Explanation
BACKGROUND:
This ordinance authorizes the Director of the Department of Technology (DoT) to enter into a contract with SecureWorks, Inc., for Payment Card Industry Qualified Security Assessor (PCI QSA) services. This contract will provide Payment Card Industry Qualified Security Assessor (PCI QSA) services necessary for the City to demonstrate annual compliance with the Payment Card Industry Data Security Standard (PCI DSS) in 2017, at a cost of $44,550.00 which entails ($10,800.00 for 40 hours of retainer fees at $270.00 per hour and service fees for the PCI Gap Analysis, in the amount of $33,750.00), with a coverage term period of one (1) year from the date of a purchase order certified/confirmed by the Columbus City Auditor's Office.
DoT requires these services in order to comply with Payment Card Industry Data Security Standards (PCI DSS). Complying with PCI DSS requires the City to receive an Attestation of Compliance (AOC) from a Payment Card Industry Qualified Security Assessor. The City's schedule requires submission of the AOC in December 2017.
The Department of Technology (DoT) attempted to process formal bid RFQ005953 but it was not advertised due to an error regarding the entered bid dates. The Department accidentally entered a date that occurred in the past which caused RFQ005953 to not be advertised to the public. Due to the non-bid of RFQ005953, time constraints and the critical need, a quote was requested and received from the vendor SecureWorks, Inc., who previously provided the necessary services. The City's PCI compliance project started with SecureWorks, Inc. in 2013. The City worked closely with SecureWorks to achieve PCI compliance in 2014 and wish to leverage SecureWorks' understanding of the City’s environment and PCI compliance efforts to date to ensure the City’s compliance posture is sustainable.
This ordinance requests a waiver of the competitive bidding requirements of Columbus City Code, in accordance with section 329 for the approval of the services to be provided by SecureWorks, Inc.
FISCAL IMPACT:
The 2017 cost for the Payment Card Industry Qualified Security Assessor (PCI QSA) services with SecureWorks, Inc. is $44,550.00. Funding for these services are available within the Department of Technology, Information Services Division, Information Services Operating fund.
EMERGENCY:
Emergency action is requested to expedite prompt contract execution and related payment of services.
CONTRACT COMPLIANCE:
Vendor Name: SecureWorks, Inc. C.C.#/FID#: 26 - 2032356 DAX Vendor Acct.#:002260 Expiration Date: 09/01/2019
Title
To authorize the Director of the Department of Technology to enter into a contract with SecureWorks, Inc. for Payment Card Industry Qualified Security Assessor (PCI QSA) services in order to comply with federal and state regulatory requirements; to waive the competitive bidding provisions of Columbus City Code; to authorize the expenditure of $44,550.00 from the Department of Technology, Information Services Division, Information Services Operating fund; and to declare an emergency. ($44,550.00)
Body
WHEREAS, the Department of Technology (DoT) requires services in order to comply with Payment Card Industry Data Security Standards (PCI DSS). Complying with PCI DSS requires the City to receive an Attestation of Compliance from a Payment Card Industry Qualified Security Assessor. The City's schedule requires submission of the AOC in December 2017; and
WHEREAS, this ordinance authorizes the Director of the Department of Technology (DoT) to enter into a contract with SecureWorks, Inc., for Payment Card Industry Qualified Security Assessor (PCI QSA) services. This contract will provide Payment Card Industry Qualified Security Assessor (PCI QSA) services necessary for the City to demonstrate annual compliance with the Payment Card Industry Data Security Standard (PCI DSS) in 2017, at a cost of $44,550.00, which entails ($10,800.00 for 40 hrs. of retainer fees at $270.00 per hour and service fees for the PCI Gap Analysis, in the amount of $33,750.00), with a coverage term period one (1) year from the date of a purchase order certified/confirmed by the Columbus City Auditor's Office; and
WHEREAS, the Department of Technology (DoT) attempted to process formal bid RFQ005953 but it was not advertised due to an error regarding the entered bid dates. The Department accidentally entered a date that occurred in the past which caused RFQ005953 to not be advertised to the public. Due to the non-bid of RFQ005953, time constraints and the critical need, a quote was requested and received from the vendor SecureWorks, Inc., who previously provided the necessary services. The City's PCI compliance project started with SecureWorks, Inc. in 2013. The City worked closely with SecureWorks to achieve PCI compliance in 2014 and wishes to leverage SecureWorks understanding of the City’s environment and PCI compliance efforts to date to ensure the City’s compliance posture is sustainable; and
WHEREAS, this ordinance requests a waiver of the competitive bidding requirements of Columbus City Code, in accordance with section 329 for the approval of the services to be provided by SecureWorks, Inc.; and
WHEREAS, an emergency exists in the usual daily operations of the City of Columbus, Department of Technology, in that it is immediately necessary to authorize the Director to enter into a contract with SecureWorks, Inc., for Payment Card Industry Qualified Security Assessor (PCI QSA) services, and to authorize this expenditure or so much thereof as required, thereby preserving the public health, peace, property, safety, and welfare; now, therefore:
BE IT ORDAINED BY THE COUNCIL OF THE CITY OF COLUMBUS:
SECTION 1: That the Director of the Department of Technology be and is hereby authorized to enter into a contract with SecureWorks, Inc., for Payment Card Industry Qualified Security Assessor (PCI QSA) services, at a cost of $44,550.00, which entails ($10,800.00 for 40 hrs. of retainer fees at $270.00 per hour and service fees for the PCI Gap Analysis, in the amount of $33,750.00), with a coverage term period of one (1) year from the date of a purchase order certified/confirmed by the Columbus City Auditor's Office.
SECTION 2: That the expenditure of $44,550.00 or so much thereof as may be necessary is hereby authorized to be expended from: (see attachment 2304-2017 EXP)
Dept.: 47| Div.: 47-02|Obj Class: 03 |Main Account: 63050|Fund: 5100|Sub-fund: 510001|Program:IT013|Section 3:470201| Section 4:IT04|Amount: $33,750.00| {services fee}
Dept.: 47| Div.: 47-02|Obj Class: 03 |Main Account: 63050|Fund: 5100|Sub-fund: 510001|Program:IT013|Section 3:470201| Section 4:IT04|Amount: $10,800.00| {retainer fee}
SECTION 3: That the City Auditor is authorized to make any accounting changes to revise the funding source for all contracts or contract modifications associated with this ordinance.
SECTION 4: That the funds necessary to carry out the purpose of this ordinance are hereby deemed appropriated, and the City Auditor shall establish such accounting codes as necessary.
SECTION 5: That this Council finds it in the City's best interests to waive the competitive bidding provisions of Columbus City Code, Chapter 329.
SECTION 6: That for the reasons stated in the preamble hereto, which is hereby made a part hereof, this ordinance is hereby declared to be an emergency measure and shall take effect and be in force from and after its passage and approval by the Mayor, or ten days after passage if the Mayor neither approves nor vetoes the same.