PMO Software

PMO Software

Addendum # 1

Addendum # 2

Page 2 of 12


REQUEST FOR QUOTES (RFQ)
Best Value Analysis (BVA)
PMO Software Project
PERS-RFQ # 26001
OregonBuys # S-45900-00015966

Issue Date: February 6, 2026

Issuing Office: Public Employees Retirement System (PERS)

RFQ Contact
Information
(Authorized Representative): Ryan Ellis, Procurement & Contracts Specialist
Address: 11410 SW 68th Parkway
Tigard, OR 97223
Phone: (503) 603-7505
E-mail: ryan.ellis@pers.oregon.gov
Offer Due Date and Time: Tuesday, March 3, 2026, 4:00PM PST.

Service Category: Cloud Service Providers

Issued to: Agreement / Participating Addendum #
• A&T Systems #8352
• Carahsoft #9412
• CDWG #9414
• Lumen (CenturyLink) #8355
• SHI International #9404
• Smartronix #8354
• Strategic Comm. #9413

Page 2 of 16

Introduction
Microsoft has announced the retirement of Project Online effective September 30, 2026, due to
its legacy architecture. The PERS project management office (PMO) currently uses Project
Online and MS Project Desktop Client for project tracking, resource management, and
dashboard reporting. PERS conducted market research and identified the following potential
vendors, however responses are not limited to this list, if other products meet the requirements
of this RFQ. PERS has explored the solutions available from: Cyber Comm – PowerPak,
Monday.com, OnePlan, Planisware, Planview PPM Pro, Project Insight, Sensei IQ, and
Smartsheet.

There are approximately: 12 project managers, 250 time tracking project team resources, 20
active projects with schedules, and 7 PowerBI portfolio reports. Project schedules may be
anywhere from a few hundred to a few thousand lines each. Several projects are part of a
program and need a ‘master schedule’ feature to maintain the deadlines across projects.
Portfolio reporting covers projects, pipeline efforts, as well as resource management. Project
intake is currently handled in a separate workstream, but there may be future opportunities to
combine the PPM platform with an intake feature.

An agency project has been initiated to find and implement the replacement software to Project
Online. A new project and portfolio management (PPM) solution must be identified,
implemented, and adopted before the retirement date to avoid data loss and operational
disruption.

Project Goals and Objectives
• Ensure a seamless transition to a new modern PPM platform
• Preserve and migrate all critical PERS projects and resource data
• Minimize disruption to ongoing projects and users
• Improve usability, scalability, and reporting capabilities
• Train staff effectively and complete full transition to new PPM platform before MS
Project Online end date of 9/30/2026.

High-Level Steps
• Assess current state
• Document defined agreed upon requirements
• Evaluate and select new PPM platform
• Plan migration strategy
• Configure and customize new platform
• Develop and document training materials
• Conduct pilot testing
• Train system users
• Execute full migration

Page 3 of 16

Agency Background Information
PERS MISSION: PERS serves the people of Oregon by administering public employee benefit trusts
to pay the right person the right benefit at the right time.
PERS was established in 1946 to provide retirement, disability, and death benefits to Oregon’s state,
school district, and local government employees. The Agency’s 400 employees serve approximately
228,000 non-retired members, 156,500 retired members or beneficiaries, and 900 public employers.
PERS is governed by a five-member board. PERS also administers a deferred compensation plan,
known as the Oregon Savings Growth Plan (OSGP), a tax qualified 457 plan.

Scope of Work

Vendor Responsibilities
• Point of contact for vendor support and engagement
• Provide schedule / timeline for consulting, implementation, and testing
• Provide training for master scheduling with sub-project task management tracking
• Provide training for time tracking capabilities by task, dates, and durations of tasks
• Review requirements and provide recommendations for right-sized PPM solution
• Configure the selected PPM solution to meet PERS requirements
• Set up user roles, workflows, templates, resource management, and report dashboards
• Migrate relevant project, resource, and portfolio data
• Validate data integrity post-migration
• Participate in testing of new solution and address defects and retest as needed
• Provide role appropriate training and training materials
• Provide post-deployment support for a defined period of time
• Provide knowledge transition and documentation
• Recommend future improvement opportunities

The proposed solution must meet the PMO Software requirements shown in Attachment # 4.

