The URL can be used to link to this page

Home My WebLink AboutContract 39631CITY SECRETAR` CONTRACT NCB PROFESSIONAL SERVICES AGREEMENT This PROFESSIONAL SERVICES AGREEMENT ("Agreement") is made and entered into by and between the CITY OF FORT WORTH (the "City"), a home rule municipal corporation situated in portions of Tarrant, Denton and Wise Counties, Texas, acting by and through Karen L. Montgomery, its July authorized Assistant City Manager, and CIBER, INC. ("Consultant"), a Delaware corporation and acting by and through its duly authorized representative. The Contract Documents for this Agreement shall consist of the following: A. This Professional Service Agreement B. Exhibit A Statement of Work C. Exhibit B Network Access Agreement D. Exhibit C DIR Contract DIR-SDD-685 In the event of a conflict between the documents, the order of precedence shall be (1) this Professional Service Agreement, (2) the Statement of Work, and (3) DIR Contract DIR DIR-SDD-685. All documents listed above are attached hereto and made a part of this Agreement for all purposes. 1. SCOPE OF SERVICES. Consultant hereby agrees to provide the City with professional consulting services for the purpose of a Business Impact Analysis of the Information Technology Department. Attached hereto and incorporated for all purposes incident to this Agreement is Exhibit "A," Statement of Work, more specifically describing the services to be provided hereunder. 2. TERM. This Agreement shall commence upon the last date that both the City and Consultant have executed this Agreement ("Effective Date") and shall continue in full force and effect until completion of all services contemplated herein, unless terminated earlier in accordance with the provisions of this Agreement. 3. COMPENSATION. The City shall pay Consultant an amount not to exceed $132,000 in accordance with the provisions of this Agreement. Consultant shall not perform any additional services for the City not specified by this Agreement unless the City requests and approves in writing the additional costs for such services. The City shall not be liable for any additional expenses of Consultant not specified by this Agreement unless the City first approves such expenses in writing. 4. TERMINATION. 4.1. Written Notice. The City or Consultant may terminate this Agreement at any time and for any reason by providing the other party with 30 days written notice of termination. 4.2 Non -appropriation of Funds. In the event no funds or insufficient funds are appropriated by the City in any fiscal period for any payments due hereunder, City will notify Consultant of such occurrence and this Agreemeht shall terminate on the last day of the fiscal period for which appropriations were received without penalty or expense to the City of any kind whatsoever, except as to -the -portions Professional Services Agreement Ciber, Inc. Page 1 of 7 OFFICIAL RECORD FT.WORTH, TX of the payments herein agreed upon for which funds shall have been appropriated. 4so Duties and Obligations of the Parties. In the event that this Agreement is terminated prior to the Expiration Date, the City shall pay Consultant for services actually rendered up to the effective date of termination and Consultant shall continue to provide the City with services requested by the City and in accordance with this Agreement up to the effective date of termination. 5. DISCLOSURE OF CONFLICTS AND CONFIDENTIAL INFORMATION. Consultant hereby warrants to the City that Consultant has made full disclosure in writing of any existing or potential conflicts of interest related to Consultant's services under this Agreement. In the event that any conflicts of interest arise after the Effective Date of this Agreement, Consultant hereby agrees immediately to make full disclosure to the City in writing. Consultant, for itself and its officers, agents and employees, further agrees that it shall treat all information provided to it by the City as confidential and shall not disclose any such information to a third party without the prior written approval of the City. Consultant shall store and maintain City Information in a secure manner and shall not allow unauthorized users to access, modify, delete or otherwise corrupt City Information in any way. Consultant shall notify the City immediately if the security or integrity of any City information has been compromised or is believed to have been compromised. 6. RIGHT TO AUDIT. Consultant agrees that the City shall, until the expiration of three (3) years after final payment under this contract, have access to and the right to examine at reasonable times any directly pertinent books, documents, papers and records of the consultant involving transactions relating to this Contract A no additional cost to the City. Consultant agrees that the City shall have access during normal working hours to all necessary Consultant facilities and shall be provided adequate and appropriate work space in order to conduct audits in compliance with the provisions of this section. The City shall give Consultant reasonable advance notice of intended audits. Consultant further agrees to include in all its subcontractor agreements hereunder a provision to the effect that the subcontractor agrees that the City shall, until expiration of three (3) years after final payment of the subcontract, have access to and the right to examine at reasonable times any directly pertinent books, documents, papers and records of such subcontractor involving transactions related to the subcontract, and further that City shall have access during normal working hours to all subcontractor facilities and shall be provided adequate and appropriate work space in order to conduct audits in compliance with the provisions of this paragraph. City shall give subcontractor reasonable notice of intended audits. Nothing in this agreement shall require Consultant or its subcontractor to produce or provide access to any document, materials, or information in any form or on any media, which is subject to a legitimate claim of exclusion, privilege, or protection recognized under federal or state law, including, but not limited to, the attorney -client and the attorney work product privileges. 7. INDEPENDENT CONTRACTOR. It is expressly understood and agreed that Consultant shall operate as an independent contractor as to all rights and privileges granted herein, and not as agent, representative or employee of the City. Subject to and in accordance with the conditions and provisions of this Agreement, Consultant shall have the exclusive right to control the details of its operations and activities and be solely responsible for the acts and omissions of its officers, agents, servants, employees, contractors and subcontractors. Consultant acknowledges that the doctrine of respondent superior shall not apply as between the City, its officers, agents, servants and employees, and Consultant, its officers, agents, Professional Services Agreement Ciber, Inc. Page 2 of 7 employees, servants, contractors and subcontractors. Consultant further agrees that nothing herein shall be construed as the creation of a partnership or joint enterprise between City and Consultant. Notwithstanding the foregoing, the City acknowledges and agrees that in its performance %J the services, Consultant is entitled to reasonably rely on the information and materials the City, its officers, agents, servants and employees, provide to the Consultant, its officers, agents, employees, servants, contractors and subcontractors. 8. LIABILITY AND INDEMNIFICATION. The parties agree that the provisions of Exhibit C, DIR Contract No. DIR-SDD-685, Appendix A, Standard Terms and Conditions for Services Contracts, page 8, Section 7.A.2. Vendor Responsibilities, Indemnification, Acts or Omission Subsection C shall apply to this Agreement. 9. ASSIGNMENT AND SUBCONTRACTING. Consultant shall not assign or subcontract any of its duties, obligations or rights under this Agreement without the prior written consent of the City. If the City grants consent to an assignment, the assignee shall execute a written agreement with the City and the Consultant under which the assignee agrees to be bound by the duties and obligations of Consultant under this Agreement. The Consultant and Assignee shall be jointly liable for all obligations under this Agreement prior to the assignment. If the City grants consent to a subcontract, the subcontractor shall execute a written agreement with the Consultant referencing this Agreement under which the subcontractor shall agree to be bound by the duties and obligations of the Consultant under this Agreement as such duties and obligations may apply. The Consultant shall provide the City with a fully executed copy of any such subcontract. 10. INSURANCE. Consultant shall provide the City with certificates) of insurance documenting policies of the following minimum coverage limits that are to be in effect prior to commencement of any work pursuant to this Agreement: 10.1 Coverage and Limits (a) Commercial General Liability $110001000 Each Occurrence $1,000,000 Aggregate (b) Automobile Liability $1,000,000 Each accident on a combined single limit basis or $250,000 Property damage $500,000 Bodily injury per person per occurrence Coverage shall be on any vehicle used by the Consultant, its employees, agents, representatives in the course of the providing services under this Agreement. "Any vehicle" shall be any vehicle owned, hired and non -owned (c) Worker's Compensation Statutory limits Employer's liability $100,000 Each accident/occurrence $100,000 Disease - per each employee $500,000 Disease - policy limit This coverage may be written as follows: Professional Services Agreement Ciber, Inc. Page 3 of 7 Workers' Compensation and Employers' Liability coverage with limits consistent with statutory benefits outlined in the Texas workers' Compensation Act (Art. 8308 — 1.01 et seq. Tex. Rev. Civ. Stat.) and minimum policy limits for Employers' Liability of $100,000 each accident/occurrence, $500,000 bodily injury disease policy limit and $100,000 per disease per employee (d) Technology Liability (Errors &Omissions) $1,000,000 Each Claim Limit $1,000,000 Aggregate Limit Technology coverage may be provided through an endorsement to the Commercial General Liability (CGL) policy, or a separate policy specific to Technology E&O. Either is acceptable if coverage meets all other requirements. Coverage shall be claims -made, and maintained for the duration of the contractual agreement and for two (2) years following completion of services provided. An annual certificate of insurance shall be submitted to the City to evidence coverage. 10.2 Certificates. Certificates of Insurance evidencing that the Consultant has obtained all required insurance shall be delivered to the City prior to Consultant proceeding with any work pursuant to this Agreement. The Commercial General Liability and Automobile Liability policies shall be endorsed to name the City as an additional insured thereon, as its interests may appear. The term City shall include its employees, officers, officials, agent, and volunteers in respect to the contracted services. Any failure on the part of the City to request required insurance documentation shall not constitute a waiver of the insurance requirement. A minimum of thirty (30) days notice of cancellation or reduction in limits of coverage shall be provided to the City. Ten (10) days notice shall be acceptable in the event of non-payment of premium. Such terms shall be endorsed onto Consultant's insurance policies. Notice shall be sent to the Risk Manager, City of Fort Worth, 1000 Throckmorton, Fort Worth, Texas 76102, with copies to the City Attorney at the same address. 11. COMPLIANCE WITH LAWS ORDINANCES, RULES AND REGULATIONS. Consultant agrees to comply with all applicable federal, state and local laws, ordinances, rules and regulations. If the City notifies Consultant of any violation of such laws, ordinances, rules or regulations, Consultant shall immediately desist from and correct the violation. 12. NON-DISCRIMINATION COVENANT. Consultant, for itself, its personal representatives, assigns, subcontractors and successors in interest, as part of the consideration herein, agrees that in the performance of Consultant's duties and obligations hereunder, it shall not discriminate in the treatment or employment of any individual or group of individuals on any basis prohibited by law. If any claim arises from an alleged violation of this non- discrimination covenant by Consultant, its personal representatives, assigns, subcontractors or successors in interest, Consultant agrees to assume such liability and to indemnify and defend the City and hold the City harmless from such claim. 13. NOTICES. Notices required pursuant to the provisions of this Agreement shall be conclusively determined to have been delivered when (1) hand -delivered to the other party, its agents, employees, servants or representatives, (2) delivered by facsimile with electronic confirmation of the transmission, or (3) Professional Services Agreement Ciber, Inc. Page 4 of 7 received by the other party by United States Mail, registered, return receipt requested, addressed as follows: To The CITY: City of Fort Worth/IT Solutions 1000 Throckmorton Fort Worth TX 7610M311 Facsimile: (817) 392-8654 14. SOLICITATION OF EMPLOYEES. To CONSULTANT: CIBER, Inc. 4515 Seton Center Parkway, Suite 100 Austin TX 78759 With a copy to: CIBER, Inc. 5251 DTC Parkway, Suite 1400 Greenwood Village, CO 80111 Attn Law Department Phone (303) 22M100 Fax (303) 224-4125 Neither the City nor Consultant shall, during the term of this agreement and additionally for a period of one year after its termination, solicit for employment or employ, whether as employee or independent contractor, any person who is or has been employed by the other during the term of this agreement, without the prior written consent of the person's employer. This provision does not prohibit either party from soliciting employment through general circulation advertising that is not targeted at the employees of the other party. 15. GOVERNMENTAL POWERS. It is understood and agreed that by execution of this Agreement, the City does not waive or surrender any of its governmental powers. 16. NO WAIVER. The failure of the City or Consultant to insist upon the performance of any term or provision of this Agreement or to exercise any right granted herein shall not constitute a waiver of the City's or Consultant's respective right to insist upon appropriate performance or to assert any such right on any future occasion. 17. GOVERNING LAW /VENUE. This Agreement shall be construed in accordance with the internal laws of the State of Texas. If any action, whether real or asserted, at law or in equity, is brought on the basis of this Agreement, venue for such action shall lie in state courts located in Tarrant County, Texas or the United States District Court for the Northern District of Texas, Fort Worth Division. 18. SEVERABILITY. If any provision of this Agreement is held to be invalid, illegal or unenforceable, the validity, legality and enforceability of the remaining provisions shall not in any way be affected or impaired. Professional Services Agreement Ciber, Inc. Page 5 of 7 19. FORCE MAJEURE. The parties agree that the provisions of Exhibit C DIR Contract No. DIR-SDM85 Appendix A, Standard Terms and Conditions for Services Contracts, page 15, Section 8.C. Force Majeure shall apply to this Agreement. 20. HEADINGS NOT CONTROLLING. Headings and titles used in this Agreement are for reference purposes only and shall not be deemed a part of this Agreement. 21. REVIEW OF COUNSEL. The parties acknowledge that each party and its counsel have reviewed and revised this Agreement and that the normal rules of construction to the effect that any ambiguities are to be resolved against the drafting party shall not be employed in the interpretation of this Agreement or exhibits hereto. 22. AMENDMENTS /MODIFICATIONS / EXTENSTIONS. No extension, modification or amendment of this Agreement shall be binding upon a party hereto uNess such extension, modification, or amendment is set forth in a written instrument, which is executed by an authorized representative and delivered on behalf of such party. 23. ENTIRETY OF AGREEMENT. This Agreement, including the schedule of exhibits attached hereto and any documents incorporated herein by reference, contains the entire understanding and agreement between the City and Consultant, their assigns and successors in interest, as to the matters contained herein. Any prior or contemporaneous oral or written agreement is hereby declared null and void to the extent in conflict with any provision of this Agreement. 24. LIMITATION OF LIABILITY. For any claim or cause of action arising under or related to this Agreement, none of the parties shall be liable to the other for punitive, special, or consequential damages, even if it is advised of the possibility of such damages. [SIGNATURE PAGE FOLLOWS] Professional Services Agreement Ciber, Inc. Page 6 of 7 IN WITNESS WHEREOF, the parties hereto have executed this Agreement in multiples thisday of o :& ` 1 200C. CITY OF FORT WORTH: Assistant City Manag Date: /4) -L r 0 By: U Marty Hend City Secretary APPROVED AS TO FORM AND LEGALITY: 6: Maleshia B. Farmer Assistant City Attorney Contract Authorization Date Professional Services Agreement Ciber, Inc. Page 7 of 7 CIBER, INC. By: Name: S Title: up, Date: 100L lu vL ATTEST: By: OFFICIAL RECORD CITY SECRETARY FT. WORTH, TX Statement of Work for Business Impact Analysis 23 September 2009 Prepared For: Allen B. Bourque Senior IT Manager 817.392.2880 Allen.Bourque@fortworthgov.org Submitted in Confidence by: CIBER1 Inc. Mary Anne Clement Senior Solutions Consultant 4515 Seton Center Parkway, Suite 100 Austin, Texas 78759 (512) 381-3369 or (512) 983-0884 maclement(ciber.com City of Fort Worth Statement of Work Table of Contents • IL 1 INTRODUCTION............................................................................................................................................. 