Salesforce DevOps and Automated Testing Tool Solution- UPDATED

Agency:	State Government of Tennessee
State:	Tennessee
Type of Government:	State & Local
NAICS Category:	541511 - Custom Computer Programming Services 541512 - Computer Systems Design Services 541519 - Other Computer Related Services
Posted Date:	Apr 10, 2026
Due Date:	Apr 23, 2026
Solicitation No:	RFI 31701-03828
Original Source:	Please Login to View Page
Contact information:	Please Login to View Page
Bid Documents:	Please Login to View Page

Attachment Preview

STATE OF TENNESSEE

FINANCE & ADMINISTRATION, STRATEGIC TECHNOLOGY SOLUTIONS

REQUEST FOR INFORMATION

FOR

SALESFORCE DEVOPS AND AUTOMATED TESTING TOOL SOLUTION

RFI # 31701-03828

March 24, 2026

1. STATEMENT OF PURPOSE:

The State of Tennessee, Finance and Administration, Strategic Technology Solutions (STS)

issues this Request for Information (“RFI”) for the purpose of identifying a Salesforce DevOps and

automated testing tool solution partner. We appreciate your input and participation in this

process.

1.1. BACKGROUND: Salesforce is currently in use and is being adopted by a growing number

of agencies statewide. To safely and efficiently develop applications that support this

expanding set of use cases, the state requires a dedicated DevOps platform capable of

managing multiple, self-contained sandboxes for Development, QA, System Integration

Testing (SIT), and User Acceptance Testing (UAT) prior to production. To streamline

development cycles, improve deployment efficiency, and ensure consistent quality, the

DevOps platform must integrate directly with Salesforce. Given the complexity of Salesforce

customizations, automated testing is also essential to prevent regression and ensure the

reliability of changes.

2. PROPOSED SOLUTION(S): The State is seeking information on software solutions and

capabilities that currently exist from qualified vendors for a Salesforce DevOps and Automated

Testing Tool Solution. Table 3.1 below represents the State’s List of Business Requirements for

which the vendor should provide proposed solutions in their response. In accordance with Section

7. Informational Forms, Technical Information Form Question 4, please demonstrate in your

response how your solution meets our requirements, if there is a feature that doesn’t currently

meet the requirements, but is in development, or if your solution provides alternative functionality

that may yield a similar outcome.

Table 3.1: List of Business Requirements

NO. REQUIREMENT TITLE

REQUIREMENT DESCRIPTION

VENDOR PROPOSED SOLUTION

For each Requirement below, describe

how the proposed solution fully meets

the requirement, is currently in

development, offers alternative

31701-03828

Page | 1

1.0 FUNCTIONAL REQUIREMENTS

Continuous Integration Automated builds, code linting, and static

1.a. (CI)

analysis on every commit.

Continuous

Delivery/Deployment

Automated deployment pipelines supporting

1.b. (CD)

multi-stage environments (Dev, Test, Prod).

Ability to define pipelines using for version-

controllable, infrastructure-as-code

1.c. Pipeline Management configuration.

Tools to manage backlogs, epics, user stories,

1.d. Work Item Tracking

and tasks, such as Azure Boards.

End-to-end traceability from requirements to

1.e. Traceability

code changes, builds, and releases.

Real-time dashboards to track sprint progress

1.f. Reporting

and velocity.

Ability to handle large teams and high-

frequency deployment, with options for cloud-

1.g. Scalability

hosted or self-hosted agents.

Build and Release

Centralized repository to manage packages

1.h. Artifacts

(e.g., Maven, npm, NuGet).

2.0 TECHNICAL REQUIREMENTS

Source Code

2.a. Management

Infrastructure as Code

2.b. (IaC)

2.c. Containerization

2.d. Automated Testing

2.e. Manual Testing

2.f. Security Scanning

2.g. Observability

2.h. Telemetry

Integration with Git for distributed version

control, branching, and pull request workflows.

Support for tools like Terraform or Ansible to

manage infrastructure through code, ensuring

consistency.

Support for container technologies such as

Docker and Kubernetes for orchestration.

Integration of automated test frameworks

within the CI/CD pipeline.

Capabilities to manage and execute manual

test cases, such as Azure Test Plans.

Automated security analysis (DevSecOps)

within the pipeline.

Integrated monitoring to provide feedback on

application performance in production.

Tools to monitor deployment success rates

and application health.

2.i. Automated testing tool

Primary and secondary

2.j. hosting

Native automated testing tools.

Prefer (Primary) East coast and Secondary Mid-

west (low latency and high accessibility).

3.0 SUPPORT REQUIREMENTS

functionality, or does not meet the

requirement, and provide a brief

description supporting your response.

Availability of user training, documentation,

3.a. Training & Onboarding and onboarding support

Clear service uptime commitments, e.g.,

3.b. SLA & Availability

99.9% availability

24/7 support options, multi-channel (email,

3.c. Technical Support

phone, chat)

User Community &

Online support portal with FAQs, guides, and

3.d. Knowledge Base

user forums

WCAG 2.1 Level AA, ADA, Section 508

3.e. Accessibility Compliance compliance

4.0 SECURITY REQUIREMENTS

Identity and Access

4.a. Management

Role based access controls and integration

with Azure AD in conjunction with State Active

Directory services.

4.b. MFA

Separation of Prod and

4.c. Test Accounts

4.d. Compliance

Integration with State of TN SSO.

Use Test accounts for Non-Prod and Prod

accounts for Production.

Audit logs (Admin and tracking) for compliance

purposes.

4.e. Encryption

Audit Logs and

4.f. Monitoring

Compliance

4.g. Certifications

Data encrypted in motion and at rest.

