Label
Fractional Chief Information Security Officer Services
Information Technology
Director Anne Bennett (x1493)
Revised
Title
Authorizing the expenditure not to exceed $100,000 for the provision of Virtual Fractional Chief Information Security Officer (CISO) services; authorizing the Mayor to enter into a contract for services; and declaring an emergency.
Body
SUMMARY & BACKGROUND:
This ordinance authorizes the Mayor to enter into an agreement for security oversight and advisory services generally delivered in the form of Virtual Fractional Chief Information Security Officer(V-CISO) services. The V-CISO will perform security related duties recommended in recent security assessments and ensure the City of Toledo’s alignment with the National Institute of Standards and Technology (NIST) framework. The use of an external resource for these tasks is beneficial to the City in the following ways:
• Ensures service delivery in a very competitive employment market
• Allows the City to leverage the most cost-effective resource for each individual task
• Provides coverage in the event of resource absence
• Saves time and expense through leveraging knowledge base, tools and templates, available through the firm delivering the services
• Allows the City to spend only what is necessary to accomplish related tasks opposed to paying for a full-time resource.
The work will be performed by a firm selected through a competitive bid process and contracted for one year with ability to renew for four years.
Sample tasks & deliverables include:
• Review of security monitors, logs and assessments and make recommendation on remediation
• Review and recommend changes to Data Privacy Agreements (DPA), Software as a Service (SaaS) other contract security language
• Monitor IRS and other sensitive data security requirements and affirm completion of open items
• Manage any other regulatory compliance or contractual compliance
Summary
NOW, THEREFORE, Be it ordained by the Council of the City of Toledo:
SECTION 1. That subject to appropriation in future years the annual expenditure of an amount not to exceed $100,000 over the term of the agreement is authorized from the Information Technology Fund Account Code 7084-17500-1144004ICTADM for the provision of Virtual Fractional Chief Information Security Officer (CISO) services.
SECTION 2. That the Mayor is authorized to accept bids and award contracts for the purpose authorized in Section 1, for an initial term and renewals not to exceed five years total, upon terms and conditions acceptable to the Director of Information Technology and the Director of Law.
SECTION 3. That the Finance Director is authorized to draw warrant or warrants against the above-mentioned Account Code in an amount not to exceed $100,000 in payment of the above authorized obligations upon the proper voucher or vouchers.
SECTION 4. That this Ordinance is declared to be an emergency measure and shall take effect and be in force from and after its passage. The reason for the emergency lies in the fact that this ordinance is necessary for the immediate preservation of the public peace, health, safety and property, and for the further reason that this ordinance must be immediately effective in order to timely engage V-CISO services.
Vote on emergency clause: yeas _____, nays _____.
Passed: _________________, as an emergency measure: yeas _____, nays _____.
Attest: ________________________ __________________________________
Clerk of Council President of Council
Approved: _____________________ __________________________________
Mayor
I hereby certify that the above is a true and correct copy of an Ordinance passed by Council ________________________.
Attest: ________________________
Clerk of Council