36 Miss. Code. R. 2-10-210.5
RFP and Proposal Confidentiality Procedure
The Mississippi Public Records Act of 1983, Mississippi Code Section 25-61 states:
In addition, the integrity of the procurement process requires that ITS maintain confidentiality regarding the content of an RFP at all times prior to the RFP's official release. This confidentiality is to ensure no vendor has an unfair advantage due to having advance knowledge of specific RFP content and requirements.
The following procedures should be followed to protect the integrity of the procurement process and to secure the resulting vendor proposals throughout the lifecycle of the information technology procurement project.
During RFP Development:
Participants in the RFP development process are bound by public procurement policy to maintain confidentiality of the specific content and requirements of the RFP at all times prior to the RFP's official publication on the ITS website ("RFP Release"). In many cases, the understanding and verbal commitment of the participants afford adequate protection for the integrity of the RFP and procurement process. The ITS Technology Consultant (TC) serving as Project Manager should determine whether a specific RFP requires the execution of formal, written RFP Confidentiality Agreements. Factors that would indicate a written RFP Confidentiality Agreement is needed include:
Prior to Proposal Due Date:
The ITS TC serving as Project Manager and the Customer Agency contact on the project should determine the composition of the evaluation team. ITS customers may utilize the services of third party contractors for proposal evaluation, quality assurance of vendor deliverables and/or implementation project management. These contractors must be subject to the same confidentiality requirements as the state team members. Generally, all members of the team evaluate the vendor's entire proposal. In some instances, team members may only evaluate specific portions of a vendor's proposal where they have expertise. In either case, all team members should execute an Evaluation Confidentiality Agreement prior to receiving a copy of proposals. The executed confidentiality agreements must be maintained in the ITS project file. The TC should stress the importance of maintaining proposal confidentiality in initial meetings with the evaluation team.
Proposal Due Date:
Vendors and other parties that have not executed confidentiality agreements relative to this procurement may attend the proposal opening. The TC and/or proposal opening witness must ensure that the opened proposals are not left unattended at any time. The TC should secure a master copy of each proposal to eventually archive with the project file. The TC should distribute the remaining copies of the proposals to only those members of the evaluation team who have executed the confidentiality agreement.
Proposal Evaluation:
The TC should instruct the team members to take all reasonable precautions to prevent unauthorized access to vendor proposals. Additionally, the team members should be reminded not to discuss proposal content with anyone other than evaluation team members. Team members operating in a cubicle environment should utilize enclosed cabinets, boxes or some other means to avoid leaving proposals exposed to passers-by. As most office environments now share printers, caution must be taken in printing any proposal comparisons or summaries that contain technical and/or financial data about the proposals so that the printouts are not viewed by unauthorized individuals. During the evaluation period, the team may request clarifications from the vendor on specific areas of his proposal. The clarifications submitted by the vendor must be held to the same level of confidentiality as the original proposal. If during the evaluation, it is determined that additional people need to evaluate the proposals in whole or in part, the TC must require them to execute a confidentiality agreement and instruct them on precautionary measures of safeguarding the proposals.
Post Evaluation:
When the evaluation is complete, the TC must collect all copies of the losing vendors' proposals. The TC and the customer agency contact must determine the number of winning vendor proposals that will be required by the customer for use in project implementation. Typically, one copy is required for contract administration. Frequently additional copies are needed for the Project Manager and Quality Assurance provider. The TC must be certain that a Confidentiality Agreement for Awarded Vendor Proposal has been executed by the Customer Agency Executive Director or Information Systems Officer before releasing copies of the winning proposals. The TC will secure one copy of each proposal for the ITS permanent project file and distribute the requested copies of the winning proposal to the customer agency. After expiration of the period in which a protest of award may be filed, all remaining copies of the winning and losing proposals must be destroyed. All copies must be shredded or otherwise destroyed by the TC or the ITS/ISS Administrative Team.
Damage Control:
If at any point during the evaluation or implementation process it is known that the contents of a proposal have been exposed to a third party, the TC should first ascertain the extent of the exposure. If exposure was to an internal party to the project, the TC should immediately have them execute a Confidentiality Agreement and instruct them on proposal confidentiality. If exposure was to an outside party, the TC should notify ITS ISS Division management, who will provide appropriate notification to the affected Vendor.
36 Miss. Code. R. 2-10-210.5