Title
Approve and authorize the Contracts Purchasing Officer or his designee, to execute Amendment No. 3 to the Non-Standard Agreement with Qualys, Inc. on behalf of the Information Technology Department, adding $130,645.00 to the existing contract amount of $391,935, for an amended total of $522,580, to continue to provide QualysGuard Vulnerability Management Enterprise services, and to extend the term of the agreement by an additional year, ending on July 19, 2020.
Report
RECOMMENDATION:
Approve and authorize the Contracts Purchasing Officer or his designee, to execute Amendment No. 3 to the Non-Standard Agreement with Qualys, Inc. on behalf of the Information Technology Department, adding $130,645.00 to the existing contract amount of $391,935, for an amended total of $522,580, to continue to provide QualysGuard Vulnerability Management Enterprise services, and to extend the term of the agreement by an additional year, ending on July 19, 2020.
SUMMARY/DISCUSSION:
Qualys, Inc. (Qualys) has provided information security vulnerability, identification, and remediation system management services for the County’s use for the past thirteen years. The Qualys tool has provided the Information Technology Department (ITD) with on-demand ability to scan County Information Technology (IT) assets for information security vulnerabilities immediately, which assists in the County’s ability to proactively remediate them to protect County information assets against attack. ITD wishes to continue service through fiscal year 2019-20.
ITD has utilized the QualysGuard scanning tool and service to assist identifying vulnerabilities, which is a weakness in a system that may allow an attacker to violate the confidentiality, integrity, availability, or audit mechanism of a system or the data and applications it hosts. Vulnerabilities often result from ‘bugs’ or design flaws in a system. The Qualys tool provides the County with the results of such scans, including detailed reports with verified remediation actions to be undertaken by County staff supporting administrative, legal, health, finance, and social service systems.
The Qualys contract contains non-standard provisions, as identified by County Counsel. The ITD Director believes that the continued reductions in security risks to the County outweigh the risks associated with this agreement. Amendment No. 3 does not change non-standard language previously approved by the Board.
OTHER AGENCY INVOLVEMENT:
County Counsel has cannot approve continuance of non-standard provisions.
FINANCING:
This Agreement is included in the FY 2019-20 Adopted Budget for ITD 1930, Budget Unit 8437, Appropriations Unit INF002. Should funding be reduced and/or terminated, the County may terminate this agreement by giving thirty (30) days written notice of such action to the Contractor.
BOARD OF SUPERVISORS STRATEGIC INITIATIVES:
The execution of the proposed Amendment furthers the efficient administration of County business by identifying potential information security vulnerabilities in advance.
__Economic Development
X Administration
X Health & Human Services
X Infrastructure
X Public Safety
Prepared by: Lynnette Beardsall, Management Analyst II, 759-6938
Approved by:
______________________________________ Date:_________
Eric A. Chatham, Director of Information Technology, 759-6920
Attachments: Qualys Amendment No. 3; Qualys Amendment No. 2; Qualys Amendment No. 1; Qualys Original Agreement
Attachments on file with the Clerk of the Board