Specifications include, but are not limited to: Primary objectives: • Perform a gap analysis of the current Central Piedmont Community College (CPCC) Incident Response Plan (IRP) compared to two (2) enterprise client IRPs of similar size. • Combine any current County Incident Response (IR) plans with the IR methodology • Identify and document any management structure and organizational responsibilities needed • Examine cyber response resource prioritization, limitations, and mechanisms for requesting external assistance. • Provide increased understanding of the current state of preparation for a significant cyber event. • Provide the Chief Information Security Officer’s (CISO) team with input and feedback necessary to refine and improve the organization to support improved crisis manage. Deliverables: • Revised (red-lined) IRP document • In-person tabletop exercise with Computer Incident Response Team (CIRT) to read-through and apply revised IRP procedures to security breach scenarios agreed upon between vendor and CIRT. • Explanation of recommended changes to manage risk and budgets • Gap recommendations will include suggested timeline, recommended remediation, and business case suggestions • Finalized IRP document based on outcome of tabletop exercise as agreed upon by CIRT. • In-person one hour meeting to review the finalized IRP Document with key leadership.