Title
Payment Card Industry Qualified Security Assessor Consulting and Related Services Contract - Request for Award (Ordinance S-49487)
Description
Request to authorize the City Manager, or his designee, to enter into contracts with CliftonLarsonAllen, LLP, JANUS Software, Inc. (dba JANUS Associates), and Link Tech, LLC (dba Link Technologies) to provide Payment Card Industry (PCI) compliance and/or penetration and risk assessment services for the Information Technology Services Department and in support of various departments. Further request to authorize the City Controller to disburse all funds related to this item. The total value of the contracts will not exceed $3.5 million.
Report
Summary
These contracts will provide Payment Card Industry (PCI) Certified Qualified Security Assessor(s) (QSA) to ensure compliance with PCI Data Security Standards (PCI-DSS) and assistance with related security and compliance services as requested by the City. These contracts will support the City's goal of maintaining secure and PCI-compliant payment systems as mandated. Services include, but are not limited to, conducting a PCI-DSS assessment and producing a report on compliance, reducing the City's PCI footprint, performing penetration testing and risk assessments, and providing security and compliance services and ongoing support.
Procurement Information
A competitive procurement in accordance with City policy and code was conducted utilizing the Information Technology (IT) Professional Services Qualified Vendor List. In Oct. 2022, the Information Technology Services Department invited 66 vendors to participate in responding to our engagement. Three offers were received and were deemed to be responsive and responsible. An evaluation committee of City staff evaluated those offers based on the following evaluation criteria:
- Experience and References (0-425 points)
- Company Information (0-200 points)
- Pricing (0-200 points)
- Implementation (0-125 points)
- Support Services (0-50 points)
After reaching consensus, the evaluation committee recommends award to the following offerors:
- CliftonLarsonAllen, LLP
- JANUS Software, Inc. (dba JANUS Associates)
- Link Tech, LLC (dba Link Technologies)
Contract Term
The contracts will begin on or about April 1, 2023, for a five-year period with no options to extend. The requirements of Phoenix City Code section 42-18 are waived to allow inclusion of indemnification and limitation of liability provisions in the contracts that would otherwise be prohibited.
Financial Impact
The aggregate contract value will not exceed $3.5 million. Funding is available in the Information Technology Services Department's operating budget.
Department
Responsible Department
This item is submitted by Deputy City Manager Alan Stephenson and the Information Technology Services Department.