State Benefits Portal Modernization
# State Benefits Portal Modernization - Request for Proposal RFP Reference: DSS-2024-0041 Issuing Agency: Department of Social Services Project Title: State Benefits Portal Modernization Release Date: Apr 27, 2026 Response Deadline: May 14, 2026 Anticipated Award Type: Single award Anticipated Contract Structure: Fixed fee Fixed Fee Amount: $4,800,000 --- ## Page 1 - Cover and Procurement Notice The Department of Social Services is soliciting proposals from qualified vendors for modernization of the State Benefits Portal. The portal supports benefit eligibility review, household record updates, payment status inquiries, citizen account access, notices, document upload workflows, case-worker task queues, and administrative reporting. The Department intends to select one vendor to plan, configure, integrate, test, and launch a modernized portal experience. The selected solution will need to operate alongside existing agency systems during transition and must preserve continuity of benefit services. The Department is issuing this Request for Proposal to obtain a complete implementation approach, technical approach, pricing proposal, staffing plan, security response, and production readiness plan. Vendors must submit all required documents by the response deadline. Responses must be submitted electronically by May 14, 2026. Late responses may be rejected without review. Vendors are responsible for ensuring that all required documents are included in the submission package. The RFP package includes: - State Benefits Portal Modernization - Request for Proposal. - Pricing and SLA Exhibit. - Implementation Exhibit. - Security Questionnaire. The Department may request clarification after initial review. The Department is not required to request clarification for incomplete submissions. All questions must be submitted through the procurement portal. The Department will publish answers to material questions through the portal. Vendors should not rely on verbal statements or informal communications as modifications to the RFP. --- ## Page 2 - Background and Current Environment The current benefits portal was introduced more than a decade ago and has accumulated accessibility, reliability, usability, and supportability gaps. Case workers report duplicate entry between the portal and the legacy eligibility mainframe. Citizens report difficulty completing household updates, uploading documents, accessing notices, and viewing payment status without help-desk support. The Department’s benefits environment includes multiple systems and operational processes. The current environment includes: - A citizen-facing web portal. - A legacy eligibility mainframe. - A payment status service. - A document repository. - A case-worker queue. - A reporting database. - Administrative tools. - Support processes for account access and case status inquiries. The Department wants a modernized portal that reduces operational friction while preserving continuity of benefit services. The modernization effort must avoid disruption during active enrollment, eligibility review, household update, notice, and payment cycles. The modernized portal must support Department operations as well as citizen self-service. The Department is seeking a vendor that can coordinate technical implementation, workflow modernization, integration, security readiness, testing, training, launch support, and stabilization. The Department expects vendors to understand that the portal is part of a broader benefits administration environment. The selected vendor must coordinate with agency technology staff, business subject-matter experts, case-worker representatives, security reviewers, privacy reviewers, production readiness decision makers, and existing managed-service providers where applicable. --- ## Page 3 - Program Objectives The modernization program has four primary objectives: 1. Improve citizen self-service for eligibility, notices, payment status, account access, document upload, and household changes. 2. Reduce case-worker manual review queues by improving workflow routing, status visibility, and administrative reporting. 3. Integrate with existing eligibility and payment systems during transition. 4. Provide auditable security, privacy, access-control, and operational evidence before production launch. Vendors should explain how the proposed approach supports both citizen experience and agency operations. The Department expects the modernization effort to improve: - Citizen account access. - Household change reporting. - Document upload usability. - Payment status visibility. - Notice access. - Case-worker queue visibility. - Workflow routing. - Administrative reporting. - Operational supportability. - Accessibility. - Security review readiness. - Auditability. - Production stability. The Department does not seek a cosmetic redesign only. The proposed solution must address operational workflows, integration dependencies, data handling, security controls, staff usability, citizen usability, production readiness, and measurable implementation outcomes. Vendors should describe how the proposed approach will reduce duplicate entry, improve workflow status visibility, support staff review queues, and maintain continuity of benefit operations. --- ## Page 4 - Scope of Work The selected vendor will provide project