Data Center Assessment and Risk Mitigation Strategy Services

The vendor is required to provide data centers assessment and risk mitigation strategy resulting in a risk mitigated datacenter end state, inclusive of pricing, migration strategy and timeline.
•    Contractor will lead weekly steering meetings with agency identified key governance team to ensure ongoing alignment and rapid issue management as needed (virtual) 
•    Interview (on site) all relevant stakeholders and review all relevant documentation provide by agency on the current state and current use cases. 
•    Interviews shall include the manager of server and networking, the director of it infrastructure, facilities managers for the dual locations, facilities manager technical support, director and manager intelligent transportation systems (its), the senior datacenter engineer, physical infrastructure manager, and associated contributors. it is estimated agency will provide 10-15 contacts to be interviewed. 
•    Physically review all datacenters including the physical locations and condition of interior and exterior facility, identify all risk items, and mitigate those risks within the recommended options. 
•    Also review communication rooms. 
•    Offshore models will not be considered.
•    Contactor shall include assessment of electrical reliability and thermal (mechanical) reliability. 
•    Physical infrastructure assessment
o    Physical location evaluation: assess the suitability of the data center’s physical location, including its proximity to potential natural and man-made hazards (e.g., flood zones, seismic activity), and comment on its geographical diversification if multiple sites exist. 
o    Structural elements review: evaluate the current state of architectural components such as walls (assessing fire rating, insulation, vapor barrier), ceiling systems (e.g., suspended ceilings, plenum use), and raised floor systems (construction, height, weight load capacity).
o    Space utilization and layout analysis: review the overall room layout and current space utilization, particularly assessing the implementation and effectiveness of hot-aisle and cold-aisle configurations and the segregation of it equipment from non-it areas (e.g., workstations, storage). 
o    Equipment accommodation: evaluate internal pathways (e.g., elevators, ramps, doors) for their ability to accommodate large equipment movement.
•    Power infrastructure assessment
o    Power capacity and scalability: assess the total available power (in kw, kw per rack) and evaluate the facility’s existing capacity for potential future expansion and unpredicted demand. 
o    Redundancy and reliability: evaluate the redundancy of existing electrical feeds, power distribution units (PDUS), and uninterruptible power supply (UPS) systems (e.g., n+1 configurations, modular ups capabilities). 
o    Standby power systems: assess the functionality and capacity of existing backup generators, including their fuel supply duration (e.g., 72 hours minimum), automatic transfer switches (ats), and bypass-isolation capabilities. 
o    Cabling management: review current power cabling management practices, including routing (e.g., under raised floor, overhead), cable trays, dressing, and labeling. 
o    Power quality: assess the presence and effectiveness of surge protection devices (SPDS) and evaluate power conditioning quality (e.g., nominal output voltage, distortion, frequency).
o    Documentation and studies: evaluate the completeness and accuracy of existing electrical as-built documentation, one-line diagrams, and the execution and results of any short circuit, coordination, and arc flash studies, including appropriate labeling on electrical equipment. 
o    Efficiency monitoring: assess current practices for power metering and monitoring of power usage effectiveness (PUE).
•    Cooling and environmental control assessment
o    HVAC system evaluation: assess the capacity, configuration (e.g., n+1), and operational effectiveness of existing computer room air handler (CRAH) or precision air conditioning (PAC) units in maintaining required temperature ranges (e.g., 15-20°c or 22°c +/- 2°c) and humidity levels (e.g., 40-60%). 
o    Cooling redundancy: evaluate redundancy measures for cooling units, pumps, and humidifiers. 
o    Chilled water systems: review the condition and integration of existing chilled water systems. 
o    Leak detection: assess the presence, functionality, and coverage of leak detection systems. 
o    Dehumidification: evaluate the need for and presence and effectiveness of dehumidifiers. 
o    Containment: evaluate the air-tightness of the computer room, especially if gaseous fire suppression systems are in use.
