PMO Software

PMO Software Addendum # 1 Addendum # 2 Page 2 of 12 REQUEST FOR QUOTES (RFQ) Best Value Analysis (BVA) PMO Software Project PERS-RFQ # 26001 OregonBuys # S-45900-00015966 Issue Date: February 6, 2026 Issuing Office: Public Employees Retirement System (PERS) RFQ Contact Information (Authorized Representative): Ryan Ellis, Procurement & Contracts Specialist Address: 11410 SW 68th Parkway Tigard, OR 97223 Phone: (503) 603-7505 E-mail: ryan.ellis@pers.oregon.gov Offer Due Date and Time: Tuesday, March 3, 2026, 4:00PM PST. Service Category: Cloud Service Providers Issued to: Agreement / Participating Addendum #

• A&T Systems #8352
• Carahsoft #9412
• CDWG #9414
• Lumen (CenturyLink) #8355
• SHI International #9404
• Smartronix #8354
• Strategic Comm. #9413

Page 2 of 16 Introduction Microsoft has announced the retirement of Project Online effective September 30, 2026, due to its legacy architecture. The PERS project management office (PMO) currently uses Project Online and MS Project Desktop Client for project tracking, resource management, and dashboard reporting. PERS conducted market research and identified the following potential vendors, however responses are not limited to this list, if other products meet the requirements of this RFQ. PERS has explored the solutions available from: Cyber Comm – PowerPak, Monday.com, OnePlan, Planisware, Planview PPM Pro, Project Insight, Sensei IQ, and Smartsheet. There are approximately: 12 project managers, 250 time tracking project team resources, 20 active projects with schedules, and 7 PowerBI portfolio reports. Project schedules may be anywhere from a few hundred to a few thousand lines each. Several projects are part of a program and need a ‘master schedule’ feature to maintain the deadlines across projects. Portfolio reporting covers projects, pipeline efforts, as well as resource management. Project intake is currently handled in a separate workstream, but there may be future opportunities to combine the PPM platform with an intake feature. An agency project has been initiated to find and implement the replacement software to Project Online. A new project and portfolio management (PPM) solution must be identified, implemented, and adopted before the retirement date to avoid data loss and operational disruption. Project Goals and Objectives

• Ensure a seamless transition to a new modern PPM platform
• Preserve and migrate all critical PERS projects and resource data
• Minimize disruption to ongoing projects and users
• Improve usability, scalability, and reporting capabilities
• Train staff effectively and complete full transition to new PPM platform before MS

Project Online end date of 9/30/2026. High-Level Steps

• Assess current state
• Document defined agreed upon requirements
• Evaluate and select new PPM platform
• Plan migration strategy
• Configure and customize new platform
• Develop and document training materials
• Conduct pilot testing
• Train system users
• Execute full migration

Page 3 of 16 Agency Background Information PERS MISSION: PERS serves the people of Oregon by administering public employee benefit trusts to pay the right person the right benefit at the right time. PERS was established in 1946 to provide retirement, disability, and death benefits to Oregon’s state, school district, and local government employees. The Agency’s 400 employees serve approximately 228,000 non-retired members, 156,500 retired members or beneficiaries, and 900 public employers. PERS is governed by a five-member board. PERS also administers a deferred compensation plan, known as the Oregon Savings Growth Plan (OSGP), a tax qualified 457 plan. Scope of Work Vendor Responsibilities

• Point of contact for vendor support and engagement
• Provide schedule / timeline for consulting, implementation, and testing
• Provide training for master scheduling with sub-project task management tracking
• Provide training for time tracking capabilities by task, dates, and durations of tasks
• Review requirements and provide recommendations for right-sized PPM solution
• Configure the selected PPM solution to meet PERS requirements
• Set up user roles, workflows, templates, resource management, and report dashboards
• Migrate relevant project, resource, and portfolio data
• Validate data integrity post-migration
• Participate in testing of new solution and address defects and retest as needed
• Provide role appropriate training and training materials
• Provide post-deployment support for a defined period of time
• Provide knowledge transition and documentation
• Recommend future improvement opportunities

The proposed solution must meet the PMO Software requirements shown in Attachment # 4. Contract Timelines PERS’s goal is to start utilizing this new PMO Software as soon as May 1, 2026 or earlier. Training Requirements Awardee is to provide training for PERS staff for their provided solution.

