Request for Proposals (Rfp) For

RFP 12-1172 Annex D

ANNEX D

REQUEST FOR PROPOSALS (RFP) FOR JOINT PROCUREMENT OF STOCKLESS OFFICE SUPPLIES RFP NO. 12-1172

REQUIREMENTS MATRIX

Offeror’s proposal must be organized to follow the format of this RFP. Each Offeror must respond to every stated request or requirement and indicate that Offeror confirms acceptance of and understands the Bank’s stated requirements. The Offeror should identify any substantive assumption made in preparing its proposal. The deferral of a response to a question or issue to the contract negotiation stage is not acceptable. Any item not specifically addressed in the Offeror’s proposal will be deemed as accepted by the Offeror. The terms “Offeror” and “Contractor” refer to those companies that submit a proposal pursuant to this RFP. Where the Offeror is presented with a requirement or asked to use a specific approach, the Offeror must not only state its acceptance, but also describe, where appropriate, how it intends to comply. Failure to provide an answer to an item will be considered an acceptance of the item. Where a descriptive response is requested, failure to provide the same will be viewed as non- responsive. Where a statement of non-compliance is provided, the Offeror must indicate its reasons and explain its proposed alternative, if applicable, and the advantages and disadvantages to the Bank of such proposal. While completing the following table, Offeror may reformat it or refer to its own other file attachments in its response, but must retain the sequence of tables, sections and questions.

SECTION TECHNICAL INDICATORS

1 EXPERIENCE

Describe the full range of services that you are currently offering and how that Q1.1 portion as required under this RFP fits into the overall portfolio. Offeror's Response Describe your firm’s organizational structure and how that section managing Q1.2 office supplies as required under this RFP fits into that structure. Offeror's Response Provide a list of your major clients for which you have been providing the Q1.3 office supplies services as required under this RFP. Offeror's Response For those three (3) client references provided in “Reference Information” form Q1.4 in Annex C, Mandatory Criteria, detail your experience in providing the similar services as required under this RFP.

CONFIDENTIAL Page 1 of 17 RFP 12-1172 Annex D

SECTION TECHNICAL INDICATORS Offeror's Response 2 OPERATIONAL CAPABILITIES

Detail your related capabilities and your plan to meet the needs and requirements as specified in 2.1 (Order Placement), Section 2 (Ordering), Q2.1 Parts A, B and C; and Section 1 (Ordering), Part D; under Annex B (Statement of Work).

For The Bank, Part A:

For IDB, Part B: Offeror's Response For OAS, Part C:

For PAHO, Part D:

Detail your related capabilities and your plan to meet the needs and requirements as specified in 2.2 (Ordering Capabilities), Section 2 (Ordering), Q2.2 Parts A, B and C; and Section 1 (Ordering), Part D; under Annex B (Statement of Work).

For PAHO, Part D:

Detail your related capabilities and your plan to meet the needs and requirements as specified in 2.3 (Catalogs), Section 2 (Ordering), Parts A, B and C; and Section 1 (Ordering), Part D; under Annex B (Statement of Work). Describe the Web Catalog and Page maintenance processes that will be Q2.3 used for the The Bank and Partner Institutions. How are selected items or categories blocked from ordering? Do the items continue to appear on the website, yet cannot be selected or are they removed from the website and all product searches.

For PAHO, Part D: Q2.4 Detail your related capabilities and your plan to meet the needs and requirements as specified in Section 3 (Inventory), Parts A, B and C; and

Section 2 (Inventory), Part D; under Annex B (Statement of Work).

For PAHO, Part D:

Section 5 (Distribution and Delivery), Parts A, B and C; and Section 3 (Distribution and Delivery), Part D; under Annex B (Statement of Work): Q2.5 Describe your distribution center(s) that you plan to use for this contract i.e. current capacity (location, hours of operations, size of warehouse, size of staff, equipment mix, level of automation and etc.) and any plans for expansion.

For PAHO, Part D:

Section 5 (Distribution and Delivery), Parts A, B and C; and Section 3 (Distribution and Delivery), Part D; under Annex B (Statement of Work): Q2.6 Describe the delivery methods and procedures including but not limited to staffing levels at The Bank and Partner Institutions headquarters and any proposed sales support.

