Loading...
HomeMy WebLinkAboutContract 36645LIMITED ACCESS AGREEMENT CITY SECRETARY 7 1j= N:'TRACT NO. j ; itV� This LIMITED ACCESS AGREEMENT ("Agreement") is made and entered into by and between the CITY OF FORT WORTH ("City"), a home rule municipal corporation organized under the laws of the State of Texas and situated in portions of Tarrant, Denton and Wise Counties, Texas, and CH21V! HILL INC. ("Contractor"). The following statements are true and correct and form the basis of this Agreement: WHEREAS: A. The City owns and operates a file server computer system and network (collectively the "Network"). B. Contractor wishes to access the City's network. C. The Contractor will provide Integrated Program Management for Capital project delivery to be executed in (4) phases. In order to provide services per City Secretary Contract ("CSC") No. 36323, "Standard Agreement for Engineering Services," Contractor needs access to the City of Fort Worth Global Address List, The City is willing to grant Contractor access to the Network, subject to the terms and conditions set forth in this Agreement and in the City's standard outside connections policy, ("Extranet Standard") attached as Exhibit "A" and hereby incorporated by reference and made a part of this Agreement for all purposes herein. 1. F NOW, THEREFORE, the City and Contractor hereby agree as follows: GRANT OF LIMITED ACCESS. Contractor is hereby granted a limited right of access to the City's IT Service Management Network for the sole purpose of sending a -mails and setting meetings as work is done on Integrated Program Management for the length of time necessary to complete the services pursuant to CSC No, 36323. The City will provide Contractor with a password and access number or numbers as necessary. NETWORK RESTRICTIONS. 2.1. Contractor may not share any passwords or access number or numbers provided by the City except with Contractor's officers, agents, servants or employees who work directly with this project. 2.2. Contractor acknowledges, agrees and hereby gives its authorization to the City to monitor Contractor's use of the City's Network in order to ensure Contractor's compliance with this Agreement. 2.3. A breach by Contractor, its officers, agents, servants or employees, of this Agreement and any other written instructions or guidelines that the City provides to Contractor pursuant to this Agreement shall be grounds for the City immediately to deny Contractor access to the Network and Contractor's Data in addition to any other remedies that the City may have under this Agreement or at law or in equity. 2.4. The City may terminate this Agreement at any time and for any reason. 3. LIABILITY AND INDEMNIFICATION. CONTRACTOR SHALL BE LIABLE AND RESPONSIBLE FOR ALL DAMAGES THAT THE CITY MAY INCUR DIRECTLY ON ACCOUNT OF ANY BREACH OF THIS AGREEMENT BY CONTRACTOR, ITS OFFICERS, AGENTS, SERVANTS OR EMPLOYEES. THE CITY, ITS OFFICERS, AGENTS, SERVANTS AND EMPLOYEES, SHALL NOT BE LIABLE FOR ANY DAMAGES THAT CONTRACTOR MAY INCUR AS A RESULT OF THE C/TY'S RESTRICTIONS TO OR DENIAL OF ACCESS TO CONTRACTOR'S DATA OR TO THE NETWORK, ON ACCOUNT OF ANY BREACH OF THIS AGREEMENT BY CONTRACTOR, ITS OFFICERS, AGENTS, SERVANTS OR EMPLOYEES, OR FOR ANY REASONABLE SECURITY MEASURES TAKEN BY THE CITYY, IN ADDITION, CONTRACTOR SHALL BE LIABLE AND RESPONSIBLE FOR ANY AND ALL PROPERTY LOSS, PROPERTY DAMAGE AND/OR PERSONAL INJURY, INCLUDING DEATH, AND ALL CLAIMS, DEMANDS AND JUDGMENTS THEREFORE, TO THE EXTENT CAUSED BY THE NEGLIGENT ACT(S) OR OMISSION(S) OR INTENTIONAL MISCONDUCT OF CONTRACTOR, ITS OFFICERS, AGENTS, SERVANTS AND/OR EMPLOYEES. CONTRACTOR, AT CONTRACTOR'S OWN COST OR EXPENSE, HEREBY AGREES TO INDEMNIFY, DEFEND AND HOLD HARMLESS THE CITY, ITS OFFICERS, AGENTS, SERVANTS AND/OR EMPLOYEES FROM AND AGAINST ANY CLAIM, LAWSUIT, DEMAND OR OTHER ACTION TO THE EXTENT THAT THE SAME ARISES FROM THE NEGLIGENT ACT(S) OR OMISSION(S) OR INTENTIONAL MISCONDUCT OF CONTRACTOR, ITS OFFICERS, AGENTS, SERVANTS OR EMPLOYEES. 4. AMENDMENTS. The terms of this Agreement shall not be waived, altered, modified, supplemented, or amended in any manner except by written instrument signed by an authorized representative of both the City and Contractor. 5. ENTIRE AGREEMENT. This Agreement is cumulative of and in addition to any written contracts, agreements, understandings or acknowledgments with the City signed by Contractor. This Agreement and any other documents incorporated herein by reference constitute the entire understanding and Agreement between the City and Contractor as to the matters contained herein regarding Contractor's access to and use of the City's Network. The signature below of an authorized representative acknowledges that the Contractor has read this Agreement and agrees to be bound by terms and conditions set forth herein. In the event of conflict between this Agreement and CSC No. 36323, as it relates to Network access, this Agreement shall control.wwwwwwwwww 6. CONFIDENTIAL INFORMATION. Contractor, for itself and its officers, agents and employees, agrees that it shall treat all information provided to it by the City as confidential and shall not disclose any such 2 information to a third party without the prior written approval of the City. Contractor further agrees that it shall store and maintain City Information in a secure manner and shall not allow unauthorized users to access, modify, delete or otherwise corrupt City Information in any way. Contractor shall notify the City immediately if the security or integrity of any City information has been compromised or is believed to have been compromised. 