SOC Scope of Work
1
Request for Proposals for SOC-as-a-Service Provider to Provide
Managed Cybersecurity Services for City of Denton Informational
Technology and Operational Technology
INTRODUCTION
The City of Denton (COD) is seeking a SOC-as-a-Service (SOCaaS) Vendor to provide
managed cybersecurity services for its Informational Technology and Operational
Technology IT/OT operations.. The pricing shall include all costs, and the RFP submittal
shall have accurately described your understanding of the objectives and scope of the
requested products and services and provide an outline of your process to implement the
requirements of the Scope of Work and Services. It is anticipated that the scope proposal
submission will include, at a minimum, the following:
1. PURPOSE
The purpose of this RFP is to solicit proposals from qualified vendors to provide a
fully managed, comprehensive SOCaaS, solution.The selected vendor will be
responsible for providing 24/7/365 administration, monitoring, reporting,multi-signal
threat detection & prevention, incident response, and proactive security measures
to safeguard COD’s critical infrastructure, sensitive data, and intellectual property.
To further augment the COD’s IT/OT and Compliance staff, the selected vendor
shall be responsible for support for managed Security Information & Event
Management (SIEM). This initiative aims to enhance COD’s cybersecurity posture,
ensure compliance with industry standards, and proactively respond and mitigate
potential security risks through a robust and scalable SOCaaS solution.
Vendors should demonstrate their capabilities in several key areas to ensure they
can meet the requirements detailed within this RFP within the vendor’s proposed
Cyber Security Operations Center (SOC) and Managed Services solution.
A. Experience and Expertise
Company Background: Provide an overview of the company, including years in
business, size, and areas of specialization.
2
B. Relevant Experience
Detail past projects and clients, particularly those similar in scope and industry.
Specific focus on both IT and OT ( Computer Security; Distributed Control Systems
(DCS); Information Security; Log Management, Zero Trust Network Security;
operational technology (OT); Programmable Logic Controllers (PLC); Risk
Management; Security Controls; Supervisory Control and Data Acquisition
(SCADA) Systems.
C. Certifications and Accreditations
List relevant certifications (e.g., ISO 27001, CISSP, CISM, NIST 800 series, such
as 800-53r5 and SP 800- 82r3, CISA ) and other related industry accreditations.
D. Technical Capabilities
Technology Stack: Describe the tools and technologies used for monitoring, threat
detection, and incident response.
Integration Capabilities: Explain how their solutions integrate with existing systems
and third-party tools without compromising security
Innovation and R&D: Highlight any proprietary technologies or ongoing research
and development efforts.
E. Service Delivery
Service Level Agreements (SLAs): Outline the SLAs for response times, resolution
times, and uptime guarantees.
24/7/365 Support: Confirm the availability of round-the-clock support and
monitoring, including processes, actions related, and information sharing.
Incident Response: Detail the incident response process, including escalation
procedures and communication protocols.
F. Compliance and Security Standards
Regulatory Compliance: Demonstrate adherence to relevant regulations and
standards (e.g., NERC CIP, CJIS, IEC 62443, AWWA/EPA, ISA , PCI,, HIPAA).
Security Practices: Describe the security measures in place to protect client data
and infrastructure.
G. Case Studies and References
Case Studies: Provide detailed case studies showcasing successful
implementations and outcomes.
Client References: Offer references from current or past clients who can attest to
the vendor’s performance and reliability.
H. Cost and Value
Pricing Model: Explain the pricing structure, including any setup fees, ongoing
costs, and potential additional charges. Itemize all pricing proposals and be sure to
include:
3
Must Haves:
• 24/7 Monitoring
• Threat Intelligence: Detection and Response
• Vulnerability Management
• General Compliance Support
• Advanced Tools: SIEM, IDS/IPS or similar detection and prevention
• Continuous Monitoring: Round-the-clock surveillance of IT infrastructure to
detect suspicious activities.
• Scalability
• Incident Management: Efficient handling of security incidents to minimize
impact
• Analytics
refered Nice to Haves:
• Vulnerability Assessments
• Automation
• Threat Hunting
• EDR
• Dark Web Monitoring
Value Proposition: Highlight the unique value the vendor brings to the table, such
as cost savings, enhanced security, or improved efficiency.
