Staffing and Consulting Services

The Vendor is required to provide staffing and consulting services on an as-needed basis.
- Requirement:
•    Provide embedded staff augmentation and subject matter expertise to support agency corporation critical infrastructure protection (CIP) compliance program, functioning as an extension of agency staff. 
•    Agency shall retain the right to review and approve the proposed resource(s) prior to assignment to ensure alignment with agency expectations and operational needs. 
•    Support the planning, prioritization, and execution of a rolling 12-month compliance schedule, including coordination of recurring monthly, quarterly, and annual compliance activities. 
•    Execute compliance review cycles, including validation of requirement applicability, coordination with control owners, review and update of documentation, evidence validation, gap analysis, and cycle closeout. 
•    Review, develop, redline, and maintain compliance documentation, including policies, procedures, standards, and worksheets, ensuring alignment with corporation CIP requirements and operational practices. 
•    Support evidence collection, validation, and repository management, including ensuring completeness, accuracy, traceability, and audit defensibility of compliance artifacts. 
•    Perform ongoing compliance monitoring and gap analysis activities, including identification of risks, control weaknesses, and process improvement opportunities associated with each compliance review cycle. 
•    Provide support for mitigation plans, self-reports, and other compliance-related regulatory activities, including documentation development, coordination, and tracking through resolution. 
•    Maintain and update reliability standard audit worksheets (RSAWS) and supporting documentation to ensure alignment with current compliance posture and audit expectations. 
•    Monitor for new or revised corporation CIP standards and provide notification to agency, including assessment of potential impacts and recommended actions. 
•    Provide audit readiness and regulatory support, including mock audits, audit preparation, response support, and assistance with regulatory interactions. 
•    Support internal control development and process improvement initiatives to enhance program sustainability, consistency, and efficiency. 
•    Provide training, mentorship, and knowledge transfer to agency personnel to strengthen internal compliance capability and long-term program ownership. 
•    Provide onsite support for energy management system (ems) transition activities, including a minimum of two (2) weeks onsite to assist ems administrators with compliance-related change management associated with the decommissioning of the legacy ems system and commissioning of the upgraded ems environment:
o    Support corporation cip-010 configuration change management activities, including documentation, approvals, and validation
o    Assist with ems cutover planning, execution, and post-implementation validation
o    Validate system configurations, baselines, and documentation for both legacy and upgraded ems environments
o    Support evidence collection and documentation required to demonstrate compliance during system transition
o    Coordinate with it, OT, cybersecurity, compliance, and operations personnel to ensure a controlled and compliant transition
o    Identify and mitigate compliance risks associated with system migration and transition activities
o    Support updates to asset inventories, network diagrams, and system categorizations as required 
•    Provide additional consulting services as requested by agency, including mock audits, compliance program assessments, cybersecurity reviews, tool and workflow improvements, and other related services. 
•    Develop and execute a structured knowledge transfer and transition plan designed to build agency internal capability and transition agency personnel into corporation CIP subject matter experts (SMES) over the term of the engagement. 
•    This shall include training, mentoring, documentation, and coordinated transition activities to support long-term program sustainability and reduced reliance on external resources. 
•    Provide a high-level summary report following each compliance review cycle, or at a minimum on a monthly basis, outlining work performed, key activities, identified gaps, risks, and any items requiring management awareness. Preparation of this report shall not exceed two (2) hours per reporting period.