title
APPROVE MOTION TO AUTHORIZE A NETWORK AND SECURITY ASSESSMENT
recommended action
RECOMMENDATION
Staff recommends the City Council approve a motion:
1. Authorizing the City Manager to enter into an agreement with Quest Technology Management not to exceed $190,000 to perform a risk assessment of the City’s network and security infrastructure.
2. Approving findings which support and justify an exception to the competitive bid process.
3. Authorizing the City Manager to take all appropriate and necessary actions to carry out the purpose and the intent of this motion.
body
Summary
The Information Technology Department (IT) has identified the need for a risk assessment of the City’s network and security infrastructure to address gaps and potential risk in our policies, processes, and technology. The assessment aligns with the Information Technology Department’s Strategic Plan by ensuring the City has a stable, robust, and secure data infrastructure. The assessment will identify opportunities to modernize our network infrastructure to current industry best practices and provide future capacity, compatibility, and scalability as the City grows and technology changes.
To address this need, the City issued a Request for Proposals (RFP) and solicited proposals from qualified firms capable of providing network and security assessments. Of the eleven (11) proposals received, Quest Technology Management was selected as the vendor that best met the City’s requirements.
Staff recommends that Council authorize the City Manager to enter into an agreement not to exceed $190,000 with Quest Technology Management (Quest) to perform an assessment of the City’s network and security infrastructure to identify the inefficiencies and vulnerabilities (Attachment A).
DISCUSSION
Background
The Information Technology department has been working on upgrading the City’s aging network infrastructure with the goal of reducing the size of the City’s main data center by moving applications to the cloud and preparing for the new ERP system. The City requires a consultant to conduct an assessment of the current network and security infrastructure to ensure future capacity, compatibility, and scalability.
The IT department manages the technology infrastructure for the entire City and is inclusive of all City departments by providing best practices and security for all data stored, shared, and accessed within the City. The City’s goals for the assessment of the network and security infrastructure are:
• Identify and replace aging infrastructure
• Maximize network performance and reliability
• Enhance physical network design
• Ensure the network is scalable and can efficiently support new City locations
• Prepare for cloud services expansion
• Reduce the footprint of the City’s data centers
• Support a robust Enterprise Resource Planning (ERP) system
• Align with the technology recovery plan and provide enhanced business continuity capabilities
• Recommend best practices related to network administration, engineering, and cybersecurity defense.
Present Situation
Staff recommends engaging with Quest to conduct a comprehensive assessment of the Network and Security infrastructure currently in use throughout the City and provide recommendations for technology solutions based on industry best practices. The objectives of the assessment are as follows:
• Provide an assessment of the City’s network strengths, weaknesses, and to identify opportunities for improvement
• Identify network and security gaps such as potential single points of failure, bottlenecks, inefficiencies, network device issues, and gaps in security
• Identify network design enhancements and assess the security of the current infrastructure configuration to ensure a scalable network for future growth
• Identify software, hardware, and/or operating systems to improve network efficiency, capacity, scalability, and reduce security risks
• Provide baseline performance metrics and make recommendations for monitoring thresholds to provide notifications of potential risks regarding network events for investigation
• Conduct a physical and cyber security assessment and provide recommendations to reduce or eliminate vulnerabilities
• Identify network engineering, security, administration, and monitoring best practices and provide recommendations for improvement where appropriate.
On August 23, 2018, an RFP to assess the City’s network infrastructure was posted on the City’s Website (BidFlash) to solicit proposals. Proposers were requested to present their qualifications and capabilities to the City. Any questions from proposers were due on September 6, 2018. The City responded to all questions submitted by posting them on BidFlash.
The City received eleven (11) proposals on September 9, 2018. Proposals were received from the following vendors:
• Quest Technology Management - Sacramento, CA
• SeNet International Corporation - Fairfax, VA
• KAI Partners - Sacramento, CA
• MGT Consulting Group - Sacramento, CA
• Shandam Consulting, Inc. - Sacramento, CA
• Direct Technology Gov Solutions - Roseville, CA
• Performance Technology Partners - Gold River, CA
• Dimension Data North America, Inc. - Charlotte, NC
• NetExperts, Inc. - Walnut Creek, CA
• Global Information Intelligence, LLC - Plano, TX
• Moss Adams - Seattle, WA.
An evaluation panel composed of City of Stockton Information Technology Subject Matter Experts and managers reviewed the proposals and scored them individually and then as a group. Each vendor was scored based on:
• experience
• methodology
• deliverables
• availability.
Quest was the top scoring proposal. Quest scored well in each area and has a proven track record (validated by references) with other public sector entities in this area of expertise.
Quest will assess the City’s network and security infrastructure. It will provide recommendations for improvement to ensure the City’s network is scalable, efficient, secure, and prepared for growth.
Findings:
Stockton Municipal Code section 3.68.070 provides an exception to the competitive bidding process in cases where the City Council has approved findings that support and justify the exception. The proposed findings are as follows:
1. A request for proposal evaluation was conducted to solicit qualified vendors, and Quest was competitive in that process.
2. Quest has the necessary skills, experience, and has successfully implemented and performed such projects.
3. The use of the RFP process was appropriate for this project because it relies on the evaluation of professional qualifications and performance as the basis for selection of a vendor. Use of these criteria helps ensure the selected vendor meets the highest standards and minimizes risk.
FINANCIAL SUMMARY
Funds for this project are appropriated for this purpose in the FY 2018-19 Annual Budget for the Computer Equipment Internal Service Fund, Account No. 502-5101-670. The one-time amount is $190,000 for Quest to perform the network and security assessment for the City. There are no future costs expected for this assessment.
Attachment A - Agreement with Quest Technology Management