Title
MOTION TO AWARD IFB # TS-24-16 "CISCO SECURITY INCIDENT RESPONSE RETAINER ENHANCED" TO THE MOST RESPONSIVE/RESPONSIBLE BIDDER, PRESIDIO NETWORKED SOLUTIONS LLC, IN THE AMOUNT NOT TO EXCEED $132,422.40 FOR AN INITIAL ONE-YEAR PERIOD.
Summary Explanation and Background
PROCUREMENT PROCESS TAKEN:
- Chapter 35 of the City’s Code of Ordinances is titled “PROCUREMENT PROCEDURES, PUBLIC FUNDS.”
- Section 35.15 defines an Invitation for Bid as “A written solicitation for competitive sealed bids with the title, date and hour of the public bid opening designated therein and specifically defining the commodities or services for which bids are sought. The invitation for bid shall be used when the city is capable of specifically defining the scope of work for which a service is required or when the city is capable of establishing 15 precise specifications defining the actual commodities required. The invitation for bid shall include instructions to bidders, plans, drawings and specifications, if any, bid form and other required forms and documents to be submitted with the bid.”
- Section 35.18 of the City's Code of Ordinances is titled "COMPETITIVE BIDDING OR COMPETITIVE PROPOSALS REQUIRED; EXCEPTIONS.
- Section 35.18(A) states, "A purchase of or contracts for commodities or services that is estimated by the Chief Procurement Officer to cost more than $25,000 shall be based on sealed competitive solicitations as determined by the Chief Procurement Officer, except as specifically provided herein."
- Section 35.19 of the City's Code of Ordinances is titled "SEALED COMPETITIVE BIDDING PROCEDURE."
- Section 35.19(A) states "All sealed competitive solicitations as defined in § 35.18 shall be presented to the City Commission for their consideration prior to advertisement."
- Section 35.21 of the City's Code of Ordinances is titled "AWARD OF CONTRACT."
- Section 35.21(A) of the City's Code of Ordinances is titled "City Commission approval.
- Section 35.21(A)(1) states, "An initial purchase of, or contract for, commodities or services, in excess of $25,000, shall require the approval of the City Commission, regardless of whether the competitive bidding or competitive proposal procedures were followed."
SUMMARY EXPLANATION AND BACKGROUND:
1. On September 18, 2024, the City Commission authorized the advertisement of IFB # TS-24-16 "Cisco Security Incident Response Retainer Enhanced", which was advertised on October 29, 2024.
2. Cisco Security Incident Response Retainer Enhanced is a flexible service offering that provides both proactive (readiness) and reactive (retainer) services against cyber threats.
Proactive (readiness) services include:
• Incident response readiness assessment: evaluate a number of data points, including previous incidents, current roles and responsibilities, organizational design, patching operations, logging capabilities, and more to obtain a deep understanding of the environment.
• Proactive threat hunting: work alongside the City's IT team to determine the focus in nature. Depending on the focus, appropriate tools and methodologies will be planned to cover those areas. Then deploy the needed technologies into the environment and configure and tune them. After this, will utilize numerous methods to look for active compromises. Upon completion, a report is issued that includes a compromise assessment summary, recap, findings, and recommendations.
• Strategy and planning: build out of a roadmap and associated plans for how to respond to incidents.
• Tabletop exercise: design, lead, and facilitate exercises to evaluate the effectiveness of the Incident Response (IR) plan.
• Assessment findings: Based on the findings from the readiness assessment, strategy and planning, and tabletop exercises, prioritized recommendations are provided that will assist in prepping the environment to better prevent, detect, and respond to future incidents.
• Defined service levels: 24x7x365 access to resources when needed most. Cisco Security Incident Response Retainer team(s) can respond within 2 hours remotely and be deployed to your location within 24 hours.
Reactive (retainer) services include:
• Triage: Assessing the current incident/situation to understand how best to initiate and design a response strategy.
• Coordination: Tracking status, outstanding action items, and compiling updates as needed to make sure the incident is handled with care.
• Investigation: Understanding the scope of the attack by deploying the necessary tools, reviewing log sources to analyze patterns and issues, performing needed forensics, and reverse engineering malware.
• Containment: Quarantining and severing additional actions by the attacker.
• Remediation: Removal of malware and other tools and artifacts left by the attackers.
• Breach communications: If needed, assistance can be provided from internal crisis communications team to make sure the proper communications experts are brought in for the job, not relying on a one-size-fits-all approach.
