PCI DSS AUDIT AND COMPLIANCE SERVICES

Location:	California
Posted:	Jan 13, 2026
Due:	Jan 22, 2026
Agency:	City of Berkeley
Type of Government:	State & Local
Category:	R - Professional, Administrative and Management Support Services
Solicitation No:	25-11710-C Re-Issued
Publication URL:	To access bid details, please log in.

Attachment Preview

Finance Department

General Services Division

REQUEST FOR PROPOSALS (RFP)

Specification No. 25-11710-C-Re-Issued

FOR

PCI DSS AUDIT AND COMPLIANCE SERVICES

PROPOSALS WILL NOT BE OPENED AND READ PUBLICLY

Dear Proposer:

The City of Berkeley is soliciting written proposals from qualified firms or individuals to prepare and submit a

proposal to provide professional consulting services related to payment card industry data security standards (“PCI

DSS”) for the City of Berkeley Finance Department in accordance with the requirements defined throughout this

RFP. As a Request for Proposal (RFP) this is not an invitation to bid and although price is very important, other

factors will be taken into consideration.

The project scope, content of proposal, and vendor selection process are summarized in the RFP (attached).

Proposals must be received no later than 2:00 pm, on Tuesday, January 13, 2026. Proposals are to be sent via

email with the “Specification No. 25-11710-C-Re-Issued and “PCI DSS Audit and Compliance Services” clearly

indicated in the subject line of the email. Please submit one (1) PDF of the technical Proposal with the filename

saved as, “Proposal: Vendor Name – 25-11710-C-Re-Issued PCI DSS AUDIT AND COMPLIANCE

SERVICES.” Corresponding pricing proposal shall be submitted as a separate document with the filename saved

as, “Pricing: Vendor Name – 25-11710-C-Re-Issued PCI DSS AUDIT AND COMPLIANCE SERVICES.”

Email Proposals to:

City of Berkeley

Finance Department/General Services Division

Solicitations@berkeleyca.gov

Proposals will not be accepted after the date and time stated above. Incomplete proposal or proposals that do not

conform to the requirements specified herein will not be considered. Issuance of the RFP does not obligate the City

to award a contract, nor is the City liable for any costs incurred by the proposer in the preparation and submittal of

proposals for the subject work. The City retains the right to award all or parts of this contract to several bidders, to

not select any bidders, and/or to re-solicit proposals. The act of submitting a proposal is a declaration that the

proposer has read the RFP and understands all the requirements and conditions.

For questions concerning the anticipated work, or scope of the project, please contact Greg Seagraves (Project

Manager), via email at GSegraves@berkeleyca.gov no later than December 30, 2025. Answers to questions will

not be provided by telephone or email. Answers to all questions or any addenda will be posted on the City of

Berkeley’s site at Bid & Proposal Opportunities | City of Berkeley (berkeleyca.gov). It is the vendor’s responsibility

to check this site. For general questions concerning the submittal process, contact purchasing at 510-981-7320.

We look forward to receiving and reviewing your proposal.

Sincerely,

Henry Oyekanmi

Finance Director

2180 Milvia St, Berkeley, CA 94704 Tel: 510-981-7320 TDD: 510-981-6903

Email: Solicitations@berkeleyca.gov Website: Berkeleyca.gov/finance

BACKGROUND/SUMMARY/or INTRODUCTION

The City of Berkeley Finance Department is issuing this RFP to award a contract to a qualified PCI service

provider (“Contractor”). The Proposer must be currently registered with and appropriately qualified by the PCI

Security Standards Council to offer PCI DSS Services. All PCI-related services provided by the Contractor must

adhere to the most current version of the relevant standard.

The overall objective of the RFP is to select a service provider to assist the Finance Department in establishing the

most cost effective and efficient procurement program for PCI Compliance Services while maintaining high

standards of quality and service. The successful proposal offer will perform PCI DSS Certification for the Finance

Department.

II. SCOPE OF SERVICES

The Contractor will be required to provide Compliance advisory Service offering expert guidance on PCI DSS

(Payment Card Industry Data Security Standard) requirements ensuring adherence to industry standards for

payment card security. Services to provided may include, among others to be defined during the contract, the

following:

PCI DSS AUDIT AND COMPLIANCE SERVICES

1. Define Cardholder Data Environment; provide PCI DSS Self-Assessment Questionnaire training.

2. Conduct Interviews of key stakeholders, process owners, and support personnel to gain the required

understanding of current Cardholder Data Environment (CDE) and perform PCI validation against various

CDE Components and infrastructure.

