|
TO: |
Board of Trustees |
|
THROUGH: |
Jay Fox, Executive Director |
|
FROM: |
Alisha Garrett, Chief Enterprise Strategy Officer |
|
PRESENTER(S): |
Kyle Brimley, IT Director |
|
|
|
TITLE:
title
Contract: Code Vulnerability Management Software (Talrace)
end
AGENDA ITEM TYPE:
Procurement Contract/Change Order
RECOMMENDATION:
Approve award and authorize Executive Director to execute contract and associated disbursements with Talrace in the amount of Not-To Exceed $729,900 for Code Vulnerability Management.
BACKGROUND:
Vulnerability Management, the ongoing practice of identifying, classifying, prioritizing, and mitigating software vulnerabilities is priority for Utah Transit Authority’s IT Department.
The purpose of the RFP is to engage a third-party vendor to provide a code scan for internal and external systems, applications, and software. Once the scan of various applications, systems and software has been completed, a comprehensive list of vulnerabilities will be presented to UTA for review and acceptance.
DISCUSSION:
In this code vulnerability management contract with Talrace, the contractor will provide the following services:
- DAST & SAST Code Scanning
- CI/CD Pipeline modifications to include SAST pre-development scanning
- Document all findings
- Code remediation / upgrade activities and upgrade projects with unit/Integration tests coverage over 80% as per industry standard
Included in this project is the remediation of bugs, vulnerabilities, and issues that the code scan has uncovered. Because it is impossible to determine ahead of time how many issues may be uncovered and the depth of the vulnerability, the vendor will prepare a recommendation with cost time estimate broken out by project. The Project Manager for UTA will then prioritize and authorize the work to be performed. UTA may, in some cases choose to have the remediation work completed in house and not by the vendor.
In addition to the list of issues requiring mitigation and remediation, the vendor will provide a recommendation of best practices to avoid system vulnerabilities into the future.
The contract has a base term of three years with two one-year options. The total contract value reflects the five year period based on anticipated annual costs of not to exceed $146,000.
CONTRACT SUMMARY:
|
Contractor Name: |
Talrace |
|
Contract Number: |
22-03548CG |
|
Base Contract Effective Dates: |
5/1/2022 - 4/30/2025 base contract |
|
Extended Contract Dates: |
5/1/2025 - 4/30/2027 option years |
|
Existing Contract Value: |
$0 |
|
Amendment Amount: |
N/A |
|
New/Total Contract Value: |
NTE of $729,900 for base plus option years |
|
Procurement Method: |
Request for Proposal |
|
Budget Authority: |
Included in approved 2022 IT budget |
|
|
|
ALTERNATIVES:
Hire qualified staff that has the expertise in code remediation.
FISCAL IMPACT:
Pricing will be at contractor’s hourly rate of $36.00 per hour and not to exceed 4055 hours.
Contract value per year will be NTE $145,980.00 with the total contract value including option years, not to exceed $729,900.
The funds for this year’s contract are included in the 2022 budget and subsequent annual costs will be included in subsequent years.
ATTACHMENTS:
Talrace Contract