Skip to main content

Permissions

Add user
Done

Start your AI search

AI search
Outbound call compliance Gamification for customer service Outsourcing services

How to write an RFP for colocation

Requirements, questions, and evaluation criteria specific to colocation procurement

6 min read

RFPs are critical when procuring colocation services due to the long-term contracts, significant capital expenditure implications, and the need for high levels of reliability and security. The shift towards high-density computing and AI workloads further complicates the selection process, demanding a detailed understanding of power, cooling, and connectivity capabilities.

What makes colocation RFPs different

Colocation RFPs are unique due to the blend of physical infrastructure and IT service requirements. Unlike software-only purchases, colocation involves evaluating physical security, power redundancy, cooling efficiency, and network connectivity.

The long-term nature of colocation contracts, typically five to seven years, necessitates a thorough assessment of the provider's financial stability and future scalability.nnFurthermore, the rise of AI and high-performance computing introduces new complexities. Traditional colocation facilities may not be equipped to handle the power densities and cooling requirements of modern GPU-based servers.

RFPs must address the provider's capabilities in supporting high-density racks, liquid cooling solutions, and advanced interconnection options. Compliance with industry-specific regulations, such as SOC 2, ISO 27001, and HIPAA, is also a critical consideration, particularly for organizations in regulated sectors like finance and healthcare.

  • Power density and cooling capacity for current and future hardware requirements
  • Network connectivity and carrier neutrality to ensure optimal performance and cost
  • Physical security measures and compliance certifications to protect sensitive data
  • Financial stability and long-term viability of the colocation provider

RFP vs RFI vs RFQ

Here's when to use each document type when procuring colocation software.

RFI

Request for Information

Use early in your search to understand what vendors offer and narrow your list. Gather general capabilities, company background, and high-level pricing ranges.

RFP

Request for Proposal

Use when you know your requirements and want detailed vendor solutions and pricing. This is your main evaluation document for shortlisted vendors.

RFQ

Request for Quote

Use when requirements are fixed and you just need final pricing. Often used after RFP when you're ready to negotiate with finalists.

For colocation, an RFI is useful for initial market research to understand available providers and their general service offerings. An RFP is essential for a detailed evaluation of technical capabilities, security protocols, compliance adherence, and commercial terms, while an RFQ is less applicable due to the complexity and customization involved in colocation solutions.

Technical requirements checklist

Use this checklist when defining your RFP scope.

Power & Cooling

  • Redundant power feeds (A+B)
  • UPS redundancy (N+1, 2N)
  • Backup generator capacity and fuel supply
  • Cooling capacity per rack (kW)
  • Liquid cooling support (if needed)

Network Connectivity

  • Carrier neutrality
  • Meet-Me Room (MMR) access
  • Available bandwidth and latency
  • Cloud on-ramp locations
  • Software-Defined Interconnection (SDI) capabilities

Security & Compliance

  • Physical security measures (perimeter fencing, cameras, biometric access)
  • 24/7 on-site security
  • SOC 2 Type II certification
  • ISO 27001 certification
  • HIPAA compliance (if applicable)

Remote Hands & Support

  • 24/7/365 on-site support
  • Remote hands services (reboots, cable management)
  • Escalation procedures and SLAs
  • Hardware swap support
  • Troubleshooting and diagnostics

Facility Specifications

  • Tier level (Tier 3 or Tier 4)
  • Floor loading capacity
  • Seismic zone rating
  • Fire suppression systems
  • PUE (Power Usage Effectiveness)

Questions to include in your RFP

Facility Infrastructure

  • Describe the facility's power infrastructure, including redundancy levels and backup power sources.
    Ensures business continuity during power outages.
  • What is the cooling infrastructure design, and how does it support high-density deployments?
    Critical for supporting modern, power-intensive hardware.
  • What is the Power Usage Effectiveness (PUE) of the facility?
    Indicates energy efficiency and impacts operating costs.
  • Describe your fire suppression and environmental monitoring systems.
    Protects equipment from damage and ensures a stable operating environment.

Network Connectivity

  • What is your carrier-neutrality policy, and what carriers are available in your Meet-Me Room?
    Provides flexibility in choosing network providers.
  • Describe your network infrastructure and redundancy measures.
    Ensures network availability and minimizes downtime.
  • Do you offer direct connections to major cloud providers, and what are the associated costs?
    Reduces latency and data transfer costs for hybrid cloud environments.
  • What are your bandwidth options and pricing structures?
    Impacts network performance and operational expenses.

