Security Control Centre IT Modernization Project

The Department of National Defence is seeking a fully supported, cloud-based Security Centre Software as a Service solution to replace the existing on-premises Genetec Security Center system at the Royal Military College of Canada in Kingston, Ontario. The solution must integrate 189 cloud-enabled cameras and a Power over Ethernet voice mass notification system while supporting all existing access control devices, cameras, and call boxes. Critical technical requirements include seamless synchronization with RMC’s Oracle Identity Management system using RMC ID numbers as the unique identifier, implementation of a web-based visitor management application, and full compliance with Canadian data residency laws—all data including video, logs, identities, and backups must be stored and processed exclusively within government-approved Canadian cloud regions. The offering must support Protected A and Protected B information classifications, adhere to the Privacy Act and Government of Canada accessibility standards, and be provided in English at a minimum. The contractor must deliver a comprehensive implementation plan, conduct bi-weekly progress reviews via MS Teams, and guarantee 99.9% monthly system uptime excluding scheduled maintenance windows, with incident response times of one hour for critical (P1), four hours for high (P2), and one business day for medium (P3) issues. The procurement is restricted to Canadian suppliers or those from applicable trading partners, with mandatory compliance with reciprocal procurement policies and proactive disclosure of engagements with former public servants. All proposed personnel must hold a Government of Canada Secret Security Clearance, and the contractor must meet rigorous IT security and privacy obligations, including certifications for ISO/IEC 27001:2013, ISO/IEC 27017:2015, SOC 2 Type II, and ISO/IEC 27018:2014, which must be maintained throughout the contract term with annual updates. The solution must also demonstrate adherence to the Information Technology Security Requirements for Protected B and flow down all security and privacy obligations to subcontractors. Environmentally preferable packaging is mandatory, requiring all materials to be reusable, returnable, or recyclable, with tape excluded from this requirement. The contract has an initial one-year term with an option for three additional one-year extensions, subject to written notice 30 days prior to expiration. The evaluation is based on a weighted score of 70% for technical merit and 30% for price, with mandatory pass/fail gates: failure to meet any mandatory requirement or achieving less than 60 out of 100 technical points results in dis