Up One Level

Request for Proposal - RFP


The Request for Proposal - or RFP, is the document produced by the project team of the organisation when determining the supplier and/or solution to a commercial need or requirement.

The project team should already have ascertained the types of solution which are appropriate and the vendors which compete in that space. The RFP is sent by the organisation to each of the primary vendors, with the intention that each vendor responds with a written proposal detailing how they will provide the solution, and the terms and conditions of such supply.

Typically, an RFP will comprise the following items :



  • Covering letter

Introductory letter explaining what is expected and required, in particular, the date by which the response is required. Depending upon size and complexity, this period may extend from weeks to months.

  • Introduction

An introductory paragraph, stating to purpose of the RFP, the date by which submissions should be made, the means by which submissions should be made (e.g. by fax to ...; or by e-mail to ... etc)

  • Organisation Overview

To enable vendors to place their options for a solution into context, they need an overview of the organisation and its activities.

  • Project Overview

The aims and objectives of the project, and the extent to which the vendor's solution is anticipated to contribute towards such objectives.

  • Key Requirements and Constraints

It is critical to specify the key requirements and any constraints; e.g. if you require a solution to run on / integrate with, your Windows® NT system, then it should be specified along with any and all other requirements.

Caution :Vendors will often telephone, or try to arrange a private meeting in an effort to glean further 'inside' information in order to ensure that their response is attractive. Ensure that all vendors are treated equally and that each is given the same requirements and expectations.

  • Scope Limitations

Specify the precise boundaries of the solution in terms of location, people (numbers), organisational units, type of user and anything else which may be relevant.

  • Vendor questionnaire

The RFP should always include a questionnaire which requires a response from the vendor to demonstrate how their solution will meet the stated requirements etc. All questions should encourage a response that is objective.

  • Specific contractual or other requirements

Provide the vendors with any material contractual requirements which they should be aware of prior to their response to the RFP.

  • Additional Information e.g. customer references, demonstrations etc

Specify the types of additional information that you expect to be provided.


N.B. It is extremely important that all vendors are treated equally and fairly and, as such, it is worth spending adequate time in order to plan for and prepare the RFP. Information provided to one vendor, as a result of (say) a one on one meeting, and not provided to other vendors, would be viewed as biased or uncompetitive and could result in difficulties, especially where you expect to use that vendor in the future. Therefore, if it is necessary to provide additional information, as a result of an enquiry from one vendor, supply this to all.

*** The Information Security Glossary ***
Previous PageTop of this pageNext Page

Buy Now:


This Glossary forms part of the RUsecure Security Policy Suite... visit RUsecure Security Policy World
Use of the guidance contained within RUsecure™ is subject to the End User Licence Agreement
This site created with EasyHTMLHelp(tm) for MS Word
 Risk Associates: Resources for Security Risk Analysis, ISO 17799 / BS7799, Security Policies and Security Audit