1 2 SCOPE AND TECHNICAL ENVIRONMENT........................................................................................................ 1 2.1 INSCOPE .........................................................................................................................................................1 2.2 OUT OF SCOPE. 0 a 0 P 0 a 4 0 0 a a a a 0 0 0 a 6 a 0 a 0 0 a 2 6 0 6 a P a 0 0 0 0 * 0 0 4 0 0 0 0 9 0 a 9 0 0 a 0 a 9 a 0 a 0 0 0 0 S 0 0 9 6 a 6 0 a 6 r 0 a 0 4 0 a 0 9 a a a 0 a 0 a a 9 0 0 0 0 a 0 a a a 0 a 0 a a 0 a 0 # a 4 & a 0 a a a 0 a 9 0 a 9 0 0 0 0 a 0 0 a a 9 a a a 0 0 * a 0 0 0 0 a a a 2 3 DELIVERABLES...............................................................................................................................................2 3.1 ACCEPTANCE MANAGEMENT..............................................................................................................................2 4 WORK APPROACH......................................................................................................................................... 3 4.1 BUSINESS IMPACT ANALYSIS................................................................................................................................4 4.2 RISK ASSESSMENT..... few Sea BE be moomontoon *as somas sonateemon sees a 0 a a 0 a 0 0 a 4 0 t 0 a a a a a 0 a 0 0 a 0 0 0 a a 0 a 9 W a a a 0 a 0 0 0 0 0 a 0 a 0 0 0 0 9 0 0 a 0 0 a 0 P a 05 4.3 REMEDIATION ROADMAP DEVELOPMENT..............................................................................................................6 4.4 REQUIRED CITY PARTICIPATION...........................................................................................................................7 5 ROLES AND RESPONSIBILITIES....................................................................................................................... 7 5.1 PROJECT ORGANIZATION....................................................................................................................................7 5.2 C I B E R ROLES...................................................................................................................................................7 5.3 ITS ROLES....................................................................................................................................................... 8 6 MANAGEMENT APPROACH...........................................................................................................................8 6.1 PROJECT PLANNING...........................................................................................................................................8 6.2 PROJECT RISK MANAGEMENT.......... was Few *of** Soma* mosomsonomon S*Somsom **$Poo$ S*S000m a Samoan 9 9 6.3 PROJECT CONTROL..........................................................................................................................................10 6.4 PROJECT COMMUNICATIONS.............................................................................................................................10 6.5 MANAGEMENT REVIEW...................................................................................................................................11 6.6 CHANGE MANAGEMENT..................................................................................................................................12 6.7 QUALITY ASSURANCE.......................................................................................................................................13 6.8 ACCEPTANCE MANAGEMENT............................................................................................................................14 7 PROJECT SCHEDULE......... Dome@ **N1111ded @as 0868888888 5 9 6 poppoem 0 Dalleemead &*1011Goof amesessoom passaaalled &sallas *00620 appeal to *pop metals 8 PROJECT FEES...............................................................................................................................................16 8.1 PROJECT FEES................................................................................................................................................16 9 SIMILAR ENGAGEMENTS..............................................................................................................................16 10 APPROVALS..................................................................................................................................................17 APPENDIX A —SAMPLE CHANGE REQUEST FORM............................................................................................... A-1 APPENDIX B —SAMPLE DELIVERABLE/SERVICE ACCEPTANCE FORM................................................................... B-1 September23, 2009 �I City of Fort Worth 1 INTRODUCTION Statement of Work The City of Fort Worth (City) has asked CIBER to respond to their request for a quote to execute a Business Impact Analysis (BIA) of the Information Technology Solutions (ITS) Department. The BIA will: • For speced City departments, document those critical business functions (CBF) which depend on both ITS -provided and non -ITS -provided IT services. • Determine and document those IT services which support customer department CBFs. These "critical services" will be the focus of the analysis. Document the impact to City stakeholders if those CBFs were interrupted or degraded because of an interruption or degradation of critical IT services. • Document the business continuity requirements (specifically, recovery time objectives and service -levels) for critical IT services. Establish a list of critical resources (personnel, third -party service providers, facilities, logistics, and information technology) required to support the critical IT services. Assess risks to those critical resources. • Develop ahigh-level "road -map" to address remediation of any gaps between the documented business continuity requirements for IT services and the current capability of ITS and the customer departments to support those requirements. 2 SCOPE AND TECHNICAL ENVIRONMENT 2.1 In Scope The entire ITS enterprise (functions and resources) will be the subject of the BIA. The following ITS customer departments, to the degree they non -ITS -provided IT services, are in scope for determining associated critical resources. Aviation • Code Compliance • Community Relations Environmental Management • Equipment Services Financial Management Services • Fire • Housing and Economic Development • Human Resources rely upon ITS -provided and the critical services and the September 23, 2009 � City of Fort Worth 2.2 3.1 IT Solutions • Library • Municipal Courts Statement of Work Parks and Community Services • Planning and Development • Police Public Events Transportation and Public Works Cable Communications Emergency Management Office • Water** (may be optional — included in our estimates) Out of Scope Services and their associated resources which are not owned, operated, or managed by ITS or the ITS Customer Departments listed in Section 2.1, are out of scope for the BIA. DELIVERABLES GIBER will deliver a Business Impact Analysis detailing the organization's readiness to respond to disruptions in the operating environment. The BIA will outline the potential for loss of life, property, service capability, and income in the event of a failure of the operating environment. The BIA will contain: • A list of critical ITS -provided and non -ITS -provided IT services holistically prioritized according to the impacts of their interruption or degradation on the target departments and their stakeholders. • Recovery time objectives (RTOs) and required service levels of the discovered critical ITS -provided services. • An assessment of risks to the availability of critical IT resources (personnel, third - party service providers, facilities and IT). • A high-level "road -map" addressing the remediation of gaps between the documented business continuity requirements and the current capability of ITS and ITS customer departments to support those requirements. Acceptance Management CIBER's Acceptance Management process ensures that deliverables or services provided by GIBER during the project are presented to the City for acceptance. Formal acceptance by the City indicates that the deliverable and/or service have been completed in accordance with this SOW. September23, 2009 • City of Fort Worth Statement of Work i The CIBER Project Manager is responsible for obtaining the City's formal acceptance of the project deliverables and services in accordance with the specific Acceptance Management process policies described below and further defined in the Project Governance Plan: 30101 Alternatives to formal signatures on paper documents In lieu of a signed Deliverable/Service Acceptance Form (Appendix B — Sample Deliverable/Service Acceptance Form), an e-mail message with the same information that is included in Appendix B sent directly from the City approver to the CIBER Project Manager indicating acceptance or rejection of a deliverable or service constitutes formal acceptance or rejection. 3.1.2 Approval/rejection turnaround timeframe The City approver will accept or reject the deliverable or service within five (5) business days from the receipt of the Deliverable/Service Acceptance Form. 3.1.3 Course of action if an approver is unavailable or does not respond with a decision in the time specified If the City approver does not accept or reject the deliverable or service within five (5) business days from the receipt of the Deliverable/Service Acceptance Form and does not communicate a timeframe in which a decision will be made, the deliverable or service will be considered accepted: Any acceptance/rejection decision will be logged, tracked and escalated as a project issue in accordance with the project's Issue Management Process. Work will progress to maintain the established project schedule, with the understanding that any work dependent upon a rejected deliverable or service is at risk of re -work. • A change request may result if modifications to the deliverable or service are required and those modifications affect other project work, or work that proceeded at risk. Approvers) for project deliverables/services The approver (s) for this engagement will be Allen Bourque and Steve Streiffert. 4 WORK APPROACH The Business Impact Analysis and Risk Assessment provide the foundational information for all subsequent business continuity and operational risk management activities. A good BIA is essential to both cost-effective business continuity and security planning. The process CIBER will use for the BIA and RA is shown in Figure 1. September 23, 2009 3 City of Fort Worth Statement of Work Figure 1. BIA/RA Process Flow 4.1 Business Impact Analysis jLber° BIA is the process of identifying and prioritizing critical functions and the resources which support those functions. BIA prioritizes functions according to their impact on the City mission if interrupted or degraded. Critical functions are those which, if interrupted or severely degraded would prevent the City from conducting its mission. CIBER gains its understanding of the City's IT environment by collecting: ITS and ITS customer department senior management vision, mission, organization, goals, and objectives. ITS and customer department senior management assumptions and constraints regarding function criticality. Criticality criteria established by City senior management. Criticality usually changes according to when an incident occurs and how long an interruption or degradation lasts. An inventory of customer department functions. An inventory of ITS internal functions. Relationships and interdependence between the functions. City-wide mission impacts expected from the disruption or degradation of each critical function. September 23, 2000 � City of Fort Worth Statement of Work • The resources (e.g. personnel, facilities, technology, service providers, vendors, supplies, etc.) required to support each function. Recovery Time Objectives (RTO) for each function. Required service levels for each function. Expectations or mandates from Federal or State regulations and commercial contracts. • An inventory of ITS -provided and non -ITS -provided IT services. Platforms and other resources supporting these services. • Common workstation and office support requirements (space, furniture, equipment). Physical security architecture (doors, windows, locks, access systems). • Existing business continuity, disaster recovery, and emergency response practices. Existing backup and recovery strategy (inclusive of off -site storage and rotation schedules). Existing service recovery strategies. • Software management and storage practices. • Infrastructure services used. • Minimum resource requirements during a recovery effort. Gathering this information will occur primarily through interviews with the ITS and customer department's senior management and subject matter experts (SMEs). Information gathered will be validated after collection. CIBER may also employ surveys, workshops, and reviews of available documentation as necessary to collect the needed information. The outputs of the BIA will be: An understanding of the enterprise impacts expected from a disruption of each function. Recovery time objectives (RTOs). • Prioritization of critical functions. • Required minimum service level for each function. • Determination of which functions are critical to continuity of government. Determination of the critical resources (those resources which support one or more critical functions. Determination of risks to the critical resources. 4.2 Risk Assessment RA is the process of identifying and prioritizing risks. A risk comprises resource vulnerability, a threat that can compromise or exploit that vulnerability, and the impact of such compromise or exploitation. Because RA should be in-depth, the CIBER approach is to only September23, 2009 � • City of Fort Worth Statement of Work analyze the risks to critical resources as determined by the BIA. It is the RA which drives the choices of Business Continuity strategies. A good RA is essential to both cost-effective business continuity and security planning. The inputs to the RA will include: • The BIA-established list of critical resources. • The BIA-established list of RTOs. • The set of existing and currently planned risk avoidance and mitigation controls affecting the critical resources. The outputs of the RA will be: • The set of risks to critical resources. The risk -reduction expected by the application of existing controls. • A description of any obvious customer department work-arounds. The level of risk reduction needed to meet the RTOs and service levels as established by the BIA. • The requirements for additional risk reduction. These requirements are the delta between what is needed to meet RTOs, and what is expected from existing controls. CIBER's methodology identifies geographically -specific events from sources such as FEMA, NOAA, USGS, State emergency agencies, and similar organizations in addition to more common events (e.g., fire). In addition, CIBER will look for specific vulnerabilities which could affect the ability of City to serve its citizens. CIBER then classifies the nature of various risks, their relative chances of occurring, the probable effect of the events, the potential duration, and the probability that resources will need to be relocated or recovered if exposure is realized. The risk assessment will be customized to the particular geography and environment of City facilities. Once CIBER has identified the risks to City's critical resources, the relative likelihood of occurrence, and the probable effect, CIBER estimates the costs of interruption. These costs will be used at a later date to evaluate the continuity strategies. Because, the tolerance for a particular risk can only be determined by the entity incurring the risk, CIBER would expect City senior management to provide guidance as to their level of risk tolerance. This will affect the choice of strategies. CIBER will collect BIA and RA information through two primary methods: Collection of documents that contain the required information. • Direct and structured interviews with City senior management and departmental representatives. Such interviews are normally conducted in a group setting using personnel needed as determined by the specific department. CIBER will provide advance copies of the information required. After initial collection, CIBER will request review by City stakeholders to validate and verify collected information. 4.3 Remediation Roadmap Development CIBER will develop a "road -map" for remediation, including high-level risk avoidance or mitigation strategies. The road -map will describe the gaps between current controls and September 23, 2009 6 City of Fort Worth Statement of Work • arc recommended controls, the benefits of adopting each recommended control, and the organizational and budgetary costs of adoption. 4.4 Required City Participation Make customer department management and subject matter experts available for interviews. Two or three customer department interviews will be conducted for each department. Each interview will require approximately two hours. We estimate 34 interviews will be conducted to cover the 19 customer departments listed in section 2.1. • Make ITS senior management, midlevel management, and subject matter experts available for interviews. Approximately 10 interviews will be conducted. Each ITS interview will require approximately two to three hours. Provide requested documentation as described in Sections 4A and 4.2. • Allow site surveys of each City building where ITS resources reside or are stored. 