Employee Safety Footwear Program

Agency:	State Government of Tennessee
State:	Tennessee
Type of Government:	State & Local
NAICS Category:	541611 - Administrative Management and General Management Consulting Services 541612 - Human Resources Consulting Services 541690 - Other Scientific and Technical Consulting Services
Posted Date:	Feb 18, 2026
Due Date:	Feb 26, 2026
Solicitation No:	RFI 40100-51641
Original Source:	Please Login to View Page
Contact information:	Please Login to View Page
Bid Documents:	Please Login to View Page

Attachment Preview

STATE OF TENNESSEE

TENNESSEE DEPARTMENT OF TRANSPORTATION

REQUEST FOR INFORMATION

FOR

EMPLOYEE SAFETY FOOTWEAR PROGRAM

RFI # 40100-51641

February 17, 2026

1. STATEMENT OF PURPOSE:

The State of Tennessee, Department of Transportation issues this Request for Information (“RFI”)

for the purpose of assessing the ability of Respondents to meet the State security requirements of

a future solicitation for an Employee Safety Footwear Program. We appreciate your input and

participation in this process.

2. BACKGROUND:

The Department of Transportation is seeking a vendor to manage the employee

safety shoe program for approximately 2,500 field staff. Eligible employees will be

given an allotment annually for footwear, and the Contractor will perform all logistical

and administrative work to provide the employees with approved safety footwear. The

Contractor must be able to provide services on site and online including collecting

size/style information, coordinating order placement, receiving, and distributing the

footwear, troubleshooting of any issues with ordering, shipping, receiving, and

payment of the footwear.

TDOT issues this RFI to gather information from safety footwear vendors to

understand the Respondent’s ability or describing Respondent’s inability to comply

with the requirements set forth in Attachment A.

3. COMMUNICATIONS:

3.1. Please submit your response to this RFI to:

Kenneth Weaver, Procurement and Contracts Division

Tennessee Department of Transportation

Tennessee Tower, 11th floor

312 Rosa L Parks Ave, Nashville, TN 37243

TDOT.RFP@tn.gov

3.2. Please feel free to contact the Tennessee Department of Transportation with any questions

regarding this RFI. The main point of contact will be:

Kenneth Weaver, Procurement and Contracts Division

Tennessee Department of Transportation

Tennessee Tower, 11th floor

312 Rosa L Parks Ave, Nashville, TN 37243

TDOT.RFP@tn.gov

3.3. Please reference RFI # 40100-51726 with all communications to this RFI.

4. RFI SCHEDULE OF EVENTS:

EVENT

1. RFI Issued

2. RFI Response Deadline

TIME

DATE

(Central Time (all dates are State

Zone)

business days)

February 17, 2026

February 26, 2026

5. GENERAL INFORMATION:

5.1. Responding to this RFI is a prerequisite for responding to any future solicitations

related to this project. Responses to this RFI will not create any contract rights and

responses to this RFI will become property of the State.

5.1.1.1. All Respondents will be required to provide a signed written response from their legal

counsel, or Chief Executive Officer, either confirming Respondent’s ability or describing

Respondent’s inability to comply with the requirements set forth in Attachment A.

5.1.1.2. The specific Recovery Time Objective (RTO) and Recovery Point Objective (RPO)

periods referenced in the Information Technology Security Requirements clause of

Attachment A will be negotiated and determined between the vendor and the State for

the particular contract based on the priority of the service.

5.2. The information gathered during this RFI is part of an ongoing procurement. In order to

prevent an unfair advantage among potential respondents, the RFI responses will not be

available until after the completion of evaluation of any responses, proposals, or bids

resulting from a Request for Qualifications, Request for Proposals, Invitation to Bid or other

procurement method. In the event that the state chooses not to go further in the

procurement process and responses are never evaluated, the responses to the

procurement including the responses to the RFI, will be considered confidential by the

State.