For PAHO, Part D:

Section 5 (Distribution and Delivery), Parts A, B and C; and Section 3 (Distribution and Delivery), Part D; under Annex B (Statement of Work): Describe the information technology staff resources used to maintain the Q2.7 website(s) and the procedures in place for ensuring availability and functionality of the web site and billing processes. Elaborate on proposed process for adding new staff and removing old staff from the list of staff eligible to order from the web site. Offeror's For The Bank, Part A: Response For IDB, Part B:

For OAS, Part C:

For PAHO, Part D:

Section 5 (Distribution and Delivery), Parts A, B and C; and Section 3 (Distribution and Delivery), Part D; under Annex B (Statement of Work): Q2.8 Describe the order tracking and data management process in place. Describe the search capabilities and help functions of the web site that will be created for the Bank.

For PAHO, Part D:

Section 5 (Distribution and Delivery), Parts A, B and C; and Section 3 (Distribution and Delivery), Part D; under Annex B (Statement of Work): Describe the relationships established and the supply chains in place to ensure the availability of products to the Bank and the Partner Institutions. What are the categories that are tracked? Describe if and how you identify “green” products, and products made or Q2.9 purchased from MWDBE firms. Are these products specifically identified on the web site? What is the fulfillment rate for each category? What is the size of the inventory for each category? What are the locations and capacities of your distribution points? Fully describe the nature and length of each relationship between your company and each distribution point (i.e. subcontractor, wholly owned, subsidiary).

For PAHO, Part D:

1. Section 5 (Distribution and Delivery), Parts A, B and C; and Section 3 (Distribution and Delivery), Part D; under Annex B (Statement of Work): Describe the Quality Control Systems and procedures in place at your Q2.11 organization. Include what measurements are made for each stage of the process, how measures used, and what steps taken to incorporate the results to improve quality in products and services. Attention should be paid to the process in place to ensure technical data quality.

For PAHO, Part D:

2. Section 5 (Distribution and Delivery), Parts A, B and C; and Section 3 (Distribution and Delivery), Part D; under Annex B (Statement of Work): Purchasing card management strategy. The Bank and Partner Institutions will respectively use a single PCard for all purchases. The Offeror will be required to maintain a list of accounting codes that users will be able to select for each order. The successful Offeror shall be required to pass the accounting information back to the Bank as part of the level 3 information. The accounting information may be up to a 7 digit code. Q2.12

The Offeror shall be responsible for the integrity of the data until it reaches the Bank’s and the Partner Institutions' PCard vendor(s). Describe how your company will implement the PCard processing and what quality assurance steps will be put in place to maintain the website information and ensure data integrity.

For PAHO, Part D:

3. Section 5 (Distribution and Delivery), Parts A, B and C; and Section 3 (Distribution and Delivery), Part D; under Annex B (Statement of Work): It is anticipated that up to 1000 Bank staff and a number of staff members with the Partner Institutions will require training on order placement. Describe the Q2.13 proposed training plan. The plan should include timelines and staffing estimates. Required Bank and Partner Institutions resources should be included. Provide samples of training materials used on past engagements. Detail how your product is intuitive and approaches a minimal training standard. Offeror's For The Bank, Part A:

For IDB, Part B:

Response For OAS, Part C:

For PAHO, Part D:

Detail your related capabilities and your plan to meet the needs and Q2.14 requirements as specified in Section 6 (Billing), Parts A, B and C; and Section 4 (Billing), Part D; under Annex B (Statement of Work).

For PAHO, Part D:

Section 7 (Management Reporting Requirements), Parts A, B and C; and Q2.15 Section 5 (Management Reporting Requirements), Part D; under Annex B (Statement of Work): Describe your Quality Assurance Program.

For PAHO, Part D:

Section 7 (Management Reporting Requirements), Parts A, B and C; and Section 5 (Management Reporting Requirements), Part D; under Annex B Q2.16 (Statement of Work): Describe your plan to meet the reporting requirements and provide sample reports as required.

For PAHO, Part D:

Detail your related capabilities and your plan to meet the needs and Q2.17 requirements as specified in Section 9 (Disaster Recovery), Parts A, B and C; under Annex B (Statement of Work). Offeror's For The Bank, Part A:

For IDB, Part B:

Response For OAS, Part C:

For PAHO, Part D:

Section 10 (Customer Service), Parts A, B and C; under Annex B Q2.18 (Statement of Work). Describe your customer service team setup, i.e. roles and responsibilities.

For PAHO, Part D:

Section 10 (Customer Service), Parts A, B and C; under Annex B (Statement of Work). What is your complaint management process? How do Q2.19 you ensure that complaints are resolved effectively and promptly? How are complaints aggregated and analyzed for use in improvement of your organization and the customer relationship?

