←

MES RFP: Structure, Question Bank & Vendor-Side View

By Uwe Kobbert · Last updated: April 2026

What a MES RFP actually is — and what the template version of this article does not tell you

A MES RFP (Request for Proposal) is the formal procurement document through which a manufacturing organisation asks selected MES software vendors to submit structured, comparable proposals for a defined project scope. That is the textbook definition. It is also the definition that, after thirty years on the vendor side of this market, I find less and less useful — because it describes what an RFP is without saying anything about what an RFP is for, which is the question that actually determines whether the resulting project succeeds or dies two years later in a steering-committee meeting that nobody wants to have.

I founded symestic in 1995, and between my earlier years at SAS and STERIA and the last three decades running this company, I estimate I have personally read or overseen responses to somewhere around eight hundred MES RFPs across four continents. Maybe one in seven of those was what I would call a serious procurement document — one that produced a better project than the customer would have produced without the RFP process. The rest fell into a small number of predictable failure patterns, and the remarkable thing about those patterns is that they do not correlate with customer size, industry, or budget. A €50 million Mittelständler and a €5 billion multinational produce ceremonial RFPs at roughly the same rate, for roughly the same reasons, and the vendor side of the market can diagnose the pattern within the first five pages of the document. This article is the version of the RFP guide I wish existed when customers first started sending us RFPs — written from the vendor's perspective, which is the perspective that most RFP-writing guidance ignores, because most of that guidance is written by consultants who sell RFP writing as a service.

RFI vs RFP vs RFQ — choosing the right procurement instrument before writing anything

The single most common mistake in MES procurement is choosing the wrong instrument. Organisations default to "we will do an RFP" without asking whether an RFP is actually the right tool for the decision they are trying to make. The three standard instruments exist for three genuinely different situations, and the effort of matching the instrument to the situation is among the highest-leverage decisions in the entire procurement process.

Instrument	Purpose	When to use	Output
RFI (Request for Information)	Non-binding market exploration. Learn what is available, shortlist credible vendors, refine your own requirements.	You do not yet know what the market offers, or which 3–5 vendors belong on your shortlist. Typically 4–6 weeks before the RFP.	Shortlist of 3–5 qualified vendors + refined internal understanding of what a realistic MES project looks like.
RFP (Request for Proposal)	Binding solution proposal from shortlisted vendors. Evaluates fit, approach, risk, and total cost against a defined scope.	You have a shortlist, you know roughly what you need, and you need structured, comparable proposals to make a decision.	Selection of 1–2 preferred vendors for final contracting phase.
RFQ (Request for Quotation)	Price-focused inquiry on a precisely defined scope. Used when the what is fully specified and only the how much needs comparison.	Rarely appropriate for MES. Works only when you are buying a very standardised, commodity-style deployment — which in MES is uncommon.	Price comparison for an already-decided solution approach.

The mistake I see most frequently is organisations running an RFP when an RFI would have been more appropriate — because they have not yet understood the market well enough to ask informed questions. The RFP that results is full of questions the customer does not really know how to evaluate, vendors answer in language the customer cannot distinguish between, and the final selection is made on criteria (reference customers, brand recognition, price) that could have been established faster through a two-week RFI. If you are reading this article because you are "about to write an MES RFP," the first question to ask is whether a lightweight RFI would not save you three months of work. The second-most-common mistake, considerably less frequent but more consequential, is running an RFQ when the scope is not actually stable — which turns the subsequent change-order negotiations into the real procurement process.

The Five Blocks — structure of a MES RFP that actually produces comparable proposals

A MES RFP should organise around five distinct content blocks, because these are the five dimensions on which MES projects genuinely differ and on which vendors meaningfully compete. Organising the document around anything else — product features, industry use cases, organisational structure — produces responses that cannot be compared. The five blocks below are the structure I would recommend if a customer asked me to design their RFP from scratch, which is a question I have been asked often enough over thirty years to have converged on a stable answer.

Block	What it evaluates	Weight in scoring
1. Implementation	How vendor plans and runs the project from kick-off to go-live. Approach, roles, milestones, acceptance criteria, standard vs. custom.	25–30 %
2. Data connectivity & integrations	How vendor handles OT and IT integration. PLCs, SCADA, ERP, MES, historians, quality and maintenance systems. Error handling, monitoring.	25–30 %
3. Operations after go-live	How vendor runs the system once it is in production. SLA, updates, monitoring, incident management, disaster recovery.	15–20 %
4. Security & compliance	Authentication, tenant isolation, encryption, logging, penetration testing, certifications (ISO 27001, SOC 2), regulatory alignment (NIS2, GMP if applicable).	15–20 %
5. TCO & commercial model	Complete cost picture over the contract lifetime. Licence model, implementation, operations, extensions, exit.	15–20 %

The question bank — approximately 50 questions across the five blocks

Below is the actual question bank. These are the questions I would want to see in a serious MES RFP. Every question is designed to produce an answer that either differentiates vendors meaningfully or reveals a risk. Questions that do not satisfy one of those two criteria should be removed. The total target size is 40–60 questions — enough to cover the material, few enough to get thoughtful answers rather than boilerplate. RFPs exceeding 200 questions almost always get boilerplate back; the signal-to-noise ratio is worse than for a well-scoped 50-question document.

Block 1: Implementation (10–12 questions)

#	Question	What the answer reveals
1.1	Describe your standard implementation approach from kick-off to go-live, including phase names, durations, and acceptance criteria per phase.	Whether the vendor has a repeatable method or improvises per project.
1.2	What is the ratio of standard configuration to custom code in a typical project with our profile? How do you handle scope items that fall outside standard?	Vendor's honesty about customisation cost and risk.
1.3	For a pilot covering one line (roughly 5–10 machines) to go-live, what timeline do you commit to? Please specify preconditions.	Speed and the realism of commitment.
1.4	Which roles does your team provide (named with experience level)? Which roles do you expect from the customer side, with what FTE commitment?	Hidden customer effort that is often under-estimated.
1.5	What data and process clean-up must the customer complete before go-live? Master data, fault code catalogue, order structures?	Scope clarity for customer-side prework.
1.6	Describe your pilot-to-rollout scaling approach. How do you ensure pilot learnings propagate to subsequent lines/plants?	Multi-site rollout capability vs. single-project vendor.
1.7	Provide 3 reference projects of comparable profile (industry, size, process). Include contact details for reference calls.	Whether vendor has genuinely comparable experience.
1.8	What training is included in implementation? Key-user, operator, administrator? Format, duration, retention approach?	Hidden training cost and knowledge-transfer quality.
1.9	What is your change management process during implementation? How are scope changes costed and approved?	Financial risk exposure during the project.
1.10	Describe a project that went significantly worse than planned. What happened, what was the root cause, what did you change afterwards?	Vendor maturity and willingness to discuss failure honestly.

Block 2: Data connectivity & integrations (12–15 questions)

#	Question	What the answer reveals
2.1	Which industrial protocols do you support in production (not just theoretically)? OPC UA, Modbus, Profinet, S7, MQTT, raw digital I/O?	Breadth of real-world connectivity.
2.2	For OPC UA specifically: which companion specifications have you deployed (UMATI, Euromap, Weihenstephan, PackML)? With examples.	Whether "OPC UA support" means real vs. theoretical.
2.3	Describe your approach to brownfield machines without native PLC connectivity. Retrofit options, estimated effort per machine, without PLC changes.	Realistic fit for most Mittelstand production environments.
2.4	For ERP integration (SAP, Infor, Microsoft Dynamics, proAlpha): which standard connectors do you provide, which integration patterns do you recommend (IDoc, BAPI, OData, REST)?	ERP-integration effort and maintenance burden.
2.5	How does your integration handle error scenarios: network outages, delayed messages, duplicate events, retry logic, dead-letter queues?	Production-grade engineering vs. happy-path-only implementation.
2.6	Describe end-to-end data flow for a typical production order: ERP → MES → machine → feedback → ERP. Include timing, error paths, reconciliation.	Integration architecture maturity.
2.7	What monitoring and alerting do you provide for integration health? Who owns the alerts during operation?	Operational maturity of the integration layer.
2.8	Describe your API surface. REST, GraphQL, webhooks? Versioning policy? Rate limits? Documentation URL?	Openness and third-party extensibility.
2.9	For a mixed brownfield/greenfield machine park with 5 different PLC generations, outline your connectivity strategy with estimated effort.	Pragmatism and honesty about mixed-fleet reality.
2.10	Which historian, LIMS, CAQ, CMMS, and BI integrations have you deployed in production? Provide examples.	Ecosystem integration depth.
2.11	How do you version and migrate integration configurations? How is a new PLC firmware tested against an existing connector?	Long-term maintenance burden.
2.12	For cloud MES specifically: what is the edge/gateway architecture? Edge buffering in case of connectivity loss? Store-and-forward?	Robustness of cloud-native architecture for industrial reality.

Block 3: Operations after go-live (8–10 questions)

#	Question	What the answer reveals
3.1	What availability SLA do you commit to? Measured how, excluded windows, credit structure for breach?	Real operational commitment vs. marketing number.
3.2	Describe your update and release process. Frequency, downtime, rollback procedure, regression testing.	Operational maturity and change risk during lifetime.
3.3	What are your RPO and RTO commitments? How is disaster recovery tested, how often, with what evidence?	Business-continuity readiness.
3.4	Describe your incident management process. Severity classification, escalation, post-incident review.	Professionalism of operational response.
3.5	What support channels do you offer, with what response-time and resolution-time commitments per severity?	Real support depth.
3.6	For cloud MES: which hyperscaler(s), which regions, data residency options? Can customer choose?	Data sovereignty and compliance fit.
3.7	Provide availability statistics for the last 12 months (uptime, number of incidents, mean time to resolve).	Actual operational track record.
3.8	What scaling approach is in place when customer adds 100+ machines in a short window? Any throughput ceiling?	Architectural scalability.

Block 4: Security & compliance (8–10 questions)

#	Question	What the answer reveals
4.1	Which certifications do you hold? ISO 27001, SOC 2 Type II, ISO 27017/27018 for cloud. Attach certificates.	Third-party-audited security posture.
4.2	Authentication: SAML 2.0, OIDC, Azure AD, MFA mandatory, password policy? Role-based access control granularity?	Enterprise-grade authentication maturity.
4.3	For SaaS: how is tenant isolation implemented? Logical, schema-level, database-level? Evidence of testing?	Multi-tenant security depth.
4.4	Encryption: in transit (TLS version minimum) and at rest (AES-256, key management, customer-managed keys option)?	Cryptographic controls completeness.
4.5	What logging and audit trail exists for user actions, administrative actions, and data changes? Retention period? Customer access?	Forensic and audit readiness.
4.6	Penetration testing: how often, by whom, report sharing policy, remediation SLA?	Active security-testing discipline.
4.7	NIS2 Directive (EU 2022/2555) readiness: how does your platform support essential and important entities' obligations? Incident reporting timelines?	EU cybersecurity regulatory fit as of 2026.
4.8	Describe your vulnerability disclosure process, security incident communication policy, and breach notification SLA.	Transparency and incident communication maturity.
4.9	For regulated environments (GMP Annex 11, 21 CFR Part 11, IATF 16949): which specific compliance features are supported? Validation documentation?	Regulatory fit where applicable.

Block 5: TCO & commercial model (8–10 questions)

#	Question	What the answer reveals
5.1	Describe your licence model: per machine, per user, per site, flat-rate per plant? Cost drivers explicitly named.	Commercial transparency.
5.2	One-time costs: setup, implementation, data integration (per system), training. Fixed-price or time-and-materials?	Project-cost predictability.
5.3	Recurring costs: subscription, hosting, support, updates. Include indexation clause and any automatic annual increase.	Long-term cost exposure.
5.4	Scaling costs: adding 1 line, adding 1 plant, adding 100 machines. Price on your standard scenario.	Future expansion cost.
5.5	Change costs: new integration, new report, new workflow during operations. Rate card, typical effort range.	Change-cost exposure during run phase.
5.6	Exit costs: notice period, data export format (proprietary vs. standard), migration support, termination fee.	Vendor lock-in risk.
5.7	Provide 3-year and 5-year TCO calculation for our specified scope (standardised template provided by customer).	Comparable total-cost view.
5.8	Contract terms: minimum term, renewal terms, price-adjustment mechanism, service-credit mechanism, termination for cause.	Commercial flexibility.

Use cases — the three end-to-end scenarios that actually test vendors

A serious MES RFP includes three end-to-end use cases that vendors must answer as full solution outlines, not as yes/no feature checks. These are where genuine differentiation emerges. A feature checklist tests whether a vendor has a box to tick; a use case tests whether a vendor understands how the boxes connect. Below is the template I recommend.

Element	What the customer specifies
Trigger	What operational event starts the use case (order release from ERP, machine alarm, shift handover, quality event).
Systems involved	Named (SAP S/4 HANA with ME module, Siemens S7-1500 PLCs, OSIsoft PI historian, CAQ.Net by Böhme & Weihs).
Data elements	What data flows and where (order number, material, BOM, machine cycle, downtime reason code, quality result).
Expected behaviour	Step-by-step process the MES should execute, with timing expectations.
Error scenarios	What happens if ERP is unreachable, PLC is disconnected, user mis-enters data.
Acceptance criteria	Measurable outcomes proving the use case works (order status visible within 30 seconds, downtime captured within 60 seconds, quality result written back to ERP within 5 minutes).
Required vendor response	Solution narrative covering data flow diagram, configuration vs. custom, estimated effort, risks, dependencies.

The three use cases should cover: (1) an order-to-close loop from ERP through MES to machines and back, (2) a downtime or quality event with operator classification and action flow, and (3) a multi-site or multi-line scenario testing scalability and consolidation. These three collectively exercise the full MES stack — order management, OEE and downtime, integration — in a way that no feature list can.

The four-dimensional scoring model — how to evaluate the responses

Most RFP scoring spreadsheets I have seen are weighted-average score cards with 40+ criteria, each rated 1–5, producing a composite score that looks precise and is operationally meaningless, because the spread between vendors on such models is usually within the noise of subjective interpretation. The scoring model that actually discriminates uses four dimensions, each evaluated independently, and then applied as a dominance check rather than a weighted average.

Dimension	What it measures	How to score
1. Functional fit	Does the proposed solution meet the requirements, including the use cases?	High / Medium / Low per use case; aggregate at block level.
2. Execution risk	How likely is the project to deliver on time, on budget, with committed scope?	Based on reference quality, method clarity, change-management process, honesty of failure discussion.
3. Total cost & commercial model	3- and 5-year TCO including integrations, scaling, change, exit.	Absolute number + cost-per-machine + cost-trajectory (is year-3 dominated by fees?).
4. Strategic fit	Does the vendor fit the customer organisation culturally and technologically? Size match, decision-velocity match, cloud vs. on-prem philosophy.	Qualitative judgement; often the dimension that decides between two otherwise-equal vendors.

Dominance check: if Vendor A is at least equal on three dimensions and strictly better on one, A wins. If no vendor dominates, the decision requires an explicit tradeoff discussion — which is exactly what the procurement process should produce. A weighted-average composite hides that tradeoff discussion rather than surfacing it, which is the reason serious procurement teams have largely abandoned weighted-average scoring for high-consequence decisions.

Vendor Red Flags — answers that should disqualify

Some answer patterns are reliable negative signals. After thirty years on the vendor side, I have seen these often enough to state them flatly: an RFP response containing three or more of the patterns below indicates a vendor that will produce a project worse than the customer deserves.