5 ROLES AND RESPONSIBILITIES 5.1 Project Organization Figure 2 illustrates the key roles for CIBER and the City in executing this project. City Project Sponsor CIBER Project Manager CIBER Senior Consultant 5.2 CIBER Roles CIBER Principal / QA CIBER Consultant Figure 2: Organizational Chart Table 1 defines the roles key CIBER resources provide on this project. September 23, 2009 City of Fort Worth 5.3 «I Statement of Work Table 1 - CIDER Roles 1 Role Project Responsibilities CIBER Allocate necessary resources to complete this project in accordance with the agreed upon project schedule Principal Reviews deliverables for quality and ensures CIBER delivery standards are being maintained. Provides main point of contact to the customer and other CIBER resource for this project. Responsible for all Project Manager aspects of project management, issue tracking and resolution, and has approval authority for all necessary decisions. Senior Consultant Hands-on information gathering, analysis, and reporting. Consultant Hands-on information gathering, analysis, and reporting. Note: The resources assigned to these roles will be identified by name at the time that this project commences. CIBER reserves the right to replace/substitute any individual during the course of the project. ITS Roles Table 2 -Client Roles Role Project Responsibilities Provides project direction and guidance. Formal escalation point for the CIBER delivery team for all ITS Project Sponsor issues, risks and problems. This role is mandatory for the execution of this engagement, ITS Provide access to personnel and information, in a timely fashion. MANAGEMENT APPROACH This section provides an overview of the management approach that will be used to ensure that the project will be completed on time, will be wn the budget, and will meet the quality requirements specified. These processes control scope creep, enforce standards for quality assurance, and manage issues and risks. Project Planning CIBER will create and maintain a baseline Project Plan throughout the project life cycle that represents CIBER's scope of work as defined in this SOW and those dependent work efforts that affect the project's schedule or budget. The initial project baseline is established with the City's approval of this SOW as the approved budget, schedule, and scope of the project. 6.1.1 Project Plan Content The baseline Project Plan will contain: September 23, 2009 $ City of Fort Worth Statement of Work CIBER's major activities with detailed tasks and levekof-effort estimates. • Dependencies that affect the projects schedule or budget. • Specific resources allocated to project tasks. • Milestone and deliverable dates. • Project schedule and budget. 6.1.2 Budget Management The CIBER Project Manager will: Establish a baseline budget Measure budget progress against the baseline Determine if budget variances exist and report those variances to the City Communicate budget standing on a regular basis as agreed upon by CIBER and the City 6.1.3 Plan Management During the project, the CIBER Project Manager will: Manage the baseline Project Plan as a configuration item according to the project's Configuration Management Process. • Control change to the planned scope, budget, and schedule through the Project Change Management Process. Track approved changes to scope, budget, and schedule by revising the baseline Project Plan and maintaining its currency. 6.2 Project Risk Management Project risk is any event or condition that may have a negative effect on a project objective. Risk Management is the structured approach to assessing, tracking and minimizing the probability and consequences of adverse events through mitigation strategies and contingency planning. The CIBER Project Manager is responsible for assessing, planning for, tracking, and addressing project risks. Due to the size and duration of this engagement, risks identified by the City or CIBER during this project, will be recorded, tracked, and reported via the Status Report by the CIBER Project Manager. If necessary, a written change order to this SOW agreement may be submitted to aid in resolving project risks. This procedural step must be agreed to by both parties and exists to clearly define and document any significant risks, allowing the project to proceed. September 23, 2009 � City of Fort Worth Statement of Work Table 3. Project Risk Events. 4" jLber° Risk Event Potential Impact Mitigation Strategy Contingency Strategy Example: the City Example: Project Example: the City SMEs are unable to schedule could be sponsor will Example: Secondary attend scheduled extended, requiring coordinate with SMEs SMEs will be identified. interviews a Project Change to ensure they are Request available. 6.3 Project Control 6.3.1 Issue Management Issue Management is a structured approach to identifying, assessing, tracking, and resolving problems during a project. Issues surface unexpectedly and must be addressed expeditiously. The CIBER Project Manager is responsible for documenting, tracking, and bringing to closure project issues. Often, CIBER can execute a project of this size and complexity without encountering any significant issues. If issues are identified during this project by the City or CIBER, the CIBER Project Manager will maintain an Issues Matrix as part of the Project Status Report containing descriptions, responsibilities, dates, and severity of issues identified during the course of the project. If necessary, a written change order to this SOW agreement may be submitted to aid in resolving project issues. This procedural step must be agreed to by both parties and exists to clearly define and document any significant issues, allowing the project to proceed. 6.4 Project Communications Appropriate oversight and effective problem resolution are keys to project success. CIBER will maintain an open line of communication with the City during this engagement, and will review the project status with the City Project Sponsor on a bi-weekly basis by phone call or other agreed upon method. 6.4.1 Status Reporting CIBER will send a status report by e-mail each week on a day mutually agreed upon between CIBER and the City. CIBER will review the status report with the City Project Sponsor each week via telephone or other agreed upon method on a day mutually agreed upon between CIBER and the City. CIBER's standard weekly project status report will provide a: • Summary of Accomplishments for the past week • Summary of planned activities for the next week • Status of Milestones and Deliverables • Analysis of Plan Variances • Summary of issues, risks, and change requests September 23, 2009 `� City of Fort Worth Statement of Work Figure 3 illustrates the CIBER Status Report, iber° Financial Status --- ---- Gurs Remarks Curs experr*3ms penou Gurs sxgaEre t ate Curs commit_ Gurs remainm4 a as s or Fask npi Due Date erl Due Date Explanation awes — - ajar Issue Oaner Date Description Risks (Tfia ner escnptw.r�Jnrr}stwn J anye n ro an�m es.r�awn rntr mpstt , fetus Figure 3: CIBER's Status Report Template 6.4.2 Project Team Meetings The Project Team will meet to review the Project Plan and each team member's progress toward the successful completion of their assigned tasks. The team will focus on Estimates to Complete and early identification and assessment of project issues and change requests. The CIBER Project Manager will meet with the City's designated person or via telephone. Management Review 6.5 hold project team meetings, produce status reports, and sponsor to discuss project progress every week either in CIBER projects undergo scheduled internal progress reviews to ensure that established standards and processes are being followed and that the project is proceeding according to September 23, 2009 � � • City of Fort Worth Statement of Work 1 � 1 plan. Corrective actions are identified, implemented and monitored through project completion. These reviews are performed as needed during the project. 6.6 Change Management Project Change Management is a process by which requests for modifications to the established scope, schedule, or cost are controlled and managed. A defined process for managing change is essential to completing initiatives on time and within budget. The CIBER Project Manager is responsible for ensuring that Change Requests are documented, tracked, and closed. 6.6.1 Project Change Management Process — Overview Project Change Requests for expanded effort, longer timelines, and other project items that may impact cost will be addressed using the form in Appendix A — Sample Change Request Form. The CIBER Project Manager will analyze each Change Request for its impact to the project scope, schedule, and budget. The impacts will be documented as a component of the original Change Request. CIBER's Project Manager will prepare a recommendation for each Change Request and present it for the City's approval via a Change Request Form. (See Appendix A — Sample Change Request Form.) The CIBER Project Manager will implement, close, or defer the Change Request based upon the City's decision to approve, disapprove, or defer the request. For approved Change Requests, the Change Request Form will be appended to this Statement of Work and scope, schedule, and budget impacts will be reflected in an updated baseline Project Plan. Project Change Management Process —Project Specific Policies The following Change Management Process policies apply. 6.6.2.1 Alternatives to formal client signatures on Change Request Forms In lieu of a signed Change Request Form, an a -mail message sent directly from the City Project Sponsor to the CIBER Project Manager indicating approval or rejection of a Change Request constitutes formal approval or rejection for this project. 6.6.2.2 Approval/rejection turnaround timeframe The City Project Sponsor will approve or reject the Change Request within five (5) business days from the receipt of the Change Request Form if initiated by CIBER. The CIBER Project Manager will accept or reject the Change Request within five (5) business days from receipt of the Change Request Form if initiated by the City. If the Change Request equates to 20% of $25,000, approval will be subject to the Cit the total project cost or higher or more than September 23, 2009 1� • City of Fort Worth Statement of Work 6.6.2.3 Course of action if an Approver is unavailable or does not respond with a decision in the timeframe specified If the City Project Sponsor does not approve or reject the Change Request within five (5) business days from the receipt of the Change Request Form, and does not communicate a timeframe in which a decision will be made: • The Change Request decision will be logged, tracked and managed as a `Deferred' request. • Work will progress without incorporating the requested change into the work plan. Where an approval or rejection decision is necessary for the project to progress, the Change Request decision will be logged, tracked and escalated as a project issue in accordance with the project's Issue Management Process, 6.6.2.4 Analysis of `out -of -scope' Change Requests For Change Requests that are determined to be outside the stated project scope, the City Project Sponsor will authorize cost and/or schedule allowance on a Time & Materials basis for the initial analysis of a Change Request, either as direct funding for the analysis effort or as part of the overall funding for the implementation of an approved request. 6.6.2.5 Resolution of scope disputes The CIBER Director of Delivery or Project Manager and the City Project Sponsor will try to resolve any dispute regarding the `in -scope' or `out -of -scope' classification of work by referring to this Statement of Work; the Contract; and any changes, amendments, and attachments to these documents to which the parties have previously agreed in writing. If the CIBER Project Manager and the City Project Sponsor cannot reach agreement within five (5) business days, dispute resolution will be escalated to the City Project Sponsor and the CIBER VP/Area Director (or their respective designees) per the Master Agreement 6.6.2.6 The City Change Request Approvers The following person has been designated by the City as the Approver of Change Requests for the project: Allen Bourque. Alternate approvers may be designated by the City. 6.7 Quality Assurance CIBER's Quality Assurance Process will: Evaluate processes, work products, and services against the applicable process descriptions, standards, and procedures Identify and document noncompliance issues • Provide feedback regarding quality assurance to engagement staff and management. September 23, 2009 `I 3 City of Fort Worth Statement of Work < <_rr c A trained CIBER resource, typically a senior member of the GIBER Practice staff, will conduct Quality Reviews of the Project Plan and all deliverable reports to assess compliance to CIBER policy and standards and document any observed noncompliance. Corrective actions will be noted to assist the project team in addressing each noncompliance observation. The CIBER Director of Delivery will ensure implementation of corrective actions resulting from the Quality Assurance reviews. 6.8 Acceptance Management CIBER's Acceptance Management Process ensures that deliverables or services provided by CIBER during the engagement are presented to the City for acceptance. Formal acceptance by the City indicates that the deliverable or service has been completed in accordance with this Statement of Work. The CIBER Project Manager is responsible for ensuring that engagement deliverables and services are formally accepted by the City. 6.8.1 Acceptance Management Process —Overview The GIBER Project Manager or designee will declare a deliverable or service complete and ready for acceptance when: • Task work efforts have been completed. • Internal Quality Assurance efforts have been conducted. The GIBER Project Manager or designee will validate that the deliverable or service is ready for acceptance and present the deliverable or service, or representative documentation, to the City for acceptance. The City will formally accept the deliverable or service as complete and in conformance with tHIS Statement of Work, or reject the deliverable or service and state reasons for rejection. (See Appendix B — Sample Deliverable/Service Acceptance Form.) The GIBER Project Manager or designee will coordinate efforts to redress deliverables or services rejected by the City. 6.8.2 Acceptance Management Process —Engagement Specific Policies The following Acceptance Management Process policies apply: 6.8.2.1 Alternatives to formal client signatures on paper documents: In lieu of a signed Deliverable Acceptance Form, an e-mail message sent directly from the City Approver to the GIBER Project Manager indicating acceptance or rejection of a deliverable or service constitutes formal acceptance or rejection. 6.8.2.2 Approval/rejection turnaround timeframe: The City Approver will accept or reject the deliverable or service within five (5) business days from the receipt of the Deliverable Acceptance Form. September 23, 2009 1 • City of Fort Worth Statement of Work 5.8.2.3 Course of action if an Approver is unavailable or does not respond with a decision in the time specified If the City Approver does not accept or reject the deliverable or service within five (5) business days from the receipt of the Deliverable Acceptance Form and does not communicate a timeframe in which a decision will be made: • The acceptance/rejection decision will be logged, tracked and escalated as an engagement issue in accordance with the engagement's Issue Management Process. Work will progress to maintain the established engagement schedule, with the understanding that any work dependent upon a rejected deliverable or service is at risk of rework at the customer expense. A Change Request may result if modifications to the deliverable or service are required and those modifications affect other engagement work, or work that proceeded at risk. 6.8.2.4 The City Approvers) for engagement deliverables/services Alternate approvers may be designated by the City. 6.8.2.5 Project Completion The project is considered complete under any of the following conditions: All deliverables have been provided to the City. • The total number of hours/budget allotted to this project has been reached and no change order has been approved by the City. CIBER and the City agree in writing that the contract has been completed in accordance with the Acceptance Management process. 