RFP 26-011-67 Addendum No. 2
| Agency: | Shelby County |
|---|---|
| State: | Tennessee |
| Type of Government: | State & Local |
| Posted Date: | Dec 24, 2025 |
| Due Date: | Jan 20, 2026 |
| Original Source: | Please Login to View Page |
| Contact information: | Please Login to View Page |
| Bid Documents: | Please Login to View Page |
Bid Title:
RFP 26-011-67 Addendum No. 2
Category:
Human Resources
Status:
Open
Publish Date:
Wednesday, December 24, 2025 - 10:45am
Close Date:
01/20/2026 - 4:00pm
Addendum Date:
Wednesday, December 24, 2025
Contact Person:
Christina Lemartin
Please submit following details in order to view the document
Name/Business Name
*
Email Address
*
Phone Number
*
Bid Title
Redirect URL
Related Documents:
Attachment Preview
Shelby County
Tennessee
Lee Harris, Mayor
Addendum No. 2
Issued: December 23, 2025
Deferred Compensation Plan Administration
(Human Resource)
TO ALL PROSPECTIVE BIDDERS:
The above described REQUEST FOR PROPOSALS has been modified to reflect the following
changes.
1. The deadline for submitting questions is extended to Tuesday, January 6, 2026, by
12:00p.m. (CST).
2. Exhibit G is incorporated.
All other requirements of the Request For Proposals remain unchanged.
If you have any questions, please contact me via email at christina.lemartin@shelbycountytn.gov.
.
Sincerely,
Original Signature on File
Christina Le Martin, Buyer
Purchasing Department
Shelby County Government
Exhibit G
Acceptable Use Policy
Access Request Submission Procedure
Breach Notification Policy
CJIS Security Policy
Information Security Policy
Network Security
SCG Change Management SOP
Shelby County Confidential Data Vendor
Agreement
VPN Request Form
Information Technology Services’ Policies and Procedures
Shelby County Government
5. Acceptable Use Policy v1.5
1. Purpose:
Shelby County Government (SCG) has adopted the following Acceptable Use Policy (AUP) to
protect SCG and its employees from liability and business interruptions due to inappropriate use of
Information Technology Services (ITS) resources and breaches of computer security.
2. Scope:
This policy applies to all SCG employees, vendors, contractors, business partners, consultants,
interns, temps, and other workers (herein termed “users”) using SCG provided ITS resources,
network, hardware and/or software, in their assigned job responsibilities.
This policy applies to the use of all devices utilized to access SCG ITS resources. This includes but
is not limited to the usage of network, devices, software, authentication credentials, and other SCG
ITS resources. This applies to all usage whether on or off network.
This policy applies to the access and use of SCG ITS managed data and sensitive data. The term
“sensitive data” within this policy is defined as SCG confidential data, Payment Card Industry
cardholder data, Protected Health Information, or other compliance-related data.
3. Policy:
It is the policy of SCG ITS to define the acceptable and unacceptable uses of SCG ITS resources
to facilitate SCG business functions. Acceptable use of SCG ITS resources will result in continued
accessibility and reliability of the resources. Unacceptable use of SCG ITS resources will result in
reduced accessibility to resources, increased overhead, and increased liability risks to SCG. All
users are expected to take an active role in ensuring that this policy is followed and that SCG ITS
resources are used in the acceptable manner.
1. Acceptable Use and Responsibilities:
a. Users are permitted access to SCG computer resources for the purpose of conducting
SCG business processes upon approval by the appropriate SCG designated approving
authorities.
(i) Access is activated upon receipt and approval of a properly completed and approved
access request form.
(ii) Access is be limited to the timeframe requested and will be disabled at the requested
time or upon notification of termination of the user’s relationship (employment,
contractual or otherwise) with SCG.
(iii) User access privileges are granted on a need-to-know (least privilege) basis [PCI DSS
7.1.1 / 10.4.2.a].
(iv) Users are responsible for all access and communications originating from equipment
and accounts assigned to them.
b.Users shall take an active role in securing their access credentials, the data to which they are
granted access, and the hardware utilized to access said data.
(i) Users are responsible for the security of their assigned passwords and accounts. The
sharing of assigned user identification or password information with anyone is strictly
prohibited [PCI DSS 8.5.8.b].
Policies and Procedures -
Date Revised 08-01-16
Page 111 of 188
Information Technology Services’ Policies and Procedures
Shelby County Government
(ii) Users assigned portable devices shall exercise special care to assure they are not
misused, lost or stolen.
(iii) Users shall secure all assigned PCs, laptops and workstations by activating the
password-protected screensaver or logging-off of the host when leaving it unattended
(iv) Users shall ensure that any device utilized by them to access SCG ITS resources,
whether owned by the user or SCG, is continually executing approved virus-scanning
software with current virus signatures.
(v) Users shall not open any unexpected email attachments received from any sender
without first validating the authenticity of the message with the sender. Unauthenticated
suspect emails should be reported to the SCG ITS Service Desk.
