The URL can be used to link to this page

Home My WebLink AboutContract 36559 (2)l0 Master Service Agreement ORDER INFORMATION Parties: City of Fort Worth ("City" or ent") and SecureWorks Inc., (formerly known as LURHQ Corporation) (hereafter "SECUREWORKS") City of Fort Worth Fort Worth Water Department PO Box 870 Fort Worth, TX 76101 Payment Terms: Order Type: New Proposal Code: Fort Worth Water Department Proposal Date: October 101h22007 Account Manager: Don Addington Account Number: SA-FWWD-2007 Referrer: None Association: None Quote: City of Fort Worth Fort Worth Water Department 908 Monroe Street Fort Worth, TX 76101 ® Annual Payments: SECUREWORKS shall send Client an invoice for the first twelve (IZ) months after the Services for the Initial Term, and any other fees due during such period, within thirty (30) days after the Service Commencement Date (as defined in Section 5). If the Initial Term is more than one (1) year in duration, then thereafter, SECUREWORKS shall send an invoice for each subsequent twelve (12) month period during the Initial Term of this Agreement. Effective Date: January 17, 2008 Initial Service Term: One (1) Year from the Service Commencement Date SM-Tierl Server Monitoring Service— One Cisco Router. I 1 $050.00 SM-Tierl Server Monitoring Service — One Nortel Contivity VPN, 1 1 $63491900 MMFW-S4 00 Managed & Monitored Firewall Service — One Juniper NS 1 1 $17,496.00 1000 100 User Standalone Firewall. MMFW-S400 Managed & Monitored Firewall Service — One Juniper NS 1 1 $139608.00 1000 100 User Standalone Firewall. MMF W-S-100 Managed & Monitored Firewall Service — Eight Juniper 5x 100 8 1 $349992.00 User Standalone Firewalls, MMFW-S-100 Managed & Monitored Firewall Service —Three Juniper 008 3 1 $403656.00 100 User Standalone Firewalls. MVS-2-1 Managed Vulnerability Scanning Service— One Scanner with 2 1 1 $69750.00 Interfaces & 50 External IP Addresses. TI-U Threat Intelligence Service — Unlimited Users. 1 1 $0.00 01-30-08 A09:21 IN SM-Tierl Server Monitoring Service — One Blue Coat Proxy Server. 1 1 $0.00 MSS-SETUPFEE One Time MSS Set Up Fee. 1 n/a $119227900 Miscellaneous Items QTY Years Price SKU Sub $1329479.00 Total Notes: Sales $0.00 Tax Grand $132,479.00 Total w;, l SECUREWORKS SERVICES TERMS & CONDITIONS 1. SECUREWORKS RESPONSIBILITIES. During the Term (as defined in Section 6) and subject to terms and conditions of this Agreement, SECUREWORKS agrees to provide the Services set forth in the Order Information ("Services") in accordance with the service levels set forth on Exhibit A, as may be amended from time to time by SECUREWORKS in its sole discretion, and Client agrees to purchase such Services. SECUREWORKS agrees that such service level agreement changes: (a) will have no material adverse impact on the Services being provided by SECUREWORKS; under this Agreement and (b) are being affected with respect to all similarly situated SECUREWORKS clients. If Client believes that any such service level agreement changes will have a material adverse impact on the Client, then Client shall have the right, within thirty (30) days after its receipt of notice of such service level changes to notify SECUREWORKS in writing of such, which notice shall contain a reasonably detailed explanation of Client's concerns and the parties shall meet and negotiate in good faith to formulate a mutually agreeable solution. If, after such meeting, the parties determine that a mutually agreeable solution cannot be met, Client shall have the right to either: (i) continue performing Services for Client under the previous service level agreements or (ii) terminate the Service associated with the applicable service level agreement without penalty other than for Services delivered through the effective termination date. Except for equipment purchased by Client pursuant to the Order Information, Client will return to SECUREWORKS any equipment or hardware provided by SECUREWORKS ("Equipment") upon the expiration or termination of the Term. If such Equipment is not returned by Client, Client will be responsible for the then -current replacement costs of such Equipment. If Client purchases any products or services provided by a third party under this Agreement, then as applicable, Client will comply with the terms and conditions attached hereto on Exhibit B relating to such third party product or service. These Terms & Conditions, the Order Information and any exhibits, addenda, or attachments hereto, will collectively constitute the "Agreement" between the parties. Where applicable, SECUREWORKS will deliver to Client all user IDs and passwords as necessary for Client to access the Services in accordance with this Agreement. 2. CLIENT RESPONSIBILITIES. Client will provide SECUREWORKS with the cooperation, access and detailed information reasonably necessary for SECUREWORKS to implement and deliver the Services in accordance with the attached Exhibit "C." Limited Access Agreement, including (i) test time on Client's computer systems and networks sufficient for SECUREWORKS to provide the Services and (ii) one employee who has substantial computer system and network and project management experience satisfactory to SECUREWORKS to act as project manager and as a liaison between Client and SECUREWORKS. SECUREWORKS shall give Client notice of its needs and requirements and the timing thereof pursuant to the foregoing provisions. Client acknowledges that SECUREWORKS's ability to implement and deliver the Services is interdependent on Client's performance of its obligations under this Section 2. 3. SOFTwARE�* RESTRICTIONS. SECUREWORKS well provide to Client access and use of the software, in object code format only, necessary to receive the Services (the "Software") and the applicable documentation relating to and pertaining to the functionality, set up and use of Services (the "Documentation"), or a combination thereof, as required by the Client to receive the Services. SECUREWORKS grants Client a limited, nontransferable and nonexclusive license to access and use, during the Term, the Services and the Software, together with Documentation delivered to Client, subject to the following restrictions: (i) Client will use the Software, Services and/or the Documentation for Client's internal security purposes only, and (ii) Client will not, for itself, any affiliate of Client or any third party (a) sell, rent, license, assign, distribute, or transfer the Software, Services or any Documentation; (b) decipher, decompile, disassemble, reconstruct, translate, reverse engineer, or discover any source code of underlying ideas, algorithms, file formats, programming, or interoperability interfaces of the Software, Equipment, or the Services; (c) copy the Software or any Documentation, except that Client may make a reasonable number of copies of the Documentation for backup purposes (provided Client reproduces on such copies all proprietary notices of SECUREWORKS or its suppliers); or (d) remove from the Software or Documentation any language or designation indicating the confidential nature thereof or the proprietary rights of SECUREWORKS or its suppliers. In addition, Client will not (x) alter or duplicate any aspect of the Software, Documentation or Services, except as expressly permitted under these Terms & Conditions; (y) assign, transfer, distribute, or otherwise provide access to the Software, Documentation or Services to any third party; use the Software, Documentation or Services with or for the benefit of any third party; or (z) export, re-export or permit any third party to export or re-export, directly or indirectly, the Software or Documentation where such export or re-export is prohibited by U.S. law or other applicable law without appropriate licenses and clearances. 