IT Infrastructure Assessment and Improvement Analysis Services

The Vendor is required to provide IT consulting firms to perform a comprehensive assessment of its current IT infrastructure and provide a detailed modernization roadmap.
- This engagement will evaluate network performance, cybersecurity posture, compliance alignment, scalability, operational maturity, and cost efficiency.
- This engagement is intended to identify risks, inefficiencies. It also intends to create a scalable, resilient IT foundation that supports the agency’s long-term digital transformation initiatives and interoperability across all the agency’s facilities.
- Objectives:
•    Performance and scalability: assessment of existing infrastructure (network, servers, storage, endpoints, cloud, backup, VoIP, and surveillance systems) to determine capacity, resiliency, and modernization requirements.
•    Modernization: identification of hardware refresh opportunities, cloud adoption pathways, virtualization improvements, and elimination of technical debt.
•    Network analysis: comprehensive review and testing of wan, LAN, VPN, Wi-Fi, and inter-site connectivity for performance gaps, redundancy, bandwidth optimization and resiliency.
•    Security and threat resistance: assess security posture including firewall configurations, threat detection systems, patch management, endpoint protection, and identity security, monitoring systems and data encryption.
•    Compliance: validate data protection compliance readiness against act, and state data protection standards, and industry frameworks.
•    Operational efficiency: analyze it service delivery, governance, policies, service management, change control, asset management, and vendor SLAS — for maturity and efficiency.
•    Roadmap development: delivery of a prioritized, cost-benefit-driven modernization plan outlining short-term mitigations and long-term strategic improvements.
•    Network architecture: recommend scalable, hybrid architectures that support secure interconnectivity between agency sites and state agency systems.
- Infrastructure Assessment
•    Network topology, redundancy, and equipment lifecycle.
•    WAN and VPN performance, remote access optimization, and encrypted traffic load.
•    Network latency, bandwidth utilization, packet loss, and end-user experience metrics.
•    Wi-Fi density, coverage modeling, and interference detection in each building.
•    Server and storage configuration, virtualization efficiency, redundancy, and backup integrity.
•    Endpoint imaging standards, patch management compliance, asset inventory accuracy, and lifecycle status.
•    Zero Trust Network Architecture (ZTNA) alignment and network segmentation and access models.
•    Hybrid cloud architecture readiness and integration with state systems or other agency partners.
•    Backup and disaster recovery strategies, recovery point objectives, and recovery time objectives.
•    Business impact analysis (BIA) to align infrastructure resilience with program critical functions.
- Cybersecurity and Compliance
•    Assessment of Firewall rulesets, antivirus, Endpoint security, intrusion detection (IDS/IPS), log monitoring retention.
•    Review of PHI handling practices and HIPAA compliance alignment, encryption standards, and secure data destruction.
•    Vulnerability scanning and penetration testing (internal and external), email security posture, endpoint detection and response (EDR), and cloud identity management.
•    Evaluation of identity and access controls, MFA enforcement, privileged access management, and IAM policies.
•    Assessment of cybersecurity governance, incident response readiness, and risk management practices.
- IT Operations and Management
•    IT service management (ITSM) practices, helpdesk tools, and response procedures.
•    Monitoring tools, documentation quality, and incident response workflows.
•    Monitoring and alerting systems for uptime and performance tracking, security events and performance.
•    Asset management accuracy, lifecycle planning, serialization, and automation tools.
•    Vendor contract effectiveness, SLA adherence, and vendor management and contract efficiency strategies.
•    Maturity of change management, configuration management, and patch automation tools.
•    IT governance framework, risk controls, and policy alignment with industry best practices 

- Contract Period/Term: 3 years
- Questions/Inquires Deadline: January 2, 2026