HomeMy WebLinkAboutContract 33436 CITY SECRETARY
CONTRACT NO. ,t�&
PROFESSIONAL SERVICES AGREEMENT
This PROFESSIONAL SERVICES AGREEMENT ("Agreement") is made and entered
into by and between the CITY OF FORT WORTH (the "City"), a home rule municipal
corporation situated in portions of Tarrant, Denton and Wise Counties, Texas, acting by and
through Richard Zavala, its duly authorized Assistant City Manager, and THOTH
SOLUTIONS, INC. ("Consultant") a Texas corporation and acting by and through James R.
Johnson, its duly authorized Officer and Agent.
1. SCOPE OF SERVICES.
Consultant hereby agrees to provide the City with professional consulting services for
the purpose of Security Professional Services to evaluate and document IT Security Team
procedures and processes. Attached hereto and incorporated for all purposes incident to this
Agreement is Exhibit A describing the Scope of Work.
2. TERM.
This Agreement shall commence upon the date that both the City and Consultant have
executed this Agreement ("Effective Date") and shall continue in full force and effect until
terminated in accordance with the provisions of this Agreement or when the City provides
Consultant with written notice that Consultant has fulfilled its obligations under this Agreement
and that Consultant's services are no longer required.
3. COMPENSATION.
The City shall pay Consultant an amount not to exceed $95,000.00 in accordance with
the provisions of this Agreement. Consultant shall not perform any additional services for the
City not specified by this Agreement Unless the City requests and approves in writing the
additional costs for such services. The City shall not be liable for any additional expenses of
Consultant not specified by this Agreement unless the City first approves such expenses in
writing.
4. TERMINATION.
4.1. Written Notice.
The City or Consultant may terminate this Agreement at any time and for any
reason by providing the other party with 30 days written notice of termination.
4.2 Non-appropriation of Funds.
In the event no funds or insufficient funds are appropriated by the City in any
fiscal period for any payments due hereunder, City will notify Consultant of such
occurrence and this Agreement shall terminate on the last day of the fiscal period for
which appropriations were received without penalty or expense to the City of an kind
whatsoever, except as to the portions of the payments herein a" ,,uRop� far whi h
funds shall be been appropriated. r r I t•= _ .
I
04-19-06 A10 : 55 IN
4.3 Duties and Obligations of the Parties.
In the event that this Agreement is terminated prior to the Expiration Date, the
City shall pay Consultant for services actually rendered as of the effective date of
termination and Consultant shall continue to provide the City with services requested
by the City and in accordance with this Agreement up to the effective date of
termination.
5. DISCLOSURE OF CONFLICTS AND CONFIDENTIAL INFORMATION.
Consultant hereby warrants to the City that Consultant has made full disclosure in
writing of any existing or potential conflicts of interest related to Consultant's services and
proposed services with respect to the Scope of Services. In the event that any conflicts of
interest arise after the Effective Date of this Agreement, Consultant hereby agrees
immediately to make full disclosure to the City in writing. Consultant, for itself and its officers,
agents and employees, further agrees that it shall treat all information provided to it by the
City as confidential and shall not disclose any such information to a third party without the
prior written approval of the City.
6. RIGHT TO AUDIT.
Consultant agrees that the City shall, until the expiration of three (3) years after final
payment under this contract, have access to and the right to examine at reasonable times
any directly pertinent books, documents, papers and records of the consultant involving
transactions relating to this Contract. Consultant agrees that the City shall have access
during normal working hours to all necessary Consultant facilities and shall be provided
adequate and appropriate work space in order to conduct audits in compliance with the
provisions of this section. The City shall give Consultant reasonable advance notice of
intended audits.
Consultant further agrees to include in all its subcontractor agreements hereunder a
provision to the effect that the subcontractor agrees that the City shall, until expiration of
three (3) years after final payment of the subcontract, have access to and the right to
examine at reasonable times any directly pertinent books, documents, papers and records of
such subcontractor involving transactions related to the subcontract, and further that City
shall have access during normal working hours to all subcontractor facilities and shall be
provided adequate and appropriate work space in order to conduct audits in compliance with
the provisions of this paragraph. City shall give subcontractor reasonable notice of intended
audits.