4. INTELLECTUAL PROPERTY RIGHTS. As between Client and SECUREWORKS, Client will own all right, title and interest in and to any data provided by Client to SECUREWORKS and/or Client data accessed and used by SECUREWORKS in connection with SECUREWORKS' provision of the Services ("Client Data"). During the Term, Client grants to SECUREWORKS a limited, non-exclusive license to use the Client Data solely for all reasonable and necessary purposes contemplated by this Agreement and for SECUREWORKS to perform the Services as contemplated hereunder. This Agreement does not transfer or convey to SECUREWORKS or any third party any right, title or interest in or to the Client Data or any associated intellectual property rights, but only a limited right of use revocable in accordance with this Agreement. As between Client and SECUREWORKS, SECUREWORKS will own all right, title and interest in and to the Software, Services and Documentation. This Agreement does not transfer or convey to Client or any third party any right, title or interest in or to the Software, Services or Documentation or any associated intellectual property rights, but only a limited right of use revocable in accordance with this Agreement. SECUREWORKS will retain ownership of all copies of the Documentation. Upon termination of this Agreement, each party will return, or upon the other party's request, destroy, all copies of the other party's intellectual property in such party's possession, custody or control. 5. FEES, PRICING AND PAYMENT TERMS, TAXES. SECUREWORKS's current fees for the Services are set forth on the Order Information. SECUREWORKS reserves the right to amend the fees payable for the Services at any time during the Term upon not less than ninety (90) days prior notice to Client; provided that such amendment to the fees will not be applicable until the beginning of the next Renewal Term as defined by Section 6 below. The applicable Services and the fees related thereto will begin on the date Client information is available on SECUREWORKS' network portal or, if earlier, the date which is sixty (60) days following the Effective Date ("Service Commencement Date"). SECUREWORKS will invoice Client in accordance with the Payment Terms set forth on the Order Information. Clients purchasing Server/Network Infrastructure Monitoring and/or Security Information and Event Management Services shall be billed for the entire number of devices in the tier; being purchased (as outlined in the Order Information), upon,-, integration of the initial device. If there area y devices remauring to. . be integrated thereafter, Client shall be resp nsib,le'for initiating the' t! integration of such devices via the SECUREWORKS network portal. All charges, payments and amounts will be in United States dollars. Client will be responsible for any sales, use, value-added or import taxes, customs duties or similar taxes assessed in accordance with applicable law with respect to the provision of the Services or goods received from SECUREWORKS unless Client otherwise provides SECUREWORKS with documentation that Client is a tax exempt entity. Amounts due hereunder are payable within thirty (30) days from the date of invoice ("Invoice Due Date"). Client agrees to pay a late charge of one percent (1%) per month, or the maximum rate permitted by applicable law, whichever is lower, for all amounts not paid by the Invoice Due Date. Notwithstanding anything herein to the contrary, SECUREWORKS, in its sole discretion, may suspend or terminate this Agreement and the Services, at any time, upon notice to Client, if Client has not paid all amounts pertaining to an invoice within fifteen (15) days from the Invoice Due Date and such amounts remain outstanding as of the date of such termination. 6. TERM AND TERMINATION. This Agreement will remain in full force and effect for the Initial Term specified in the Order Information. The Initial Term for the applicable Services will commence upon the Effective Date set forth on the Order Information and end on the applicable anniversary of the Service Commencement Date. Upon the expiration of the Initial Term, this Agreement will renew for one (1) or more additional terms of one (1) year each (each, a "Renewal Term") upon the mutual agreement of the parties. The Initial Term, together with any and all Renewal Terms, is collectively referred to as the "Term." Either party may terminate this Agreement in the event that the other party materially defaults in performing any obligation under this Agreement and such default continues unremedied for a period of thirty (30) days following written notice of default, except that SECUREWORKS may terminate this Agreement and the Services hereunder for non- payment in accordance with Section S. If SECUREWORKS terminates this Agreement as a result of Client's non-payment, Client agrees to pay to SECUREWORKS: (i) all unpaid Service fees as set forth in the Order Information accrued as of such cancellation date; plus (ii) an early cancellation fee equal to the fees that will become due during the canceled portion of such Initial Term or Renewal Term, as applicable. This Agreement will terminate, effective upon delivery of written notice by either party to the other party: (a) upon the institution of insolvency, receivership or bankruptcy proceedings or any other proceedings for the settlement of debts of the other party; (b) upon the making of an assignment for the benefit of creditors by the other party; or (c) upon the dissolution of the other party. 7. CONFIDENTIAL INFORMATION. Any information that the receiving party knows or has reason to know (either because such information is marked or otherwise identified by the disclosing party orally or in writing as confidential or proprietary, has commercial value, or because it is not generally known in the relevant trade or industry) is confidential information of the other party and will remain the sole property of the disclosing party. Such confidential information includes but is not limited to data, information (including personally identifiable information), ideas, materials, specifications, procedures, schedules, software, technical processes and formulas, source code, product designs, sales, cost and other unpublished financial information, product and business plans, advertising revenues, usage rates, advertising relationships, projections, marketing data and other similar information provided by a party. Each party agrees that it will not disclose, use, modify, copy, reproduce or otherwise divulge such confidential information other than to fulfill its obligations under this Agreement. The prohibitions contained in this Section 7 will not apply to information (i) already lawfully known to or independently developed by the receiving party without use of the other party's Confidential Information; (ii) disclosed in published materials; (iii) generally known to the public; or (iv) lawfully obtained from any third party. In addition, a party wilI not be considered to have breached its obligations under this Agreement to the extent confidential information is required to be disclosed by law, rule, regulation, court order, Or any governmental authority, provided the disclosing party advises the other party prior to making such disclosure in order that the other party may object to such disclosure, take action to ensure confidential treatment of the confidential information, or take such other action as it considers appropriate to protect the confidential information. Neither party will disclose to third parties, other than its agents and representatives on a need -to -know basis, the terms of this Agreement without the prior written consent of the other party, except either party will be entitled to disclose (i) such terms to the extent required by law; and (ii) the existence of this Agreement. 