The vendor is required to provide assess cybersecurity risks, develop a cybersecurity and risk management framework, and deliver supporting business continuity, disaster recovery, and incident response frameworks.
- Critical to enhancing the county’s ability to prevent, detect, respond to, and recover from cyber threats, operational disruptions, and disaster.
- Represents a strategic effort to strengthen cybersecurity posture, build organizational resilience, and ensure uninterrupted service delivery in the face of emergencies – be they cyber-related, environmental, or system-based.
- Based on these assessments, the firm will develop and implement practical, standards-based policies, controls, and plans that will ensure the continuity and resilience of critical IT operations and essential services.
- Key deliverables include the development of:
• A cybersecurity and risk management framework aligned with recognized best practices.
• A structured implementation roadmap and governance framework to guide sustained readiness and operational resilience, including strategic technology investment recommendations.
• An IT focused business continuity plan for the technology and digital services department that minimizes operational disruptions during crisis events. 
• A disaster recovery plan that enabled the rapid, reliable, and orderly restoration of IT systems and recovery of data following an incident.
• A comprehensive incident response plan (IRP) that leverages SIEM (security information and event management) and soar (security orchestration, automation, and response) technologies to support proactive threat detection, automated incident response, and efficient recovery from cybersecurity events affecting counties critical it systems and essential services.
• Conduct a cybersecurity vulnerability and maturity assessment based upon the framework that is chosen. Items to be included:
○ Governance and risk management
○ Asset management
○ Threat and vulnerability management
○ Identity and access management
○ Data security and privacy
○ Security operations and monitoring
○ Business continuity and incident response
○ Training and awareness
○ Third party risk management
○ External and internal penetration testing
○ Network and end point security
○ Application security
○ Cloud security.
• Identify key risks, vulnerabilities, and compliance gaps 
○ Map those risks to potential business impacts.
• Evaluate existing security policies, processes, and technologies.
• Recommendation for risk reduction, security operations, and compliance.
• Creation of a risk registry that identifies and assesses IT risk.
• Provide meeting space, internet access, and other logistical support for on-site work.
- Contract Period/Term: 1 year
- Questions/Inquires Deadline: June 11, 2025