7. INDEPENDENT CONTRACTOR.
It is expressly understood and agreed that Consultant shall operate as an
independent contractor as to all rights and privileges granted herein, and not as agent,
representative or employee of the City. Subject to and in accordance with the conditions and
provisions of this Agreement, Consultant shall have the exclusive right to control the details
of its operations and activities and be solely responsible for the acts and omissions of its
officers, agents, servants, employees, contractors and subcontractors. Consultant
2
acknowledges that the doctrine of respondeat superior shall not apply as between the City,
its officers, agents, servants and employees, and Consultant, its officers, agents, employees,
servants, contractors and subcontractors. Consultant further agrees that nothing herein shall
be construed as the creation of a partnership or joint enterprise between City and Consultant.
8. LIABILITY AND INDEMNIFICATION.
CONSULTANT SHALL BE LIABLE AND RESPONSIBLE FOR ANY AND ALL
PROPERTY LOSS, PROPERTY DAMAGE AND/OR PERSONAL INJURY, INCLUDING
DEATH, TO ANY AND ALL PERSONS, OF ANY KIND OR CHARACTER, WHETHER REAL
OR ASSERTED, TO THE EXTENT CAUSED BY THE NEGLIGENT ACT(S) OR
OMISSION(S), MALFEASANCE OR INTENTIONAL MISCONDUCT OF CONSULTANT, ITS
OFFICERS, AGENTS, SERVANTS OR EMPLOYEES.
CONSULTANT COVENANTS AND AGREES TO, AND DOES HEREBY,
INDEMNIFY, HOLD HARMLESS AND DEFEND THE CITY, ITS OFFICERS, AGENTS,
SERVANTS AND EMPLOYEES, FROM AND AGAINST ANY AND ALL CLAIMS OR
LAWSUITS FOR EITHER PROPERTY DAMAGE OR LOSS (INCLUDING ALLEGED
DAMAGE OR LOSS TO CONSULTANT'S BUSINESS AND ANY RESULTING LOST
PROFITS) AND/OR PERSONAL INJURY, INCLUDING DEATH, TO ANY AND ALL
PERSONS, OF ANY KIND OR CHARACTER, WHETHER REAL OR ASSERTED, ARISING
OUT OF OR IN CONNECTION WITH THIS AGREEMENT, TO THE EXTENT CAUSED BY
THE NEGLIGENT ACTS OR OMISSIONS OR MALFEASANCE OF CONSULTANT, ITS
OFFICERS, AGENTS, SERVANTS OR EMPLOYEES.
9. ASSIGNMENT AND SUBCONTRACTING.
Consultant shall not assign or subcontract any of its duties, obligations or rights under
this Agreement without the prior written consent of the City. If the City grants such consent,
the assignee or subcontractor shall execute a written agreement with the City under which the
assignee or subcontractor agrees to be bound by the duties and obligations of Consultant
under this Agreement.
10. INSURANCE.
Consultant shall provide the City with certificate(s) of insurance documenting policies
of the following minimum coverage limits that are to be in effect prior to commencement of
any work pursuant to this Agreement:
10.1 Coverage and Limits
Commercial General Liability
$1,000,000 Each Occurrence
$1,000,000 Aggregate
Automobile Liability
$1,000,000 Each accident on a combined single limit basis or
$250,000 Property damage
$500,000 Bodily injury per person per occurrence
Coverage shall be on any vehicle used by the Consultant, its
employees, agents, representatives in the course of the providing
services under this Agreement. "Any vehicle" shall be any vehicle
owned, hired and non-owned
Worker's Compensation
Statutory limits
Employers liability
$100,000 Each accident/occurrence
$100,000 Disease - per each employee
$500,000 Disease - policy limit
This coverage may be written as follows:
Workers' Compensation and Employers' Liability coverage with limits consistent
with statutory benefits outlined in the Texas workers' Compensation Act (Art.
8308 — 1.01 et seq. Tex. Rev. Civ. Stat.) and minimum policy limits for
Employers' Liability of $100,000 each accidentioccurrence, $500,000 bodily
injury disease policy limit and $100,000 per disease per employee
10.2 Certificates.
Certificates of Insurance evidencing that the Consultant has obtained all
required insurance shall be delivered to the City prior to Consultant proceeding
with any work pursuant to this Agreement. All policies shall be endorsed to
name the City as an additional insured thereon, as its interests may appear.
The term City shall include its employees, officers, officials, agent, and
volunteers in respect to the contracted services. Any failure on the part of the
City to request required insurance documentation shall not constitute a waiver
of the insurance requirement. A minimum of thirty (30 ) days notice of
cancellation or reduction in limits of coverage shall be provided to the City. Ten
(10) days notice shall be acceptable in the event of non-payment of premium.
