Secure File Transfer - DRC260113-OSC

Location: Ohio
Posted: Feb 3, 2026
Due: Feb 25, 2026
Agency: State Government of Ohio
Type of Government: State & Local
Category:
  • 99 - Miscellaneous
Solicitation No: SRC0000036592
Publication URL: To access bid details, please log in.
Solicitation ID: SRC0000036592
Solicitation Name: Secure File Transfer - DRC260113-OSC
Original Begin Date: 2/3/2026 12:00:00 PM
Begin Date: 2/3/2026 12:00:00 PM
End Date: 2/25/2026 10:00:00 AM
Inquiry End Date: 2/18/2026 5:00:00 PM
Commodity: Cloud-based data access and sharing software
MBE Set Aside: MBE Set Aside
Agency: DRC-Dept of Rehab & Corrections
Solicitation Status: Open for Bidding
Solicitation Type: Request For Proposal (RFP) (Double Envelope)

Solicitation General Information
In an MBE set-aside solicitation, only those bidders/suppliers with an active MBE certification at the time the solicitation closes can submit a response
Solicitation ID
SRC0000036592
Solicitation Name
Secure File Transfer - DRC260113-OSC
RFx Type
Request For Proposal (RFP) (Double Envelope)
Lot #
1
Solicitation Status
Open for Bidding
Round #
1
MBE Set Aside
Begin Date
2/3/2026 12:00:00 PM (ET)
Amendment?
End Date
2/25/2026 10:00:00 AM (ET)
Inquiry End Date
2/18/2026 5:00:00 PM
Summary

ODRC goal is to centralize File Drop Service that enables internal and external users to efficiently upload, transfer, and access files while ensuring compliance with organizational security, data protection, and operational requirements. The vendor is specifically required to incorporate and implement a secure, user-friendly platform that allows internal staff and external partners to upload and exchange files safely.

Predecessor Contract
Process

Offerors will need to review the attached RFP documents, follow the instructions provided in the document, and submit all of the required documentation via OhioBuys.

All bids and inquiries must come through OhioBuys. The solicitation adheres to the dates provided in OhioBuys, shall any changes in the dates be necessary, such information will be posted in OhioBuys as well.

OHIOBUYS TRAINING MATERIALS

OhioBuys training materials can be located at this site https://procure.ohio.gov/bidders-and-suppliers/resources/03_Using+OhioBuys
To participate or submit an inquiry for this RFx, you need to be registered in the OhioBuys Supplier Portal. Suppliers are not required at this time to be registered in OAKS. If you have a need to seek technical support, clearly specify you need access to an active Ohio Buys solicitation.
Technical Support 1-877-644-6771
If there is a need for technical support during your proposal submission in the last 48 hours prior to the submissions, contact 614-466-5090.  This number is for OhioBuys solicitation technical questions only; there will not be any questions answered regarding the solicitation.

Note:
Chrome is the preferred browser for OhioBuys.
Only have a single window open that is logged into OhioBuys, having multiple windows opened to a single user can create an error when trying to submit your proposal.

Ship To
Contracting Entity
DRC-Dept of Rehab & Corrections
1 Record(s)
0 Record(s)
Solicitation Documents
Keywords
Search Reset
Title Type Att. Validity End Date Validity End Date
OhioBuys Fact Sheet for Bidders/Suppliers Public Solicitation Documents (Approved)
Secure File Transfer RFP Public Solicitation Documents (Approved)
Supplement A State IT Policy Standard and Service Requirements Public Solicitation Documents (Approved)
Agency Release for Competitive Solicitation RTP Data Security Terms Public Solicitation Documents (Approved)
A and D, EO 2019 and EO 2022 Public Solicitation Documents (Approved)
5 Record(s)

