Business Impact Analysis (BIA) and Disaster Recovery Plan (DRP) Development

The Department of Juvenile Justice (“the Department”) is seeking proposals from qualified vendors to conduct a comprehensive Business Impact Analysis (BIA) and develop a robust Disaster Recovery Plan (DRP). This engagement aims to identify and prioritize mission-critical functions, assess the potential impacts of business interruptions, and establish an actionable recovery framework that ensures operational continuity following a disruption.

This scope of work is for the vendor to perform the following:  1) Identify critical business operations and their dependencies. 2) Determine the impact of various disruption scenarios. 3) Establish Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs). 4) Develop a Disaster Recovery Plan (DRP) that aligns with regulatory requirements. 5) Ensure compliance with cybersecurity and business continuity policies. 6) Recommend and document recovery strategies and plans for IT systems. 7) Validate the feasibility of the DRP through simulation or testing.  These efforts aim to enhance organizational resilience, identify critical functions, and prepare response strategies for potential disruptions while protecting the agency's and customers' interests. The BIA and DRP should align with the requirements specified in Chapters 60GG-2.001 through 60GG-2.006, F.A.C., known as the State of Florida Cybersecurity Standards (SFCS). (Current chapter 60GG-2001(1)(a), F.A.C). , NIST Cybersecurity Framework (CSF) 2.0 (February 2024)

This scope of work will begin on 8/1/2025 or the date the purchase order is issued, whichever is later. It will end at midnight, Eastern Time on February 28, 2026.  The State of Florida’s performance and obligation to pay under this purchase order and any subsequent renewal is contingent upon annual appropriation by the Legislature and satisfactory performance of the Contractor.

See attached Scope of Work for additional information.