Fleet Credit Card and Consignment Fuel Services
| Location: | Tennessee |
|---|---|
| Posted: | Feb 20, 2026 |
| Due: | Mar 6, 2026 |
| Agency: | State Government of Tennessee |
| Type of Government: | State & Local |
| Category: |
|
| Solicitation No: | RFI 40100-51614 |
| Publication URL: | To access bid details, please log in. |
| Document ID & Hyperlink: | RFI 40100-51614 |
| Event Start - Response Due: |
02/20/2026
03/06/2026 |
| Event Name: | Fleet Credit Card and Consignment Fuel Services |
| Last Updated: |
Attachment Preview
STATE OF TENNESSEE
TENNESSEE DEPARTMENT OF TRANSPORTATION
REQUEST FOR INFORMATION
FOR
FLEET CREDIT CARD AND CONSIGNMENT FUEL SERVICES
RFI # 40100-51614
February 20, 2026
1. STATEMENT OF PURPOSE:
The State of Tennessee, Department of Transportation issues this Request for Information (“RFI”)
for the purpose of assessing the ability of Respondents to meet the State security requirements of
a future solicitation for Fleet Credit Card and Consignment Fuel Services. We appreciate your
input and participation in this process.
2. BACKGROUND:
The State intends to secure a contract for a fleet fuel credit card for fuel and minor
automotive repair services for State agencies, State institutions of higher education
chartered in Tennessee and local governmental units within the geographic limits of
the State of Tennessee. In addition, the State seeks to secure delivery of fuel to its
State automated fueling sites for sale on a consignment basis. At these sites, the
location must be automated to allow for the purchase of fuel using the same card as
used for retail outlets. Reimbursement for fuel will be on a consignment basis as fuel
is dispensed to vehicles.
TDOT issues this RFI to gather information from potential vendors to
understand the Respondent’s ability or describing Respondent’s inability to comply
with the requirements set forth in Attachment A.
3. COMMUNICATIONS:
3.1. Please submit your response to this RFI to:
Kenneth Weaver, Procurement and Contracts Division
Tennessee Department of Transportation
Tennessee Tower, 11th floor
312 Rosa L Parks Ave, Nashville, TN 37243
TDOT.RFP@tn.gov
1
3.2. Please feel free to contact the Tennessee Department of Transportation with any questions
regarding this RFI. The main point of contact will be:
Kenneth Weaver, Procurement and Contracts Division
Tennessee Department of Transportation
Tennessee Tower, 11th floor
312 Rosa L Parks Ave, Nashville, TN 37243
TDOT.RFP@tn.gov
3.3. Please reference RFI # 40100-51726 with all communications to this RFI.
4. RFI SCHEDULE OF EVENTS:
EVENT
1. RFI Issued
2. RFI Response Deadline
TIME
DATE
(Central Time (all dates are State
Zone)
business days)
February 20 2026
March 6, 2026
5. GENERAL INFORMATION:
5.1. Responding to this RFI is a prerequisite for responding to any future solicitations
related to this project. Responses to this RFI will not create any contract rights and
responses to this RFI will become property of the State.
5.1.1.1. All Respondents will be required to provide a signed written response from their legal
counsel, or Chief Executive Officer, either confirming Respondent’s ability or describing
Respondent’s inability to comply with the requirements set forth in Attachment A.
5.1.1.2. The specific Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
periods referenced in the Information Technology Security Requirements clause of
Attachment A will be negotiated and determined between the vendor and the State for
the particular contract based on the priority of the service.
5.2. The information gathered during this RFI is part of an ongoing procurement. In order to
prevent an unfair advantage among potential respondents, the RFI responses will not be
available until after the completion of evaluation of any responses, proposals, or bids
resulting from a Request for Qualifications, Request for Proposals, Invitation to Bid or other
procurement method. In the event that the state chooses not to go further in the
procurement process and responses are never evaluated, the responses to the
procurement including the responses to the RFI, will be considered confidential by the
State.
