Specifications include, but are not limited to: It is the City’s intent to select a Managed Security Service provider (MSSP) that can demonstrate solid experience in delivering information security solutions that improve network security, strengthen governance, and support regulatory compliance. The proposal should include proactive security monitoring services, vulnerability assessment, penetration testing services, and comprehensive risk management reporting for two distinct City network environments. • Implement a security operations center (SOC) and a security information and event monitoring (SIEM) solution. • Implement real time data analysis and alerting of security events on the City’s networks. • Perform regular security assessments using industry accepted vulnerability scanning and penetration testing technology and methods. • Provide automated compliance reporting that can be utilized for periodic audits. • Participate in quarterly reviews covering the City’s overall cyber security plan and overall system health. Vendor Requirements • Vendor must maintain all city collected data in a secure environment. • Log collection, management, analysis must be automated. Vendor must provide detailed automation process documentation. • Company must be ISO27001 certified. • Vendor solution must scale as the City’s infrastructure grows. • Vendor’s proposal must specify the number of in-house employees and any subcontracted staff. • NOTE: This RFP describes the City’s proposed solution. All solutions will be evaluated.
