Title
Professional Services for Mandatory Payment Card Industry Compliance (Ordinance S-46780)
Description
Request to authorize the City Manager, or his designee, to authorize additional expenditures to the established Contract 142524 with RiskSense, Inc., in an amount of $265,000 for the annual continuation of penetration testing services for the Information Technology Services Department, on behalf of Citywide departments that accept credit card payments. Further request authorization for the City Controller to disburse all funds related to this item.
Report
Summary
RiskSense, Inc. provides penetration testing services to ensure compliance with the regulatory requirements of the Payment Card Industry (PCI) Data Security Standards and Health Insurance Portability and Accountability Act (HIPAA). This service evaluates the efficacy of controls in place to protect the City's systems and data from unauthorized access. The service also helps to ensure the security of the City's network, and failure to continue with penetration testing would result in non-compliance with PCI regulations.
The additional expenditures are needed to cover the annual penetration testing services through the end of the contract term.
Contract Term
The term of the contract with RiskSense, Inc. is for five years, expiring March 31, 2021.
Financial Impact
Additional funds in the amount of $265,000 will increase the total contract value to $1,355,000 for the aggregate contract term. Funds are available in the Information Technology Services Department's budget.
Concurrence/Previous Council Action
Contract 142524 with RiskSense, Inc. was originally approved by City Council on April 20, 2016, with annual amendments thereafter.
Department
Responsible Department
This item is submitted by Deputy City Manager Toni Maccarone and the Information Technology Services Department.