Red flag pattern	What it signals
"Yes, we support OPC UA" with no companion specification, no example, no namespace detail	Surface-level integration capability. The Integration Waffle.
Timeline commitments that do not vary by customer profile or scope	Boilerplate response, not engineered estimate.
"We cannot provide pricing until phase 2 / scoping workshop / technical deep-dive"	Vendor is pricing to your BATNA, not to value. The Pricing Black Box.
Reference projects that are either generic or refused altogether	Either the references cannot survive a call, or they do not exist in the claimed form.
Inability to describe a project that went badly	Either genuine inexperience or refusal to be honest — both disqualifying.
SLA numbers quoted without measurement methodology or credit structure	Marketing commitment without operational substance.
Security answers consisting entirely of marketing language ("enterprise-grade," "bank-level") with no specific controls	No actual security programme.
Exit clauses requiring more than 90 days notice or penalty-laden	Lock-in strategy disguised as "partnership."
Change-order rate cards priced at 3× implementation rates	The real price will come through change orders, not initial contract.

The RFP antipattern taxonomy — from thirty years on the vendor side

Here is the part of this article that most RFP-writing guides will not tell you, because most such guides are written by people who have never responded to an RFP. Customer-side RFP documents themselves have reliable failure patterns, and every experienced MES vendor has a classification system for the RFPs they receive. Ours has six named categories, all of which are pervasive enough to deserve explicit names.

Antipattern	What it looks like	What the vendor does
The Ceremonial RFP	Customer has already decided the vendor. RFP is issued to satisfy internal governance that three quotes were obtained. Question depth suggests the decision-maker wrote the RFP after choosing.	Serious vendors decline or respond with minimum effort. The non-preferred vendors are being used as procurement theatre.
The 500-Question RFP	Customer (or their consultant) has downloaded an RFP template and sent it unmodified. 500+ questions covering every conceivable MES function, including many irrelevant to the customer's scope.	Boilerplate answers. The document is too large to answer thoughtfully in the timeframe; vendors paste from previous responses.
The Political RFP	RFP contains contradictory requirements reflecting unresolved internal conflicts. IT wants cloud; plant wants on-prem. Corporate wants standardisation; plants want local flexibility. The RFP is an alignment tool, not a procurement document.	Vendors identify the contradictions in pre-submission Q&A. Whether the customer responds constructively is a diagnostic signal.
The Copy-Paste RFP	Identical RFP document sent to 10+ vendors with no adaptation to vendor profile. SAP ME, a cloud-native Mittelstand vendor, and a niche specialist all get the same 200-question document.	Vendors self-select out based on fit; the ones who respond are either desperate or boilerplate-only. Customer gets worse responses than targeted outreach would have produced.
The Ceremonial POC	Customer requires a Proof-of-Concept that cannot produce differentiating information in the timeframe allowed — e.g. "deploy at one machine in 2 weeks, we'll evaluate."	Vendors respond either by declining or by running a theatrical POC that does not exercise real integration complexity.
The Missing Business Case	RFP specifies detailed requirements but does not state what the customer expects to get from the project — OEE target, payback period, specific KPI movements.	Vendors cannot propose the right scope because the success criteria are not defined. Every proposal is effectively solving a different problem.

The cost of the RFP process itself

Running an MES RFP is not free. The costs are systematically under-counted because most of them are internal labour that does not appear on a procurement line item. Below is the realistic cost breakdown for a Mittelstand-scale MES procurement (€200k–800k project).