For PAHO, Part D:

Section 10 (Customer Service), Parts A, B and C; under Annex B (Statement of Work). How does your organization determine customer satisfaction? How do you follow up with customers on products, services and transaction quality to receive prompt actionable items? Q2.20 What benchmarks do you use to determine customer satisfaction relative to your competitors? How do you determine courses of action for improving customer satisfaction?

For PAHO, Part D:

Section 10 (Customer Service), Parts A, B and C; under Annex B (Statement of Work). What is your product return policy? How are returns Q2.21 made? How long after receipt will you accept a return? Are there any fees associated with returning items? How are credits for returns processed?

For PAHO, Part D:

Value Engineering Market Competitiveness Strategy. The Bank seeks to obtain the best value for the institution, without sacrificing quality products and Q2.22 services. What process do you propose to decrease overall cost to the Bank while maintaining the high quality products and services required by the Bank?

For PAHO, Part D:

Value Engineering Market Competitiveness Strategy. It is critical to the success of the relationship between the Offeror and the Bank that the pricing offered through the resulting contract remain competitive throughout the life of the contract. a. Pricing Performance measurement: How does your organization measure Q2.23 price performance by market segments to ensure competitive pricing for the products offered? b. How do you propose to provide the Bank with the most competitive pricing available throughout the term of the contract? How often do you re-examine the pricing you obtained from your supply base, and why? c. What methods do you propose for pricing new products?

For PAHO, Part D: Q2.24 Corporate Social Responsibility. Detail your related capabilities and your plan to pick up and recycle used printer cartridges and other recyclable items as

specifed in Section 4 (Corporate Social Responsibility), Parts A, B and C; under Annex B (Statement of Work).

For PAHO, Part D:

Corporate Social Responsibility - Diversity. Do you have a formal minority, women, and disabled owned business enterprises (MWDBE) Supplier Diversity Program? Q2.25 If Yes, provide details of your program, percentage of total spend, and the names and address of MWDBE firms whose goods or services will have a direct impact on the the Bank and Partner Institutions contracts. Offeror's Response Corporate Social Responsibility - Diversity. Do you have a formal program that promotes diversity in your workforce? If Yes, provide details of your program, management, professional and support/clerical category targets and Q2.26 current results. Provide details as to how you propose to promote diversity among your staff assigned to the Bank’s and Partner Institutions’ premises. Offeror's Response Corporate Social Responsibility - Greening Program (Environmental Q2.27 Initiatives). Do you have a corporate environmental program? If Yes, provide details of your program, and contact information. Offeror's Response Corporate Social Responsibility - Greening Program (Environmental Q2.28 Initiatives). How do you train and educate your employees to raise their awareness with respect to environmental issues? Offeror's Response Corporate Social Responsibility - Greening Program (Environmental Initiatives). How do you measure your effectiveness in your environmental Q2.29 program? Do you have a formal reporting system? If Yes, please describe in detail. Offeror's Response

Corporate Social Responsibility - Greening Program (Environmental Initiatives). Describe the approach and methodology you would propose to Q2.31 raise the awareness of the Bank staff to environmental programs described in Annex B (Statement of Work). Offeror's Response Transition Plan. The selected Offeror will be required to provide an orderly transition from the existing operation to the newly awarded Offeror operation. The transition must ensure continuity of service during the transition period, thus making the process transparent to internal Bank clients. Offerors must Q2.32 provide a detailed plan of how such a transition will be accomplished, including major tasks, task dependencies, significant milestones, names of transition team members and their responsibilities. It should include an easy-to-read project timeline.

For PAHO, Part D:

Transition Plan. Indicate what information and assistance, if any, you would require from the Bank to implement a successful transition. Offerors should be Q2.33 as specific as possible with deadlines based on a transition period between July 2012 and August 31, 2012.

For PAHO, Part D:

Transition Plan. Describe the assistance Offeror would provide in the event of Q2.34 expiration or termination, for any reason, of the Contract to ensure a smooth transition in the services between the Contractor and its successors.

For PAHO, Part D:

3 SYSTEM CAPABILITIES

Detail your related capabilities and how you plan to meet the needs and Q3.1 requirements as specified in Section 8. Systems Requirements, Parts A, B and C; under Annex B (Statement of Work).

For PAHO, Part D:

Describe the development and maintenance process for the Bank’s and Partner Q3.2 Institutions’ custom web page.

For PAHO, Part D:

Describe how you have met or plan to meet the Bank’s and Partner Institutions’ requirement in Section 8.1 (General), SECTION 8 (SYSTEMS Q3.3 REQUIREMENTS), Parts A, B and C; under Annex B (Statement of Work).

