Employee Safety Footwear Program
| Location: | Tennessee |
|---|---|
| Posted: | May 7, 2026 |
| Due: | May 21, 2026 |
| Agency: | State Government of Tennessee |
| Type of Government: | State & Local |
| Category: |
|
| Solicitation No: | RFI 40100-51820 |
| Publication URL: | To access bid details, please log in. |
| Document ID & Hyperlink: | RFI 40100-51820 |
| Event Start - Response Due: |
05/07/2026
05/21/2026 |
| Event Name: | Employee Safety Footwear Program |
| Last Updated: |
Attachment Preview
STATE OF TENNESSEE
TENNESSEE DEPARTMENT OF TRANSPORTATION
REQUEST FOR INFORMATION
FOR
EMPLOYEE SAFETY FOOTWEAR PROGRAM
RFI # 40100-51820
May 7, 2026
1. STATEMENT OF PURPOSE:
The State of Tennessee, Department of Transportation issues this Request for Information (“RFI”)
for the purpose of assessing the ability of Respondents to meet the State security requirements of
a future solicitation for an Employee Safety Footwear Program. We appreciate your input and
participation in this process.
2. BACKGROUND:
The Department of Transportation is seeking a vendor to manage the employee safety
shoe program for approximately 2,500 field staff. Eligible employees will be given an
allotment annually for footwear, and the Contractor will perform all logistical and
administrative work to provide the employees with approved safety footwear. The
Contractor must be able to provide services on site and online including collecting
size/style information, coordinating order placement, receiving, and distributing the
footwear, troubleshooting of any issues with ordering, shipping, receiving, and
payment of the footwear.
TDOT issues this RFI to gather information from safety footwear vendors to understand
the Respondent’s ability or describing Respondent’s inability to comply with the
requirements set forth in Attachment A.
3. COMMUNICATIONS:
3.1. Please submit your response to this RFI to:
Taylor Hipes, Procurement and Contracts Division
Tennessee Department of Transportation
Tennessee Tower, 11th floor
312 Rosa L Parks Ave, Nashville, TN 37243
TDOT.RFP@tn.gov
1
3.2. Please feel free to contact the Tennessee Department of Transportation with any questions
regarding this RFI. The main point of contact will be:
Taylor Hipes, Procurement and Contracts Division
Tennessee Department of Transportation
Tennessee Tower, 11th floor
312 Rosa L Parks Ave, Nashville, TN 37243
TDOT.RFP@tn.gov
3.3. Please reference RFI # 40100-51820 with all communications to this RFI.
4. RFI SCHEDULE OF EVENTS:
EVENT
1. RFI Issued
2. RFI Response Deadline
TIME
DATE
(Central Time (all dates are State
Zone)
business days)
May 7, 2026
May 21, 2026
5. GENERAL INFORMATION:
5.1. Responding to this RFI is a prerequisite for responding to any future solicitations
related to this project. Responses to this RFI will not create any contract rights and
responses to this RFI will become property of the State.
5.1.1.1. All Respondents will be required to provide a signed written response from their legal
counsel, or Chief Executive Officer or their authorized designee legally empowered to
bind the respondent to the provisions of the solicitation and resulting contract (if
awarded), either confirming Respondent’s ability or describing Respondent’s inability to
comply with the requirements set forth in Attachment A.
5.1.1.2. The specific Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
periods referenced in the Information Technology Security Requirements clause of
Attachment A will be negotiated and determined between the vendor and the State for
the particular contract based on the priority of the service.
5.2. The information gathered during this RFI is part of an ongoing procurement. In order to
prevent an unfair advantage among potential respondents, the RFI responses will not be
available until after the completion of evaluation of any responses, proposals, or bids
resulting from a Request for Qualifications, Request for Proposals, Invitation to Bid or other
procurement method. In the event that the state chooses not to go further in the
procurement process and responses are never evaluated, the responses to the
procurement including the responses to the RFI, will be considered confidential by the
State.
