Specifications include, but are not limited to: a. Preform an analysis of the City's current cybersecurity program including by not limited to: 1. Device level security including routers, switches, cameras, wireless equipment, printers, copiers; 2. OS Level security including local security policies, group policy, patch management; 3. Network Security including firewall, IDS/IPS, wireless, spam filter; 4. Disaster recovery / backup review 5. Physical security review b. Preform an analysis of current IT policies and procedures with special attention to the requirements of the NCSR. 1. Identify deficiencies in existing policies and procedures; 2. Identify policies and procedures that are lacking; 3. Provide samples of, and assist with the creation of, policies and procedures that are needed; c. Work with the City to develop a list of priorities for improvements to the Cybersecurity Program. Include cost estimates and expected timelines for implementation.