1. An initial assessment report is due within 5 business days of completion of testing (this will trigger 50% of the payment) 2. Formal assessment report within 10 business days of completion of testing (this will trigger the remaining 50% of the contract); The assessment should include: a. Adversarial assessment b. Detail reports with findings and recommendations c. Remediation support (hourly rate) 3. The receipt of the report(s) must be acknowledged by RISLA’s Information Security Officer, the Controller, or the Executive Director to trigger the payment of the contract. 4. The testing is expected to begin during October, November, or December with the final report completed and delivered no later than January 1, 2025. 5. We also require a social engineering attack be performed on our employees via: • Email campaign for 20 employees
