Explanation
BACKGROUND:
This ordinance authorizes the Director of the Department of Technology to renew and modify an agreement with SecureWorks, Inc., for managed technology security services. The original agreement (EL011963) was authorized by ordinance 0818-2011, passed June 13, 2011. The agreement was most recently renewed and modified by authority of ordinance 0719-2014, passed April 28, 2014, through purchase order EL015741. This renewal will provide service for the period August 26, 2015 through August 25, 2016, at a cost of $172,229.45.
This ordinance will also authorize a contract modification in the amount of $112,303.89. This cost includes:
• $1,515.62 to consolidate an existing annual PCI scan subscription on behalf of City Treasurer's office. This will provide service from 08/26/2015 through 08/25/2016.
• $43,188.27 for managed and monitoring service to the Next Generation Firewall. This will also provide service for one from the date of implementation to be noted on the certified purchase order.
• $8,240.00 for wireless network testing. This will provide service for up to one year from the date of a certified purchase order.
• $11,520.00 for security consulting services needed to assist the City with Payment Card Industry (PCI) compliance. This will provide service for up to one year from the date of a certified purchase order.
• $47,840.00 for web application security testing, also needed to assist the City with PCI compliance. This will also provide service for up to one year from the date of a certified purchase order.
1.1 Amount of additional funds to be expended: $112,303.89
The original contract amount and subsequent years 2 - 5 total: $708,006.36
Modification #1 (2012) total: $58,336.76
Modification #2 (2014) total: $111,347.24
Modification #3 (2015) total: $112,303.89
Total: $989,994.25
1.2 Reason additional goods/services could not be foreseen:
Neither the incorporation of Police technology, the need for PCI compliance, additional firewall services, nor consulting and testing services was known at the time of the original agreement. These additional services was not foreseen.
1.3 Reason other procurement processes are not used:
As SecureWorks technology and services are already imbedded within the City’s technology infrastructure, it is not in the City’s best interests to procure additional service through alternate procurement methods; doing so with another vendor would involve significant additional and unnecessary transition costs. Also, there is an immediate need to obtain security consulting services to meet PCI compliance requirements.
DoT requires services from a managed security provider in order to comply with federal and state regulatory requirements. These requirements include IRS tax information security guidelines, federal information processing standards, payment card industry data security standards, and the Health Information Portability and Accountability Act (HIPPA). Complying with these regulations requires advanced expertise and tools not available with current staff and systems.
1.4 How cost of modification was determined:
The cost of the additional services was negotiated with SecureWorks.
SecureWorks was awarded a contract through their amended offer to solicitation SA003789 authorized under Ordinance 0818-2011, passed June 13, 2011 . That agreement included provisions for annual renewal, subject to mutual agreement and approval of proper City authorities. It is not in the City's best interests to procure this service through competitive procurement, as transitioning to another vendor would entail significant start-up costs already incurred with the existing vendor. Furthermore, there is an immediate need to obtain service to assist the City with PCI compliance. As such, this ordinance requests a waiver of competitive bidding requirements of Columbus City Code, in accordance with section 329.
FISCAL IMPACT:
In 2013 and 2014, the Department of Technology legislated $179,132.50 and $289,213.07 respectively with SecureWorks, Inc. for managed technology security services. This year (2015), the cost for the renewal and modification of managed technology security services with SecureWorks, Inc. is $284,533.34. Funding for these services are available within the Department of Technology, Information Services Division, internal services fund. The aggregate contract total including this renewal is $989,994.25.
