The DOJ has provided a log of required policies and procedures that need to be formatted in both practice and documentation. While the BSCC currently employs a number of these practices informally, it needs assistance in documentation and establishing best practices to ensure it complies with the requirements of the DOJ. Additionally, the BSCC needs help in identifying and/or developing the proper trainings associated with policies to ensure that our staff meet requirements set forth by the DOJ. The purpose of this RFP is to select a vendor that will assist in the creation and implementation of policies and procedures that meet the DOJ’s requirements while ensuring that the BSCC is able to implement them with site and infrastructure capabilities and limitations. The DOJ and the State of California both utilize security controls, policies, and procedures originating from NIST 800-53, FIPS and SIMM 5300. Policies created would need to ensure they meet the requirements laid out in these control documents. Many of DOJ’s policy requirements are being completed informally by the BSCC and only require documentation of the process but some will require guidance in how best to have the BSCC meet the DOJ’s needs. Additionally, the vendor will assist in the process of ensuring that the BSCC will be ready to gather the data requested of the DOJ. While the infrastructure is available at the BSCC, the BSCC requires guidance in making sure that the policies and procedures are documented and adhere to DOJ’s requirements.
