1. Project Objectives a. Identify and assess the overall security risks and vulnerabilities to include determining Facility Security Level (FSL) associated with each facility listed in Appendix E attached to this RFP; b. Recommend options to mitigate and remediate each of the identified risks and vulnerabilities; c. Produce a Security Risk Assessment and Vulnerability Assessment Report; d. Produce schematic design(s) for recommended physical improvements to building and surrounding site area facility; and e. Provide a security plan and an emergency operation plan for each facility. 2. Task 1 – Facility Security Level (FSL) Assessment a. The contractor shall conduct a FSL Assessment on each of the 39 facilities listed in Appendix E. The FSL Assessment will correspond to a level of risk that relates directly to a Level of Protection (LOP) and associated set of baseline security measures. The integration of the Physical Security Criteria (PSC) is predicted on an FSL designation. b. The FSL is based on the analysis of security-related facility factors listed below, which then serve as the basis for the implementation of certain protective measures specified in the Facility Security Management Process. i. Mission Criticality ii. Symbolism iii. Facility Population iv. Facility Size v. Threats to Facilities 3. Task 2 – Security Risk and Vulnerability Assessments and Recommendations a. The contractor shall: i. Provide a thorough review and evaluation of all aspects of the physical security features of the listed facilities to identify risks. ii. Provide FSL assessments in accordance with the Facility Security Management Process, which shall (1) identify security related threats from internal and external sources during and after operating hours, (2) identify critical assets, (3) identify security scenarios on which to base the security program, (4) analyze vulnerabilities, (5) assess impacts of threat scenarios, (6) identify actions that mitigate risk, and (7) provide an analysis of mitigation actions using a risk matrix scoring approach with risk scores that consider likelihood and severity of impacts. iii. Review listed facilities security systems, as well as court and security operational policies and procedures that impact safety and security and provide recommendations. Recommendations shall include, any physical changes, equipment recommendations, upgrades, associated estimates, and any recommended changes to policies and procedures. Recommendations shall be aligned with all building and fire codes and security best practices. iv. Cyber-terrorism threats are not included in the scope of this RFP. IT, computer, and communication systems will only be reviewed to the extent as they interconnect with physical access: cyber-physical convergence vulnerabilities. v. Produce and deliver written Security Risk Assessment and Security Vulnerability Assessment Reports for each of the 39 facilities identified in Appendix E. The reports shall detail findings and present a summary of recommended solutions to address identified risks and vulnerabilities. The reports shall include: A. Identification of multiple solutions for identified risks and/or vulnerabilities. B. A cost estimate for implementation of all recommended solutions. C. A prioritized implementation plan and timeline for all recommendations. D. Identification and documentation of any federal funding opportunities that may be available to assist with implementation of recommendations. vi. The Physical Security Risk Assessment Report shall be presented in the following format: A. Site Information B. Site Description C. Methodology D. Approach E. Facility Security Level Determination F. Risk and Vulnerability Assessment Information and findings. vii. The Security and Vulnerability Assessment Report shall include: A. Site Vulnerabilities and the Corresponding Options for Consideration grouped in the following categories: a. Security, Safety and Resilience Management b. Security Force, including but not limited operational risks c. Risks associated with court operations and procedures d. Alerting and Notification e. Perimeter Security f. Parking, Barriers, and Standoff g. Access Control/ Entry control h. Building Envelope i. Electronic Security Systems j. Illumination. viii. Draft Security Risk Assessment and Vulnerability Assessment Reports shall be submitted electronically to the AOC project manager identified in the contract in both Word and PDF formats. ix. Security Risk Assessment and Vulnerability Assessment Reports shall be submitted withing (10) business days after each site assessment is complete. The final version of the reports shall be submitted no later than (5) business days after the New Hampshire Judicial Branch completes its internal review and editing process and the contractor has answered all questions. x. Security Risk Assessment and Vulnerability Assessment Reports and any work product shall be considered property of the New Hampshire Judicial Branch, and the contractor shall maintain a non-disclosure agreement. xi. The contractor shall provide in-person presentations regarding the assessment and reports for seven (7) of the thirty-nine (39) facilities identified by the New Hampshire Judicial Branch, including the supreme court, two superior courts (selected by the Chief Justice of the Superior Court in consultation with the Assistant Director – Safety and Security), three circuit courts (selected by the Administrative Judge of the Circuit Court in consultation with the Assistant Director – Safety and Security) and the Administrative Office of the Courts. The presentations will be held at the Administrative Office of the Courts, One Granite Place in Concord, NH.