3. Provide Qualified Security Assessor (QSA) services to assess the Finance Department’s systems and

processes for PCI DSS Compliance.

4. Support the Finance Department in the preparation for and successful completion of the annual PCI

certification assessment, audits, and ensuring continuous compliance,

5. Identify risks that may lead to non-compliance with PCI DSS requirements.

6. Provide PCI DSS onsite audits resulting in a Report on Compliance (ROC)

7. Provide review of security policies related to PCI DSS risk assessment and advisory services

8. Provide review of security policies related to PCI DSS Compliance.

9. Document steps needed to remediate any gaps in compliance.

10. Provide consulting and advisory services for the development and implementation of PCI environments,

applications, and services.

11. Design supplemental PCI DSS training materials such as videos, presentations, learning portal content, or

written documentation,

12. Provide onsite and/or remote PCI training.

13. Develop templates and tools to aid in future certification efforts.

14. Provide PCI Portal for compliance tracking, audit documentation gathering, remediation management and

reporting,

15. Designate a liaison to serve as point of contact between the Finance Department and the Contractor.

III. SUBMISSION REQUIREMENTS

All proposals shall include the following information, organized as separate sections of the proposal. The proposal

should be concise and to the point.

1. Contractor Identification:

Provide the name of the firm, the firm's principal place of business (see section VII, F. – Local Vendor

Preference), the name and telephone number of the contact person and company tax identification number.

2. Client References:

Provide a minimum of three (3) client references. References should be California cities or other large public

sector entities. Provide the designated person's name, title, organization, address, telephone number, and the

project(s) that were completed under that client’s direction.

3. Price Proposal:

The proposal shall include pricing for all services. Pricing shall be all inclusive unless indicated otherwise.

Pricing proposals shall be a separate document. The Proposal shall itemize all services, including hourly rates

for all professional, technical and support personnel, and all other charges related to completion of the work

shall be itemized. Evaluations of price proposals are subject to the local vendor business preference (see section

VII.F.).

4. Contract Terminations:

If your organization has had a contract terminated in the last five (5) years, describe such incident.

Termination for default is defined as notice to stop performance due to the vendor’s non-performance or poor

performance and the issue of performance was either (a) not litigated due to inaction on the part of the vendor,

or (b) litigated and such litigation determined that the vendor was in default.

Submit full details of the terms for default including the other party’s name, address, and phone number.

Present the vendor’s position on the matter. The City will evaluate the facts and may, at its sole discretion,

reject the proposal on the grounds of previous experience.

If the firm has not experienced any such termination for default or early termination in the past five (5) years,

so indicate.

5. (Other submission requirements are needed to evaluate proposals and determine if contractor is qualified to

do project.)

IV. SELECTION CRITERIA

The following criteria will be considered, although not exclusively, in determining which firm is hired.

1. Project Approach

(30 points)

2. Expertise & References

(20 points)

3. Costs*

(50 points)

* Effective 1/1/2022. Local Vendor Preference. For the purpose of comparing pricing as part of this competitive

RFP for goods up to $100,000 or non-professional services up to $250,000, 5% shall be deducted from the bid price

proposal from any local Berkeley vendor.

A selection panel will be convened of staff to evaluate and score submittals.

V. PAYMENT

Invoices: Invoices must be fully itemized and provide sufficient information for approving payment and audit.

Invoices must be accompanied by receipt for services for payment to be processed. Email invoices to Accounts

Payable and cc: Project Manager GSegraves@berkeleyca.gov; (List on invoice, Attn: Project Manager Greg

Seagraves, Finance Department) and reference the contract number.

City of Berkeley

Accounts Payable

P.O. Box 700

Berkeley, CA 94710-700

Email: AccountsPayable@berkeleyca.gov

Phone: 510-981-7310

Payments: The City will make payment to the vendor within 30 days of receipt of a correct, approved and

complete invoice.

VI. CITY REQUIREMENTS

(Do not modify any part of this section except: Living Wage would not apply if commodities were being purchased

and Equal Benefits would not apply if the contract amount would be less than $25,000. If this is the case, do not

delete the section just note next to it “Does Not Apply to this Request for Proposal”)

A. Non-Discrimination Requirements:

Ordinance No. 5876-N.S. codified in B.M.C. Chapter 13.26 states that for contracts worth more than $3,000

bids for supplies or bids or proposals for services shall include a completed Workforce Composition Form.

