The government authority in British Columbia is seeking a provider of cybersecurity incident response services to strengthen its internal capacity with specialized advisory, forensic, and hands-on incident response (IR) support. The selected vendor will respond to a variety of cyber threats, including but not limited to ransomware, malware, business email compromise, cloud compromise, and identity attacks.

Services will include advanced digital forensic and incident response (DFIR) capabilities for Windows and Oracle Linux platforms, as well as related infrastructure such as Oracle Applications & Database, .NET, Power Platform, SharePoint, and OneDrive. The chosen provider must be able to integrate seamlessly with the organization’s core security tools, including Microsoft Azure/Entra, Defender, Purview, CrowdStrike, Qualys, and Forcepoint.

The environment consists of legacy Active Directory hosted IaaS with AD Connect to Entra, approximately 1700 Windows 11 Enterprise workstations on HP hardware, a managed mobile device fleet (iPhones), and security platforms such as CrowdStrike Falcon Complete, Defender for Endpoint, Microsoft Sentinel SIEM, and Forcepoint Web Security. The contract is anticipated to run for four years, with all vendor inquiries due by March 20, 2026.