This scope of work is for the vendor to perform the following: 1) Identify critical business operations and their dependencies. 2) Determine the impact of various disruption scenarios. 3) Establish Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs). 4) Develop a Disaster Recovery Plan (DRP) that aligns with regulatory requirements. 5) Ensure compliance with cybersecurity and business continuity policies. 6) Recommend and document recovery strategies and plans for IT systems. 7) Validate the feasibility of the DRP through simulation or testing. These efforts aim to enhance organizational resilience, identify critical functions, and prepare response strategies for potential disruptions while protecting the agency's and customers' interests. The BIA and DRP should align with the requirements specified in Chapters 60GG-2.001 through 60GG-2.006, F.A.C., known as the State of Florida Cybersecurity Standards (SFCS). (Current chapter 60GG-2001(1)(a), F.A.C). , NIST Cybersecurity Framework (CSF) 2.0 (February 2024)
