Title
Professional Services for Mandatory Payment Card Industry Compliance (Ordinance S-47412)
Description
Request to authorize the City Manager, or his designee, to amend the term of Agreement 142524 and to authorize additional expenditures for professional services related to the mandatory payment card industry compliance services with RiskSense, Inc., in an amount not to exceed $374,000 for the Information Technology Services Department in support of all citywide departments. Further request authorization for the City Controller to disburse all funds related to this item.
Report
Summary
RiskSense, Inc. provides penetration testing services to ensure compliance with regulatory requirements for Payment Card Industry (PCI) Data Security Standards and Health Insurance Portability and Accountability Act (HIPAA). This service evaluates the efficacy of controls in place to protect the City's systems and data from unauthorized access. This service also helps to ensure the security of the City's network, and failure to continue with penetration testing would result in non-compliance with PCI regulations.
The increase in funding is needed to pay for the additional year of services.
Contract Term
The term of this contract with RiskSense, Inc. will be extended through March 31, 2022.
Financial Impact
With the $374,000 (including taxes) in additional spending authority, the contract's revised aggregate value is approximately $1,729,000. Funds are available in the Information Technology Services Department's budget.
Department
Responsible Department
This item is submitted by Deputy City Manager Toni Maccarone and the Information Technology Services Department.