•    Network connectivity assessment
o    Data cabling management: assess data cabling management practices, including routing (e.g., overhead, within racks) and cable management solutions. 
o    Data cabling capacity: assess data cabling capacities, % available vs. % used, fiber and copper types, ratios, quantities, and distribution to each rack and at meet-me and cross-connect point(s). 
o    Data cabling condition: assess data cabling age and physical condition, areas where cabling is seeing excessive wear and tear, and where cabling is poorly run or at unnecessary risk of accidental damage 
o    Disaster recovery connectivity: evaluate connectivity and other network links between primary and disaster recovery sites, including their diversity and capacity.
•    Security and access control assessment
o    Physical security measures: evaluate existing physical security protocols, including 24x7x365 on-site security personnel, multi-factor access controls (e.g., photo id, signature verification, biometrics, pin, mantrap systems), and comprehensive cctv coverage (camera placement, recording duration, monitoring protocols). 
o    Access procedures: assess existing access procedures for personnel and third-party vendors, including policies for secure loading docks and unescorted access. 
o    Review policy and accuracy of access limitation and removal of non-required or former personnel. 
o    Incident response: examine existing incident response flowcharts, containment strategies, and remediation efforts. 
o    IT service management policies: evaluate adherence to documented it service management policies and procedures governing incident management, change management, and configuration management. 
o    Data segregation: assess current options and practices for segregating state equipment from that of other customers to prevent unauthorized physical access and promote data security. 
o    Personnel security: review processes for background checks for all employees, vendors, and contractors who have access to or work within the data center, and verify compliance with any applicable regulations. 
o    Internal security plan: evaluate the internal security plan covering contractor operations and control systems, detection and reporting of unauthorized entries, and its application across development, testing, production, and backup systems. 
o    Change management security: assess the existing change and configuration methodology, baseline configuration tracking, and notification procedures to the chief information officer (CIO) for major system changes. 
o    Risk management: review the established risk management plan, including processes for identifying, reporting, and mitigating technical and security risks.
•    Operations and support services assessment
o    On-site support: evaluate the availability and “remote hands” or “smart hands” services, review agency current expected response times and model v industry best practice 
o    Managed services options: assess the availability and scope of existing or potential managed service options for data center monitoring, incident response, routine maintenance, backups, data replication, and device configuration and patch management. 
o    Operational readiness: review current operational readiness, documented standard operating procedures (SOPS), and emergency playbooks for crisis management. 
o    Reporting and monitoring: evaluate existing reporting and monitoring capabilities, including web-based portals for facility status, SLA reporting, billing, and automatic electronic notifications of incidents. 
o    Service desk support: assess the provision of 24x7x365 help desk support for fault reporting, trouble ticketing, and related inquiries. 
o    Escalation procedures: examine established escalation procedures for critical issues and notification processes for events occurring outside normal business hours. 
o    Service level agreements (SLAs): review existing SLAs for uptime commitments (e.g., 99.95% or 99.98%), response time standards, scheduled and unscheduled maintenance policies, notification protocols, remedies, and exclusions. 
o    Tape handling: assess processes for off-site tape shipping and receiving, as applicable, and the maintenance of audit records. 
o    Review the existing backup methodology for reliability and recoverability in the event of HA and DR needs.
o    Asset management: review current asset management processes, including software and hardware inventory, cataloging, configuration monitoring, and delta reporting. 
o    Capacity planning: evaluate current practices for workload analysis and capacity planning services. 
o    Project management: assess existing project management practices and processes for infrastructure changes, including detailed schedules and resource management. 
o    Migration preparedness: evaluate capabilities for data validation, contingency planning, and mock move exercises for any planned or future relocation or modernization efforts. 
o    Documentation and training: review the availability and quality of system administration manuals, user and operational manuals, service guides, handbooks, installation and configuration reports, diagrams, and asset inventory records. 
o    Assess current training programs for IT personnel. 
o    Dispute resolution: examine established dispute resolution processes.

- Contract Period/Term: 1 year
- Questions/Inquires Deadline: September 22, 2025