planning, portal configuration, integration support, test planning, training materials, production launch support, and post-launch stabilization. The Department expects a single accountable delivery team with a named delivery lead. The vendor must coordinate implementation activities, track risks, identify blockers, maintain a schedule, provide weekly status reports, support Department review, and escalate issues that may affect scope, schedule, security readiness, production readiness, or launch. The scope includes, but is not limited to: - Citizen intake forms. - Identity and account workflows. - Account recovery workflows. - Benefit status display. - Payment status display. - Household change reporting. - Notice access. - Document upload. - Case-worker review queues. - Staff workflow visibility. - Administrative reporting. - Audit logging support. - Integration with eligibility systems. - Integration with payment status systems. - Coordination with document repository processes. - Training materials. - Launch support. - Stabilization support. The selected vendor must provide an implementation approach that addresses configuration, integration, testing, training, launch, and stabilization. The vendor must also support security readiness activities and complete the required Security Questionnaire. The Department may require remediation before accepting a milestone if the portal does not satisfy the agreed scope, if required documentation is incomplete, if required testing is incomplete, if security documentation is incomplete, or if production readiness conditions have not been met. --- ## Page 5 - Submission Requirements Each proposal must include all required components. Incomplete submissions may be rejected without further review. Required proposal components include: 1. Executive summary. 2. Technical approach. 3. Implementation schedule. 4. Cost proposal. 5. Completed Security Questionnaire. 6. Compliance checklist. 7. Staffing plan. 8. Three public-sector references. 9. Assumptions and exceptions, if any. 10. Proposed milestone billing schedule. 11. SLA assumptions and exceptions, if any. 12. Implementation dependency list. 13. Data handling and privacy assumptions. 14. Subcontractor list, if applicable. The executive summary should describe the vendor’s understanding of the project, proposed solution, public-sector experience, implementation approach, and ability to meet the Department’s production readiness objectives. The technical approach should describe the proposed portal solution, citizen workflows, case-worker workflows, administrative functions, integration approach, data handling, accessibility approach, security approach, audit logging, reporting, and support model. The implementation schedule must be production-oriented. A pilot-only schedule does not satisfy the Department’s requirement. The selected vendor must complete production go-live within 12 weeks of contract award. The cost proposal must follow the Pricing and SLA Exhibit. The Department requires a fixed-fee cost proposal. Vendors must identify the total fixed fee, milestone billing schedule, staffing assumptions, pricing assumptions, optional costs, exclusions, SLA credit assumptions, and any exceptions. The completed Security Questionnaire must address data handling, privacy documents, data residency, access controls, administrator access, audit logging, incident response, secure development, third-party services, and security exceptions. The staffing plan must identify the delivery lead, technical lead, security contact, escalation owner, implementation analysts, senior engineers, QA lead, and any other key staff. --- ## Page 6 - Technical Environment and Integration The current environment includes a citizen web portal, an eligibility mainframe, a payment status service, a document repository, a case-worker queue, and a reporting database. Vendors should assume that interfaces may require coordination with agency technology staff and existing managed-service providers. The Department will provide available integration documentation after award. Vendors should describe assumptions about discovery, access, data mapping, test credentials, interface documentation, integration windows, agency-side dependencies, and managed-service-provider support. The portal must integrate with the agency’s legacy mainframe eligibility and payment systems. Mainframe integration must be complete before production go-live. The proposed implementation must account for the following technical considerations: - Legacy eligibility system coordination. - Payment status service coordination. - Document repository coordination. - Case-worker queue coordination. - Reporting database coordination. - Data mapping. - Error handling. - Test data. - Integration credentials. - Security controls for integration. - Monitoring and logging. - Production readiness validation. The Department expects integration risk to be identified early in the implementation. Vendors should describe how integration readiness will be confirmed, how technical blockers will be escalated, and how unresolved dependencies will be tracked. Vendors should not assume that all legacy documentation is complete, current, or immediately sufficient for implementation. The proposed approach should describe how the vendor will manage documentation gaps, interface questions, test