Opportunity
Norcross Civicplus #RFP IT 26-10
City of Norcross Cybersecurity Assessment, Compliance, and Governance Services RFP
Posted
June 18, 2026
Respond By
July 07, 2026
Identifier
RFP IT 26-10
NAICS
541512, 541690
The City of Norcross Information Technology Department is seeking a qualified cybersecurity consulting firm to assess, enhance, and govern the city's cybersecurity posture. - Government Buyer: - City of Norcross Information Technology Department - Scope of Work: - Comprehensive cybersecurity risk assessment across all city departments - Development of security and compliance frameworks aligned with NIST, CIS 18 Critical Controls, HIPAA, CJIS, and ISO 27001 - Creation of tailored cybersecurity policies for access control, identity management, data protection, incident response, business continuity, and vendor risk management - Delivery of cybersecurity awareness and advanced training, including a train-the-trainer model for ongoing education - Support for implementation of a Zero Trust infrastructure and integration of best practices - Alignment with Georgia's state cybersecurity plan and the State and Local Cybersecurity Grant Program (SLCGP) Objective 1 - Notable Requirements: - Experience with grant-funded security projects in local municipalities - Adherence to federal and state cybersecurity standards - Ability to provide both general and advanced training - Proposals must include references, insurance certificates, and compliance with E-Verify and SAVE affidavit requirements - No specific OEMs or product part numbers are named in the solicitation - Project is structured in phases: risk assessment, policy development, and training/implementation support
Description
The City of Norcross Information Technology Department is seeking competitive proposals from qualified cybersecurity consulting firms to assess the current security posture, develop a comprehensive security and compliance framework, and deliver tailored training to personnel. The project aims to establish a sustainable, self-sufficient cybersecurity governance structure aligned with federal and state cybersecurity standards. The scope includes risk assessment, policy development, and training implementation. Proposals must be submitted by July 7, 2026, with an optional pre-proposal meeting on June 26, 2026.