Section 4: Vendor Qualifications

This section asks vendors to demonstrate their fitness for the specific demands of a California public agency engagement. It is where you separate MSPs who actually serve the public sector from those who are simply expanding their sales territory.

Special District and Public Agency Experience

Ask vendors to provide a list of current or recent California special district or public agency clients. For each, request the agency name, type of district or agency, scope of services provided, approximate number of users supported, and a reference contact including name, title, and phone number.

Experience with California special districts is meaningfully different from general government IT experience. Special districts operate under the Brown Act, have specific procurement and transparency obligations, often serve small staffs with no dedicated internal IT resources, and depend on continuity of service for public-facing operations. An IT provider that has never supported a public agency will encounter a learning curve that your agency pays for.

CSDA Business Affiliate Status

Ask vendors to indicate whether they hold current CSDA Business Affiliate status through the California Special Districts Association. CSDA Business Affiliates have made a formal commitment to the special district community. They understand the governance structure, attend CSDA and regional conferences, stay current on legislative changes affecting districts, and are embedded in the ecosystem in ways that directly benefit their public agency clients. This is reflected in the scoring matrix below.

Technical Credentials

Ask vendors to list technical certifications held by staff who would be assigned to your account. Relevant credentials include CompTIA A+, CompTIA Network+, CompTIA Security+, Microsoft 365 certifications, AWS or Azure certifications, ITIL Foundation or higher, and any other credentials relevant to the services proposed. A summary list of firm-held credentials with the certification name and approximate number of staff holding each is sufficient. Individual resumes are not necessary and not requested.

Cybersecurity Posture

Ask vendors to describe their cybersecurity monitoring and incident response capabilities. Address whether 24/7 SOC monitoring is included in the proposed service, which endpoint detection and response platform is used, how MFA is deployed and enforced across managed environments, what the incident response process looks like including response time commitments and escalation procedures, and whether the vendor carries cyber liability insurance.

Special districts are increasingly targeted by ransomware and phishing attacks. A cybersecurity posture is not an add-on. It is a baseline expectation. Proposals that treat security as optional line items rather than integrated service components should be evaluated accordingly.

Section 5: Evaluation Criteria and Scoring

The following scoring matrix is provided as a default framework. Your agency may adjust weights to reflect local priorities, but the categories below represent a balanced approach for California special district IT procurement.

Technical Capability and Scope Response: 35 points

Evaluated on how completely and specifically the vendor addresses each element of the scope, the depth of their proposed service delivery model, and the clarity of their support structure. Responses that address the scope in generic terms without referencing the agency’s specific environment should receive lower scores in this category.

Special District and Public Agency Experience: 25 points

Scored based on the number and relevance of verified California public agency references, with additional consideration for agencies of similar size and type. Vendors with no California public agency experience should score no higher than 10 points in this category regardless of other qualifications.

Cybersecurity Posture: 15 points

Evaluated on whether 24/7 SOC monitoring is included, the maturity of the proposed endpoint protection and MFA deployment, and the quality of the incident response plan. Vendors who cannot demonstrate an active SOC partnership or equivalent monitoring capability should score no higher than 5 points in this category.

CSDA Business Affiliate Status and Sector Commitment: 10 points

Awarded as a flat 10 points to vendors with current CSDA Business Affiliate status. This criterion recognizes demonstrated, formal commitment to the California special district community as a meaningful indicator of long-term partnership alignment and sector readiness.

References: 10 points

Evaluated on the recency, relevance, and verifiability of provided references. References from California public agencies receive full consideration. References from private sector clients only should be weighted at 50 percent in this category.

Pricing: 5 points

Evaluated on total monthly cost relative to the scope proposed. The lowest price does not automatically receive the highest score. A flat-rate, all-inclusive pricing structure should be viewed favorably because it eliminates surprise invoices and supports predictable budget planning, which is a core obligation of public agency financial management.

Section 6: Project Timeline

Your RFP should include a clear timeline of all key dates. Include the date the RFP was issued, the deadline for written questions, the date responses to questions will be published as a public addendum, the proposal submission deadline including exact time and method, the anticipated date for oral presentations if applicable, the anticipated award date, and the anticipated contract start date.

California special districts are subject to the Brown Act and public contracting requirements. Allow adequate time for vendors to prepare thoughtful proposals. A minimum of three weeks from issuance to submission deadline is recommended for a managed IT services engagement of this scope.

Section 7: Submission Instructions

Specify exactly how proposals should be submitted. State whether electronic submission, physical copies, or both are required. If physical copies are required, state the quantity, the mailing address, and whether they must be sealed and labeled. For electronic submissions, specify the acceptable file format, the naming convention, and the email address or portal where submissions should be sent. Name the specific contact person who will confirm receipt.

Make clear that vendors should not contact board members or other district staff during the RFP process. All questions must be submitted in writing by the questions deadline and will be answered via public addendum so every vendor receives the same information.

Section 8: Insurance Requirements

Require vendors to carry and provide evidence of the following before contract execution. General liability insurance at a minimum of $1,000,000 per occurrence and $2,000,000 aggregate. Workers compensation at statutory limits. Professional liability or errors and omissions insurance at $1,000,000 minimum. Cyber liability insurance at $1,000,000 minimum.

Require the district to be named as an additional insured on general liability and cyber liability policies. Cyber liability insurance is frequently omitted from public agency procurement requirements. It should not be. An IT provider that experiences a breach affecting your environment needs to be able to respond financially. Require it.

Section 9: Legal and Compliance

Include the following standard provisions. The district reserves the right to reject any and all proposals and to waive any irregularities in the procurement process. Proposals become the property of the district upon submission. Under the California Public Records Act, proposals may be subject to public disclosure following contract award. Vendors wishing to designate any portion of their proposal as confidential must identify the specific provision of the CPRA they believe provides the exemption and state the factual basis for the claim. A blanket confidentiality designation is not valid. Include a non-collusion affidavit and conflict of interest disclosure as required elements of the proposal package.