The Vendor is required to provide managed IT services to supplement the in-house personnel.
- This staff is responsible for overseeing all aspects of the Information Technology environment, including physical networks and servers, the applications and services that run on top of them, and end user support.
- End User Identity Management
• Adhering to Agency procedures, assist Agency IT staff in the provisioning, management, and deactivation of user accounts and access as required by the agency.
• Assist Agency IT staff in auditing of user accounts and access, disabling unused accounts and removing unused access as necessary.
• Assist Agency IT staff in the maintenance of directories, databases, and other services related to the management of user identity and access (ex: Active Directory, Entra AD, Agency Single-Sign On, Cisco Duo).
- End User Device Management
• Adhering to Agency procedures, assist Agency IT staff in the inventory, onboarding, and configuration of end-user devices.
• Working with Agency IT staff, maintain procedures and methods to perform standardized device deployments.
• Work with Agency IT staff to provide 24/7 monitoring of end user devices to ensure configuration compliance, patch management, encryption of data-at-rest, security of privileged accounts, and device health.
• Working with Agency IT staff, maintain procedures for off-boarding and retiring devices in a manner consistent with State IT standards.
- Service Management
• Working with Agency IT staff, manage and monitor services to ensure confidentiality, integrity, and availability.
• Working with Agency IT staff, coordinate changes to services to ensure that changes are documented and avoid operational impacts.
• Assist Agency IT staff in maintaining IT service infrastructure, such as departmnet, directory services (Active Directory and LDAP), and monitoring services.
• Assist Agency IT staff in maintaining supporting infrastructure such as database servers and storage systems.
• Assist Agency IT staff in management of e-mail and collaboration services, including management of supporting services such as spam/phishing filters and of access controls or mailing lists.
• Make recommendations for changes to Agency IT staff and leadership.
- Incident Response
• Work with the Director of Information Technology, Agency IT staff, and other contractors to maintain documented procedures for incident response.
• Assist Agency IT staff in collecting and monitoring data from system logs, security sensors, and other systems to identify security threats and indicators of compromise.
• Assist Agency IT staff in response and mitigation of active security threats such as compromised user accounts.
• Assist Agency IT staff in investigation and analysis of incidents to determine root causes and prevent recurrence.
• Participate with Agency IT staff, contractors, State officials, and/or law enforcement to execute the incident response plan when necessary.
- Disaster Recovery and Continuity of Operations
• Work with the Director of Information Technology, Agency IT staff, and other contractors to maintain documented procedures for disaster recovery and operational continuity.
• Work with Agency IT staff to schedule and monitor backups of critical systems and data to both on-site and off-site backup locations.
• Work with Agency IT staff to document procedures and testing of disaster recovery processes, including the testing of data backups and failovers to secondary services.
• Participate with Agency IT staff and other contractors for Disaster Recovery exercises when needed.
• Work with the Director of Information Technology and Agency IT staff to execute disaster recovery operations when necessary.
- Security, Privacy, and Regulatory Compliance
• Work with Agency IT staff to conduct and document scheduled phishing tests and recommend remediations to the Agency.
• Work with Agency IT staff to conduct and document scheduled penetration tests and recommend remediations to the Agency.
• Work with Agency IT staff to ensure that all services and operations comply with state IT policies and standards.
• Maintain awareness of state IT policies and standards and other applicable standards (such as PCI-DSS) and provide Agency staff notice of compliance changes or risks as well as suggested remediations.
• Support Agency staff in preparing documentation, reports, and other evidence including in-person testimony for compliance reviews, audits, or security assessments conducted by the State or other regulatory entities.
- Contract Period/Term: 1 year
- Non mandatory Pre-Proposal Date: December 16, 2025
- Questions/Inquires Deadline: December 19, 2025
