Employee Safety Footwear Program
Project Information
- Bid Title
- Employee Safety Footwear Program
- Issuing Agency
- State Government of Tennessee
- Location
- Tennessee
- Published Date
- May 7, 2026
- Closing Date
- May 21, 2026
- Government Level
- State & Local
- Status
- Closed
- Ref. #
- RFI 40100-51820
- Original Source
- Join to Access Full Details
- Bid Inquiries
- Join to Access Full Details
- Bid Documents
- Join to Access Full Details
- Project Description
-
Document ID & Hyperlink: RFI 40100-51820 Event Start - Response Due: 05/07/2026
05/21/2026Event Name: Employee Safety Footwear Program Last Updated:
- Attachment Preview
-
STATE OF TENNESSEETENNESSEE DEPARTMENT OF TRANSPORTATIONREQUEST FOR INFORMATIONFOREMPLOYEE SAFETY FOOTWEAR PROGRAMRFI # 40100-51820May 7, 20261. STATEMENT OF PURPOSE:The State of Tennessee, Department of Transportation issues this Request for Information (“RFI”)for the purpose of assessing the ability of Respondents to meet the State security requirements ofa future solicitation for an Employee Safety Footwear Program. We appreciate your input andparticipation in this process.2. BACKGROUND:The Department of Transportation is seeking a vendor to manage the employee safetyshoe program for approximately 2,500 field staff. Eligible employees will be given anallotment annually for footwear, and the Contractor will perform all logistical andadministrative work to provide the employees with approved safety footwear. TheContractor must be able to provide services on site and online including collectingsize/style information, coordinating order placement, receiving, and distributing thefootwear, troubleshooting of any issues with ordering, shipping, receiving, andpayment of the footwear.TDOT issues this RFI to gather information from safety footwear vendors to understandthe Respondent’s ability or describing Respondent’s inability to comply with therequirements set forth in Attachment A.3. COMMUNICATIONS:3.1. Please submit your response to this RFI to:Taylor Hipes, Procurement and Contracts DivisionTennessee Department of TransportationTennessee Tower, 11th floor312 Rosa L Parks Ave, Nashville, TN 37243TDOT.RFP@tn.gov13.2. Please feel free to contact the Tennessee Department of Transportation with any questionsregarding this RFI. The main point of contact will be:Taylor Hipes, Procurement and Contracts DivisionTennessee Department of TransportationTennessee Tower, 11th floor312 Rosa L Parks Ave, Nashville, TN 37243TDOT.RFP@tn.gov3.3. Please reference RFI # 40100-51820 with all communications to this RFI.4. RFI SCHEDULE OF EVENTS:EVENT1. RFI Issued2. RFI Response DeadlineTIMEDATE(Central Time (all dates are StateZone)business days)May 7, 2026May 21, 20265. GENERAL INFORMATION:5.1. Responding to this RFI is a prerequisite for responding to any future solicitationsrelated to this project. Responses to this RFI will not create any contract rights andresponses to this RFI will become property of the State.5.1.1.1. All Respondents will be required to provide a signed written response from their legalcounsel, or Chief Executive Officer or their authorized designee legally empowered tobind the respondent to the provisions of the solicitation and resulting contract (ifawarded), either confirming Respondent’s ability or describing Respondent’s inability tocomply with the requirements set forth in Attachment A.5.1.1.2. The specific Recovery Time Objective (RTO) and Recovery Point Objective (RPO)periods referenced in the Information Technology Security Requirements clause ofAttachment A will be negotiated and determined between the vendor and the State forthe particular contract based on the priority of the service.5.2. The information gathered during this RFI is part of an ongoing procurement. In order toprevent an unfair advantage among potential respondents, the RFI responses will not beavailable until after the completion of evaluation of any responses, proposals, or bidsresulting from a Request for Qualifications, Request for Proposals, Invitation to Bid or otherprocurement method. In the event that the state chooses not to go further in theprocurement process and responses are never evaluated, the responses to theprocurement including the responses to the RFI, will be considered confidential by theState.5.3. The State will not pay for any costs associated with responding to this RFI.6. INFORMATIONAL FORMS:The State is requesting the following information from all interested parties. Attachment A arebeing provided as information only for the Respondent to provide an informed response. Pleasefill out the following forms:RFI #40100-51820TECHNICAL INFORMATIONAL FORM1. RESPONDENT LEGAL ENTITY NAME:2. RESPONDENT CONTACT PERSON:Name, Title:Address:Phone Number:Email:3. Provide a signed written response from either the legal counsel, Chief Executive Officer, ortheir authorized designee legally empowered to bind the respondent to the provisions of thesolicitation and resulting contract (if awarded), either confirming the Respondent’s ability ordescribing the Respondent’s inability to comply with the requirements outlined in Attachment A.4. If Contactor cannot meet the following requirement specified in Attachment A, “The Contractorshall ensure that all State Data is housed in the continental United States, inclusive of backupdata. All State data must remain in the United States, regardless of whether the data isprocessed, stored, in-transit, or at rest. Access to State data shall be limited to US-based(onshore) resources only,” provide the name of the host country(ies) where any data may beprocessed or stored, in-transit, or at rest.Attachment ANotable Terms and Conditions Requirements:(This Attachment does not represent all State of Tennessee contractual Terms and Conditions,but reflects those the State requires acknowledgement of the Respondent’s ability, or inability, tocomply with to determine inclusion in a future procurement for the services referenced in thisRFI).D.#. Information Technology Security Requirements (State Data, Audit, and Other Requirements).a. “State Data” is any and all data that can be accessed, processed, generated, including derivativeworks, stored, or hosted by the Contractor in performance of this Contract.” The Contractor shallprotect State Data as follows:(1) The Contractor shall ensure that all State Data is housed in the continental United States,inclusive of backup data. All State Data must remain in the United States, regardless ofwhether the data is processed, stored, in-transit, or at rest. Access to State Data shall belimited to US-based (onshore) resources only.All system and application administration must be performed in the continental United States.Configuration or development of software and code is permitted outside of the United States.However, software applications designed, developed, manufactured, or supplied by personsowned or controlled by, or subject to the jurisdiction or direction of, a foreign adversary, whichthe U.S. Secretary of Commerce acting pursuant to 15 C.F.R. § 7 has defined to include thePeople’s Republic of China, among others are prohibited. Any testing of code outside of theUnited States must use fake data. A copy of production data may not be transmitted or usedoutside the United States.