8. DISPUTE RESOLUTION. In the case of any disputes under this Agreement, the parties will first attempt in good faith to resolve their dispute informally, or by means of commercial mediation, without the necessity of a formal proceeding. Any controversy or dispute arising out of or relating to this Agreement, or the breach thereof, which cannot otherwise be resolved as provided above may, upon consent of the parties, be resolved by arbitration conducted in accordance with the commercial arbitration rules of the American Arbitration Association ("AAA") and judgment upon the award rendered by the arbitral tribunal may be entered in any court having sdiction thereof. The arbitration tribunal will consist of a single arbitrator mutually agreed upon by the parties, or in the absence of such agreement within thirty (30) calendar days from the first referral of the dispute to the AAA, designated by the AAA. The arbitration wilI be conducted in the English language and the place of arbitration wilI be held at a location mutually agreed upon by the parties The arbitral award will be final and binding. The parties waive any right to appeal the arbitral award to the extent a right to appeal may be lawfully waived. Each party retains the right to seek judicial assistance: (i) to compel arbitration; (ii) to obtain interim measures of protection prior to or pending arbitration; (iii) to seek injunctive relief in the courts of any jurisdiction as may be necessary and appropriate to protect the unauthorized disclosure of its proprietary or confidential information; and (iv) to enforce any decision of the arbitrator, including the final award. The arbitration proceedings contemplated by this Section 8 will be as confidential and private as permitted by law. To that end, the parties will not disclose the existence, content or results of any proceedings conducted in accordance with this Section 8, and deem that all materials submitted in connection with such proceedings are for the purpose of settlement and compromise, except that this confidentiality provision will not prevent a petition to vacate or enforce an arbitral award, and will not bar disclosures required by law. 9. INDEMNIFICATION. SECUREWORKS will hold Client and its officers, directors and employees harmless from damages awarded to a third party by a final unappealed court judgment on account of such third parry's claim against Client that any of the Software infringes any valid United States patent or copyright, or misappropriates any trade secrets under the laws of the United States. If a claim of infringement or misappropriation under this Section 9 occurs, or if SECUREWORKS determines that a claim is likely to occur, SECUREWORKS will have the right, in its sole discretion, to either: (i) procure for Client the right or license to continue to use the Software free of the infringement claim; or (ii) replace or modify the Software to make it non -infringing provided that the replacement software substantially conforms to SECUREWORKS's then -current specification for the Software. If these remedies are not reasonably available to SECUREWORKS, SECUREWORKS may, at its option, terminate this Agreement and return any fees paid by Client in advance. Despite the provisions of this Section 9, SECURE4V4 RKS has no obligation with respect to any claim of infringement'thaf is based upon or arises out o£ (a) the use or coinbination'of the Software with any hardware, software, roducts, data :�[j�j+2 othe materials not specified or provided by SECUREWORKS, or (b) Client's use of the Software other than in accordance with the Documentation or SECUREWORKS's written directions or policies. The indemnified party will (i) promptly notify the indemnifying party in writing of any claim, suit or proceeding for which indemnity is claimed, provided that failure to so notify will not remove the indemnifying party's obligation except to the extent it is prejudiced thereby, and (ii) allow the indemnifying party to solely control the defense of any claim, suit or proceeding and all negotiations for settlement. In no event may either party enter into any third -party agreements which would in any manner whatsoever affect the rights of, or bind the other party in any manner to such third party, without the prior written consent of the other party. Regardless of any conditions or restrictions mentioned in this Section 9, Client has the right at its own expense, to be represented by counsel of its choosing at any proceeding or settlement discussions related to any matter for which SECUREWORKS is obligated to indemnify Client. THE PROVISIONS OF THIS SECTION 9 STATE THE SOLE AND EXCLUSIVE OBLIGATIONS AND LIMITATIONS OF LIABILITY OF EITHER PARTY FOR INTELLECTUAL PROPERTY RIGHTS INFRINGEMENT OR MISAPPROPRIATION AND ARE IN LIEU OF ANY WARRANTIES OF NON - INFRINGEMENT, ALL OF WHICH ARE DISCLAIMED. EXCEPT AS SPECIFICALLY PROVIDED IN THIS AGREEMENT, EACH PARTY AND THEIR LICENSORS AND SUPPLIERS EXPRESSLY DISCLAIM ALL WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, TO THE FULLEST EXTENT PERMITTED BY LAW, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 1n. LIMITATION OF LIABILITY AND DAMAGES. EACH PARTY'S LIABILITY FOR ALL CLAIMS ARISING OUT OF THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR OTHERWISE, WILL NOT EXCEED THE AMOUNT OF FEES PAID (DURING THE INITIAL TWELVE MONTHS OF THE AGREEMENT) OR PAYABLE BY CLIENT TO SECUREWORKS UNDER THIS AGREEMENT DURING THE TWELVE (12) MONTHS PRECEDING THE CLAIM. IN NO EVENT WILL EITHER PARTY BE LIABLE FOR ANY LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF DATA OR OTHER SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR INDIRECT DAMAGES ARISING FROM OR IN RELATION TO THIS AGREEMENT OR THE USE OF THE SERVICES, HOWEVER CAUSED AND REGARDLESS OF THEORY OF LIABILITY. THIS LIMITATION WILL APPLY EVEN IF SUCH PARTY HAS BEEN ADVISED OR IS AWARE OF THE POSSIBILITY OF SUCH DAMAGES. 11. MISCELLANEOUS. Any notice required or permitted hereunder will be delivered to the contact person listed on the Order Information as follows (with notice deemed given as indicated): (i) by personal delivery when delivered personally; (ii) by established overnight courier upon written verification of receipt; (iii) by facsimile transmission when receipt is confirmed orally; (iv) by certified or registered mail, return receipt requested, upon verification of receipt; or (v) by electronic delivery when receipt is confirmed orally. Either party may change its contact person for notices and/or address for notice by means of notice to the other party given in accordance with this Section 11. Neither party may assign this Agreement without the prior written consent of the other party, in whole or in part, either voluntarily or by operation of law, and any attempt to do so will be a material default of this Agreement and will be void, except that either party may assign this Agreement without the consent of the other party to a successor in connection with a merger, sale of all or substantially all of such party's assets, or other change of control. This Agreement is solely for the benefit of the parties and their successors and permitted assigns, and does not confer any rights or remedies on any other person or entity. This Agreement will be interpreted according to the laws of the State of Texas without regard to or application of choice -of --law rules or principles. The United Nations Convention on Contracts for the International Sale of Goods will not apply to this Agreement. Client shall not, without fully complying with all applicable laws and regulations (including all United States laws and regulations with respect to export of technology) export any Equipment or Service. Client further agrees that, if and to the extent it requests that Equipment or Services be delivered or exported to a location or a person or entity outside the United States of America, Client shall bear all cost and expense (including but not limited to shipping, customs, license and other professional fees and expenses incurred by SECUREWORKS) in connection with such delivery of such Equipment and Services outside the United States in compliance with the laws and regulations of the United States and the destination location