7. Right to Audit Contractor agrees that the City shall, during the initial term, and until the expiration of three (3) years after termination or expiration of this Agreement, have access to and the right to examine at reasonable times any directly pertinent books, data, documents, papers and records, both hard copy and electronic, of the Contractor involving transactions relating to this Contract. Contractor agrees that the City shall have access during normal working hours to all necessary Contractor facilities and shall be provided adequate and appropriate work space in order to conduct audits in compliance with the provisions of this section. The City shall give Contractor reasonable advance notice of intended audits. Contractor further agrees to include in all its subcontractor agreements hereunder a provision to the effect that the subcontractor agrees that the City shall, during the initial term, and until expiration of three (3) years after termination or expiration of the subcontract, have access to and the right to examine at reasonable times any directly pertinent books, data, documents, papers and records, both hard copy and electronic, of such subcontractor involving transactions related to the subcontract, and further that City shall have access during normal working hours to all subcontractor facilities and shall be provided adequate and appropriate work space in order to conduct audits in compliance with the provisions of this paragraph. City shall give subcontractor reasonable notice of intended audits. IN WITNESS WHEREOF, the parties hereto have executed this Agreement on this CITY OF FORT WORTH: Assistant City Manager KAREN L. MONTGOMERY %� Assistant City Manager/CFO ATTEST: By: �l 2���`cz� L City Sbcretary APPROVED AS TO FORM AND LEGALITY: By: Assistant City Attorney LA & C: none required CH2M HILL INC.: By: Aut orized Signature Printed Name:_ Otv � LL Title: IIIC.E i�wr A TTr l'.T. 3 EXHIBIT "A" EXTRANET STANDARD Overview The purpose of this standard is to establish the requirements under which third party organizations may connect to the City of Fort Worth networks for the purpose of transacting City business. The standards listed are specific activities required by Section 2.2 of the City of Fort Worth Information Security Policy. Scope Connections between third parties that require access to non-public City of Fort Worth resources fall under this standard, regardless of whether a telecommunications circuit (such as frame relay or ISDN) or Virtual Privacy Network (VPN) technology is used for the connection. Connectivity to third parties such as the Internet Service Providers (ISPs) that provide Internet access for the City of Fort Worth or to the Public Switched Telephone Network do not fall under this standard. Standard Security Review All new extranet connectivity will go through a security review with the Information Security department (IT Solutions). The reviews are to ensure that all access matches the business requirements in a best possible way, and that the principle of least access is followed. Third Party Connection Agreement All new connection requests between third parties and the City of Fort Worth require that the third party and the City of Fort Worth representatives agree to and sign a third party agreement. This agreement must be signed by the Director of the sponsoring organization as well as a representative from the third party who is legally empowered to sign on behalf of the third party. The signed document is to be kept on file with IT Solutions. All documents pertaining to connections into the City of Fort Worth labs are to be kept on file with IT Solutions. Business Case All production extranet connections must be accompanied by a valid business justification, in writing, that is approved by a project manager in IT Solutions. Lab connections must be approved by IT Solutions. Typically this function is handled as part of a third party agreement. The sponsoring organization must designate a person to be the Point of Contact (POC) for the Extranet connection. The POC acts on behalf of the sponsoring organization, and is responsible for those portions of this policy and the third party agreement that pertain to it. In the event that the POC changes, IT Solutions must be informed promptly. Establishing Connectivity Sponsoring organizations within the City of Fort Worth that wish to establish connectivity to a third party are to file a new site request with IT Solutions to address security issues inherent in the project. If the proposed connection is to terminate within a lab at the City of Fort Worth, the sponsoring organization must engage IT Solutions. The sponsoring organization must provide full and complete information as to the nature of the proposed access to the extranet group and IT Solutions, as requested. All connectivity established must be based on the least -access principle, in accordance with the approved business requirements and the security review. In no case will the City of Fort Worth rely upon the third party to protect the City of Fort Worth's network or resources. Modifying or Changing Connectivity and Access All changes in access must be accompanied by a valid business justification, and are subject to security review. Changes are to be implemented via corporate change management process. The sponsoring organization is responsible for notifying IT Solutions when there is a material change in their originally provided information so that security and connectivity evolve accordingly. Terminating Access When access is no longer required, the sponsoring organization within the City of Fort Worth must notify IT Solutions, which will then terminate the access. This may mean a modification of existing permissions up to terminating the circuit, as appropriate. IT Solutions must conduct an audit of their respective connections on an annual basis to ensure that all existing connections are still needed, and that the access provided meets the needs of the connection. Connections that are found to be deprecated, and/or are no longer being used to conduct the City of Fort Worth business, will be terminated immediately. Should a security incident or a finding that a circuit has been deprecated and is no longer being used to conduct the City of Fort Worth business necessitate a modification of existing permissions, or termination of connectivity, IT Solutions will notify the POC or the sponsoring organization of the change prior to taking any action. Definitions Circuit For the purposes of this policy, circuit refers to the method of network access, whether it's through traditional ISDN, Frame Relay etc. or via VPN encryption technologies. Sponsoring Organization The City of Fort Worth organization that requested that the third party have access to the City of Fort Worth network. Third Party A business that is not a formal or subsidiary part of the City of Fort Worth. 5