REPORT TO THE CITY COUNCIL
May 24, 2018
FROM: BRYON HORN, Chief Information Officer
Information Services Department
SUBJECT
Title
Approve Consultant Services Agreement with Optiv Security Inc. for an annual comprehensive perimeter test and security strategy assessment update in an amount not to exceed $56,000, in accordance with purchasing procedures from cooperative agreements as set forth in Administrative Order 3-1.
Body
RECOMMENDATION
It is recommended that Council approve the Consultant Services Agreement between the City of Fresno (City) and Optiv Security Inc. (Optiv). The agreement provides for services to perform an annual comprehensive perimeter test and security strategy assessment update. The cost of the service will not exceed $56,000. In accordance with Administrative Order 3-1, the services are being priced from a cooperative purchase agreement, California Multiple Award Schedules (CMAS).
EXECUTIVE SUMMARY
Cyber security is becoming more complex and prevalent in our daily lives. The Information Services Department (ISD) is responsible for protecting all of the City’s information systems and data. During January 2015, an initial security assessment was performed by Accuvant, Inc., (Accuvant) which contained several recommendations for implementing a more protective, yet business-aligned security program for the City. The Accuvant assessment gave an outside perspective and compared the City’s security standards with industry standards. In that assessment, Accuvant recommended that the City conduct a penetration test to ensure the City’s cyber health. In August 5, 2015, Accuvant and FishNet Security merged to form Optiv Security, Inc. Since then, the City has retained its relationship with the company for its security needs.
In the Single Audit report which was conducted by Brown Armstrong as part of the Comprehensive Annual Financial Report, it was also recommended that the City conduct annual penetration tests. Penetration tests are considered best practice and are generally completed each year by a qualified third party. This agreement between the City and Optiv will fulfill that request. The last penetration test for the City was completed in 2017.
BACKGROUND
In order to ensure the security of municipal network systems, security assessments, audits and intrusion, penetration tests are required. The Accuvant January 2015, security assessment and risk assessment allowed us to gain a perspective on implemented security provisions. The execution of the assessment included understanding the City’s mission, vision and culture including meeting with each Department, to understand their business function as well as identify viable risks. From this understanding, a deliverable was created in the form of a confidential report that was presented to the City and outlined risk factors as well as provided recommendations on future security provisions. On June 14, 2017, City entered into an agreement with Optiv to conduct its annual penetration test and assessment. Several of these recommendations have been implemented and a follow up security strategy assessment and annual penetration test is due in Fiscal Year 2018.
ENVIRONMENTAL FINDINGS
The approval of this purchase is not a project for the purposes of the California Environmental Quality Act.
LOCAL PREFERENCE
Local preference was not implemented because Optiv is uniquely qualified.
FISCAL IMPACT
Funding for this purchase is appropriated in the Fiscal Year 2018 Budget; therefore, no additional funds are required.
Attachments:
Consultant Services Agreement
Uniquely Qualified Memo