Criminal History Record Check Modernization

Location:	Vermont
Posted:	May 15, 2026
Due:	May 25, 2026
Agency:	State of Vermont
Type of Government:	State & Local
Category:	48 - Valves
Publication URL:	To access bid details, please log in.

Attachment Preview

Department of Buildings and General Services

Office of Purchasing & Contracting

133 State Street, 5th Floor | Montpelier VT 05633-8000

802-828-2211 phone |802-828-2222 fax

http://bgs.vermont.gov/purchasing

Agency of Administration

SEALED BID

REQUEST FOR PROPOSAL

Criminal History Record Check Modernization

ISSUE DATE

QUESTIONS DUE

RFP RESPONSES DUE BY

April 20, 2026

May 4, 2026 – 4:30 PM (ET)

May 25, 2026 – 4:30 PM (ET)

PLEASE BE ADVISED THAT ALL NOTIFICATIONS, RELEASES, AND ADDENDUMS ASSOCIATED

WITH THIS RFP WILL BE POSTED AT:

http://www.bgs.state.vt.us/pca/bids/bids.php

THE STATE WILL MAKE NO ATTEMPT TO CONTACT INTERESTED PARTIES WITH UPDATED

INFORMATION. IT IS THE RESPONSIBILITY OF EACH BIDDER TO PERIODIIICALLY CHECK THE

ABOVE WEBPAGEFOR ANY AND ALL NOTIFICATIONS, RELEASES AND ADDENDUMS

ASSOCIATED WITH THIS RFP.

STATE CONTACT:

E-MAIL:

USE SUBJECT:

Kyle Emerson, State Purchasing Agent

sov.thepathforward@vermont.gov

CRIMINAL HISTORY RECORD CHECK MODERNIZATION

1. OVERVIEW:

1.1. SCOPE AND BACKGROUND: At present, criminal history record check processes are primarily manual

and decentralized without a singular, cohesive digital process — at times leveraging paper and physical

delivery of results. This contributes to extended timelines between the initial issuance of Fingerprint

Authorization Certificates (FAC) and final suitability determination. Proposed solution should eliminate

paper FAC for in-state applicants (including disclaimers and acceptance of terms), automate checks of

state criminal history database and national sex offender registry (when applicable), and provide secure

digital portal for agencies to retrieve results. Key constituencies in this process include the following:

individuals requiring fingerprint supported criminal history record checks (applicants), agencies taking and

submitting fingerprints (local law enforcement agencies), licensing and employment agencies (such as

schools, childcare facilities, or state licensing offices), and the Vermont Crime Information Center (VCIC).

1.2. CONTRACT PERIOD: Any Contract(s) arising from this RFP will be for the duration of implementation

with no more than an additional 60 months.. The State anticipates the start date for such contract(s) will

be July 1, 2026.

1.3. SINGLE POINT OF CONTACT: All communications concerning this RFP are to be addressed in writing

to the State Contact listed on the front page of this RFP. Actual or attempted contact with any other

individual from the State concerning this RFP is strictly prohibited and may result in disqualification.

1.4. BIDDERS’ CONFERENCE: A bidders’ conference will be not be held.

1.5. QUESTION AND ANSWER PERIOD: Any bidder requiring clarification of any section of this RFP or

wishing to comment on any requirement of the RFP must submit specific questions in writing no later than

the deadline for question indicated on the first page of this RFP. Questions may be e-mailed to the point

of contact on the front page of this RFP. Questions or comments not raised in writing on or before the last

day of the question period are thereafter waived. At the Bidders’ Conference, following the close of the

question period, all questions or comments will be addressed and the State's responses will be posted on

the State’s web site http://www.bgs.state.vt.us/pca/bids/bids.php . Every effort will be made to post this

information as soon as possible after the Bidders’ Conference, contingent on the number and complexity

of the questions. All information provided by vendors during this process will be public and bidders shall

not provide confidential information, except as described in 5 below.

1.6. CHANGES TO THIS RFP: Any modifications to this RFP will be made in writing by the State through the

issuance of an Addendum to this RFP and posted online at http://www.bgs.state.vt.us/pca/bids/bids.php .

Modifications from any other source are not to be considered.

2. BACKGROUND & OBJECTIVES:

2.1. EXSISTING BUSINESS ENVIRONMENT

The State’s business environment is comprised of the State and partner agencies included in Table 1, with

the stakeholder entities further detailed below.