5.3. The State will not pay for any costs associated with responding to this RFI.
6. INFORMATIONAL FORMS:
The State is requesting the following information from all interested parties. Attachment A are
being provided as information only for the Respondent to provide an informed response. Please
fill out the following forms:
RFI #40100-51726
TECHNICAL INFORMATIONAL FORM
1. RESPONDENT LEGAL ENTITY NAME:
2. RESPONDENT CONTACT PERSON:
Name, Title:
Address:
Phone Number:
Email:
3. Provide a signed written response from either the legal counsel, Chief Executive Officer, or their
authorized designee legally empowered to bind the respondent to the provisions of the solicitation
and resulting contract (if awarded), either confirming the Respondent’s ability or describing the
Respondent’s inability to comply with the requirements outlined in Attachment A.
4. If Contactor cannot meet the following requirement specified in Attachment A, “The Contractor
shall ensure that all State Data is housed in the continental United States, inclusive of backup
data. All State data must remain in the United States, regardless of whether the data is
processed, stored, in-transit, or at rest. Access to State data shall be limited to US-based
(onshore) resources only,” provide the name of the host country(ies) where any data may be
processed or stored, in-transit, or at rest.
Attachment A
Notable Terms and Conditions Requirements:
(This Attachment does not represent all State of Tennessee contractual Terms and Conditions,
but reflects those the State requires acknowledgement of the Respondent’s ability, or inability, to
comply with to determine inclusion in a future procurement for the services referenced in this
RFI).
E.1. Personally Identifiable Information. While performing its obligations under this Contract,
Contractor may have access to Personally Identifiable Information held by the State (“PII”). For
the purposes of this Contract, “PII” includes “Nonpublic Personal Information” as that term is
defined in Title V of the Gramm-Leach-Bliley Act of 1999 or any successor federal statute, and
the rules and regulations thereunder, all as may be amended or supplemented from time to time
(“GLBA”) and personally identifiable information and other data protected under any other
applicable laws, rule or regulation of any jurisdiction relating to disclosure or use of personal
information (“Privacy Laws”). Contractor agrees it shall not do or omit to do anything which would
cause the State to be in breach of any Privacy Laws. Contractor shall, and shall cause its
employees, agents and representatives to: (i) keep PII confidential and may use and disclose PII
only as necessary to carry out those specific aspects of the purpose for which the PII was
disclosed to Contractor and in accordance with this Contract, GLBA and Privacy Laws; and (ii)
implement and maintain appropriate technical and organizational measures regarding information
security to: (A) ensure the security and confidentiality of PII; (B) protect against any threats or
hazards to the security or integrity of PII; and (C) prevent unauthorized access to or use of PII.
Contractor shall immediately notify State: (1) of any disclosure or use of any PII by Contractor or
any of its employees, agents and representatives in breach of this Contract; and (2) of any
disclosure of any PII to Contractor or its employees, agents and representatives where the
purpose of such disclosure is not known to Contractor or its employees, agents and
representatives. The State reserves the right to review Contractor's policies and procedures
used to maintain the security and confidentiality of PII and Contractor shall, and cause its
employees, agents and representatives to, comply with all reasonable requests or directions from
the State to enable the State to verify or ensure that Contractor is in full compliance with its
obligations under this Contract in relation to PII. Upon termination or expiration of the Contract or
at the State’s direction at any time in its sole discretion, whichever is earlier, Contractor shall
immediately return to the State any and all PII which it has received under this Contract and shall
destroy all records of such PII.
The Contractor shall report to the State any instances of unauthorized access to or potential
disclosure of PII in the custody or control of Contractor (“Unauthorized Disclosure”) that come to
the Contractor’s attention. Any such report shall be made by the Contractor within twenty-four
(24) hours after the Unauthorized Disclosure has come to the attention of the Contractor.
Contractor shall take all necessary measures to halt any further Unauthorized Disclosures. The
Contractor, at the sole discretion of the State, shall provide no cost credit monitoring services for
individuals whose PII was affected by the Unauthorized Disclosure. The Contractor shall bear the
cost of notification to all individuals affected by the Unauthorized Disclosure, including individual
letters and public notice. The remedies set forth in this Section are not exclusive and are in
addition to any claims or remedies available to this State under this Contract or otherwise
available at law. The obligations set forth in this Section shall survive the termination of this
Contract.