related to the export of technical data and products produced from such data. This Agreement and any addenda hereto will constitute the entire agreement between SECUREWORKS and Client with respect to the subject matter hereof and all prior agreements, representations, Client purchase orders and statements with respect to such subject matter are superseded hereby, including without limitation any non disclosure agreement previously executed between the parties. These Terms & Conditions will control in the event of any inconsistency with the terms of any other schedules or exhibits attached thereto. These Terms & Conditions may be changed only by written agreement signed by both SECUREWORKS and Client. No failure of either party to exercise or enforce any of its rights under this Agreement will act as a waiver of subsequent breaches and the waiver of any breach will not act as a waiver of subsequent breaches. If any provision of this Agreement is held by a court or other tribunal of competent jurisdiction to be unenforceable, that provision will be enforced to the maximum extent permissible under applicable law and the other provisions of this Agreement will remain in full force and effect. The parties further agree that in the event such provision is an essential part of these this Agreement, they will begin negotiations for a replacement provision. The parties specifically agree that (i) neither the execution of this Agreement by Client nor any other conduct, action or inaction of Client relating to this Agreement constitutes or is intended to constitute a waiver of Client's sovereign immunity to suit; except as such waiver may be permitted under applicable state law; and (ii) that Client has not waived its right to seek redress in the courts or to a jury trial. If either party is prevented from performing any of its obligations under this Agreement due to any cause beyond the party's reasonable control, including, without limitation, an act of God, fire, flood, explosion, terrorism, war, embargo, government regulation, civil or military authority, acts or omissions of carriers, transmitters, providers, or acts of vandals, or hackers (a "force majeure event") the time for that party's performance will be extended for the period of the delay or inability to perform due to such occurrence, except that Client will not be excused from the payment of any sums of money owed by Client to SECUREWORKS for Services provided prior to the force majeure event. If a party suffering a force majeure event is unable to cure that event within thirty (30) days, the other party may terminate this Agreement. This Agreement will not be construed as creating or constituting a partnership, joint venture, or agency relationship between the parties. Neither party will have the power to bind the other or incur obligations on the other's behalf without the other's prior written consent. This Agreement will be construed and interpreted fairly, in accordance with the plain meaning of its terns, and there will be no presumption or inference against the party drafting this Agreement in construing or interpreting the provisions of. This Agreement will be binding upon and will inure to the benefit of the respective parties hereto, their respective successors in interest, legal representatives, heirs and assigns. Each party will comply with all applicable laws, regulations, and ordinances relating to their performance hereunder. Any provision of this Agreement which contemplates performance or observance subsequent to any termination or expiration of this Agreement shall survive any termination or expiration of this Agreement and continue in full force and effect. For the purpose of confirming SECUREWORKS's compliance with its obligations hereunder, Client and Client's authorized representatives, upon two weeks' prior notice to SECUREWORKS and not more than once in any twelve-month period, and at Client's expense, shall have access to such relevant records as Client may reasonably request for inspection at all reasonable times during normal business hours. Clie By: Nan Title: 9sldst.a�c �iiy ivlarla�er Date: / � of I � By: Name: Mike Vandiver 2 Title: _CFO Date: January 17, 2007� CaTY ATTO'RN�Y Attested Bq� t°? jU`I UiV J 11� ! •T,�J �UJGI �L 61%3 � Exhibit A Server Monitoring Service Level Agreement SECUREWORKS takes pride in its commitment to deliver the highest quality and reliability of Managed Enterprise Security Monitoring. SECUREWORKS's confidence in its commitment is enabled by its technology, physically hardened secure operations centers, mature Incident Handling process and experienced human eyes. These elements combine to monitor and respond 24x7x365 to malicious activity, degraded performance, and application availability. This commitment is backed by this service level guarantee. I. Service Description a. Service Components Managed Enterprise Security Monitoring uses SECUREWORKS developed technology, the SherlockTM Enterprise Security Monitoring Platform, to enable scalable and effective security event aggregation, correlation, categorization, assessment, and response. The Sherlock Enterprise Security Monitoring Platform is a highly disMbuted technology which includes several components: Sherlock, Inspectofrm, Inspector AgentTM, and the Sherlock Enterprise Security Porta1TM. Inspector is deployed on the Client network and aggregates enterprise -wide security events from routers, firewalls, intrusion detection systems, servers and more. Inspector then compares events to known malicious activity and known normal activity. Malicious and unknown events are sent in real time via a secured connection to Sherlock in SECUREWORKS' Secure Operation Centers where the information is correlated and continuously scrutinized by Intrusion Analysts. The Intrusion Analysts respond to attacks and anomalies according to SECUREWORKS' Incident Handling process. SECUREWORKS' SherlockTM Enterprise Security Portal provides Clients a secure, web -based method to co -monitor the enterprise, generate security reports, update escalation procedures, and make help desk requests. b. Key Deliverables • Integration and ongoing administration of SECUREWORKS owned security monitoring infrastructure. This includes Client Inspectors) but does not include any other Client owned infrastructure which is not managed by SECUREWORKS. • SherlockTM Enterprise Security Portal access for co -monitoring, help desk, and reporting capabilities. • Ongoing enterprise security event aggregation, correlation, categorization, assessment, and response for monitored devices under paid service contract. • Consultative Advice. II. Service Guarantees a. Secure Operations Center Availability The SECUREWORKS Secure Operations Centers will maintain communications availability to the Internet 99.9% of the time during a calendar month. Communications availability is defined as the ability for one of SECUREWORKS' Secure Operations Centers to transmit and receive TCP/IP packets between its networks and its upstream Internet Service Provider. Failure to meet this guarantee entitles the Client to a monetary credit equal to thirty (30) minutes for each minute communications was not available beyond the 99.9% threshold. SECUREWORKS can make no guarantee to availability or performance of the Internet at large between SECUREWORKS and its Clients. b. Incident Response SECUREWORKS guarantees to monitor security devices under contract for malicious activity and to respond to security incidents within fifteen (15) minutes of identification. A security incident is defined as a high -risk attack that warrants Client notification as outlined in the SECUREWORKS Incident Handling Process. Failure to meet this guarantee entitles the Client to a monetary credit equal to thirty (30) minutes for each minute over the guaranteed response time that SECUREWORKS does not respond as guaranteed. c. Help Desk Requests Standard help desk requests submitted via the