The State of Oregon, acting by and through its Department of Administrative Services (DAS) Procurement Services (DPS), is issuing this Request for Qualifications (RFQ) to establish a nonbinding, open list of qualified contractors in accordance with OAR 125-247-0550(3). The Information Security Incident Response (ISIRS) Vendor List will serve as a reference for entities wishing to engage a contractor for work related to ISIRS. This RFQ will not directly result in any awards; it will result in a nonbinding, open list of qualified contractors, hereafter referred to as "ISIRS Vendor List". Any engagement needed by an entity will be conducted according to their applicable statutes, rules and policies. The ISIRS Vendor List, DAS Enterprise Security Office (ESO), and DPS are available to help guide entities to a solution that will meet their needs. This RFQ will remain open until such time as DPS determines it is in the state's best interest to close it. The intent is to allow vendors to submit information at any time so the ISIRS Vendor List remains current. ISIRS may be needed to satisfy legislative mandates or DAS rules and policies compelling these services. Refer to the following: o ORS 182.122 "Information systems security in executive department; rules"; o Statewide Information Security Plan: (click here) o Statewide Information Security Standards