E.2. Information Technology Security Requirements (State Data, Audit, and Other Requirements).
a. The Contractor shall protect State Data as follows:
(1) The Contractor shall ensure that all State Data is housed in the continental United States,
inclusive of backup data. All State data must remain in the United States, regardless of
whether the data is processed, stored, in-transit, or at rest. Access to State data shall be
limited to US-based (onshore) resources only.
All system and application administration must be performed in the continental United States.
Configuration or development of software and code is permitted outside of the United States.
However, software applications designed, developed, manufactured, or supplied by persons
owned or controlled by, or subject to the jurisdiction or direction of, a foreign adversary, which
the U.S. Secretary of Commerce acting pursuant to 15 CFR 7 has defined to include the
People’s Republic of China, among others are prohibited. Any testing of code outside of the
United States must use fake data. A copy of production data may not be transmitted or used
outside the United States.
(2) The Contractor shall encrypt Confidential State Data at rest and in transit using the current
version of Federal Information Processing Standard (“FIPS”) 140-2 or 140-3 (or current
applicable version) validated encryption technologies. The State shall control all access to
encryption keys. The Contractor shall provide installation and maintenance support at no
cost to the State.
(3) The Contractor and any Subcontractor used by the Contractor to host State data, including
data center vendors, shall be subject to an annual engagement by a licensed CPA firm in
accordance with the standards of the American Institute of Certified Public Accountants
(“AICPA”) for a System and Organization Controls for service organizations (“SOC”) 2 Type 2
examination. The scope of the SOC 2 Type 2 examination engagement must include the
Security, Availability, Confidentiality, and Processing Integrity Trust Services Criteria. In
addition, the Contractor services that are part of this Contract, including any processing or
storage services, must be included in the scope of the SOC 2 Type 2 examination
engagement(s).
(4) The Contractor must annually review its SOC 2 Type 2 examination reports. Within 30 days
of receipt of the examination report, or upon request from the State or the Comptroller of the
Treasury, the Contractor must provide the State or the Comptroller of the Treasury a non-
redacted copy of the Contractor’s SOC 2 Type 2 examination report(s). The Contractor must
review the annual SOC 2 Type 2 examination reports for each of its Subcontractors and must
also assist the State or Comptroller of the Treasury with obtaining a non-redacted copy of any
SOC examination reports for each of its Subcontractors, including data centers used by the
Contractor to host or process State data.
If the Contractor’s SOC 2 Type 2 examination report includes a modified opinion, meaning
that the opinion is qualified, adverse, or disclaimed, the Contractor must share the SOC
report and the Contractor’s plan to address the modified opinion with the State or the
Comptroller of the Treasury within 30 days of the Contractor’s receipt of the SOC report or
upon request from the State or the Comptroller of the Treasury. If any Subcontractor(s) SOC
2 Type 2 examination report includes a modified opinion, the Contractor must assist the State
or Comptroller of the Treasury with obtaining the Subcontractor(s) SOC report and the
Subcontractor(s) plan to address the modified opinion.
The Contractor must have a process for correcting control deficiencies that were identified in
the SOC 2 Type 2 examination, including follow-up documentation providing evidence of
such corrections. Within 30 days of receipt of the examination report, or upon request from
the State or the Comptroller of the Treasury, the Contractor must provide the State or the
Comptroller of the Treasury with a corrective action plan and evidence of correcting the
control deficiencies. The Contractor must require each of its Subcontractors, including data
centers used by the Contractor to host State data, to have a process for correcting control
deficiencies identified in their SOC examination reports and must assist the State or
This is the opportunity summary page. It provides an overview of this opportunity and a preview of the attached documentation.
Daily notification on new contract opportunities
With GovernmentContracts, you can:
- Find more opportunities and win more business
- Receive daily alerts for all new bid opportunities
- Get contract opportunities matched to your business
* Disclaimer: Information regarding bids, requests for proposals (RFPs), or requests for qualifications (RFQs) is provided on this website only for convenience and does not constitute official public notice. Persons wishing to respond to or inquire about bids, RFPs, or RFQs should contact the appropriate government department.