Sherlock Enterprise Security Portal or via telephone will be subject to initial response within one (1) hour. Requests identified by the Client as "Emergency" will be subject to an initial response within fifteen (15) minutes. Failure to meet these response guarantees entitles the Client to a monetary credit equal to thirty (30) minutes for each minute over the guaranteed response time that SECUREWORKS does not respond. III. Service Rules and Regulations a. Deployment of SECUREWORKS managed security services in a Client network does not achieve the elimination, and therefore SECUREWORKS makes no guarantee that intrusions, compromises, or any not occur on a Client network. ui�auth'ori2ed act$��,�w� n b. SECUREWORKS may schedule maintenance outages with 24 hours notice to designated Client contacts. Maintenance downtime will not exceed 4 hours within a rolling calendar month without prior consent fi•om the Client. c. Service level guarantees shall not apply during scheduled maintenance outages and therefore not eligible for any guarantee credit. rl. The Client will automatically receive credit for any failure to meet the guarantees outlined above, as well as notification of such credit, within 30 days of the incident. Client may also send a request via the help desk tool in the Managed Security Services Portal to apply for a credit if Client feels that SECUREWORKS has missed its guarantee obligations. This request must be submitted within thirty (30) days of the failure. SECUREWORKS will research the request and respond to Client within thirty (30) days from the date of the request. The total amount credited to a Client in connection with the above guarantees in any calendar month will not exceed the service fees paid by Client for such month. e. Client is responsible for all device configurations necessary for• SECUREWORKS to receive log data including implementing necessary tools to convert proprietary log formats into syslog or other standard output. f. Client is responsible for identifying any policy ornon-security incident related information in Client logs that Client would like SECUREWORKS to collect; and for the configuration their logging sources to report this information. g. Clients must maintain up-to-date third -party software support contracts for all managed devices. {r. For managed services where Client -owned hardware is used, the Client is responsible for maintaining appropriate levels of hardware to prevent network performance degradation. i. This service level guarantee does not apply in the event of any Client -caused service outage that prohibits SECUREWORKS fiom providing the service, delivering the service level guarantee or managed service descriptions, including but not limited to, misconduct, negligence, inaccurate or incomplete information, modifications made to the services, or modifications made to any managed hardware or software devices by the Client. This includes issues caused by Client's employees, agents, or third parties. Exhibit A Managed &Monitored Firewall Service Level Guarantee SECUREWORKS takes pride in its commitment to deliver the highest quality and reliability of Managed Firewall. SECUREWORKS' confidence in its commitment is enabled by its technology, physically hardened secure operations centers, mature Incident Handling process and experienced human eyes. These elements combine to monitor and respond 24x7x365 to malicious activity, degraded performance, and application availability. This commitment is backed by this service level guarantee. I. Service Description a. Service Components The Client is responsible for purchasing the firewall hardware and software necessary for the Managed Firewall service unless otherwise specifically noted. Managed Firewall uses SECUREWORKS developed technology, the SherlockTM Enterprise Security Monitoring Platform, to enable scalable and effective management and monitoring of Client firewalls. The Sherlock Enterprise Security Monitoring Platform is a highly distributed technology which includes several components: Sherlock, InspectorTM, Inspector AgentTM, and the Sherlock Enterprise Security Porta1TM. Inspector is deployed on the Client network and aggregates security events from managed firewalls and other security infrastructure (purchased separately). Inspector then compares events to known malicious activity and known normal activity. Malicious and unknown events are sent in real time via a secured connection to Sherlock in SECUREWORKS' Secure Operation Centers where the information is correlated and continuously scrutinized by Intrusion Analysts. The Intrusion Analysts respond to attacks and anomalies according to SECUREWORKS' Incident Handling. process. SECUREWORKS' SherlockTM Enterprise Security Portal provides Clients a secure, web -based method to request configuration changes, co -monitor the firewall's performance, security events, and configuration. b. Key Deliverables • Firewall, SherlockTM Enterprise Security Monitoring Platform, and SherlockTM Enterprise Security. • Portal integration. • Firewall system administration. • Firewall policy change requests. • Firewall security, availability, and performance monitoring. • Firewall updates and security patches. • Network -to -network VPN management (client -to -network management not included). • Daily firewall configuration backup. • Non -metered 24x7x365 firewall support/consultation by SECUREWORKS Intrusion Analysts. • Consultative Advice. II. Service Guarantees a. Secure Operations Center Availability The SECUREWORKS Secure Operations Centers will maintain communications availability to the Internet 99.9% of the time during a calendar month. Communications availability is defined as the ability for one of SECUREWORKS' Secure Operations Centers to transmit and receive TCP/IP packets between its networks and its upstream Internet Service Provider. Failure to meet this guarantee entitles the Client to a monetary credit equal to thirty (30) minutes for each minute communications was not available beyond the 99.9%threshold. SECUREWORKS can make no guarantee to availability or performance of the Internet at large between SECUREWORKS and its Clients. b. Incident Response SECUREWORKS guarantees to monitor security devices under contract for malicious activity and to respond to security incidents within fifteen (15) minutes of identification. A security incident is defined as a high -risk attack that warrants Client notification as outlined in the SECUREWORKS Incident Handling Process. Failure to meet this guarantee entitles the Client to a monetary credit equal to thirty (30) minutes for each minute over the guaranteed response time that SECUREWORKS does not respond as guaranteed. c. Help Desk Requests Standard help desk requests submitted via the Sherlock Enterprise Security Portal or via telephone will within one (1) hour. Requests identified by the Client as "Emergency" will be subject to an initial �.,�2 t�tp'.jniti ,�� , "r%fie J�� I ?��9 pQ(? p�'�� ''��tc J �� (xs) .