Information Security Governance and Policy Framework Development Service

Release Project Date: March 20th, 2026

Question Submission Deadline: April 10th, 2026

Question Response Deadline: April 14th, 2026

Submission Deadline: April 23rd, 2026

A government authority in Florissant, Missouri is seeking proposals from qualified cybersecurity consulting firms to develop a comprehensive Information Security Governance Framework. This project includes the creation of policies, standards, and operational procedures that will guide the agency's technology security program.

The selected firm will conduct a current state assessment covering network architecture, security controls, administrative processes, backup and disaster recovery practices, user access management, and vendor management. Based on this assessment, the consultant will develop formal documentation aligned with recognized best practices, such as the NIST Cybersecurity Framework, CIS Critical Security Controls, CJIS Security Policy for law enforcement systems, cyber insurance best practices, and municipal government data protection requirements.

Key deliverables encompass a complete suite of security policies, including but not limited to: Information Security Policy, Acceptable Use Policy, Access Control Policy, Data Classification and Handling Policy, Incident Response Policy, Business Continuity and Disaster Recovery Policy, Records Retention and Electronic Discovery Policy, Vendor and Third–Party Risk Management Policy, and Network Security Policy. The contract period is for one year. All questions related to this RFP are to be submitted by April 10, 2026.