Cybersecurity Assessment Services

The Vendor is required to provide to undertake a comprehensive cybersecurity and resilience assessment that evaluates the current security posture, identifies vulnerabilities, and informs the development of a strategic roadmap for ongoing security improvement.
- The assessment must be conducted in alignment with recognized frameworks and be adapted to the organization’s size, sector, and risk profile.
- Project is to:
•    Provide an objective, end-to-end evaluation of cybersecurity governance, infrastructure, and practices.
•    Identify strengths, weaknesses, and priority areas/actions for remediation.
•    Develop a collaborative cybersecurity strategy that reflects organizational needs, resources, and risk tolerance.
•    Present findings in formats suitable for both technical staff and executive leadership.
- Comprehensive Review and Scoping Session – Initiate the engagement with a review of agency technology environment, governance structures, and service needs. Facilitate a scoping session with agency leadership and technical staff to co-develop a tailored plan for the assessment and subsequent strategy development.
- Governance and Risk Management Review – Assess cybersecurity governance structures, roles, policies, procedures, and AI applications. Evaluate alignment with legislation, regulatory requirements, and industry best practices, and identify gaps in risk management processes. 
- Technology and Infrastructure Assessment – Conduct a high-level vulnerability and configuration review of critical systems, networks, cloud environments, and AI applications.
- Identity, Access, and Data Protection Review – Assess identity and access management practices, data protection measures, and monitoring/logging.
- Incident Response and Resilience Evaluation – Evaluate incident detection, response, recovery capabilities, and business continuity practices. Review and provide recommendations to strengthen business continuity and disaster recovery capabilities.
- Culture and Capacity Assessment – Evaluate staff awareness and cybersecurity training programs. Identify opportunities to build organizational capacity and reinforce a culture of cybersecurity awareness and accountability.
- Assessment Report and Executive Summary – Prepare a comprehensive report summarizing findings, risk ratings, and prioritized recommendations, accompanied by a concise executive summary suitable for senior leadership and governance audiences.
- Cybersecurity Strategy and Roadmap – Develop, in collaboration with agency, a strategic roadmap that outlines short-, medium-, and long-term actions and priorities, resourcing considerations, and key performance measures to guide future security initiatives.
- Best Practices Reference Document – Produce a practical guide that captures cybersecurity best practices tailored to agency environment, serving as a reference tool for current and future staff.
- Presentation of Findings – Deliver presentations to both technical teams and executive leadership, highlighting key findings, risks, and recommended next steps for strategic decision-making.