Salesforce DevOps and Automated Testing Tool Solution - UPDATED

Page | 1 31701- 03828 STATE OF TENNESSEE FINANCE & ADMINISTRATION, STRATEGIC TECHNOLOGY SOLUTIONS REQUEST FOR INFORMATION FOR SALESFORCE DEVOPS AND AUTOMATED TESTING TOOL SOLUTION RFI # 31701- 03828 March 24 , 2026 1. STATEMENT OF PURPOSE: The State of Tennessee, Finance and Administration, Strategic Technology Solutions (STS) issues this Request for Information (“RFI”) for the purpose of identifying a Salesforce DevOps and automated testing tool solution partner . We appreciate your input and participation in this process . 1.1. BACKGROUND: Salesforce is currently in use and is being adopted by a growing number of agencies statewide. To safely and efficiently develop applications that support this expanding set of use cases, the state requires a dedicated DevOps platform capable of managing multiple, s elf-contained sandboxes for Development, QA, System Integration Testing (SIT), and User Acceptance Testing (UAT) prior to production. To streamline development cycles, improve deployment efficiency, and ensure consistent quality, the DevOps platform must i ntegrate directly with Salesforce. Given the complexity of Salesforce customizations, automated testing is also essential to prevent regression and ensure the reliability of changes. 2. PROPOSED SOLUTION(S): The State is seeking information on software solutions and capabilities that currently exist from qualified vendors for a Salesforce Dev Ops and Automated Testing Tool Solution. Table 3.1 below represents the State’s List of Business Requirements for which the vendor should provide proposed solutions in their response. In accordance with Section 7. Informational Forms, Technical Information Form Question 4, please demonstrate in your response how your solution meets our requirements, if there is a feature that doesn’t currently meet the requirements, but is in development, or if your solution provides alternative functionality that may yield a similar outcome. Table 3.1: List of Business Requirements NO. REQUIREMENT TITLE REQUIREMENT DESCRIPTION VENDOR PROPOSED SOLUTION For each Requirement below, d escribe how the proposed solution fully meets the requirement, is currently in development, offers alternative functionality, or does not meet the requirement, and provide a brief description supporting your response. 1.0 FUNCTIONAL REQUIREMENTS 1.a. Continuous Integration (CI) Automated builds, code linting, and static analysis on every commit. 1.b. Continuous Delivery/Deployment (CD) Automated deployment pipelines supporting multi -stage environments (Dev, Test, Prod). 1.c. Pipeline Management Ability to define pipelines using for version - controllable, infrastructure -as-code configuration. 1.d. Work Item Tracking Tools to manage backlogs, epics, user stories, and tasks, such as Azure Boards. 1.e. Traceability End -to-end traceability from requirements to code changes, builds, and releases. 1.f. Reporting Real -time dashboards to track sprint progress and velocity. 1.g. Scalability Ability to handle large teams and high - frequency deployment, with options for cloud- hosted or self -hosted agents. 1.h. Build and Release Artifacts Centralized repository to manage packages (e.g., Maven, npm, NuGet). 2.0 TECHNICAL REQUIREMENTS 2.a. Source Code Management Integration with Git for distributed version control, branching, and pull request workflows. 2.b. Infrastructure as Code (IaC) Support for tools like Terraform or Ansible to manage infrastructure through code, ensuring consistency. 2.c. Containerization Support for container technologies such as Docker and Kubernetes for orchestration. 2.d. Automated Testing Integration of automated test frameworks within the CI/CD pipeline. 2.e. Manual Testing Capabilities to manage and execute manual test cases, such as Azure Test Plans. 2.f. Security Scanning Automated security analysis (DevSecOps) within the pipeline. 2.g. Observability Integrated monitoring to provide feedback on application performance in production. 2.h. Telemetry Tools to monitor deployment success rates and application health. 2.i. Automated testing tool Native automated testing tools. 2.j. Primary and secondary hosting Prefer (Primary) East coast and Secondary Mid - west (low latency and high accessibility ). 3.0 SUPPORT REQUIREMENTS 3.a. Training & Onboarding Availability of user training, documentation, and onboarding support 3.b. SLA & Availability Clear service uptime commitments, e.g., 99.9% availability 3.c. Technical Support 24/7 support options, multi -channel (email, phone, chat) 3.d. User Community & Knowledge Base Online support portal with FAQs, guides, and user forums 3.e. Accessibility Compliance WCAG 2.1 Level AA, ADA, Section 508 compliance 4.0 SECURITY REQUIREMENTS 4.a. Identity and Access Management Role based access controls and integration with Azure AD in conjunction with State Active Directory services. 4.b. MFA Integration with State of TN SSO. 4.c. Separation of Prod and Test Accounts Use Test accounts for Non -Prod and Prod accounts for Production. 4.d. Compliance Audit logs (Admin and tracking) for compliance purposes. 4.e. Encryption Data encrypted in motion and at rest. 4.f. Audit Logs and Monitoring Capability to log and monitor user activity for compliance and troubleshooting. 4.g. Compliance Certifications Support for SOC 2, ISO 27001, HIPAA, NIST 800 -53 and FedRAMP certifications 5.0 AI REQUIREMENTS 5.a. General Does this solution contain an AI model? 5.b. Hosting Is application hosted in the US? 5.c. Data What type(s) of data does the AI solution ingest or create? 5.d. AI Training Does the AI model train from user data? 5.e. Opt Out Option How does the State of TN opt out of training the AI model? 5.f. Model Training Who develops and trains the AI model: the enterprise internally or a third -party/vendor? 5.g. Data Sensitivity Does this AI solution leverage a dataset for training or fine tuning that contains sensitive information? 5.h. Data Retention Policies Are there different data retention policies for the user interface versus the API? 5.i. Human in the Loop Does the AI feedback process include human re-enforcement (RLHF)? 5.j. Third Party Assessment Has a third -party AI assessment been conducted? If yes, where are the results available? 3. COMMUNICATIONS : 3.1. Please submit your response to this RFI to: Shannon Keefe, Contract Specialist Finance and Administration, Strategic Technology Solutions 901 Rep. John Lewis Way North, Nashville, TN 37243 (615) 350- 4244 Shannon.Keefe@tn.gov 3.2. Please reference RFI #31701- 03828 with all communications to this RFI. 3.3. Please limit all questions to one submission per vendor. 4. RFI SCHEDULE OF EVENTS: EVENT TIME (Central Time Zone) DATE (all dates are State business days) 1. RFI Issued Tuesday , March 24, 2026 2. Written Questions & Comments Deadline 2:00 PM Tuesday , March 31 , 2026 3. State Response to Written Questions & Comments Wednesday , April 8 , 2026 4. RFI Response Deadline 2:00 PM Thursday , April 16, 2026 5. GENERAL INFORMATION: 5.1. Please note that responding to this RFI is not a prerequisite for responding to any future solicitations related to this project and a response to this RFI will not create any contract rights. Responses to this RFI will become property of the State. 5.2. The information gathered during this RFI is part of an ongoing procurement. In order to prevent an unfair advantage among potential respondents, the RFI responses will not be available until after the completion of evaluation of any responses, proposals , or bids resulting from a Request for Qualifications, Request for Proposals, Invitation to Bid or other procurement methods . In the event that the state chooses not to go further in the procurement process and responses are never evaluated, the responses to the procurement, including the responses to the RFI, will be considered confidential by the State. 5.3. The State will not pay for any costs associated with responding to this RFI. 5.4. Any services or products proposed in this RFI, must be in compliance with the following security policy: all State data must remain in the United States, regardless of whether the data is processed, stored, in- transit, or at rest. Access to State data shall be limited to US - based (onshore) resources only. Configuration or development of software and code is permitted outside of the United States, however, software applications designed, developed, manufactured, or supplied by persons owned or controlled by, or subject to the jurisdiction or direction of, a foreign adversary, which the U.S. Secretary of Commerce acting pursuant to 15 C.F.R. 7 has defined to include the People's Republic of China, among others are prohibited. Any testing of code outside of the United States must use fake data. A copy of production data may not be transmitted or used outside the United States. 5.5. The State may request demo presentations from selected RFI respondents. 5.6. Responses should be prepared, with emphasis on completeness and clarity, and should NOT exceed fifteen (1 5) pages total in length. Responses, as well as any reference material presented, must be written in English, and must be written on standard 8 1⁄2” x 11” pages and all text must be at least a 12- point font. All pages must be numbered. 6. INFORMATIONAL FORM S: The State is requesting the following informat ion from all interested parties. Please fill out the following forms : RFI #31701- 03828 TECHNICAL INFORMATIONAL FORM 1. RESPONDENT LEGAL ENTITY NAME: 2. RESPONDENT CONTACT PERSON: Name, Title: Address: Phone Number: Email: 3. Provide a brief description of company background and experience providing similar scope of solutions that have been implemented in other states or local governments. 4. For each requirement in Table 3.1: List of Business Requirements, indicate whether your solution Meets, Is In Development, Provides Alternate Functionality , or Does Not Meet the requirement and briefly describe how your solution supports the intended outcome. 5. Describe your solution’s security and privacy controls:

• Role-based access control (RBAC)
• Multi -factor authentication (MFA)
• Data encryption in transit and at rest
• Data storage and retention policies
• Compliance with State privacy and cybersecurity frameworks
• Supported industry -standard authentication and authorization protocols (e.g., OAuth 2.0,

SAML 2.0, etc.)

• FedRAMP compliant
• GovCloud complaint

Summarize any other adherence to privacy, security, and data governance standards , including strategies and SLAs to mitigate system disruptions during implementation. 6. Provide an overall project timeline to implement a solution that meets the List of Business Requirements in Table 3.1 of this RFI, including phases, milestones, and State resource obligations in each step. Please include knowledge transfer, training and post -implementation technical support into your timeline. 7. Outline your technical roadmap for enterprise- wide adoption of your solution . 8. Describe your solution’s training, knowledge transfer and support plan? 9. Describe any risks and/or challenges and potential mitigation strategies that you would advise the State to consider when implementing an enterprise -wide Salesforce DevOps automated testing solution(s). 10. Is your solution available for purchase through public sector cooperative agreements (NASPO, GSA, etc.)? COST INFORMATIONAL FORM 1. Describe your pricing model (e.g., subscription /license- based, usage- based, per -org/per - environment) and identify any cost differentiations that are role- based . 2. What units of measure drive cost (users, Salesforce orgs, sandboxes, pipelines, code volume, integrations, etc.)? 3. Please provide a typical cost estimate that aligns with proposed project phases for the State to procure all necessary licensing to fully implement an enterprise- wide solution . Identify if pricing is standardized or negotiable for an enterprise, government solution. Provide a breakdown of cost for any additional fees, such as configuration, migration, implementation, onboarding, training, support, maintenance, etc. 4. What insight can you provide into licensing costs and expected increases year -over-year? ADDITIONAL CONSIDERATIONS 1. Please provide input on alternative approaches or additional things to consider that might benefit the State: