Doing business with EOTSS

Here's how to work with the Executive Office of Technology Services and Security

Table of Contents

Working with the Commonwealth of Massachusetts

Doing business with the Commonwealth and specifically the Executive Office of Technology Services and Security (EOTSS) can be a complicated process with many steps and requirements.

Below, you'll find the definitions of commonly used terms, direct links to the most important documents and materials, and instructions to make it easy for you to work with EOTSS.

If you've come to this page, you're probably looking to sell your Information Technology goods and services to the Commonwealth. Here are quick links to those contract categories:

If you have questions, please email the team at

Getting started


The Commonwealth uses a service called COMMBUYS to manage contracts and bids for services.  

What is a Statewide Contract?

The Operational Services Division (OSD) manages contracts for various goods and services known as Statewide Contracts. Executive Departments like EOTSS are required to procure (or buy) goods and services under these existing Statewide Contracts whenever possible.

OSD holds Statewide Contracts for goods and services ranging from clothing and footwear to technology and software. See a complete list.

But before you can work with the state, you'll need to file all the necessary paperwork.

Completing this process lets organizations know you have goods and services that could be useful and that you can comply with all of the terms and conditions. 

EOTSS Information Technology contracts

ITS78 Statewide Contract for Data, Cybersecurity, and Related Audit Compliance, and Incident Response

This is a statewide contract that seeks a variety of cybersecurity services including a full range of audit, penetration tests, reviews, and validation of compliance with legal, regulatory and policy requirements, and related services in areas like data breach investigation, remediation, and security of confidential information.

If you have questions, please email the team at


ITS60 Statewide Contract for Cloud Solutions 

This is a statewide contract for cloud solutions and related services, including installation, implementation, customization, training, support, and maintenance.


ITS75 Statewide Contract for Software and Services

This is a statewide contract for software and services.

Why use State Contracts?

Getting on Statewide Contract has many benefits, including the ability to work with EOTSS and scores of other state organizations.

It also lets you bid on projects across multiple business sectors, which can be found listed here.

The state benefits because these contracts help organizations save time, save money, and provide access to environmentally preferred products (EPPs). It also provides immediate access to diverse vendors.  

Different types of solicitations

These are used to either solicit information from potential sellers or to solicit an actual bid for services. Outlined below are the different solicitations you may use to do business with EOTSS.

Request For Information (RFI)

An RFI is a market research tool used to gain insight and feedback from respondents to help inform EOTSS' procurement process. They do not result in a contract and are usually used to help EOTSS get a better understanding of the market before issuing a related RFQ or RFR.

Request for Responses (RFR) 

An RFR is similar to a Request For Proposal (RFP) in the private sector. This is a solicitation for responses that may result in a Statewide Contract or a Departmental Contract for goods and/or services. RFRs may be open to any organization that is capable of providing the requested goods or services. EOTSS issues RFRs when the required goods or services are not available under an existing Operational Services Division (OSD) Statewide Contract.

Request For Quotation (RFQ)

An RFQ is a solicitation for goods or services that is issued under an existing Statewide Contract or Departmental Contract. Respondents must be on a Statewide Contract or Departmental Contract to respond to an RFQ. If an organization has the ability to partner with another organization already on statewide contract, they may submit the response together. 

Required documents and materials

The Commonwealth requires vendors to agree to certain terms and conditions in order to be considered. 

Please review and complete the following documents to make sure your business can be compliant.

Taxpayer Identification Number & Certification Form
Contractor Authorized Signatory Listing Form
Current Environmentally Preferable Products/Practices Form
Supplier Diversity Plan Form
  • Some RFRs require bidders to commit to spending a percentage of the contract value with a certified diverse vendor (like women-owned businesses, minority-owned business, and many other categories). If this is true for your RFR, reiew the Supplier Diversity Plan Form 1 (SDP Plan Commitment). More information including a current list of certified diverse vendors can be found here.
Prompt Pay Discount Form
  • The Commonwealth's Bill Paying Policy requires bidders responding to RFRs to offer a Prompt Pay Discount (PPD) by completing the Prompt Pay Discount Form. The PPD requirement may be waived if a bidder demonstrates that offering a Prompt Pay Discount would be a hardship.
Business Reference Form
  • This Business Reference Form allows bidders to provide reference contact information and supporting detail if reference checks are requested as part of a solicitation response.  



Cybersecurity questions:
Contracts questions:
Risk management questions:
Report cybersecurity incident:


McCormack Building
1 Ashburton Place, 8th Floor
Boston, MA 02108