To: Board of Supervisors
From: Marc Shorr, Information Technology Director
Report Title: Amendment for the SANS Institute Master Training Services Agreement
☒Recommendation of the County Administrator ☐ Recommendation of Board Committee
RECOMMENDATIONS:
APPROVE and AUTHORIZE the Chief Information Officer, or designee, to execute an amendment to the Master Training Services Agreement (MTSA) between the County and Escal Institute of Advanced Technologies, Inc., dba SANS Institute, dated December 17, 2024, modifying the term language from the MTSA automatically terminating at the completion of all existing statements of work subject to the MTSA, to a fixed 12-month term, that will make the current term December 23, 2025 through December 22, 2026, with the 12-month renewal term starting December 23, 2026.
APPROVE and AUTHORIZE future purchase orders for statements of work with SANS Institute issued pursuant to the terms of the MTSA, provided that each such purchase order includes a payment limit of $200,000 or less, and the terms of the MTSA have not substantially changed.
FISCAL IMPACT:
The costs will be borne by each County Department requesting services through SANS.
BACKGROUND:
The Board of Supervisors approved the terms of the Master Training Services Agreement (MTSA) with Escal Institute of Advanced Technologies, Inc., dba SANS Institute (SANS) on December 17, 2024, however the approval was limited to the terms of the purchase order being executed in conjunction with the MTSA. The Department of Information Technology (DoIT) and SANS agree to amend section 5.1 of the MTSA to clarify the term of the agreement. The MTSA would remain in effect until either party requests termination with 60 days’ written notice.
The goal of DoIT’s security team is to protect the County's digital infrastructure, systems, and sensitive data from cyber threats, ensuring secure, uninterrupted public services. In today’s digital landscape, county organizations face an ever-growing array of cybersecurity threats. To effectively safeguard the county systems and data, it is imperative that information technology security staff have the most up-to date skills and training. The MTSA with SANS provides a versatile approach to cybersecurity training, enabling any department within the County to customize their training programs, and ensure that their staff are well-prepared to handle current and emerging cyber threats.
The SANS MTSA contains a limitation of SANS liability to the total payments received by SANS for products or services under the agreement during the 12-month period immediately preceding the date when cause of action arises, including attorney fees. Under the agreement, the County is obligated to indemnify SANS against third party claims based on County’s breach of the terms of the agreement or in performing the agreement.
CONSEQUENCE OF NEGATIVE ACTION:
If not approved, the County may have fewer opportunities to strengthen the advanced skills needed to address evolving cybersecurity threats. Approving SANS training would help enhance the County’s ability to protect systems, data, and services while supporting overall security readiness.