To: Sonoma County Board of Supervisors
Department or Agency Name(s): Information Systems
Staff Name and Phone Number: Ben Toyoda 565-2713
Vote Requirement: Majority
Supervisorial District(s): Countywide
Title:
Title
IT Consulting Services
End
Recommended Action:
Recommended action
A) Authorize the Information Systems Director or designee to execute professional services agreements with Evolver, LLC and Plante & Moran, PLLC to perform as needed IT security consulting services for a three-year period from November 8th, 2023 to November 7th, 2026 for an amount not to exceed $1,500,000 per agreement, and total payments exceeding $100,000 annually per agreement shall require the prior written approval of the ISD Director or designee.
B) Authorize the Information Systems Director or designee to execute two options to extend the agreement for one year each, for an additional annual amount not to exceed $500,000 per agreement.
end
Executive Summary:
The Information Systems Department (ISD) of the County of Sonoma is seeking multiple vendors to provide as needed IT security consulting and services that will support ISD employees and infrastructure with a variety of services and components, such as Cybersecurity Preparedness and Response, Enterprise IT Risk Management, IT Disaster Recovery Planning, Business Continuity Planning, Business Impact Analysis, Wide Area Network Architecture and Design, Cloud Computing Design and Security, and Regulatory Compliance. The outcome of the program will be high quality, efficient, repeatable, and cost-effective IT Consulting Services for Security, Audit, Compliance, Governance, Best Practices, and Planning.
ISD is requesting Board authority to enter into contracts with two (2) providers that specialize in these services to ensure sufficient resources are available, as well as to avoid any conflicts of interest.
Discussion:
The Information Systems Department (ISD) is responsible for the support and coordination of technology services for twenty-seven County customer departments. This includes the provision and support of countywide networks, approximately 3,800 desktop computers, hundreds of business applications, County and departmental Internet and Intranet sites. Additionally, ISD is often charged with managing large software application implementations or IT infrastructure projects.
The primary purpose of the services of these proposed agreements, is to ensure that the County has sufficient resources and expertise available to immediately assist with responding to large-scale cybersecurity attacks, should additional assistance be required. ISD is capable of preparing for and responding to most cybersecurity attacks, but large-scale events may require additional resources. Having contracts for “as needed” services in place and immediately available, will allow ISD to better respond to time sensitive incidents. These services also allow for neutral third-party security reviews to help ensure that ISD and the County are following industry standard best practices. By having two providers, one provider can perform the assessments, and the other provider can assist ISD, if needed, with implementing remediations to satisfy any findings, avoiding any conflicts of interest.
The Information Systems Department initiated a public solicitation for cybersecurity consulting services. This competitively bid process involved two rounds of review by our rating committee. The first round was based primarily on the organizational capacity to provide all services identified in the scope of the solicitation as presented in the initial bid, as well as cost. Based on the scoring from the initial review, bidders were invited to an interview to provide details on their solution. Two suppliers were chosen as a result of this solicitation process. The selection criteria included; the quality of the presentation, expertise conveyed in providing services, capacity to meet the County’s needs, supplier and County alignment to be in partnership, and cost.
Strategic Plan:
This item directly supports the County’s Five-year Strategic Plan and is aligned with the following pillar, goal, and objective.
Pillar: Resilient Infrastructure
Goal: Goal 2: Invest in capital systems to ensure continuity of operations and disaster response.
Objective: Objective 1: Strengthen critical communications infrastructure, interoperability, and information technology tools relied upon during disasters.
Racial Equity:
Was this item identified as an opportunity to apply the Racial Equity Toolkit?
No
NA
Prior Board Actions:
NA
Fiscal Summary
|
Expenditures |
FY23-24 Adopted |
FY24-25 Projected |
FY25-26 Projected |
|
Budgeted Expenses |
$300,000 |
$300,000 |
$300,000 |
|
Additional Appropriation Requested |
|
|
|
|
Total Expenditures |
$300,000 |
$300,000 |
$300,000 |
|
Funding Sources |
|
|
|
|
General Fund/WA GF |
|
|
|
|
State/Federal |
|
|
|
|
Fees/Other |
|
|
|
|
Use of Fund Balance |
$300,000 |
$300,000 |
$300,000 |
|
Contingencies |
|
|
|
|
Total Sources |
$300,000 |
$300,000 |
$300,000 |
Narrative Explanation of Fiscal Impacts:
The services provided in these agreements will be utilized on an as needed basis. For FY 2023-24, ISD budgeted $300,000 for anticipated needs that will be funded with Replacement A fund balance sourced from prior year savings. If contract needs exceed the budgeted amount, ISD will request additional appropriations in a future Consolidated Budget Adjustment, funded with Replacement A fund balance. For future budget years, ISD will estimate service needs, and will work with the CAO to fund these services through a combination of internal rates and available fund balance.
|
Staffing Impacts: |
|
|
|
|
Position Title (Payroll Classification) |
Monthly Salary Range (A-I Step) |
Additions (Number) |
Deletions (Number) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Narrative Explanation of Staffing Impacts (If Required):
None
Attachments:
PSA Evolver
PSA Plante & Moran
Related Items “On File” with the Clerk of the Board:
None