Contract Timelines
PERS’s goal is to start utilizing this new PMO Software as soon as May 1, 2026 or earlier.

Training Requirements
Awardee is to provide training for PERS staff for their provided solution.
• How many trainers will be allotted to PERS staff
• How many PERS staff will be trained in initial onboarding
• How much estimated training time will be needed on startup

Page 4 of 16

Transition Services
At PERS’s option, the awarded vendor will perform any requested transition services which
may include analysis, data migration, configuration, implementation services, consulting
services, and returning data to PERS in a suitable format via electronic submission. If PERS
elects to include transition services, such transition services will be included via amendment.
PERS shall have full access and possession of all created materials, data, and records that
pertain to this project.
Insurance Requirements
Prior to execution of the Contract, the apparent successful Offeror shall secure and demonstrate to
Agency proof of insurance coverage meeting the requirements identified in the solicitation or as
otherwise negotiated. Failure to demonstrate coverage may result in Agency terminating
Negotiations and commencing Negotiations with the next highest-ranking Offeror.
Vendor shall obtain at Vendor’s expense the required types of insurance specified in
Attachment # 7 listed in this RFQ.
Term of Service
PERS anticipates the award of one Contract from this solicitation. The initial term of the Contract
is anticipated to be for a one (1) year term with optional annual renewals up to (3) three years.
PERS reserves the right to amend additional years of service.








End of Scope of Work

Page 5 of 16

Questions and Requests
All questions and requests for clarification of this RFQ must be submitted in writing by email to
the above listed Authorized Representative, and must be received no later than February 24,
2026, at 4pm PST. When appropriate, as determined by the Authorized Representative in its
sole discretion, revisions, substitutions, or clarification of this RFQ will be sent electronically.
RFQ Response Submittal
Responses must be received on or before the Offer Due Date and Time. All submissions must
be emailed only to the Authorized Representative listed above.
PERS may extend the Offer Due Date when it is in the best interest of the agency. The agency
reserves the right to reject all offers and/or to cancel this RFQ if it is in the best interest of the
agency.
Submission Checklist
➢ Include the completed Pricing Sheet (Attachment # 1).
➢ Include the completed Security Certification (Attachment # 3).
➢ Include the completed Certified Office Inclusion & Diversity Form (Attachment # 6, if
applicable).
➢ Include the End User License Agreement
➢ Include any Cloud Service Agreements
➢ Include any Maintenance and Support Agreement
➢ Please note: PERS reserves the right to ask for references
Submitted Responses Subject to Disclosure as Public Records
If Offeror believes any of its Offer is exempt from disclosure under Oregon Public Records Law
(ORS 192.311 through 192.478), Offeror shall submit a fully redacted version of its Offer, clearly
identified as the redacted version. If an Offeror includes information and data with its submitted
Quote that Offeror regards as proprietary, privileged, or otherwise confidential; Offeror must
identify such information in a separate document submitted with its Quote and provide a redacted
submission along with the original submission. Otherwise, State will assume that Offeror
consents to public disclosure of the original submission.

