IT security professionals don't have time for this. Some proposals are so painful to get through that organizations would simply eliminate them outright regardless of how well the solution might fit.
The RFP response is an opportunity for vendors to earn your business. Write the RFP as concisely as possible and include a description about your mandates for responses. It's time to define some ground rules. Vendors won't stop playing wasteful marketing games until users set expectations on what is acceptable.
Below are five guidelines that will improve prospects for proposals that actually respond directly to your requirements.
- All questions and requirements must be addressed directly
- The response should include details about architecture and deployment
- Text must be supported with graphics
- Comprehensive pricing is required
- A business solution must speak to your needs
This means the vendor needs to avoid the marketing rhetoric and acronyms, and simply address the specific needs presented in the document. A vendor that can't meet a certain requirement should be honest and state this in plain English. Fulfilling this requirement requires conciseness, not unbearable detail--figure five to seven pages of text in most cases. A well-prepared and thorough RFP response (supported by graphics and figures) may be longer than seven pages; the point, however, is that useful content is good, marketing double-talk is bad.
Vendors love to talk about features and benefits but often forget to address the physical layout of their solutions or the effort required for implementation projects. Where do the components sit? How will a distributed solution communicate? Are there security concerns? Are there deployment options or complexities to consider? Can a solution tier administration? Can it be implemented in either a distributed or centralized fashion? Can it be configured so it is efficient in terms of network bandwidth? Remember, the vendors are the technology experts here, so they should be creative and meticulous.
A proposal should weave together graphics and text in an effort to make the document both succinct and thorough. Insist that vendors include graphics that illustrate how it addresses requirements. For example, distributed solutions should be supported by topology maps that help users visualize the product architecture. Management tools should include screen shots that specifically address user needs.
Software and maintenance costs are only a piece of the puzzle. What about additional hardware like servers, switches or management consoles? Will you need a back-end database? How about professional services and user training? Again, demand that vendors "walk a mile in your shoes" and provide details, not a runaround.
The RFP response should reveal that the vendor understands your business issues, addresses them effectively and can deliver near-term ROI. State your business problems clearly and demand that the vendor respond in kind.
This was first published in May 2005