7 PROJECT SCHEDULE Table 4 on the following page provides an outline of major activities and durations. We anticipate completing the work within a four month period. The project will begin with a kick- off presentation and meeting with ITS management and end with a closeout meeting. Each customer department interview will require approximately two hours; and two to three interviews will be conducted with each department. Approximately 34 customer interviews will be conducted to cover the 19 departments included in scope as listed in section 2.1. Approximately 10 internal ITS interviews will be conducted. Each ITS interview will require approximately two to three hours. September 23, 2009 � � City of Fort Worth • Statement of Work n Table 4 - Simple Schedule Activity Weeks Questionnaire Development and Criticality Criteria 1 ITS Interviews 1 Customer Department Interviews* 4 Site Walkthrou hs 1 Business Impact Analysis 4 Risk Assessment 3 Roadmap Development 1 Analysis & Reporting 2 Total 17 *Customer Department Interviews can be moved forward to the beginning of the project and reduced by one week. PROJECT FEES Project Fees CIBER estimates that the work defined within this SOW can be performed for Project Fees of $132,000. This estimate is based on approximately 800 hours of project work and travel expenses for two consultants to travel to Fort Worth. If the City desires, the Customer Department Interviews may be moved forward to the beginning of the project and compressed by one week. This would require the addition of a second interview team at a premium of $16,000 (including travel.) This would total $148,000. Work that is not covered under this SOW will be considered out -of -scope and will be authorized through the Project Change Management process as described in this SOW and approved via a Project Change Request per Appendix A — Sample Change Request Form. Project expenses for travel are included in the Project Fees. In the event that this work effort is halted or cancelled before any or all of the deliverables are complete or milestones met, CIBER will present an invoice to the City for all unpaid hours worked. CIBER will use a bill rate of $150.00 per hour per resource for this work. SIMILAR ENGAGEMENTS CIBER has extensive experience providing Business Continuity Planning services for organizations similar to those requested by the City. The list below identifies clients where CIBER has provided BCP services. The attached overview of our Business Continuity and Disaster Recovery Services provides short descriptions of several of these projects. References can be made available for these projects. State of Louisiana, Recovery Planning Department of Public Safety -Business Continuity /Disaster September 23, 2009 1f • City of Fort Worth Statement of Work ciber G • Washington Suburban Sanitation Commission — Business Impact Analysis / Risk Assessment Nashville Electric Service • City of Portland Oregon, Bureau of Technology Services, Business Impact Analysis / Risk Analysis, Business Continuity Plan (serving water and sewer bureau) • Kitsap County Washington, Business Impact Analysis / Risk Analysis, Disaster Recovery Plan • State of Indiana Public Employees' Retirement Fund, Business Impact Analysis / Risk Analysis, Continuity of Operations Plan, Training, Exercise • State of Indiana Teachers' Retirement Fund, Business Impact Analysis / Risk Analysis, Business Continuity Plan, Training, Exercise Louisiana Office of Student Financial Services - Business Continuity / Disaster Recovery Planning • State of Louisiana, Office of Group Benefits (OGB) - Disaster Recovery Planning Louisiana Office of Telecommunications Management - Disaster Recovery / Business Continuity Planning • Mississippi Department of Information Technology Services - Business Continuity Planning • State of Washington (DIS) - Business Continuity Gap Analysis and Customer Needs Assessment • Pinellas County Florida -Information Technology Disaster Recovery Planning 10 APPROVALS Signature below indicates approval and consent in principal to the terms, conditions, rates, and pricing provisions described in the attached document and authorizes CIBER to commence with the work described herein. IN WITNESS WHEREOF, the parties have executed this Proposal Definition on the date or dates indicated below. Citv of Fort Worth ManagerTitle: Asst. Cit) Date: /r% • CIBER. I Title:✓��- Date: I P1 G to 2 September 23, 2009 ��a . opo'fr�✓ A��•4� 17 City of Fort Worth Statement of Work APPENDIX A - SAMPLE CHANGE REQUEST FORM caber Change Request Form jLber� Client: Date Requested: Requested by: Project: Change Control #: Requested Priority: Description of Change: Reason for Change: Change Request Analysis (by CIBER): Conducted by: Schedule Impact (days): Impact on Project (Scope, Quality, Critical Path): Budget Impact ($): Time to complete analysis: Hours Date Completed: Recommendation: Resolution & Approvals: the City: ❑ Approved ❑ Rejected ❑ On Hold Signature: Name/Title: Date: Reason for Rejection, if Applicable: CIBER: ❑ Approved ❑ Rejected ❑ On Hold Signature Name/Titl e: Date: ��1 • City of Fort Worth Statement of Work ciLber APPENDIX B - SAMPLE DELIVERABLE/SERVICE ACCEPTANCE FORM cube r Deliverable/Service Acceptance Form Client: Project: Deliverable/Service: Completion Date: Value of Deliverable/Service: Resolution & Approvals: the City: ❑ Accept ❑ Reject for Cause Reason for Rejection, if Applicable: Remarks: the City: Signature: Name/Title: Date: CIBER: Signature: Name/Title: Date: Exhibit B NETWORK ACCESS AGREEMENT This NETWORK ACCESS AGREEMENT ("Agreement") is made and entered into by and between the CITY OF FORT WORTH ("City"), a home rule municipal corporation with its principal location at 1000 Throckmorton Street, Fort Worth, Texas 76102, organized under the laws of the State of Texas and situated in portions of Tarrant, Denton and Wise Counties, Texas, and CIBER, INC. with its principal location at 4515 Seton Center Parkway, Suite 100, Austin, TX 78759 ("Contractor"). 1. The Network. The City owns and operates a computing environment and network (collectively the "Network"). Contractor wishes to access the City's network in order to provide consulting services for the purpose of a Business Impact Analysis of the Information Technology Department. In order to provide the necessary support, Contractor needs access to Internet, Intranet, and email. 2. Grant of Limited Access. Contractor is hereby granted a limited right of access to the City's Network for the sole purpose of providing business impact analysis. Such access is granted subject to the terms and conditions forth in this Agreement and applicable provisions of the City's Administrative Regulation D-7 (Electronic Communications Resource Use Policy), of which such applicable provisions are hereby incorporated by reference and made a part of this Agreement for all purposes herein and are available upon request. 3. Network Credentials. The City will provide Contractor with Network Credentials consisting of user IDs and passwords unique to each individual requiring Network access on behalf of the Contractor. Access rights will automatically expire one (1) year from the date of this Agreement. If this access is being granted for purposes of completing services for the City pursuant to a separate contract, then, this Agreement will expire at the completion of the contracted services, or upon termination of the contracted services, whichever occurs first. Services are being provided in accordance with City Secretary Contract No. . 4. Renewal. At the end of the first year and each year thereafter, this Agreement may be renewed annually if the following conditions are met: 4.1 Contracted services have not been completed. 4.2 Contracted services have not been terminated. 4.3 Within the thirty (30) days prior to the scheduled annual expiration of this Agreement, the Contractor has provided the City with a current list of its officers, agents, servants, employees or representatives requiring Network credentials. Notwithstanding the scheduled contract expiration or the status of completion of services, Contractor shall provide the City with a current list of officers, agents, servants, employees or representatives that require Network credentials on an annual basis. Failure to adhere to this requirement may result in denial of access to the Network and/or termination of this Agreement. 5. Network Restrictions. Contractor officers, agents, servants, employees or representatives may not share the City -assigned user IDs and passwords. Contractor acknowledges, agrees and hereby gives its authorization to the City to monitor Contractor's use of the City's Network in order to ensure Contractor's compliance with this Agreement. A breach by Contractor, its officers, agents, servants, employees or representatives, of this Agreement and any other written instructions or guidelines that the City provides to Contractor pursuant to this Agreement shall be grounds for the City immediately to deny Contractor access to the Network and Contractor's Data, terminate the Agreement, and pursue any other remedies that the City may have under this Agreement or at law or in equity. 6. Termination. In addition to the other rights of termination set forth herein, the City may terminate this Agreement at any time and for any reason with or without notice, and without penalty to the City. Upon termination of this Agreement, Contractor agrees to remove entirely any client or communications Vendor NAA Rev. 2/23/2009 software provided by the City from all computing equipment used and owned by the Contractor, its officers, agents, servants, employees and/or representatives to access the City's Network, 7. Information Security. Contractor agrees to make every reasonable effort in accordance with accepted security practices to protect the Network credentials and access methods provided by the City from unauthorized disclosure and use. Contractor agrees to notify the City immediately upon discovery of a breach or threat of breach which could compromise the integrity of the City's Network, including but not limited to, theft of Contractor -owned equipment that contains City -provided access software, termination or resignation of officers, agents, servants, employees or representatives with access to City -provided Network credentials, and unauthorized use or sharing of Network credentials. 8. LIABILITY AND INDEMNIFICATION. CONTRACTOR SHALL BE LIABLE AND RESPONSIBLE FOR ALL DAMAGES THAT THE CITY MAY INCUR DIRECTLY ON ACCOUNT OF ANY BREACH OF THIS AGREEMENT BY CONTRACTOR, ITS OFFICERS, AGENTS, SERVANTS OR EMPLOYEES. THE CITY, ITS OFFICERS, AGENTS, SERVANTS AND EMPLOYEES, SHALL NOT BE LIABLE FOR ANY DAMAGES THAT CONTRACTOR MAY INCUR AS A RESULT OF THE CITY'S RESTRICTIONS TO OR DENIAL OF ACCESS TO CONTRACTOR'S DATA ON ACCOUNT OF ANY BREACH OF THIS AGREEMENT BY CONTRACTOR, ITS OFFICERS, AGENTS, SERVANTS OR EMPLOYEES, OR FOR ANY REASONABLE SECURITY MEASURES TAKEN BY THE CITY. IN ADDITION, CONTRACTOR SHALL BE LIABLE AND RESPONSIBLE FOR ANY AND ALL PROPERTY LOSS, PROPERTY DAMAGE AND/OR PERSONAL INJURY, INCLUDING DEATH, AND ALL CLAIMS, DEMANDS AND JUDGMENTS THEREFOR, TO THE EXTENT CAUSED BY THE NEGLIGENT ACT(S) OR OMISSION(S) OR INTENTIONAL MISCONDUCT OF CONTRACTOR, ITS OFFICERS, AGENTS, SERVANTS AND/OR EMPLOYEES. CONTRACTOR, AT CONTRACTOR'S OWN COST OR EXPENSE, HEREBY AGREES TO INDEMNIFY, DEFEND AND HOLD HARMLESS THE CITY, ITS OFFICERS, AGENTS, SERVANTS AND/OR EMPLOYEES FROM AND AGAINST ANY CLAIM, LAWSUIT, DEMAND OR OTHER ACTION TO THE EXTENT THAT THE SAME ARISES FROM THE NEGLIGENT ACT(S) OR OMISSION(S) OR INTENTIONAL MISCONDUCT OF CONTRACTOR, ITS OFFICERS, AGENTS, SERVANTS OR EMPLOYEES. 9. Confidential Information. Contractor, for itself and its officers, agents, employees, and representatives, agrees that it shall treat all information provided to it by the City as confidential and shall not disclose any such information to a third party without the prior written approval of the City. Contractor further agrees that it shall store and maintain City Information in a secure manner and shall not allow unauthorized users to access, modify, delete or otherwise corrupt City Information in any way. Contractor shall notify the City immediately if the security or integrity of any City information has been compromised or is believed to have been compromised. 10. Right to Audit. Contractor agrees that the City shall, during the initial term, any renewal terms, and until the expiration of three (3) years after termination or expiration of this contract, have access to and the right to examine at reasonable times any directly pertinent books, data, documents, papers and records, both hard copy and electronic, of the Contractor involving transactions relating to this Agreement. Contractor agrees that the City shall have access during normal working hours to all necessary Contractor facilities and shall be provided adequate and appropriate work space in order to conduct audits in compliance with the provisions of this section. The City shall give Contractor reasonable advance notice of intended audits. Contractor further agrees to include in all its subcontractor agreements hereunder a provision to the effect that the subcontractor agrees that the City shall, during the initial term, any renewal terms, and until expiration of three (3) years after termination or expiration of the subcontract, have access to and the right to examine at reasonable times any directly pertinent books, data, documents, papers and records, both hard copy and electronic, of such subcontractor involving transactions related to the subcontract, and further that City shall have access during normal working hours to all subcontractor facilities and shall be provided adequate and appropriate work space in order to conduct audits in compliance with the provisions of this paragraph. City shall give subcontractor reasonable notice of intended audits. Vendor Network Access Agreement 2 Ciber,Inc. Rev. 2/23/2009 11. Agreement Cumulative. This Agreement is cumulative of and in addition to any written contracts, agreements, understandings or acknowledgments with the City signed by Contractor. This Agreement and any other documents incorporated herein by reference constitute the entire understanding and Agreement between the City and Contractor as to the matters contained herein regarding Contractor's access to and use of the City's Network, 12. Amendments. The terms of this Agreement shall not be waived, altered, modified, supplemented, or amended in any manner except by written instrument signed by an authorized representative of both the City and Contractor. 13. Assignment. Contractor may not assign or in any way transfer any of its interest in this Agreement. Any attempted assignment or transfer of all or any part hereof shall be null and void. 14. NOMMMMIM Severability. If any provision of this Agreement is held to be invalid, illegal or unenforceable, the validity, legality and enforceability of the remaining provisions shall not in any way be affected or impaired. 15. Force Maieure. Each party shall exercise its best efforts to meet its respective duties and obligations as set forth in this Agreement, but shall not be held liable for any delay or omission in performance due to force majeure or other causes beyond their reasonable control (force majeure), including, but not limited to, compliance with any government law, ordinance or regulation, acts of God, acts of the public enemy, fires, strikes, lockouts, natural disasters, wars, riots, material or labor restrictions by any governmental authority, transportation problems and/or any other similar causes. 16. Governing Law /Venue. This Agreement shall be construed in accordance with the laws of the State of Texas. If any action, whether real or asserted, at law or in equity, is brought on the basis of this Agreement, venue for such action shall lie in state courts located in Tarrant County, Texas or the United States District Court for the Northern District of Texas, Fort Worth Division, 17. Signature Authority. The signature below of an authorized representative acknowledges that the Contractor has read this Agreement and agrees to be bound by terms and conditions set forth herein. ACCEPTED AND AGREED: CITY OF FORT WORTH: Karen L. Montgomery (� Assistant City Man er Date: ! C) . LLLLO ATTEST: By: Marty Hendrix City Secretary APPROVED AS -O FORM AND LEGALITY: i� By: Assistant CityAttorney M & C: none required l+ CIBER, IN By: Naomi e Title: _ Date: ATTEST: By: Name: OFFICIAL RECORD CITY SECRETARY Vendor Network Access Agreement 3 T. WORTH, TX Ciber,Inc. ev. EXHIBIT "C" UIR Contract No. DIR-SDD- 685 Vendor Contract No. STATE OF TEXAS DEPARTMENT OF INFORMATION RESOURCES CONTRACT FOR SERVICES CIBER, INC. 1. Introduction A. Parties This Contract for services is entered into between the State of Texas, acting by and through the Department of Information Resources (hereinafter "DIR") with its principal place of business at 300 West 15`h Street, Suite 1300, Austin, Texas 78701, and CIBER, Inc. (hereinafter "Vendor"), with its principal place of business at 5251 DTC Parkway, Suite 1400, Greenwood Village, CO 80111. B. Compliance with Procurement Laws This Contract is the result of compliance with applicable procurement laws of the State of Texas. DIR issued a solicitation on the Comptroller of Public Accounts' Electronic State Business Daily, Request for Offer (RFO) DIR-SDD-TMP-100, on March 1, 2007, for Information Technology Security Services. Upon execution of this Contract, a notice of award for RFO DIR-SDD-TMP400 shall be posted by DIR on the Electronic State Business Daily, C. Order of Precedence This Contract; Appendix A, Standard Terms and Conditions For Services Contracts; Appendix B, Vendor's Historically Underutilized Businesses Subcontracting Plan; Appendix C, Customer Service Agreement; Appendix D, Pricing and Services Index; Exhibit 1, Vendor's Response to RFO DIR-SDD-TMP400, including all addenda; and Exhibit 2, RFO DIR-SDD-TMP400, including all addenda; are incorporated by reference and constitute the entire agreement between DIR and Vendor. In the event of a conflict between the documents listed in this paragraph, the controlling document shall be this Contract, then Appendix A, then Appendix B, then Appendix C, then Appendix D, then Exhibit 1, and finally Exhibit 2. In the event and to the extent any provisions contained in multiple documents address the same or substantially the same subject matter but do not actually conflict, the more recent provisions shall be deemed to have superseded earlier provisions. 2. Term of Contract The term of this Contract shall be two (2) years commencing on the last date of approval by DIR and Vendor. Prior to expiration of the original term, DIR and Vendor may extend this Contract, upon mutual agreement, for up to two (2) optional one-year terms. Page 1 oC 8 3. 4. UIR Contract No. DIR-SUU- 685 Vendor Contract No. Service Offerings Services available under this Contract are limited to Information Technology Security Services as speceAppendiD x , Pricing and Services Index. Vendor may incorporate changes to their services offering; however, any changes must be within the ifid in scope of services awarded based on the posting described in Section 1.B above. Pricing A. Manufacturer's Suggested Retail Price (MSRP) MSRP is defined as the sales price suggested by the manufacturer or publisher of the service. B. Customer Discount The minimum Customer discount for all services will be the percentage off MSRP as specified in Appendix D, Pricing and Services Index. Customer Discount includes the DIR administrative Fee specified in Section 5. C. Customer Price 1) The price to the Customer shall be calculated as follows: Customer Price =MSRP —Customer Discount 2) Customers purchasing services under this Contract may negotiate more advantageous pricing or participate in special promotional offers. In such event, a copy of such better offerings shall be furnished to DIR upon request. 