File #: 25-0402   
On agenda: 6/10/2025 Final action:
Enactment date: Enactment #:
Recommended Action(s)
 		1. Approve and authorize the Chairman to execute First Amendment to Agreement No. A-24-049 with SHI International Corp to add additional CrowdStrike cybersecurity software products and services and increase the maximum compensation by $1,315,613 to a total of $3,436,613, effective June 10, 2025, with no change to the five-year term of January 23, 2024, through January 22, 2029; and 2. Approve and authorize the Director of Information Technology/Chief Information Officer, or their designee, to add and remove cybersecurity software products and services provided by SHI International Corp as needed to mitigate newly identified threats to critical infrastructure and sensitive County data.
Attachments: 1. Agenda Item, 2. On file with Clerk - Amendment I to Agt. No. A-24-049 with SHI International Corp
Date Action ByActionResultAction DetailsAgenda MaterialsVideo
No records to display.

DATE:                     June 10, 2025

 

TO:                     Board of Supervisors

 

SUBMITTED BY:                     Mike Kerr, Director of Information Technology/Chief Information Officer

 

SUBJECT:                     Amendment to Agreement with SHI International Corp

 

RECOMMENDED ACTION(S):

TITLE

1.                     Approve and authorize the Chairman to execute First Amendment to Agreement No. A-24-049 with SHI International Corp to add additional CrowdStrike cybersecurity software products and services and increase the maximum compensation by $1,315,613 to a total of $3,436,613, effective June 10, 2025, with no change to the five-year term of January 23, 2024, through January 22, 2029; and

 

2.                     Approve and authorize the Director of Information Technology/Chief Information Officer, or their designee, to add and remove cybersecurity software products and services provided by SHI International Corp as needed to mitigate newly identified threats to critical infrastructure and sensitive County data.

REPORT

There is no additional Net County Cost associated with the recommended actions. Approval of the first recommended action will amend Agreement No. A-24-049 (Agreement) to allow the County to purchase new CrowdStrike cybersecurity software products and services from SHI International Corp (SHI) and increase the maximum compensation.

 

Approval of the second recommended action will authorize the Director of Information Technology/Chief Information Officer (Director), or their designee, to add and remove products and services provided by SHI as needed to quickly mitigate newly identified threats to critical infrastructure and sensitive County data and will not exceed 20% of the maximum compensation of the Agreement. This item is countywide.

 

ALTERNATIVE ACTION(S):

 

If the first recommended action is not approved, the County will be at greater risk of threats to critical infrastructure and sensitive County data. If the second recommended action is not approved, the Information Technology Services Department (ITSD) will be required to amend the Agreement to add additional SHI products each time protection against new threats is identified, which may diminish the safety of critical infrastructure and sensitive County data and potentially delay the implementation of preventative security protections. Your Board can choose to lower the 20% maximum threshold of compensation that the Director can use to authorize any future products and services.

 

FISCAL IMPACT:

 

There is no increase in Net County Cost associated with the recommended actions. The recommended Amendment will increase the total maximum compensation payable by $1,315,613, from $2,121,000 to $3,436,613. Costs associated with the recommended Amendment are recovered through chargebacks to user departments. Sufficient appropriations and estimated revenues are included in the Internal Services Department Org 8905 FY 2024-25 Adopted Budget and will be included in future ITSD Recommended Budget requests for the duration of the Agreement term.

 

DISCUSSION:

 

On January 23, 2024, the Board approved the Agreement with SHI for CrowdStrike cybersecurity software products and services for the protection of critical infrastructure and sensitive County data through malware, ransomware, and next-generation endpoint protection.

 

In order to protect the County from ongoing and emerging cybersecurity threats, the County is migrating to a single solution provider to make available malware, ransomware, and next-generation endpoint protection as it becomes available and deemed necessary by the ITSD Director. As the additional products and services fit within the existing scope of the Agreement, the General Services Department - Purchasing Division (Purchasing) concludes that no further procurement process is required to add these products and services through the recommended Amendment. Previously, infrastructure and data protection were provided by different vendors and were procured using a Master Purchasing Agreement that is no longer an option.

 

The first recommended action authorizes the amendment of the Agreement to add additional CrowdStrike cybersecurity software products and services and increases the maximum compensation.

 

The second recommended action authorizes the Director, in consultation with the Chief Information Security Officer as needed, to add and remove additional software products and services in the future, should new threats to the critical infrastructure and sensitive County data arise, which will not exceed 20% of the maximum compensation. This will ensure future needs that fit within the scope of the existing Agreement can be addressed expeditiously to protect the integrity of the County’s critical infrastructure and sensitive data.

 

REFERENCE MATERIAL:

 

BAI #38, January 23, 2024

 

ATTACHMENTS INCLUDED AND/OR ON FILE:

 

On file with Clerk - Amendment I to Agreement No. A-24-049 with SHI International Corp

 

CAO ANALYST:

 

Amy Ryals