Cost element	Typical range (Mittelstand)
Internal effort: requirements gathering, RFP writing, evaluation (IT + Ops + Production, 40–120 person-days)	€30k–€80k (internal loaded cost)
External consultancy (if used): RFP design, vendor evaluation support	€20k–€100k
Vendor-side cost per serious response (5–15 person-days)	€15k–€40k per vendor (absorbed by vendor but ultimately priced into offers)
Opportunity cost of delayed go-live (typical 3–6 months of RFP process vs. direct engagement)	Project-specific; often exceeds RFP costs by 3–5×
Total system cost of a typical MES RFP	€100k–€300k+

This cost is worth paying if the RFP produces a materially better decision than a lighter procurement approach. It is not worth paying if the decision was effectively predetermined or if the scope is too small to justify the overhead. For many Mittelstand MES projects under €200k initial value, a lightweight RFI + direct proposal from 2–3 targeted vendors + a paid two-week pilot produces a better decision at one-third the system cost.

The Mittelstand alternative — when an RFP is overkill

If your organisation is a Mittelständler buying your first MES, with fewer than 5 plants and a project budget under €200k, I will state this plainly: running a formal RFP is probably the wrong procurement instrument. The reason is not that RFPs are bad; it is that the procurement overhead scales poorly for small procurements. A €100k project that takes 6 months to procure and €80k of internal cost to evaluate has a pre-project cost-to-value ratio that is economically unattractive before you have even started implementing. The alternative path that works well for this customer profile is structured as follows:

Step	Duration	Output
1. Targeted RFI to 4–6 vendors with 10 questions covering the 5 blocks at high level	2 weeks	Shortlist of 2–3 vendors that fit profile
2. Focused solution workshop with each shortlisted vendor (half-day each, with real machine data)	1–2 weeks	Concrete proposal + quoted price per vendor
3. Paid pilot / POC with preferred vendor on 1 line, 2–4 weeks	2–4 weeks	Go/no-go decision with real data
4. Contract & rollout based on pilot results	1–2 weeks	Signed contract, rollout kick-off

Total procurement cycle: 6–10 weeks vs. 12–24 weeks for a formal RFP. Internal cost: €15k–€35k vs. €50k–€180k. The decision quality is typically better because the paid pilot produces real operational data that no RFP response can approximate. This approach only works if (a) the organisation is small enough for decision-makers to be directly involved without formal procurement governance, (b) the market has been mapped adequately in advance, and (c) the pilot is genuinely paid and genuinely evaluative — not a free-trial-dressed-as-POC. But where these conditions hold, which they do for most Mittelstand MES projects, this path produces materially better outcomes than a formal RFP.

Public-sector and regulated procurement — where formal RFPs are non-negotiable

For German public-sector or quasi-public manufacturing procurement, the RFP path is not optional. EVB-IT (Ergänzende Vertragsbedingungen für die Beschaffung von IT-Leistungen) provides the standard contract frameworks; UfAB (Unterlage für die Ausschreibung und Bewertung von IT-Leistungen) provides the federal procurement guide with scoring-methodology templates. EU public procurement thresholds (currently €221k for supplies and services as of 2026) trigger formal procurement under VgV / UVgO rules. These frameworks change the entire procurement structure in ways that exceed the scope of a general glossary article — any public-sector or utility-sector procurement should engage specialist procurement counsel from day one. For regulated industries, GMP Annex 11 / 21 CFR Part 11 evaluation adds a validation-lifecycle dimension to the RFP that private-sector commercial buyers do not face, and the RFP should include explicit validation-documentation questions under Block 4.

