My WebLink
|
Help
|
About
|
Sign Out
Browse
Search
Agmt25 AARC Consultants, LLC
RedwoodCity
>
City Clerk
>
Agreements
>
2020-2029
>
2025
>
Under $108K
>
Agmt25 AARC Consultants, LLC
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
6/16/2025 1:06:44 PM
Creation date
6/16/2025 1:06:39 PM
Metadata
Fields
Template:
Agreement
RMP File Number
304.5
Date
6/6/2025
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
20
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
Show annotations
View images
View plain text
REV: 05-27-25 LF <br />Following document review, Consultant shall work with key stakeholders and the City to <br />complete the RRA/ERP checklist, conduct an in-person site visit followed by workshops, <br />and interviews with key stakeholders. Workshops will focus on identifying critical system <br />components, potential vulnerabilities, and the greatest threats. Workshops will include: <br />•Initial RRA Checklist and Workshop(s): Held in person and virtually, where utility <br />staff and stakeholders describe the system’s operations and key processes. <br />•Subsequent workshops (if required): Held virtually, focused on identifying top <br />threats and vulnerabilities and quantifying the worst reasonable consequences of <br />specific threats. <br />•Ongoing discussions: Will address the interdependencies between utilities. This <br />phase will also involve a focused look into natural, malevolent, cybersecurity, and <br />physical security threats. <br />This collaborative approach helps to gather detailed insights from those closest to the <br />system, ensuring the assessment captures real–world risks and operational realities. <br />2.2 – Draft RRA <br />Consultant shall provide a detailed analysis and development of mitigation measures <br />once the threat and vulnerability identification steps are completed. This process includes: <br />•Critical Assets and Threats: Identify key infrastructure, systems, and resources <br />essential for operations, along with potential threats and vulnerabilities. <br />•Physical Security Assessment: Evaluate facility security measures, access <br />controls, surveillance, and emergency response capabilities. Consultant shall <br />conduct a Physical Security Assessment of the water system infrastructure, <br />utilizing industry standards to evaluate the security posture. This assessment will <br />cover: <br />o A comprehensive evaluation using tools from AWWA’s G430, CISA, and <br />the US EPA to assess barriers, plans, processes, and procedures. <br />o The evaluation will follow the deter, detect, devalue, delay, and respond <br />framework to identify improvements in protecting critical infrastructure from <br />both current and emerging threats. <br />The outcome will be a clear picture of the current physical security posture, with <br />prioritized recommendations for enhancing security measures. <br />•Cybersecurity Assessment: Assess digital infrastructure, network security, data <br />protection, and potential cyber threats. Consultant shall evaluate the City’s <br />cybersecurity posture, using both industry–standard tools and tailored <br />methodologies to identify vulnerabilities and enhance system security. This <br />includes: <br />1.AWWA Water Sector Cybersecurity Risk Management Tool <br />•Facilitates data–driven risk analysis for operational technologies (e.g., <br />SCADA) and enterprise systems. <br />•Produces a prioritized list of recommended controls tailored to the <br />City’s needs. <br />2.AARC Cybersecurity Questionnaire and Checklist <br />ATTY/AGR.2025.124/AARC Consultants, LLC(RRA and Update to ERP 2025) (Page 12 of 20)
The URL can be used to link to this page
Your browser does not support the video tag.