Label
Fractional Chief Information Security Officer Services
Information Technology
Director Anne Bennett (x1493)
Revised
Title
Authorizing the expenditure not to exceed $100,000 for the provision of Virtual Fractional Chief Information Security Officer (CISO) services; authorizing the Mayor to enter into a contract for services; and declaring an emergency.
Body
SUMMARY & BACKGROUND:
This ordinance authorizes the Mayor to enter into an agreement for security oversight and advisory services generally delivered in the form of Virtual Fractional Chief Information Security Officer(V-CISO) services. The V-CISO will perform security related duties recommended in recent security assessments and ensure the City of Toledo's alignment with the National Institute of Standards and Technology (NIST) framework. The use of an external resource for these tasks is beneficial to the City in the following ways:
* Ensures service delivery in a very competitive employment market
* Allows the City to leverage the most cost-effective resource for each individual task
* Provides coverage in the event of resource absence
* Saves time and expense through leveraging knowledge base, tools and templates, available through the firm delivering the services
* Allows the City to spend only what is necessary to accomplish related tasks opposed to paying for a full-time resource.
The work will be performed by a firm selected through a competitive bid process and contracted for one year with ability to renew for four years.
Sample tasks & deliverables include:
* Review of security monitors, logs and assessments and make recommendation on remediation
* Review and recommend changes to Data Privacy Agreements (DPA), Software as a Service (SaaS) other contract security language
* Monitor IRS and other sensitive data security requirements and affirm completion of open items
* Manage any other regulatory compliance or contractual compliance
Summary
NOW, THEREFORE, Be it ordained by the Coun...
Click here for full text