CTR Statewide Contracts
Statewide contracts are an easy for Commonwealth departments to obtain benefits by leveraging the Commonwealth’s buying power, solicitation process, contracting expertise, vendor management and oversight, and the availability of environmentally preferable products. The Office of the Comptroller has issued the following statewide contracts for use by any Commonwealth department.
ITS78: Statewide Contract for Data, Cybersecurity, and Related Audit, Compliance, and Incident Responses Services
This is a Statewide Contract for Data, Cybersecurity, and Related Audit, Compliance, and Incident Response Services. Services include a full range of audit, penetration tests, reviews, and validation of compliance with legal, regulatory and
policy requirements, and related services in areas such as data breach investigation, remediation, and security of confidential information.
PRF56: Data Security Systems
This Statewide Contract provides a full suite of compliance audits, quality assurance reviews and testing for information management systems and procedures, security management systems and procedures, other information security audits, compliance reviews of standards, and systems and controls to protect personally identifiable information and other sensitive data. It includes all types of audits, compliance and quality assurance reviews and testing for information and data management systems (paper or electronic), security compliance, physical and electronic security of records, PII and confidential information, E-discovery, data breach forensics investigations and remediation, or other audits and compliance reviews related to data management systems and security.
The Contract User Guide is a download available under the Agency Attachments section of the contract.
PRF56: Audit, Accounting and Revenue Maximization Services
PRF56DesignatedOSC02: Audit, Accounting, Compliance, Security Audits, and Revenue Enhancement and Recovery Services
This contract replaces the Statewide Contract for Accounting and Audit services formerly known as PRF08DesignatedOSC which ended June 30, 2014. The list of services under this new Statewide Contract have been consolidated into the following categories:
General Accounting: Accounting, ancillary and consulting services for government fiscal operations.
Specialty Accounting: Cost Allocation, Valuations, and Appraisals.
General Audit: Audits of governmental financial statements at the state or local level.
General Revenue Enhancement/Recovery: Revenue recovery and audit services to identify and recover revenue or other funds owed to eligible entities.
PRF59: Electronic Payment Card Processing
The goal of this program is to expand electronic payments acceptance, facilitate efficiencies, and meet the Commonwealth’s customer expectations for modern and efficient government payment processes. In this procurement, the Commonwealth of Massachusetts Strategic Sources Servicing Team (SSST) collaborated with the MBTA to replace and expand the merchant services portion of the prior Statewide Electronic Payments contract (MA# PRF44designatedOSC). This joint procurement resulted in two contracts with the same vendor: one for the MBTA, and another for state departments and the Massachusetts Turnpike (i.e., this Card Processing Services Contract). This Card Processing Contract was procured under 801 CMR 21. The card processing services provided under this Statewide Contract are available to all Commonwealth Agencies and authorized eligible entities, and is the sole Statewide Contract for credit and debit card processing.
PRF59A: Electronic Payment Solutions
The goal of PRF59AdesignatedOSC is to align the Commonwealth’s customer expectations for modern and efficient government payment processes with their customer experience. This contract replaces and expands the service offering of the prior Statewide Electronic Payments contract, PRF44designatedOSC. In this contract, the Commonwealth of Massachusetts Strategic Sources Servicing Team (SSST) qualified three vendors to provide secure electronic payments solutions and associated integration in a variety of physical and virtual locations and settings. The three vendors are certified on the Visa Global Registry of Service Providers and the MasterCard Compliant Service Provider lists. The payment solution services provided are available to all Commonwealth eligible entities, and is the sole Statewide Contract for Electronic Payment Solutions.
PRF72: Debt collection
PRF72 replaces PRF55 which expired January 31, 2020. These services will maximize collections of delinquent account receivables, thereby enhancing the Commonwealth’s revenues, using the most cost-effective state of art collection methods and following the highest professional standards of integrity for collection services. The debt collection services provided under this Statewide Contract shall be available for all debts, including transportation and tolling debts, owed to Commonwealth Agencies and legislatively authorized Eligible Entities. Debts include non-tax revenue pursuant to 815 CMR 9.00 and can include fines, fees, licenses, permits, interest income, assessments, third party payments, fleet debt, Pay by Plate debt, parking tickets and all other transportation debt.
PRF73: Payment Data & Payment Card Industry (PCI) Compliance Services
This Statewide Contract, PRF73 Payment Data & Payment Card Industry (PCI) Compliance Services provides a full suite of compliance audits, quality assurance reviews, and testing for Payment Card Industry (PCI) compliance, to protect personally identifiable information and other sensitive data.
Data Security compliance helps merchant Eligible Entities improve the safekeeping of cardholder information by tightening overall security standards and information management to:
Reduce the chance of breaches, fraud, and financial loss;
Ensure the security of the Commonwealth of Massachusetts’ e-commerce applications; and
Seek opportunities to limit scope and reduce system and protocol vulnerabilities.