From thirty years of reading MES RFPs — at SAS, at STERIA, and across three decades running symestic: my rough estimate is that I have personally read or overseen responses to around eight hundred MES RFPs. Of those, somewhere between a hundred and a hundred-and-twenty were what I would call serious procurement documents — the kind that produced a better project outcome than the customer would have produced without the process. The remaining six hundred-plus fell into the six antipatterns I described above, with The Ceremonial RFP alone accounting for somewhere around a third of everything we see, The 500-Question RFP another quarter, and the other four categories splitting the rest. The pattern that has surprised me most consistently over three decades is that the seriousness of an RFP is almost completely uncorrelated with the size, sophistication, or budget of the issuing organisation. I have seen €5 billion multinationals issue ceremonial RFPs and €80 million family-owned Mittelständler issue genuinely serious ones. What correlates with RFP quality is not the organisation; it is the individual people driving the procurement and whether they actually want the best possible answer or whether they want the procurement process to produce the answer they have already decided on. When a production director or COO writes the RFP personally and genuinely does not know which vendor they prefer, the document is almost always serious: the questions are pointed, the use cases are real, the evaluation criteria are honest, and the follow-up engagement is substantive. When a procurement department writes the RFP on behalf of an operations stakeholder who has already picked their vendor, the document is almost always ceremonial: the questions are generic, the use cases are abstract, the evaluation criteria are cosmetic, and the follow-up engagement is perfunctory. As a vendor, we learned over the years to diagnose this within the first five pages of the document — the specificity of the questions, the presence or absence of named reference systems, whether timeline and pricing questions have precise scaffolding or leave vendors to define the answers themselves, whether the document acknowledges uncertainty or pretends to know everything. And we learned to calibrate our investment in the response accordingly: a serious RFP gets our best technical and sales engineers, a senior-executive review, a customised technical demonstration, a real commitment of executive attention; a ceremonial RFP gets a respectful but boilerplate response, because there is no amount of effort that will change the outcome, and the time invested would be better spent on customers who are genuinely undecided. The customers who get disappointing responses to their RFPs — vague, boilerplate, uninvested — are almost always customers who issued a document that signalled, within the first five pages, that the response did not matter. If you are reading this article while working on an MES RFP, and the question "is our document signalling seriousness?" makes you slightly uncomfortable, that discomfort is almost certainly the right signal. The fix is not to write a bigger document; it is to write a smaller, more specific, more honest one. The vendors you most want serious responses from will recognise the seriousness signal immediately, and the effort they invest in the response will be several times what you would have received from a conventional 200-question template. This is the single most actionable piece of procurement advice I can offer after three decades of observation: write the shortest RFP that contains every question you genuinely need answered, acknowledge the uncertainties you have not yet resolved, commit to specific timelines and decision criteria, and your vendor-response quality will improve by a factor that no template-expansion can match.

FAQ

Who should be involved in a MES RFP on the customer side?
At minimum: production management as requirements owner, IT for integration and security, OT or automation engineering for machine connectivity, procurement for commercial frame. Quality and maintenance should contribute the use cases if those are in scope. The decision-maker is typically the COO or plant manager, but the requirements originate from operations. Procurement should not be the only author of the RFP; operations-authored RFPs consistently produce better outcomes.

How many vendors should be invited?
Three to five is the pragmatic range. Fewer than three provides too little comparison; more than five creates evaluation overhead disproportionate to the benefit, because the incremental vendor beyond five rarely wins. A lightweight RFI before the RFP reduces the invitation list efficiently.

What is the difference between an RFI, RFP, and RFQ?
RFI is non-binding market exploration; RFP is a binding solution proposal on a defined scope; RFQ is price-focused on a fully specified solution. For MES procurement, RFI and RFP are the common tools; RFQ is rarely appropriate because MES scopes are too bespoke for pure price comparison.

How long should a MES RFP process take?
From issue to vendor selection, 8–12 weeks is the realistic range. Longer does not produce better answers; it just produces more process. Key milestones: 2 weeks for pre-submission Q&A, 3–4 weeks for vendor response preparation, 2–3 weeks for evaluation and shortlist, 1–2 weeks for final presentations.

What is The Ceremonial RFP?
The pattern in which an RFP is issued not to determine the vendor selection but to satisfy internal governance that three quotes were obtained — the customer has already decided. Accounts for roughly a third of all MES RFPs. The diagnostic signals are visible within the first five pages: generic questions, abstract use cases, cosmetic evaluation criteria, and perfunctory follow-up engagement.

What is The 500-Question RFP?
The pattern in which a customer (often via a consultant) sends an unmodified template RFP with 500+ questions covering every conceivable MES function, most irrelevant to the actual scope. Vendors respond with boilerplate because the document is too large to answer thoughtfully. Cure: reduce to 40–60 targeted questions that directly affect the decision.