Attachment Preview

REQUEST FOR PROPOSAL
Sourcing Project:
SRC0000036592-DRC260113
The Ohio Department of Rehabilitation and Correction is
requesting proposals for:
ODRC Secure File Transfer
* All Dates Must Follow OhioBuys Dates*
Page | 1
EXECUTIVE SUMMARY
BACKGROUND. ODRC was established under House Bill 494. Its responsibilities are
defined in ORC 5120. ODRC is the largest agency in the State of Ohio with operations
throughout the State and is the fifth largest prison system in the nation, consisting of twenty-
five (25) state-administered adult correctional institutions and three (3) privately-operated
institutions. The current ODRC population is approximately 45,100. The institutions vary in
level of security and include corrections reception centers, correctional camps, and pre-
release centers. The mission of ODRC is to reduce recidivism among those we touch. The
values of the agency are aligned to support the mission of the agency. The values of the
agency are as follows: (1) Take care of our staff; they will transform our offenders (2) One
team-one purpose (3) Civility towards all and (4) Hope is job one.
SUMMARY STATEMENT.
This RFP invites proposals from highly qualified vendors to partner with the ODRC in a
modernization effort. The vendor is specifically required to incorporate and implement a
secure, user-friendly platform that allows internal staff and external partners to upload and
exchange files safely.
This solution will streamline file submission processes, provide centralized management,
enhance security through encryption and audit logging, and improve compliance with
organization data handling policies.
DRC identifies the following rationale for the project:
1. DRC’s mission has expanded, including staff reliance on technology for
workflows, documenting, and record retention.
2. The current database infrastructure is critically antiquated – End of life cycle.
3. Current DRC assets cannot sustain future growth.
4. The ability to modify current assets is critical to DRC’s sustainability and
appropriate use of public funding.
OBJECTIVES.
ODRC’s vision is to reduce crime in Ohio. ODRC’s mission is to reduce recidivism among
those they touch. In alignment with ODRC’s Vision and Mission, the goal of providing.
The selected vendor's solution must build upon this foundation and maintain the core
functionalities currently in use by agency staff, including but not limited to:
Functional Requirements
1. A modernized and sustainable File Drop Service that allows internal and
external users to upload, transfer, and retrieve files in a controlled and
compliant manner.
2. Ability for external users to upload files without needing an organizational
account.
Page | 2
3. Configurable file size limits
4. Secure link generation for uploading and downloading
5. Notifications to designated staff upon file submission
6. On-prem access
7. Ability to set expiration dates for links and files
8. Scan to upload
Security Requirements
1. Encrypted file transfer (TLS 1.2 or higher)
2. Encrypted storage at rest
3. Role-based access control (RBAC)
4. Multi-Factor Authentication to retrieve file (approved by Department of
Administrative Service)
5. HIPAA Complaint
6. SOC2 and FedRAM Standards
7. Cyber Insurance
Administrative Requirements
1. Centralized management console
2. User provisioning and access management
3. Support and maintenance options
4. Logging export capability
Other Specifications and Enhancements
1. Zero-Knowledge Encryption: Vendor cannot access file contents
2. Drag-and-drop Upload Interface for ease of use
3. Progress bars and time Estimates for large uploads
4. Multi-File/Folder Uploads in a single submission
Project Approach
This project will begin by confirming requirements with key stakeholders to ensure the File
Drop Service meets security and operational needs. Vendors will be evaluated based on
functionality, compliance, and cost before selecting the best-fit solution. Once selected, the
service will be configured, tested for performance and security, and adjusted as needed.
1. Assessment and Planning Phase (Initial Iteration)
The primary goal of this phase is to de-risk the project and establish a solid
foundation for development.
2. Objective: To implement a secure, user-friendly File Drop Service that
streamlines external file submissions while meeting all organizational security
and compliance requirements.
Page | 3
Proof of Concept
The Agency reserves the right to request a Proof of Concept (POC) from selected number
of Offerors whose proposals most closely align with the Agency's needs. Offerors may or
may not be invited to participate in the POC.
In the event an Offeror is invited to participate, they must agree that all work, activities,
materials, labor, and resources associated with the POC will be provided at no cost to the
ODRC.
ODRC will NOT issue any payments, reimbursements, or compensation of any kind related
to the POC.
Participation and successful completion of the POC, when requested, is considered a
