CITY COUNCIL AGENDA ITEM
ACTION REQUESTED:
title
Approve the award of RFP 21-202, PCI DSS Compliance Services to CampusGuard, LLC for an amount not to exceed $231,025 for a three-year term
body
DEPARTMENT: Finance Department
SUBMITTED BY: Rachel Mayer, Director
BOARD/COMMISSION REVIEW:
N/A
BACKGROUND:
The Payment Card Industry (PCI) Security Standards Council created standards to reduce risk to organizations that accept, transmit, process and/or store credit and debit card data. Being compliant with the standards reduces an organization’s risk of credit and debit card data loss and identity theft. Additionally, it helps protect an organization if a data breach occurs and cardholder data is compromised. If an organization fails to comply with PCI compliance, it may be fined and/or lose the ability to conduct e-commerce.
In July 2021, the Finance Department issued RFP 21-202, PCI DSS Compliance Services, to contract with a consulting firm capable of serving as a PCI qualified security assessor (QSA) and approved scanning vendor (ASV) to provide compliance and support services to the City and Naper Settlement.
The initial term of the contract will be three years following completion of the initial assessment. The contract may also be extended for up to three additional years in increments of one year.
DISCUSSION:
Advertisement Date: 7/16/2021 Notices Sent: 87
Proposal Due Date: 8/10/2021 Planholders: 22
Proposals Received: 10
Proposals were received from the following vendors:
AT&T CampusGuard LLC
Glasshouse Systems MegaplanIT Holdings LLC
Moss Adams LLP Plante & Moran, PLLC
RSI Security Rubin Brown LLP
TNCG Viking Cloud
A selection team comprised of staff from the Finance and IT departments and Naper Settlement evaluated proposals, which was based upon criteria set forth in the RFP:
1. Capability, Capacity and Qualifications of the Proposer
2. Suitability and Quality of the Approach
3. Milestones and Deliverables
4. Outcomes to be Achieved
After reviewing and scoring proposals, the selection committee invited the top four firms, CampusGuard, Moss Adams, MegaplanIT Holdings and Rubin Brown, to attend interviews. Following completion of interviews, the selection committee re-scored the firms. The firm with the highest qualification score, Campus Guard, is recommended for award.
The table below provides a summary of the final qualification scores:
Firm Name |
Qualification Score |
CampusGuard LLC |
86 |
MegaplanIT Holdings LLC |
84 |
Rubin Brown LLP |
71 |
Moss Adams LLP |
70 |
CampusGuard will conduct an overall assessment of the City and Naper Settlement’s payment card operations to create a baseline and develop a multi-year roadmap to improve security for payment card transactions. The roadmap will be developed in conjunction with IT and other departments to maximize customer service and security. The contract also includes a follow up assessment in Year 3 to determine if identified gaps are addressed and update the roadmap.
Each year, CampusGuard will conduct required testing and assist with completion of required self-assessments to maintain PCI compliance. Additionally, CampusGuard will provide PCI and general electronic payment consulting services as well as training for front line, IT and executive level personnel.
The per year costs for the contract are as follows:
• Year 1: $85,340 (includes baseline assessment)
• Year 2: $62,940
• Year 3: $82,745 (includes follow up assessment)
FISCAL IMPACT:
CIP: N/A
PCI compliance services are expensed to the other professional services accounts listed below. A total of $85,340 is tentatively budgeted for PCI evaluation in 2022, pending Council approval. This agreement will be included in all future budget developments for the duration of the contract.
Account Number |
Fund Description |
Total Budget Amount |
15101100-531309 |
General Fund |
$59,534 |
15101300-531309 |
Electric Utility |
$38,403 |
15101500-531309 |
Water & Wastewater |
$38,403 |