Is the proposed vendor financially stable enough to service the system and fulfill all contractual obligations during the period of use, and how was this assessed?

Who are the owners of the vendor and what are the sources of the vendor’s income?

How much debt does the vendor carry, what are the characteristics of this debt, and who is the vendor obligated to?

Is there any foreign ownership and/or influence on the vendor including the ownership of any parent companies/firms?

Do any of the owners have a strong political preference?

When was this class of voting machine first put in service?

What models were added to the class over time, and how did new models improve the machine/system?

What data was presented proving the machine/system functionality and resistance to hacking/vote manipulation?

Will the vendor allow the County, State, or designated Third Party to perform penetration testing and security audits on the vendor?

Are the hardware components commercial, off-the-shelf? Are the components purchased and/or developed from any foreign countries? If so, what and from which countries?

What is the sequence of steps for the voter, and is there any step that interposes between the voter and the precinct or central tabulator?

Precisely how is the voted recorded by the system and tabulated, and is there any step for the voter to verify his/her ballot?

Is the process suitable for a risk-limiting audit, and if not, what will substitute for a RLA?

Does the system reconcile vote tallies with the number of voters and at what level (machine, precinct, collection station, etc.)?

Does the system allow overvotes and does the system alert voters to undervotes?

What provisions exist to assure privacy for the voter, and what provisions exist to ensure all voters, included disabled voters, have equal access to the system and privacy?

What languages are provided to meet voter needs?

What provisions exist to assure the anonymity of the voter?

Does the system create a cast vote record for every ballot in a standard machine-readable format in a way that the original ballot corresponding to any CVR can be quickly and unambiguously identified and vice-versa?

What is the operating system, including the version to be installed?

What software does the vendor add to the system? What safeguards are there to ensure that any additions will be properly EAC certified?

Is the software open-source? If not, will the source code be disclosed? If not, why not, and whom will be allowed to inspect the same to ensure votes will be properly counted?

What hardware does the vendor supply in addition to the computerized vote recorder? Is this additional hardware purchased from U.S. owned companies? If not, identify what hardware is purchased from non-U.S. owned companies?

Is the software the vendor adds compatible with the OS? If so, how was this proven?

What is the plan to maintain both the software and OS and also maintain state certification?

What is the responsibility of Shelby County Election Commission for maintaining the OS and software including upgrades, updates, security patches and state certification?

Who bears the costs of installing upgrades, updates and security patches, and who bears the cost of obtaining state certification for any changes to the system?

Do all the components of the proposed system meet the Election Assistance Commission 2005 standards and has it been EAC certified?

Will the proposed system meet the impending new EAC standards? If not, what specific deficiencies are there?

What testing agencies evaluated the system? (Please provide copies of the testing agencies reports).

Are any parts not certified by EAC standards, and if so, which parts?

Has the firewall been certified by EAC standards? If so, please provide documentation.

Is the system installed anywhere in Tennessee? In the United States?

What lawsuits have been settled, and what lawsuits are pending regarding the system?

What feedback has the vendor received from users, both positive and negative?

Has the vendor had any cybersecurity incidents or breaches to itself or at any installed sites?

Does the vendor assist its customers in the mitigation of cybersecurity events in a transparent manner?

Does the vendor share information about cybersecurity breaches with its community of installed sites?

Does the vendor report and share other incidents with its customers and/or community of installed sites, such as hardware failure, unexpected software behavior, and behaviors that are inconsistent with user documentation?

What services does the vendor propose to sell to the Shelby County Election Commission and at what ongoing cost?

Which services does the Shelby County Election Commission intend to purchase?

Where are the machines, software, tabulators, servers and/or systems developed and made?

Do any components have a modem and/or communication capability?

What level of Information Technology is required to operate and maintain the system that is not provided by the vendor?

What Information Technology services are provided by the vendor?

Can the system be manipulated to alter votes and/or election outcomes, and if so how?