5.3. The State will not pay for any costs associated with responding to this RFI.
6. INFORMATIONAL FORMS:
The State is requesting the following information from all interested parties. Attachment A are
being provided as information only for the Respondent to provide an informed response. Please
fill out the following forms:
RFI #40100-51820
TECHNICAL INFORMATIONAL FORM
1. RESPONDENT LEGAL ENTITY NAME:
2. RESPONDENT CONTACT PERSON:
Name, Title:
Address:
Phone Number:
Email:
3. Provide a signed written response from either the legal counsel, Chief Executive Officer, or
their authorized designee legally empowered to bind the respondent to the provisions of the
solicitation and resulting contract (if awarded), either confirming the Respondent’s ability or
describing the Respondent’s inability to comply with the requirements outlined in Attachment A.
4. If Contactor cannot meet the following requirement specified in Attachment A, “The Contractor
shall ensure that all State Data is housed in the continental United States, inclusive of backup
data. All State data must remain in the United States, regardless of whether the data is
processed, stored, in-transit, or at rest. Access to State data shall be limited to US-based
(onshore) resources only,” provide the name of the host country(ies) where any data may be
processed or stored, in-transit, or at rest.
Attachment A
Notable Terms and Conditions Requirements:
(This Attachment does not represent all State of Tennessee contractual Terms and Conditions,
but reflects those the State requires acknowledgement of the Respondent’s ability, or inability, to
comply with to determine inclusion in a future procurement for the services referenced in this
RFI).
D.#. Information Technology Security Requirements (State Data, Audit, and Other Requirements).
a. “State Data” is any and all data that can be accessed, processed, generated, including derivative
works, stored, or hosted by the Contractor in performance of this Contract.” The Contractor shall
protect State Data as follows:
(1) The Contractor shall ensure that all State Data is housed in the continental United States,
inclusive of backup data. All State Data must remain in the United States, regardless of
whether the data is processed, stored, in-transit, or at rest. Access to State Data shall be
limited to US-based (onshore) resources only.
All system and application administration must be performed in the continental United States.
Configuration or development of software and code is permitted outside of the United States.
However, software applications designed, developed, manufactured, or supplied by persons
owned or controlled by, or subject to the jurisdiction or direction of, a foreign adversary, which
the U.S. Secretary of Commerce acting pursuant to 15 C.F.R. § 7 has defined to include the
People’s Republic of China, among others are prohibited. Any testing of code outside of the
United States must use fake data. A copy of production data may not be transmitted or used
outside the United States.
(2) The Contractor shall encrypt State Data at rest and in transit using the current version of
Federal Information Processing Standard (“FIPS”) 140-2 or 140-3 (or current applicable
version) validated encryption technologies. The State shall control all access to encryption
keys. The Contractor shall provide installation and maintenance support at no cost to the
State.
(3) The Contractor shall maintain, obtain, or undergo the following third-party information security
audit(s) for both the Contractor and the Contractor’s processing environment containing State
Data. The Contractor shall ensure that each assessment remains current and valid throughout
the term of the Contract.
i. NIST Audit - The Contractor and Contractor’s processing environment containing State
Data shall undergo an annual independent audit assessing compliance with the privacy
and security controls established in the National Institute of Standards and Technology
(NIST) Special Publication 800-53. The audit shall be conducted by a qualified independent
assessor, which may include a reputable CPA firm, cybersecurity firm, or other organization
with demonstrated expertise in assessing NIST control compliance. The audit must
evaluate compliance with the security controls defined in the NIST Special Publication 800-
53B moderate-impact security control baseline or a higher-impact baseline.
