RFP builder.

# Customer Identity & Access Management (CIAM), Request for Proposal

**Company:** [Company name]
**Contact:** [Contact name]
**Submission deadline:** [Date]

## 1. About us

[Brief description of company, product, and current identity stack.]

## 2. Project scope

- **Customer segment:** B2B SaaS / enterprise
- **Current MAU:** 10,000
- **12-month projected MAU:** 100,000
- **Geographic region:** US + EU
- **Deployment preference:** Managed SaaS only

## 3. Functional requirements

We require a CIAM platform that supports the following capabilities at production scale:

- [ ] Email + password
- [ ] Passkeys / WebAuthn
- [ ] TOTP authenticator-app
- [ ] SAML SSO
- [ ] SCIM 2.0 directory sync

For each capability, please describe:
1. How the capability is delivered (UI, API, SDK).
2. Any additional licensing tier required to access it.
3. Production reference customers using the capability at our MAU band.

## 4. Non-functional requirements

### Compliance and certifications

The platform must demonstrate the following certifications or attestations:

- [ ] SOC 2 Type II attestation / certification
- [ ] GDPR attestation / certification

Please attach the most recent attestation reports under NDA.

### Security

- Encryption at rest and in transit (specify algorithms and key management).
- Logging, monitoring, and incident response posture.
- Vulnerability disclosure program.
- Penetration test cadence and access to redacted reports.

### Reliability

- Documented SLA for authentication endpoints (target: 99.99% monthly).
- Multi-region failover architecture.
- Recent incident history (12 months) with public post-mortems if any.

### Data handling

- Data residency guarantees for our region (US + EU).
- Sub-processor list and change-notification policy.
- GDPR/CCPA data export and deletion endpoints.

## 5. Integration and developer experience

- SDK availability for our application stack.
- Authentication API documentation and reference architecture.
- Migration tooling from our current identity store.
- Sandbox / preview environment for evaluation.

## 6. Commercial terms

Please provide:
- **Pricing model** at our current MAU and at 12-month projected MAU.
- **Effective per-MAU rate** at each band, including any feature upcharges.
- **Multi-year commitment discounts** if applicable.
- **Free trial or POC structure** for evaluation.
- **Contract terms** including data ownership, termination, and exit assistance.

## 7. Timeline

- **Pilot deployment:** 6 weeks from contract
- **Full production cutover:** 12 weeks from contract

## 8. Evaluation criteria

Vendors will be evaluated on:

1. Capability coverage of the functional requirements (35%).
2. Total cost of ownership over 3 years (25%).
3. Compliance and security posture (15%).
4. Integration / migration effort (15%).
5. Reference customer feedback at our MAU band and segment (10%).

## 9. Submission instructions

Please submit your response in PDF format to [Contact email] no later than [Date]. Include:

- Completed responses to sections 3 and 4 with capability evidence.
- Pricing detail per section 6.
- Two reference customer contacts at our MAU band and segment.
- Sample contract for review.

We will respond within 10 business days of submission with shortlist results and interview invitations.

---

*Generated with the CIAM Compass RFP builder, https://guptadeepak.com/ciam-compass/tools/rfp-builder/*