For PAHO, Part D:

Describe how you have met or plan to meet the Bank’s and Partner Institutions’ requirement in Section 8.2 (Billing), SECTION 8 (SYSTEMS Q3.4 REQUIREMENTS), Parts A, B and C; under Annex B (Statement of Work). Offeror's For The Bank, Part A: Response For IDB, Part B:

For OAS, Part C:

For PAHO, Part D:

Describe how you have met or plan to meet the Bank’s and Partner Institutions’ requirement in Section 8.3 (Catalogs), SECTION 8 (SYSTEMS Q3.5 REQUIREMENTS), Parts A, B and C; under Annex B (Statement of Work).

For PAHO, Part D:

Describe how you have met or plan to meet the Bank’s and Partner Institutions’ Q3.6 requirement in Section 8.4 (System Operations), Section 8 (Systems Requirements), Parts A, B and C; under Annex B (Statement of Work).

For PAHO, Part D:

Describe how you have met or plan to meet the Bank’s and Partner Institutions’ requirement in Section 8.5 (Web site development), SECTION 8 (SYSTEMS Q3.7 REQUIREMENTS), Parts A, B and C; under Annex B (Statement of Work).

For PAHO, Part D:

Describe how you have met or plan to meet the Bank’s and Partner Institutions’ requirement in Section 8.6 (Registration of New users), SECTION 8 Q3.8 (SYSTEMS REQUIREMENTS), Parts A, B and C; under Annex B (Statement of Work). Offeror's For The Bank, Part A: Response For IDB, Part B:

For OAS, Part C:

For PAHO, Part D:

Describe how you have met or plan to meet the Bank’s and Partner Institutions’ Q3.9 requirement in Section 8.8 (Technical Data), SECTION 8 (SYSTEMS REQUIREMENTS), Parts A, B and C; under Annex B (Statement of Work).

For PAHO, Part D:

Describe how you have met or plan to meet the Bank’s and Partner Institutions’ Q3.10 requirement in Section 8.7 (Web site security), SECTION 8 (SYSTEMS REQUIREMENTS), Parts A, B and C; under Annex B (Statement of Work).

For PAHO, Part D:

Q3.11 INFORMATION SECURITY REQUIREMENTS

Information Security Requirements. Offeror must have documented Q3.12 information security policies and procedures. Provide policy and sample of procedures which may include one or all of the procedural areas below.

Information Security Requirements. Offeror's service delivery infrastructure Q3.13 must have been assessed under SAS 70 (Type 1 or 2) or otherwise independently audited. Provide document or independent audit report.

Information Security Requirements. Offeror must conduct security background checks including but not limited to personal reference checks, Q3.14 employment record verification, and criminal background checks for its employees. Provide procedures

Information Security Requirements. Offeror must have documented business Q3.15 continuity plans (BCP). Provide policy and recent BCP.

Information Security Requirements. Offeror must return all Bank information Q3.16 in its possession and irretrievably delete same from its systems upon termination of the contract. Provide relevant policy and procedures

Information Security Requirements. Offeror must have documented change, Q3.17 configuration, user access, and patch management procedures. Provide procedures.

Information Security Requirements. Offeror must use malicious code and/or Q3.18 virus protection systems. Provide procedures.

Information Security Requirements. Offeror must have systems to monitor Q3.19 the availability, usage and response time for applications. Provide procedures.

Information Security Requirements. Offeror must be able to provide Q3.20 dedicated servers for hosting The Bank and Partner Institutions applications and data.

Information Security Requirements. Offeror must employ filtering Q3.21 technologies to isolate each customer's network connectivity from others. Provide procedures.

Information Security Requirements. Offeror must employ physical access Q3.22 controls for data center(s) used to house service delivery infrastructure. Provide procedures.

Information Security Requirements. Offeror must use environmental Q3.23 protection controls and infrastructure to adequately protect systems holding The Bank and Partner Institutions data. Provide procedures.

Information Security Requirements. Offeror must give the Bank permission to perform vulnerability scanning at the application and infrastructure layers Q3.24 using automated tools. Provide written permission signed by an authorized officer.

Information Security Requirements. Offeror must collect, maintain, and Q3.25 make available to the Bank relevant security and access logs including server and security device logs (firewall/WAF). Provide procedures and a sample log Offeror's Response Information Security Requirements. All third parties that provide service Q3.26 delivery in connection with this engagement must have been adequately vetted by the Offeror. Provide independent audit report or other documentation. Offeror's Response Information Security Requirements. Offeror’s QA environment must be Q3.27 successfully tested before selection. Offeror's Response Q3.28 Information Security Requirements. Offeror shall not undertake any action

which could compromise the confidentiality, integrity, or availability of the Bank and Partner Institutions information or information systems. Provide how compliance will be met. Offeror's Response Information Security Requirements. Offeror shall be responsible for logical security of the infrastructure (i.e. user accounts and passwords to servers, Q3.29 database) and will share that information only with designated Bank representatives. Offeror's Response Information Security Requirements. Offeror’s security team must immediately notify the the Bank and Partner Institutions in the event of any Q3.30 incident that could potentially compromise the confidentiality, integrity, or availability of the Bank and Partner Institutions information or information systems. Provide how compliance will be met. Offeror's Response Information Security Requirements. Offeror must abide by the Bank’s and Partner Institutions’ vendor security provisions, procedures, and standards on award of contract. A Confidentiality Agreement must be part of the contract between the Offeror Q3.31 and the Bank and Partner Institutions. On notification from the Bank and Partner Institutions, the Offeror must be able to immediately disable all or part of the functionality of the application shall a security issue be identified. Offeror's Response Information Security Requirements. Upon termination of the contract between the Bank and Partner Institutions and the Offeror, the Offeror must: Return all Bank and Partner Institutions information in the possession of the Offeror to the Sponsoring Business Unit; and Q3.32 Remove all Bank and Partner Institutions information from the Offeror’s systems. No individuals other than those authorized by Bank and Partner Institutions shall be provided with access to Bank systems and information. Offeror's Response Q3.33 Information Security Requirements. Offeror System Administrators must maintain complete, accurate, and up-to-date information regarding the configuration of Bank hosted systems. This information must be made available

to designated Bank System Administrators. Offeror must have a patch management process that includes testing the patch before installation on the Bank’s and Partner Institutions’ system. Patch notifications must be communicated to the Bank. Provide how compliance will be met. Offeror's Response Information Security Requirements. Host and Network Intrusion detection Q3.34 must be employed by Offerors where Bank and Partner Institutions and systems are located. Describe your host and network, intrusion detection policy. Offeror's Response Information Security Requirements. All changes to system configurations, services enabled, and permitted connectivity must be logged and the logs must be retained for a Bank Group Prescribed Period. All activity which might be an indication of unauthorized usage or an attempt to compromise security measures must be logged for systems that process or store Q3.35 sensitive information. Log files must be protected to ensure confidentiality and integrity. The Bank Group reserves the right to periodically audit the Offeror to ensure compliance with the Bank’s and Partner Institutions’ security policy and standards. Offeror's Response Information Security Requirements. The Offeror must have a Business Continuity Plan for Bank's and Partner Institutions' information. The plan shall include at minimum a strategy for infrastructure and information Q3.36 continuity and periodic continuity testing. The Offeror must submit the activity logs of their continuity tests for Bank's and Partner Institutions' review. Provide a draft plan. Offeror's Response Information Security Requirements. The Offeror must actively participate in Q3.37 Bank's and the Partner Institutions' Business Continuity tests. Upon thirty (30) days of Contract award, Offeror must submit a final BCP for approval. Offeror's Response Q3.38 Information Security Requirements. The Offeror must disclose who among its personnel will have access to the environment hosting the application.

The Offeror must completely remove all sensitive Bank information prior to the disposal of equipment storing such information. Offeror's Response Information Security Requirements. Offeror must describe the maintenance provisions of the service that address typical system/software updates and Q3.39 security patches and how these provisions follow documented change management procedures. Offeror's Response Information Security Requirements. What is the timeline to apply critical Q3.40 security patches after they are released? Offeror's Response Information Security Requirements. Offeror must explain the antivirus Q3.41 mechanisms deployed to safe guard file uploads against virus and malware. Explain mechanisms to validate the uploaded file types. Offeror's Response 4 KEY PERSONNEL

Describe the responsibilities and qualifications of each key staff (account Q4.1 manager, warehouse operations manager, focal customer service representative, and delivery person) who would be assigned to this contract. Attach resumes.

For PAHO, Part D:

Key Staff – Offeror agrees that if chosen for contract award, Offeror shall make the proposed key staff members available during the contract term. If such staff are Q4.2 no longer with the company or are temporarily not available, Offeror shall propose candidates for the WB’s review and approval. Offeror's Response

CONFIDENTIAL Page 17 of 17