What is The Integration Waffle?
The vendor-side pattern in which integration questions receive surface-level affirmative answers ("yes, we support OPC UA") without specific detail on companion specifications, namespaces, error handling, or deployed examples. Red-flag pattern. A serious vendor distinguishes between "we have read the OPC UA specification" and "we have deployed OPC UA against 200 machines in production with the following companion specs."

Do we need to run an RFP at all for a small MES project?
For Mittelstand projects under €200k with 1–3 plants, probably not. A lighter path of RFI → targeted workshops with 2–3 vendors → paid pilot with preferred vendor typically produces better decisions at one-third the system cost. RFPs make sense when the procurement governance requires them, when scope exceeds €500k, or when multiple internal stakeholders need a structured alignment instrument.

How should we evaluate responses?
Four-dimension scoring: (1) functional fit against requirements and use cases, (2) execution risk based on references and methodology, (3) TCO over 3- and 5-year horizons, (4) strategic fit between customer and vendor organisations. Evaluate each dimension independently and apply a dominance check rather than a weighted-average composite — if no vendor dominates, surface the tradeoff discussion explicitly.

What should the exit clause cover?
Notice period (90 days or less is reasonable), data export format (standard format like CSV/Parquet, not proprietary), migration support commitment (vendor provides data in usable form for X months after termination), any termination fees, and cause-based termination rights. The exit clause is often the only real commercial leverage the customer retains after signing; it deserves explicit attention during RFP evaluation, not contract-stage negotiation.

What about NIS2 and security certifications?
As of late 2024 EU Member States have transposed the NIS2 Directive (EU 2022/2555), and essential and important entities in manufacturing sectors face incident-reporting obligations, supply-chain security requirements, and executive accountability. Your MES vendor is part of your supply chain and must support these obligations. ISO 27001 and SOC 2 Type II certifications, MFA enforcement, tenant isolation evidence, and incident-notification SLAs are now standard RFP requirements rather than optional enhancements.

Related: MES: definition, functions & benefits · MES software compared · MES requirements · OEE · OEE software · MESA-11 (MES functional model) · Composable MES · Alarm management · Industrial data historian · Digital shift log · Downtime reason catalog · Shop floor control · Process documentation · Change control · E2E traceability · Recipe management · Predictive quality · Schedule adherence · On-Time Delivery · A3 problem solving · MDE · BDE · Production metrics · Production control · Production planning · Alarms · Process data · For COOs & plant managers · For operational excellence. External references: VDI 5600 (German MES function standard, foundation for functional requirement scoping) · ISA-95 (scope definition for MES integration) · NIS2 Directive (EU 2022/2555) (cybersecurity obligations in supply chain) · ISO 27001 (information security management) · EVB-IT (German IT procurement contract frameworks) · UfAB (Unterlage für die Ausschreibung und Bewertung von IT-Leistungen).

About the author

Uwe Kobbert

Founder and CEO of symestic GmbH. 35+ years in manufacturing. Dipl.-Ing. Nachrichtentechnik/Elektronik. Consultant at SAS Heidelberg (1989–1992), Head of Industry at STERIA Software Partner (1992–1995) with responsibility for process control and Manufacturing Execution Systems in food and beverage. Founded symestic in 1995 as an on-premise MES systems integrator; led the strategic transformation to cloud-native MES architecture in the mid-2010s; today responsible for platform strategy, product vision, and business development across 18 countries and 15,000+ connected machines. Self-financed, no external investors. Nominated for the Großer Preis des Mittelstandes (Oscar-Patzelt-Stiftung). Expertise: Manufacturing Execution Systems, OEE and production KPIs, shop-floor management, cloud-native manufacturing software, Industry 4.0, Lean production, industrial automation, process control systems, ERP-MES integration, PLC programming, JIT/JIS processes, batch manufacturing, automotive production, food industry. · LinkedIn

Start working with SYMESTIC today to boost your productivity, efficiency, and quality!