3) If pricing for services available under this Contract are provided at a higher discount to: (i) an eligible Customer who is not purchasing those services under this Contract or (ii) any other entity or consortia authorized by Texas law to sell said services to eligible Customers, then the available discounts in this Contract shall be adjusted to that higher discount. This Contract shall be amended within ten (10) business days to reflect the higher discounts. D. DIR Administrative Fee The administrative fee specified in Section 5 below shall not be broken out as a separate line item when pricing or invoice is provided to Customer. E. Tax -Exempt As per Section 151.309, Texas Tax Code, Customers under this Contract are exempt from the assessment of State sales, use and excise taxes. Further, Customers under this Contract are exempt from Federal Excise Taxes, 26 United States Code Sections 4253(i) and (j). Page Z cif 8 DIR Contract No. DIR-SDD- 685 Vendor Contract No. F. Travel Expense Reimbursement Pricing for services provided under this Contract are exclusive of any travel expenses that may be incurred in the performance of those services. Travel expense reimbursement may include personal vehicle mileage or commercial coach transportation, hotel accommodations, parking and meals; provided, however, the amount of reimbursement by Customers shall not exceed the amounts authorized by the current State Travel Regulations. Travel time may not be included as part of the amounts payable by Customer for any services rendered under this Contract. The DIR administrative fee specified in Section 5 below is not applicable to travel expense reimbursement. Anticipated travel expenses must be pre -approved in writing by Customer. H. Changes to Prices Vendor may change the price of any service at any time, based upon changes to the MSRP, but discount levels shall remain consistent with the discount levels specified in this Contract. Price decreases shall take effect automatically during the term of this Contract and shall be passed onto the Customer immediately. 5. DIR Administrative Fee A) The administrative fee to be paid by the Vendor to DIR based on the dollar value of all sales to Customers pursuant to this Contract is two percent (2%). Payment will be calculated for all sales, net of returns and credits. For example, the administrative fee for sales totaling $100,000 shall be $2,000, B) All prices quoted to Customers shall include the administrative fee. DIR reserves the right to change this fee upwards or downwards during the term of this Contract,, upon written notice to Vendor. Any change in the administrative fee shall be incorporated in the price to the Customer. 6. Notification All notices under this Contract shall be sent to a party at the respective address indicated below. If sent to the State: Sherri Parks, Director Contracting & Procurement Services Department of Information Resources 300 W. 15" St., Suite 1300 Austin, Texas 78701 Phone: (512) 4754700 Facsimile: (512) 475-4759 Email: sherri.parks@dir.state.tx.us If sent to the Vendor: Mary Anne Clement CIBER, Inc. 4515 Seton Center Parkway, Suite 100 Austin, TX 78759 Phone: (512) 458-6650 Facsimile: (512) 458-6648 Email: maclement(&ciber.com Page 3 cif K DIR Contract No. DIR-SDD- 685 Vendor Contract No. 7. Customer Service Agreement Services provided under this Contract shall be in accordance with the Service Agreement as set forth in Appendix C of this Contract. No changes to the Service Agreement terms and conditions may be made unless previously agreed to by Vendor and DIR. 8. Authorized Exceptions to Appendix A, Standard Terms and Conditions for Services Contracts. A. Section 5. Purchase Orders, Invoices, and Payments, A. Purchase Orders is hereby replaced in its entirety as follows: All Customer Purchase Orders will be placed directly with the Vendor. Accurate Purchase Orders shall be effective and binding upon Vendor when accepted by Vendor. Vendor reserves the right to negotiate the terms of the Purchase Order not addressed in this contract, including but not limited to, Scope of Work, Method of Performance, Terms of Acceptance, Customer Responsibilities, and Confidentiality and Ownership. B. Section 7. Vendor Responsibilities, A. Indemnification, I) Independent Contractor is hereby replaced in its entirety as follows: VENDOR AGREES AND ACKNOWLEDGES THAT DURING THE EXISTENCE OF THIS CONTRACT, IT IS FURNISHING SERVICES IN THE CAPACITY OF AN INDEPENDENT CONTRACTOR AND THAT VENDOR IS NOT AN EMPLOYEE OF THE CUSTOMER, DIR OR THE STATE OF TEXAS. Nothing in this Agreement will be construed to make Vendor or the State partners, joint venturers, principals, agents or employees of the other. No officer, director, employee, agent, affiliate or contractor employed by Vendor to perform work on a Customer's behalf under this Agreement will be deemed to be an employee, agent or contractor of the Customer. Neither party will have any right, power or authority, express or implied, to bind or make representations on behalf of the other. C. Section 7. Vendor Responsibilities, A. Indemnification, 2) Acts or Omissions is hereby replaced in its entirety as follows: Vendor shall indemnify and hold harmless the State of Texas and Customers, AND/OR THEIR EMPLOYEES, AGENTS, REPRESENTATIVES, CONTRACTORS, ASSIGNEES, AND/OR DESIGNEES FROM ANY AND ALL LIABILITY, ACTIONS, CLAIMS, DEMANDS, OR SUITS, AND ALL RELATED COSTS, ATTORNEY FEES, AND EXPENSES for injury to persons or damage to real or tangible personal property to the extent directly caused by any acts or omissions of the Vendor or its agents, employees, subcontractors, Order Fulfillers, or suppliers of subcontractors in the execution or performance of the Contract and any Purchase Orders issued under the Contract. VENDOR SHALL PAY ALL COSTS OF DEFENSE INCLUDING ATTORNEYS FEES, THE DEFENSE SHALL BE Pagc 4 of S DIR Contract No. DIR-SDD- 685 Vendor Contract No. COORDINATED BY THE OFFICE OF THE ATTORNEY GENERAL FOR TEXAS STATE AGENCY CUSTOMERS AND BY CUSTOMER'S LEGAL. COUNSEL FOR NON -STATE AGENCY CUSTOMERS, D. Section 7. Vendor Responsibilities, A. Indemnification, 3) Infringement, c) is hereby added as follows: c) If the remedies set forth in (i) or (ii) are not available on commercially reasonable terms, Vendor may terminate the license for the allegedly infringing products or services, and upon receipt of the products or services, return the fees paid by Customer for such products or services, prorated over a five year term from the applicable delivery date. For purposes of this indemnity, products and services do not include any third party products or services, whether or not supplied by Vendor. As to such third party products or services, Vendor shall exercise commercially reasonable efforts to secure for the Customer the remedies, if any, offered by the third party. This Section 7.A.3)c) states Vendor's entire liability and Customer's exclusive remedy for infringement of intellectual property rights. E. Section 7. Vendor Responsibilities, B. Taxes/Worker's Compensation/ UNEMPLOYMENT INSURANCE, 2) is hereby replaced in its entirety as follows: 2) VENDOR AGREES TO INDEMNIFY AND HOLD HARMLESS CUSTOMERS, THE STATE OF TEXAS AND/OR THEIR EMPLOYEES, AGENTS, REPRESENTATIVES, CONTRACTORS, ASSIGNEES, AND/OR DESIGNEES FROM ANY AND ALL LIABILITY, ACTIONS, CLAIMS, DEMANDS, OR SUITS, AND ALL RELATED COSTS, ATTORNEY FEES, AND EXPENSES, RELATING TO TAX LIABILITY, UNEMPLOYMENT INSURANCE AND/OR WORKERS' COMPENSATION OR EXPECTATIONS OF THOSE BENEFITS BY VENDOR, ITS EMPLOYEES, REPRESENTATIVES, AGENTS OR SUBCONTRACTORS IN ITS PERFORMANCE UNDER THIS CONTRACT, VENDOR SHALL BE LIABLE TO PAY ALL COSTS OF DEFENSE INCLUDING ATTORNEYS' FEES, THE DEFENSE SHALL BE COORDINATED BY THE OFFICE OF THE ATTORNEY GENERAL FOR TEXAS STATE AGENCY CUSTOMERS AND BY CUSTOMER'S LEGAL COUNSEL FOR NON -STATE AGENCY CUSTOMERS, F. Section 7. Vendor Responsibilities, H. Security of Premises, Equipment, Data and Personnel is hereby replaced in its entirety as follows: Vendor may, from time to time during the performance of the Contract, have access to the personnel, premises, equipment, and other property, including data, files and /or materials (collectively referred to as "Data") belonging to the Customer. Vendor shall use their commercially reasonable best efforts to preserve the safety, security, and the integrity of the personnel, premises, equipment, Data and other property of the Customer, in accordance with the instruction of the Customer. Subject to all Page _5 0l' K DIR Contract No. DIR-SDD- 685 Vendor Contract No. conditions, limits and exclusions in this Contract, Vendor shall be responsible for damage to Customer's equipment, workplace, and its contents to the extent such damage is caused by the negligent conduct of its employees or subcontractors in their performance of the work under this Contract. Vendor's liability of loss of data or information shall be limited to the reasonable direct costs to restore the data on the most recent backup materials kept by the State. G. Section 8. Contract Enforcement, C. Force Majeure is hereby replaced in its entirety as follows: DIR, Customer, or Vendor may be excused from performance under the Contract for any period when performance is prevented as the result of circumstance beyond a party's reasonable control, including, by way of example and not by way of limitation, an act of God, strike, war, civil disturbance, epidemic, court order, embargo, blockage, work stoppage, acts of the public enemy, acts of terrorism, provided that the party experiencing the event of Force Majeure has prudently and promptly acted to take any and all steps that are within the party's control to ensure performance and to shorten the duration of the event of Force Majeure. The party suffering an event of Force Majeure shall provide notice of the event to the other parties when commercially reasonable. Subject to this provision, such non- performance shall not be deemed a default or a ground for termination. However, a Customer may terminate a Purchase Order if it is determined by the Customer that Vendor will not be able to deliver services in a timely manner to meet the business needs of the Customer. H. New Section I1. Ownership of Information is hereby added as follows: Unless Vendor and the Customer agree otherwise in writing, the Work Products developed for the Customer by Vendor pursuant to this Agreement and any SOW will belong to the Customer. This provision does not apply to third party works or products Vendor provides to the Customer or to Vendor Materials (as defined below). The acknowledges that Vendor is in the business of providing information technology consulting services and has accumulated expertise in this field and agrees that Vendor will retain all right, title, and interest in and to all Vendor Materials. "Vendor Materials" means all discoveries, concepts and ideas, whether or not registrable under patent, copyright or similar statutes, including, without limitation, patents, copyright, trade secrets, processes, methods, formulae, techniques, tools, solutions, programs, data and documentation, and related modifications, improvements, and know-how, that Vendor, alone, or jointly with others, its agents or employees, conceives, makes develops, acquires or obtains knowledge of at any time before, after or during the term of this Agreement without breach of Vendor's duty of confidentiality to the Customer. If Vendor Materials are included with or embodied in any Work Product, the Customer will have a perpetual, irrevocable, nonexclusive, worldwide, royalty. free license to use, execute, reproduce, display, perform, distribute internally, and prepare for internal use "derivative works" as defined in the Copyright Act, 17 U.S.C. §101, based upon, the Vendor Materials in each case solely in conjunction with the Page 6 of K DIR Contract No. DIR=SDD- 685 Vendor Contract No. Work Product delivered hereunder. Any interest in the Services and Work Products granted hereunder by Vendor to the Customer shall be effective upon and to the extent of payment by the Customer of the fees and expenses invoiced by Vendor pursuant to this Agreement. Notwithstanding anything to the contrary in this Agreement, Vendor and its personnel are free to use and employ their general skills, know-how, and expertise, and to use, disclose, and employ any generalized ideas, concepts, know-how, methods, techniques, or skills gained or learned during the course of this Agreement so long as they acquire and apply such information without any unauthorized use or disclosure of confidential or proprietary information of the Customer. Warranty and Disclaimer. Vendor warrants that it will (a) perform all Services in a professional and workmanlike manner and (b) provide Work Products that conform in all materials respects to the specifications set forth in the Agreement. The Customer must report any deficiencies to Vendor in writing within ninety (90) days from the date of Vendor's delivery of the Services or Work Products, to receive warranty remedies. The Customer's exclusive remedy and Vendor's entire liability is to provide Services to correct the deficiencies. If Vendor is unable to correct the deficiencies, the Customer is entitled to recover the fees paid to Vendor for the deficient portion of the Services or Work Product. VENDOR DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR PARTICULAR PURPOSE. Vendor makes no warranties regarding any portion of any deliverable developed by the Customer or by any third party, including any third party software, hardware, or other third party products provided by Vendor. I. New Section 12. Acceptance is hereby added as follows: The parties agree that acceptance criteria for any services materials, software or equipment should, if possible, be set forth in each Order. Promptly following Vendor's completion of any Services or delivery of any Work Product, the Customer will examine the Services and/or Work Product to confirm conformance with specifications. If Vendor has not received written notice from the Customer within fifteen (15) business days following completion of the services or delivery of the materials, software or equipment, the applicable services or deliverables will be deemed accepted by the Customer. Furthermore, if acceptance criteria are not specified in an Order, the applicable services or deliverable will be deemed accepted by the Customer on the date of delivery unless Vendor receives written notice from the Customer specifying the reason for non -acceptance within fifteen (15) business days after completion of the services or delivery of the materials, software or equipment. Page 7 of H UIR Contract No. DIR-SDD- 685 Vendor Contract No. This Contract is executed to be effective as of the date of last signature. CIBER9 Inc. Authorized By: Signature on File Name: John Miller Title: Area Director Date: 03/21/08 The State of Texas, acting by and through the Department of Information Resources Authorized By: Signature on File Name: Cindy Reed Title: Deputy Executive Director Operations & Statewide Technoloey Sourcing Date: 03/25/08 Legal: Signature on File 03/25/08 Yag� 8 of K Appendix A Standard Terins and Conditions For Services Contracts Table of Contents 1. No Quantity Guarantees......................................................................................................... 1 2. Definons..............................................................................................................................1 3. General Provisions................................................................................................................. 2 A. Entire Agreement.........................................................................................................0 2 Be Modification of Contract Terms and/or Amendments.. . 4 a I * V 4 0 9 a 0 a a 0 6 6 a o 0 0 0 a * 0 a a a 0 o a * 6 a a 4 0 0 6 a 0 a 6 6 a slow 2 C. Invalid Term or Condition............................................................................................ 2 D. Assignment................................................................................................................... 2 E. Survival........................................................................................................................0 3 F. Choice of Law............................................................................................................... 3 4. Contract Fulfillment and Promotion...................................................................................... 3 A. Service, Sales and Support of the Contract................................................................... 3 B. Internet Access to Contract and Pricing Information ...............................................peas 3 1) Vendor Website...................................................................................................... 3 2) Accurate and Timely Contract Information............................................................ 3 3) Website Compliance Checks..........................................:....................................... 3 4) Website Changes................ 0 6 a 0 6 6 6 a a a 4 6 a 0 0 a 0 a 6 0 0 a a 0 a 0 a 0 a a 6 6 6 0 a 6 0 6 6 a 4 a 6 0 a 0 V 9 0 0 a 0 0 a 1 4 a 4 a 0 a 0 a a a 0 a a 6 0 a a t a a a a a 0 a 0 0 V 0 0 3 5) Use of Access Data Prohibited..............................................................................6 4 6) Responsibility for Content...................................................................................... 4 C. DIR Logo...................................................................................................................... 4 D. Vendor Logo................................................................................................................. 4 E. Trade Show Participation.............................................................................................. 4 F. Performance Review Meetings..................................................................................... 5 G. DIR Cost Avoidance..................................................................................................... 