• How many trainers will be allotted to PERS staff
• How many PERS staff will be trained in initial onboarding
• How much estimated training time will be needed on startup

Page 4 of 16 Transition Services At PERS’s option, the awarded vendor will perform any requested transition services which may include analysis, data migration, configuration, implementation services, consulting services, and returning data to PERS in a suitable format via electronic submission. If PERS elects to include transition services, such transition services will be included via amendment. PERS shall have full access and possession of all created materials, data, and records that pertain to this project. Insurance Requirements Prior to execution of the Contract, the apparent successful Offeror shall secure and demonstrate to Agency proof of insurance coverage meeting the requirements identified in the solicitation or as otherwise negotiated. Failure to demonstrate coverage may result in Agency terminating Negotiations and commencing Negotiations with the next highest-ranking Offeror. Vendor shall obtain at Vendor’s expense the required types of insurance specified in Attachment # 7 listed in this RFQ. Term of Service PERS anticipates the award of one Contract from this solicitation. The initial term of the Contract is anticipated to be for a one (1) year term with optional annual renewals up to (3) three years. PERS reserves the right to amend additional years of service. End of Scope of Work Page 5 of 16 Questions and Requests All questions and requests for clarification of this RFQ must be submitted in writing by email to the above listed Authorized Representative, and must be received no later than February 24, 2026, at 4pm PST. When appropriate, as determined by the Authorized Representative in its sole discretion, revisions, substitutions, or clarification of this RFQ will be sent electronically. RFQ Response Submittal Responses must be received on or before the Offer Due Date and Time. All submissions must be emailed only to the Authorized Representative listed above. PERS may extend the Offer Due Date when it is in the best interest of the agency. The agency reserves the right to reject all offers and/or to cancel this RFQ if it is in the best interest of the agency. Submission Checklist ➢ Include the completed Pricing Sheet (Attachment # 1). ➢ Include the completed Security Certification (Attachment # 3). ➢ Include the completed Certified Office Inclusion & Diversity Form (Attachment # 6, if applicable). ➢ Include the End User License Agreement ➢ Include any Cloud Service Agreements ➢ Include any Maintenance and Support Agreement ➢ Please note: PERS reserves the right to ask for references Submitted Responses Subject to Disclosure as Public Records If Offeror believes any of its Offer is exempt from disclosure under Oregon Public Records Law (ORS 192.311 through 192.478), Offeror shall submit a fully redacted version of its Offer, clearly identified as the redacted version. If an Offeror includes information and data with its submitted Quote that Offeror regards as proprietary, privileged, or otherwise confidential; Offeror must identify such information in a separate document submitted with its Quote and provide a redacted submission along with the original submission. Otherwise, State will assume that Offeror consents to public disclosure of the original submission. Page 6 of 16 Security Requirements and GovRAMP Eligibility The successful Proposer‘s Solution must meet all hosting and security requirements which include:

• Compliance with Oregon’s Statewide Information Security

Plan(https://www.oregon.gov/eis/cyber-security-services/Pages/guidance-for-state-agencies.aspx) and Oregon’s Statewide Information Technology Control Standards(https://www.oregon.gov/eis/cyber-security-services/Pages/guidance-for-state-agencies.aspx), or found online at: Enterprise Information Services : Guidance for State Agencies : Cyber Security Services : State of Oregon.

• Security controls that meet or exceed National Institute of Standards and Technology (NIST)

Special Publication 800 -53 (revision 5 or more recent version) [“Moderate” / “High”] controls. This is equivalent to GovRAMP Impact Level ([Moderate/High]).

• In lieu of submitting a completed Statewide Security Standards Spreadsheet Attachment # 3,

Proposer may provide one of the following to demonstrate compliance with Oregon’s Statewide Information Technology (IT) Control Standards.

• Proof of current GovRAMP Authorized status (Authorized ) in the form of a GovRAMP

Letter, or RFQ Evaluation & Criteria RFQ submissions will be reviewed to determine if all requirements have been met. Those meeting the requirements will be evaluated to determine the “Best Value” for the agency. “Best Value” is based solely on the evaluators’ determination of what best meets the needs of the agency, price, and other factors such as: experience, expertise, availability, and resource capacity will be considered. The Best Value Analysis is planned to evaluate all proposed products that meet the business and technical requirements. We will use the following criteria in the decision process:

• Approach, Methodology & Schedule
• Consultant Experience
• Personnel Qualifications & Experience
• Adoption & Training
• Cost
• Solution Demonstration
• Meets solution requirements

