By Melissa Reeder
Cities are attractive targets for cybercriminals because of the valuable data that is stored. They are also a target because many are connected to state systems and other networks, where the quality and quantity of the data to capture is greater. Whether the attacks are intrusions or data breaches, the number and sophistication are increasing.
Small cities are often juggling priorities and services for their residents, and it is common for technology support to be included in “other duties as assigned.” In a smaller city, it can be difficult to hire for this specialized skill set, which is often not a full-time job. Managed information technology (IT) services may be just the solution you need to fill the gap.
What is a managed IT service?
A managed IT service is an IT task carried out by a third-party provider. In this type of arrangement, the city can contract with a third party to be responsible for the functionality, equipment, and security of the IT service.
There are many different types of managed IT service offerings, but the key is to transfer the burden of maintaining IT from the city to a service provider. It also gives the city predictable pricing and the ability to focus on the core business of running a city.
Services commonly provided
If your city has a stable internet connection, you can consider managed IT services. The typical services offered are remote monitoring and management of desktops, servers, and mobile devices. Remote connectivity is done by installing software on the city computer, which allows the provider to operate the machine through the internet connection as if they were sitting at the keyboard in city hall. This connection is controlled by the city, allowing the provider to use a machine only when authorized.
Computer security and continuity of service are essential to a city’s business. That’s why these two items are usually included in managed IT services. The provider’s services typically include details like monitoring the internet activity to detect intrusions, and ensuring there are good data backup systems in place. All services can be scaled up or down to match your city’s budget and needs.
How to get started
Depending on your city’s purchasing policy, you can often get started with managed IT services by soliciting providers to submit bids or quotes. The bids will be based on a detailed inventory of the city’s hardware and software and a network diagram that you will provide.
The inventory should include every computer used at the city, with details of the computer’s model and all software used.
The network diagram is a schematic of a city’s connections between computers. It generally includes the email and telephone connectivity (if any) and the models of hardware connecting the computers and other systems, such as servers, routers, switches, and backups. This diagram should also include internet connectivity. Many cities will contract with a vendor to complete the inventory and network diagrams.
What to include in the contract
A professional services contract will include the terms and conditions for the managed services provider. The contract should also note the necessary background checks a city requires for providers working on-site or remotely.
If you are contracting with a third party to provide support for systems containing criminal justice information (CJI), there are additional requirements for background checks and system access. For details on CJI requirements, refer to your city’s terminal agency coordinator. This is usually a commissioned officer at the city.
The contract may reference a statement of work (SOW). The SOW includes specific details such as hours and type of work. The SOW should outline a service level agreement (SLA).
The SLA identifies what services the provider will furnish and how successful delivery of services will be measured. For example, a city may designate the email system as high priority and require the provider to respond within one hour, while a simple desktop issue requires a response within 48 hours.
The contract should also include appropriate cyber insurance requirements and indemnification provisions to protect the city’s interests.
Members of the League of Minnesota Cities may use the League’s free Contract Review Service before signing the dotted line. Learn more about this service at www.lmc.org/contractreview.
Melissa Reeder is chief information officer with the League of Minnesota Cities. Contact: firstname.lastname@example.org or (651) 281-1221.