Title: Website Design, Development, and Launch
1. Scope: Scope Boundaries
Outside scope unless proposed within budget:
- Custom application development
- Proprietary backend systems
- Donor login portals
- Custom CRM workflow engineering
- Enterprise-level managed security services
- Third-party accessibility certification
Hunger Task Force anticipates a project budget in the range of $75,000–$100,000 for the design, development, testing and launch of the new website.
Vendors are encouraged to propose solutions that align with this range and clearly articulate how their approach delivers value within the stated budget. Proposals that demonstrate a strong balance of strategic thinking, technical execution and cost efficiency will be prioritized.
3. Vendor Location & Experience Preferences
Hunger Task Force will give priority consideration to vendors based in the United States, with a preference for those located in the Midwest region. Proposals should highlight relevant regional experience and nonprofit partnerships. Vendors with demonstrated experience working with nonprofit organizations, particularly those involved in food access, human services, or community-based programs, are strongly encouraged to apply.
9. Security & Data Protection Requirements
9.1 Incident Response & Data Transparency
- Provide documented incident response plan
- Notify Hunger Task Force within 24 hours of security incidents
- Disclose data storage locations
- Support secure deletion of stored data
9.2 Infrastructure & Hosting Security
- Web Application Firewall (WAF)
- DDoS protection
- Network segmentation
- TLS encryption and encryption at rest
9.3 Access Control & Authentication
- Role-Based Access Control (RBAC)
- No shared accounts
- Multi-Factor Authentication (MFA)
- Login lockout protections
9.4 Logging & Monitoring
- Log admin changes
- Log login attempts
- Log API interactions
- Provide audit logs
9.5 Data Security & Encryption
- Encryption in transit (TLS)
- Secure handling of data
9.6 Backup & Disaster Recovery
- Daily encrypted backups
- 30-day retention
- Restore capability
9.7 Secure Development Practices
- Follow SDLC
- OWASP protections
- Secure integrations
9.8 Compliance (Preferred)
- SOC 2 / ISO 27001 preferred
- PCI via payment providers
9.9 Post-Launch Responsibilities
- Define security responsibilities
- Recommend update cadence
- Outline communication process
Due Date: April 21, 2026
Contact: zachary@hungertaskforce.org