Page 6 of 16

Security Requirements and GovRAMP Eligibility
The successful Proposer‘s Solution must meet all hosting and security requirements which
include:
• Compliance with Oregon’s Statewide Information Security
Plan(https://www.oregon.gov/eis/cyber-security-services/Pages/guidance-for-state-agencies.aspx) and
Oregon’s Statewide Information Technology Control
Standards(https://www.oregon.gov/eis/cyber-security-services/Pages/guidance-for-state-agencies.aspx), or
found online at: Enterprise Information Services : Guidance for State Agencies : Cyber
Security Services : State of Oregon.
• Security controls that meet or exceed National Institute of Standards and Technology (NIST)
Special Publication 800 -53 (revision 5 or more recent version) [“Moderate” / “High”]
controls. This is equivalent to GovRAMP Impact Level ([Moderate/High]).
• In lieu of submitting a completed Statewide Security Standards Spreadsheet Attachment # 3,
Proposer may provide one of the following to demonstrate compliance with Oregon’s
Statewide Information Technology (IT) Control Standards.
• Proof of current GovRAMP Authorized status (Authorized ) in the form of a GovRAMP
Letter, or

RFQ Evaluation & Criteria
RFQ submissions will be reviewed to determine if all requirements have been met. Those
meeting the requirements will be evaluated to determine the “Best Value” for the agency. “Best
Value” is based solely on the evaluators’ determination of what best meets the needs of the
agency, price, and other factors such as: experience, expertise, availability, and resource
capacity will be considered.
The Best Value Analysis is planned to evaluate all proposed products that meet the business and
technical requirements.
We will use the following criteria in the decision process:
• Approach, Methodology & Schedule
• Consultant Experience
• Personnel Qualifications & Experience
• Adoption & Training
• Cost
• Solution Demonstration
• Meets solution requirements

Page 7 of 16


Award
The offeror with the most advantageous submission will be awarded a contract. PERS will
negotiate contract terms, conditions, Statement of Work, and other agreements such as
licensing, maintenance, and support with the successful offeror.
The awarded vendor will need to register in the PERS portal for goods and services,
OregonBuys. This portal is used for procurement and vendor payment as well. PERS asks that
you review the link below to register:
https://oregonbuys.gov/bso/view/login/login.xhtml
Protested Award
An Affected Offeror will have 7 calendar days from the date of the Intent to Award notice to
file a Written protest. An Offeror is an Affected Offeror only if the Offeror would be eligible for
Contract award in the event the protest was successful and is protesting for one or more of the
following reasons as specified in ORS 279B.410:
• All higher ranked Offers are non-Responsive.
• PERS has failed to conduct an evaluation of Offers in accordance with the criteria or
process described in the RFQ.
• PERS abused its discretion in rejecting the protestor’s Offer as non-Responsive.
• PERS’ evaluation of Offer or determination of award otherwise violates the terms of the
Participating Addenda.
Protests must:
• Be delivered to the RFQ contact via email or hard copy
• Reference the RFQ number
• Identify Offeror’s name and contact information
• Be signed by an Authorized Representative
• Specify the grounds for the protest
• Be received within 7 calendar days of the Intent to Award notice
Response to Protest. PERS will address all protests submitted in a reasonable time and will
issue a Written decision to the respective Offeror. Protests that do not include the required
information prescribed in this Section may not be considered by PERS.

Certification Office for Business Inclusion & Diversity (COBID) Participation
Pursuant to Oregon Revised Statute (ORS) Chapter 200, and as a matter of commitment,
Agency encourages the participation of minority, women, and emerging small business
enterprises in all contracting opportunities. Agency also encourages joint ventures or
subcontracting with minority, women, and emerging small business enterprises. If the contract
resulting from this RFQ provides subcontracting opportunities, the successful Proposer may be
required to submit a completed COBID Outreach Plan prior to execution.