Entity

Agency of Digital Services (ADS)

Department of Public Safety (DPS)

Department for Children & Families

Vermont Crime Information Center (VCIC)

External Child Care Agencies

External Educational Agencies

Revised March 11, 2025

Page 2 of 33

External Licensing or Employing Agencies

Table 1

Vermont Crime Information Center (VCIC) – As the State of Vermont’s CJIS Security Agency (CSA),

VCIC's mission is to provide accurate, complete, and timely criminal history record information to Vermont

criminal justice agencies and any other non-criminal justice agency that has an authorized right to the

information for licensing, employment, or related suitability determination.

• VCIC facilitates access to many types of records, including criminal histories, sex offender data,

mugshots, fingerprints, and motor vehicle records. These records are maintained both at the primary

DPS site in Waterbury, VT, as well as being hosted at other locations, either by vendors or other State

of Vermont agencies (such as Vermont Department of Motor Vehicle data). VCIC also provides –

through the message switch system – access to federal and other states’ criminal and vehicle records.

• The primary information systems utilized as part of the fingerprint supported criminal history record

check process includes the following: Automated Fingerprint Identification System (AFIS provided by

IDEMIA), Computerized Criminal History database (CCH provided by CPI), National Crime Information

Center (NCIC accessed via CPI Open Fox terminal) and Microsoft Access (for production of paper

result documents).

2.2. EXISTING TECHNICAL ENVIRONMENT

At present, criminal history record check processes are primarily manual and decentralized without a

singular, cohesive digital process — at times leveraging paper and physical delivery of results.

This contributes to extended timelines between the initial issuance of Fingerprint Authorization Certificates

(FAC) and final suitability determination.

The following technical elements currently exist within the manual workflow (see Exhibit A), though each is

subject to modernization efforts in flight.

• Automated Fingerprint Identification System (AFIS)

• National Sex Offender Registry (NSOR)

• Vermont Computerized Criminal History Database (CCH)

• FBI Interstate Identification Index (III)

• Microsoft Access Database

The State has multiple domains, of which DPS is one. The State’s DPS domain is a central hub through

which Public Safety staff and partner agencies access the State and Federal resources above.

Mechanisms for access to the domain include firewalls, hardware and software VPNs, Azure Virtual

Desktop (AVD) and the internet.

The Agency of Digital Services is executing a Network Modernization project to upgrade network

infrastructure across approximately 320 sites with the primary goal of implementing a Software-Defined

Wide Area Network (SD-WAN) solution. Work to implement the upgrades at the DPS headquarters, the

primary hub of the DPS domain, is anticipated to occur in mid to late 2026.

2.3. OBJECTIVES

The State envisions that a technology-supported solution will support the following high-level goals:

• Streamlined Processing: Reduce processing time for criminal history record checks and optimize digital

workflows to align with best practices among other Northeastern states.

Revised March 11, 2025

Page 3 of 33

• Enhanced Flexibility: Update and maintain a system that is easily integrated within existing State

infrastructure and is adaptable, scalable, and responsive to evolving operational and regulatory needs.

• Eliminated Redundancy: Consolidate processes and remove unnecessary re-entry of data to optimize

efficiency and staff utilization across agencies.

• Ensured Compliance: Strengthen safeguards to maintain federal and state funding eligibility with regards

to personnel security, data security, and meet statutory obligations.

• Accelerated Onboarding: Support faster, more reliable onboarding for applicants and employers to

prevent service gaps in critical areas (such as childcare, healthcare, education, or network support). Also

ensure adequate coverage where staffing requirements exists (such as childcare facilities) to avoid delay or

reduction of services.

• Mitigated Risks: Reinforce security and vetting procedures to bolster public safety, workplace integrity,

information technology compliance (including SOV and FBI CJIS Security Policy), and program-specific

compliance.

3. APPROACH & DETAILED REQUIREMENTS

Through this solicitation, the State desires to procure and implement a scalable, modernized and fiscally

sustainable Solution that meets all functional and non-functional requirements

3.1. REQUIREMENTS

The State’s Business Requirements and Non-Functional Requirements for each Scope are provided in the

attached State of Vermont Bidder Response Form (Exhibit B & C).

Data Compliance: Solutions must adhere to applicable State and Federal standards, policies, and laws. The

Bidder Response Form includes a table of data types and their applicable State and Federal standards, policies,

and laws. The boxes in the table that are checked are the ones that are applicable to this procurement.

Insurance Coverage: In addition to the insurance required in Attachment C to this Contract, before commencing

work on this Contract and throughout the term of this Contract, Contractor agrees to procure and maintain:

Professional Liability coverage for services performed under this contract, with minimum coverage of $5,000,000

per claim, $5,000,000 aggregate.

Technology Professional Liability coverage for services performed under this contract, with minimum coverage

of $5,000,000 per claim, $5,000,000 aggregate.

Cyber Liability coverage for services performed under this contract, with minimum coverage of $5,000,000 per

claim, $5,000,000 aggregate.