Such terms shall be endorsed onto Consultant's insurance policies. Notice shall
be sent to the Risk Manager, City of Fort Worth, 1000 Throckmorton, Fort
Worth, Texas 76102, with copies to the City Attorney at the same address.
11. COMPLIANCE WITH LAWS, ORDINANCES, RULES AND REGULATIONS.
Consultant agrees to comply with all applicable federal, state and local laves,
ordinances, rules and regulations. If the City notifies Consultant of any violation of such laws,
ordinances, rules or regulations, Consultant shall immediately desist from and correct the
violation.
12. NON-DISCRIMINATION COVENANT.
Consultant, for itself, its personal representatives, assigns, subcontractors and
successors in interest, as part of the consideration herein, agrees that in the performance of
Consultant's duties and obligations hereunder, it shall not discriminate in the treatment or
employment of any individual or group of individuals on any basis prohibited by law. If any
claim arises from an alleged violation of this nondiscrimination covenant by Consultant, its
personal representatives, assigns, subcontractors or successors in interest, Consultant agrees
to assume such liability and to indemnify and defend the City and hold the City harmless from
such claim.
13. NOTICES.
Notices required pursuant to the provisions of this Agreement shall be conclusively
determined to have been delivered when (1) hand-delivered to the other party, its agents,
employees, servants or representatives, (2)delivered by facsimile with electronic confirmation
of the transmission, or(3) received by the other party by United States Mail, registered, return
receipt requested, addressed as follows:
To THE CITY: To CONSULTANT:
City of Fort Worth/IT Solutions Thoth Solutions, Inc.
1000 Throckmorton PO Box 57
Fort Worth TX 76102-6311 Allen, TX 75013
Facsimile: (817) 392-8654 Facsimile: (972)442-7222
14. SOLICITATION OF EMPLOYEES.
Neither the City nor Consultant shall, during the term of this agreement and
additionally a period of one year after its termination, solicit for employment or employ,
whether as employee or independent contractor, any person who is or has been employed by
the other during the term of this agreement, without the prior written consent of the person's
employer.
15. GOVERNMENTAL POWERS.
It is understood and agreed that by execution of this Agreement, the City does not
waive or surrender any of its governmental powers.
16. NO WAIVER.
The failure of the City or Consultant to insist upon the performance of any term or
provision of this Agreement or to exercise any right granted herein shall not constitute a
waiver of the City's or Consultant's respective right to insist upon appropriate performance or
to assert any such right on any future occasion.
5
17. CONSTRUCTION.
This Agreement shall be construed in accordance with the internal laws of the State of
Texas. If any action, whether real or asserted, at law or in equity, is brought on the basis of this
Agreement, venue for such action shall lie in state courts located in Tarrant County, Texas or
the United States District Court for the Northern District of Texas, Fort Worth Division.
18. SEVERABILITY.
If any provision of this Agreement is held to be invalid, illegal or unenforceable, the
validity, legality and enforceability of the remaining provisions shall not in any way be affected
or impaired.
19. FORCE MAJEURE.
The City and Consultant shall exercise their best efforts to meet their respective duties
and obligations as set forth in this Agreement, but shall not be held liable for any delay or
omission in performance due to force majeure or other causes beyond their reasonable
control (force majeure), including, but not limited to, compliance with any government law,
ordinance or regulation, acts of God, acts of the public enemy, fires, strikes, lockouts, natural
disasters, wars, riots, material or labor restrictions by any governmental authority,
transportation problems and/or any other similar causes.
20. HEADINGS NOT CONTROLLING.
Headings and titles used in this Agreement are for reference purposes only and shall
not be deemed a part of this Agreement.
20. REVIEW OF COUNSEL.
The parties acknowledge that each party and its counsel have reviewed and revised
this Agreement and that the normal rules of construction to the effect that any ambiguities are
to be resolved against the drafting party shall not be employed in the interpretation of this
Agreement or exhibits hereto.
21. ENTIRETY OF AGREEMENT.
This Agreement, including the schedule of exhibits attached hereto and any
documents incorporated herein by reference, contains the entire understanding and
agreement between the City and Consultant, their assigns and successors in interest, as to
the matters contained herein. Any prior or contemporaneous oral or written agreement is
hereby declared null and void to the extent in conflict with any provision of this Agreement.
[Signature Pages Follow]
OFFICIAL RE ICU)
CITY M019H � '
IN WITNESS WHEREOF, the parties hereto have executed this Agreement in multiples this
f Q day of &ZIL , 200 0 .
CITY OF FORT WORTH: THOTH SOLUTIONS, INC.
