Silicon Valley Clean Energy (SVCE) is requesting proposals from qualified entities to conduct a Focused Security Assessment (FSA) of SVCE's information security program. The vendor will assess SVCE's current IT security posture and develop a comprehensive report describing activities performed, findings, risks identified, and prioritized recommendations to mitigate risks and increase security posture. The assessment must include: a point-in-time snapshot of SVCE's security posture including architectural weaknesses, access control vulnerabilities, network control and auditing weaknesses, detection and response weaknesses, policy configurations, and password security; assessment of the Enterprise Environment; assessment of Security Management Practices; assessment of Incident Response Plan (IRP); assessment of current data security practices; use of NIST and Cyber Security Framework standards; assessment of current IT policies with recommended revisions; and provision of a final report with recommendations and findings. SVCE is subject to California Public Utilities Commission Decision D.12-08-045 regarding privacy protections for Community Choice Aggregator customers. The target date for commencement is March 2020 with implementation of recommendations to begin within 12 months.