When is the submission deadline?

Submissions are due July 21, 2026. Questions must be submitted by July 16, 2026.

It was issued by City Of Kelowna. The work is located in Kelowna, British Columbia, Canada.

Who is a good fit for this opportunity?

Proven expertise in vulnerability management for government or large enterprise clients. Experience managing Windows and Linux environments at scale. Skilled in remote delivery of IT security services with robust data handling protocols. Certifications in cybersecurity (such as CISSP, CISM, or equivalent). Demonstrated knowledge of patch management for commercial and third-party applications.

Information Technology Vulnerability Management Services (Due July 21, 2026)

Overview

Cybersecurity & Data Privacy

Kelowna, British Columbia, CanadaPosted: June 11th, 2026Deadline: July 21st, 2026

Fit Score

Settle Intelligence

Settle helps teams find, qualify, and respond to RFPs. We continuously surface new opportunities, score them against your company strengths, and draft proposal responses so you can focus on the work that wins business.

Learn more about Settle

SUMMARY

The government authority in British Columbia is requesting vendors to provide remote vulnerability management services, including remediation activities, application patching, and risk-based prioritization of IT vulnerabilities.

KEY REQUIREMENTS

Must operate within City RMM and endpoint management platforms
Must not store or process vulnerability data outside City infrastructure
Must support defined SLA notification timelines
Must support full audit logging and user attribution
Must comply with City change management processes
Must provide proof of WorkSafe BC compliance
Must provide proof of required insurance including Comprehensive General Liability and Automobile Liability
Must hold a current City of Kelowna Business Licence
Supplier personnel must have completed FOIPPA training within the last two years

CONTRACT DURATION

36 months

TIMELINE

Submission Closing Date: July 21st, 2026

Anticipated Ranking of Submitters: July 31st, 2026

Contract Negotiation Period: August 10th, 2026

Anticipated Execution of Contract: August 2026

QUESTION DEADLINE

July 16th, 2026

Issuing Agency

City Of Kelowna

Organization overview and procurement intelligence available on paid plans.

See Issuer Research

DESCRIPTION

The government authority in British Columbia seeks a vendor to provide comprehensive information technology vulnerability management services. The scope includes scheduled remediation and continuous improvement activities targeting vulnerabilities on approximately 170 corporate-managed Windows servers, 20 Linux servers, 1700 Windows workstations (including laptops, tablets, and desktops), and diverse commercial software applications.

The selected vendor will address application patching for both third-party and commonly deployed applications within the city environment. Responsibilities involve ensuring proper device enrollment within the city’s IT structure, reconciling oversight across management platforms, and developing an initial remediation roster. Vendors will review, prioritize, and provide risk-based analysis (critical, high, medium, low) for vulnerabilities, taking into account exploitability and potential impact, and maintain tracking for all vulnerabilities until they are remediated or an exception is approved.

Further tasks include managing updates to third-party applications, recommending remediation actions (with ultimate execution directed by the city), and resolving device state issues such as onboarding to management platforms and patch/update failures. The engagement mandates all work be completed remotely, strict adherence to least privilege access principles, and, where appropriate, the use of time-bound or just-in-time privileged access protocols. Vendors must observe specific data handling requirements throughout the engagement.

Similar RFPs

Frequently asked questions

When is the submission deadline?: Submissions are due July 21, 2026. Questions must be submitted by July 16, 2026.
Who issued this RFP?: It was issued by City Of Kelowna. The work is located in Kelowna, British Columbia, Canada.
Who is a good fit for this opportunity?: Proven expertise in vulnerability management for government or large enterprise clients
Experience managing Windows and Linux environments at scale
Skilled in remote delivery of IT security services with robust data handling protocols
Certifications in cybersecurity (such as CISSP, CISM, or equivalent)
Demonstrated knowledge of patch management for commercial and third-party applications

Stop missing winnable RFPs

Create a free account to search the full database, filter by your criteria, and have new RFPs matched to your business automatically.

See how Settle works