I. Team and Resources
Key Personnel: Introduce the team members who will be involved in the project,
including their qualifications and experience.
Resource Availability: Confirm the availability of necessary resources to meet
project timelines and requirements.
J. Methodology and Approach
Project Management: Describe the project management approach, including
planning, execution, and monitoring.
Customization and Flexibility: Explain how the vendor can tailor their services to
meet specific needs and adapt to changing requirements.
2. SCOPE OF WORK/DELIVERABLES
• Managed Security Operations:
o Transition from an internally managed cybersecurity approach to a fully
managed ecosystem.
1. 24/7 Security Operations Center (SOC): 24/7 comprehensive
managed SOC
4
▪ Real-Time Analytics that provide data-driven insights into
security threats and enable a proactive approach by
identifying patterns and potential risks.
2. Threat Intelligence: Detection and Response
▪ Integrating real-time threat data from global security
databases. Identification of emerging threats to stay ahead of
attackers.
▪ Automated Detection and Response
▪ IT/OT related tailored security policies
▪ Compliance Management – by assisting in the audit
preparation to ensure regulatory compliance and adherence
to industry standards
▪ Immediate Incident Response in case of a security breach
▪ Minimal operation disruption and damage, and keeping
business running smoothly.
3. Vulnerability Management
4. General Compliance Support
5. Advanced Tools: SIEM, IDS/IPS or similar detection and
Prevention
6. Continuous Monitoring: Round-the-clock surveillance of IT
infrastructure to detect suspicious activities.
7. Scalability:Scalable cybersecurity solutions that help COD to
protect its digital assets and meet compliance requirements
effectively.
• Technology Services & Tools
• Log Sources
o Workstations + Servers (physical and virtual) = 4500 active
computer accounts
o Domain Controllers = 5
o Firewalls = ~25-30
• Centralized Systems (count as one device each)
o EDR Tool = 0
o VPN = 3 (1 Cisco, 2 Netmotion)
o SaaS Tools (0365, G-Suite, email security, other) = 2 (365,
Proofpoint)(Hosted FTP service is being used that could be
considered for DLP)
o Azure Cloud
5
o IDS/IPS and FIM
o SCADA (30 Servers, 60 SCADA WS, 6 Mgmt Servers)
.
• Incident Response and Remediation: Handle common incidents (e.g., account
resets, system containment) and support for complex incidents.
o Annual Table Top Excercises
• Vulnerability Management: Comprehensive management, EDR, assessments,
and remediation against SLAs.
o Ensure vulnerabilities are clearly assigned to appropriate departments
(such as engineering, infrastructure, and help desk) and remediated
against SLAs
• Threat Intelligence: Quarterly threat hunting and annual penetration tests.
• Compliance & Audits: Ensure adherence to NIST frameworks and perform
quarterly IAM and privileged user audits.
• CISA, CJIS adherence
• Communication: Interact via phone, text, email, and virtual meetings.
• Offer roadmap advisory, policy maintenance, and creation.
Facilitate quarterly reviews and board-ready report generation.
• Risk Management and Advisory
• Provide comprehensive risk management strategies and conduct annual
tabletop exercises.
• Dedicated personnel for internal consultations.
• Operational Excellence
• Effective incident remediation and vulnerability management.
• Proactive threat hunting and regular security reviews.
• Respond to inbound reports from all sources to triage and redirect to
appropriate teams.
• Review and evaluate all third requests against appropriate risk and security
management best practices.
• Protection of City of Denton Data in transit and at rest under care
3. GENERAL INFORMATION ABOUT THE RFP
Proposal Costs:
The City of Denton shall neither be responsible nor liable for any costs incurred
by agencies in preparation and submission of their proposals including, but not
limited to, copying, printing, presentation and delivery costs.
Number of Contracts:
The City of Denton shall have no obligation to award any contract for work,
6
goods, and/or services as a result of this solicitation. We also reserve the right to
cancel this RFP or award more than one contract if necessary.
Payment Terms:
The City of Denton has a payment policy of 30 days net of day of invoice receipt.
This is a requirement for all agencies partners.
