File #: A 20-276    Name: Qualys Amend No. 4
Type: BoS Agreement Status: Passed - Information Technology Department
File created: 7/8/2020 In control: Board of Supervisors
On agenda: 7/28/2020 Final action: 7/28/2020
Title: a. Approve and authorize the Director of Information Technology or his designee, to execute Amendment No. 4 to the Non-Standard Agreement with Qualys, Inc. extending the term of the agreement three (3) years, ending on July 19, 2023; adding $415,110 to the existing contract amount for an amended total of $937,690, to continue to provide QualysGuard Vulnerability Management Enterprise services; and b. Authorize the Director of Information Technology to execute forms required to secure services identified in this Agreement.
Attachments: 1. Board Report, 2. Qualys Amendment No. 4, 3. Qualys Amendment No. 3, 4. Qualys Amendment No. 2, 5. Qualys Amendment No. 1, 6. Qualys Original Agreement, 7. Item No. 52 Completed Board Order
Related files: A 23-310

Title

a. Approve and authorize the Director of Information Technology or his designee, to execute Amendment No. 4 to the Non-Standard Agreement with Qualys, Inc. extending the term of the agreement three (3) years, ending on July 19, 2023; adding $415,110 to the existing contract amount for an amended total of $937,690, to continue to provide QualysGuard Vulnerability Management Enterprise services; and

b. Authorize the Director of Information Technology to execute forms required to secure services identified in this Agreement.

Report

RECOMMENDATION:

It is recommended that the Board of Supervisors:

a. Approve and authorize the Director of Information Technology or his designee, to execute Amendment No. 4 to the Non-Standard Agreement with Qualys, Inc. extending the term of the agreement three (3) years, ending on July 19, 2023; adding $415,110 to the existing contract amount for an amended total of $937,690, to continue to provide QualysGuard Vulnerability Management Enterprise services; and

b. Authorize the Director of Information Technology to execute forms required to secure services identified in this Agreement.

 

SUMMARY/DISCUSSION:

Qualys, Inc. (Qualys) has provided information security vulnerability, identification, and remediation system management services for the County’s use for the past fifteen years.  The Qualys tool has provided the Information Technology Department (ITD) with on-demand ability to scan County Information Technology (IT) assets for information security vulnerabilities immediately, which assists in the County’s ability to proactively remediate them to protect County information assets against attack.  ITD wishes to continue service for an additional three years. By doing so, ITD is able to secure discounted pricing. Invoicing will be done on an annual basis in the amount of $138,370.

 

County Information Technology Department (ITD) has utilized the QualysGuard scanning tool and service to assist identifying vulnerabilities, which is a weakness in a system that may allow an attacker to violate the confidentiality, integrity, availability, or audit mechanism of a system or the data and applications it hosts.  Vulnerabilities often result from ‘bugs’ or design flaws in a system.  The Qualys tool provides the County with the results of such scans, including detailed reports with verified remediation actions to be undertaken by County staff supporting administrative, legal, health, finance, and social service systems.

 

This new product version (called VDMR - Vulnerability Management, Detection, and Response) also includes lightweight cloud agents and virtual scanners that give the county the ability to manage system vulnerabilities on County workstations that are not connected to the County’s network, a critical requirement with more employees working from offsite locations.

 

The Qualys contract contains non-standard provisions, as identified by County Counsel.  The Director of IT believes that the continued reductions in security risks to the County outweigh the risks associated with this agreement.  Amendment No. 4 does not change non-standard language previously approved by the Board.

 

OTHER AGENCY INVOLVEMENT:

County Counsel does not approve continuance of non-standard provisions.

 

Auditor-Controller does not approve the non-standard payment provisions.

 

FINANCING:

The amount of $138,370 is included in the FY 2020-21 Adopted Budget for ITD 1930, Budget Unit 8437, Appropriations Unit INF002. Future expenses will be included in respective fiscal year budgets. Should funding be reduced and/or terminated, the County may terminate this agreement by giving thirty (30) days written notice of such action to the Contractor.

 

BOARD OF SUPERVISORS STRATEGIC INITIATIVES:

The execution of the proposed Amendment furthers the efficient administration of County business by identifying potential information security vulnerabilities in advance. 

 

X Economic Development

X Administration

X Health & Human Services

X Infrastructure

X Public Safety

 

Prepared by: Lynnette Beardsall, Management Analyst II, 759-6938

 

Approved by:

 

 

______________________________________ Date: _________

Eric A. Chatham, Director of Information Technology, 759-6920

 

Attachments:

Qualys Amendment No. 4

Qualys Amendment No. 3

Qualys Amendment No. 2

Qualys Amendment No. 1

Qualys Original Agreement

 

Attachments are on file with the Clerk of the Board