Specifications include, but are not limited to: HCUST is seeking consulting and advisory services for the design, development and delivery of training to support the objectives of the IT Infrastructure Planning and Security Governance Committee. The services and associated outcomes are considered useful in enabling HCUST practices that enable overall cybersecurity and risk management functions. By ensuring that processes are designed to evaluate the implementation of new technologies, or the ongoing management of systems used to enable or support business processes, HCUST can ensure that vulnerabilities or exposures are not introduced in a manner that affects the risk posture of the organization. Addressing risks that may introduce weaknesses or avenues for attacks within HCUST’s network architecture and associated systems prior to implementation through effective security reviews shall help HCUST prevent the occurrence of cybersecurity attacks or otherwise limit the potential impact should cybersecurity attacks be attempted. HCUST’s objectives shall include, but not be limited to: 1. Vendor shall perform a comprehensive review of solutions and apply necessary controls for implementation including: Technical & Security Review. Architectural Review. Network Design Assessment Security Assessment. Third Party Technical Assessment. Personally Identifiable Information (PII)/Sensitive PII (SPII). Service Organization Control 2 (SOC2) Review. Structured Query Language (SQL) Database Security.