(4) Upon request by the State or the Comptroller of the Treasury, and within thirty (30) days of
completion or receipt of any audit required under Contract Section D.#,a.(3) the Contractor
shall provide the State or the Comptroller of the Treasury with the following documentation
and deliverables. The Contractor shall ensure that all documentation remains current,
complete, and accurate throughout the term of the Contract.
i. NIST Audit
1) The audit report in its entirety;
2) A corrective action plan describing each identified deficiency, planned remediation
steps, and anticipated completion dates.
Upon request by the State or the Comptroller of the Treasury, the Contractor shall also provide
current Subcontractor certifications, reports, and related deliverables pertaining to services
provided under this Contract within thirty (30) days. If any certification, authorization,
examination, or assessment required under this Contract for any Subcontractor supporting this
Contract lapses, expires, is suspended, or is revoked, the Contractor shall notify the State in
writing within five (5) business days of learning of the status change and provide: (i) the
effective date and reason; (ii) the services and State Data affected; and (iii) the Contractor’s
corrective action plan and interim risk mitigations.
No additional funding shall be allocated for these examinations as they are included in the
Maximum Liability of this Contract.
(5) The Contractor must annually perform Penetration Tests and Vulnerability Assessments
against its Processing Environment per the NIST 800-115 definition. “Processing
Environment” shall mean the combination of software and hardware on which the Application
runs. “Application” shall mean the computer code that supports and accomplishes the State’s
requirements as set forth in this Contract. “Penetration Tests” shall be in the form of attacks
on the Contractor’s computer system, with the purpose of discovering security weaknesses
which have the potential to gain access to the Processing Environment’s features and data.
The “Vulnerability Assessment” shall be designed and executed to define, identify, and classify
the security holes (vulnerabilities) in the Processing Environment. The Contractor shall allow
the State, at its option, to perform Penetration Tests and Vulnerability Assessments on the
Processing Environment. The Contractor shall provide a letter of attestation on its processing
environment that penetration tests and vulnerability assessments has been performed on an
annual basis and taken corrective action to evaluate and address any findings.
In the event of an unauthorized disclosure or unauthorized access to State Data, the State
Strategic Technology Solutions (STS) Security Incident Response Team (SIRT) must be
notified and engaged by calling the State Customer Care Center (CCC) at 615-741-1001. Any
such event must be reported by the Contractor within twenty-four (24) hours after the
unauthorized disclosure has come to the attention of the Contractor.
(6) If a breach has been confirmed a fully un-modified third-party forensics report must be supplied
to the State and through the STS SIRT. This report must include indicators of compromise
(IOCs) as well as plan of actions for remediation and restoration. Contractor shall take all
necessary measures to halt any further Unauthorized Disclosures.
(7) Upon State request, the Contractor shall provide a copy of all State Data it holds. The
Contractor shall provide such data on media and in a format determined by the State
(8) Upon termination of this Contract and in consultation with the State, the Contractor shall
destroy, and ensure all subcontractors shall destroy, all State Data it holds (including any
This is the opportunity summary page. It provides an overview of this opportunity and a preview of the attached documentation.
Daily notification on new contract opportunities
With GovernmentContracts, you can:
- Find more opportunities and win more business
- Receive daily alerts for all new bid opportunities
- Get contract opportunities matched to your business
See also
...Follow Safety Footwear contract with Base plus 4 year options. Active Contract Opportunity ...
ENERGY, DEPARTMENT OF
Bid Due: 6/10/2026
...to obtain a building permit. The construction will be required to meet the ...
State Government of Tennessee
Bid Due: 6/30/2026
...is complete. * For the appropriate purchases, all material data safety data sheets ...
Memphis City Schools
Bid Due: 6/25/2026
...traffic flow, reduce congestion, and improve pedestrian safety at key intersections, while ensuring...
City of Brentwood
Bid Due: 6/24/2026
* Disclaimer: Information regarding bids, requests for proposals (RFPs), or requests for qualifications (RFQs) is provided on this website only for convenience and does not constitute official public notice. Persons wishing to respond to or inquire about bids, RFPs, or RFQs should contact the appropriate government department.