Copyright © 2026 RFPPlanet. All rights reserved.
Privacy Policy
Cookie settings
Terms of Use
The Vendor is required to provide IT vulnerability management services for corporate-managed windows and Linux servers, windows workstations (laptops and desktops) and commercial software applications.
- Services must operate within the city’s existing IT management framework, leveraging city-provided tools and aligning with established standards, processes, and change management requirements, while supporting a risk-based approach to vulnerability management.
- Vulnerability management
• Deliver scheduled remediation and continuous improvement activities for identified vulnerabilities on corporate managed windows (approximately 170) and Linux (approximately 20) servers, windows workstations (laptops, tablets and desktops) (approximately 1700) and commercial software applications.
• Application patching must include commonly deployed commercial and third-party applications within the city environment as identified by the city.
• Ensure all devices are properly enrolled and managed within the city’s existing IT environment.
• Operate exclusively within the city’s existing RMM and endpoint management platforms; no additional patching tools may be used without prior city approval.
• Operate as an extension of the city’s IT team, adhering to city standards, processes, security controls, and change management requirements.
• Fully auditable and logged within city systems.
• Traceable to individual user identities; shared or generic accounts are not permitted.
- Vulnerability assessment and prioritization
• Review and prioritize vulnerabilities identified by the city’s systems.
• Perform vulnerability assessment review and provide risk-based prioritization (critical, high, medium, low), including exploitability and potential impact.
• Maintain tracking of all identified vulnerabilities through to remediation or formally approved exception.
• Responsible for active management and follow-up of vulnerabilities and must not rely solely on reporting outputs from city tools without analysis and action.
• Collaborate with the city to agree on work efforts and priorities.
- Remediation and patch execution
• Manage updates to third-party applications as required.
• Recommendations for remediation actions; execution of patching activities will be performed in alignment with city direction.
• Remediate device state issues, including onboarding to management platforms, patch and update failures, and manual patching/removal as required.
• Validate and confirm successful patch deployment and identify failed or incomplete updates.
• Re-attempt or escalate failed patch deployments until resolution or approved exception.
• Recommend application updates, removals, or pc re-imaging as needed.
• Identify and report any vulnerabilities that could not be remediated within planned maintenance windows and provide recommended next steps.
• Patching activities must align with city-approved maintenance windows and change management processes.
- Asset coverage and compliance
• In-scope assets include all city-managed endpoints and servers connected to the city network unless explicitly excluded by the city.
• Support maintaining high patching coverage (e.g., ≥95% of in-scope assets) and identify unmanaged or non-compliant devices.
• Notify the city of unmanaged or non-compliant devices and recommend remediation or onboarding actions.
Set up free email alerts and get notified when new government bids, tenders and procurement opportunities match your industry and location. Choose daily or weekly delivery.