� � �'� " minutes. Failure to meet these response guarantees entitles the Client to a monetary credit equal to thirty (30) minutes for each minute over the guaranteed response time that SECUREWORKS does not respond. III. Service Rules and Regulations a. Deployment of SECUREWORKS' managed security services in a Client network does not achieve the impossible goal of risk elimination, and therefore SECUREWORKS makes no guarantee that intrusions, compromises, or any other unauthorized activity will not occur on a Client network. bI SECUREWORKS may schedule maintenance outages with 24 hours notice to designated Client contacts. c. Service level guarantees shall not apply during scheduled maintenance outages and therefore not eligible for any guarantee credit. d. The Client will automatically receive credit for any failure to meet the guarantees outlined above, as well as notification of such credit, within 30 days of the incident. Client may also send a request via the help desk tool in the Managed Security Services Portal to apply for a credit if Client feels that SECUREWORKS has missed its guarantee obligations. This request must be submitted within thirty (30) days of the failure. SECUREWORKS will research the request and respond to Client within thirty (30) days from the date of the request. The total amount credited to a Client in connection with the above guarantees in any calendar month will not exceed the service fees paid by Client for such month. e. Clients must maintain up-to-date third -party software support contracts for all managed devices. f. For managed services where Client -owned hardware is used, the Client is responsible for maintaining appropriate levels of hardware to prevent network performance degradation. g. This service level guarantee does not apply in the event of any Client -caused service outage that prohibits SECUREWORKS from providing the service, delivering the service level guarantee or managed service descriptions, including but not limited to, misconduct, negligence, inaccurate or incomplete information, modifications made to the services, or modifications made to any managed hardware or software devices by the Client. This includes issues caused by Client's employees, agents, or third parties. Exhibit A Managed Vulnerability Scanning Service Level Guarantee SECUREWORKS takes pride in its commitment to deliver the highest quality and reliability of Vulnerability Scanning. SECUREWORKS' confidence in its commitment is enabled by its technology, commitment to open standards and rigorous testing, and experienced Threat Intelligence group members. These elements combine to scan, detect, and assist in the remediation of emerging threats and vulnerabilities. This commitment is backed by this service level guarantee. I. Service Description a. Service Components SECUREWORKS' Managed Vulnerability Scanning is designed to allow enterprises to understand their exposure to external threats. Based on industry -standard open -source technology, SECUREWORKS MVS allows a Client to schedule scans of their internet-facing devices, gather appropriate data, and remediate their vulnerabilities and exposures to proactively enhance their security. Three main system types are vital to the execution of the SECUREWORKS Managed Vulnerability Scanning service: • Scanning Server Infrastructure - this involves geographically redundant Linux-based servers that are used to actually execute scans against client networks. • Sherlock Enterprise Security Architecture — Sherlock Agent software deployed on the Scanning Servers controls the scanning software, and is utilized to communicate to the SECUREWORKS SOC as well as the Sherlock database servers. This architecture is also geographically redundant and high -availability. • Sherlock Enterprise Portal — the Client uses the portal web interface to get reports from and configure the scanning engine b. Key Deliverables • Access to the Sherlock Enterprise Security Portal • Scheduled (daily, weekly, monthly) scans of information systems. • Current and archived scan results via portal -based HTML reports. • Non -metered 24x7x365 support/consultation by SECUREWORKS Intrusion Analysts and SECUREWORKS Threat Intelligence Analysts • Consultative Advice. II. Service Guarantees a. Secure Operations Center Availability The SECUREWORKS Secure Operations Centers will maintain communications availability to the Internet 99.9% of the time during a calendar month. Communications availability is defined as the ability for one of SECUREWORKS' Secure Operations Centers to transmit and receive TCP/IP packets between its networks and its upstream Internet Service Provider. Failure to meet this guarantee entitles the Client to a monetary credit equal to thirty (30) minutes for each minute communications was not available beyond the 99.9% threshold. SECUREWORKS can make no guarantee to availability or performance of the Internet at large between SECUREWORKS and its Clients. b. Help Desk Requests Standard help desk requests submitted via the Sherlock Enterprise Security Portal or via telephone will be subject to initial response within one (1) hour. Requests identified by the Client as "Emergency" will be subject to an initial response within fifteen (15) minutes. Failure to meet these response guarantees entitles the Client to a monetary credit equal to thirty (30) minutes for each minute over the guaranteed response time that SECUREWORKS does not respond. III. Service Rules and Regulations a. Deployment of SECUREWORKS managed security services in a Client nehvork does not achieve the impossible goal of risk elimination, and therefore SECUREWORKS makes no guarantee that intrusions, compromises, or any other unauthorized activity will not occur on a Client network. b. While SECUREWORKS makes a best effort to ensure that all known risks are detected accurately by its Managed Vulnerability Scanning service, SECUREWORKS can make no guarantees about this completeness, nor around the impossible goals of ] 00% accuracy of scan results. c. The Client understands that the nature of vulnerability scanning contains some inherent risk to the availability and integrity of the device being scanned. SECUREWORKS assumes no liability for impact to operational availability of services (either hardware or software) due to the normal operation of SECUREWORKS' Managed Vulnerability Scanning service. This includes, but is not limited to, impact to network availability, service/server availability, or operating system availability. d. SECUREWORKS may schedule maintenance outages with 24 hours notice to designated Client contacts. e. Service level guarantees shall not apply during scheduled maintenance outages and therefore not eligible for any guarantee credit. f. The Client will automatically receive credit for any failure to meet the guarantees outlined above, as well as notification of such credit, within 30 days of the incident. Client may also send a request via the help desk tool in the Managed Security Services Portal to apply for a credit if Client feels that SECUREWORKS has missed its guarantee obligations. This request must be submitted within thirty (30) days of the failure. SECUREWORKS will research the request and respond to Client within thirty (30) days from the date of the request. The total amount credited to a Client in connection with the above guarantees in any calendar month will not exceed the service fees paid by Client for such month. g. This service level guarantee does not apply in the event of any Client -caused service outage that prohibits SECUREWORKS from providing the service, delivering the service level guarantee or managed service descriptions, including but not limited to, misconduct, negligence, inaccurate or incomplete information, modifications made to the services, or modifications made to any managed hardware or software devices by the Client. This includes issues caused by Client's employees, agents, or third parties. Exhibit A Threat Intelligence Service Level Guarantee SECUREWORKS takes pride in its commitment to deliver the highest quality and reliability of Threat Intelligence. SECUREWORKS' confidence in its commitment is enabled by its technology, worldwide network of sensors, and experienced Threat Intelligence group members. These elements combine to monitor and inform 24x7x365 about emerging threats and vulnerabilities. This commitment is backed by this service level guarantee. I. Service Description a. Service Components Threat Intelligence delivers comprehensive security intelligence information to the Client through the Sherlock Enterprise Security PortalTM. The Client is able to log in to the portal and view information about emerging or known threats and vulnerabilities. The Client is able to utilize the portal to set a profile of threats and vulnerabilities that they wish to be alerted on. This will enable the Client to receive email or