The URL can be used to link to this page

SR 05-11-2021 3E City Council Report City Council Meeting: May 11, 2021 Agenda Item: 3.E 1 of 5 To: Mayor and City Council From: Joseph Cevetello, Chief Information Officer, Information Services Department Bill Walker, Fire Chief, Fire Department Subject: Award Professional Services Agreement to RSI Systems Inc. for Cyber- Security Resource Recommended Action Staff recommends that the City Council: 1. Award Cybersecurity Resource RFP to RSI Systems Inc., to assist with the continued development of a robust cybersecurity program to properly safeguard City assets. 2. Authorize the City Manager to negotiate and execute an agreement with RSI Systems, in an amount not to exceed $525,000 over a three-year period, with future year funding contingent on Council budget approval and additional grant funding. 3. Authorize budget changes as outlined in the Financial Impacts & Budget Actions section of this report. Summary Staff recommends that the City Council authorize the City Manager to execute an agreement with RSI Systems Inc., California based company, to assist the Information Services Department (ISD) cybersecurity staff with the continued development and deployment of a comprehensive cybersecurity program to safeguard City assets. RSI Systems, Inc. services shall not exceed $175,000 for one year, with two additional one- year renewal options for subsequent years, not to exceed $525,000 over a three-year period. ISD has identified grant funding from the U.S. Department of Homeland Security (DHS), Federal Emergency Management Agency's Urban Area Security Initiative (UASI) grant for year 1; future year funding has been identified as part of the 2021 UASI grant funding. 3.E Packet Pg. 38 2 of 5 In 2020 grant year, $2,164,108 was awarded to the City of Santa Monica as a part of the UASI grant to enhance regional preparedness for disasters, emergencies, cyberattacks and other threats to homeland security. Staff recommends utilizing $175,000 of the 2020 UASI grant funds of the subrecipient agreement with the City of Los Angeles for the performance period of September 1, 2020 to May 31, 2023 to fund RSI Systems Inc. to assist the information security team with implementing measures to protect the City’s newly developed website, improve governance controls over the City’s cloud solutions, safeguard City data stored with cloud-based providers, improve identity management, and identify and block malicious cyberattacks. The additional funding of $525,000 has been awarded in the UASI 2021 grant process to fund the remaining contract. Staff will return to Council to accept this 2021 award and appropriate the funds once the UASI 2021 agreement is received. Discussion UASI Grant Funding The UASI program focus is on enhancing regional preparedness and capabilities in major metropolitan areas. The Santa Monica Fire Department requested funds to send staff to trainings that support its core public safety missions as well as regional homeland security goals, and to purchase equipment and funds for a city-wide cybersecurity project. The following are the four major regional homeland security focus areas of the UASI grant program, known as Investment Justifications: 1. Strengthen interoperable and communications capabilities 2. Strengthen information sharing, collaboration capabilities, and law enforcement investigations 3. Protection of critical infrastructure and key resources 4. Catastrophic incident planning response and recovery The UASI program directly supports the national priority of expanding regional collaboration within the National Preparedness Goal, which defines what it means for the whole community to be prepared for all types of disasters and emergencies. The 3.E Packet Pg. 39 3 of 5 UASI grant is intended to assist participating jurisdictions in developing integrated regional systems for prevention, protection, response, and recovery from natural or man-made disasters. The Fire Department will allocate $175,000 of the UASI grant funds to ISD for the purposes of purchasing professional services to aid in the continuous development of a comprehensive cybersecurity program to better protect the City data and systems as it continues to extend its digital ecosystems. Procurement for projects funded by the UASI grant will follow Santa Monica’s policies regarding competitive procurement processes. City Digital Security Program The City’s digital infrastructure and data are core to the reliability, effectiveness, and efficiency of all the core services that the City provides to residents, business, and visitors. Since COVID19, information technology dependency has only accelerated as Santa Monica continues to ensure it meets the digital needs of staff and the community. This professional service engagement would aid staff in continuing to cultivate a resilient cybersecurity posture and support the recommendations within the City’s comprehensive cybersecurity risk assessment of its infrastructure. With the additional grant assistance, the City’s Information Security Division will implement digital security requirements set forth by agency regulations such as the Criminal Justice Agencies (CJA) for access to Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) Division systems, Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry – Data Security Standards (PCI-DSS). Vendor/Consultant Selection In October 2020, the City published a Request for Information (RFI) and received sixteen responses. After evaluating the vendors based on technical competence and competitive bidding the City invited five of the vendors to bid on the cybersecurity service. In November 2020, the City published Request for Proposals (RFP) to five firms to submit proposals on the cybersecurity services in accordance with City requirements; in addition, the RFI and RFP were both posted on the City’s on-line 3.E Packet Pg. 40 4 of 5 bidding site. Two proposals were received. The proposals were evaluated based on competitive pricing, technical competence, references, and prior client experience. Based on these criteria, staff recommend RSI Systems as the best qualified firm based on the scope of work, price, and experience configuring and administering web, cloud, and identity security solutions on similar projects. Bidder Recommendation Best Qualified Firm RSI Systems, Inc. Evaluation Criteria The proposal, was evaluated based on the criteria in SMMC 2.24.190, including experience, credentials, training, capacity to perform services promptly, stability/references, price, and compliance with City specifications. Municipal Code SMMC 2.24.190 RFPs Received RSI Systems, Inc. Novacoast Inc. Bid Data Date Posted Posted On Vendors Downloaded Vendors Invited to Bid # of Vendors contacted # of Submittals Received 11/19/2020 City’s Online Bidding Site 16 • Accenture • Novacoast Inc. • RSI Systems, Inc. • Tier Solution, Inc. • AON 5 2 Best Qualified Firm Justification A team of experts in ISD interviewed the two firms. Based on the criteria above and criteria in SMMC 2.24.190, the evaluation committee recommends RSI Systems, Inc. as the best qualified firm with cybersecurity professionals capable of assisting staff with protecting the City’s newly developed website, administering governance controls over the City’s cloud solutions, assisting staff with safeguarding City data stored with cloud- based providers, and improving identity management. RSI Systems, Inc. has over twelve years’ experience and subject matter experts with years of in-depth knowledge needed in the requested cybersecurity areas. RSI Systems, Inc. provided excellent 3.E Packet Pg. 41 5 of 5 references and was within the projected budget set aside for the services. Based on these criteria, RSI Systems, Inc. is recommended as the best qualified firm to provide professional services to aid in the continuous development of a comprehensive cybersecurity program in accordance with City specifications and scope of work. Financial Impacts and Budget Actions Staff seeks authority to approve funding from the Miscellaneous Grants Fund to award a professional services agreement with RSI Systems, Inc. to assist with the continued development of a robust cybersecurity program to better safeguard the City. Future years’ funding and contract extensions are contingent on Council budget approval and future grant funding. Professional Service Agreement FY 2020-21 Budget Request Amount Department Account # Total Contract Amount $175,000 20140001.55518E $525,000 Prepared By: Veronica Mitchell, Information Security Officer Approved Forwarded to Council Attachments: A. City_of_Santa_Monica_Oaks_Initiative_Signed 3.E Packet Pg. 42 3.E.a Packet Pg. 43 Attachment: City_of_Santa_Monica_Oaks_Initiative_Signed (4535 : Award Professional Services Agreement for Cyber-Security Resource) 3.E.a Packet Pg. 44 Attachment: City_of_Santa_Monica_Oaks_Initiative_Signed (4535 : Award Professional Services Agreement for Cyber-Security Resource)