RFP/RFQ

REQUEST FOR PROPOSALS

PROJECT: IT Services Provider

Entity: Port of Newport, Newport, Oregon

Site Meeting: March 18, 2026 at 11:00 a.m. PST at 600 SE Bay Blvd, Newport, OR 97365

Proposal Due Date: April 7, 2026 at 11:00 a.m. PST

Project: Managed Services Provider

The Port of Newport (“Port”) is soliciting proposals from qualified and experienced vendors to provide Managed IT Services (MSP) to support the Port’s operational, administrative, and technology needs.

This Request for Proposals (RFP) seeks products and/or services that may include, but are not limited to, project management, transition management, and implementation services, including migration from the Port’s current IT service provider. Services also include Set up of new users, removal of users no longer working for the Port, routine and on‑call IT support, network and systems management, deployment and configuration of new devices , cybersecurity support, and technical assistance for Port staff.

Proposals will be evaluated based on the vendor’s qualifications, relevant experience, demonstrated performance on comparable projects, technical expertise, knowledge of best practices, and to the responsiveness to the RFP requirements. These qualifications will be a primary consideration in the selection process.

The Port intends to award a contract to the proposer whose proposal is determined to be most advantageous to the Port, taking into consideration quality of service, capability, experience, and overall value. Cost will be considered but will not be the sole determining factor.

The Port reserves the right, at its sole discretion, to reject any or all proposals, to waive informalities or minor irregularities, to request clarification or additional information, and to accept the proposal that best serves the interests of the Port, in accordance with applicable public contracting requirements.

1. Technical Environment Specifications

Port currently has no in-house IT staff and has a managed service provider. Port is interested in both fully managed services and blended IT options. Preliminary proposals and bids can include either or both options.

Servers – NONE

Environment – –the Port is a Microsoft Shop: Software used:

Cloud Services – Microsoft
VOIP Services – Microsoft

Microsoft Dynamics365, (Security Groups set up in Entra)

Microsoft Outlook

Uses Mail Server

Routers & Cameras :

1 South Beach

1 Administrative Offices

2 Camera Servers Administrative Offices

1 Camera server South Beach

Operating Systems – Windows

Network Switch - Unify 24

Internet Provider: Astound for Main office

Astound for South Beach

Spectrum for International Terminal

Microwave signal from Main office to Commercial Operations

2 Conference Rooms and the Executive Director’s office fully Teams enabled

Copiers – 1 Kyocera linked into Network in Administrative office

1 Kyocera linked into Network in South Beach

Each Kyocera has scan capability

A 125 page document showing all connected devices and software is available.

2. Business Requirements

The Port does not employ dedicated information technology (IT) staff. Therefore, the selected Proposer will function as an extension of the Port’s organization while remaining an independent contractor. The Proposer will be expected to respond to staff inquiries, offer expert guidance, and address technical issues in a manner comparable to a help‑desk function within a larger organization.

The Port utilizes a full suite of Microsoft products, including but not limited to Microsoft VOIP, Microsoft Cloud services, Microsoft Dynamics 365, Outlook, Word, and Excel.

The following list provides a non‑exhaustive sample of the types of support the Port anticipates requiring. It is intended to illustrate, not limit, the scope of services that may be requested.

3. Managed Information Technology Services

Managed Support Services (End User & Service Desk)

The Proposer shall deliver fully managed IT support services consistent with industry standards for managed service providers (MSPs), serving as the Port’s primary IT services resource while maintaining independent-contractor status.

Services shall include, but are not limited to, the following:

Service Desk & User Support

Provide centralized service desk support for all Port staff, including both remote and on‑site assistance as needed.
Deliver coverage during established business hours, with emergency response capabilities as defined in the Service Level Agreement (SLA).
Utilize standardized ticketing, escalation, and resolution workflows aligned with ITIL best practices.
Respond to and resolve incidents, service requests, and technical inquiries within agreed‑upon response and resolution times.
The Port historically requires less than an estimated 5 hours per month of support activity.

Technical Support & Issue Resolution

Diagnose and resolve hardware, software, and system-related issues.
Perform root-cause analysis for recurring incidents and implement corrective actions.
Coordinate with third‑party vendors, manufacturers, and software providers as needed to expedite resolution.
Maintain accurate documentation of incidents, resolutions, configurations, assets, and system changes.

User & Asset Management

Provision, modify, and decommission user accounts in accordance with Port procedures.
Install, configure, and support end‑user devices, peripherals, and applications.
Track and manage IT assets throughout their entire lifecycle.
Repair or replace equipment in alignment with warranty requirements and lifecycle management policies.

Strategic Technology Planning

Collaborate with Port leadership to develop and maintain a technology roadmap that supports organizational goals.
Provide guidance on emerging technologies, risks, and opportunities relevant to Port operations.
Maintain current Microsoft certifications appropriate to the services provided.

Network, Infrastructure, and Systems Management

The Proposer shall proactively manage the Port’s network, systems, and IT infrastructure, including:

Monitoring & Maintenance

Continuously monitor servers, networks, and critical systems for performance, availability, and capacity.
Proactively identify and resolve issues to minimize service disruptions.
Perform routine and preventative maintenance for all infrastructure components.

