Item - 2020.GL14.20

The General Government and Licensing Committee recommends that:

1. City Council grant authority to the Chief Information Security Officer to negotiate and enter into a non-competitive agreement with KPMG for a period of an eight (8) month term in the amount of $1,978,007 net of Harmonized Sales Tax ($2,012,820, net of Harmonized Sales Tax recoveries) to develop an effective ransomware resilience framework and governance, on terms and conditions satisfactory to the Chief Information Security Officer and in a form satisfactory to the City Solicitor.

2. City Council direct that the information in the confidential attachment to the report (June 22, 2020) from the Chief Information Security Officer and the Chief Purchasing Officer be released when the ransomware risks have been remediated and as the discretion of the Chief Information Security Officer and the City Solicitor.

The purpose of this report is to seek City Council authority for the Chief Information Security Officer to negotiate and enter into a non-competitive agreement with KPMG LLP (KPMG) for professional services for an eight (8) month term. The Services are required immediately to enhance the City's ransomware resilience in order to minimize the impact attackers could cause if they managed to penetrate the City's technology defenses. It is essential to build an effective ransomware resilience framework and governance to enhance the City's capacity to sustain operations and deliver services to its citizens through a cyberattack while minimizing both disruption and reputational harm. Due to time constraints of having these services begin immediately, a competitive call process cannot be done.

The total cost of the agreement with KPMG to build the ransomware resilience framework and governance is $1,978,007 net of Harmonized Sales Tax ($2,012,820, net of Harmonized Sales Tax recoveries).

City Council approval is required in accordance with Municipal Code Chapter 195- Purchasing, where the current request exceeds the Chief Purchasing Official's authority of the cumulative five year commitment for each vendor, under Article 7, Section 195-7.3 (D) of the Purchasing By-Law or exceeds the threshold of $500,000 net of HST allowed under staff authority as per the Toronto Municipal Code, Chapter 71- Financial Control, Section 71-11A.