5 5. Purchase Orders, Invoices, and Payments............................................................................. 5 A. Purchase Orders............................................................................................................ 5 B. Invoices......................................................................................................................... 5 C. Payments.......................................................................................................................5 6. Contract Administration......................................................................................................... 5 A. Contract Administrators................................................................................................ 5 1) State Contract Administrator.................................................................................. 5 2) Vendor Contract Administrator. I a a & 6 a 0 a 0 a 1 4 0 0 a 4 a 0 0 4 4 0 0 a a I a 0 1 a a a a a a 0 6 0 a 9 0 4 6 a a 0 6 0 6 6 6 a 0 1 a 9 4 6 a 0 6 B. Reporting and Administrative Fees.............................................................................. 6 1) Reporting Responsibility.......................................................................................6 6 2) Detailed Monthly Report.......................................................................................o 6 3) Historically Underutilized Businesses Subcontract Reports ................................... 6 4) DIR Administrative Fee.......................................................................................... 6 5) Accurate and Timely Submission of Reports......................................................... 7 C. Records and Audit......................................................................................................... 7 t�ti��7�t)8 Appendix A Standard Terms and Conditions For Services Contracts D. Contract Administration Notification........................................................................... 8 7. Vendor Responsibilities........................................................................................................t 8 A. Indemnification............................................................................................................5 8 B. Taxes/Worker's Compensation/UNEMPLOYMENT INSURANCE, a 6 0 9 a 6 a a a a a a 6 0 660509som 9 C. Vendor Certifications.......*, & & 6 a a 0 a 4 0 9 0 0 0 0 0 a 4 * 0 6 a a & a 6 a a a 6 0 a 9 0 9 a a 9 1 4 a I a 9 0 # a 0 a a 9 0 6 a a a 0 * 6 0 k a 6 0 6 a 6 a 0 a 0 10 D. Ability to Conduct Business in Texas......................................................................... 11 E. Equal Opportunity Compliance.................................................................................. 11 F. Use of Subcontractors, . 6 a a 6 6 4 a 0 a a 9 a 0 a a 0 0 0 a a a 0 0 a 0 6 a a a & f # 6 6 0 a 6 a 0 a 2 6 0 0 4 a 11 3. Responsibility for Actions.......................................................................................... 1 1- -1. Confidentiality............................................................................................................ 12 I. Security of Premises, Equipment, Data and Personnel. # 0 a & 6 a 4 6 a 6 a a a a 9 a m a 9 a a a a 0 0 a * 4 0 a 0 0 0 0 0 4 0 w 4 * 0 a 6 4 6 a 12 J. Background and/or Criminal History Investigation.................................................... 12 K. Limitation of Liability...,,,,,,,,,,, games &**a* 0 9 V * 0 0 0 0 0 6 4 a a 6 0 a 6 a * 6 6 a a 0 0 a 0 a 0 a 0 0 9 0 1 0 a 9 a 0 a 9 a a 0 1 a a 1 8 a 0 0 a * a 0 a 0 t a * 0 a a 0 0 0 a a a m 12 L. Purchase of Commodity Items (Applicable to State Agency Purchases Only). 0 4 9 0 0 a . a & % a a a 6 a 0 0 m m a * # # 0 a 4 6 6 6 0 a a a a 0 0 a j, 0 0 0 0 6 0 a 6 6 0 a 6 a a a A a a 0 9 a 0 a a a 0 1 6 0 0 4 0 a a a a A a 0 1 V 0 a 5 0 a * 8 a a 9 4 4 0 0 0 a 0 4 0 4 4 & 0 a 0 * 0 6 a a am a 9 * a 0 0 * 9 12 M. Overcharges................................................................................................................ 13 N. Prohibited Conduct..................................................................................................... 13 8. Contract Enforcement.......................................................................................................... 13 A. Enforcement of Contract and Dispute Resolution...................................................... 13 Be Termination.................................................................................................................14 1) Termination for Non-Appropriation..................................................................... 14 2) Absolute Right* 9 0 0 0 a * 0 0 0 0 a 0 0 a 6 0 4 9 * 0 a a 0 0 4 4 0 0 a # a * 6 a 0 6 6 6 6 a 0 9 a 0 4 0 0 0 0 0 0 a 0 0 0 0 0 0 0 a 0 0 0 0 0 0 a w 4 6 6 a a 4 6 a a a 6 a a a 6 a 0 a a a a 6 0 6 a e 6 0 14 3) Termination for Convenience............................................................................... 14 4) Termination for Cause.......................................................................................... 14 a) Contract, w 0 * 6 6 a a 0 0 6 0 a * * 0 9 a 1 4 a 0 6 a # 6 0 6 a a a * a 0 6 a 0 a 0 0 0 a 0 0 0 4 0 6 6 6 a a a a 6 6 6 6 6 6 a 6 9 6 6 0 a 6 6 a I a 6 a a 6 0 1 a to * a a a *0909wo me 1 4 b) Purchase Order................................................................................................ 14 5) Customer Rights Under Termination.... *a* 0*6** 666* &tea 60060 *9 00 15 6) Vendor Rights Under Termination......................................................................0 15 C. Force Majeure............................................................................................................8 15 9. Notification.......................................................................................................................... 15 A. Notices........................................................................................................................ 15 Be Handling of Written Complaints................................................................................. 15 10. Captions............................................................................................................................... 16 Appendix A Standard Terms and Conditions For Services Contracts 1. No Quantity Guarantees The Contract is not exclusive to the Vendor. Customers may obtain services from other sources during the term of the Contract. DIR makes no express or implied warranties whatsoever that any particular quantity or dollar amount of services will be procured through the Contract. 2. Definitions A. Customer -any Texas state agency, unit of local government, institution of higher education as defined in Section 2054.003, Texas Government Code, and those state agencies purchasing from a DIR contract through an Interagency Agreement, as authorized by Chapter 771, Texas Government Code, any local government as authorized through the Interlocal Cooperation Act, Chapter 791, Texas Government Code, the state agencies and political subdivisions of other states as authorized by Section 2054.0565, Texas Government Code, and, except for telecommunications services under Chapter 2170, Texas Government Code, assistance organizations as defined in Section 2175.001, Texas Government Code to mean: i. A non-profit organization that provides educational, health or human services or assistance to homeless individuals; lit A nonprofit food bank that solicits, warehouses, and redistributes edible but unmarketable food to an agency that feeds needy families and individuals; iii. Texas Partners of the Americas, a registered agency with the Advisory Committee on Voluntary Foreign Aid, with the approval of the Partners of the Alliance Office of the Agency for International Development; iv. A group, including a faith -based group, that enters into a financial or non -financial agreement with a health or human services agency to provide services to that agency's clients; v. A local workforce development board created under Section 2308.253; via A nonprofit organization approved by the Supreme Court of Texas that provides free legal services for low-income households in civil matters; vii. The Texas Boll Weevil Eradication Foundation, Inc., or an entity designated by the commissioner of agriculture as the foundation's successor entity under Section 74.1011, Texas Agriculture Code; viii. A nonprofit computer bank that solicits, stores, refurbishes and redistributes used computer equipment to public school students and their families; and ix. A nonprofit organization that provides affordable housing. B. Contract — the document executed between DIR and Vendor into which this Appendix A is incorporated. C. CPA — refers to the Texas Comptroller of Public Accounts D. Day - shall mean business days, Monday through Friday, except for State and Federal holidays. If the Contract calls for performance on a day that is not a business day, then performance is intended to occur on the next business day. E. Purchase Order - the Customer's fiscal form or format, which is used when making a purchase (e.g., formal written Purchase Order, Procurement Card, Electronic Purchase Order, or other authorized instrument). U1/07/08 Page 1 of 16 Appendix A Standard Terms and Conditions For Services Contracts F. State — refers to the State of Texas. 3. General Provisions A. Cntire Agreement The Contract and its Appendices constitute the entire agreement between DIR and the Vendor. No statement, promise, condition, understanding, inducement or representation, oral or written, expressed or implied, which is not contained in the Contract or its Appendices shall be binding or valid. B. Modification of Contract Terms and/or Amendments 1) The terms and conditions of the Contract shall govern all transactions by Customers under the Contract. The Contract may only be modified or amended upon mutual written agreement of DIR and Vendor. 2) Customers shall not have the authority to modify the terms of the Contract; however, additional Customer terms and conditions that do not conflict with the Contract and are acceptable to Vendor may be added in a Purchase Order and given effect. No additional term or condition added in a Purchase Order issued by a Customer can weaken a term or condition of the Contract. Pre-printed terms and conditions on any Purchase Order issued by Customer hereunder will have no force and effect. In the event of a conflict between a Customer's Purchase Order and the Contract, the Contract term shall control. C. Invalid Term or Condition 1) To the extent any term or condition in the Contract conflicts with the applicable Texas and/or United States law or regulation, such Contract term or condition is void and unenforceable. By executing a contract which contains the conflicting term or condition, DIR makes no representations or warranties regarding the enforceability of such term or condition and DIR does not waive the applicable Texas and/or United States law or regulation which conflicts with the Contract term or condition. 2) If one or more term or condition in the Contract, or the application of any term or condition to any party or circumstance, is held invalid, unenforceable, or illegal in any respect by a final judgment or order of the State Office of Administrative Hearings or a court of competent jurisdiction, the remainder of the Contract and the application of the term or condition to other parties or circumstances shall remain valid and in full force and effect. D. Assignment DIR or Vendor may assign the Contract without prior written approval to: i) a successor in interest (for DIR, another state agency as designated by the Texas Legislature), or ii) a subsidiary, parent company or affiliate, or iii) as necessary to satisfy a regulatory requirement imposed upon a party by a governing body with the appropriate authority. Assignment of the Contract under the above terms shall require written notification by the assigning party. Any other assignment by a party shall require the written consent of the other party. Each party agrees to cooperate to amend the Contract as necessary to maintain an accurate record of the contracting parties. o t �t »pox Page 2 of 16 Appendix A Standard Terms and Conditions For Services Contracts E. Survival A11 applicable service agreements that were entered into between Vendor and it Customer under the terms and conons of the Contract shall survive the expiration or termination of the Contract. All Purchase Orders issued and accepted by Vendor shall survive expiration or termination of the Contract. F. Choice of Law The laws of the State of Texas shall govern the construction and interpretation of the Contract. Nothing in the Contract or its Appendices shall be construed to waive the State's sovereign immunity. 4. Contract Fulfillment and Promotion A. Service, Sales and Support of the Contract Vendor shall provide service, sales and support resources to serve all Customers throughout the State. It is the responsibility of the Vendor to sell, market, and promote services available under the Contract. Vendor shall use its best efforts to ensure that potential Customers are made aware of the existence of the Contract. All sales to Customers for services available under the Contract shall be processed through the Contract. B. Intet•net Access to Contract and Pricing Information I) Vendor Website Within thirty (30) days from the effective date of the Contract, Vendor will establish and maintain a website specific to the service offerings under the Contract which is clearly distinguishable from other, non-DIR Contract offerings at Vendor's website. The website must include: the services offered, service specifications, Contract pricing, contact information for Vendor, instructions for obtaining quotes and placing Purchase Orders. The Vendor's website shall list the DIR Contract number, reference the DIR Go DIRect program, display the DIR logo in accordance with the requirements in paragraph D of this Section, and contain a link to the DIR website for the Contract. 2) Accurate and Timely Contract Information Vendor warrants and represents that the website information specified in the above paragraph will be accurately and completely posted, maintained and displayed in an objective and timely manner. Vendor, at its own expense, shall correct any non- conforming or inaccurate information posted at Vendor's website within ten (10) business days after written notification by DIR. 3) Website Compliance Checks Periodic compliance checks of the information posted for the Contract on Vendor's website will be conducted by DIR. Upon request by DIR, Vendor shall provide verifiable documentation that pricing listed upon this website is uniform with the pricing as stated within Section 4 of the Contract. 4) Website Changes Vendor hereby consents to a link from the DIR website to Vendor's website in order to facilitate access to Contract information. The establishment of the link is provided O I /07/US Page 3 of 16 Appendix A Standard Terms and Conditions For Services Contracts solely for convenience in carrying out the business operations of the State. DIR reserves the right to terminate or remove a link at any time, in its sole discretion, without advance notice, or to deny a future request for a link. DIR will provide Vendor with subsequent notice of link termination or removal. Vendor shall provide DIR with timely written notice of any change in URL or other information needed to access the site and/or maintain the link. 5) Use of Access Data Prohibited If Vendor stores, collects or maintains data electronically as a condition of accessing Contract information, such data shall only be used internally by Vendor for the purpose of implementing or marketing the Contract, and shall not be disseminated to third parties or used for other marketing purposes. The Contract constitutes a public document under the laws of the State and Vendor shall not restrict access to Contract terms and conditions including pricing, i.e., through use of restrictive technology or passwords. 6) Responsibility for Content Vendor is solely responsible for administration, content, intellectual property rights, and all materials at Vendor's website. DIR reserves the right to require a change of listed content if, in the opinion of DIR, it does not adequately represent the Contract. C. DIR Logo Vendor may use the DIR logo in the promotion of the Contract to Customers with the following stipulations: (i) the logo may not be modified in any way, (ii) when displayed, the size of the DIR logo must be equal to or smaller than the Vendor logo, (iii) the DIR logo is only used to communicate the availability of services under the Contract to Customers, and (iv) any other use of the DIR logo requires prior written permission from DIR. D. Vendor Logo D1R may use the Vendor's name and logo in the promotion of the Contract to communicate the availability of services under the Contract to Customers. Use of the logos may be on the DIR website or on printed materials. Any use of Vendor's logo by DIR must comply with and be solely related to the purposes of the Contract and any usage guidelines communicated to DIR from time to time. Nothing contained in the Contract will give DIR any right, title, or interest in or to Vendor's trademarks or the goodwill associated therewith, except for the limited usage rights expressly provided by Vendor. E. Trade Show Participation At DlR's discretion, Vendor may be required to participate in one or more DIR sponsored trade shows each calendar year. Vendor understands and agrees that participation, at the Vendor's expense, includes providing a manned booth display or similar presence. DIR will provide four months advance notice of any required participation. Vendor must display the DIR logo at all trade shows that potential Customers will attend. DIR reserves the right to approve or disapprove of the location or the use of the DIR logo in or on the Vendor's booth. U I /U7/t)R 13age 4 of 16 5. Q Appendix A Standard Terms and Conditions For Services Contracts F. Perfor►nance Review Meetings DIR will require the Vendor to attend periodic meetings to review the Vendor's performance under the Contract. The meetings will be held within the Austin, Texas area at a date and time mutually acceptable to DIR and the Vendor. DIR shall bear no cost for the time and travel of the Vendor for attendance at the meeting. G. DIR Cost Avoidance As part of the performance measures reported to state leadership, DIR must provide the cost avoidance the State has achieved through the Contract. Upon request by DIR, Vendor shall provide DIR with a detailed report of a representative sample of service sold under the Contract. The report shall contain: service description, list price, price to Customer under the Contract, and pricing from three (3) alternative sources under which DIR customers can procure the services. Purchase Orders, Invoices, and Payments A. Purchase Orders A11 Customer Purchase Orders will be placed directly with the Vendor. Accurate Purchase Orders shall be effective and binding upon Vendor when accepted by Vendor. B. Invoices 1) Invoices shall be submitted by the Vendor directly to the Customer and shall be issued in compliance with Chapter 2251, Texas Government Code. All payments for services purchased under the Contract and any provision of acceptance of such services shall be made by the Customer to the Vendor. 