workstations? Both?
  • What types of data resides on the VDI user profile disks? This will help us scope the labor effort to assess security concerns around storage environment
  • Is this environment accessed primarily via thin/zero clients?
Currently the VDI supports staff workstations only. Part of the audit is to help determine if VDI is the right choice to replace the existing traditional desktop environment used by patrons. The VDI staff workstations are currently dynamic pools created from read-only masters. Each desktop in the pools is deleted and re-cloned after each user sessions. Nothing is stored on the workstations or the VDI desktop. All user files are stored in a mapped documents folder from a file server and profile data is stored and mapped using UEM.

In terms of the Datacenter environment:
  • What is the total number of hosts and VMs, and how many VMs are in-scope?
  • Is there central management used to manage this environment (such as SCCM, Kaseya, etc.) and will we be able to leverage these tools during the assessment to create efficiencies?

There are 9 hosts (nodes) spread among 3 chassis. There are 784 VMs evenly distributed amonth the nodes with roughly 660 VMs that are solely staff VDI desktops.

Three products are used to manage the virtualized environment – VMware vSphere, Horizon Admin portal and Nutanix Prism.

Comments are closed.