Request for Proposals: Technology Assessment and Technology Security Audit - Michigan Indian Legal Services

1. PROJECT

Michigan Indian Legal Services, Inc. (MILS) has been awarded a Technology Improvement Grant (TIG) through the Legal Services Corporation (LSC), to improve the internal IT infrastructure and security posture.

Michigan Indian Legal Services (MILS) seeks consultant proposals to perform:

  • a technology assessment, and
  • a technology security audit.

2. MICHIGAN INDIAN LEGAL SERVICES BACKGROUND

Michigan Indian Legal Services offers high-quality advocacy for Native American residents throughout the state from our office in Traverse City. We work to improve the lives of Native American peoples, families, and communities through legal assistance and advocacy at no charge for those who are income-eligible for services. MILS is a specialized law office that serves the unique legal needs of the members of the native communities in Michigan to: protect families and cultural practices, secure fundamental rights and access to basic needs, and challenge policies and practices that are harmful to our clients and client communities. Visit www.mils3.org for more information.

3. PROJECT OVERVIEW

With our newly awarded Legal Services Corporation Technology Improvement Project grant for a technology assessment and technology security audit, this project will refine and reinforce our technology infrastructure. This grant will help us with two related needs.

Audit for vulnerabilities as a starting point toward a smart, sustainable longer-term tech and security plan. Our recent experiences with large-scale remote work have highlighted technology’s power to improve our staff’s communication, collaboration, and use of uniform flows. These improved efficiencies all result in clients being served better, faster, and with the appropriate deployment of MILS resources. It has also helped us to provide services on a statewide basis. On the flip side of this coin, our pandemic-era experience has also suggested workflow weak points that technology solutions can improve.

Second, we are keenly aware of our responsibility to enhance security throughout our technology infrastructure. Given the intermixing and interconnectedness of tech platforms that modern law offices use in day-to-day operations, we are only as strong as our most vulnerable spot. The legal industry has struggled with systems and data-storage vulnerabilities.

Through this project, we want an audit to identify vulnerabilities and provide recommendations for a smart, sustainable security plan. The end outcomes we envision: ensuring the integrity of client and business data with strong security measures and smart staff practices.

DELIVERABLES

Our improvement project will include, at a minimum, these technical and procedural elements:

  1. Updating plans, policies and procedures. We will review employee-owned-device procedures along with our policy on personal device usage, mobile device management practices, and our work-from-home policies/procedures.
  2. IT staffing review. We will comprehensively review how we staff IT support and oversight needs. In the past, we had staff members primarily responsible for IT and, given turnover and the immediacy of needs, switched all IT responsibilities to a relatively expensive IT consultant. Given that the immediacy has passed, we need to make decisions regarding IT staffing in a more considered way.
  3. Overall Information technology (IT) security. The assessment will include all key systems and functions: firewall and unified threat management (including antivirus); update and patch management; penetration testing; exposure to internet-based malware and viruses; password policies; possible single sign-on (SSO) implementation and multi-factor authentication (MFA). The assessment will recommend staff training to support any action we take.
  4. Disaster Recovery: The assessment will include reviewing and testing current backup systems, along with ransomware protection systems and processes.
  5. Identifying workflow weak points and technological solutions to improve. As well as systems and data-storage vulnerabilities.
  6. Updating plans, policies and procedures. Such as, employee-owned-device procedures along with our policy on personal devices usage, mobile device management practices, and our work- from-home policies/procedures.
  7. Comprehensively review how we staff IT support and oversight needs
  8. Overall Information technology (IT) security.

Assessment will address three overarching challenges: a) evolution in hardware needs, b) maximizing scarce financial resources, and c) maximizing staff hours and include the following: All key systems and functions: firewall and unified threat management (including antivirus); update and patch management; penetration testing; exposure to internet-based malware and viruses; password policies; possible single sign-on (SSO) implementation and multi-factor authentication (MFA).
Reviewing and testing of current backup systems, along with ransomware protection systems and processes. Disaster Recovery
Enhance IT security protocols, and increase efficiency.
Creating or revising multiple technology policies including a data breach response policy, cybersecurity and antivirus policy, security awareness and training policy, and an active monitoring policy, Different software programs and systems will require tailored security measures—for example, we do not currently use either single sign-on or endpoint detection response

Assessments are necessary to address LSC’s “Baseline tech” recommendations such as the follow areas:

  • Document management systems (DMS)
  • Security
  • Cloud Computing
  • Mobile Equipment
    -Mobile Device Management
  • BYOD Bring Your Own Device -Telephone
  • Password management
  • Endpoint Detection and Response (EDR) what to do in case of a breach, etc.
  • Reporting a Security Problem
  • Which tools to use for what purpose (Zoom, Adobe, Calendar, etc.)
  • How and who will update and how often (Website, materials, Pro bono etc.)
  • Training for using applications.
  • Trainings for specific work (Webinars etc.)
  • Standard Learning Systems for learning basic computer skills (SLS)

This assessment will be critical for MILS future, we will then 1) know what solutions to adopt, and 2) learn to make course corrections going forward, establishing defenses that respond to changing threats.

At the conclusion of this project, the consultant will provide Michigan Indian Legal Services with a report combining narrative and visual methods of presenting the results of the evaluation approach(es) to be proposed by the consultant. The report will additionally describe the approach(es) chosen and the reasoning behind the approach(es).

Work of the Consultant

Michigan Indian Legal Services is accepting proposals from firms or individuals with experience evaluating technology-focused efforts to improve organizational management.

We hope to engage the consultant early in the work of this grant to provide the greatest opportunity for designing a useful evaluation approach. The grant began on November 1, 2023, and it concludes on October 31, 2025; the work of the consultant will ultimately inform a significant part of the final report due by this date.

Proposal Guidelines

Maximum proposal length, including cover letter and budget, should not exceed 10 pages. Please use fonts no smaller than 12 points.

The proposal should address the following:

  • Brief Individual or Firm Profile:
  • Names and qualifications of person(s) assigned to the project
  • Individual/firm general capacities and types of clients/projects
  • Approach: Description of the approach(es) the individual/firm proposes to use for this project.
  • Experience: Description of experience specific to the proposed work, especially involving nonprofit organizations
  • Names and contact information for three references, preferably other nonprofit organizations
  • Timeline: a proposed timeline for the and
  • Budget: (see additional detail below).

Timeline

  • Proposals are due on January 24, 2024.
  • Proposals will be evaluated and finalists will be selected by February 9, 2024; MILS will then schedule interviews for finalists.
  • MILS anticipates choosing a consultant by March 1, 2024.
  • The consultant’s work will begin no later than April 1, 2024 and conclude no later than October 31, 2025.

Budget

If proposing an hourly rate contract, please provide the hourly rate, a proposed total for the project, and a total for any possible variables or add-on services. If proposing a flat fee contract, please provide the proposed fee for the project and any variables or add-on services that may impact on the fee.

Inquiries

Please Submit Proposals or direct questions regarding this RFP to:

Cameron Ann Fraser, Executive Director
Michigan Indian Legal Services
814 S Garfield Avenue, Suite A
Traverse City, MI 49686
(231) 947-0122
cfraser@mils.org

Date Posted