CITY OF PADUCAH, KY
Request for Proposals
FY26 Cyber Risk Assessment & Vulnerability
Scan
Table of Contents
I.
Introduction
II. Current Environment
III. Scope of Work/Services
IV. Project Approach
V. Pricing Information
VI. Proposal Contents
VII. Proposal Submission and Evaluation
Page 1 of 7
I.
Introduction
The City of Paducah (KY) is requesting proposals from qualified firms to provide a cyber
risk assessment and vulnerability scan.
The City of Paducah has a resident population of approximately 25,000, but serves an
expanding daytime population of close to 100,000. The City serves as a regional hub for
healthcare, shopping and entertainment.
The City of Paducah Technology Department’s mission is to provide quality, cost-
effective services while advancing the use of technology in city government to increase
excellence in operational efficiency and responsiveness.
The Technology Department consists of four divisions:
Support The support division provides both hardware and software support to all
users of technology in the City of Paducah as well as Joint Sewer Agency. This division
currently provides support to over 315 users and 475 endpoints.
Infrastructure The Technology Department administers and maintains the City
network operations center providing voice and data communications and network
resources to all City departments, and the Joint Sewer Agency. Paducah’s voice and data
network reaches over 20 locations throughout the City interconnected via Paducah
Power’s high-speed fiber optic network. The Paducah Police and Fire Departments’
wireless mobile network, hardware, software, and network infrastructure for 911
operations is administered and maintained by the Technology Department.
Software The Software division is responsible for implementation, deployment, process
improvement analysis, business intelligence and training for all software used by the
City of Paducah and Joint Sewer Agency. This division acts as a liaison between software
as service providers and end users; most notably Tyler Technologies.
Geographic Information Systems The GIS division is responsible for the
administration and maintenance of the City’s geographic information systems and plays
the lead role in the continued operation of the McCracken and Paducah GIS Consortium
(MAP~GIS). This division oversees all GIS software and hardware upgrades, new data
acquisition, web publishing, and mobile app development along with maintenance and
updates to existing geospatial data. Support and training are provided for all City
departments using GIS. This division provides contractual GIS services to McCracken
County and E911. Technical assistance is also shared with Paducah Power, Paducah
Water, Joint Sewer Agency, and McCracken County PVA.
Page 2 of 7
II. Current Environment
Details of the City of Paducah’s technology environment will be disclosed during the
mandatory in-person pre-submission meeting. All attendees will be required to sign a
confidentiality agreement prior to details being disclosed.
III. Scope of Work/Services
In an effort to better understand our current cybersecurity posture and areas for
improvement based on continuous testing, evaluation, and structured assessments; the
City requires the following services to be performed by qualified firms:
Cyber Risk Assessment
Qualified firms shall provide a systematic process aimed at identifying vulnerabilities
and threats within the City of Paducah’s technology environment in order to assess the
likelihood of a security event, and determine potential impact of such occurrence.
The assessment shall also provide recommendations for additional security controls to
address the City of Paducah’s specific challenges and mitigate risks of breaches or other
disruptive incidents.
Vulnerability Scan
Qualified firms shall use computer programs designed to assess computers, networks,
systems, and applications for known weaknesses.
The scan results shall also provide the City of Paducah with insights into corrective
actions, compliance with regulatory frameworks, and recommendations for a strong
cybersecurity posture.
Considerations
The City of Paducah supports public safety departments. All services performed shall
not impact Police, Fire, nor E911 services outside of scheduled maintenance windows.
IV. Project Approach
The Bidder must provide a detailed but concise description of your approach to this
project. This must include a description of the tasks required for each objective and the
time required for their completion. This description should address but is not limited to
the following:
• Provide deliverable dates for each of the major aspects of this project
• Identify any needs from the City to complete the project
Page 3 of 7
• Identify any needs you have to subcontract services
V. Pricing
The City seeks a clear and comprehensive understanding of all costs associated with this
effort. The City will evaluate proposals based on the “Total Cost”. The Proposer’s pricing
should, by line item, identify all costs on a single sheet, with a clearly identified “Total
Cost”. The contract “not to exceed” amount will be based on this “Total Cost”.
VI. Proposal Contents
Proposals, together with letters of transmittal, should include the Bidder’s
description of the work that will be performed and the following information:
• Names, addresses and descriptions of key subcontractors, if any, that your company would
employ and a description of their relevant experience and past performance.
• Any subcontractors must be identified in the bid. The City must know if work is being done
outside of the firm. Please remember that after contract signing the City reserves the right
to approve all subcontractors that were not approved during the RFP process. Denial of a
subcontractor by the City will NOT absolve the bidder from getting the work done for the
contracted price.
• The name of the person in your firm who would be the official contact person for any
contractual relationship.
• At least two comparable previous projects in which the bidder has engaged, with names and
telephone number of contacts with whom the bidder’s previous performance can be
discussed.
• Examples from past projects that reflect the scope that is listed in the scope of work
• A schedule for the work, including the range of start dates to which your firm is prepared to
commit and anticipated completion dates.
• A letter stating that the bidder will supply general liability insurance with the City of
Paducah as an additional insured.
Bidders cannot bid on selected scopes of work/services.
Proposal Submission and Evaluation
Pre-submission meeting:
In order to not inadvertently disclose potential vulnerabilities to would-be attackers,
prospective bidders shall attend a mandatory, in-person, pre-bid meeting where additional
information can be given.
Page 4 of 7
This is the opportunity summary page. It provides an overview of this opportunity and a preview of the attached documentation.
