Information Technology Audit: Review and Evaluate Information Security Risk Assessment

NYSTRS Internal Audit Department is seeking proposals from qualified firms (“Bidders”) for services related to a co-sourcing arrangement to assist with Information Technology audits. The first-year engagement will be to review and evaluate the organization’s Information Security Risk Assessment that was completed using the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF).

The co-sourcing arrangement will help to promote an environment of knowledge sharing with the dedicated Internal Audit Department personnel. Internal staff are expected to gain experience alongside industry experts.

NYSTRS intends to make a single award to the highest-scored responsive and responsible Bidder, as determined by the evaluation process (the “Contractor”). The initial contract term shall commence upon contract execution and be completed by November 15, 2024. 

NYSTRS has partnered with Bonfire Interactive to manage its solicitations.  This allows bidders to electronically submit bids through a portal on NYSTRS website.  Please note:

• Registration on Bonfire is mandatory to participate in NYSTRS formal competitive procurements. Solicitation documents will only be available in Bonfire, and all bids must be submitted through Bonfire.
• Registration is free and easy. Visit https://nystrs.bonfirehub.com/ and follow the link to the Bonfire vendor registration page to register your company.
• Registered vendors will be alerted to upcoming solicitations based on the selected Vendor Type and/or NAICS code(s).
• After registering, bidders may navigate to the Open Public Opportunities tab to view NYSTRS procurement opportunities.
• Bidders are solely responsible for the electronic submittal of their response and NYSTRS is not responsible for any transmission errors or delays.
• All questions and requests for clarification must be submitted via the portal during the “Question” period. No exceptions.