From: LugI Jolene

 

 

 

 

 

 

 

 

 

 

To: Baird Mark Bluhm Derin' Fields MichaelR Maxgl Brian; Meeks, R?n; Rasmussen Ronald' Tillotson
Kara

Cc: Solt Dena' Keith Rebecca' Uno Vivian' Franada Marlon Gareth Lewis lggredtlewistronoscom); Boatrigh;
Rebecca; Mattmiller Michael

Subject: Contract Status Quid< Update-Please Read This

Date: Wednesday, October 05, 2016 9:56:57 AM

Attachments: 
Maggi?112m


Importance: High

 

Dear Steering Committee and Sponsor,

I?ve included Gareth on this E-Mail (Kronos). This is a quick update on contract status. Please read
and call me if you have ideas/concerns.

 

Why isn?t the contract complete?

Dena, our Director of Security, Risk, and Compliance is not approving moving forward due to ?non-
standard? SOC 2 Type 2 and/or contract terms.

How did we pass the first Security Review?

The security review was conducted by the previous Chief Security Officer (C50) and his security team
in June 2016. The SOC 2 Type 2 reports were deemed sufficient at that time, no vulnerability scans
were required, and we were approved to move forward.

How is this affecting the project schedule and what is the impact?

The go live of March 1St was dependent on a contract signing of Aug 12th. We are 8 weeks behind
schedule. Our CFO is answering to City Council, City Budget Office (CBC), and City Auditor?s on how
we fix the scheduling/overtime problem and the implementation dates given are quickly becoming
unachievable.

Do we understand the issues and the risk?

 

Jolene Draft Issue/Agenda Items Comments/Actions
does 1: The SOC 2 Type 2 report Scope may be for infrastructure only. Sections in report
"Ot may not have the scope indicate the scope is broader than infrastructure. Need
covering the services we are clarity.
purchasing.
2: Kronos questionnaire Put Kronos directors group together for the
response is not satisfactory. conversation including the coordinator for the SOC 2

Type 2 audit process, and leads from Security, Cloud,
Applications, and TeleStaff.
3: Kronos will not We believe the data security risk is low for Aspect

 

contractually commit on 3rd (telephony 3rd party) and may be accepted moving the
parties behalf. project forward once issue 1 and 2 are resolved.

understand the "non-standard? issues 100% or the risk therein. Dena will assist Jolene in the issues

 

 

 

 

and agenda items. Dena and the Kronos Directors are largely unavailable, we are continuing
coordination to get on their calendars. Other projects have priority for Dena such as BWV.

What are we doing to resolve the issues?

We?ve conducted data security conversations since Sept with Dena. Dena?s team provided a
security questionnaire and Kronos responded. Issues are apparent and drafted. The approach is to
clearly define the issues in an agenda to resolve each one in an organized manner. The phone
conversation will be with Dena and the Kronos Directors. Once Dena has no outstanding questions,
we expect the result will be to move forward with revised terms including answers to the security
questionnaire that are satisfactory.

 

Jolene Luck
IT Project Manager
City of Seattle Seattle Police Department

M: 206-549?8640 O: 
Headquarters: 610 5th Avenue, Office#463

Visit Seattle Police: Policy Manual Public Disclosure Blotter Twitter Facebook