CONTRACT COMPLIANCE:
Vendor Name: SecureWorks, Inc. C.C.#/FID#: 26 - 2032356 Expiration Date: 05/21/2017
Title
To authorize the Director of the Department of Technology to renew and modify an agreement with SecureWorks, Inc. to provide managed technology security services in order to continue compliance with federal and state regulatory requirements; to waive the competitive bidding provisions of Columbus City Code; and to authorize the expenditure of $284,533.34 from the Department of Technology, Information Services Division, internal service fund. ($284,533.34)
Body
WHEREAS, the Department of Technology (DoT) requires services from a managed security provider in order to comply with federal and state regulatory requirements; these requirements include IRS tax information security guidelines, federal information processing standards, payment card industry data security standards, and the Health Information Portability and Accountability Act (HIPPA); and
WHEREAS, this ordinance authorizes the Director of the Department of Technology to renew an agreement with SecureWorks, Inc., for managed technology security services for the period August 26, 2015 through August 25, 2016, at a cost of $172,229.45; and
WHEREAS, this ordinance will also authorize a contract modification in the amount of $112,303.89. This cost includes the following: $1,515.62 for an annual PCI scan subscription on behalf of City Treasurer's office, $43,188.27 for managed and monitoring services for the Next Generation Firewall, $8,240.00 for wireless network testing, $11,520.00 for security consulting services needed to assist the City with Payment Card Industry (PCI) compliance, and $47,840.00 for web application security testing, also needed to assist the City with PCI compliance. The term period for these are as identified in the background and Section 1of this ordinance; and
WHEREAS, this ordinance requests approval of the services provided by SecureWorks, Inc., and to waive the competitive bidding provisions of Columbus City Code, Chapter 329; and
WHEREAS, it is necessary to renew and modify an agreement with SecureWorks, Inc. for critical managed technology security services, and to authorize this expenditure or so much thereof as required, thereby preserving the public health, peace, property, safety, and welfare; now, therefore:
BE IT ORDAINED BY THE COUNCIL OF THE CITY OF COLUMBUS:
SECTION 1: That the Director of the Department of Technology be and is hereby authorized to renew an agreement with SecureWorks, Inc. for managed technology security services, with an associated coverage term period from August 26, 2015 through August 25, 2016, in the amount of $172,229.45 and to modify the agreement with SecureWorks, Inc. in the amount of $112,303.89, with a coverage term period of one year from the date of a certified purchase order for the wireless network testing, PCI security consulting services and web application security testing, one (1) year from date of implementation of the Next Generation Firewall and a one year term period of August 26,2015 through August 25,2016 for PCI scan subscription. The total amount of funding being requested via this ordinance is $284,533.34.
SECTION 2: That the expenditure of $284,533.34 or so much thereof as may be necessary is hereby authorized to be expended from:
Div.: 47-02|Fund: 514| Subfund 001|OCA Code: 472415|Obj. Level 1: 03|Obj. Level 3: 3336|Amount: $172,229.45
Div.: 47-02|Fund: 514| Subfund 001|OCA Code: 472415|Obj. Level 1: 03|Obj. Level 3: 3336|Amount: $1,515.62
Div.: 47-02|Fund: 514| Subfund 001|OCA Code: 472415|Obj. Level 1: 03|Obj. Level 3: 3336|Amount: $43,188.27
Div.: 47-02|Fund: 514| Subfund 001|OCA Code: 472415|Obj. Level 1: 03|Obj. Level 3: 3336|Amount: $8,240.00
Div.: 47-02|Fund: 514| Subfund 001|OCA Code: 472415|Obj. Level 1: 03|Obj. Level 3: 3336|Amount: $11,520.00
Div.: 47-02|Fund: 514| Subfund 001|OCA Code: 472415|Obj. Level 1: 03|Obj. Level 3: 3336|Amount: $47,840.00
SECTION 3: That the City Auditor is authorized to make any accounting changes to revise the funding source for all contracts or contract modifications associated with this ordinance.
SECTION 4: That the funds necessary to carry out the purpose of this ordinance are hereby deemed appropriated, and the City Auditor shall establish such accounting codes as necessary.
SECTION 5: That this Council finds it in the City's best interests to waive the competitive bidding provisions of Columbus City Code, Chapter 329.
SECTION 6: That this ordinance shall take effect and be in force from and after the earliest period allowed by law.