TITLE
Recommendation to adopt Specifications No. RFP TI 17-150 and authorize City Manager, or designee, to execute a contract, and any necessary amendments, with Tenable, Inc., of Columbia, MD, through its recommended reseller Optiv, of Denver, CO, to provide and install an Enterprise Vulnerability Scanning System, in the amount of $142,100; authorize a 20 percent contingency in the amount of $28,420, for a total contract amount not to exceed $170,520, for a period of one year, with the option to renew for two additional one-year periods, for an annual amount not to exceed $142,100, at the discretion of the City Manager. (Citywide)
DISCUSSION
City Council approval is requested to enter into a contract with Tenable, Inc., through its recommended reseller Optiv, to provide and install an Enterprise Vulnerability Scanning System (System) that identifies security weaknesses in the network, computer infrastructure, and applications to enable the City to prioritize and mitigate risks on an ongoing basis. Tenable sells its products through value-added resellers that are independently-owned and operated, such as Optiv.
The System will aid in determining the cyber security hygiene of the City’s infrastructure and offer guidance on how to fix any noted deficiencies. In the era of digital business, the importance of managing risk and the potential for financial and reputational damage resulting from a breach have increased significantly. The System will assist the City in determining the security of its infrastructure by providing the means to continuously monitor its technology assets. The Tenable solution will allow the City to take a proactive approach in assessing system configuration, detecting changes and malware, gaining threat intelligence, and an analysis of network and user activity. This solution provides visibility into the City’s security and compliance across the entire Technology infrastructure and will also track critical weaknesses until resolutions have been implemented, offer detail guidance on the remediation activities, and produce user- friendly reports on the discovered vulnerabilities.
A Request for Proposals (RFP) was advertised in the Long Beach Press-Telegram on September 27, 2017, and 6,639 potential proposers specializing in information technology professional services were notified of the RFP opportunity. Of those proposers, 54 downloaded the RFP via the City’s electronic bid system. The RFP document was also made available from the Purchasing Division, located on the seventh floor of City Hall, and the Division’s website at www.longbeach.gov/purchasing. An RFP announcement was also included in the Purchasing Division’s weekly update of Open Bid Opportunities, which was sent to 22 local, minority, and women-owned business groups. Two proposals were received on October 23, 2017. Of the two proposals, one was deemed non-responsive for not meeting all mandatory requirements of the RFP.
The selection committee, comprised of members from the Technology and Innovation Department, determined that the sole responsive proposer met the requirements of the RFP and recommends moving forward with Tenable (not an MBE, WBE, SBE, or local business), based on their experience in performance of comparable engagements, as well as their understanding of scope and approach.
Local Business Outreach
In an effort to align with the City’s outreach goals, Long Beach businesses are encouraged to submit proposals for City contracts. The Purchasing Division also assists businesses with registering on the PlanetBids database to download the RFP specifications. Through outreach, 647 Long Beach vendors were notified to submit proposals, of which none downloaded nor submitted a proposal. The Purchasing Division is committed to continuing to perform outreach to local vendors to expand the bidder pool.
This matter was reviewed by Deputy City Attorney Amy R. Webber on April 23, 2018 and by Budget Analysis Officer Julissa José-Murray on April 25, 2018.
TIMING CONSIDERATIONS
City Council action to adopt Specifications No. RFP TI 17-150 and award the contract concurrently is requested on May 15, 2018, to conduct the enterprise vulnerability scanning as soon as possible.
FISCAL IMPACT
The cost of the contract is not to exceed $170,520, for a period of one year, with the option to renew for two additional one-year periods for an annual amount not to exceed $142,100. Funding is being requested in the budget adjustments for the second quarter of FY 18 in the General Services Fund (IS 385) in the Technology and Innovation Department (TI), offset by the release of funds previously set aside in the General Services Fund for cyber security risk assessment. On December 5, 2017, the City’s critical technology infrastructure needs were presented to City Council. This item represents additional technology spending needed as prerequisite spending to implement the City’s identified critical cyber security technology needs from the December 5th presentation. There is no local job impact associated with this recommendation.
SUGGESTED ACTION
Approve recommendation.
Respectfully Submitted,
LEA D. ERIKSEN
INTERIM DIRECTOR OF TECHNOLOGY AND INNOVATION
JOHN GROSS
DIRECTOR OF FINANCIAL MANAGEMENT
APPROVED:
PATRICK H. WEST
CITY MANAGER