(vi) Users shall immediately report any suspected security breach or loss of data to the SCG
ITS Service Desk and, where ever possible, take appropriate action to mitigate and
contain the effect of such breaches.
c. Users shall take an active role in maintaining the security of sensitive data.
(i) Users are responsible for utilizing appropriate measures to prevent unauthorized access
to sensitive data.
(ii) Users of SCG ITS systems are prohibited from unauthorized copying, moving, or storing
of sensitive data, to or on local hard drives, removable electronic media, or Internet and
cloud based storage.
(iii) Users of SCG ITS systems are prohibited from unauthorized copying, moving, or storing
of sensitive data via remote access technologies.
(iv) Users shall not request or send credit card data or PAN via fax, phone, written format,
verbally, or using other electronic messaging technologies [PCI DSS 4.2.b].
(v) Users shall not send sensitive data including unencrypted Protected Health Information
via email. Users that receive any email containing sensitive data must report the email
to the SCG ITS Service Desk.
(i) Users shall not leave voicemail messages containing SCG sensitive data on any phone
system utilized to conduct Shelby County business including County office extensions,
County-provided cell phones, personal land lines, and personal cell phones.
(ii) Users shall delete and not duplicate any messages containing sensitive data from any
phone system utilized to conduct Shelby County business including County office
extensions, County-provided cell phones, personal land lines, and personal cell
phones.
(iii) Users shall report the receipt of voicemails containing sensitive information to the SCG
ITS Service Desk.
(iv) Users shall only leave voicemail messages containing sensitive data on the phone
systems of Shelby County Government business partners, business associates, or
contractors who; 1) have current contracts or business associate agreements in place
with SCG, 2) where there is a need to know directly related to the data, and 3) where
Policies and Procedures -
Date Revised 08-01-16
Page 112 of 188
Information Technology Services’ Policies and Procedures
Shelby County Government
the partner, associate, or contractor permits the disclosure of sensitive data via
voicemail. Card Holder Data is never appropriate to leave or receive in a voicemail.
(v) Users shall not post or make available to newsgroups, social media, or other public
forums any SCG sensitive data.
(vi) Users shall only post to newsgroups, social media, or other public forums as required to
fulfill SCG assigned duties. Utilization of SCG email addresses to facilitate such
postings must have prior SCG administrative approval.
d.SCG shall ensure compliance with this policy.
(i) SCG shall secure and maintain the privacy of all data stored or transmitted by SCG ITS
systems to comply with applicable legal requirements and SCG policy. All data not
protected by these requirements may be discoverable through public records request or
other applicable methods.
(ii) SCG will gather and report on information regarding the usage of SCG ITS resources for
SCG business or management purposes. Usage reports include, but are not limited to,
resources utilization, Internet accesses, and security-related activities.
(iii) SCG shall utilize various data capture, analysis techniques, and tools to facilitate
maintenance, audit, and installation functions on behalf of its customers. Such tools
and techniques shall be used in accordance with the established iSLA agreement.
e.Personal use of SCG ITS resources is restricted in accordance with SCG policy.
(i) Users shall minimize personal use of SCG ITS resources.
(ii) Users are responsible for exercising good judgment regarding the reasonableness of
minimal personal use. If users are uncertain about the reasonableness of a given use,
they must consult with their supervisor or manager.
(iii) Personal use must not interfere with employee’s fulfillment of their job responsibilities,
interfere with other users' access of resources, be excessive (as determined by
management), result in significant added costs to SCG, disrupt SCG business
processes, or cause any other disadvantage to SCG.
(iv) Reasonable personal use does not state or imply SCG endorsement and must not
interfere with an employee’s job performance or activities which directly support the
County’s mission.
(v) Users shall have no expectation of privacy for any usage of SCG ITS resources not
specifically related to the performance of SCG business functions.
(vi) Any communications or data transiting, stored on or traveling to or from the Entity’s
information system may be monitored, disclosed or used for any lawful government
purpose.
2. Unacceptable Uses:
a. Users shall not knowingly or through carelessness breach or attempt to breach SCG ITS
security measures or adversely impact the normal functioning of SCG ITS resources.
Policies and Procedures -
Date Revised 08-01-16
Page 113 of 188
This page summarizes the opportunity, including an overview and a preview of the attached documents.
* Disclaimer: This website provides information about bids, requests for proposals (RFPs), or requests for qualifications (RFQs) for convenience only and does not serve as an official public notice. Individuals who wish to respond to or inquire about bids, RFPs, or RFQs should contact the relevant government department directly.
Sign-up for a Free Trial, Government Bid Alerts
With Free Trial, you can:
You will have a full access to bids, website, and receive daily bid report via email and web.
See Also
City of Collegedale - Compensation and Classification Study & Analysis Click HERE for
Collegedale city
Bid Due: 7/01/2026
Document ID & Hyperlink: RFP 34349-27225 Event Start - Response Due: 04/27/2026 06/12/2026
State Government of Tennessee
Bid Due: 6/12/2026