Explanation
BACKGROUND:
This ordinance authorizes the Director of the Department of Technology to renew and modify an agreement with SecureWorks, Inc., for managed technology security services. The original agreement (EL011963) was authorized by ordinance 0818-2011, passed June 13, 2011. The agreement was most recently renewed and modified by authority of ordinance 1192-2013, passed July 1, 2013, through purchase orders EL014687 and EL014754. This renewal will provide service for the period August 26, 2014 through August 25, 2015, at a cost of $177,865.83.
This ordinance will also authorize a contract modification in the amount of $111,347.24. This cost includes:
· $627.24 which is a net amount of ($2,359.26 actual charge for additional security log retention required to accommodate the addition of Police servers and network minus a credit of $1,732.02 to be applied from purchase order EL014687. This will provide service for the period June 1, 2014 to August 25, 2014. The additional cost (for a full year of service) is $10,098.70, which is reflected in the renewal for the period August 26, 2014 to August 25, 2015.
· $43,200.00 for security consulting services needed to assist the City with Payment Card Industry (PCI) compliance. This will provide service for up to one year from the date of a certified purchase order.
· $67,520.00 for web application security testing, also needed to assist the City with PCI compliance. This will also provide service for up to one year from the date of a certified purchase order.
As neither the incorporation of Police technology nor the need for additional PCI compliance was known at the time of the original agreement, the need for these additional services was not foreseen. As SecureWorks technology and services are already imbedded within the City's technology infrastructure, it is not in the City's best interests to procure additional service through alternate procurement methods; doing so with another vendor would involve significant additional and unnecessary transition costs. Also, there is an immediate need to obtain security consulting services to meet PCI compliance requirements. The cost of the additional service was negotiated with SecureWorks.
DoT requires services from a managed security provider in order to comply with federal and state regulatory requirements. These requirements include IRS tax information security guidelines, federal information processing standards, payment card industry data security standards, and the Health Information Portability and Accountability Act (HIPPA). Complying with these regulations requires advanced expertise and tools not available with current staff and systems.
SecureWorks was awarded a contract through their amended offer to solicitation SA003789. That agreement included provisions for annual renewal, subject to mutual agreement and approval of proper City authorities. It is not in the City's best interests to procure this service through competitive procurement, as transitioning to another vendor would entail significant start-up costs already incurred with the existing vendor. Furthermore, there is an immediate need to obtain service to assist the City with PCI compliance. As such, this ordinance requests a waiver of competitive bidding requirements of Columbus City Code, in accordance with section 329.27.
FISCAL IMPACT:
In 2012 and 2013, the Department of Technology legislated $140,376.32 and $179,132.50 with SecureWorks, Inc. for managed technology security services. This year (2014), the cost for the renewal and modification of managed technology security services with SecureWorks, Inc. is $289,213.07. Funding for these services was budgeted and is available within the Department of Technology, Information Services Division, internal services fund. The aggregate contract total including this renewal is $705,460.91.
EMERGENCY:
Emergency action is requested to expedite authorization of these contracts for critical technology security services.
CONTRACT COMPLIANCE:
Vendor Name: SecureWorks, Inc. C.C.#/FID#: 26 - 2032356 Expiration Date: 4/26/2015
Title
To authorize the Director of the Department of Technology to renew and modify an agreement with SecureWorks, Inc. to provide managed technology security services in order to continue compliance with federal and state regulatory requirements; to waive the competitive bidding provisions of Columbus City Code; to authorize the expenditure of $289,213.07 from the Department of Technology, Information Services Division, internal service fund; and to declare an emergency. ($289,213.07)
Body
WHEREAS, the Department of Technology (DoT) requires services from a managed security provider in order to comply with federal and state regulatory requirements; these requirements include IRS tax information security guidelines, federal information processing standards, payment card industry data security standards, and the Health Information Portability and Accountability Act (HIPPA); and
WHEREAS, this ordinance authorizes the Director of the Department of Technology to renew an agreement with SecureWorks, Inc., for managed technology security services for the period August 26, 2014 through August 25, 2015, at a cost of $177,865.83; and
WHEREAS, this ordinance will also authorize a contract modification in the amount of $111,347.24. This cost includes: $2,359.26 for additional security log retention required to accommodate the addition of Police servers and network. Also, a credit of $1,732.02 is being applied from purchase order EL014754 making the net amount $627.24 with a service term period of June 1, 2014 to August 25, 2014; $43,200.00 for security consulting services needed to assist the City with Payment Card Industry (PCI) compliance, and $67,520.00 for web application security testing, also needed to assist the City with PCI compliance. The term period for these two services will be one year from the date of a certified purchase order; and
WHEREAS, this ordinance requests approval of the services provided by SecureWorks, Inc., and to waive the competitive bidding provisions of Columbus City Code, Section 329; and
WHEREAS, an emergency exists in the usual daily operation of the Department of Technology in that it is immediately necessary to renew and modify an agreement with SecureWorks, Inc. for critical managed technology security services, and to authorize this expenditure or so much thereof as required, thereby preserving the public health, peace, property, safety, and welfare; now, therefore:
BE IT ORDAINED BY THE COUNCIL OF THE CITY OF COLUMBUS:
SECTION 1: That the Director of the Department of Technology be and is hereby authorized to renew and modify an agreement with SecureWorks, Inc. for managed technology security services, with an associated coverage term period from August 26, 2014 through August 25, 2015, in the amount of $177,865.83. This ordinance will also authorize a contract modification in the amount of $111,347.24, with a coverage term period of June 1, 2014 to August 25, 2014 for the additional security log retention and one year from the date of a certified purchase order for the PCI security consulting services and web application security testing. The total amount of funding being requested via this ordinance is $289,213.07.
SECTION 2: That the expenditure of $289,213.07 or so much thereof as may be necessary is hereby authorized to be expended from:
Div.: 47-02|Fund: 514| Subfund 001|OCA Code: 472415|Obj. Level 1: 03|Obj. Level 3: 3336|Amount: $177,865.83
Div.: 47-02|Fund: 514| Subfund 001|OCA Code: 472415|Obj. Level 1: 03|Obj. Level 3: 3336|Amount: $627.24
Div.: 47-02|Fund: 514| Subfund 001|OCA Code: 472415|Obj. Level 1: 03|Obj. Level 3: 3336|Amount: $43,200.00
Div.: 47-02|Fund: 514| Subfund 001|OCA Code: 472415|Obj. Level 1: 03|Obj. Level 3: 3336|Amount: $67,520.00
SECTION 3: That the City Auditor is authorized to make any accounting changes to revise the funding source for all contracts or contract modifications associated with this ordinance.
SECTION 4: That the funds necessary to carry out the purpose of this ordinance are hereby deemed appropriated, and the City Auditor shall establish such accounting codes as necessary.
SECTION 5: That this ordinance authorizes a renewal and modification agreement between SecureWorks, Inc. and the Department of Technology, on behalf of the City of Columbus, and to waive the competitive bidding provisions of Columbus City Code, Section 329.
SECTION 6: That for the reasons stated in the preamble hereto, which is hereby made a part hereof, this ordinance is hereby declared to be an emergency measure and shall take effect and be in force from and after its passage and approval by the Mayor, or ten days after passage if the Mayor neither approves nor vetoes the same.