environment limitations, data mapping issues, and production launch constraints. --- ## Page 7 - Data Types, Security, and Privacy The portal processes citizen eligibility records, household composition, notices, payment status information, uploaded documents, account recovery information, case-worker notes, administrative records, and audit logs. Some records may contain sensitive household, income, identity, eligibility, or payment information. The vendor must protect citizen eligibility, payment, and household records throughout the modernization effort and during production operation. Vendors must complete the Security Questionnaire included with this RFP package. The questionnaire requests information about: - Access controls. - Administrator access. - Case-worker role mapping. - Citizen account access. - Audit logging. - Incident response. - Data retention. - Data residency. - Encryption. - Secure development practices. - Third-party service providers. - Integration credentials. - Support access. - Security exceptions. Data will be processed in accordance with applicable regulations. Vendors must identify privacy documents, retention assumptions, data processing terms, subcontractor terms, and data residency terms required before implementation or production use. The RFP package does not include a signed data processing agreement. Vendors should identify any dependency on a data processing agreement, privacy addendum, residency term, retention schedule, subcontractor list, or support-access limitation. The proposed solution must log administrator actions, citizen account access events, case-worker updates, integration failures, security events, material configuration changes, and production support access. Logs must be available for Department review during incident response and audit activities. The Department may require additional security clarification, documentation, or remediation before final security approval or production readiness signoff. --- ## Page 8 - Implementation Schedule and Acceptance Criteria The Department expects the selected vendor to begin project kickoff within five business days of award. The implementation schedule must be production-oriented and must identify agency dependencies, staffing assumptions, environment access, test data requirements, integration readiness activities, decision checkpoints, and production launch conditions. The selected vendor shall complete production go-live within 12 weeks of contract award. Pilot-only launches do not satisfy this milestone. The implementation schedule must include: - Project kickoff. - Discovery and requirements confirmation. - Design confirmation. - Integration readiness. - Configuration and implementation. - Functional testing. - Integration testing. - Accessibility review. - Security readiness review. - User acceptance testing. - Training material preparation. - Production readiness review. - Production launch. - Stabilization. Acceptance criteria include successful completion of functional testing, integration testing, accessibility review, security questionnaire review, production readiness signoff, and completion of training materials. The Department may require remediation before accepting a milestone if the portal does not satisfy agreed scope, if representative citizen workflows fail, if representative case-worker workflows fail, if required security documentation is incomplete, if accessibility review identifies unresolved issues, or if production readiness evidence is insufficient. Representative citizen workflows may include account access, eligibility status review, payment status inquiry, notice access, household change submission, document upload, and account recovery. Representative case-worker workflows may include review queues, task assignment, status updates, case updates, document review, exception handling, and administrative reporting. --- ## Page 9 - Pricing, Payment, and Service Levels Vendors must submit a fixed-fee cost proposal. The modernization program will be contracted as a fixed fee of $4,800,000 inclusive of all deliverables, integrations, transition activities, training materials, launch support, and post-launch stabilization. The cost proposal must follow the Pricing and SLA Exhibit. Vendors must include all ordinary and customary activities necessary to complete the modernization effort. Milestone billing will be accepted after agency approval of each delivery phase. Payment will not be released for a milestone until the Department confirms that required deliverables have been received and accepted. The Department anticipates milestone billing across: - Project kickoff and discovery confirmation. - Design approval. - Integration readiness. - User acceptance testing readiness. - Production readiness. - Production launch. - Post-launch stabilization completion. Service credits of up to 15% of monthly fees shall apply in the event of a service level breach as defined in the final SLA schedule. Credits will be applied to the following invoice period unless the final contract provides a different crediting method. Vendors should identify pricing assumptions related to integration complexity, agency access, legacy mainframe documentation, test credentials, data mapping support, security review timing, unresolved implementation dependencies, production launch windows, or managed-service-provider