Information Technology Vulnerability Management Services

A government authority in British Columbia is seeking information technology vulnerability management services to secure its corporate IT environment. The agency needs to resolve and manage vulnerabilities across approximately 170 Windows servers, 20 Linux servers, 1,700 Windows workstations, and various commercial software applications. The primary objective is to establish a continuous improvement and scheduled remediation process that ensures all devices are properly enrolled, tracked, and updated. The scope of work requires the selected provider to prioritize existing vulnerabilities based on impact, severity, and prevalence using a risk-based approach. The service provider must reconcile device enrollment across the agency's management platforms, develop an initial list of devices requiring remediation, and manage updates for third-party applications. Additional responsibilities include resolving device state issues such as onboarding failures, patch failures, and manual removals, while performing all work remotely under strict least-privilege and time-bound access controls. Eligible bidders must be located onshore within Canada. Although the source text notes that performance of the work will be onsite, it also specifies that all vulnerability management work is to be completed remotely. Bidders must submit their proposals digitally via email or online, and they must provide their own pricing proposals as the agency has not disclosed a pre-determined budget.