Specifications include, but are not limited to: The Contractor’s responsibilities with respect to Security Services will include the following: Provide vulnerability management services for the Contractor’s internal secure network connection, including supporting remediation for identified vulnerabilities as agreed. As a minimum, the Contractor shall provide vulnerability scan results to the State monthly. Support the implementation and compliance monitoring for State IT Security Policies. Develop, maintain, update, and implement security procedures, with State review and approval, including physical access strategies and standards, ID approval procedures and a breach of security action plan. Manage and administer access to the systems, networks, System software, systems files and State Data, excluding end-users. Provide support in implementation of programs to educate State and Contractor end-users and staff on security policies and compliance. Install and update Systems software security, assign and reset passwords per established procedures, provide the State access to create User ID's, suspend and delete inactive logon IDs, research system security problems, maintain network access authority, assist in processing State security requests, perform security reviews to confirm that adequate security procedures are in place on an ongoing basis, and provide incident investigation support (jointly with the State ), and provide environment and server security support and technical advice. Develop, implement, and maintain a set of automated and manual processes to ensure that data access rules are not compromised. Perform physical security functions (e.g., identification badge controls, alarm responses) at the facilities under the Contractor’s control. Prepare an Information Security Controls Document. This document is the security document that is used to capture the security policies and technical controls that the Contractor will implement, as requested by the State, on Contractor managed systems, supported servers and the LAN within the scope of this contract. The Contractor will submit a draft Information Security Controls document for State review and approval during the transition period. The selected Contractor will be responsible for day-to-day operations of the CPR for ODJFS. The main functions of the registry include the receipt and processing of all paternity documents (affidavits, administrative orders, rescissions, and court orders), and the development and maintenance of a single database (the CPR database) that contains specific information from each paternity document. The selected Contractor shall be responsible for interfacing electronically with ODJFS and the Ohio Department of Health (ODH). They will also be charged with entering into contracts with birthing facilities and local registrars to establish performance standards for completed affidavits and to provide reimbursement to birthing facilities. The CPR program receives approximately 13,500 documents from birthing facilities, registrars, CSEA’s, courts etc., each quarter. Only the birthing facilities and registrars are reimbursed $20.00 per correctly completed affidavit. The current CPR Contractor facilitated payments to birthing facilities and registrars totaling $ 702,340 during SFY 2017. Additionally, the selected Contractor will be required to operate a call center on business days from 8:00 a.m. to 5:00 p.m. Columbus, OH local time. The CPR Contractor currently receives an average of 50 calls per day.