OCPF engaged an independent third party to perform a comprehensive audit and assessment of the agency information technology and IT risk assessment to the NIST Cybersecurity Framework, including IT systems, applications, security, policies, procedures, and adequacy of documentation, including for succession purposes. In addition, an independent third party performed penetration testing for its three web application hosts. OCPF is soliciting proposals from qualified third-party vendors to assemble a written cybersecurity incident response plan based on the information obtained from these audits and from additional review and analysis of agency IT resources as the Vendor deems advisable. Information regarding specifics of the existing IT infrastructure and the audit reports will be provided at the discretion of OCPF to interested Vendors. This is a fee for service procurement. All services awarded under this procurement will be contracted via a Task Order captured in the Statement of Work document associated with ITS78 Category 1. OCPF intends to award this contract to a single contractor that will be expected to provide all described services throughout the life of the contract. Subcontractors are the sole responsibility of the Vendor. The awarded Vendor must disclose how they intend to use subcontractors, including percentage of work estimated to be completed by subcontractors. The project is funded through the State Share Cybersecurity Grant Program and includes both federal and state funds. The work may be subject to additional conditions required by the grant award. The work shall be completed and delivered to OCPF on or before Friday, May 30, 2025 at 2:00 p.m. and no extensions may be granted. Time is of the essence of this agreement.
