The government authority in Ontario is seeking a vendor to conduct an audit focused on IT service continuity and incident response capabilities, with special emphasis on cybersecurity and technology-related disruptions. The audit will encompass the corporate network infrastructure, including LAN, WAN, and all connectivity supporting communications across municipal systems, facilities, and users.

Key components covered include data centre environments (primary and secondary), server, storage, and virtualization infrastructure, and critical enterprise applications supporting service delivery. The assessment will also address communications systems such as telephone and radio, backup and recovery infrastructure, payment systems from a continuity perspective, and dependencies on shared infrastructure, third-party providers, and cloud-based platforms.

The selected vendor will review IT disaster recovery plans and documented procedures, backup and data recovery controls, related testing and training programs, and the integration of cybersecurity risks into continuity planning. The scope further includes assessment of incident response governance, classification protocols, escalation processes, detection and alerting systems, and integration with privacy, legal, communications, and other business functions. Recommendations for continuous improvement and the incorporation of lessons learned from incidents or exercises are expected.