File #: 13-1141    Name: SSL Certificates
Type: General Agenda Item Status: Passed
File created: 10/23/2013 In control: Board of Supervisors
On agenda: 11/5/2013 Final action: 11/5/2013
Title: a. Approve and authorize the purchase of individual Security Socket Layer Certificates by the Information Technology Department for the provision of secure connectivity from a web server to a browser for county users accessing County data in a yearly amount not to exceed a combined total of $25,000; b. Accept non-standard terms and conditions that accompany Security Socket Layer Certificate purchases as recommended by the Director of Information Technology; and c. Authorize the Contracts/Purchasing Officer to issue individual purchase orders as requested by the Information Technology Department for the purchase of separate Security Socket Layer Certificates not to exceed a combined total of $25,000.
Attachments: 1. Attachment I_Non-Exclusive Sample of Entities, 2. Completed Board Order
Title
a. Approve and authorize the purchase of individual Security Socket Layer Certificates by the Information Technology Department for the provision of secure connectivity from a web server to a browser for county users accessing County data in a yearly amount not to exceed a combined total of $25,000;
b. Accept non-standard terms and conditions that accompany Security Socket Layer Certificate purchases as recommended by the Director of Information Technology; and
c. Authorize the Contracts/Purchasing Officer to issue individual purchase orders as requested by the Information Technology Department for the purchase of separate Security Socket Layer Certificates not to exceed a combined total of $25,000.
 
Report
RECOMMENDATION:
It is recommended that the Board of Supervisors:
 
a.      Approve and authorize the purchase of individual Security Socket Layer SSL Certificates by the Information Technology Department for the provision of secure connectivity from a web server to a browser for county users accessing County data in a yearly amount not to exceed a combined total of $25,000;
b.      Accept non-standard terms and conditions that accompany Security Socket Layer Certificate purchases as recommended by the Director of Information Technology; and
c.      Authorize the Contracts/Purchasing Officer to issue individual purchase orders as requested by the Information Technology Department for the purchase of separate Security Socket Layer Certificates not to exceed a combined total of $25,000.
 
SUMMARY/DISCUSSION:
Security Socket Layer (SSL) certificates are small data files that digitally bind a cryptographic key to an organization's details.  When installed on a web server, it allows secure connections from a web server to a user's browser.  The SSL certificates are installed on the County's web server to initiate secure sessions for authorized users accessing county data.  SSL Certificates are a standard utilized for web access to servers and are an essential component for web server security.  
 
The SSL certificates are purchased through various online vendors as applicable to the proprietary data, server requirements, and compatibility of the software which resides on the server.  Each individual certificate has a cost of between $100 and $400.  The vendors do not require an Agreement but provide on-line terms and conditions which apply to the purchase.  The terms and conditions provided by the vendors are not negotiable and do not include standard county agreement provisions.  Based upon the criticality of the provision of a secured connection to the web servers for the County of Monterey, coupled with the many years of ITD's experience in utilizing SSL certificates which is a requirement for all web servers, the benefits outweigh the risks of the non-standard Terms and Conditions of the vendors.  Without SSL certificate installation, all County web server access would cease. Therefore, we are seeking the approval of this recommended action which will allow the Information Technology Department to purchase the certificates from the appropriate vendors as needed to ensure continued secure access for county departments.  
OTHER AGENCY INVOLVEMENT:
The Agreement was not approved by County Counsel and/or Risk Management due to the presence of non-standard language in the Terms and Conditions, including varying types of as-is product descriptions, limited vendor liability, expanded County liability for damages, foreign jurisdiction venue, and refund policies.
 
FINANCING:
The funds for the individual SSL Certificates have been included in the FY 2013-14 Adopted Budget for the Information Technology Department, ITD 1930, Unit 8137, INF002. Transactions relating to each future fiscal year will be included in each respective Recommended Budget.  
 
Prepared by: Sarah House, Management Analyst, 755-5108
 
Approved by:
 
__________________________________________
Dianah Neff, Director of Information Technology
Dated:  October 21, 2013
 
Attachments:
Attachment I: Non-Exclusive Sample of Entities