Page 7 of 16 Award The offeror with the most advantageous submission will be awarded a contract. PERS will negotiate contract terms, conditions, Statement of Work, and other agreements such as licensing, maintenance, and support with the successful offeror. The awarded vendor will need to register in the PERS portal for goods and services, OregonBuys. This portal is used for procurement and vendor payment as well. PERS asks that you review the link below to register: https://oregonbuys.gov/bso/view/login/login.xhtml Protested Award An Affected Offeror will have 7 calendar days from the date of the Intent to Award notice to file a Written protest. An Offeror is an Affected Offeror only if the Offeror would be eligible for Contract award in the event the protest was successful and is protesting for one or more of the following reasons as specified in ORS 279B.410:

• All higher ranked Offers are non-Responsive.
• PERS has failed to conduct an evaluation of Offers in accordance with the criteria or

process described in the RFQ.

• PERS abused its discretion in rejecting the protestor’s Offer as non-Responsive.
• PERS’ evaluation of Offer or determination of award otherwise violates the terms of the

Participating Addenda. Protests must:

• Be delivered to the RFQ contact via email or hard copy
• Reference the RFQ number
• Identify Offeror’s name and contact information
• Be signed by an Authorized Representative
• Specify the grounds for the protest
• Be received within 7 calendar days of the Intent to Award notice

Response to Protest. PERS will address all protests submitted in a reasonable time and will issue a Written decision to the respective Offeror. Protests that do not include the required information prescribed in this Section may not be considered by PERS. Certification Office for Business Inclusion & Diversity (COBID) Participation Pursuant to Oregon Revised Statute (ORS) Chapter 200, and as a matter of commitment, Agency encourages the participation of minority, women, and emerging small business enterprises in all contracting opportunities. Agency also encourages joint ventures or subcontracting with minority, women, and emerging small business enterprises. If the contract resulting from this RFQ provides subcontracting opportunities, the successful Proposer may be required to submit a completed COBID Outreach Plan prior to execution. Page 8 of 16 ------------------------------------------------------------------------------------------------------------------------------ RFQ Attachments that follow, begin on the next page. By such reference, the following seven (7) attachments and their respective content are incorporated into this RFQ. ➢ Attachment # 1, Pricing Sheet ➢ Attachment # 2, Security Frameworks and Controls ➢ Attachment # 3, Security Certification ➢ Attachment # 4, PMO Software Requirements ➢ Attachment # 5, Information Security Policies ➢ Attachment # 6, Certified Office Inclusion & Diversity Form (if applicable) ➢ Attachment # 7, Insurance Requirements Page 9 of 16 Attachment # 1 PERS-RFQ # 26001 RFQ Pricing Sheet The offeror agrees to provide the services described in the statement of work for this RFQ, for the following sums: PMO Software Cost Annual Cost Per User $ Migration Services $ Start-up Training $ Annual Support $ RFQ Submittal prepared by:__________________________________________ Title: ____________________________________________________________ Address: _________________________________________________________ Phone #: _________________________________________________________ Email Address: ____________________________________________________ Authorized Signature:_______________________________________________ Page 10 of 16 Attachment # 2 PERS-RFQ # 26001 Security Frameworks and Controls The proposed solution shall adhere to the security control requirements noted below:

• Identity access management (IAM) functionality: Single sign-on (SSO)

o Proposed solution shall support SSO integration using Microsoft Entra ID or alternative as specified by the agency. o Proposed solution shall provide support for MFA for agency staff.

• Application / system logging

o Proposed solution shall support integration of system and application logs into the agency’s SIEM platform for event monitoring.

• Breach notification and Incident Response

o The provider shall report any incident resulting in the loss or potential loss of agency information to the agency’s Information Security and Risk Officer within 24hrs of said event.

