IT Services

The Vendor is required to provide IT service continuity and IT incident response capabilities, with particular emphasis on cybersecurity and technology-related disruptions.
- Comprises two core components:
•    Assessment of IT service continuity capabilities and 
•    Assessment of IT incident response framework.
- Assessment of IT service continuity capabilities
•    Governance structures, roles, responsibilities, and oversight mechanisms supporting IT service continuity. 
•    Alignment of IT recovery strategies, recovery time objectives (RTOS), and recovery point objectives (RPOS) with approved business impact analysis (BIA) outputs and documented business requirements. 
•    IT disaster recovery strategies plans, and documented procedures. 
•    Backup, restoration, and data recovery controls. 
•    Testing, exercises, and training prouiems related to t disaster recovery. 
•    Continuous improvement practices, including incorporation of lessons learned from incidents or exercises. 
•    Dents of exert integration of cybersecurity risks into IT service continuity planning. 
•    Consideration of technology and service dependencies, including shared infrastructure and third-party dependencies.
- Assessment of IT incident response framework work
•    Incident response governance, roles, responsibilities, and escalation protocols. 
•    Incident classification, decision-making, and communication processes. 
•    Integration across cybersecurity, privacy, legal, communications, and business units. 
•    Incident detection, logging, monitoring, and alerting mechanisms.
•    Coordination with external stakeholders, regulators, and law enforcement (where applicable). 
•    Post-incident review, reporting, and corrective action tracking. 
•    Alignment between incident response and IT service continuity processes.