Configuration & Security

Install and configure hardware and software in alignment with industry best practices and vendor standards.
Apply regular patches, updates, and security fixes.
Harden configurations to reduce vulnerabilities and security risks.
Implement and maintain security controls to protect data and systems from unauthorized access, breaches, and cyber threats.
Conduct periodic vulnerability scanning and penetration testing.

Change & Lifecycle Management

Manage installations, moves, additions, and changes (IMAC).
Configure and maintain servers, switches, routers, and related network equipment.
Recommend and implement improvements to enhance security, performance, and reliability.
Maintain up‑to‑date system documentation and configuration records.
Oversee software licensing, warranty tracking, renewals, and compliance management.

Backup & Disaster Recovery

Implement and manage full, incremental, and off‑site backup solutions.
Maintain documented disaster recovery and business continuity plans.
Provide training to designated Port staff on disaster recovery processes.

Cloud Services and Cloud Infrastructure Management

The Proposer shall provide oversight and management of cloud systems, including:

Evaluation and recommendation of cloud service providers upon request.
Monitoring, administration, and security management of cloud‑based infrastructure and services.
Integration of Software‑as‑a‑Service (SaaS) platforms with on‑premises and cloud systems.
Support for identity and access management, cloud backups, and cloud security controls.

Software Management and Implementation

The Proposer shall support software lifecycle and implementation activities, including:

Ongoing management of software licensing, updates, and compatibility.
New user account setup and configuration of required applications.
Termination and decommissioning of user accounts and associated services.

Email and Collaboration Services

The Proposer shall manage email and communication systems, including:

Implementation and administration of spam filtering and email security solutions.
Hosting or oversight of email services directly or through a qualified third‑party provider.
Ongoing management of the Port’s email environment.
Support for email availability, security, retention, and data protection.

Cybersecurity

The Proposer shall implement and maintain comprehensive cybersecurity practices that protect the Port’s information systems, assets, and data from internal and external threats. Cybersecurity services shall be consistent with industry best practices, applicable regulatory requirements, and recognized frameworks such as NIST, CIS, or ISO 27001.

Services shall include, but are not limited to, the following:

Security Monitoring & Threat Detection

· Monitor systems, networks, and endpoints for potential security threats, anomalies, or suspicious activity.

· Maintain and manage security information and event monitoring (SIEM) tools or equivalent services.

· Provide timely notification to the Port of security incidents, breaches, or high‑risk vulnerabilities.

Endpoint & Network Protection

· Implement and manage antivirus, anti‑malware, and endpoint detection and response (EDR) tools on all Port‑managed devices.

· Maintain firewall configurations, intrusion detection/prevention systems (IDS/IPS), and related security appliances.

· Apply security rules, policies, and access controls to protect against unauthorized network access.

Identity & Access Security

· Manage identity and access controls across all systems, including Microsoft 365.

· Enforce security best practices such as:

· Multi‑factor authentication (MFA)

· Role‑based access controls (RBAC)

· Least‑privilege access principles

· Review user access rights on a periodic basis and make adjustments as needed.

· Security Patching & Vulnerability Management

· Apply regular security patches and critical updates to systems, servers, applications, and devices.

· Conduct scheduled vulnerability scans to identify security weaknesses.

· Prioritize and remediate identified vulnerabilities within agreed timelines.

· Provide the Port with periodic vulnerability reports and risk assessments.

Cybersecurity Policies & Compliance

· Assist the Port in developing, maintaining, and updating cybersecurity policies and procedures.

· Ensure practices align with relevant laws, regulations, and industry standards.

· Provide recommendations to improve security posture and reduce risk exposure.

Incident Response & Recovery

· Maintain an incident response plan addressing detection, containment, eradication, recovery, and post‑incident review.

· Lead or support incident response activities when security events occur.

· Provide after‑action reporting that includes findings, impact, and recommendations for preventing recurrence.

Security Awareness & Training

· Assist in conducting phishing simulation campaigns, if requested.

Data Protection & Security Controls

· Ensure encryption of sensitive data in transit and at rest where technically feasible.

· Support secure configuration of cloud and on‑premises storage systems.

· Implement safeguards that protect data integrity, confidentiality, and availability.

2026 Managed Service Provider RFP.docx PON-Port of Newport-THIS_MONTH-2026-03-05 235634.pdf Screenshot 2026-03-05 155937.png Screenshot 2026-03-05 155804.png Screenshot 2026-03-05 155911.png Screenshot 2026-03-05 155815.png Screenshot 2026-03-05 155746.png 2026-03-19 Responses to RFP Questions.docx july-aug 2024 invoice.pdf

___________________________________________________________________________________________________________________

REQUEST FOR PROPOSALS

PROJECT: Municipal Audit Services

Entity: Port of Newport, Newport, Oregon
Proposal Due Date: March 15, 2026, by 4:00 p.m. (PST)
Project: Financial Statements Audit

Proposals for this project will be accepted via hand delivery, U.S. Mail, fax, or PDF submission by email.

