The Contra Costa County Department of Information Technology (DoIT) is seeking proposals from firms to perform independent IT risk assessment on systems managed by DoIT.
"In 2013 an external County Audit issued a finding that the DoIT should contract for an Independent IT Risk Assessment to identify all the possible risks to the County; IT Department, delivery of IT services, and the accuracy and integrity of the County financial and personnel data. The risk assessment should identify potential threats to the IT infrastructure, prioritize the likelihood and impact of those threats and determine appropriate safeguards or actions," the bid document says.
Proposals are due March 18 and must be submitted through BidSync.
The risk assessment will follow National Institute of Standards and Technology (NIST) protocols.
According to Contra Costa County, the system of record is a "home-grown COBOL system" located on an IBM mainframe in DoIT's secure data center. There are 6,790 production data sets, 232 programs and 98 procedures. The county auditor imports some financial data from the mainframe on a regular basis.
The contact for this bid is:
Desbele Gebre
Contra Costa County Purchasing
dgebr@pw.cccounty.us
