Item - 2025.GG21.8

The General Government Committee:

1. In accordance with Section 195-8.4 of Toronto Municipal Code Chapter 195 (Purchasing By-Law), authorized the Chief Information Security Officer, to enter into, and execute an agreement with the successful supplier, Deloitte LLP, being the top-ranked supplier meeting the requirements set out in the Negotiated Request for Proposal for the provision of a Managed Security Services Provider. The contract has an initial three year term commencing August 1, 2025, to July 31, 2028, with options for the City to extend the agreement for two additional one year periods for the amount of $38,757,513.89 net of all taxes and charges ($39,439,646.13 net of Harmonized Sales Tax recoveries), in accordance with terms and conditions as set out in the Negotiated Request for Proposal and in a form satisfactory to the City Solicitor.

The purpose of this report is to advise on the results of the Negotiated Request for Proposal Document Number 4530978523 for a Managed Security Services Provider for the City of Toronto's Office of the Chief Information Security Officer. This report is seeking approval from the General Government Committee to enter into an agreement with the recommended supplier, Deloitte LLP. This agreement will enable Deloitte LLP to continue delivering comprehensive cyber security operations and monitoring services for the City's network environment and digital assets, focusing on preventing, detecting, responding to, mitigating, and recovering from cyber threats and events.

The Managed Security Services Provider will provide the City with a 24x7x365 Security Operations Centre to ensure continuous protection and oversight of the City's existing cyber security systems. Additionally, the Managed Security Services Provider will deliver essential services such as forensics, threat intelligence, device management, and ongoing vulnerability assessments, which are all critical to strengthening the City's overall cyber security posture and response capabilities. The current contract for these services will expire at the end of July 2025, and a new contract must be in place by August 1, 2025, to ensure uninterrupted service delivery.