5.3. The State will not pay for any costs associated with responding to this RFI.

6. INFORMATIONAL FORMS:

The State is requesting the following information from all interested parties. Attachment A are

being provided as information only for the Respondent to provide an informed response. Please

fill out the following forms:

RFI #40100-51726

TECHNICAL INFORMATIONAL FORM

1. RESPONDENT LEGAL ENTITY NAME:

2. RESPONDENT CONTACT PERSON:

Name, Title:

Address:

Phone Number:

Email:

3. Provide a signed written response from either the legal counsel, Chief Executive Officer, or their

authorized designee legally empowered to bind the respondent to the provisions of the solicitation

and resulting contract (if awarded), either confirming the Respondent’s ability or describing the

Respondent’s inability to comply with the requirements outlined in Attachment A.

4. If Contactor cannot meet the following requirement specified in Attachment A, “The Contractor

shall ensure that all State Data is housed in the continental United States, inclusive of backup

data. All State data must remain in the United States, regardless of whether the data is

processed, stored, in-transit, or at rest. Access to State data shall be limited to US-based

(onshore) resources only,” provide the name of the host country(ies) where any data may be

processed or stored, in-transit, or at rest.

Attachment A

Notable Terms and Conditions Requirements:

(This Attachment does not represent all State of Tennessee contractual Terms and Conditions,

but reflects those the State requires acknowledgement of the Respondent’s ability, or inability, to

comply with to determine inclusion in a future procurement for the services referenced in this

RFI).

E.1. Personally Identifiable Information. While performing its obligations under this Contract,

Contractor may have access to Personally Identifiable Information held by the State (“PII”). For

the purposes of this Contract, “PII” includes “Nonpublic Personal Information” as that term is

defined in Title V of the Gramm-Leach-Bliley Act of 1999 or any successor federal statute, and

the rules and regulations thereunder, all as may be amended or supplemented from time to time

(“GLBA”) and personally identifiable information and other data protected under any other

applicable laws, rule or regulation of any jurisdiction relating to disclosure or use of personal

information (“Privacy Laws”). Contractor agrees it shall not do or omit to do anything which would

cause the State to be in breach of any Privacy Laws. Contractor shall, and shall cause its

employees, agents and representatives to: (i) keep PII confidential and may use and disclose PII

only as necessary to carry out those specific aspects of the purpose for which the PII was

disclosed to Contractor and in accordance with this Contract, GLBA and Privacy Laws; and (ii)

implement and maintain appropriate technical and organizational measures regarding information

security to: (A) ensure the security and confidentiality of PII; (B) protect against any threats or

hazards to the security or integrity of PII; and (C) prevent unauthorized access to or use of PII.

Contractor shall immediately notify State: (1) of any disclosure or use of any PII by Contractor or

any of its employees, agents and representatives in breach of this Contract; and (2) of any

disclosure of any PII to Contractor or its employees, agents and representatives where the

purpose of such disclosure is not known to Contractor or its employees, agents and

representatives. The State reserves the right to review Contractor's policies and procedures

used to maintain the security and confidentiality of PII and Contractor shall, and cause its

employees, agents and representatives to, comply with all reasonable requests or directions from

the State to enable the State to verify or ensure that Contractor is in full compliance with its

obligations under this Contract in relation to PII. Upon termination or expiration of the Contract or

at the State’s direction at any time in its sole discretion, whichever is earlier, Contractor shall

immediately return to the State any and all PII which it has received under this Contract and shall

destroy all records of such PII.

The Contractor shall report to the State any instances of unauthorized access to or potential

disclosure of PII in the custody or control of Contractor (“Unauthorized Disclosure”) that come to

the Contractor’s attention. Any such report shall be made by the Contractor within twenty-four

(24) hours after the Unauthorized Disclosure has come to the attention of the Contractor.

Contractor shall take all necessary measures to halt any further Unauthorized Disclosures. The

Contractor, at the sole discretion of the State, shall provide no cost credit monitoring services for

individuals whose PII was affected by the Unauthorized Disclosure. The Contractor shall bear the

cost of notification to all individuals affected by the Unauthorized Disclosure, including individual

letters and public notice. The remedies set forth in this Section are not exclusive and are in

addition to any claims or remedies available to this State under this Contract or otherwise

available at law. The obligations set forth in this Section shall survive the termination of this

Contract.