Overall benefits of Cisco Security Incident Response include:
• Better readiness to respond to incidents
• Shortened time to security resolution
• Risk mitigation for reactive incidents
• Decreased risk through proactive security design
• Expert team that’s ready to help when you need it
• Reduced costs of incidents
• Ability to get the City back to normal more quickly following an incident
• Heightened ability to combat cyber-threats
• Validated security controls
• Accelerated capabilities of your security operations center and incident reporting
3. On November 12, 2024, the City opened ten (10) proposals, from the following vendor:
|
Vendor |
Total Cost |
|
Teamficient |
$26,400.00 |
|
Tesys Networks |
$84,927.16 |
|
Presidio Networked Solutions LLC |
$132,422.40 |
|
Questivity |
$134,164.80 |
|
Veytec, Inc |
$135,500.00 |
|
GHA Technologies, Inc |
$142,043.40 |
|
Mvation Worldwide Inc |
$155,663.50 |
|
Caliber Tech LLC |
$162,000.00 |
|
AEAM Solution Services, LLC |
$165,952.20 |
|
Kambrian Corporation |
$248,207.40 |
4. During the evaluation process, it was observed that Teamficient's bid was significantly lower than those of other vendors. However, based on the notes included in their pricing proposal, it was indicated that the totals were for a monthly cost. Therefore, the total proposal cost would need to be multiplied by 12 months, bringing the total to $316,800. Upon reaching out to Teamficient for clarification, they explained that the City should only multiply lines 1 and 2 by 12 months, and that line 3, which pertains to additional incident response hours, should not be included. With this clarification, the total proposal cost would be $142,800, positioning Teamficient as the 6th lowest bidder. Due to this discrepancy, Teamficient has been deemed non-responsive to this solicitation.
|
Vendor |
Total Cost |
|
Tesys Networks |
$84,927.16 |
|
Presidio Networked Solutions LLC |
$132,422.40 |
|
Questivity |
$134,164.80 |
|
Veytec, Inc |
$135,500.00 |
|
GHA Technologies, Inc |
$142,043.40 |
|
Teamficient |
$142,800.00 |
|
Mvation Worldwide Inc |
$155,663.50 |
|
Caliber Tech LLC |
$162,000.00 |
|
AEAM Solution Services, LLC |
$165,952.20 |
|
Kambrian Corporation |
$248,207.40 |
The next lowest bidder is Tesys Networks. During the evaluation period, the Procurement Department verified their pricing and received confirmation from the company that their bid does not represent the specific product requested, as they are providing an an alternative solution called Fortinet. The Technology Department has decided not to pursue this alternative option, as the existing infrastructure for this service is already based on Cisco, and our current licensing is also with Cisco. Transitioning to a new system would incur additional time for training and would likely result in downtime as staff adjust to the new product.
5. The Technology Services Department reviewed the proposal from Presidio Networked Solutions LLC and deemed them the most responsive/responsible vendor.
6. In addition, Presidio Networked Solutions LLC has also completed the Equal Benefits Certification Form and has stated that the "Contractor currently complies with the requirements of this section."
7. Request Commission to award IFB # TS-24-16 “Cisco Security Incident Response Retainer Enhanced” to the most responsive/responsible bidder, Presidio Networked Solutions LLC, in the amount not to exceed $132,422.40 for an initial one-year period.
Financial Impact
FINANCIAL IMPACT DETAIL:
a) Initial Cost: Amount not to exceed $132,422.40 for an initial one-year period.
b) Amount budgeted for this item in Account No: Funds will be available in the following account # 001-513-2002-534990-0000-000-0000- (Other Svc)
c) Source of funding for difference, if not fully budgeted: Not Applicable.
d) 5 year projection of the operational cost of the project:
|
|
Year 1 |
Year 2 |
Year 3 |
Year 4 |
Year 5 |
|
Revenues |
$0 |
$0 |
$0 |
$0 |
$0 |
|
Expenditures |
$132,422.40 |
$0 |
$0 |
$0 |
$0 |
|
Net Cost |
$132,422.40 |
$0 |
$0 |
$0 |
$0 |
e) Detail of additional staff requirements: Not Applicable.
FEASIBILITY REVIEW:
A feasibility review is required for the award, renewal and/or expiration of all function sourcing contracts. This analysis is to determine the financial effectiveness of function sourcing services.
a) Was a Feasibility Review/Cost Analysis of Out-Sourcing vs. In-House Labor Conducted for this service? Not Applicable.
b) If Yes, what is the total cost or total savings of utilizing Out-Sourcing vs. In-House Labor for this service? Not Applicable.