The vendor is required to provide information technology consulting services for include:
• Information technology - general
• Information technology - computer systems and internet analysis
• Information technology - payment card industry compliance assessment
• Information technology - external project quality assurance
• Information technology - vulnerability and security analysis and assessment
• Telecommunications
- Information technology – general
• this category includes information technology hardware and software support, data storage and recovery, CAD and GIS application development, i/t planning, internet services, web page development, and LAN services.
- Information technology - computer systems and internet analysis
• Includes computer systems feasibility and requirements analysis, design, development, documentation, testing and implementation, computer programming, and development including internet applications.
- Information technology - payment card industry compliance assessment
• Includes assessment of city information systems and business processes for compliance with the payment card industry data security standard (PCI-DSS).
• PCI qualified security assessor (QSA) companies are organizations that have been qualified by the PCI security standards council to have their employees assess compliance to the PCI-DSS.
• includes analysis, review, evaluation, assessment, design, planning, development, documentation, reports, recommendation, testing and implementation.
- Information technology - external project quality assurance
• Includes “independent” assessment of large, complex city it projects with the purpose of reducing project risks and improving the likelihood of delivering the required scope on time, within budget and with acceptable levels of user adoption.
• This role is independent of the project manager or any project team role that develops actual project deliverables, and involves evaluating the fit and adequacy of all project practices and processes (project management, systems development, business process design, and implementation and deployment) being applied by the project team, and making recommendations to reduce risk and improve practices.
• Applicants must provide a copy of their documented methodology for conducting independent project quality assurance assessments, and a sample of an actual monthly risk assessment report (client specific information may be redacted to preserve confidentiality) to demonstrate 3 or more years’ experience in project quality assurance.
- Information technology - vulnerability and security analysis and assessment
• Includes analysis and assessment of city information systems for confidentiality, integrity, security, and availability of city information systems and the data which they process.
• This includes application code reviews, application penetration testing, and network and application vulnerability testing and scanning.
• It may also include recommendations to assist in prioritizing immediate needs and in changes to policies and procedures.
• It may also include assistance with digital investigations, recovery of lost or deleted date, or other forensic analysis.
• This does not include physical security analysis and assessment.
- Telecommunications
• Includes telecommunication studies, analysis, evaluation, monitoring, recommendations, design, planning, specifications and estimates, plan review, permitting, reports, construction administration and inspection, or serving as a telecommunications-related expert witness.
- Questions/Inquires Deadline: December 1, 2030
