Cybersecurity & Information Security Services
Buying from a NASPO ValuePoint Contract? Learn How
- Portfolio Awarded:
- Portfolio Expiration:
- Portfolio Renewal Limit:
How to Buy from a NASPO ValuePoint Contract
If you’ve identified a portfolio or supplier on the NASPO ValuePoint website and are ready to make a purchase:
The first step is to check whether your state has a Participating Addendum (PA) for that contract. Each PA outlines which entities within the state (such as agencies, counties, cities, public universities, or school districts) are authorized to purchase from the agreement.
If your organization is covered by a PA:
The next step is to follow your state’s or your organization’s established procurement procedures to complete the purchase. NASPO ValuePoint does not issue purchase orders or manage individual transactions, as each state or local entity retains its own procurement authority. These processes can vary widely, some state agencies may be required to use a central procurement platform (for example, an ERP (SAP, Workday, JD Edwards, etc.) or eProcurement System (Ivalua, SOVRA, CGI Advantage, etc.)), while local entities such as public universities or municipalities may have their own systems and approval thresholds.
Because these rules differ from state to state and even between organizations within the same state, NASPO ValuePoint cannot prescribe a single buying process, but encourages purchasers to work within their local procurement guidelines when utilizing NASPO ValuePoint contracts.
Portfolio Snapshot
Everything you need to know about this portfolio's solicitation process.
Solicitation Documents
About the Portfolio
The state of Idaho, in furtherance of the NASPO ValuePoint Cooperative Purchasing Program, has established Master Agreements with suppliers of Cybersecurity & Information Security Services for all Participating States.
These new Master Agreements may be used by state governments (including departments, agencies, institutions), institutions of higher education, political subdivisions (i.e., colleges, school districts, counties, cities, etc.), the District of Columbia, territories of the United States, and other eligible entities subject to approval of the individual state procurement director and compliance with local statutory and regulatory provisions.
+ Read More
Award Information: There is a total of eleven (11) suppliers with a fully executed and available Master Agreement. For more information about the suppliers awarded and which categories they were awarded, please review the portfolio snapshot, located on this page.
Cyber Security and Information Security Services Master Agreements will allow state end users access to critical proactive and reactive Cybersecurity and Information Security Services.
Category 1 - Risk Assessment and Mitigation Services
Category 2 - Incident Response Services
Category 3 - Breach Coach Services
Category 4 - Notification and Credit Monitoring Services
CATEGORY 1 - Risk Assessment and Mitigation Services
Risk assessment and mitigation services: professional services that help organizations identify potential risks, evaluate their likelihood and impact, and then develop strategies to minimize or eliminate those risks, essentially protecting the organization's assets and ensuring business continuity by proactively addressing potential threats; it involves both analyzing potential dangers and taking proactive steps to manage them effectively.
- Risk identification: Identifying potential hazards and threats that could affect the organization, including internal and external factors.
- Risk analysis: Evaluating the likelihood and severity of each identified risk, often using qualitative or quantitative methods.
- Risk prioritization: Ranking risks based on their potential impact and likelihood of guiding mitigation efforts.
- Mitigation strategy development: Creating actionable plans to address each identified risk, including preventive measures, contingency plans, and risk transfer options.
- Implementation and monitoring: Putting mitigation strategies into practice and regularly reviewing their effectiveness to adapt to changing circumstances.
CATEGORY 2 - INCIDENT RESPONSE SERVICES
All incident response services must be carried out by trained experts and meet all legal standards. Incident response services assist organizations in detecting, containing, and mitigating damage from cybersecurity breaches or attacks, essentially providing a rapid response to security incidents to minimize harm and restore system functionality when a threat occurs; they aim to identify, analyze, and address security issues quickly, while also learning from past incidents to improve future preventative measures.
Key points about incident response services:
- Function: When a security breach happens, the incident response team is activated to manage the situation, including isolating the threat, investigating its origin, and taking steps to prevent further damage.
- Benefits:
- Expertise: Access to specialized cybersecurity professionals who can handle complex threats.
- Rapid response: Quick identification and containment of incidents, minimizing potential damage.
- Improved security posture: Analysis of incidents to identify vulnerabilities and implement preventative measures.
- Typical services:
- Threat detection and analysis
- Incident containment and eradication
- Data recovery and restoration
- Forensics investigation
- Post-incident reporting and improvement planning
CATEGORY 3 - BREACH COACH SERVICES
Data breach coaching services involve specialized guidance and support for businesses experiencing or at risk of a cybersecurity incident, offered to help navigate the incident response process and mitigate potential damages. Please note: Any and all legal services on behalf of the Purchasing Entity must be approved by Purchasing Entity at the time the Work Order is executed, some Purchasing Entities may require additional internal approval of any outside legal services.
CATEGORY 4 - NOTIFICATION AND CREDIT MONITORING SERVICES
Call Center, Credit Monitoring Identity Theft Monitoring, Notification services
Products & Services
- Category 1 - Risk Assessment and Mitigation Services
- Category 2 - Incident Response Services
- Category 3 - Breach Coach Services
- Category 4 - Notification and Credit Monitoring
Have suggestions for additional products and services in this portfolio?
Contact Us
All Suppliers (11)
Online Enterprises, Inc. dba Online Business Systems (OBS)
NASPO ValuePoint makes every effort to maintain the accuracy and completeness of the documents on this website. However, all official records are maintained by the Lead State (or Participating Entity, in the case of participating addenda). In the event of any conflict between the documents on this site and an entity’s official records, the official records govern.
Questions, concerns, and feedback on this website’s content may be sent to [email protected].
What is a Participating Addendum?
A Participating Addendum (PA) is generally used by a state Chief Procurement Official (CPO) to establish a state contract tied to a specific NASPO ValuePoint master agreement. The PA identifies unique terms and conditions specific to a state and identifies state agencies and other eligible entities in the state that are authorized to participate in the agreement. A state CPO may issue PAs that allow participation as follows:
- Statewide provides for participation by all state and local government agencies and other eligible entities within the state
- State only provides for participation only by state agencies.
- Non State entities only provides for participation by local government agencies and other eligible entities, but prohibits participation by state agencies.
Review your state’s Participating Addendum (PA) to determine eligibility. If a PA is not currently in place, contact the state CPO to discuss whether participation may be considered.
For questions related to participation in NASPO ValuePoint master agreements, please contact the Cooperative Contract Coordination team at [email protected].