Before commencing work on this Contract, Contractor must provide certificates of insurance to show that the

foregoing minimum coverages are in effect.

PROJECT MANAGEMENT

The scope of work as detailed below describes the services, deliverables and key assumptions. Contractor will

develop an overall project schedule that details the tasks, timelines, and deliverables for the fully integrated

solution.

4.1. CONTRACTOR PROJECT MANAGEMENT AND SUPPORT

4.1.1 CONTRACTOR’S PROJECT MANAGER

Contractor will designate an individual to serve as the “Contractor’s Project Manager” who will: (i) be a senior

Revised March 11, 2025

Page 4 of 33

employee within Contractor’s organization, with the information, authority and resources available to properly

discharge the responsibilities required hereunder; (ii) serve as primary point of contact and the single-point of

accountability and responsibility for all Contract-related questions and issues and the provision of Services by

Contractor; (iii) have day-to-day responsibility for, and authority to manage, State customer satisfaction; (iv) devote

full time and dedicated efforts to managing and coordinating the Services; and (v) be located at State Facilities or

such other appropriate location as Contractor and the State may mutually agree.

Contractor’s Project Manager must be responsible for all tasks necessary to manage, oversee, and ensure success

of the project. These tasks include documenting requirements, developing and updating project plans, assigning

staff, scheduling meetings, developing and publishing status reports, addressing project issues, risks, and change

orders, and preparing presentations for the State.

Contractor’s Project Manager shall be responsible for ensuring that the Project Management Requirements are

met in accordance with the Requirements outlined in the Scope of Services section. To meet the requirements, the

Contractor’s Project Manager must support the State of Vermont by reviewing and signing existing Management

Plans as a form of acknowledging engagement expectations and the ability to comply. Adjustments may

be submitted for the State’s consideration. The following project management documentation is expected to

be complied with:

1. Communication Management Plan. The Communication Management Plan must identify project

stakeholders, define their communication needs, and ensure that all planned communications are tracked

and executed. The Plan must also define communication storage procedures and include a Communication

Effectiveness Evaluation to ensure continued efficacy of stakeholder communications. This Plan must also

include an escalation management procedure.

2. Deliverables Management Plan. The Deliverables Management Plan describes the process by which

contracted deliverables, documents and solutions, will be delivered, reviewed, adjusted (if necessary) and

accepted by the State (see Deliverable Expectations Document & Deliverable Acceptance Document artifacts

below).

3. Scope Management Plan. The Scope Management Plan describes scope stability and project lifecycle

expectations, roles and responsibility regarding management and adherence to approved scope, and the

process should a change need to be reviewed.

4. Schedule Management Plan. The Schedule Management Plan describes the approach used to effectively

plan and manage the Project Schedule.

5. Risk Management Plan. The Risk Management Plan describes the approach used to effectively manage

risks during the project as aligned with State Enterprise Project Management Office best practices.

6. Change Management Plan. The Change Management Plan describes the process for managing project

changes and modifications. The Change Management Plan will document the change communication

process and the stakeholders who must receive the communication.

7. Business Analysis Plan. The Business Analysis Plan is a formal document that outlines how project

requirements will be identified, documented, analyzed, prioritized, tracked, and managed throughout the

project lifecycle. It serves as a guide to ensure that all stakeholder needs and expectations are addressed

systematically and that the project delivers its intended outcomes.

8. Deliverable Matrix. A deliverable matrix is a structured tool used in project management to list and organize

all project deliverables along with their key attributes. It typically includes details such as the deliverable

name, description, owner, due date, dependencies, status, and approval requirements. The matrix provides a

single, centralized view that clarifies responsibilities, tracks progress and ensures alignment on what must be

completed to meet project objectives.

The following project management documents are expected to be authored and delivered to the State for review

and consideration of approval following the Deliverables Management Plan. Documents marked with an asterisk

(*) shall be exempt from the standard deliverable management plan. However, these documents will require

coordination with and final approval from the State Project Manager prior to acceptance.

1. Project Kick-Off Deck*. The Project Kick-Off deck serves as the guide for the first meeting with the complete

project team. Topics to cover include: Project Objectives, Project Scope, High-level Project Timeline &

Milestones, and Project Organization Chart.

Revised March 11, 2025

Page 5 of 33

This is the opportunity summary page. It provides an overview of this opportunity and a preview of the attached documentation.

TITLE	QUESTIONS DUE	ANSWERS POSTED	DUE DATE	NO POSTING AFTER
Criminal History Record Check Modernization Bidder Response Form Exhibit A-C	05/04/2026 04:30PM	Q&A - Criminal History Record Check Modernization. (05/15/2026)	05/25/2026 04:30PM