Businesses with fewer than five employees are exempt from submitting this form. (See B.M.C. 13.26.030)

Under B.M.C. section 13.26.060, the City may require any bidder or vendor it believes may have discriminated

against to submit a Non-Discrimination Program. The Contract Compliance Officer will make this

determination. This applies to all contracts and all consultants (contractors). Berkeley Municipal Code section

13.26.070 requires that all contracts with the City contain a non-discrimination clause, in which the contractor

agrees not to discriminate and allows the City access to records necessary to monitor compliance. This section

also applies to all contracts and all consultants.

Bidders must submit the attached Non-Discrimination Disclosure Form with their proposal.

B. Nuclear Free Berkeley Disclosure Form:

Berkeley Municipal Code section 12.90.070 prohibits the City from granting contracts to companies that

knowingly engage in work for nuclear weapons. This contract prohibition may be waived if the City Council

determines that no reasonable alternative exists to doing business with a company that engages in nuclear

weapons work. If your company engages in work for nuclear weapons, explain on the Disclosure Form the

nature of such work.

Bidders must submit the attached Nuclear Free Disclosure Form with their proposal.

C. Oppressive States:

The City of Berkeley prohibits granting of contracts to firms that knowingly provide personal services to

specified Countries. This contract prohibition may be waived if the City Council determines that no reasonable

alternative exists to doing business with a company that is covered by City Council Resolution Nos. 59,853-

N.S., 60,382-N.S., and 70,606-N.S. If your company or any subsidiary is covered, explain on the Disclosure

Form the nature of such work.

Bidders must submit the attached Oppressive States Disclosure Form with their proposal.

D. Sanctuary City Contracting Ordinance:

Chapter 13.105 of the Berkeley Municipal Code prohibits the City from granting and or retaining contracts with

any person or entity that provides Data Broker or Extreme Vetting services to the U.S. Immigration and

Customs Enforcement Division of the United States Department of Homeland Security (“ICE”).

Bidders must submit the attached Sanctuary City Compliance Statement with their proposal.

E. Conflict of Interest:

In the sole judgment of the City, any and all proposals are subject to disqualification on the basis of a conflict

of interest. The City may not contract with a vendor if the vendor or an employee, officer or director of the

proposer's firm, or any immediate family member of the preceding, has served as an elected official, employee,

board or commission member of the City who influences the making of the contract or has a direct or indirect

interest in the contract.

Furthermore, the City may not contract with any vendor whose income, investment, or real property interest

may be affected by the contract. The City, at its sole option, may disqualify any proposal on the basis of such a

conflict of interest.

Please identify any person associated with the firm that has a potential conflict of interest.

F. Berkeley Living Wage Ordinance:

Chapter 13.27 of the Berkeley Municipal Code requires that contractors offer all eligible employees with City

mandated minimum compensation during the term of any contract that may be awarded by the City. If the

Contractor is not currently subject to the Living Wage Ordinance, cumulative contracts with the City within a

one-year period may subject Contractor to the requirements under B.M.C. Chapter 13.27. A certification of

compliance with this ordinance will be required upon execution of a contract. The current Living Wage rate can

be found here: Information for Vendors | City of Berkeley (berkeleyca.gov). The Living Wage rate is adjusted

automatically effective June 30th of each year commensurate with the corresponding increase in the Consumer

Price Index published in April of each year. If the Living Wage rate is adjusted during the term of your

agreement, you must pay the new adjusted rate to all eligible employees, regardless of what the rate was when

the contract was executed.

G. Berkeley Equal Benefits Ordinance:

Chapter 13.29 of the Berkeley Municipal Code requires that contractors offer domestic partners the same access

to benefits that are available to spouses. A certification of compliance with this ordinance will be required upon

execution of a contract.

H. Statement of Economic Interest:

The City’s Conflict of Interest Code designates “consultants” as a category of persons who must complete

Form 700, Statement of Economic Interest, at the beginning of the contract period and again at the termination

of the contract. The selected contractor will be required to complete the Form 700 before work may begin.

VII. OTHER REQUIREMENTS

A. Insurance

The selected contractor will be required to maintain general liability insurance in the minimum amount of

$2,000,000, automobile liability insurance in the minimum amount of $1,000,000 and a professional liability

insurance policy in the amount of $2,000,000 to cover any claims arising out of the performance of the

This is the opportunity summary page. It provides an overview of this opportunity and a preview of the attached documentation.

PCI DSS AUDIT AND COMPLIANCE SERVICES

Attachment Preview

See also