By:
Ri and Zavala Jaq4s R. Johnson
Acting Assistant City Manager Thoth Solutions, Inc. President
ATTEST: ATTEST:
By: _
City SecretaryBy:
APPROVED AS TO FORM AND
LEGALITY:
By:�—-W,
Assistant&ty Attorney
M&C: '—'
I i'k I
CITY NIP-1 t
EXHIBIT A
Security Professional Services
Statement of Work
The City of Fort Worth is seeking a Security Professional Services to evaluate
and document IT Security Team procedures and processes. This work shall
begin immediately and end no later than the end of the 2005-2006 fiscal year,
September 30, 2006.
The following tasks shall be performed in the order they are listed as time and
budget permit:
1. CFW Security Newsletter(target once quarterly)
a. Evaluate past newsletter
b. Identify & draft full content by "Sections" for next two years (8
Distributions)
c. Maintain space for current events
d. Content must match security policy and be readable and relevant.
e. Create a "this happened to me" or true life story ----security alert section
with real life scenario and what the precautionary measures should be. If
multiple "This Happened to Me...." sections prove difficult to produce
alternative content should be developed.
2. IT Solutions Policy
a. Full rewrite of the 88 page policy
■ Must be readable, in plain English, 8th grade reading level. Must be
at least '/ the size as the original. Must include updated references
to any supporting documentation, must include current practices
and procedures, and must be consistent with governing city
directives.
■ No technical information — this will be distributed to other
departments; Approximately 30 pages or less with illustrations and
concise explanations
■ Rewrite process must include input from all members of Platform
Technology, the leadership team, and a selected cross functional
team.
■ Must include a controlled process for evaluating and combining
feedback from all parties, and good version control.
■ Submit final version in printable quality.
b. Highlight Behavioral Issues outlined in Security Training Cubical
c. Rewrite of Abbreviated Security Pamphlet currently under 10 ages
1
■ Evaluate and update existing content, add new relevant content.
Make recommendations and draft abbreviated high value content.
■ Review organization and resize pamphlet; This should be an
abbreviated version of full ITS policy
■ Prepare final version in printable quality.
3. Web Presence Improvements (Intranet)
a. Identify areas of improvement for existing web presence for both teams
b. Work with staff to create more dynamic and high value content.
c. If security allows, include processes, documentation, procedures, how
to's? Q&A sections. Target High Value content such as workstation
guidelines, mobile computing guidelines, and content from security policy
where relevant.
4. Wireless Security Strategy
a. Target: Compile a CFW Mobile Computer Users Policy to include use of
Verizon data cards.
b. Target: Develop an easy to read pamphlet communication explaining the
different types of wireless in the City of Fort Worth- 81h grade letter,
heavily illustrated, plain English. Develop and document the current
strategy as well.
c. Target: Develop an easy to read pamphlet communication on the
responsibility of a laptop user with wireless capability for security training
purposes
5. Professional Services
Create a policy statement, and staff instructions on audits, governance, third
party health checks, review cycle for processes and procedures, the use of
professional services or outsourced services. Outline a repeatable process
for the offered services that can be incorporated into the SOP Handbook.
Target: Documented staff guidelines on how to approach at least the top 5
categories of professional services (may be related to audits, health checks,
new technology roll-outs).
6. Electronic SOP's (Standard Operating Procedures) for the Security
Team (Integrate with Platform Technology Team)
a. Evaluate existing SOP's for improvement
b. Identify SOP's that need to be written A
;�pp77�17 �
Ya ..;rJ:.,C� ,.
2
c. Create the identified SOP's, some of which are:
■ Audit Calendar Process — formalize the audit function: SOP,
schedule, & Plan of Action
■ SOP's for performing professional services for departments
• SOP's for Incident Response
d. Train staff on new and improved SOP's.
7. Internal Documentation Procedures: Risk Memo's (Communication
Methodology)
a. Identify steps in the governance process, tie back to Administrative
Regulations (AR's) or Personnel Rules and Regulations (PRR's) or Legal
authorities.
b. Identify the notification process, who gets notified, how and when.
c. Identify the process and steps of remediation with Finance, Law, and
target entity. Draft a proposal and setup meeting for presentation to the
Steering Committee.
8. CFW Departmental Security Awareness Training & Education
a. Assist in developing additional training materials for use in the portable
security cubical that will be displayed in each City department for training
purposes. (Target Completion: Obtain cubical in time for the
departmental move to Zipper building — May or June 2006)
9. Contract Management: Licensing Compliance & Govemance
a. Identify and Map improved processes for the procurement of goods and
services.
b. Identify areas of improvement in procurement between work teams, create
documentation to support target processes and procedures
c. Identify ways to improve contract compliance and governance.