Page 8 of 16


------------------------------------------------------------------------------------------------------------------------------
RFQ Attachments that follow, begin on the next page. By such reference, the following seven
(7) attachments and their respective content are incorporated into this RFQ.
➢ Attachment # 1, Pricing Sheet
➢ Attachment # 2, Security Frameworks and Controls
➢ Attachment # 3, Security Certification
➢ Attachment # 4, PMO Software Requirements
➢ Attachment # 5, Information Security Policies
➢ Attachment # 6, Certified Office Inclusion & Diversity Form (if applicable)
➢ Attachment # 7, Insurance Requirements

Page 9 of 16


Attachment # 1
PERS-RFQ # 26001
RFQ Pricing Sheet
The offeror agrees to provide the services described in the statement of work for this RFQ, for
the following sums:
PMO Software Cost

Annual Cost Per User

$

Migration Services

$

Start-up Training

$

Annual Support

$



RFQ Submittal prepared by:__________________________________________
Title: ____________________________________________________________
Address: _________________________________________________________
Phone #: _________________________________________________________
Email Address: ____________________________________________________
Authorized Signature:_______________________________________________

Page 10 of 16

Attachment # 2
PERS-RFQ # 26001
Security Frameworks and Controls
The proposed solution shall adhere to the security control requirements noted below:
• Identity access management (IAM) functionality: Single sign-on (SSO)
o Proposed solution shall support SSO integration using Microsoft Entra ID or
alternative as specified by the agency.
o Proposed solution shall provide support for MFA for agency staff.
• Application / system logging
o Proposed solution shall support integration of system and application logs into
the agency’s SIEM platform for event monitoring.
• Breach notification and Incident Response
o The provider shall report any incident resulting in the loss or potential loss of
agency information to the agency’s Information Security and Risk Officer within
24hrs of said event.
• Attestations of Security Posture
o The provider shall respond to agency risk assessments or provide copies of their
SOC2 reports when requested from the agency.

Page 11 of 16

Attachment # 3
PERS-RFQ # 26001
Security Certification
As applicable, Offer must contain a statement demonstrating Offeror's agreement that if awarded a
Contract:
a. Offeror and Offeror's staff with access to State systems, facilities, data, and
confidential information will submit to all security checks requested by DAS or
Agency, which may include any combination of fingerprinting, Oregon Law
Enforcement Data Systems (“LEDS”) and Federal Bureau of Investigation Criminal
Justice Information Services (“FBI CJIS”) background checks; and
b. Upon request, Offeror and Offeror’s staff will sign a non-disclosure agreement for
any/all data or information received or processed on its equipment from the State of
Oregon; and
c. Offeror will protect at all times State of Oregon sensitive material; and
d. Offeror will meet or exceed the State of Oregon’s security standards as set forth in
the following:
a. Privileged Access Monitoring and Reporting viewable at:
https://www.oregon.gov/das/Policies/107-004-140.pdf
b. Statewide Information Security Program Plan viewable at:
c. https://www.oregon.gov/eis/cyber-security-services/Documents/eis-css-statewide-
information-security-program-plan.pdf
e. Statewide Cloud and Hosted Systems policy:
https://www.oregon.gov/das/policies/107-004-150.pdf
f. Oregon’s Statewide Information Security Standards, found online at:
https://www.oregon.gov/eis/cyber-security-services/Pages/guidance-for-state-
agencies.aspx including security controls that meet or exceed “Moderate” security
controls in the National Institute of Standards and Technology (NIST) Special
Publication (SP) 800-53.
g. Oregon Statewide Information Technology Policies:
www.oregon.gov/das/Pages/policies.aspx#IT.
h. The Oregon Consumer Information Protection Act (OCIPA), ORS 646A.600 through
646A.628, to the extent applicable. For purposes of OCIPA, Proposer is a vendor.
As the vendor awarded, I certify that my company shall comply with all applicable PERS
security requirements and policies as stated above and included in the Attachments:
Authorized Person: _________________________________________________
Authorized Signature: _______________________________________________

Page 12 of 16

Attachment # 4
PERS-RFQ # 26001
PMO Software Requirements

BUSINESS REQUIREMENTS
• Develop and manage project schedules with tasks, resource assignments,
predecessors, etc.
• Schedule tasks should contain effort estimates of work and duration
• Ability to track multiple sub-project schedules and their tasks within a master
program schedule
• Enterprise resource pool management
• Resource capacity planning and forecasting
• Resource utilization and time tracking
• Custom fields, forms, and templates
• Customizable dashboards or works with Microsoft Power BI to provide visual
insights into project and resource data such as traffic light indicators and
prioritization percentages

