DATE: June 10, 2025
TO: Board of Supervisors
SUBMITTED BY: Mike Kerr, Director of Information Technology/Chief Information Officer
SUBJECT: Retroactive Amendment to Agreement with Secure-Centric, Inc.
RECOMMENDED ACTION(S):
TITLE
1. Approve and authorize the Chairman to execute a retroactive First Amendment to Agreement No. A-24-514 with Secure-Centric, Inc. to add additional Proofpoint email protection software and end user training and increase the maximum compensation by $285,569 to a total of $1,251,481, effective February 7, 2025, with no change to the three-year term of September 29, 2024 through September 28, 2027; and
2. Approve and authorize the Director of Information Technology/Chief Information Officer, or their designee, to add and remove products and services provided by Secure-Centric, Inc. as needed to mitigate newly identified threats to County email services.
REPORT
There is no additional Net County Cost associated with the recommended actions. Approval of the first recommended action will amend Agreement No. A-24-514 (Agreement) to allow the County to purchase new Proofpoint email protection products and end user security awareness training from Secure-Centric, Inc. (Secure-Centric) and increase the maximum compensation.
Approval of the second recommended action will authorize the Director of Information Technology/Chief Information Officer (Director), or their designee, to add and remove products and services provided by Secure-Centric as needed to quickly mitigate newly identified threats to County email services, which will not exceed 20% of the maximum compensation. This item is countywide.
ALTERNATIVE ACTION(S):
If the first recommended action is not approved, the County will be at greater risk of email phishing threats and lack an end user security awareness training option. If the second recommended action is not approved, the Information Technology Services Department (ITSD) will be required to amend the Agreement to add additional Secure-Centric products each time protection against new threats is identified, which may diminish the safety of County email services and potentially delay the implementation of preventative security protections. Your Board can choose to lower the 20% maximum threshold of compensation that the Director can use to authorize any future products and services.
RETROACTIVE AGREEMENT:
The recommended Amendment is retroactive to February 7, 2025 because this is the date that Secure-Centric provided ITSD access to the new Proofpoint email phishing protection software and end user security awareness training. Secure-Centric offers immediate proof of concept access to their new products in order for ITSD staff to verify the product functions properly and to ensure that preventative measures are put into place timely to address newly identified threats. ITSD used Secure-Centric’s proof of concept access for their phishing protection and access to their end user security awareness training and determined that both seamlessly integrated into the existing software and function as they should. In an effort to avoid retroactive amendments in the future, ITSD is requesting delegated authority to the Director as described under the second recommended action.
FISCAL IMPACT:
There is no increase in Net County Cost associated with the recommended actions. The recommended Amendment will increase the total maximum compensation payable by $285,569, from $965,913 to $1,251,481. Costs associated with the recommended Amendment are recovered through chargebacks to user departments. Sufficient appropriations and estimated revenues are included in the Internal Services Department Org 8905 FY 2024-25 Adopted Budget and will be included in future ITSD Recommended Budget requests for the duration of the Agreement term. As of May 13, 2025, there is one pending invoice totaling $17,404.
DISCUSSION:
On September 24, 2024, the Board approved the Agreement with Secure-Centric for Proofpoint software, products, and services for the protection of County email services. The existing Proofpoint software provides the County with spam and malicious email filtering, as well as the removal of spam and viruses sent through both internal and external email communications.
In order to protect the County from ongoing and emerging cybersecurity threats, the County is migrating to a single solution provider to make available both email threat defense and phishing simulation along with end user security awareness training. As the additional products and services fit within the existing scope of the Agreement, the General Services Department - Purchasing Division (Purchasing) concludes that no further procurement process is required to add these products and services through the recommended Amendment. Previously, phishing simulation and end user security awareness training were provided by a different vendor and were procured using a Master Purchasing Agreement that is no longer an option.
The second recommended action authorizes the Director, in consultation with the Chief Information Security Officer as needed, to add and remove additional software products and services in the future should new threats to the County email system arise, which will not exceed 20% of the maximum compensation. This will ensure future needs that fit within the scope of the existing Agreement can be addressed expeditiously to protect the integrity of the County’s email system.
REFERENCE MATERIAL:
BAI #34, September 24, 2024
ATTACHMENTS INCLUDED AND/OR ON FILE:
On file with Clerk - Amendment I to Agreement with Secure-Centric, Inc.
CAO ANALYST:
Amy Ryals