Item - 2020.GL14.20
Tracking Status
- City Council adopted this item on July 28, 2020 without amendments and without debate.
- This item was considered by the General Government and Licensing Committee on July 7, 2020 and adopted without amendment. It will be considered by City Council on July 28, 2020.
GL14.20 - Non-Competitive Contract for the Provision of Ransomware Resilience Framework and Governance with KPMG LLP
- Decision Type:
- ACTION
- Status:
- Adopted on Consent
- Wards:
- All
City Council Decision
City Council on July 28 and 29, 2020, adopted the following:
1. City Council authorize the Chief Information Security Officer to negotiate and enter into a non-competitive agreement with KPMG for a period of an eight (8) month term in the amount of $1,978,007 net of Harmonized Sales Tax ($2,012,820, net of Harmonized Sales Tax recoveries) to develop an effective ransomware resilience framework and governance, on terms and conditions satisfactory to the Chief Information Security Officer and in a form satisfactory to the City Solicitor.
2. City Council direct Confidential Attachment 1 to the report (June 22, 2020) from the Chief Information Security Officer and the Chief Purchasing Officer be publicly released when the ransomware risks have been remediated and at the discretion of the Chief Information Security Officer and the City Solicitor.
Confidential Attachment 1 to the report (June 22, 2020) from the Chief Information Security Officer and the Chief Purchasing Officer remains confidential at this time in accordance with the provisions of the City of Toronto Act, 2006, as it pertains to the security of property belonging to the City of Toronto. Confidential Attachment 1 to the report (June 22, 2020) from the Chief Information Security Officer and the Chief Purchasing Officer will be made public when the ransomware risks have been remediated and at the discretion of the Chief Information Security Officer and the City Solicitor.
Confidential Attachment - the security of property belonging to the City of Toronto.
Background Information (Committee)
https://www.toronto.ca/legdocs/mmis/2020/gl/bgrd/backgroundfile-148146.pdf
Confidential Attachment 1 - Ransomware Resilience Framework and Governance
GL14.20 - Non-Competitive Contract for the Provision of Ransomware Resilience Framework and Governance with KPMG LLP
- Decision Type:
- ACTION
- Status:
- Adopted
- Wards:
- All
Confidential Attachment - the security of property belonging to the City of Toronto.
Committee Recommendations
The General Government and Licensing Committee recommends that:
1. City Council grant authority to the Chief Information Security Officer to negotiate and enter into a non-competitive agreement with KPMG for a period of an eight (8) month term in the amount of $1,978,007 net of Harmonized Sales Tax ($2,012,820, net of Harmonized Sales Tax recoveries) to develop an effective ransomware resilience framework and governance, on terms and conditions satisfactory to the Chief Information Security Officer and in a form satisfactory to the City Solicitor.
2. City Council direct that the information in the confidential attachment to the report (June 22, 2020) from the Chief Information Security Officer and the Chief Purchasing Officer be released when the ransomware risks have been remediated and as the discretion of the Chief Information Security Officer and the City Solicitor.
Origin
Summary
The purpose of this report is to seek City Council authority for the Chief Information Security Officer to negotiate and enter into a non-competitive agreement with KPMG LLP (KPMG) for professional services for an eight (8) month term. The Services are required immediately to enhance the City's ransomware resilience in order to minimize the impact attackers could cause if they managed to penetrate the City's technology defenses. It is essential to build an effective ransomware resilience framework and governance to enhance the City's capacity to sustain operations and deliver services to its citizens through a cyberattack while minimizing both disruption and reputational harm. Due to time constraints of having these services begin immediately, a competitive call process cannot be done.
The total cost of the agreement with KPMG to build the ransomware resilience framework and governance is $1,978,007 net of Harmonized Sales Tax ($2,012,820, net of Harmonized Sales Tax recoveries).
City Council approval is required in accordance with Municipal Code Chapter 195- Purchasing, where the current request exceeds the Chief Purchasing Official's authority of the cumulative five year commitment for each vendor, under Article 7, Section 195-7.3 (D) of the Purchasing By-Law or exceeds the threshold of $500,000 net of HST allowed under staff authority as per the Toronto Municipal Code, Chapter 71- Financial Control, Section 71-11A.
Background Information
https://www.toronto.ca/legdocs/mmis/2020/gl/bgrd/backgroundfile-148146.pdf
Confidential Attachment 1 - Ransomware Resilience Framework and Governance