Silicon Valley Clean Energy (SVCE) is soliciting proposals from qualified entities to conduct a comprehensive Information Technology (IT) security audit of SVCE's IT systems and processes. The audit will help uncover potential vulnerabilities and process improvements to maintain sensitive data secured to industry standards. Proposers must conduct a top to bottom audit of SVCE's IT infrastructure, network, and data storage, and generate a detailed report. The scope of work includes: Penetration Testing (Standard, Basic, Advanced Persistent, and Basic External Web Application), Vulnerability Assessments (External, Internal, Network Security, Web Application, Operating System, Firewall, and Active Directory), Review of current IT policies and procedures, Disaster Recovery Review, Compliance assessment, Risk Management and Risk Mitigation, Asset Protection, Security Policy Review, and CIS Security top 20 Critical Security Controls. Deliverables must include results of all tests, potential weak spots, vulnerabilities (categorized as critical, high, medium and low), and specific implementable recommendations for improvements. SVCE is subject to California Public Utilities Commission D.12-08-045 regarding privacy protections. Target commencement date is March 2020 with implementation of recommendations within 12 months.