Website RFP Issued By Hunger Task Force Inc.

Title: Website Design, Development, and Launch 

1.  Scope: Scope Boundaries

Outside scope unless proposed within budget:

1. Custom application development
2. Proprietary backend systems
3. Donor login portals
4. Custom CRM workflow engineering
5. Enterprise-level managed security services
6. Third-party accessibility certification

2.  Budget

Hunger Task Force anticipates a project budget in the range of $75,000–$100,000 for the design, development, testing and launch of the new website.

Vendors are encouraged to propose solutions that align with this range and clearly articulate how their approach delivers value within the stated budget. Proposals that demonstrate a strong balance of strategic thinking, technical execution and cost efficiency will be prioritized.

3.  Vendor Location & Experience Preferences

Hunger Task Force will give priority consideration to vendors based in the United States, with a preference for those located in the Midwest region. Proposals should highlight relevant regional experience and nonprofit partnerships. Vendors with demonstrated experience working with nonprofit organizations, particularly those involved in food access, human services, or community-based programs, are strongly encouraged to apply.

9.  Security & Data Protection Requirements

9.1  Incident Response & Data Transparency

9. Provide documented incident response plan
10. Notify Hunger Task Force within 24 hours of security incidents
11. Disclose data storage locations
12. Support secure deletion of stored data

9.2  Infrastructure & Hosting Security

9. Web Application Firewall (WAF)
10. DDoS protection
11. Network segmentation
12. TLS encryption and encryption at rest

9.3  Access Control & Authentication

9. Role-Based Access Control (RBAC)
10. No shared accounts
11. Multi-Factor Authentication (MFA)
12. Login lockout protections

9.4  Logging & Monitoring

9. Log admin changes
10. Log login attempts
11. Log API interactions
12. Provide audit logs

9.5  Data Security & Encryption

9. Encryption in transit (TLS)
10. Secure handling of data

9.6  Backup & Disaster Recovery

9. Daily encrypted backups
10. 30-day retention
11. Restore capability

9.7  Secure Development Practices

9. Follow SDLC
10. OWASP protections
11. Secure integrations

9.8  Compliance (Preferred)

9. SOC 2 / ISO 27001 preferred
10. PCI via payment providers

9.9  Post-Launch Responsibilities

9. Define security responsibilities
10. Recommend update cadence
11. Outline communication process

Due Date: April 21, 2026

Contact: [email protected]