• Attestations of Security Posture

o The provider shall respond to agency risk assessments or provide copies of their SOC2 reports when requested from the agency. Page 11 of 16 Attachment # 3 PERS-RFQ # 26001 Security Certification As applicable, Offer must contain a statement demonstrating Offeror's agreement that if awarded a Contract: a. Offeror and Offeror's staff with access to State systems, facilities, data, and confidential information will submit to all security checks requested by DAS or Agency, which may include any combination of fingerprinting, Oregon Law Enforcement Data Systems (“LEDS”) and Federal Bureau of Investigation Criminal Justice Information Services (“FBI CJIS”) background checks; and b. Upon request, Offeror and Offeror’s staff will sign a non-disclosure agreement for any/all data or information received or processed on its equipment from the State of Oregon; and c. Offeror will protect at all times State of Oregon sensitive material; and d. Offeror will meet or exceed the State of Oregon’s security standards as set forth in the following: a. Privileged Access Monitoring and Reporting viewable at: https://www.oregon.gov/das/Policies/107-004-140.pdf b. Statewide Information Security Program Plan viewable at: c. https://www.oregon.gov/eis/cyber-security-services/Documents/eis-css-statewide- information-security-program-plan.pdf e. Statewide Cloud and Hosted Systems policy: https://www.oregon.gov/das/policies/107-004-150.pdf f. Oregon’s Statewide Information Security Standards, found online at: https://www.oregon.gov/eis/cyber-security-services/Pages/guidance-for-state- agencies.aspx including security controls that meet or exceed “Moderate” security controls in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53. g. Oregon Statewide Information Technology Policies: www.oregon.gov/das/Pages/policies.aspx#IT. h. The Oregon Consumer Information Protection Act (OCIPA), ORS 646A.600 through 646A.628, to the extent applicable. For purposes of OCIPA, Proposer is a vendor. As the vendor awarded, I certify that my company shall comply with all applicable PERS security requirements and policies as stated above and included in the Attachments: Authorized Person: _________________________________________________ Authorized Signature: _______________________________________________ Page 12 of 16 Attachment # 4 PERS-RFQ # 26001 PMO Software Requirements BUSINESS REQUIREMENTS

• Develop and manage project schedules with tasks, resource assignments,

predecessors, etc.

• Schedule tasks should contain effort estimates of work and duration
• Ability to track multiple sub-project schedules and their tasks within a master

program schedule

• Enterprise resource pool management
• Resource capacity planning and forecasting
• Resource utilization and time tracking
• Custom fields, forms, and templates
• Customizable dashboards or works with Microsoft Power BI to provide visual

insights into project and resource data such as traffic light indicators and prioritization percentages TECHNICAL REQUIREMENTS

• Single Sign-On (SSO)
• Role-based permissions
• Scalable architecture to support increasing number of projects, users, and

features

• Tool selection must align with Oregon State and PERS Agency IT policies and

procurement processes

• Prefer cloud-based solution

OPTIONAL FEATURES

• Schedule baseline tracking
• Project intake request workflow
• Integrations with M365, MS Teams, Power BI, JIRA, MS Planner
• AI-powered help assistant
• Version control

