IT Security Infrastructure and Governance
ID: BPHC-ITS-2026-03 • State: Massachusetts
Opportunity Assistant
Loading
Description
Background
The Boston Public Health Commission (BPHC), through its Information Technology Services (ITS) department, is soliciting proposals from qualified vendors based in the United States to provide professional services across five discrete IT security and infrastructure improvement projects. These projects aim to strengthen BPHC's security posture, improve operational processes, and ensure alignment with industry standards and regulatory requirements.
BPHC serves the residents of Boston through public health programs and services, supporting approximately 1,300 employees across eight workplace organizations.
Work Details
The RFP encompasses five distinct project areas:
1) Patch and Software Update Process Remediation: Identify deficiencies in patch management procedures, document and automate processes, conduct assessments, repair deployment issues, design lifecycle procedures, implement automation tools, and provide training.
2) Web Application Security Hardening: Harden approximately seven web applications by remediating vulnerabilities identified in assessments, managing stakeholder meetings, executing remediation activities, and providing final reports.
3) IT Governance Policy and Plan Development: Develop IT plans aligned with the NIST Cybersecurity Framework including disaster recovery and backup policies.
4) Data Classification Program and ePHI Data Flow Mapping: Implement a data classification program and map ePHI data flows across the network.
5) VLAN Implementation and Network Segmentation: Design and implement VLANs for logical separation of systems to enhance network security.
Period of Performance
The contract period is anticipated to be from June 18, 2026 through November 30, 2026.
Place of Performance
The services will be performed within the geographic area of Boston.
Bidder Requirements
Vendors must be U.S.-based and are encouraged to submit proposals as Certified Underrepresented Business Enterprises (CUBE), which includes MBE, WBE, VBE, DOBE, LGBTBE entities. Vendors must maintain specific insurance coverage throughout the contract term including commercial general liability and cyber liability insurance.
The Boston Public Health Commission (BPHC), through its Information Technology Services (ITS) department, is soliciting proposals from qualified vendors based in the United States to provide professional services across five discrete IT security and infrastructure improvement projects. These projects aim to strengthen BPHC's security posture, improve operational processes, and ensure alignment with industry standards and regulatory requirements.
BPHC serves the residents of Boston through public health programs and services, supporting approximately 1,300 employees across eight workplace organizations.
Work Details
The RFP encompasses five distinct project areas:
1) Patch and Software Update Process Remediation: Identify deficiencies in patch management procedures, document and automate processes, conduct assessments, repair deployment issues, design lifecycle procedures, implement automation tools, and provide training.
2) Web Application Security Hardening: Harden approximately seven web applications by remediating vulnerabilities identified in assessments, managing stakeholder meetings, executing remediation activities, and providing final reports.
3) IT Governance Policy and Plan Development: Develop IT plans aligned with the NIST Cybersecurity Framework including disaster recovery and backup policies.
4) Data Classification Program and ePHI Data Flow Mapping: Implement a data classification program and map ePHI data flows across the network.
5) VLAN Implementation and Network Segmentation: Design and implement VLANs for logical separation of systems to enhance network security.
Period of Performance
The contract period is anticipated to be from June 18, 2026 through November 30, 2026.
Place of Performance
The services will be performed within the geographic area of Boston.
Bidder Requirements
Vendors must be U.S.-based and are encouraged to submit proposals as Certified Underrepresented Business Enterprises (CUBE), which includes MBE, WBE, VBE, DOBE, LGBTBE entities. Vendors must maintain specific insurance coverage throughout the contract term including commercial general liability and cyber liability insurance.
Loading Map
Loading Map
Overview
Opportunity ID
BPHC-ITS-2026-03
Response Deadline
May 28, 2026
Due in 15 Days
Date Posted
May 8, 2026
Est. Value Range
Experimental
$450,000 - $1,400,000
(AI estimate)
Agency Distribution
Low
Source
On 5/8/26 Boston Public Health Commission in Massachusetts issued IT Security Infrastructure and Governance with ID BPHC-ITS-2026-03 due 5/28/26.
Contacts
Documents
Posted documents for IT Security Infrastructure and Governance
Opportunity Assistant
AI Analysis
AI Generate