Title
a. Authorize the Chief Information Officer of the Information Technology Department or his designee to execute Amendment No. 5 to the non-standard End User Agreement with Qualys, Incorporated for the Qualys Cloud Platform security network tool extending the term through June 30, 2024, and increasing the contract amount by the amount of $142,010 for a not to exceed Agreement of $1,079,700 to continue network analysis services; and
b. Accept non-standard language as recommended by the Chief Information Officer; and
c. Authorize the Chief Information Officer or his designee the option to extend the agreement up to three (3) future renewals, extending the term by one (1) year each, through July 17, 2027 and sign associated order forms provided that additional total cost do not exceed 10% of the previous renewal contract amount, bringing the potential overall Agreement aggregate Not to Exceed amount to $1,596,759.
Report
RECOMMENDATION:
It is recommended that the Board of Supervisors:
a. Authorize the Chief Information Officer of the Information Technology Department or his designee to execute Amendment No. 5 to the non-standard End User Agreement with Qualys, Incorporated for the Qualys Cloud Platform security network tool extending the term through June 30, 2024, and increasing the contract amount by the amount of $142,010 for a not to exceed Agreement of $1,079,700 to continue network analysis services; and
b. Accept non-standard language as recommended by the Chief Information Officer; and
c. Authorize the Chief Information Officer or his designee the option to extend the agreement up to three (3) future renewals, extending the term by one (1) year each, through July 17, 2027 and sign associated order forms provided that additional total cost do not exceed 10 percent (10%) of the previous renewal contract amount, bringing the potential overall Agreement aggregate Not to Exceed amount to $1,596,759.
SUMMARY:
Amendment No. 5 to this Agreement with Qualys, Inc. will continue to provide for an information security vulnerability, identification, and remediation system to provide vulnerability management services for the County’s use. This service assists the County in identifying new software and service vulnerabilities immediately and proactively remediate them to protect County information assets against attack.
DISCUSSION:
Qualys Cloud Platform scanning tool and service provides the Information Technology Department with the on-demand ability to scan County-wide Information Technology (IT) assets for information security vulnerabilities and compare them against an industry-leading knowledge base of vulnerabilities with a 99.999% accuracy rate. In computer security, the word vulnerability refers to a weakness in a system that can allow an attacker to violate the confidentiality, integrity, availability, or audit mechanism of a system or the data and applications it hosts. Vulnerabilities often result from ‘bugs’ or design flaws in a system. The Qualys tool provides the County with the results of such scans, including detailed reports with verified remediation actions to be undertaken by County staff supporting administrative, legal, health, finance, and social service systems.
This Agreement is for a renewal of the County’s existing service with the vendor.
The non-standard provisions in the End User Agreement previously approved by the Board are not changed by proposed Amendment No. 5. The Chief Information Officer recommends that the Board approve Amendment No. 5 to avoid disruption of the County’s network security system.
OTHER AGENCY INVOLVEMENT:
County Counsel has reviewed the non-standard End User Agreement and amendments with Qualys, Incorporated and approves as to legal form. Auditor-Controller’s Office reviewed the contract but does not agree to the non-standard payment provisions.
FINANCING:
The funds for the current fiscal year are included in the FY23-24 Adopted Budget for the Information Technology Department, ITD 1930, Appropriations Unit INF002. Fund requirements for future years will be included in all future year budget submittals.
BOARD OF SUPERVISORS STRATEGIC INITIATIVES:
The execution of the proposed Qualys, Incorporated Amendment furthers the efficient support of County business by enabling the County to continue robust solutions for Information Technology, security, and compliance services.
__Economic Development
X Administration
X Health & Human Services
X Infrastructure
X Public Safety
Prepared by: Sandra Shaffer, Management Analyst III, 759-5798
Approved by:
____________________________ Date: _________________
Eric A. Chatham, Chief Information Officer, 759-6920
Attachments:
Qualys Agreement
Qualys Quote
Qualys Amendments No. 1-4
Qualys Amendment No. 5
Qualys Cost Worksheet