mandatory requirement. Failure to participate in or complete the POC as instructed will
result in disqualification from further consideration.
The POC will be conducted after the solicitation has closed, Offerors who submit a bid can
be considered for a POC. The results of this process will be used to assess the Offeror's
capabilities, validate solution performance, and determine the Offeror's ability to meet the
requirements of this RFP.
The POC period will begin after the close of the Solicitation and upon written notice from
the Agency to the Offeror(s) selected to participate. Offerors should ensure adequate
resources and availability to complete all POC activities within this timeframe.
The primary goal of the PoC is to validate the vendor's proposed methodology and platform
against the DRC’s most critical requirements: to provide a secure, reliable and easy-to-use
File Drop Service that enables safe file submission and exchange while protecting sensitive
data and supporting organizational workflows.
1. PoC Objectives
1. Validate Security Controls: Confirm the service properly enforces encryption, access
controls, and audit logging in alignment with organizational security requirements.
2. Verify Core Functionality: Ensure the service reliably supports external file uploads,
large files transfers, notifications, and file management workflows.
3. Assess Usability and Performance: Evaluate ease of use for both internal and
external users, upload/download performance, and overall system stability under
normal operating conditions.
Page | 4
2. PoC Duration and Scope
Element
Specification
Rationale
Duration
10 Business Days
(After Implementation)
Adherence to the strict RFP timeline.
PoC
Cloud-hosted or remote
access sandbox provided by
the vendor.
To minimize DRC
evaluation phase.
IT
burden
during
the
Test Case
1: Secure External
File Upload
Verify external users can
securely upload files without
interval accounts.
Tests the vendor can accept files from non-
authenticated users while maintaining
encryption, notification and auditability
required to protect organizational data
Test Case
2: Access Control
and Link Expiration
Ensure file access is properly
restricted and time-bound
Tests the vendor’s service that access
controls are enforced consistently and that
expired links cannot be misused.
Test Case
3: Audit Logging
and Visibility
Confirm audit logs capture all
file activity
Tests the vendor’s service ensures all files
activity is tracked, reviewable and
exportable to support oversight and
investigations
Test Case
4:Usability
Performance
and
Validate ease of use
acceptable performance
Test the vendor’s service evaluates whether
and
the service performs efficiently and is
intuitive for both internal staff and external
users, minimizing support burden and
adopting risk.
3. PoC Evaluation Matrix & Vendor Assessment
The following matrix assigns weight to each key requirement and provides specific criteria
for measuring success, with considerations tailored to each vendor's unique proposal.
Criterion
Security
Weight
High (30%)
Functionality High (30%)
Usability
Performance
& Medium (25%)
Administration Medium (15%)
Key Success Metric
Evaluation Scale (1-5)
Encryption,
access
controls, audit logging, 1 (Poor) to 5 (Excellent)
MFA.
External uploads, file size
support, notifications,
expiration
1 (Slow/Inaccurate)
(Seamless Execution)
to
5
Ease of use for internal
and external users; 1 (Fails Steps) to 5 (Seamless
Upload and download Execution)
reliability and speed
Management console,
reporting, configuration
1 (No Demo) to 5 (Ease of use)
Page | 5
This is the opportunity summary page. It provides an overview of this opportunity and a preview of the attached documentation.
Daily notification on new contract opportunities

With GovernmentContracts, you can:

  • Find more opportunities and win more business
  • Receive daily alerts for all new bid opportunities
  • Get contract opportunities matched to your business
ONE WEEK FREE TRIAL

See also

ZA DOOR PROJECT DRC260162 MAD...

...associated Wonderware software integrations to resotre reliable operation, improve security.... OHIOBUYS TRAINING MATERIALS ...

State Government of Ohio

Bid Due: 6/10/2026

Easterly Fire Alarm System Re...

...Works workstation will be provided in the Easterly WWTP security building for graphical ...

Northeast Ohio Regional Sewer District

Bid Due: 7/07/2026

Air Force Research Laboratory...

...the Annual Commander's Challenge. The contractor shall provide personnel with the necessary training..., ...

DEPT OF DEFENSE

Bid Due: 6/15/2026

* Disclaimer: Information regarding bids, requests for proposals (RFPs), or requests for qualifications (RFQs) is provided on this website only for convenience and does not constitute official public notice. Persons wishing to respond to or inquire about bids, RFPs, or RFQs should contact the appropriate government department.
© 2000-2026 GovernmentContracts. All rights reserved.