Title
Approve and authorize the Contracts Purchasing Officer, or the Contracts Purchasing Supervisor, to execute Amendment No. 1 to the Non-Standard Agreement with Qualys, Inc. on behalf of the Information Technology Department, adding $130,645 to the existing contract amount of $130,645, for an amended total of $261,290, to continue to provide QualysGuard Vulnerability Management Enterprise services and associated subscription fees, and to extend the term of the agreement by an additional year, ending on July 19, 2018.
Report
RECOMMENDATION:
It is recommended that the Board of Supervisors:
Approve and authorize the Contracts Purchasing Officer, or the Contracts Purchasing Supervisor, to execute Amendment No. 1 to the Non-Standard Agreement with Qualys, Inc. on behalf of the Information Technology Department, adding $130,645 to the existing contract amount of $130,645, for an amended total of $261,290, to continue to provide QualysGuard Vulnerability Management Enterprise services and associated subscription fees, and to extend the term of the agreement by an additional year, ending on July 19, 2018.
SUMMARY:
Qualys, Inc. has provided information security vulnerability, identification, and remediation system management services for the County’s use for the past twelve years. This tool has provided the Information Technology Department (ITD) with on-demand ability to scan County Information Technology (IT) assets for information security vulnerabilities immediately, which assists in the County’s ability to proactively remediate them to protect County information assets against attack. ITD wishes to continue service through fiscal year 2017-2018.
DISCUSSION:
ITD has utilized the QualysGuard scanning tool and service to assist identifying vulnerabilities, which is a weakness in a system that may allow an attacker to violate the confidentiality, integrity, availability, or audit mechanism of a system or the data and applications it hosts. Vulnerabilities often result from ‘bugs’ or design flaws in a system. The Qualys tool provides the County with the results of such scans, including detailed reports with verified remediation actions to be undertaken by County staff supporting administrative, legal, health, finance, and social service systems.
The Qualys contract contains non-standard provisions, as identified by County Counsel. The IT Director believes that the continued reductions in security risks to the County outweigh the risks associated with this agreement. Amendment No. 1 does not change non-standard language previously approved by the Board.
OTHER AGENCY INVOLVEMENT:
County Counsel cannot approve continuance of non-standard provisions. Risk Management cannot approve non-standard insurance and indemnity language.
FINANCING:
This Agreement is included in the FY 2017-18 Adopted Budget for ITD 1930, Unit 8437, Appropriations Unit INF002. Should funding be reduced and/or terminated, the County may terminate this agreement by giving thirty (30) days written notice of such action to the Contractor.
BOARD OF SUPERVISORS STRATEGIC INITIATIVES:
The execution of the proposed Amendment furthers the efficient administration of County business by identifying potential information security vulnerabilities in advance.
Mark a check to the related Board of Supervisors Strategic Initiatives
__Economic Development
X Administration
X Health & Human Services
X Infrastructure
X Public Safety
Prepared by: Sandra Shaffer, Management Analyst III, 759-6957
Approved by:
_______________________________________ Date:________
Eric A. Chatham, Director of Information Technology, 759-6920
Attachments: Executed Qualys Agreement; Amendment No. 1
Attachments are on file with the Clerk of the Board