Information Technology Audit and Advisory Services

The Vendor is required to information technology audit and advisory Services may consider a wide variety of objectives, such as evaluating it general controls, evaluating information technology general controls (e.g., access, security, physical controls, service/support processes, change management, etc.), assessing application controls, and reviewing it project processes (e.g., planning, acquisition, implementation, post-implementation), evaluating cybersecurity incident response, privacy incident response, portable and remote computing, etc. in accordance with applicable laws, regulations, contract provisions, and best practices (e.g., nist, cybersecurity framework, state cybersecurity framework, and cobit).
- The IT audits shall consist of an objective and systematic examination of evidence to provide an independent assessment of the performance and management of a program or function against objective criteria. The audit findings, conclusions, and recommendations will be summarized in a final report consistent and acceptable to agency standards.

- Contract Period/Term: 1 year