IM/IT Security Advisory Services

Last updated on December 20, 2024

Services you can purchase


Use this supply arrangement

Step 1: Check if your organization is authorized. Organizations that may use this supply arrangement are:

  • B.C. government ministries
  • B.C. broader public sector organizations on the CSA Users list

Step 2: Engage suppliers in the competitive process. Each Service Area will have its own distinct Competitive Process. Please see the Competitive Process included in each Service Area. A Competitive Order Process must be completed every time Services are needed.

Step 3: Choose the supplier. After the closing date and time, Quotations will be assessed in accordance with the terms and conditions of the CP.

Step 4: Complete your purchase. Countersign then return the document to the successful supplier to confirm the purchase.


Frequently Asked Questions

 

What is the benefit of advisory services? And why do I need them?

  • This CSA is to assist your organization in building, assessing, validating or improving its information systems and effective cybersecurity practices.  
  • To build a plan or document outcomes of an activity related to your security program, these may include an assessment of an existing system or architecture, the development of security policies and procedures, recommendations and guidelines, identification of threats and vulnerabilities.
  • Strong, secure and up-to-date cybersecurity policies, practices and services keep B.C. communities safe and deliver quality services that British Columbians count on.
  • 3rd party assessments are a key component to your security program, this CSA could be used to provide those services.
 

When do you need advisory services?

  • This CSA covers 12 crucial services areas. Depending on your organizations needs, you may wish to engage one or more of those service areas.
  • The advisory services offered can help fill gaps in expertise and provide sound guidance to make sure that your organization can enhance and maintain your security.
 

How do I obtain operational services?

  • This CSA is specific to advisory services and does not include security operational services.
     
  • IM/IT security operational services will be procured outside of this CSA.

 


How to use the CSA

 

What is the Corporate Supply Arrangement (CSA) Open Framework for IM/IT Security Advisory Services?

  • This is a legal document used to create a contract between the purchaser and the contractor to provide services related to one of the 12 service areas listed in the CSA.
  • To purchase services related to these areas, the purchaser must complete Appendix B Competitive Process: Requested Services and Quotation.
  • Once the Competitive Process is completed and signed by the purchaser and contractor, it ‘goes live’ to create the contract for services.
 

Where do I start?

CSA Process

  1. Determine which service areas you want to procure.
  2. Use the pre-populated Appendix B: Competitive Process including Schedule 1: Requested Services and Schedule 2: Quotation.
  3. Send the completed document to all qualified contractors within the service area.
  4. Contractors will complete and return Appendix B, Schedule 2: Quotation.
  5. Evaluate submissions.
  6. Sign the quotation of the successful contractor.
  7. Return the Appendix B, Schedule 2: Quotation to the contractor and get started with your advisory services!
 

Do I need to be procurement expert?

  • No!
  • This CSA has been designed to be easy to use no matter how much procurement experience you and your team have.
  • It includes a comprehensive ordering process and a contract template to simplify the process.
  • The templates include informational prompts:
    • Prompts in blue indicate areas the purchaser needs to complete
    • Red prompts indicate areas the contractor needs to complete.
    • The CSA also includes terms and conditions which eliminate contractors who will not adhere to the Provincial Security Policy.
    • The CSA includes the Province’s full security schedule. You may add additional security schedules as needed.
 

What if I don't know what I need to order?

  • Review the 12 Service Areas on the CSA Webpage.  
  • Contact OCIO Security for additional discussion or support. To reach an expert, contact Cyber.BC@gov.bc.ca
  • Remember:  Each CSA can only be used for one service area. For multiple services, you will need to complete multiple Appendix B: Competitive Process documents.
 

Do I need to set a budget?

  • Setting a budget is up to the purchaser.
  • Follow the typical procurement procedures for your organization.

 


Completing Appendix B: Competitive Process documents

 

 

Using the CSA template

  • You will need to complete 2 key forms as part of the Appendix B: Competitive Process document:
    • Schedule 1: Requested Services
    • Schedule 2: Quotation
  • This document has been pre-populated, so all you need to do is complete any sections in blue with information specific to your procurement.
  • Follow the instructions and prompts within the CSA to make sure you complete it correctly – remember this forms the contract between you as the purchaser and the contractor.
  • The red text in Schedule 2 ‘Quotation’ section of Appendix B indicates areas the contractor will need to complete.
 

Can I make changes to Appendix B: Competitive Process document?

  • The CP is designed to work as drafted. It includes the complete Province Security Schedule. Purchasers complete the Requested Services and Quotation documents.
  • Ministry purchasers can add additional security requirements, if needed, in the Requested Services document.
  • All other purchasers can add additional security requirements and make selected changes to certain terms and conditions as per section 3.5 of the CSA. It is recommended that a purchaser seek legal advice before making such changes. 

 

 


Evaluation & Selection

 

How do I evaluate contractors?

There is a section in the ‘Requested Services’ form where the purchaser will confirm the evaluation approach.

  • At a minimum all quotations will be evaluated on price. The purchaser can weight the evaluation to emphasize certifications, experience, preferences as compared to the quoted price.
  • The CSA has 1 required evaluation method and that is price.  Price is a required evaluation criteria for all Quotations.
  •  At the purchaser’s discretion an evaluation of the Approach for an engagement can also be used to evaluate the contractors. See Schedule 1 section 1.11 for more of an explanation of Approach.
 

How do I make my selection?

  • Document your chosen evaluation method in the Requested Services section of Appendix B.
  • Use this method to evaluate all contractor responses.
 

What happens next?

  • Send signed Appendix B, Schedule 2 - Quotation back to the contractor.
  • The contract is now in effect.
  • Follow your Ministry or BPS procurement practices.
  • Get started with your Security Advisory Services!

 


Information about this supply arrangement

  • Download a copy of the complete CSA (DOCX,270KB)
  • This supply arrangement expires April 30th, 2027, with two one-year options to extend
  • Only services outlined are available; other services need to be obtained in accordance with CPPM 6 - Procurement Policy
  • There is no longer a dollar limit associated with this CSA


Related Supply Arrangements

IM/IT Consultant Services

Managed Hosting Services

View the A to Z list of all goods and services


Resources & Support

Procurement Support
Phone: 250-387-7300

Email: Procurement@gov.bc.ca

Security Advisory Services - Subject Matter Advice Support

Website: CyberBC

Email: Cyber.BC@gov.bc.ca

 

 â€‹ ​ â€‹