Title
Cybersecurity Audit 2025
History
In 2021, the Village issued RFP 21-044 for a full Cybersecurity Assessment along with a Network Security Monitoring/Help Desk Managed Services. The Cybersecurity Assessment was awarded to Securance and was completed at the end of 2022. Since the last cybersecurity audit was completed there have been a number of security policy changes with Criminal Justice Information Services (CJIS) and the National Institute of Standards and Technology (NIST) and to ensure the Village is meeting the updated standards another cybersecurity audit is recommended. The Village does periodic external penetration tests so the focus on the proposed audit is in internal cybersecurity and controls. The Village reached out for a number of quotes and received responses from Securance Consulting and Sentinel Technologies (Fortis), see attached quotes and statements of work for details. Sentinel Technologies quoted $41,302 and Securance Consulting quoted $57,344 for the cybersecurity audit.
The Technology Commission met on June 4th and recommended that we proceed with Sentinel's proposal. While Securance has proven themselves as a capable company, the Commission felt that having a different review from a more local company would be a better option. In addition, the Sentinel contract is $16,000 less than the proposal from Securance.
Financial Impact
Sentinel's proposal for the cybersecurity audit came in below what was budged for 2025.
Recommended Action/Motion
I move to approve the Technology Commission recommendation for the cybersecurity audit with Sentinel/Fortis for a cost not to exceed $41,302;
AND
Authorize the Village Manager to execute all related contracts subject to Village Attorney review.