2) Invoices must be timely and accurate. Each invoice must match Customer's Purchase Order and include any written changes that may apply, as it relates to services, prices and quantities. Invoices must include the Customer's Purchase Order number or other pertinent information for verification of receipt of the services by the Customer. C. Payments Customers shall comply with Chapter 2251, Texas Government Code, in making payments to Vendor. Payment under the Contract shall not foreclose the right to recover wrongful payments. Contract Administration A. Contract Administrators DIR and the Vendor will each provide a Contract Administrator to support the Contract. Information regarding the Contract Administrators will be posted on the Internet website designated for the Contract. I) State Contract Administrator DIR shall provide a Contract Administrator whose duties shall include but not be limited to: i) supporting the marketing and management of the Contract, ii) advising DIR of Vendo' rs performance under the terms and conditions of the Contract, and iii) Page 5 of 16 Appendix A Standard Terms and Conditions For Services Contracts periodic verification of pricing and monthly reports submitted by Vendor. 2) Vendor Contract Administrator Vendor shall provide a dedicated Contract Administrator whose duties shall include bLit not be limited to: i) supporting the marketing and management of the Contract, ii) facilitating dispute resolution between Vendor and a Customer, and iii) advising DIR of Vendor's performance under the terms and conditions of the Contract. DIR reserves the right to require a change in Vendor's then -current Contract Administrator if the assigned Contract Administrator is not, in the opinion of DIR, adequately serving the needs of the State. B. Reporting and Administrative Fees 1) Reporting Responsibility a) Vendor shall be responsible for reporting all services purchased under the Contract. Vendor shall file the monthly reports, subcontract reports, and pay the administrative fees in accordance with the due dates specified in this section. b) DIR shall have the right to verify required reports and to take any actions necessary to enforce its rights under this section, including but not limited to, compliance checks of Vendor's applicable Contract books at DIR's expense. 2) Detailed Monthly Report Vendor shall electronically provide DIR with a detailed monthly report in the format required by DIR showing the dollar volume of any and all sales under the Contract for the previous month period. Reports shall be submitted to the DIR Go DIRect Coordinator. Reports are due on the fifteenth (15'h) calendar day after the close of the previous month period. The monthly report shall include, per transaction: the detailed sales for the period, Customer name, invoice date, invoice number, description, quantity, unit price, extended price, Customer Purchase Order number, contact name, Customer's complete billing address, and other information as required by DIR. Each report must contain all information listed above per transaction or the report will be rejected and returned to the Vendor for correction in accordance with this section. 3) Historically Underutilized Businesses Subcontract Reports a) Vendor shall electronically provide each Customer with their relevant Historically Underutilized Business Subcontracting Report, pursuant to the Contract, as required by Chapter 2161, Texas Government Code. Reports shall also be submitted to DIR. b) Reports shall be due in accordance with the CPA rules. 4) DIR Administrative Fee a) An administrative fee shall be paid by Vendor to DIR to defray the DIR costs of negotiating, executing, and administering the Contract. The administrative fee shall be specified in the Contract. Payment of the administrative fee shall be due on the fifteenth (15`") calendar day after the close of the previous month period. b) Vendor shall reference the DIR Contract number on any remittance instruments. Page 6 of 16 Appendix A Standard Terms and Conditions For Services Contracts 5) Accurate and Timely Submission of Reports a) The reports and administrative fees shall be accurate and timely and submitted in accordance with the due dates specified in this section. Vendor shall correct any inaccurate reports or administrative fee payments within three (3) business days upon written notification by DIR. Vendor shall deliver any late reports or late administrative fee payments within three (3) business days upon written notification by DIR. If Vendor is unable to correct inaccurate reports or administrative fee payments or deliver late reports and fee payments within three (3) business days, Vendor must contact DIR and provide a corrective plan of action, including the timeline for completion of correction. The corrective plan of action shall be subject to DIR approval. b) Should Vendor fail to correct inaccurate reports or cure the delay in timely delivery of reports and payments within the corrective plan of action timeline, DIR reserves the right to require an independent third party audit of the Vendor's records as specified in C.3 of this Section, at DIR's expense. C. Records and Audit 11 Acceptance of funds under the Contract by Vendor acts as acceptance of the authority of the State Auditor's Office, or any successor agency, to conduct an audit or investigation in connection with those funds. Vendor further agrees to cooperate fully with the State Auditor's Office or its successor in the conduct of the audit or investigation, including providing all records requested. Vendor will ensure that this clause concerning the authority to audit funds received indirectly by subcontractors through Vendor and the requirement to cooperate is included in any subcontract it awards pertaining to the Contract. Under the direction of the Legislative Audit Committee, a Vendor that is the subject of an audit or investigation by the State Auditor's Office must provide the State Auditor's Office with access to any information the State Auditor's Office considers relevant to the investigation or audit. 2) Vendor shall maintain adequate records to establish compliance with the Contract until the later of a period of four (4) years after termination of the Contract or until full, final and unappealable resolution of all Compliance Check or litigation issues that arise under the Contract. Such records shall include per transaction: Customer name, invoice date, invoice number, description, quantity, unit price, extended price, Customer Purchase Order number, contact name, Customer's complete billing address, the calculations supporting each administrative fee owed DIR under the Contract, Historically Underutilized Businesses Subcontracting reports, and such other documentation as DIR may request. 3) Vendor shall grant access to all paper and electronic records, books, documents, accounting procedures, practices and any other items relevant to the performance of the Contract to DIR, including the compliance checks designated by DIR, the State Auditor's Office and of the United States, and such other persons or entities designated by DIR for the purposes of inspecting, Compliance Checking and/or copying such books and records. Vendor shall provide copies and printouts requested by DIR without charge. DIR shall provide Vendor ten (10) business days' notice prior to inspecting, Compliance Checking, and/or copying Vendor's records. O1 /07/UR Page 7 of 16 Appendix A Standard Terms and Conditions For Services Contracts Vendor's records, whether paper or electronic, shall be made available during regular office hours. Vendor personnel familiar with the Vendor's books and records shall be available to DIR staff and designees as needed. Vendor shall provide adequate office space to DIR staff during the performance of Compliance Check, 4) For procuring State Agencies whose payments are processed by the Texas Comptroller of Public Accounts, the volume of payments made to Vendor through the Texas Comptroller of Public Accounts and the administrative fee based thereon shall be presumed correct unless Vendor can demonstrate to DIR's satisfaction that Vendor's calculation of DIR's administrative fee is correct. D. Contract Administration Notification 1) Upon execution of the Contract, Vendor shall provide DIR with written notification of the following: i) Vendor Contract Administrator name and contact information, ii) Vendor sales representative name and contact information, and iii) name and contact information of Vendor personnel responsible for submitting reports and payment of administrative fees. 2) Upon execution of the Contract, DIR shall provide Vendor with written notification of the following: i) DIR Contract Administrator name and contact information, and ii) DIR Go DIRect Coordinator name and contact information. 7. Vendor Responsibilities A. Indemnification 1) INDEPENDENT CONTRACTOR VENDOR AGREES AND ACKNOWLEDGES THAT DURING THE EXISTENCE OF THIS CONTRACT, IT IS FURNISHING SERVICES IN THE CAPACITY OF AN INDEPENDENT CONTRACTOR AND THAT VENDOR IS NOT AN EMPLOYEE OF THE CUSTOMER, DIR OR THE STATE OF TEXAS, 2) Acts or Omissions Vendor shall indemnify and hold harmless the State of Texas and Customers, AND/OR THEIR EMPLOYEES, AGENTS, REPRESENTATIVES, CONTRACTORS, ASSIGNEES, AND/OR DESIGNEES FROM ANY AND ALL LIABILITY, ACTIONS, CLAIMS, DEMANDS, OR SUITS, AND ALL RELATED COSTS, ATTORNEY FEES, AND EXPENSES arising out of, or resulting from any acts or omissions of the Vendor or its agents, employees, subcontractors, Order Fulfillers, or suppliers of subcontractors in the execution or performance of the Contract and any Purchase Orders issued under the Contract REGARDLESS OF THE NEGLIGENCE OF THE CUSTOMER, THE STATE OF TEXAS AND/OR THEIR EMPLOYEES, AGENTS, REPRESENTATIVES, CONTRACTORS, ASSIGNEES, AND/OR DESIGNEES, VENDOR SHALL PAY ALL COSTS OF DEFENSE INCLUDING ATTORNEYS FEES, THE DEFENSE SHALL BE COORDINATED BY THE OFFICE OF THE ATTORNEY GENERAL FOR (ll/tl7/OH Page 8 of 16 Appendix A Standard Terms and Conditions For Services Contracts TEXAS STATE AGENCY CUSTOMERS AND BY CUSTOMER'S LEGAL COUNSEL FOR NON -STATE AGENCY CUSTOMERS, 3) Infringements a) Vendor shall indemnify and hold harmless the State of Texas and Customers, AND/OR THEIR EMPLOYEES, AGENTS, REPRESENTATIVES, CONTRACTORS, ASSIGNEES, AND/OR DESIGNEES from any and all third party claims involving infringement of United States patents, copyrights, trade and service marks, and any other intellectual or intangible property rights in connection with the PERFORMANCES OR ACTIONS OF VENDOR PURSUANT TO THIS CONTRACT, VENDOR AND THE CUSTOMER AGREE TO FURNISH TIMELY WRITTEN NOTICE TO EACH OTHER OF ANY SUCH CLAIM. VENDOR SHALL BE LIABLE TO PAY ALL COSTS OF DEFENSE INCLUDING ATTORNEYS' FEES, THE DEFENSE SHALL BE COORDINATED BY THE OFFICE OF THE ATTORNEY GENERAL FOR TEXAS STATE AGENCY CUSTOMERS AND BY CUSTOMER'S LEGAL COUNSEL FOR NON -STATE AGENCY CUSTOMERS. b) If Vendor becomes aware of an actual or potential claim, or Customer provides Vendor with notice of an actual or potential claim, Vendor may (or in the case of an injunction against Customer, shall), at Vendor's sole option and expense: (i) procure for the Customer the right to continue to use the affected portion of the product or service, or (ii) modify or replace the affected portion of the product or service with functionally equivalent or superior product or service so that Customer's use is non - infringing. 4) PROPERTY DAMAGE IN THE EVENT OF LOSS, DAMAGE, OR DESTRUCTION OF ANY PROPERTY OF CUSTOMER OR THE STATE DUE TO THE NEGLIGENCE, MISCONDUCT, WRONGFUL ACT OR OMISSION ON THE PART OF THE VENDOR, ITS EMPLOYEES, AGENTS, REPRESENTATIVES, OR SUBCONTRACTORS, THE VENDOR SHALL PAY THE FULL COST OF EITHER REPAIR, RECONSTRUCTION, OR REPLACEMENT OF THE PROPERTY, AT THE CUSTOMER'S SOLE ELECTION, SUCH COST SHALL BE DETERMINED BY THE CUSTOMER AND SHALL BE DUE AND PAYABLE BY THE VENDOR NINETY (90) CALENDAR DAYS AFTER THE DATE OF THE VENDORS RECEIPT FROM THE CUSTOMER OF A WRITTEN NOTICE OF THE AMOUNT DUE. I3. Taxes/Worker's Compensation/UNEMPLOYMENT INSURANCE 01 /U7/Ot3 I) VENDOR AGREES AND ACKNOWLEDGES THAT DURING THE EXISTENCE OF THIS CONTRACT, VENDOR SHALL, BE ENTIRELY Page 9 of 16 Appendix A Standard Terms and Conditions For Services Contracts RESPONSIBLE FOR THE LIABILITY AND PAYMENT OF VENDOR'S AND VENDOR'S EMPLOYEES' TAXES OF WHATEVER KIND, ARISING OUT OF THE PERFORMANCES IN THIS CONTRACT, VENDOR AGREES TO COMPLY WITH ALL STATE AND FEDERAL LAWS APPLICABLE TO ANY SUCH PERSONS, INCLUDING LAWS REGARDING WAGES, TAXES, INSURANCE, AND WORKERS' COMPENSATION. VENDOR AGREES AND ACKNOWLEDGES THAT VENDOR ITS EMPLOYEES, REPRESENTATIVES, AGENTS OR SUBCONTRACTORS SHALL NOT BE ENTITLED TO ANY STATE BENEFIT OR BENEFIT OF ANOTHER GOVERNMENTAL ENTITY CUSTOMER, THE CUSTOMER AND/OR THE STATE SHALL NOT BE LIABLE TO THE VENDOR ITS EMPLOYEES, AGENTS, OR OTHERS FOR THE PAYMENT OF TAXES OR THE PROVISION OF UNEMPLOYMENT INSURANCE AND/OR WORKERS' COMPENSATION OR ANY BENEFIT AVAILABLE TO A STATE EMPLOYEE OR EMPLOYEE OF ANOTHER GOVERNMENTAL ENTITY CUSTOMER, 2) VENDOR AGREES TO INDEMNIFY AND HOLD HARMLESS CUSTOMERS, THE STATE OF TEXAS AND/OR THEIR EMPLOYEES, AGENTS, REPRESENTATIVES, CONTRACTORS, ASSIGNEES, AND/OR DESIGNEES FROM ANY AND ALL LIABILITY, ACTIONS, CLAIMS, DEMANDS, OR SUITS, AND ALL RELATED COSTS, ATTORNEY FEES, AND EXPENSES, RELATING TO TAX LIABILITY, UNEMPLOYMENT INSURANCE AND/OR WORKERS' COMPENSATION OR EXPECTATIONS OF BENEFITS BY VENDOR, ITS EMPLOYEES, REPRESENTATIVES, AGENTS OR SUBCONTRACTORS IN ITS PERFORMANCE UNDER THIS CONTRACT. VENDOR SHALL BE LIABLE TO PAY ALL COSTS OF DEFENSE INCLUDING ATTORNEYS' FEES, THE DEFENSE SHALL BE COORDINATED BY THE OFFICE OF THE ATTORNEY GENERAL FOR TEXAS STATE AGENCY CUSTOMERS AND BY CUSTOMER'S LEGAL COUNSEL FOR NON -STATE AGENCY CUSTOMERS. C. Vendor Certifications Vendor certifies that it: (i) has not given, offered to give, and does not intend to give at any time hereafter any economic opportunity, future employment, gift, loan, gratuity, special discount, trip, favor, or service to a public servant in connection with the Contract, (ii) is not currently delinquent in the payment of any franchise tax owed the State of Texas and is not ineligible to receive payment under §231.006 of the Texas Family Code and acknowledge the Contract may be terminated and payment withheld if this certification is inaccurate, (iii) neither they, nor anyone acting for them, have violated the antitrust laws of the United States or the State of Texas, nor communicated directly or indirectly to any competitor or any other person engaged in such line of business for the purpose of obtaining an unfair price advantage, (iv) has not received payment from DIR or any of its employees for participating in the preparation of the Contract, (v) under Section 2155.004, Texas Government Code, the vendor certifies that the individual or business entity named in this bid or contract is not ineligible to receive the specified contract and acknowledges that this contract may be terminated and Ul/O7/0H Page. 10416 Appendix A Standard "Terms and Conditions For Services Contracts payment withheld if this certification is inaccurate, (vi) to the best of their knowledge and belief, there are no suits or proceedings pending or threatened against or affecting them, which if determined adversely to them will have a material adverse effect on the ability to fulfill their obligations under the Contract, (vii) are not suspended or debarred from doing business with the federal government as listed in the Excluded Parties List System (EPLS) maintained by the General Services Administration, and (viii) as of the effective date of the Contract, are not listed in the prohibited vendors list authorized by Executive Order #13224, "Blocking Property and Prohibiting Transactions with Persons Who Commit, Threaten to Commit, or Support Terrorism ", published by the United States Department of the Treasury, Office of Foreign Assets Control. In addition, Vendor acknowledges the applicability of §2155.444 and §2155.4441, Texas Government Code, in fulfilling the terms of the Contract. D. Ability to Conduct Business in Texas Vendor shall be an entity authorized and validly existing under the laws of its state of organization, and shall be authorized to do business in the State of Texas. E. Equal Opportunity Compliance Vendor agrees to abide by all applicable laws, regulations, and executive orders pertaining to equal employment opportunity, including federal laws and the laws of the State in which its primary place of business is located. In accordance with such laws, regulations, and executive orders, the Vendor agrees that no person in the United States shall, on the grounds of race, color, religion, national origin, sex, age, veteran status or handicap, be excluded from employment