TECHNICAL REQUIREMENTS
• Single Sign-On (SSO)
• Role-based permissions
• Scalable architecture to support increasing number of projects, users, and
features
• Tool selection must align with Oregon State and PERS Agency IT policies and
procurement processes
• Prefer cloud-based solution

OPTIONAL FEATURES
• Schedule baseline tracking
• Project intake request workflow
• Integrations with M365, MS Teams, Power BI, JIRA, MS Planner
• AI-powered help assistant
• Version control

Page 13 of 16

Attachment # 5
PERS-RFQ # 26001
Security Section for Professional Services Procurement
INFORMATION SECURITY POLICIES

PERS Information Security Policies
1.10.01.01.005.POL.p
df

1.10.01.01.003.POL
.pdf

1.10.01.01.002.POL
.pdf
1.10.01.01.001.PRO
.pdf
1.10.01.01.000.POL.p
df

3.01.06.01.001.POL
.pdf

3.01.05.01.001.POL
.pdf
3.00.06.02.003.POL
.pdf
3.00.06.01.001.POL
.pdf
1.10.01.01.009.POL
.pdf
1.10.01.01.008.POL
.pdf

1.10.01.01.019.POL.
pdf

1.10.01.01.014.POL.
pdf
1.10.01.01.015.POL.
pdf
1.10.01.01.023.STD.
pdf
1.10.01.01.023.POL.
pdf

1.10.01.01.002.STD.
pdf
1.10.01.01.003.STD.
pdf
1.10.01.01.005.STD.
pdf
1.10.01.01.015.STD.
pdf
1.10.01.01.008.STD.
pdf

1.10.01.01.019.STD.
pdf


Enterprise Information Services (EIS) – Cyber Security Services (CSS)
https://www.oregon.gov/eis/cyber-security-services/pages/default.aspx
Statewide Information Security Standards
https://www.oregon.gov/eis/cyber-security-services/pages/default.aspx

Page 14 of 16

Attachment # 6

PERS-RFQ # 26001

Certified Office Inclusion & Diversity Form
SUBMIT THIS FORM WITH YOUR RESPONSE


Contractor Information
Company Legal Name:
Federal Tax ID#:
Address:
Contact Person: Email:
Phone: Fax:
By signing this Cover Page, Contractor agrees to comply with all requirements, specifications and terms and
conditions included with this Request for Quote (including all Attachments and Addenda, if any) and all
specifications, warranties, etc. included in its submitted response. Contractor certifies, under penalty of perjury,
that they are not in violation of any tax laws described in ORS 305.385(6) and (7).
Authorized Signature:
Printed Name:
Title:
Date:

Complete if Applicable:
CERTIFIED BUSINESS FIRM PARTICIPATION (ORS 200.005 to 200.075; ORS 200.160 to 200.200;
ORS 279A.105)
NOTE: This section is for information purposes only and shall not be considered in the evaluation of the bid or
award of a contract.
Type of Certification Certification
Number
Certified in Oregon?
Disadvantaged Business Enterprise (DBE)
Minority Business Enterprise (MBE)
Women Business Enterprise (WBE)
Emerging Small Business (ESB)

Page 15 of 16

Attachment # 7

PERS-RFQ # 26001

INSURANCE REQUIREMENTS


The vendor, prior to performing under this Contract, shall maintain insurance in full force and at
its own expense throughout the duration of this Contract, as required by any extended reporting
period or tail coverage requirements, and all warranty periods that apply. Vendor shall obtain
the following insurance from insurance companies or entities that are authorized to transact the
business of insurance and issue coverage in the State of Oregon and that are acceptable to
Agency. Coverage shall be primary and non-contributory with any other insurance and self-
insurance, with the exception of Professional Liability and Workers’ Compensation.

