Work Stream 2 (WS2) – Comprehensive IT Security Risk Management Consulting Services

Scope

This stream requires suppliers to provide frequently used and stable disciplines including On-site Technical Vulnerability Assessments (OTVAs), TRAs, C&A services, Business Continuity Planning (BCP), and Disaster Recovery Planning (DRP). These services will be provided in accordance to GoC standards and will meet the GSP and MITS requirements for departments and agencies to implement a continuous review cycle for these activities.

The Non-ITS Subject Matter Expert (SME) is an expert in a specific non-IT Security field. The SME will be able to support, complement and enhance the accomplishment of an IT Security requirement because of its knowledge and expertise in a specific non-ITS field. The Non-ITS SME cannot be procured on its own. This resource category must be procured as part of a team with another resource category(ies) in this Work Stream. In addition, the Non-ITS SME can only be used for up to a maximum of 35% of the total contract Level of Effort (LOE). The SME cannot be the Team Leader of a contract.

WS2 Categories

Select the hyperlinks below to determine the common activities for each resource category. Examples of the activities and work that would typically be performed by the resource category will be displaye.

IT Security Team Leader (Senior, Intermediate)

On Site Technical Vulnerability (OTVA) Specialist (Senior, Intermediate, Junior)

IT Security Threat and Risk Assessment (TRA) Analyst (Senior, Intermediate, Junior)

IT Security Certification and Accreditation (C&A) Specialist (Senior, Intermediate, Junior)

Business Continuity Planning (BCP)/Disaster Response Planning (DPR) Specialist (Senior, Intermediate, Junior)

IT Security Design Specialist (Senior, Intermediate, Junior)

Non-ITS Subject Matter Expert (Senior)

List of Supply Arrangement Holders