Explanation
BACKGROUND:
This ordinance authorizes the Director of the Department of Technology to enter into an agreement with SecureWorks, Inc., for managed technology security services. DoT requires services from a managed security provider in order to comply with federal and state regulatory requirements. These requirements include IRS tax information security guidelines, federal information processing standards, payment card industry data security standards, and the Health Information Portability and Accountability Act (HIPPA). Complying with these regulations requires advanced expertise and tools not available with current staff and systems.
To procure these systems and services, an Invitation to Bid (ITB) (SA003789) was published in December 2010. The solicitation received three offers to provide managed security services and tools for one year from the date of a purchase order certified by the Columbus City Auditor's Office. SecureWorks was the lowest, responsive and responsible, and best bidder, offering the needed systems and services at a cost of $96,739.02.
SecureWorks will provide the following services as part of this one year agreement: 24x7x365 management of security devices; real-time monitoring, analysis, and response to security events detected on security devices, network assets, servers, databases, and applications; and managed log collection, retention, storage, and reporting to satisfy security and compliance requirements. The SecureWorks services will enable the City to better address technology security issues with one turnkey solution by providing qualified, always-available resources; and a tool to perform reporting functions that prove the City satisfies regulatory requirements.
Resources for this needed service were not included as part of the 2011 budget because DoT did not become aware of the need until after the 2011 budget had already been submitted. Consequently, it has taken some time to adjust the 2011 b...
Click here for full text