The Vendor is required to provide a comprehensive backup and disaster recovery (BDR) solution that ensures the protection, availability, and recoverability of critical systems and data.
- The solution should support both local and cloud-based backups, offer rapid recovery capabilities, and include strong security, compliance, and testing features.
- Backup and Storage Architecture
o On-premises backup appliance with a minimum of 40 TB usable storage.
o Immutable storage for all backup data, including on-premises, cloud, and SaaS workloads.
o Offsite replication of backup data to a secure, vendor-managed cloud environment with appropriate compliance certifications (e.g., SOC 2 Type II).
o Backup storage must be isolated from common network protocols (e.g., SMB/NFS) to reduce attack surface.
o Backup infrastructure should not rely on traditional Windows or SQL Server components.
- Security & Compliance
o Multi-factor authentication (MFA) with support for time-based one-time passwords (TOTP).
o A secure approval mechanism that prevents unauthorized or accidental changes to data lifecycle policies.
o Architecture should follow Zero Trust principles.
o Encryption of data in transit and at rest.
o Support for secure credential management, including integration with Group Managed Service Accounts (gMSA) or equivalent.
o Time synchronization mechanisms should be resilient to tampering (e.g., NTP poisoning).
o Ability to meet government or industry compliance standards (e.g., FedRAMP) upon request.
- Management & Support
o Centralized management console for monitoring and managing backups and disaster recovery operations.
o Unified visibility across all protected environments (on-premises, cloud, SaaS).
o 24x7x365 vendor support.
o Scalable architecture to accommodate future data growth and infrastructure expansion.
o Access to cybersecurity expertise or incident response services, either included or available as an add-on.
- Contract Period/Term: 3 years
- Non-Mandatory Pre-Proposal Meeting Date: January 14, 2026
- Questions/Inquires Deadline: January 20, 2026
