Explanation
BACKGROUND:
This ordinance authorizes the Director of the Department of Technology (DoT) to enter into a contract with SecureWorks, Inc., for Payment Card Industry Qualified Security Assessor (PCI QSA) services. This contract will provide Payment Card Industry Qualified Security Assessor (PCI QSA) services necessary for the City to demonstrate annual compliance with the Payment Card Industry Data Security Standard (PCI DSS) in 2017, at a cost of $44,550.00 which entails ($10,800.00 for 40 hours of retainer fees at $270.00 per hour and service fees for the PCI Gap Analysis, in the amount of $33,750.00), with a coverage term period of one (1) year from the date of a purchase order certified/confirmed by the Columbus City Auditor's Office.
DoT requires these services in order to comply with Payment Card Industry Data Security Standards (PCI DSS). Complying with PCI DSS requires the City to receive an Attestation of Compliance (AOC) from a Payment Card Industry Qualified Security Assessor. The City's schedule requires submission of the AOC in December 2017.
The Department of Technology (DoT) attempted to process formal bid RFQ005953 but it was not advertised due to an error regarding the entered bid dates. The Department accidentally entered a date that occurred in the past which caused RFQ005953 to not be advertised to the public. Due to the non-bid of RFQ005953, time constraints and the critical need, a quote was requested and received from the vendor SecureWorks, Inc., who previously provided the necessary services. The City's PCI compliance project started with SecureWorks, Inc. in 2013. The City worked closely with SecureWorks to achieve PCI compliance in 2014 and wish to leverage SecureWorks' understanding of the City’s environment and PCI compliance efforts to date to ensure the City’s compliance posture is sustainable.
This ordinance requests a waiver of the competitive bidding requirements of Columbus City Code, in accordance with secti...
Click here for full text