(getting caught up on lower priority mails)
I have what may be an attempt to cause maximum harm to small infosec consulting companies.
Normally I dislike RFPs, but this is a whole new level.
1/?
8
2
2
4
Got an RFP from a very large corp. There's some amazing bits here.
The good. Company altering project. Like your company will explode if you win. *if*
The bad... I've never seen something like this...
2/?
1
3
"we will be having a multi-round bidding process, the 1st round will require us to have 25 companies no larger than..."
"due to the size of this contract we will be conducting a rigourus vetting process. For this first round we anticipate 5 interviews of about 1 hour each"
3/?
1
3
"Be aware that failure to complete the intent to bid forms will disqualify you"
The kicker: they are 63 pages long!
4/?
1
3
These questions are next level NO GO.
"you will disclose your accounting records for the last 3 years"
"You will allow us to interview any of your clients and will furnish contact info for them so we can meet without your intervention"
5/?
2
3
intrusive questions continued:
"you will provide the HR records including reviews for any current or former employees, contractors, or persons otherwise engaged by your company"
"you will provide a list of potential future projects you may be engaged in should you win"
6/?
1
3
The best bit though? The part that makes me think this is some elaborate troll? The bit at the end...
"we realize this is an enormous undertaking and want to assure you that you can do this if you allocate about 10 hours per week until the response deadline."
7/?
1
3
that deadline is 2.5 months way.... which ends with the ultimate FU...
"Unfortunately, because we need to solicit so many qualified companies we will be unable to compensate you in any way, nor give preferential selection for future work to non-winning bids"
8/?
1
4
At least they made it easy to no bid
May 2, 2021 路 1:32 AM UTC
1
3
