Service Line: Professional Services
The IT Security Services program provides entities with an Office of Information Security (OIS) coordinated program of information technology (IT) security services including:
- IT Program Security Services
- IT System Security Services – Pre-operational
- IT System Security Services – Operational
By leveraging expertise within the private sector, OIS will be able to assist in the support of the varied regulatory requirements under which the state entity systems should be operated, i.e., FISMA, HIPAA, PCI-DSS and ISO, while avoiding the prohibitively expensive process of developing these capabilities in-house. The services are capable of performing adds, changes and reviews of all aspects of the security posture of an enterprise information system and its related operations to determine if the current security risks and compliance status objectives are being met. The program offers a structured security service portfolio and is being provided to assist agency organizations in their implementation of industry’s leading security practices.
Terms and Definitions:
- GTA – Georgia Technology Authority
- OIS – Office of Information Security
- SON – Statement of Need
- SOW – Statement of Work
Service Level Targets: Enterprise and Agency security services as an on-going service offering.
Availability: Service available to all state agencies
- Participating entities must utilize pre-qualified service vendors
- Agency maintains authority for final scope of service selections
- Agrees to follow the program participation model
- Agrees that validity of data provided for services is their responsibility
- Agrees to provide other relevant information/artifacts to perform services
- Agrees to provide support for the on-site Statement of Work activities of selected vendor
- Agrees to provide copies of previous relevant assessment reports
Pricing / Charges:
Custom quote for each engagement dependant upon the customers requested level of service need. Individual engagement cost is determined from an agency-specific Statement of Need (SON). SON is then let to bid to pre-qualified IT Security Services vendors who submit Statement of Work (SOW) responses. Awarded is to vendor’s SOW response that addresses all SON requirements, at best competitive price. GTA does not add any cost to the vendor invoice.
Service Components or Product Features Included in Base Price: GTA provides service engagement summary evaluation with recommendations.
Options Available for an Additional Charge: None
Service Components or Product Features Not Included: Only items specified within SON/SOW are considered included in scope of service engagement.
What GTA Provides:
- Management of IT Security Service program
- Development and management of pre-qualified Security Services vendor pool
- Administration of program activities for all participating agencies
- Recommendations to agency as to security service needs
- Full assistance to agencies in SON development
- Evaluation assistance of vendor’s SOW bid response to determine award
- Contract administration for each engagement
- Issue escalation point of contact for active engagements
- Recommendations for remediation as to discovered issues
What the Customer Provides:
- Resources for on-site support of engagement activities
- Site specific information for security analysis purposes
Service Support and Issue Escalation: The Escalation point of contact for active engagements is firstname.lastname@example.org.
Benefits / Advantages:
- Agencies avoid the expensive process of developing these capabilities in-house
- Leverage private sector industry specific subject matter expertise
- Leverage GTA program management capabilities for engagements
- Helps ensure agency compliance with applicable regulations
How to Start This Service: Request IT Security Services by directly contacting GTA Office of Information Security. Additionally, submission of request through OIS mailbox, email@example.com, can initiate the service process.