E.2. Information Technology Security Requirements (State Data, Audit, and Other Requirements).

a. The Contractor shall protect State Data as follows:

(1) The Contractor shall ensure that all State Data is housed in the continental United States,

inclusive of backup data. All State data must remain in the United States, regardless of

whether the data is processed, stored, in-transit, or at rest. Access to State data shall be

limited to US-based (onshore) resources only.

All system and application administration must be performed in the continental United States.

Configuration or development of software and code is permitted outside of the United States.

However, software applications designed, developed, manufactured, or supplied by persons

owned or controlled by, or subject to the jurisdiction or direction of, a foreign adversary, which

the U.S. Secretary of Commerce acting pursuant to 15 CFR 7 has defined to include the

People’s Republic of China, among others are prohibited. Any testing of code outside of the

United States must use fake data. A copy of production data may not be transmitted or used

outside the United States.

(2) The Contractor shall encrypt Confidential State Data at rest and in transit using the current

version of Federal Information Processing Standard (“FIPS”) 140-2 or 140-3 (or current

applicable version) validated encryption technologies. The State shall control all access to

encryption keys. The Contractor shall provide installation and maintenance support at no

cost to the State.

(3) The Contractor and any Subcontractor used by the Contractor to host State data, including

data center vendors, shall be subject to an annual engagement by a licensed CPA firm in

accordance with the standards of the American Institute of Certified Public Accountants

(“AICPA”) for a System and Organization Controls for service organizations (“SOC”) 2 Type 2

examination. The scope of the SOC 2 Type 2 examination engagement must include the

Security, Availability, Confidentiality, and Processing Integrity Trust Services Criteria. In

addition, the Contractor services that are part of this Contract, including any processing or

storage services, must be included in the scope of the SOC 2 Type 2 examination

engagement(s).

(4) The Contractor must annually review its SOC 2 Type 2 examination reports. Within 30 days

of receipt of the examination report, or upon request from the State or the Comptroller of the

Treasury, the Contractor must provide the State or the Comptroller of the Treasury a non-

redacted copy of the Contractor’s SOC 2 Type 2 examination report(s). The Contractor must

review the annual SOC 2 Type 2 examination reports for each of its Subcontractors and must

also assist the State or Comptroller of the Treasury with obtaining a non-redacted copy of any

SOC examination reports for each of its Subcontractors, including data centers used by the

Contractor to host or process State data.

If the Contractor’s SOC 2 Type 2 examination report includes a modified opinion, meaning

that the opinion is qualified, adverse, or disclaimed, the Contractor must share the SOC

report and the Contractor’s plan to address the modified opinion with the State or the

Comptroller of the Treasury within 30 days of the Contractor’s receipt of the SOC report or

upon request from the State or the Comptroller of the Treasury. If any Subcontractor(s) SOC

2 Type 2 examination report includes a modified opinion, the Contractor must assist the State

or Comptroller of the Treasury with obtaining the Subcontractor(s) SOC report and the

Subcontractor(s) plan to address the modified opinion.

The Contractor must have a process for correcting control deficiencies that were identified in

the SOC 2 Type 2 examination, including follow-up documentation providing evidence of

such corrections. Within 30 days of receipt of the examination report, or upon request from

the State or the Comptroller of the Treasury, the Contractor must provide the State or the

Comptroller of the Treasury with a corrective action plan and evidence of correcting the

control deficiencies. The Contractor must require each of its Subcontractors, including data

centers used by the Contractor to host State data, to have a process for correcting control

deficiencies identified in their SOC examination reports and must assist the State or

This page summarizes the opportunity, including an overview and a preview of the attached documents.

Document ID & Hyperlink:	RFI 40100-51641
Event Start - Response Due:	02/17/2026 02/26/2026
Event Name:	Employee Safety Footwear Program
Last Updated:

Employee Safety Footwear Program

Attachment Preview

Sign-up for a Free Trial, Government Bid Alerts

See Also