Generated By: RFQ Response Screening Rules Creation Agent (ZBrain)
Generation Timestamp: 2025-06-01T 10:30:001
Source RFQ ID: NB-RFQ-IT-2025-045
Source RFQ Version: 1.0 (Implied from RFQ structure)
1. RFQ Metadata Parameters
These are key parameters extracted from the RFQ header and body that define the context for screening.

Parameter_ID: RFQ-PARAM-001

Description: Source RFQ Identifier
Value: NB-RFQ-IT-2025-045


Parameter_ID: RFQ-PARAM-002

Description: Submission Deadline (EST)
Value: June 15, 2025, 5:00 PM EST


Parameter_ID: RFQ-PARAM-003

Description: Service Locations Covered (North America)
Value: New York, NY; Dallas, TX; San Francisco, CA; Toronto, ON; Chicago, IL


Parameter_ID: RFQ-PARAM-004

Description: Initial Contract Term (Years)
Value: 3


Parameter_ID: RFQ-PARAM-005

Description: Optional Renewal Term (Years)
Value: 2


Parameter_ID: BUDGET-PARAM-006

Description: Estimated Annual Budget Range (USD)
Value: $2.5M–$3.2M



2. Mandatory Requirements and Disqualification Rules
These rules define conditions that must be met. Failure to meet any MANDATORY rule should result in disqualification or a flag for critical review.


RULE_ID: MAND-TECH-001

Category: Technical Requirements
Type: Mandatory (Validation)
Source RFQ Ref: Section 4
Condition: Proposal must demonstrate ability to manage 5,000+ endpoints.
Verification Method: Review Technical Proposal for evidence of capability and proposed approach for managing specified endpoint volume.
Action if Condition NOT Met: Flag for critical review/potential disqualification.



RULE_ID: MAND-TECH-002

Category: Technical Requirements
Type: Mandatory (Validation)
Source RFQ Ref: Section 4
Condition: Proposed solution must integrate with Microsoft 365 and existing identity access infrastructure.
Verification Method: Review Technical Proposal for explicit mention and proposed method of integration.
Action if Condition NOT Met: Flag for critical review/potential disqualification.



RULE_ID: MAND-COMPL-003

Category: Regulatory Compliance
Type: Mandatory (Disqualification)
Source RFQ Ref: Section 4
Condition: Supplier must adhere to HIPAA and PCI-DSS compliance requirements relevant to scope of work.
Verification Method: Check for explicit confirmation of HIPAA and PCI-DSS compliance adherence in the response. Requires compliance team validation.
Action if Condition NOT Met: Disqualify Response.



RULE_ID: MAND-COMPL-004

Category: Regulatory Compliance
Type: Mandatory (Validation/Disqualification)
Source RFQ Ref: Section 4
Condition: Supplier must support ITIL v4 practices.
Verification Method: Review proposal for description of service delivery model aligning with ITIL v4 principles. Look for staff ITIL certifications.
Action if Condition NOT Met: Flag for critical review. Lack of clear support may lead to disqualification during detailed evaluation.



RULE_ID: MAND-COMPL-005

Category: Security Certification
Type: Mandatory (Disqualification)
Source RFQ Ref: Section 4
Condition: Supplier must possess SOC 2 Type II certification AND ISO 27001 certification.
Verification Method: Check for evidence (certificates, audit reports summary) of current SOC 2 Type II and ISO 27001 certifications.
Action if Condition NOT Met: Disqualify Response.



RULE_ID: MAND-COMPL-006

Category: Security Compliance
Type: Mandatory (Validation/Disqualification)
Source RFQ Ref: Section 4
Condition: Supplier must adhere to NIST 800-53 and CIS Controls v8 frameworks.
Verification Method: Review proposal for confirmation and description of adherence to NIST 800-53 and CIS Controls v8 in their security and operational practices.
Action if Condition NOT Met: Flag for critical review. Insufficient detail or confirmation may lead to disqualification.



RULE_ID: MAND-COMPL-007

Category: Data Residency
Type: Mandatory (Disqualification)
Source RFQ Ref: Section 4
Condition: Supplier must enforce Canadian and U.S. data residency requirements for relevant data.
Verification Method: Check for explicit confirmation and description of data residency controls and processes in the proposal.
Action if Condition NOT Met: Disqualify Response.



RULE_ID: MAND-SUB-008

Category: Submission Requirements
Type: Mandatory (Disqualification)
Source RFQ Ref: Section 8
Condition: Complete proposal must be submitted by the Submission Deadline.
Verification Method: Check submission timestamp against RFQ-PARAM-002.
Action if Condition NOT Met: Disqualify Response.
Notes: This rule is typically enforced automatically by the submission system.



RULE_ID: MAND-SUB-009

Category: Submission Requirements
Type: Mandatory (Validation)
Source RFQ Ref: Section 8
Condition: Proposal format must be PDF or DOCX.
Verification Method: Check file format of the submitted proposal document.
Action if Condition NOT Met: Flag for review/potential rejection if format is unreadable or non-compliant.



3. Scoring Rules
These rules define the criteria for scoring proposals and their relative importance based on the Evaluation Criteria section. Weights are implied from the listing order and typical RFQ evaluation structures, though explicit weights are not provided in this RFQ, requiring qualitative scoring based on criteria assessment.


RULE_ID: SCORE-EXP-001

Category: Evaluation Criteria
Type: Scoring (Qualitative)
Source RFQ Ref: Section 6 (Vendor’s relevant experience)
Condition: Assessment of the vendor's relevant experience in providing similar IT infrastructure management services, particularly in large enterprise and multi-site environments.
Verification Method: Qualitative evaluation of Company Overview, Project Overview understanding, and any explicitly provided experience summaries or case studies.
Scoring Logic: Assign points based on the degree of relevance and depth of demonstrated experience.
Notes: Requires expert human evaluation.



RULE_ID: SCORE-MODEL-002

Category: Evaluation Criteria
Type: Scoring (Qualitative)
Source RFQ Ref: Section 6 (Proposed service model and delivery), Section 3.1, 3.2
Condition: Assessment of the proposed service delivery model, including 24/7 coverage, help desk structure (L1-L3), administration capabilities across specified technologies, hybrid cloud management approach, and inclusion of cyber incident management/forensic response.
Verification Method: Qualitative evaluation of the Technical Proposal (Sections 3.1, 3.2) outlining the service model.
Scoring Logic: Assign points based on the clarity, comprehensiveness, and alignment of the proposed model with Northbridge's stated scope and requirements.
Notes: Requires expert human evaluation.



RULE_ID: SCORE-TEAM-003

Category: Evaluation Criteria
Type: Scoring (Qualitative)
Source RFQ Ref: Section 6 (Team certifications and staffing structure)
Condition: Assessment of the proposed staffing structure, team size, geographical distribution relative to Northbridge locations, and key team members' relevant certifications (e.g., technical, ITIL).
Verification Method: Qualitative evaluation of the proposal section detailing team structure and certifications.
Scoring Logic: Assign points based on the strength, relevance, and structure of the proposed team.
Notes: Requires human evaluation. Mandatory certifications (SOC 2, ISO 27001) are covered under MAND-COMPL-005, this focuses on individual/team certs.



RULE_ID: SCORE-INNOV-004

Category: Evaluation Criteria
Type: Scoring (Qualitative)
Source RFQ Ref: Section 6 (Innovation and automation strategy)
Condition: Assessment of the vendor's strategy for utilizing innovation (e.g., AI, machine learning) and automation to improve service delivery efficiency and effectiveness.
Verification Method: Qualitative evaluation of the proposal section describing innovation and automation approaches.
Scoring Logic: Assign points based on the perceived value, feasibility, and relevance of the proposed strategies.
Notes: Requires expert human evaluation.



RULE_ID: SCORE-COST-005

Category: Evaluation Criteria
Type: Scoring (Quantitative/Qualitative)
Source RFQ Ref: Section 6 (Cost transparency and alignment with budget), Section 7 (Budget Guidelines)
Condition: Assessment of the proposed pricing structure, itemization, scalability, and alignment with the estimated annual budget range ($2.5M–$3.2M).
Verification Method: Extract detailed pricing from the proposal. Compare total proposed cost with budget guidelines. Evaluate clarity and itemization.
Scoring Logic: Assign points based on competitiveness, transparency, scalability, and proximity to the estimated budget range. Could involve quantitative scaling relative to the lowest compliant bid or a target price.
Notes: Requires extraction and analysis of pricing data.



RULE_ID: SCORE-REF-006

Category: Evaluation Criteria
Type: Scoring (Qualitative, potentially informed by external action)
Source RFQ Ref: Section 6 (Reference checks and client case studies)
Condition: Assessment based on outcomes of reference checks and the quality/relevance of provided client case studies.
Verification Method: Review provided case studies. Integrate feedback from completed reference checks (action external to initial screening).
Scoring Logic: Assign points based on positive reference feedback and compelling case studies demonstrating success in similar projects.
Notes: Relies on a downstream process (reference checks). Initial screening confirms presence of references per MAND-COMPL-004.



RULE_ID: SCORE-RISK-007

Category: Evaluation Criteria
Type: Scoring (Qualitative)
Source RFQ Ref: Section 6 (Risk mitigation and continuity plans)
Condition: Assessment of the vendor's proposed plans for identifying, mitigating, and managing risks, including business continuity and disaster recovery aspects related to service delivery.
Verification Method: Qualitative evaluation of the proposal section describing risk management and continuity plans.
Scoring Logic: Assign points based on the robustness, comprehensiveness, and feasibility of the proposed plans.
Notes: Requires expert human evaluation.



4. Rule Set Application Guidance

Initial Gate: Apply all MANDATORY rules (Section 2). Any response failing a MANDATORY rule marked for "Disqualification" is immediately removed. Responses failing a rule marked "Validation" are flagged for immediate manual review to confirm compliance or determine disqualification.
Scoring: For responses that pass the mandatory gate, apply the SCORING rules (Section 3).

Automated assistance can extract data for potential quantitative scoring rules (e.g., elements of cost if structured).
The majority of scoring rules for this RFQ require qualitative assessment by expert evaluators. The rules serve as a checklist and guide for evaluators on what criteria to score against, ensuring consistency.


Final Rank: Responses are ranked based on their total score derived from the scoring criteria. Further evaluation stages (like technical demos mentioned in Section 9) would follow based on this initial ranking.