The vendor required to provide IT managed care services that ensure reliable operations, strong cybersecurity, regulatory compliance and strategic alignment to the authority public mission.
- Staffing model, coverage, and escalation
1. Strategic leadership
• Assign a virtual Officer responsible for authority IT strategy including developing an annual technology vision and 3-year roadmap refresh, governance, risk management, and leading quarterly technology business reviews (TBRS).
2. On site resource
• A hybrid onsite and remote staffing model is acceptable provided the vendor’s remote location is within a 30-mile radius of the authority facilities or vendor guarantees on-site dispatch for emergency incidents within 2 hours.
• Proposals must include a proposed staffing model.
• The vendor must assign a knowledgeable on-site IT individual(s) to serve as the primary point of contact for IT project management, process improvement, onsite troubleshooting, hardware maintenance, and end-user software support.
• Steward troubleshooting, communicating, and opening tickets on behalf of authority with supportive technology vendors that manage other systems.
• The knowledgeable on-site individual(s) shall be available during normal business hours (8:00 a.m. – 5:00 p.m. Eastern time, Monday through Friday).
• The on-site individual shall be well-versed in day-to-day operations of the authority along with a reasonably deep understanding of the authority technology continuum.
3. Broader support team
• Maintain a multi-tiered help desk center, remote engineers, and 24x7 monitoring staff capable of scalable response across all service areas.
• Provide named qualified backup personnel vendor to cover absences or provide supplemental on-site assistance as needed.
4. Escalation path
• Document and maintain a clear escalation path: on-site specialist → remote tier 2 → remote tier 3 → officer with defined response and communication checkpoints.
- End user support and IT service management
• Provide a user-friendly ticketing system (portal, email, phone) with SLA-driven workflows and calendar scheduling with resolution efforts.
• Manage and resolve IT support tickets with a focus on timely communication with employees, resolution, and minimal disruption to operations.
• Provide a monthly operational report on analytics: ticket volumes and types of issues, SLA attainment and resolution times, system performance, vendor coordination, and continuous improvement actions.
- Systems, cloud, and VoIP management
• Manage all endpoints (desktops, laptops, tablets, servers, peripherals) with standardized builds, MDM, and configuration guidelines.
• Provide, manage, and maintain endpoint detection and response (EDR).
• Oversee and maintain all hardware, including servers, workstations, tablets, and peripheral devices.
• Ensure all hardware is secure, up-to-date, and operates efficiently.
• Support maintenance of the cloud telephony (VoIP) for QLINE station emergency call boxes, including QOS, utilization, capacity planning, and e911 compliance.
• Support staff with wireless phone plans account management (iPhone), including upgrade planning, data usage monitoring, and right-sizing plans.
• Manage, maintain, and regularly test backup solutions.
• Assist the authority with the development of a comprehensive disaster recovery solution.
• Prospective vendors shall provide pricing for their preferred DRAAS solutions.
• Provide, manage, and maintain endpoint user-protection software.
- Onsite and remote backup system
• Both onsite and offsite solutions shall maintain immutable copies of all authority data.
• Backup solutions shall have a provision to provide immutable backups for o365, in addition to on-premise data, databases, and software programs.
• All backup data, including onsite and offsite data, shall be fully encrypted both in-transit and at rest.
• Offsite storage of authority backup shall be maintained in a facility wherein NIST cybersecurity standards are met and maintained, particularly in reference to geographic redundancy standards.
• Offsite and onsite backup copies shall be tested and verified on a quarterly basis to ensure and guarantee the efficacy and viability of these data.
• Backup solution shall be capable of operating remotely in the case of a disaster which renders local site restoration impossible.
• Words, virtual and physical machines must be able to boot up and function as expected in the offsite backup facility, be that a public or private cloud service being rendered to authority by the vendor or the existing Datto solution.
• Awarded vendor shall provide a fully executable written disaster recovery plan within the first 120 days of contract award.
• Plan shall include (but is not limited to): step-by-step procedure for executing recovery process from start to finish, including such details as the establishment of remote VPN tunnels; establishment of any new network IP segments which must be activated to bring the backup into production; and other tasks not directly listed in this document.
- Proactive monitoring and maintenance
• Authority prefers a two (2) to three (3) week runway anticipating needed maintenance wherein outage windows can be scheduled and coordinated across the authority team, vendors, and external partners if outage impacts QLINE service during normal streetcar business hours.
• Implement proactive monitoring tools for infrastructure, applications, and endpoints to detect and address issues before they impact operations.
• Perform routine and emergency maintenance on servers, networks, and infrastructure to ensure system health and uptime.
• This would include firmware updates and software patching as security issues and bulletins are released by manufacturers.
- Reporting, communication, and officer reviews
• Monthly operational reports within five (5) business days post month-end including ticket metrics, SLA attainment, resolution times, system performance, security posture, vendor coordination, and recommendations for continuous improvement.
• Conduct quarterly technology business reviews with authority leadership to present and discuss overall performance, KPI’s, annual technology vision and 3 year -roadmap refresh status, risk register, budget outlook, and proposed new projects.
- Contract Period/Term: 2 years
- Questions/Inquires Deadline: January 14, 2026