Page 13 of 16 Attachment # 5 PERS-RFQ # 26001 Security Section for Professional Services Procurement INFORMATION SECURITY POLICIES PERS Information Security Policies 1.10.01.01.005.POL.p df 1.10.01.01.003.POL .pdf 1.10.01.01.002.POL .pdf 1.10.01.01.001.PRO .pdf 1.10.01.01.000.POL.p df 3.01.06.01.001.POL .pdf 3.01.05.01.001.POL .pdf 3.00.06.02.003.POL .pdf 3.00.06.01.001.POL .pdf 1.10.01.01.009.POL .pdf 1.10.01.01.008.POL .pdf 1.10.01.01.019.POL. pdf 1.10.01.01.014.POL. pdf 1.10.01.01.015.POL. pdf 1.10.01.01.023.STD. pdf 1.10.01.01.023.POL. pdf 1.10.01.01.002.STD. pdf 1.10.01.01.003.STD. pdf 1.10.01.01.005.STD. pdf 1.10.01.01.015.STD. pdf 1.10.01.01.008.STD. pdf 1.10.01.01.019.STD. pdf Enterprise Information Services (EIS) – Cyber Security Services (CSS) https://www.oregon.gov/eis/cyber-security-services/pages/default.aspx Statewide Information Security Standards https://www.oregon.gov/eis/cyber-security-services/pages/default.aspx Page 14 of 16 Attachment # 6 PERS-RFQ # 26001 Certified Office Inclusion & Diversity Form SUBMIT THIS FORM WITH YOUR RESPONSE Contractor Information Company Legal Name: Federal Tax ID#: Address: Contact Person: Email: Phone: Fax: By signing this Cover Page, Contractor agrees to comply with all requirements, specifications and terms and conditions included with this Request for Quote (including all Attachments and Addenda, if any) and all specifications, warranties, etc. included in its submitted response. Contractor certifies, under penalty of perjury, that they are not in violation of any tax laws described in ORS 305.385(6) and (7). Authorized Signature: Printed Name: Title: Date: Complete if Applicable: CERTIFIED BUSINESS FIRM PARTICIPATION (ORS 200.005 to 200.075; ORS 200.160 to 200.200; ORS 279A.105) NOTE: This section is for information purposes only and shall not be considered in the evaluation of the bid or award of a contract. Type of Certification Certification Number Certified in Oregon? Disadvantaged Business Enterprise (DBE) Minority Business Enterprise (MBE) Women Business Enterprise (WBE) Emerging Small Business (ESB) Page 15 of 16 Attachment # 7 PERS-RFQ # 26001 INSURANCE REQUIREMENTS The vendor, prior to performing under this Contract, shall maintain insurance in full force and at its own expense throughout the duration of this Contract, as required by any extended reporting period or tail coverage requirements, and all warranty periods that apply. Vendor shall obtain the following insurance from insurance companies or entities that are authorized to transact the business of insurance and issue coverage in the State of Oregon and that are acceptable to Agency. Coverage shall be primary and non-contributory with any other insurance and self- insurance, with the exception of Professional Liability and Workers’ Compensation. Vendor shall pay for all deductibles, self-insured retention, and self-insurance, if any. Commercial General Liability Contractor shall obtain, at contractor’s expense, and keep in effect during the term of this contract, commercial general liability insurance covering bodily injury and property damage in a form and with coverages that are satisfactory to the state. This insurance shall include personal and advertising injury liability, products and completed operations and contractual liability coverage for the indemnity provided under this contract. Coverage shall be written on an occurrence basis in an amount to not be less than $1,000,000 per occurrence. Annual aggregate limit shall not be less than $2,000,000. Professional Liability Contractor shall obtain, at Contractor’s expense, and keep in effect during the term of this Contract, Professional Liability Insurance covering any damages caused by an error, omission or any negligent acts related to the services to be provided under this contract by the Contractor and Contractor’s subcontractors, agents, officers, and employees in an amount of not less than $1,000,000 per occurrence, incident, or claim. Annual aggregate limit shall not be less than $2,000,000. If coverage is on a claims made basis, then either an extended reporting period of not less than 24 months shall be included in the Professional Liability insurance coverage, or the Contractor shall maintain either tail coverage or continuous claims made liability coverage, provided the effective date of the continuous claims made coverage is on or before the effective date of this Contract, for a minimum of 24 months following the later of (i) Contractor’s completion and Agency’s acceptance of all Services required under this Contract, or, (ii) Agency or Contractor termination of contract, or, iii) The expiration of all warranty periods provided under this Contract. Network Security and Privacy Liability Contractor shall provide Network Security and Privacy Liability Insurance for the duration of this Contract and for the period of time in which Contractor (or its business associates or subcontractor(s)) maintains, possesses, stores, or has access to Agency or client data, whichever is longer, with a combined single limit of not less than $1,000,000 per claim or incident. This insurance must include coverage for third party claims and for losses, thefts, unauthorized disclosures, access or use of Agency or client data (which may include, but is not limited to, Page 16 of 16 Personally Identifiable Information (“PII”), Payment Card Data and Protected Health Information (“PHI”)) in any format, including coverage for accidental loss, theft, unauthorized disclosure access or use of Agency data. Additional Insured All liability insurance, except for Workers’ Compensation, Professional Liability, and Network Security and Privacy Liability, required under this Contract must include an additional insured. Certificate(s) and Proof of Insurance Vendor shall provide to Agency Certificate(s) of Insurance for all required insurance before delivering any Goods and performing any Services required under this Contract. The Certificate(s) shall list the State of Oregon, its officers, employees, and agents as a Certificate holder and as an endorsed Additional Insured. The Certificate(s) shall also include all required endorsements or copies of the applicable policy language affecting coverage required by this Contract. If excess/umbrella insurance is used to meet the minimum insurance requirement, the Certificate of Insurance must include a list of all policies that fall under the excess/umbrella insurance. As proof of insurance Agency has the right to request copies of insurance policies and endorsements relating to the insurance requirements in this Contract. Notice of Change or Cancellation The Vendor or its insurer must provide at least 30 days’ written notice to Agency before cancellation of, material change to, potential exhaustion of aggregate limits of, or non-renewal of the required insurance coverage(s). Insurance Requirement Review Vendor agrees to periodic review of insurance requirements by Agency under this Contract and to provide updated requirements as mutually agreed upon by Vendor and Agency. State Acceptance All insurance providers are subject to Agency acceptance. If requested by Agency, Vendor shall provide complete copies of insurance policies, endorsements, self-insurance documents and related insurance documents to Agency’s representatives responsible for verification of the insurance coverages required.