Capability to log and monitor user activity for

compliance and troubleshooting.

Support for SOC 2, ISO 27001, HIPAA, NIST

800-53 and FedRAMP certifications

5.0 AI REQUIREMENTS

5.a. General

Does this solution contain an AI model?

5.b. Hosting

5.c. Data

Is application hosted in the US?

What type(s) of data does the AI solution ingest

or create?

5.d. AI Training

5.e. Opt Out Option

5.f. Model Training

5.g. Data Sensitivity

5.h. Data Retention Policies

5.i. Human in the Loop

5.j. Third Party Assessment

Does the AI model train from user data?

How does the State of TN opt out of training the

AI model?

Who develops and trains the AI model: the

enterprise internally or a third-party/vendor?

Does this AI solution leverage a dataset for

training or fine tuning that contains sensitive

information?

Are there different data retention policies for

the user interface versus the API?

Does the AI feedback process include human

re-enforcement (RLHF)?

Has a third-party AI assessment been

conducted? If yes, where are the results

available?

3. COMMUNICATIONS:

3.1. Please submit your response to this RFI to:

Shannon Keefe, Contract Specialist

Finance and Administration, Strategic Technology Solutions

901 Rep. John Lewis Way North, Nashville, TN 37243

(615) 350-4244

Shannon.Keefe@tn.gov

3.2. Please reference RFI #31701-03828 with all communications to this RFI.

3.3. Please limit all questions to one submission per vendor.

4. RFI SCHEDULE OF EVENTS:

EVENT

RFI Issued

TIME

(Central

Time

Zone)

DATE

(all dates are State business

days)

Tuesday, March 24, 2026

Written Questions & Comments Deadline 2:00 PM

Tuesday, March 31, 2026

State Response to Written Questions &

Comments

Wednesday, April 8, 2026

RFI Response Deadline

2:00 PM

Thursday, April 16, 2026

5. GENERAL INFORMATION:

5.1. Please note that responding to this RFI is not a prerequisite for responding to any future

solicitations related to this project and a response to this RFI will not create any contract

rights. Responses to this RFI will become property of the State.

5.2. The information gathered during this RFI is part of an ongoing procurement. In order to

prevent an unfair advantage among potential respondents, the RFI responses will not be

available until after the completion of evaluation of any responses, proposals, or bids

resulting from a Request for Qualifications, Request for Proposals, Invitation to Bid or other

procurement methods. In the event that the state chooses not to go further in the

procurement process and responses are never evaluated, the responses to the

procurement, including the responses to the RFI, will be considered confidential by the

State.

5.3. The State will not pay for any costs associated with responding to this RFI.

5.4. Any services or products proposed in this RFI, must be in compliance with the following

security policy: all State data must remain in the United States, regardless of whether the

data is processed, stored, in-transit, or at rest. Access to State data shall be limited to US-

based (onshore) resources only. Configuration or development of software and code is

permitted outside of the United States, however, software applications designed,

developed, manufactured, or supplied by persons owned or controlled by, or subject to the

jurisdiction or direction of, a foreign adversary, which the U.S. Secretary of Commerce

acting pursuant to 15 C.F.R. 7 has defined to include the People's Republic of China,

among others are prohibited. Any testing of code outside of the United States must use fake

data. A copy of production data may not be transmitted or used outside the United States.

5.5. The State may request demo presentations from selected RFI respondents.

5.6. Responses should be prepared, with emphasis on completeness and clarity, and should

NOT exceed fifteen (15) pages total in length. Responses, as well as any reference material

presented, must be written in English, and must be written on standard 8 ½” x 11” pages

and all text must be at least a 12-point font. All pages must be numbered.

6. INFORMATIONAL FORMS:

The State is requesting the following information from all interested parties. Please fill out the

following forms:

RFI #31701-03828

TECHNICAL INFORMATIONAL FORM

1. RESPONDENT LEGAL ENTITY NAME:

2. RESPONDENT CONTACT PERSON:

Name, Title:

Address:

Phone Number:

Email:

3. Provide a brief description of company background and experience providing similar scope of

solutions that have been implemented in other states or local governments.

4. For each requirement in Table 3.1: List of Business Requirements, indicate whether your

solution Meets, Is In Development, Provides Alternate Functionality, or Does Not Meet the

requirement and briefly describe how your solution supports the intended outcome.

5. Describe your solution’s security and privacy controls:

• Role-based access control (RBAC)

• Multi-factor authentication (MFA)

• Data encryption in transit and at rest

• Data storage and retention policies

• Compliance with State privacy and cybersecurity frameworks

• Supported industry-standard authentication and authorization protocols (e.g., OAuth 2.0,

SAML 2.0, etc.)

• FedRAMP compliant

• GovCloud complaint

Summarize any other adherence to privacy, security, and data governance standards,

including strategies and SLAs to mitigate system disruptions during implementation.

6. Provide an overall project timeline to implement a solution that meets the List of Business

Requirements in Table 3.1 of this RFI, including phases, milestones, and State resource

obligations in each step. Please include knowledge transfer, training and post-implementation

technical support into your timeline.

7. Outline your technical roadmap for enterprise-wide adoption of your solution.

This page summarizes the opportunity, including an overview and a preview of the attached documents.

Document ID & Hyperlink:	RFI 31701-03828 Amendment 1
Event Start - Response Due:	03/24/2026 04/23/2026
Event Name:	Salesforce DevOps and Automated Testing Tool Solution-UPDATED
Last Updated:	04/10/2026

Salesforce DevOps and Automated Testing Tool Solution- UPDATED

Attachment Preview

Sign-up for a Free Trial, Government Bid Alerts

See Also