Ownership, Use and Return of Materials:
All materials submitted by a supplier in response to the RFP become the sole
property of The City of Denton and will not be returned to the bidding agencies.
Each agency will retain ownership of any copyrighted or patented material owned
by the agency and contained in any submission to us.
4. GENERAL PROVISIONS
Representing the City of Denton Technology Services Department for this contract
will be the Information Security Officer or their designee. The Information Security
Officer, or their designated representative, shall have the responsibility of contract
oversight. The Information Security Officer, shall have authority to ensure vendor
compliance with specifications, drawings, regulations, and safe work practices. The
Information Security Officer, or designee shall have the authority to authorize and
inspect all work, accept work for payment, reject work, stop work, and require
corrections as they see fit.
Meetings regarding this contract will be held virtually or in City of Denton offices if
deemed necessary.
5. HOURS OF OPERATION
1. 365/24/7 Operations
2. City of Denton Normal Work Hours for reference: Monday through Friday,
7:00am – 5:00pm
a. Normally scheduled day hours.
3. Weekend Hours: Saturday and Sunday, any hour, day or night.
4. Holidays: any hour day or night per this listing:
a. New Year’s Day (observed)
b. Martin Luther King Jr. Day
c. Memorial Day
d. Juneteenth
7
e. 4th of July
f. Labor Day
g. Veteran’s Day
h. Thanksgiving Day
i. Day after Thanksgiving
j. Christmas Eve (observed)
k. Christmas Day (observed)
Note: If a legal holiday falls on Saturday, it will be observed on the preceding
Friday. If a legal holiday falls on Sunday, it will be observed on the following
Monday. Holiday hours are extra time beyond normal day work hours, needed to
finish tasks in progress.
6. INDEPENDENT CONTRACTOR
While engaged in carrying out and complying with the terms and conditions of this
Contract, the vendor is, and shall be, an Independent Contractor and shall not, with
its acts or omissions, be deemed an officer, employee, or agent of the City. The
vendor shall not at any time or in any matter represent that it or any of its agents or
employees are in any manner agents or employees of the City.
The vendor is, and shall remain, an Independent Contractor, with full, complete and
exclusive power and authority to direct, supervise, and control their own employees
and to determine the methods of the performance of the work covered thereto. The
fact that the City of Denton Technology Services Department’s representative have
the express right to observe the vendor’s work during their performance and to carry
out other prerogatives which are expressly reserved to and vested to the City of
Denton Technology Services Department’s representative hereunder, is not
intended to and shall not at any time change or affect the status of the vendor as
an Independent Contractor.
7. WITHHOLDING OF FUTURE PAYMENTS
The City of Denton reserves the right to withhold from any amounts owed to the
vendor, present or future, amounts for rejected work, incorrect billings, late billing
penalties, material charges, or any other expenses due to the City. The IT
Communications Manager or their designated representative will only process final
payments for projects after formal reviews and material reconciliation is complete.
8
8. CITY OF DENTON SELECTION CRITERIA AND RESPONSE SUBMITTAL
REQUIREMENTS
Criteria taken into consideration during the proposal evaluation process may
include but is not limited to the following:
Organization and Staffing – 20%
• A maximum three (3) page narrative as to the firm’s interest, particular
abilities and qualifications related to this project, including the overall
capacity of the organization.
• An overview of the firm and brief history of operations. Include the location
of your office where the majority of the work on the project will be performed
and the approximate number of employees in that office.
• Resumes of key personnel to be assigned to this project with an
organizational chart. Include past project experience and the roles of the
propsed key personnel.
• Provide firm’s staffing approach to sufficiently staff the contract project if
awarded.
•
Past Experience and Probable Performance – 50%
• Provide past project experience within the last five (5) years, providing the same
or substantially similar services as outlined in this RFQ. Preferably with other
municipal government sector entities with a population size of 100,000 and
above. At minimum, include the following items for each project submitted:
a. City Name
b. Contact Name, Phone Number, and Email Address
c. Project Description Summay of Services
d. Contract Length
e. Original Contract Cost and Final Contract Cost
• Provide three references with at least one from a municipal government of
similar scope and size.
Total Cost of Services/Price – 30%