text pager alerts from Sherlock upon the publication of new items that match their profile. As well, SECUREWORKS will, on occasion, publish Advisory information about emerging vulnerabilities or threats that constitute a critical danger to all enterprises. These Advisories will be delivered to the Client's primary email address (either email or text pager, as set up in the portal), as well as through a voice broadcast system to the Client's telephone number. b. Key Deliner•ables • Access to the Sherlock Enterprise Security Portal • Daily intelligence updates to threats and vulnerabilities • A user profile, and alerting based around that user profile • SECUREWORKS Advisories when an emerging threat/vulnerability is judged to be of appropriate importance • Non -metered 24x7x365 support/consultation by SECUREWORKS Intrusion Analysts and SECUREWORKS Threat Intelligence Analysts • Consultative Advice II. Service Guarantees a. Secure Operations CenterAnailabtlity The SECUREWORKS Secure Operations Centers will maintain communications availability to the Internet 99.9% of the time during a calendar month. Communications availability is defined as the ability for one of SECUREWORKS' Secure Operations Centers to transmit and receive TCP/IP packets between its networks and its upstream Internet Service Provider. Failure to meet this guarantee entitles the Client to a monetary credit equal to thirty (30) minutes for each minute communications was not available beyond the 99.9% threshold. SECUREWORKS can make no guarantee to availability or performance of the Internet at large between SECUREWORKS and its Clients. b. Help Desk Requests Standard help desk requests submitted via the Sherlock Enterprise Security Portal or via telephone will be subject to initial response within one (1) hour. Requests identified by the Client as "Emergency" will be subject to an initial response within fifteen (15) minutes. Failure to meet these response guarantees entitles the Client to a monetary credit equal to thirty (30) minutes for each minute over the guaranteed response time that SECUREWORKS does not respond. III. Service Rules and Regulations a. Deployment of SECUREWORKS managed security services in a Client network does not achieve the impossible goal of risk elimination, and therefore SECUREWORKS makes no guarantee that intrusions, compromises, or any other unauthorized activity will not occur on a Client network. b. SECUREWORKS may schedule maintenance outages with 24 hours notice to designated Client contacts. c. Service level guarantees shall not apply during scheduled maintenance outages and therefore not eligible for any guarantee credit. d. The Client will automatically receive credit for any failure to meet the guarantees outlined above, as well as notification of such credit, within 30 days of the incident. Client may also send a request via the help desk tool in the Managed Security Services Portal to apply for a credit if Client feels that SECUREWORKS has missed its guarantee obligations. This request must be submitted wn thirty (30) days of the failure. SECUREWORKS will research the request and respond to Client within thirty (30) days from the date of the request. The total amount credited to a Client in connection with the above guarantees in any calendar month will not exceed the service fees paid by Client for such month. e. This service level guarantee does not apply in the event of any Client -caused service outage that prohibits SECUREWORKS from providing the service, delivering the service level guarantee or managed service descriptions, including but not limited to, misconduct, negligence, inaccurate or incomplete information, modifications made to the services, or modifications made to any managed hardware or software devices by the Client. This includes issues caused by Client's employees, agents, or third parties. Exhibit B IN I r NI I "IN ALLY OMIIIED Exhibit C Limited Access Agreement A. The City of Fort Worth (the "City") owns and operates a file server computer system and network (collectively the "Network"). SECUREWORKS, Inc. ("Contractor") wishes to have access to the City's network. B. Contractor wishes to perform managed security services for the Water Information Technology Department and such other activities as defined in the attached Master Services and Service Level Agreements ("Service Agreements"). C. Irt order to perform the necessary duties, Contractor needs access to City's Water Deparment network in order to provide managed security services. D. The City is willing to grant Contractor access to the Network, subject to the terms and conditions set forth in this Agreement, and in the City's standard outside connections policy, ("Extranet Standard") attached as Exhibit "B-I" and hereby incorporated by reference and made a part of this Agreement for all purposes herein. NOW, THEREFORE, the City and Contractor hereby agree as follows: 1. GRANT OF LIMITED ACCESS. Contractor is hereby granted a limited right of access to the City's Network for the sole purpose of providing managed security services. Contractor can only enter the Network via the City's computer system; therefore, the City will provide Contractor with a password and access number or numbers as necessary to perform Contractor's duties. Contractor shall receive password(s) and access number(s) as deemed necessary by the City to be used by its officers, directors, employees, agents, representatives, and subcontractors, and shall only disseminate such password(s) and access number(s) as necessary to those who are providing services to the City pursuant to the Service Agreements. 2. NETWORK RESTRICTIONS. 2.1. Contractor may not share any passwords or access number or numbers provided by the City except with Contractor's officet-s, agents, servants or employees who work directly with this project. 2.2. Conhactor may not access the Network for any purpose other than those set forth in Section B of this Agreement. 2.3. Contractor acknowledges, agrees and hereby gives its authorization to the City to monitor Contractor's use of the City's Network in order to ensure Contractor's compliance with this Agreement. 2.4. A breach by Contractor, its officers, agents, servants or employees, of this Agreement and any other written instructions or guidelines that the City provides to Contractor pursuant to this Agreement shall be grounds for the City immediately to deny Contractor access to the Network and Contractor's Data in addition to any other remedies that the City may have under this Agreement or at law or in equity. 3. UNUATHORIZED ACCESS. Contractor, for itself and its officers, agents, subcontractors and employees, agrees that it shall treat all information to which it is given access, or information that is provided to it by the City as confidential and shall not disclose any such information to a third party without the prior written approval of the City. Contractor shall only access City Information in a secure manner and shall not allow unauthorized users to view, access, modify, delete or otherwise corrupt City Information in any way. Contractor shall notify the City immediately if the security or integrity of any City information has been compromised or is believed to have been compromised. EXHIBIT "B-1" TO LIMITED ACCESS AGREEMENT EXTRANETSTANDARD Overview The purpose of this standatd is to establish the requirements under which third party organizations may connect to the City of Fort Worth networks for the purpose of transacting City business. The standards listed are specific activities required by Section 2.2 of the City of Fort Worth Information Security Policy. Sco e Connections between third parties that require access to non-public City of Fort Worth resources fall under this standafT, regardless of whether a telecommunications circuit (such as flame relay or ISDN) or Virtual Privacy Network (VPN) technology is used for the connection. Connectivity to third parties such