D2.1 The Work to be done under the call out list shall consist of the provision of Incident Response
and Digital Forensic services from the date of award for the period of two (2) years.
D2.2 The purpose is to establish a call out list for both Incident Response and Digital Forensic
services on an “as required” basis, where and when available
D2.3 The Contractor who is the most advantageous will be hired first subject to the other provisions
of this Request for Proposal. If an engagement arises and the most advantageous Contractor is
not available for the Work the Contract Administrator will contact the second most
advantageous Contractor and so on.
D2.4 Under the general direction of the Information Security Coordinator the Incident Response
Contractor will
(a) Provide guidance and assist in the containment, of an active cyber security incident;
(b) Provide guidance and assist in the investigation phase of an active cyber incident for use in
both the remediation of the current incident and/or a potential future forensics engagement;
(c) Assist in the eradication of an active cyber security incident;
(d) Lead and assist in the remediation activities required to recover from a previously active
cyber incident;
(e) Provide a follow up report detailing the incident and recommendations on how to prevent
future occurrences; and
(f) Lead / facilitate incident post mortem analysis meetings with senior management.
D2.5 Under the general direction of the Information Security Coordinator the Digital Forensics and
Analysis contractor will
(a) Assist in the determination of the scope of loss stemming from a resolved cyber security
incident;
(b) Determine the attack vectors utilized in a previously resolved cyber security incident;
(c) Perform investigative interviews with key staff involved in a data loss incident;
(d) Lead evidential discovery and collection activities which may be performed by the
contractor or by City of Winnipeg staff at their direction.
(e) Evidence must be collected in a manner consistent with future use in a legal proceeding
where possible.
(f) Provide reports to senior management detailing the full scope of a data loss event and
recommendations to prevent reoccurrence; and
(g) Assist and provide guidance to senior management and the City of Winnipeg’s Legal
department as to what if any reporting requirements stem from the data loss event that has
been investigated.
D2.6 The Work shall be done on an "as required" basis during the term of the Contract.
D2.6.1 The type and quantity of Work to be performed under this Contract shall be as authorized
from time to time by the Contract Administrator and/or Users.
D2.6.2 Subject to C7.2, the City shall have no obligation under the Contract to purchase any
quantity of any item in excess of its actual operational requirements.
D2.7 Notwithstanding D2.1, in the event that operational changes result in substantial changes to the
requirements for Work, the City reserves the right to alter the type or quantity of work performed
under this Contract, or to terminate the Contract, upon thirty (30) Calendar Days written notice
by the Contract Administrator. In such an event, no claim may be made for damages on the
ground of loss of anticipated profit on Work.
