The government authority in British Columbia seeks a vendor to provide comprehensive technology assessment services in support of the district’s organizational review and multiyear roadmap initiative. The scope includes IT consulting and professional services focused on enhancing the security and effectiveness of the authority's technology landscape.

Key tasks involve evaluating existing security controls, identifying technical risks and configuration weaknesses, and detecting potential attack paths that could compromise systems and sensitive information. Vendors will conduct both automated vulnerability scanning and manual validation, as well as controlled penetration testing to simulate authorized real-world cyberattack scenarios. Comprehensive internal and external vulnerability assessments of network infrastructure, identification of unpatched software, and insecure configurations are required.

The assessment will also examine the current identity environment, recommending improvements for identity management across both on-premises and cloud services. Additional work includes analyzing domain and forest configurations, replication health and performance among domain controllers, and the effectiveness of password and authentication policies. Testing of web-based applications and services will also be performed to identify issues such as injection and cross-site scripting vulnerabilities, authentication weaknesses, and session management flaws.