Proposal Alert
Expired RFI

Request for Information – Cybersecurity

Silicon Valley Clean Energy Authority seeks information on cybersecurity risk assessment and preparedness frameworks tailored to community choice aggregation utilities, covering governance, access controls, data loss prevention, vendor management, incident response, and privacy practices. SVCEA is building a roadmap across nine core security domains—from vulnerability management and patch controls to board-level oversight and employee training—to address emerging regulatory requirements and protect customer data and critical utility assets. Consultants should submit best-practice approaches and commentary on how these security controls are implemented in electric utility and CCA environments.

Silicon Valley Clean Energy (SVCE) CA

Important dates

  • Submission deadline

    Deadline passed

AI overview

Silicon Valley Clean Energy Authority (SVCEA) is seeking information on how an interested consultant could identify cybersecurity risks and assess cybersecurity preparedness in the community choice aggregation sector. The RFI focuses on multiple areas: (1) Governance and Risk Assessment - best practices for evaluating cybersecurity risks, controls, and risk assessment processes specifically for Electric Utility and CCA businesses, including senior management and board involvement; (2) Access Rights and Controls - controls to prevent unauthorized access to systems and information, including management of user credentials, authentication, authorization methods, remote access, passwords, network segmentation and tiered access; (3) Data Loss Prevention - robust controls in patch management and system configuration, monitoring content transferred outside the agency, unauthorized data transfers, and verification of customer fund transfer requests; (4) Vendor Management - practices and controls related to vendor management including due diligence in vendor selection, monitoring and oversight, contract terms, and assessment of vendor relationships as part of risk assessment; (5) Training - training tailored to specific job functions to encourage responsible employee and vendor behavior, integration of incident response procedures into personnel and vendor training; (6) Incident/Management Response - best practices for policies, assigned roles, vulnerability assessments, and plans to address future events, including identification of data, assets, and services warranting most protection; (7) Security Policies - development and maintenance; (8) Security Framework - containing standards, procedures, and measurement; (9) Vulnerability Management - monitoring, alerting and remediation; (10) Privacy - framework for creating transparency and cybersecurity roadmap for building and leveraging current attention and focus around personal data and information security as new regulations emerge. Responders should provide information and commentary on best practices in these areas.

Resources & contact

Proposal Document

View proposal document

Unlock Full Access to Utility Proposals

You're viewing past opportunities. Start a free trial to see active RFPs right now, filter by your utilities, and get real-time alerts — no credit card required.

Sign Up Free

Already have an account? Log in

Back to proposals