support. The Department may reject proposals that omit required cost information, materially condition the fixed fee without explanation, omit SLA credit assumptions, or fail to provide a reviewable milestone billing schedule. --- ## Page 10 - Contract Terms, Indemnification, Insurance, and Audit Rights The selected Contractor shall enter into a standard State services agreement. The final agreement will include terms concerning scope, payment, acceptance, confidentiality, data handling, security obligations, audit rights, insurance, indemnification, service levels, and termination. Payment shall be made on a fixed fee of $4,800,000 inclusive of all deliverables, integrations, transition activities, training materials, launch support, and post-launch stabilization. Contractor shall indemnify, defend, and hold harmless the State, its officers, agents, and employees from and against any and all claims, damages, losses, costs, and expenses, including attorney’s fees, without monetary limitation. The RFP does not state a separate monetary liability cap for vendor obligations. Vendors may identify exceptions or requested modifications in the proposal. The Department is not required to accept exceptions. Contractor must carry $5,000,000 in professional liability insurance and provide a certificate of coverage before contract execution. The selected vendor must also maintain commercially reasonable cyber liability coverage, workers compensation coverage, and general liability coverage during the contract term. The State may audit vendor records related to contract performance, invoicing, security obligations, service level performance, and compliance with contractual requirements. Audit rights may continue for seven years after contract expiration unless otherwise limited by the final services agreement. Vendors should identify any requested limits on audit scope, document-retention obligations, liability, insurance, indemnification, or service level remedies in the assumptions and exceptions section of the proposal. The Department may determine that certain exceptions are material. Material exceptions may affect evaluation or award. --- ## Page 11 - Evaluation Criteria The Department will evaluate proposals based on the best interests of the State. The Department may consider technical quality, implementation feasibility, public-sector experience, security posture, cost reasonableness, staffing plan, integration approach, production readiness plan, and ability to meet the required schedule. Evaluation criteria may include: - Technical approach. - Understanding of Department operations. - Citizen workflow support. - Case-worker workflow support. - Integration feasibility. - Mainframe integration approach. - Security posture. - Privacy and data handling approach. - Audit logging and operational evidence. - Implementation schedule. - Staffing plan. - Public-sector references. - Cost reasonableness. - Fixed-fee completeness. - SLA assumptions. - Contract exceptions. - Production readiness approach. - Training and stabilization approach. The Department may request clarification, conduct vendor demonstrations, request additional documentation, or seek confirmation of assumptions. The Department is not required to request clarification for missing required materials. The Department may reject proposals that are incomplete, nonresponsive, materially conditional, inconsistent with the RFP, not in the best interest of the State, or submitted after the deadline. The Department reserves the right to waive minor irregularities if doing so is in the best interest of the State and does not materially prejudice other vendors. --- ## Page 12 - Submission Instructions and Procurement Communications Responses must be submitted electronically through the procurement portal by May 14, 2026. Vendors should include all required documents in one submission package and label all attachments clearly. The proposal package should include: - Executive summary. - Technical approach. - Implementation schedule. - Cost proposal. - Completed Security Questionnaire. - Compliance checklist. - Staffing plan. - Three public-sector references. - Assumptions and exceptions. - Subcontractor list, if applicable. - Supporting documentation, if applicable. Questions must be submitted through the procurement portal by the question deadline stated in the portal. The Department will publish answers to material questions for all participating vendors. Vendors should not contact Department staff directly regarding this RFP unless the procurement instructions expressly allow such contact. All assumptions and exceptions must be clearly labeled. Exceptions should identify the affected requirement, proposed alternate language or approach, and the reason for the exception. Vendors are responsible for monitoring the procurement portal for amendments, responses to questions, schedule changes, and additional instructions. The Department may amend the RFP by written notice through the procurement portal. By submitting a proposal, the vendor represents that it has reviewed the RFP package, understands the submission requirements, and is prepared to perform the work described in the proposal subject to any clearly stated assumptions or exceptions. Department of Social Services Procurement Office RFP DSS-2024-0041 State Benefits Portal Modernization