State of Ohio

Buyer requires comprehensive data security and privacy compliance services. The contractor must implement and maintain security controls at the moderate level baseline per NIST 800-53 or ISO 27001. Services include protecting confidential information, implementing security safeguards, managing incident response, and ensuring regulatory compliance. The contractor will be responsible for securing data across all environments and providing audit reports.

• 5/7/2025 - Proposal Due Date

• Maintain security program compliant with NIST 800-53 or ISO 27001
• Implement encryption for confidential data at rest and in transit
• Establish incident response procedures for security breaches
• Obtain and maintain SOC 2 Type 2 or FedRAMP/StateRAMP authorization
• Conduct vulnerability scans and remediate security vulnerabilities
• Develop data handling procedures for different classifications of information
• Implement multifactor authentication for systems containing confidential data
• Perform background investigations on personnel with access to data
• Ensure compliance with FERPA, HIPAA, or other regulations as applicable
• Document and report security incidents within 24 hours