with or participation in, be denied the benefits of, or be otherwise subjected to discrimination under any program or activity performed by Vendor under the Contract. If Vendor is found to be not in compliance with these requirements during the term of the Contract, Vendor agrees to take appropriate steps to correct these deficiencies. Upon request, Vendor will furnish information regarding its nondiscriminatory hiring and promotion policies, as well as specific information on the composition of its principals and staff, including the identification of minorities and women in management or other positions with discretionary or decision -making authority. F. Use of Subcontractors If Vendor uses any subcontractors in the performance of this Contract, Vendor must make a good faith effort in the submission of its Subcontracting Plan in accordance with the State's Policy on Utilization of Historically Underutilized Businesses. A revised Subcontracting Plan shall be required before Vendor can engage additional subcontractors in the performance of this Contract. Vendor shall remain solely responsible for the performance of its obligations under the Contract. G. Responsibility for Actions Vendor is solely responsible for its actions and those of its agents, employees, or subcontractors, and agrees that neither Vendor nor any of the foregoing has any authority to act or speak on behalf of DIR or the State. O1 /U7iUH Page 1 1 0l 16 O1 /07/O8 Appendix A Standard Terms and Conditions For Services Contracts H. Confidentiality 1) Vendor acknowledges that DIR is a government agency subject to the Texas Public Information Act. Vendor also acknowledges that DIR will comply with the Public Information Act, and with all opinions of the Texas Attorney General's office concerning this Act. 2) Under the terms of the Contract, DIR may provide Vendor with information related to Customers. Vendor shall not re -sell or otherwise distribute or release Customer information to any party in any manner. I. Security of Premises, Equipment, Data and Personnel Vendor may, from time to time during the performance of the Contract, have access to the personnel, premises, equipment, and other property, including data, files and /or materials (collectively referred to as "Data") belonging to the Customer. Vendor shall use their best efforts to preserve the safety, security, and the integrity of the personnel, premises, equipment, Data and other property of the Customer, in accordance with the instruction of the Customer. Vendor shall be responsible for damage to Customer's equipment, workplace, and its contents when such damage is caused by its employees or subcontractors. J. Background and/or Criminal History Investigation Prior to commencement of any services, background and/or criminal history investigation of the Vendor's employees and subcontractors who will be providing services to the Customer under the Contract may be performed by certain Customers having legislative authority to require such investigations. Should any employee or subcontractor of the Vendor who will be providing services to the Customer under the Contract not be acceptable to the Customer as a result of the background and/or criminal history check, then Customer may immediately terminate its Purchase Order and related Service Agreement or request replacement of the employee or subcontractor in question. K. Limitation of Liability For any claim or cause of action arising under or related to the Contract: i) none of the parties shall be liable to the other for punitive, special, or consequential damages, even if it is advised of the possibility of such damages; and ii) Vendor's liability for damages of any kind to the Customer shall be limited to the total amount paid to Vendor under the Contract during the twelve months immediately preceding the accrual of the claim or cause of action. L. Purchase of Commodity Items (Applicable to State Agency Purchases Only) 1) Texas Government Code, §2157.068 requires State agencies to buy commodity items, as defined in 7.L.2 below, in accordance with contracts developed by DIR, unless the agency obtains an exemption from DIR. 2) Commodity items are commercially available software, hardware and technology services that are generally available to businesses or the public and for which DIR determines that a reasonable demand exists in two or more state agencies. Hardware is the physical technology used to process, manage, store, transmit, receive or deliver information. Software is the commercially available programs that operate hardware Page 12 of 16 Appendix A Standard Terms and Conditions For Services Contracts and includes all supporting documentation, media on which the software may be contained or stored, related materials, modifications, versions, upgrades, enhancements, updates or replacements. Technology services are the services, functions and activities that facilitate the design, implementation, creation, or use of software or hardware. Technology services include seat management, staffing augmentation, training, maintenance and subscription services. Technology services do not include telecommunications services. Seat management is services through which a state agency transfers its responsibilities to a vendor to manage its personal computing needs, including all necessary hardware, software and technology services. 3) Vendor agrees to coordinate all State agency commodity item sales through existing DIR contracts. Institutions of higher education are exempt from Subsection 7.L. M. Overcharges Vendor hereby assigns to DIR any and all of its claims for overcharges associated with this contract which arise under the antitrust laws of the United States, 15 U.S.C.A, Section 1, et seq., and which arise under the antitrust laws of the State of Texas, Tex. Bus. and Comm. Code Section 15.01, et seq. N. Prohibited Conduct Vendor represents and warrants that, to the best of its knowledge as of the date of this certification, neither Vendor nor any Order Fulfiller, subcontractor, firm, corporation, partnership, or institution represented by Vendor, nor anyone acting for such Order Fulfiller, subcontractor, firm, corporation or institution has: (1) violated the antitrust laws of the State of Texas under Texas Business & Commerce Code, Chapter 15, or the federal antitrust laws; or (2) communicated its response to the Request for Offer directly or indirectly to any competitor or any other person engaged in such line of business during the procurement for the Contract. Contract Enforcement A. Enforcement of Contract and Dispute Resolution 1) Vendor and DIR agree to the following: (i) a party's failure to require strict performance of any provision of the Contract shall not waive or diminish that party's right thereafter to demand strict compliance with that or any other provision, (ii) for disputes not resolved in the normal course of business, the dispute resolution process provided for in Chapter 2260, Texas Government Code, shall be used, and (iii) actions or proceedings arising from the Contract shall be heard in a state court of competent jurisdiction in Travis County, Texas. 2) Disputes arising between a Customer and the Vendor shall be resolved in accordance with the dispute resolution process of the Customer that is not inconsistent with subparagraph A.1 above. DIR shall not be a party to any such dispute unless DIR, Customer, and Vendor agree in writing. 01/07/OK Page 13 of 16 Appendix A Standard Terms and Conditions For Services Contracts I3a Termination I) Termination for Non -Appropriation Customer may terminate Purchase Orders if funds sufficient to pay its obligations under the Contract are not appropriated by the governing body on behalf of local governments, or by the Texas legislature on behalf of state agencies. In the event of non -appropriation, Vendor will be provided ten (10) calendar days written notice of intent to terminate. Notwithstanding the foregoing, if a Customer issues a Purchase Order and has accepted delivery of the services, they are obligated to pay for those services. 2) Absolute Right DIR shall have the absolute right to terminate the Contract without recourse in the event that: i) Vendor becomes listed on the prohibited vendors list authorized by Executive Order #13224, 'Blocking Property and Prohibiting Transactions with Persons Who Commit, Threaten to Commit, or Support Terrorism ", published by the United States Department of the Treasury, Office of Foreign Assets Control, or ii) Vendor becomes suspended or debarred from doing business with the federal government as listed in the Excluded Parties List System (EPLS) maintained by the General Services Administration. Vendor shall be provided written notice in accordance with Section 9.A, Notices, of intent to terminate. 3) Termination for Convenience DIR or Vendor may terminate the Contract, in whole or in part, by giving the other party thirty (30) calendar days written notice. A Customer may terminate a Purchase Order if it is determined by the Customer that Vendor will not be able to deliver services in a timely manner to meet the business needs of the Customer. 4) Termination for Cause a) Contract Either DIR or Vendor may issue a written notice of default to the other upon the occurrence of a material breach of any covenant, warranty or provision of the Contract. The non -defaulting party shall give the defaulting party thirty (30) calendar days from receipt of notice to cure said default. If the defaulting party fails to cure said default within the timeframe allowed, the non -defaulting party may, at its option and in addition to any other remedies it may have available, cancel and terminate the Contract. Customers purchasing services under the Contract have no power to terminate the Contract for default. b) Purchase Order Customer or Vendor may terminate a Purchase Order upon the occurrence of a material breach of any term or condition: (i) of the Contract, or (ii) included in the Purchase Order in accordance with Section 3.13.2 above. The non -defaulting party shall give the defaulting party thirty (30) calendar days from receipt of notice to cure said default. If the defaulting party fails to cure said default within the timeframe allowed, the non -defaulting party may, at its option and in addition to any other remedies it may have available, cancel and terminate the Purchase Order. O1/U7/08 Page 14 of 16 Appendix A Standard Terms and Conditions For Services Contracts 5) Customer Rights Under Termination In the event the Contract expires or is terminated for any reason, a Customer shall retain its rights under the Contract and the Purchase Order issued with respect to all services ordered and accepted prior to the effective termination date. 6) Vendor Rights Under Termination In the event a Purchase Order is terminated or the Contract expires or is terminated for any reason, a Customer shall pay all amounts due for services ordered prior to the effective termination date and ultimately accepted. C. Force Majeure DIR, Customer, or Vendor may be excused from performance under the Contract for any period when performance is prevented as the result of an act of God, strike, war, civil disturbance, epidemic, or court order, provided that the party experiencing the event of Force Majeure has prudently and promptly acted to take any and all steps that are within the party's control to ensure performance and to shorten the duration of the event of Force Majeure. The party suffering an event of Force Majeure shall provide notice of the event to the other parties when commercially reasonable. Subject to this provision, such non-performance shall not be deemed a default or a ground for termination. However, a Customer may terminate a Purchase Order if it is determined by the Customer that Vendor will not be able to deliver services in a timely manner to meet the business needs of the Customer. 9. Notification A. Notices All notices, demands, designations, certificates, requests, offers, consents, approvals and other instruments given pursuant to the Contract shall be in wrng and shall be validly given on: (i) the date of delivery if delivered by email, facsimile transmission, mailed by registered or certified mail, or hand delivered, or (ii) three business days after being mailed via United States Postal Service. All notices under the Contract shall be sent to a party at the respective address indicated in Section 6 of the Contract or to such other address as such party shall have notified the other party in writing. B. Handling of Written Complaints In addition to other remedies contained in the Contract, a person contracting with DIR may direct their written complaints to the following office: Public Information Office Department of Information Resources Attn: Public Information Officer 300 W. 151h Street, Suite 1300 Austin, Texas 78701 (512) 4754759, facsimile. Ot/C17/Oti Page IS oC 16 Appendix A Standard Terms and Conditions For Services Contracts 100 Captions The captions contained in the Contract and its Appendices are intended for convenience and reference purposes only and shall in no way be deemed to define or limit any provision thereof t)1 /t>7/OS Page 16 of 16 APPENDIX D PRICING AND SERVICES INDEX (Revised per Amendment No. 1) - Customer Discount Security Services Categories Small Customer Medium Customer Large Customer D/R Managed IT Security Services A. Extemal controlled penetration testing 1. Scanning 25% 25% 25% 2. Penetration testing 25% 25% 25% 3. WAR Dialing 25% 25% 25% 4. WAR Driving 25% 25% 25% 5. Social Engineering 25% 25% 25% 6. Applications Assessment 25% 25% 25% IT Security Services A. Security Governance and Advisory Services 1. Texas Administrative Code, Chapter 202 25% 25% 25% 2. Texas Government Code, Chapter 2059 25% 25% 25% B. Infrastructure Services 1. Firewall and VPN policy and architecture review 25% 25% 25% 2. IDS/IPS policy and architecture review 25% 25% 25% 3. Access control/identity management review/integration services 25% 25% 25% 4. Network architecture review 25% 25% 25% 5. Host hardening and secure build development 25% 25% 25% C. Risk and Vu/nsrq Assessment Services I. Perimeter vulnerability scans 25% 25% 25% 2. Perimeter penetration scans 25% 25% 25% 3. Internal network vulnerability assessments 25% 25% 25% 4. Network risk assessments 25% 25% 25% 5. Host vulnerability assessments 25% 25% 25% 6. Host risk assessments 25% 25% 25% 7. Applications architecture assessment 25% 25% 25 % 8. Applications penetration testing 25% 25% 25% 9. Secure code reviews 25% 25% 25% 10. Commercial product assessment 25% 25% 25% 19. Data security assessment 25% 25% 25% D. Secuft TMInft Services ; 1. Security Policy and Guideline Development 25% M&C Review COUNCIL ACTION: Appraved on '12l812009 DATE: 12/8/2009 REFERENCE NO.: CODE: C TYPE: C-23956 LOG NAME: 04CIBER BIA NON -CONSENT PUBLIC HEARING: NO SUBJECT: Authorize Execution of a Professional Services Agreement with Ciber, Inc., for a Business Impact Analysis Using a State of Texas Department of Information Resources Contract for the Information Technology Solutions Department at a Cost Not to Exceed $160,000.00 RECOMMENDATION: It is recommended that the City Council authorize a professional services agreement with Ciber, Inc., for a Business Impact Analysis using State of Texas Department of Information Resources Contract No. DIR-SDD-685 for the Information Technology Solutions Department at a cost not to exceed $160,000.00. DISCUSSION• A Business Impact Analysis (BIA) is the first step in the development of a comprehensive disaster recovery strategy. The objective of this BIA is to provide recommendations that will enhance the recovery of the City's critical functions and information technology in the event of a disaster or significant outage. The BIA will identify and document critical City functions in the departments which depend on information technology services. It will document the impact to the City staff and citizens if these critical functions were interrupted or degraded because of an interruption of critical information technology services. It will identify the critical resources required to support the necessary information technology services. This includes a risk assessment of both City operations and the underlying required technology infrastructure. Finally, it will provide ahigh-level road -map to address remediation of any gaps between the documented business continuity requirements and the City's current capabilities. During the annual audit of the Comprehensive Annual Financial Report, lack of a comprehensive disaster recovery plan was identified as an area that needed to be improved. Funding is provided by Homeland Security Grant. State of Texas Department of Information Resources (DIR) is authorized to offer the cooperative purchasing program to state agencies, public insitutions of higher learning, public school districts and local governments. Pursuant to Government Code Section 2054.0565(b), a political subdivision that purchase goods or services under a DIR Contract satisfies otherwise applicable competitive bidding requirements. ADMINISTRATIVE CHANGE ORDER - An administrative change order or increase may be made by the City Manager for an amount up to $25,000.00 and does not require specific City Council approval as long as sufficient funds have been appropriated. M/WBE - An M/WBE goal is not assigned when making a purchase using an approved purchasing cooperative or other public entity. FISCAL INFORMATION/CERTIFICATION: http://apps.cfwnet.org/council packet/mc_review.asp?ID=125388ccouncildate=l2/8/2009 (1 of 2) [12/9/2009 10:13:59 AM] M&C Review The Finaiicial Management Services Director certifies that funds are available in the current operating budget, as appropriated, of the Grants Fund. TO Fund/Account/Centers Submitted for City Manager°s Office J. Originating Department Head: Additional Information Contact: FROM Fund/Account/Centers GR76 539120 004442329050 Karen Montgomery (6222) Peter Anderson (8781) Steve Streiffert (2221) http://apps.cfwnet.org/council packet/mc_review.asp?ID=12538&councildate=l2/8/2009 (2 of 2) [12/9/2009 10:13:59 AM]