Texas sets up governmentwide IT purchasing

Texas Department of Information Resources Go DIRect Program

Texas state agencies and local governments can now purchase cybersecurity services from various vendors under several new contracts negotiated by the state's Department of Information Resources (DIR).

It's the first time the department is offering security products and services through its Go DIRect program, which was created about four years ago. The program, designed to make it easier for state agencies to buy certain products without having to bid out separate contracts, offers agencies and other public-sector entities access to state-negotiated contracts from information technology equipment to training.

Texas agencies needed help in meeting the state government's security standards and guidelines, said Tamra Gilbert, contract manager for the information resources department.

"We knew that security was a big area of concern, and our security office at DIR has been getting a lot of calls from entities needing help," she said.

Department officials interviewed and evaluated 70 companies that sell security services and signed nine of them to two-year contracts with renewal options, Gilbert said. Vendor offerings include police and procedures development, managed services, network security, vulnerability assessment, and training, she said.

Go DIRect helps smaller entities that have limited funds and little ability to research companies, get bids and negotiate good deals, said Thomas Johnson, a public information officer for DIR. The marketing team within the program does customer outreach through trade shows, e-mail alerts and other vehicles to educate them about contracts, Johnson said.

Many states and some federal departments are moving toward offering master service agreements for professional services. Being vetted by Texas is similar to getting a federal government contract, said Carolyn Hollander, director of government solutions at Pittsburgh-based RedSiren Inc., one of the vendors Texas officials chose.

Under its Texas contract, Red Siren offers network infrastructure security audits and vulnerability corrections, computer forensics, intrusion protection services, virtual private network services, penetration testing, and other assessments. The company had to provide experience, client references, a detailed description of services offered, pricing models and discounts, among other things, Hollander said.