The Workers Compensation Board of Manitoba (WCB) invites firms to submit a Proposal for the following: Consulting services to conduct a Privacy Impact Assessment and Threat Risk Assessment to ascertain the risks associated with the WCB's Digital Modernization Program.
Description of Services
The WCB requires a Contractor with specialized expertise in conducting Privacy Impact Assessments ("PIAs") and Threat Risk Assessments ("TRAs") to ascertain the business risks associated with the Digital Modernization Program. This will include, but not be limited to, any associated data sharing agreements, policies, procedures, and technical architecture solutions that govern the collection, use, disclosure, and retention of personal information ("PI") and personal health information ("PHI") in accordance with The Freedom of Information and Protection of Privacy Act (Manitoba), The Personal Health Information Act (Manitoba), and other relevant legislation, as applicable.
The Services will include identifying and evaluating risk by undertaking an assessment of threats and vulnerabilities to the security and integrity of PI and PHI during both the Foundation (Phase 1) and Implementation (Phase 2) of the Digital Modernization Program. The WCB's preference is to retain a Contractor that can provide expertise in performing both the PIAs and TRAs.
The Contractor will assess, analyse, and document the impacts on privacy that may result from the Digital Modernization Program. The PIAs will include any actual or potential risks and effects from the collection, use, disclosure, and retention of PI and PHI.
The Contractor will assess and analyse any new IT architecture and security framework and document in the TRAs, including any internal or external threats and risks associated with proposed changes to accepted rules, regulations, and industry best practices.
The Services shall normally be performed during Business Hours. However, the WCB may request some of the Services to be performed outside Business Hours from time to time, as deemed necessary, in the unfettered discretion of the WCB. The Contractor shall not be entitled to charge overtime rates unless specified in the Fee Schedule.
The Contractor must have expertise in the areas of privacy, security, legal, and information technology and a track record of conducting PIAs and TRAs with a similar level of complexity.
The Contractor should have experience and knowledge with the legislation and privacy principles applicable to public bodies operating in Manitoba.
The Proposal should include an overview of the proposed key resource(s) being offered, including profiles of work which highlight their experience performing similar projects.
The Contractor will not be required to have and maintain workers compensation coverage for its workers who will be providing the Services, unless required pursuant to The Workers Compensation Act.
The Services shall be provided onsite at the WCB's facilities and from the Contractor's facilities located in Canada, as applicable, unless otherwise agreed in writing.
It is expected PIAs and TRAs will be required at various points during the initial five (5) to seven (7) year period of the Digital Modernization Program. The WCB shall have an irrevocable option to extend the Services on the same terms and conditions and fees for an additional period of two (2) years if the WCB has not completed Phase 2 (Implementation) within seven (7) years.
The Services will be structured with an Agreement that will require the parties to enter into subsequent Statements of Work (collectively the "SOWs").
The full scope of work for the Services cannot be determined by the parties at the time the Agreement is executed because it is anticipated the WCB's needs and priorities for PIAs and TRAs will evolve as different components of the Digital Modernization Program are completed and further information is collected. The parties shall mutually agree upon the distinct scopes of work during the Services, including the total fees, deliverables, and completion dates for same, in writing, via the SOWs, prior to commencing work on such new PIAs and TRAs.