■ Place contract renewals and extranet agreements on audit
calendar?
■ Identify steps to review contracts for annual audits (review extranet
agreements with vendors, revoke network access where no longer
needed).
■ Identify processes and procedures for communication of this work
to Finance and Legal.
■ How will we handle audits? What do we do about non compliance
10.Security Manager Alert Response Procedures
a. Evaluate current practices and create an SOP for handling Security
Manager alerts
b. Evaluate and create documentation for target practices
c. Use tools and automation to achieve target practices
d. Train internal (and other IT Teams) on new documented practices via
workshops to socialize the requirements amongst responsible parties.
11.Application Manager Alert Procedures
a. Evaluate current practices and create an SOP for handling Application
Manager alerts
b. Evaluate and create documentation for target practices
c. Use tools and automation to achieve target practices
d. Train internal (and other IT Teams) on new documented practices via
workshops to socialize the requirements amongst responsible parties.
4
EXHIBIT B
PAYMENTS
II. Payments
DESCRIPTION WEEKS HOURS RATE TOTAL
CFW Security Newsletter 2 80 88.5 $7,080.00
Web Presence Improvements 2 80 88.5 $7,080.00
Wireless Security Strategy 2 80 88.5 $7,080.00
IT Solutions Policy 3 120 88.5 $10,620.0
0
Electronic SOP's 2 80 88.5 $7,080.00
Internal Documentation Procedures: 2 80 88.5 $7,080.00
Risk Memo's
SUBTOTAL $46,020.0
0
CFW Staff Security Training & 2 80 88.5 $7,080.00
Education
Security Manager Alert Responses 2 80 88.5 $7,080.00
Procedures
Application Manager Alert Procedures 2 80 88.5 $7,080.00
Contract Management 2 80 88.5 $7,080.00
Professional Services 2 80 88.5 $7,080.00
SUBTOTAL $35,400.0
0
GRAND TOTAL $81,420.0
0
5
Page 1 of 2
City of Fort Worth, Texas
Mayor and Council Communication
COUNCIL ACTION: Approved on 2/14/2006
DATE: Tuesday, February 14, 2006
LOG NAME: 13P06-0008 REFERENCE NO.: **P-10320
SUBJECT:
Authorize a Purchase Agreement with Thoth Solutions, Inc., for Security Professional Services for
the Information Technology Solutions Department
RECOMMENDATION:
It is recommended that the City Council authorize a purchase agreement for security professional services
with Thoth Solutions, Inc., for the Information Technology Solutions Department (IT Solutions) for an
amount not to exceed $95,000.00.
DISCUSSION:
The professional services consulting agreement with Thoth Solutions will provide enhanced and improved
security communications for the City of Fort Worth network infrastructure. Additionally, Thoth Solutions will
make improvements to the existing security web site content and evaluate internal documentation,
processes, procedures and propose changes to security policy. Thoth will also evaluate and make
recommendations regarding security alerts, automation and the reporting function of the security
management software. Some highlighted outcomes will be a revamped Quarterly Security Program
Newsletter, website and security user's manual. Additionally, the City will be enabled with more robust and
enhanced security policies that will provide increased protection, management, regulatory compliance and
control of sensitive data.
Thoth Solutions, Inc., is an authorized contracting agency with General Services Administration (GSA). The
E-Government Act of 2002 authorized GSA sales of technology products and services from Schedule 70 to
State and Local Governments. This cooperative purchasing program satisfies otherwise applicable bidding
requirements.
M/WBE - A M/WBE goal is not assigned when purchasing from an approved purchasing cooperative or
other public entity.
FISCAL INFORMATION/CERTIFICATION:
The Finance Director certifies that funds are available in the current operating budget, as appropriated, of
the Information Systems Fund.
BQN\06-0008\LGS
TO Fund/AccounVCenters FROM Fund/Account/Centers
http://www.cfwnet.org/council_packet/Reports/mc_print.asp 4/20/2006
Page 2 of 2
P168 539120 0041100 $95,000.00
Submitted for City Manager's Office by; Richard Zavala (Acting) (6222)
Originating Department Head: Jim Keyes (8517)
Robert Combs (8357)
Additional Information Contact: Pete Anderson (8781)
http://www.cfwnet.org/council_packet/Reports/mc_print.asp 4/20/2006