Security & Compliance

  • Describe your physical security measures, including access control and surveillance systems.
    Protects equipment and data from unauthorized access.
  • What compliance certifications do you hold (e.g., SOC 2, ISO 27001, HIPAA)?
    Demonstrates adherence to industry standards and regulatory requirements.
  • Describe your data security policies and procedures.
    Ensures the confidentiality and integrity of sensitive data.
  • What is your incident response plan, and how often is it tested?
    Ensures a swift and effective response to security incidents.

Remote Hands & Support

  • What remote hands services do you offer, and what are the associated costs?
    Provides on-site support for basic tasks and troubleshooting.
  • What are your service level agreements (SLAs) for uptime and response times?
    Defines performance expectations and guarantees service availability.
  • Describe your escalation procedures for critical issues.
    Ensures timely resolution of urgent problems.
  • What is your customer support team's availability and expertise?
    Provides access to knowledgeable support staff.

Financial & Contractual

  • What is your pricing structure, including recurring fees and one-time charges?
    Provides transparency into overall costs.
  • What are the contract terms and conditions, including renewal options and termination clauses?
    Defines the rights and obligations of both parties.
  • What are your financial stability and credit rating?
    Ensures the provider's long-term viability.
  • Do you offer flexible contract terms to accommodate future growth or changes in requirements?
    Provides adaptability to evolving business needs.

Sustainability & ESG

  • What sustainability initiatives do you have in place to reduce your environmental impact?
    Demonstrates commitment to environmental responsibility.
  • Do you use renewable energy sources, and what is the percentage of renewable energy in your power mix?
    Reduces carbon footprint and reliance on fossil fuels.
  • Do you provide carbon emissions reporting for your customers?
    Enables tracking and reduction of carbon footprint.
  • What are your water conservation efforts and cooling technologies?
    Reduces water consumption and improves cooling efficiency.

Compliance and security requirements

Depending on your industry, you may need to require proof of these certifications and standards.

SOC 2 Type II

Required when handling sensitive customer data. If applicable, request the latest SOC 2 Type II audit report.

ISO 27001

Required for organizations requiring a robust information security management system. If applicable, request a copy of their ISO 27001 certification.

HIPAA

Required if handling protected health information (phi). If applicable, request a Business Associate Agreement (BAA) and documentation of HIPAA compliance measures.

PCI-DSS

Required if processing, storing, or transmitting credit card data. If applicable, request their PCI-DSS Attestation of Compliance (AOC).

FISMA

Required for us federal government agencies and contractors. If applicable, request documentation of FISMA compliance and security controls.

Evaluation criteria

Here is the suggested weighting for colocation RFPs.

Infrastructure Reliability & Redundancy Evaluates the robustness of power, cooling, and network infrastructure.
25%
Security & Compliance Assesses the provider's security measures and compliance certifications.
20%
Network Connectivity & Performance Evaluates network bandwidth, latency, and carrier options.
15%
Total Cost of Ownership (TCO) Considers all costs, including recurring fees, one-time charges, and bandwidth costs.
15%
Remote Hands & Support Services Evaluates the quality and availability of on-site support services.
10%
Sustainability & ESG Initiatives Assesses the provider's commitment to environmental sustainability.
10%
Scalability & Future-Proofing Evaluates the provider's ability to support future growth and technology advancements.
5%

Some weights were adjusted based on your priorities.

  • Increase if downtime is highly critical to business operations.
  • Increase for organizations in highly regulated industries.
  • Increase for applications requiring low latency and high bandwidth.
  • Increase for budget-constrained organizations.
  • Increase for organizations with strong ESG goals.

Red flags to watch

  • Vague pricing with numerous add-ons

    Indicates a lack of transparency and potential for hidden costs.

  • Lack of relevant compliance certifications

    Suggests inadequate security controls and potential regulatory risks.

  • Limited carrier options and network redundancy

    Increases the risk of network downtime and performance issues.

  • Inadequate cooling capacity for high-density deployments

    May lead to overheating and performance degradation for modern hardware.

  • Poorly defined service level agreements (SLAs)

    Provides limited recourse in case of service disruptions or performance issues.

Key metrics to request

Ask vendors to provide benchmarks from similar customers.

Uptime percentage

Measures the overall availability of the colocation services.

Mean Time To Repair (MTTR)

Indicates the speed and effectiveness of incident resolution.

Power Usage Effectiveness (PUE)

Reflects the energy efficiency of the data center.

Network latency

Impacts application performance and user experience.

Customer satisfaction scores

Provides insight into the overall quality of service and support.

Time to provision new services

Indicates the provider's agility and responsiveness to changing needs.