IM/IT Security Advisory Services

• This CSA is to assist your organization in building, assessing, validating or improving its information systems and effective cybersecurity practices.  
• To build a plan or document outcomes of an activity related to your security program, these may include an assessment of an existing system or architecture, the development of security policies and procedures, recommendations and guidelines, identification of threats and vulnerabilities.
• Strong, secure and up-to-date cybersecurity policies, practices and services keep B.C. communities safe and deliver quality services that British Columbians count on.
• 3^rd party assessments are a key component to your security program, this CSA could be used to provide those services.

• This CSA covers 12 crucial services areas. Depending on your organizations needs, you may wish to engage one or more of those service areas.
• The advisory services offered can help fill gaps in expertise and provide sound guidance to make sure that your organization can enhance and maintain your security.

• This CSA is specific to advisory services and does not include security operational services.
   
• IM/IT security operational services will be procured outside of this CSA.

• This is a legal document used to create a contract between the purchaser and the contractor to provide services related to one of the 12 service areas listed in the CSA.
• To purchase services related to these areas, the purchaser must complete Appendix B Competitive Process: Requested Services and Quotation.
• Once the Competitive Process is completed and signed by the purchaser and contractor, it ‘goes live’ to create the contract for services.

CSA Process

1. Determine which service areas you want to procure.
2. Use the pre-populated Appendix B: Competitive Process including Schedule 1: Requested Services and Schedule 2: Quotation.
3. Send the completed document to all qualified contractors within the service area.
4. Contractors will complete and return Appendix B, Schedule 2: Quotation.
5. Evaluate submissions.
6. Sign the quotation of the successful contractor.
7. Return the Appendix B, Schedule 2: Quotation to the contractor and get started with your advisory services!

• No!
• This CSA has been designed to be easy to use no matter how much procurement experience you and your team have.
• It includes a comprehensive ordering process and a contract template to simplify the process.
• The templates include informational prompts:
  • Prompts in blue indicate areas the purchaser needs to complete
  • Red prompts indicate areas the contractor needs to complete.
  • The CSA also includes terms and conditions which eliminate contractors who will not adhere to the Provincial Security Policy.
  • The CSA includes the Province’s full security schedule. You may add additional security schedules as needed.

• Review the 12 Service Areas on the CSA Webpage.  
• Contact OCIO Security for additional discussion or support. To reach an expert, contact Cyber.BC@gov.bc.ca
• Remember:  Each CSA can only be used for one service area. For multiple services, you will need to complete multiple Appendix B: Competitive Process documents.

• Setting a budget is up to the purchaser.
• Follow the typical procurement procedures for your organization.

• You will need to complete 2 key forms as part of the Appendix B: Competitive Process document:
  • Schedule 1: Requested Services
  • Schedule 2: Quotation
• This document has been pre-populated, so all you need to do is complete any sections in blue with information specific to your procurement.
• Follow the instructions and prompts within the CSA to make sure you complete it correctly – remember this forms the contract between you as the purchaser and the contractor.
• The red text in Schedule 2 ‘Quotation’ section of Appendix B indicates areas the contractor will need to complete.

• The CP is designed to work as drafted. It includes the complete Province Security Schedule. Purchasers complete the Requested Services and Quotation documents.
• Ministry purchasers can add additional security requirements, if needed, in the Requested Services document.
• All other purchasers can add additional security requirements and make selected changes to certain terms and conditions as per section 3.5 of the CSA. It is recommended that a purchaser seek legal advice before making such changes. 

There is a section in the ‘Requested Services’ form where the purchaser will confirm the evaluation approach.

• At a minimum all quotations will be evaluated on price. The purchaser can weight the evaluation to emphasize certifications, experience, preferences as compared to the quoted price.

• The CSA has 1 required evaluation method and that is price.  Price is a required evaluation criteria for all Quotations.
•  At the purchaser’s discretion an evaluation of the Approach for an engagement can also be used to evaluate the contractors. See Schedule 1 section 1.11 for more of an explanation of Approach.

• Document your chosen evaluation method in the Requested Services section of Appendix B.
• Use this method to evaluate all contractor responses.

• Send signed Appendix B, Schedule 2 - Quotation back to the contractor.
• The contract is now in effect.
• Follow your Ministry or BPS procurement practices.
• Get started with your Security Advisory Services!