Vendor shall pay for all deductibles, self-insured retention, and self-insurance, if any.

Commercial General Liability
Contractor shall obtain, at contractor’s expense, and keep in effect during the term of this
contract, commercial general liability insurance covering bodily injury and property damage in
a form and with coverages that are satisfactory to the state. This insurance shall include personal
and advertising injury liability, products and completed operations and contractual liability
coverage for the indemnity provided under this contract. Coverage shall be written on an
occurrence basis in an amount to not be less than $1,000,000 per occurrence. Annual aggregate
limit shall not be less than $2,000,000.

Professional Liability
Contractor shall obtain, at Contractor’s expense, and keep in effect during the term of this
Contract, Professional Liability Insurance covering any damages caused by an error, omission
or any negligent acts related to the services to be provided under this contract by the Contractor
and Contractor’s subcontractors, agents, officers, and employees in an amount of not less than
$1,000,000 per occurrence, incident, or claim. Annual aggregate limit shall not be less than
$2,000,000. If coverage is on a claims made basis, then either an extended reporting period of
not less than 24 months shall be included in the Professional Liability insurance coverage, or the
Contractor shall maintain either tail coverage or continuous claims made liability coverage,
provided the effective date of the continuous claims made coverage is on or before the effective
date of this Contract, for a minimum of 24 months following the later of (i) Contractor’s
completion and Agency’s acceptance of all Services required under this Contract, or, (ii)
Agency or Contractor termination of contract, or, iii) The expiration of all warranty periods
provided under this Contract.

Network Security and Privacy Liability
Contractor shall provide Network Security and Privacy Liability Insurance for the duration of
this Contract and for the period of time in which Contractor (or its business associates or
subcontractor(s)) maintains, possesses, stores, or has access to Agency or client data, whichever
is longer, with a combined single limit of not less than $1,000,000 per claim or incident. This
insurance must include coverage for third party claims and for losses, thefts, unauthorized
disclosures, access or use of Agency or client data (which may include, but is not limited to,

Page 16 of 16

Personally Identifiable Information (“PII”), Payment Card Data and Protected Health
Information (“PHI”)) in any format, including coverage for accidental loss, theft, unauthorized
disclosure access or use of Agency data.

Additional Insured
All liability insurance, except for Workers’ Compensation, Professional Liability, and Network
Security and Privacy Liability, required under this Contract must include an additional insured.

Certificate(s) and Proof of Insurance
Vendor shall provide to Agency Certificate(s) of Insurance for all required insurance before
delivering any Goods and performing any Services required under this Contract. The
Certificate(s) shall list the State of Oregon, its officers, employees, and agents as a Certificate
holder and as an endorsed Additional Insured. The Certificate(s) shall also include all required
endorsements or copies of the applicable policy language affecting coverage required by this
Contract. If excess/umbrella insurance is used to meet the minimum insurance requirement, the
Certificate of Insurance must include a list of all policies that fall under the excess/umbrella
insurance. As proof of insurance Agency has the right to request copies of insurance policies
and endorsements relating to the insurance requirements in this Contract.

Notice of Change or Cancellation
The Vendor or its insurer must provide at least 30 days’ written notice to Agency before
cancellation of, material change to, potential exhaustion of aggregate limits of, or non-renewal
of the required insurance coverage(s).

Insurance Requirement Review
Vendor agrees to periodic review of insurance requirements by Agency under this Contract and
to provide updated requirements as mutually agreed upon by Vendor and Agency.

State Acceptance
All insurance providers are subject to Agency acceptance. If requested by Agency, Vendor shall
provide complete copies of insurance policies, endorsements, self-insurance documents and
related insurance documents to Agency’s representatives responsible for verification of the
insurance coverages required.