as the Internet Service Providers (ISPs) that provide Internet access for the City of Fort Worth or to e Pit ,Switched Telephone Network do not fall under this standard. Standard Security Review All new extranet connectivity will go through a security review with the Information Security department (IT Solutions). The reviews are to ensure that all access matches the business requirements in a best possible way, and that the principle of least access is followed. Third Party Connection Agreement All new connection requests between third parties and the City of Fort Worth require that the third party and the City of Fort Worth representative agree to and sign a third party agreement. This agreement must be signed by the Director of the sponsoring organization as well as a representative from the third party who is legally empowered to sign on behalf of the third party. The signed document is to be kept on file with IT Solutions. All documents pertaining to connections into the City of Fort Worth labs are to be kept on file with IT Solutions, Business Case All production extranet connections must be accompanied by a valid business justification, in writing, that is approved by a project manager in IT Solutions. Lab connections must be approved by IT Solutions. Typically this function is handled as part of a third party agreement. The sponsoring organization must designate a person to be the Point of Contact (POC) for the Extranet connection. The POC acts on behalf of the sponsoring organization, and is responsible for those portions of this policy and the third party agreement that pertain to it. In the event that the POC changes, IT Solutions must be informed promptly. Establishing Connectivity Sponsoring organizations within the City of Fort Worth that wish to establish connectivity to a third party are to file a new site request with IT Solutions to address security issues inherent in the project. If the proposed connection is to terminate within a lab at the City of Fort Worth, the sponsoring organization must engage IT Solutions. The sponsoring organization must provide full and complete information as to the nature of the proposed access to the extranet group and IT Solutions, as requested. All connectivity established must be based on the least -access principle, in accordance with the approved business requirements and the security review. In no case will the City of Fort Worth rely upon the third party to protect the City of Fort worth s network or resources. Modifying or Changing Connectivity and Access All changes in access must be accompanied by a valid business justification, and are subject to security review. Changes are to be implemented via corporate change management process. The sponsoring organization is responsible for notifying IT Solutions when there is a material change in their originally provided information so that security and connectivity evolve accordingly. Terminating Access When access is no longer required, the sponsoring organization within the City of Fort Worth must notify IT Solutions, which will then terminate the access. This may mean a modification of existing permissions up to terminating the circuit, as appropriate. IT Solutions must conduct an audit of their respective connections on an annual basis to ensure that all existing connections are still needed, and that the access provided meets the needs of the connection. Connections that are found to be deprecated, and/or are no longer being used to conduct the City of Fort Worth business, will be terminated immediately. Should a security incident or a finding that a circuit has been deprecated and is no longer being used to conduct the City of Fort Worth business necessitate a modification of existing permissions, or termination of connectivity, IT Solutions will notify the POC or the sponsoring organization of the change prior to taking any action. Definitions Circuit For the purposes of this policy, circuit refers to the method of network access, whether it's through traditional ISDN, Frame Relay etc. or via VPN encrjption technologies. Sponsoring Organization The City of Fort Worth ouganizatiour that requested that the third party have access to the City of Fort Word: networlr. Third Party A business that is not a formal or subsidiary part of the City of Fort Worth. Mayor and Council Communicatoon COUNCIL ACTION: Approved on 1/22/2008 DATE: Tuesday, January 22, 200� LOG NAME: 60MSS REFERENCE NO.: `*C-22631 SUEJECT: Authorize Execution of an Agreement for Enterprise Security Monitoring, Intrusion Prevention, Firewall Management, Vulnerability Scanning and Threat Intelligence Services with SecureWorks, Inc., Formerly LURHQ, Inc. RECOPlII!lIIENDATION: It is recommended that the City Council: 1. Authorize the City Manager to execute an agreement for enterprise security monitoring, intrusion prevention, firewall management, vulnerability scanning and threat intelligence services with SecureWorks, Inc., formerly LURHQ, Inc., for the Water Department network infrastructure at an estimated cost of $132,479; and 2. Authorize this agreement to begin January 22, 2003, and expire January 21, 2009, with one option to renew for an additional one-year period. DISCUSSION: The managed security service agreement with SecureWorks, Inc., will provide an enhanced security posture for the network infrastructure of the City %J Fort Worth Water Department. SecureWorks, Inc., managed security services allows the Water Department to better align their technology security efforts with business risk to have greater security operations efficiency, and improved compliance. SecureWorks, Inc., will monitor and analyze security infrastructure components such as firewalls, secure connectivity, intrusion detection and anti -virus systems 24 hours/7 days a week. Additionally, SecureWorks, Inc., will manage security policies and analyze data generated for indications of security risks and potential problems, and provide prevention, remediation and recovery of Information Technology vulnerabilities and incidents. A Request for Proposals (RFP) was issued in May 2006. The vendors were asked to respond with their best systems, processes, technologies and a Security Operations Center (SOC) that will integrate with the Water Department's current infrastructure and provide continuous incident watch and response services, event reporting, resolution, change management and reporting functionality. A team of Water Department Information Technology employees evaluated the proposals. The primary factors for the review included: 1) Completeness of Proposed Security Solution; 2) Ability to Deliver Proposed Security Services; and 3) Price of Proposed Security Solution. Four vendors responded with proposals to provide managed security services of the Water Department's network environment. After evaluation, it was determined that LURHQ, Inc., would provide the best solution for the City. Since that time, LURHQ, Inc., has merged with another company and is now known as SecureWorks, Inc. SecureWorks, Inc., has assumed all duties, responsibilities and obligations of LURHQ, Inc. BID ADVERTISEMENT -The RFP was advertised in the Commercial Recorder on May 3 and 10, 2006, Logname: 60M�S Pale l of 2 M/WBE -. A waiver of the goal for M/WBE subcontracting requirements was requested by the Purchasing Division and approved by the MM1BE Office because the purchase of goods or services is from sources where subcontracting or supplier opportunities are negligible. FISCAL INFORMATION/CFRTIFICATION: The Finance Director certifies that funds are available in the current operating budget as appropriated of the Water and Sewer Fund. TO Fund/Account/Centers Submitted for City Manager's Office b� Originating Department Head: Additional Information Contact: FROM Fund/Account/Centers PE45 639120 0604012 PE45 539120 0704012 Marc A. Ott (8476) S, Frank Crumb (8207) S. Frank Crumb (8207) $66.239.50 $66,239.50 Logname: 60MSS Page 2 of 2