IT Security, Continuity, Response and Recovery Planning

The City will engage the qualified consultant to help City I.T. staff select an appropriate industry standard for security, continuity, response and recovery planning, then develop a framework for achieving compliance with that standard. Key tasks and work products likely to be required from this engagement include: • Identification of an appropriate industry standard or a City-specific set of goals that aligns with an industry standard • Evaluation of the City's current security, continuity, response and recovery preparations relative to the selected goal or standard (including penetration testing) • Development of planning document(s) outlining the steps to advance the City from its current condition to substantial compliance with the selected standard in each of the following content areas: o Business continuity o Continuity of operations o Cyber incident response o Disaster recovery • General consultation with I.T. staff on security-related issues