DATE: August 20, 2019
TO: Board of Supervisors
SUBMITTED BY: Robert W. Bash, Director, Internal Services/Chief Information Officer
SUBJECT: Agreement with IBM Security
RECOMMENDED ACTION(S):
TITLE
Approve and authorize the Chairman to execute an Agreement with IBM Security, a wholly owned subsidiary of Internal Business Machines Corporation, for database auditing software, effective upon execution, not to exceed five consecutive years, which includes a three-year base contract and two optional one-year extensions, total not to exceed $2,500,000.
REPORT
Approval of the recommended action will allow the County to utilize IBM Security’s Guardium, a database auditing software, for the protection of the County’s data, compliance with various regulations, and identification of weaknesses, threats, and security holes within County databases. This item is countywide.
ALTERNATIVE ACTION(S):
Your Board could:
1) Direct staff to negotiate and draft an agreement with the second-ranked bidder for database auditing software services; or
2) Direct staff to issue a new Request for Proposal (RFP) for database auditing software.
FISCAL IMPACT:
There is no increase in Net County Cost associated with the recommended action. Costs associated with this agreement will not exceed $2,500,000 for the total possible 5-year term of this agreement. Costs for this agreement were included in the calculation of rates charged to departments for database support. Sufficient appropriations and estimated revenues for costs associated with this agreement are included in the FY 2019-20 Internal Services Department - Information Technology Services Division Org 8905 Recommended Budget. Ongoing costs for the remaining term of the agreement will be included in future budget requests.
DISCUSSION:
On February 5, 2019, the County of Fresno, on behalf of the Internal Services Department, issued Request for Proposal (RFP) No. 19-050 for Database Auditing Software to two thousand two hundred and fifty-seven (2,257) vendors registered in Public Purchase. The response period closed on March 12, 2019, and five vendors responded: Network Consulting Services, Inc.; IBM Security; Dynamic Systems, Inc.; BIAS Corporation; and Applications Software Technologies, LLC.
An evaluation panel composed of representatives from the Internal Services Department evaluated each proposal solely based on the requirements of the RFP. Each evaluator individually reviewed each proposal on its own merit, based on bidder-provided data, capability, and qualifications. The evaluation panel narrowed its recommendations to Network Consulting Services, Inc., IBM Security, and Dynamic Systems, Inc.
Following demonstrations of the products of the three vendors, the evaluation panel recommended the proposal submitted by IBM Security as the number one selection to provide database auditing software services under the terms of the RFP. The recommendation for award was based on IBM’s robust, secure software solution system and its ability to audit all activity within the system. IBM’s solution allows for role-based access to the system, reports, and data. Additionally, the system contains out-of-the-box predefined alert and notification templates, provides administrators and data owners with the ability to approve and categorize sensitive data during the approval workflow, and tracks audit findings.
The evaluators concluded that IBM Security had the expertise, experience, and knowledge that would best benefit the County in meeting the RFP requirements, and that the proposal from IBM Security better met the RFP requirements than the proposals received from the other responding vendors.
Approval of the recommended agreement will allow the County to track and audit numerous databases throughout the County, ensuring compliance with various regulations, and protecting customer data.
The recommended agreement contains non-standard language, including a limitation on liability and a non-standard hold harmless provision. However, staff has reviewed this language, and believes the benefits of entering into the recommended agreement outweigh the risks, as a prudent business decision.
ATTACHMENTS INCLUDED AND/OR ON FILE:
On file with Clerk - Agreement
CAO ANALYST:
Yussel Zalapa