I. INTRODUCTION

The Port of Newport (“Port”) invites qualified public accounting firms to submit proposals to provide independent financial audit services for the Port for an initial five‑year period, beginning with the FY 2025–26 financial statements, with two optional five‑year extensions.

This Request for Proposals (RFP) outlines the Port’s background, the scope of services requested, proposal submission requirements, and the evaluation process.

II. BACKGROUND

The Port of Newport is an Oregon municipal corporation, originally formed on May 26, 1910, and reauthorized under ORS Chapter 777 in 1926. The Port is governed by an elected Board of Commissioners, with day‑to‑day operations managed by the Executive Director.

The Port’s mission is to:

Build and maintain waterfront facilities and promote and support projects and programs in cooperation with community organizations and businesses to retain existing jobs, create new employment opportunities, and advance community economic development.

The Port operates as an enterprise similar to a commercial entity organized for profit. Its Enterprise Funds account for operations that are financed and operated in a manner comparable to private-sector business enterprises, with costs recovered primarily through user fees and service charges. The Port receives about 1% ($130,000) of it’s operating revenue from taxes.

III. SCOPE OF SERVICES

Proposals should address the following services:

Annual Financial Audit
Conduct an annual financial audit for the fiscal year ending June 30, 2026, in accordance with all applicable professional standards and regulatory requirements.
Single Audit

When the Federal threshold for a single audit has been exceeded, provide a single audit.

Reporting and Filing Requirements
- Complete the audit in time to meet the December 31 filing deadline.
- File required reports with the Oregon Secretary of State, Audits Division.
- Provide final Journal entries and Trial balance to Port.
- Optional:
  1. Prepare consolidated financial statements.
  2. The Port is open and is prepared to perform to preaudit work to reduce the amount of workload during the actual audit.
Port Responsibility
- The Port will provide the grouping of financial accounts for the consolidated financial statements.
- All audit work shall be coordinated through the Director of Finance.
Governance and Communication
- Each year communicate the staff members names that will be involved in audit and their role.
- Each year provide the Port with an audit calendar which includes timelines. This ensures that the auditors will receive the required documentation in a timely manner.
- Present the finalized audit report at a Port Commission Meeting.
Multi‑Year Commitment
Include proposed fees for audits covering the following periods:
- Fiscal year ended June 30, 2026
- We anticipate a 5-year commitment from both parties.

IV. KEY PERSONNEL AND CONTACT INFORMATION

The following individuals serve as primary contacts for this RFP:

Mr. Mark A. Brown
Director of Finance

mbrown@portofnewport.com

Phone: (541) 406-0370

Mr. Mark Harris
Staff Accountant

Requests for additional information, site visits, review of prior financial statements, or meetings with Port management must be coordinated through the Director of Finance. Completed proposals should be addressed to his attention at the address provided in this solicitation.

V. PRIOR AUDIT SERVICES

The Port’s financial audits for the past 5 fiscal years were performed by Kern Thompson of Portland, Oregon, primary contact: Eric Zehntbauer eric@kern-thompson.com.

Proposing firms may contact the prior auditors during the proposal preparation process.

VI. PROPOSAL CONTENT REQUIREMENTS

Proposals must include the following information:

A summary of the firm’s experience providing audit services to public entities and organizations, two to three sentences should suffice.
Identification of the partner, manager, and in‑charge accountant proposed for this engagement, including biographies, home office locations, and disclosure of any disciplinary actions by regulatory authorities, along with corrective actions taken.
A description of the firm’s audit approach, including staffing, use of affiliates (if any), areas of audit emphasis, and communication protocols with management and the Board.
A fee proposal that includes the current billing rate for each of associate, manager or Partner that will work on the audit.
- Fiscal year 2025–2026
- Provide a methodology for calculating future year billing rates.

The Port understands this price is an estimate only, and the price may increase or decrease depending on the hours spent performing the audit.

An explanation of how the firm bills for technical consultation or questions that arise outside the annual audit.
A narrative explaining what differentiates the firm from other respondents and why it represents the best value for the Port.

VII. EVALUATION OF PROPOSALS

Proposals will be evaluated on a qualitative basis, including but not limited to:

Professional qualifications and relevant experience
The firm’s approach to the audit.
The methodology for calculating future years billing rates.
Completeness, clarity, and timeliness of the proposal submission.

VIII. ADDITIONAL INFORMATION

A copy of the Port’s audited financial statements can found at : https://www.portofnewport.com/fiscal-year-budgets-audits, or on the Secretary of State website.

_______________________________________________________________________

REQUEST FOR QUOTATION

PROJECT: PORT OF NEWPORT 9 ACRE LOT GRADING

LOCATION: 1610 Yaquina Bay Road Newport, OR 97365

MANDATORY SITE VISIT: Documented site meeting on February 10, 2026 at 10:00 am.

BID DUE: March 2, 2026 3:00 p.m.

Amendment No. 7 Final Determination.docx