(2) The Contractor shall encrypt State Data at rest and in transit using the current version ofFederal Information Processing Standard (“FIPS”) 140-2 or 140-3 (or current applicableversion) validated encryption technologies. The State shall control all access to encryptionkeys. The Contractor shall provide installation and maintenance support at no cost to theState.(3) The Contractor shall maintain, obtain, or undergo the following third-party information securityaudit(s) for both the Contractor and the Contractor’s processing environment containing StateData. The Contractor shall ensure that each assessment remains current and valid throughoutthe term of the Contract.i. NIST Audit - The Contractor and Contractor’s processing environment containing StateData shall undergo an annual independent audit assessing compliance with the privacyand security controls established in the National Institute of Standards and Technology(NIST) Special Publication 800-53. The audit shall be conducted by a qualified independentassessor, which may include a reputable CPA firm, cybersecurity firm, or other organizationwith demonstrated expertise in assessing NIST control compliance. The audit mustevaluate compliance with the security controls defined in the NIST Special Publication 800-53B moderate-impact security control baseline or a higher-impact baseline.(4) Upon request by the State or the Comptroller of the Treasury, and within thirty (30) days ofcompletion or receipt of any audit required under Contract Section D.#,a.(3) the Contractorshall provide the State or the Comptroller of the Treasury with the following documentationand deliverables. The Contractor shall ensure that all documentation remains current,complete, and accurate throughout the term of the Contract.i. NIST Audit1) The audit report in its entirety;2) A corrective action plan describing each identified deficiency, planned remediationsteps, and anticipated completion dates.Upon request by the State or the Comptroller of the Treasury, the Contractor shall also providecurrent Subcontractor certifications, reports, and related deliverables pertaining to servicesprovided under this Contract within thirty (30) days. If any certification, authorization,examination, or assessment required under this Contract for any Subcontractor supporting thisContract lapses, expires, is suspended, or is revoked, the Contractor shall notify the State inwriting within five (5) business days of learning of the status change and provide: (i) theeffective date and reason; (ii) the services and State Data affected; and (iii) the Contractor’scorrective action plan and interim risk mitigations.No additional funding shall be allocated for these examinations as they are included in theMaximum Liability of this Contract.(5) The Contractor must annually perform Penetration Tests and Vulnerability Assessmentsagainst its Processing Environment per the NIST 800-115 definition. “ProcessingEnvironment” shall mean the combination of software and hardware on which the Applicationruns. “Application” shall mean the computer code that supports and accomplishes the State’srequirements as set forth in this Contract. “Penetration Tests” shall be in the form of attackson the Contractor’s computer system, with the purpose of discovering security weaknesseswhich have the potential to gain access to the Processing Environment’s features and data.The “Vulnerability Assessment” shall be designed and executed to define, identify, and classifythe security holes (vulnerabilities) in the Processing Environment. The Contractor shall allowthe State, at its option, to perform Penetration Tests and Vulnerability Assessments on theProcessing Environment. The Contractor shall provide a letter of attestation on its processingenvironment that penetration tests and vulnerability assessments has been performed on anannual basis and taken corrective action to evaluate and address any findings.In the event of an unauthorized disclosure or unauthorized access to State Data, the StateStrategic Technology Solutions (STS) Security Incident Response Team (SIRT) must benotified and engaged by calling the State Customer Care Center (CCC) at 615-741-1001. Anysuch event must be reported by the Contractor within twenty-four (24) hours after theunauthorized disclosure has come to the attention of the Contractor.(6) If a breach has been confirmed a fully un-modified third-party forensics report must be suppliedto the State and through the STS SIRT. This report must include indicators of compromise(IOCs) as well as plan of actions for remediation and restoration. Contractor shall take allnecessary measures to halt any further Unauthorized Disclosures.(7) Upon State request, the Contractor shall provide a copy of all State Data it holds. TheContractor shall provide such data on media and in a format determined by the State(8) Upon termination of this Contract and in consultation with the State, the Contractor shalldestroy, and ensure all subcontractors shall destroy, all State Data it holds (including any
- Commodity Codes
-
- NAICS 541611Administrative Management and General Management Consulting Services
- NAICS 541612Human Resources Consulting Services
- NAICS 541690Other Scientific and Technical Consulting Services
* Disclaimer: Government BidHub provides information on bids, RFPs (Requests for Proposals), and RFQs (Requests for Qualifications) solely for convenience and informational purposes. This site is not an official public notice board. For official details, responses, or inquiries, please contact the relevant government agency directly.
Empower Your Bidding Strategy
Unlock Government BidHub's unparalleled access to high-quality, tailored bid information.
- Access an extensive database of bids, including comprehensive local and state opportunities.
- Receive customized alerts for the bids that matter most to your business.
- Explore detailed specifications to ensure precise and competitive submissions.
- Gain a competitive edge with up-to-date information and exclusive opportunities.