HomeMy WebLinkAboutContract 34777CITY SECRETAR�'���
GONTf�A�T �lC� , �--
LIMITED ACCESS AGREEMENT
This LIMITED ACCESS AGREEMENT ("Agreement") is made and entered into by and
between the CITY OF FORT WORTH ("City"), a home rule municipal corporation organized
under the laws of the State of Texas and situated in portions of Tarrant, Denton and Wise
Counties, Texas, and PAS Communications, hereinafter ("Contractor"), an individually owned
company.
The following statements are true and correct and form the basis of this Agreement:
WHEREAS:
A. The City owns and operates a file server computer system and network (collectively the
"Network").
B. Contractor has entered into a contract with the City, to work with the Government
Relations Office
C. In order to perform the necessary duties, Contractor needs access to City's e-mail
system to access e-mail to and from Pat Svacina, internet access, intranet access, and
office computer programs ("Network").
D. The City is willing to grant Contractor access to the Network, subject to the terms and
conditions set forth in this Agreement, and in the City's standard outside connections
policy, ("Extranet Standard") attached as Exhibit "A" and hereby incorporated by
reference and made a part of this Agreement for all purposes herein.
NOW, THEREFORE, the City and Contractor hereby agree as follows:
1. GRANT OF LIMITED ACCESS.
Contractor is hereby granted a limited right of access to the City's Network for the sole
purpose of performing its agreement with City. Contractor can only enter the Network via the
City's computer system; therefore, the City will provide Contractor with a password and access
number or numbers as necessary to perform Contractor's duties.
2. NETWORK RESTRICTIONS.
2.1. Contractor may not share any passwords or access number or numbers provided
by the City except with Contractor's officers, agents, servants or employees who work
directly with this project.
2.2. Contractor may not access the Network for any purpose other than those set
forth in Section B of this Agreement.
2.3. Contractor acknowledges, agrees and hereby gives its authorization to the City to
monitor Contractor's use of the City's Network in order to ensure Contractor's
compliance with this Agreement.
Y.__....__..
�.:% ���'(^� t �� � ^� :'��
� �c;! ��'s��v';��0'
'����1� J���?i� %'1���
��;.r;�;�., �
' �`�J�1i�Jl;� ��L�i�
2.4. A breach by Contractor, its officers, agents, servants or employees, of this
Agreement and any other written instructions or guidelines that the City provides to
Contractor pursuant to this Agreement shall be grounds for the City immediately to deny
Contractor access to the Network and Contractor's Data in addition to any other
remedies that the City may have under this Agreement or at law or in equity.
2.5. The City may terminate this Agreement at any time and for any reason.
3. LIABILITY AND INDEMNIFICATION.
SUBJECT TO THE L/MITATION OF L/AB/LITY SET FORT BELOW, CONTRACTOR
SHALL BE L/ABLE AND RESPONS/BLE FOR ALL DAMAGES THAT THE C/TY MAY /NCUR
D/RECTLY ON ACCOUNT OF ANY BREACH OF TH/S AGREEMENT BY CONTRACTOR,
ITS OFFICERS, AGENTS, SERVANTS OR EMPLOYEES. THE CITY, lTS OFF/CERS,
AGENTS, SERVANTS AND EMPLOYEES, SHALL NOT BE LIABLE FOR ANY DAMAGES
THAT CONTRACTOR MAY /NCUR AS A RESULT OF THE CITY'S RESTR/CTIONS TO OR
DEN/AL OF ACCESS TO CONTRACTOR'S DATA ON ACCOUNT OF ANY BREACH OF
TH/S AGREEMENT BY CONTRACTOR, lTS OFF/CERS, AGENTS, SERVANTS OR
EMPLOYEES, OR FOR ANY REASONABLE SECUR/TY MEASURES TAKEN BY THE CITY,
lN ADD/T/ON, CONTRACTOR SHALL BE LIABLE AND RESPONS/BLE FOR ANY
AND ALL PROPERTY LOSS, PROPERTY DAMAGE AND/OR PERSONAL INJURY,
INCLUD/NG DEATH, AND ALL CLA/MS, DEMANDS AND JUDGMENTS THEREFOR, TO
THE EXTENT CAUSED BY THE NEGLIGENT ACT(S) OR OMISS/ON(S) OR /NTENT/ONAL
M/SCONDUCT OF CONTRACTOR, lTS OFFICERS, AGENTS, SERVANTS AND/OR
EMPLOYEES. CONTRACTOR, AT CONTRACTOR'S OWN COST OR EXPENSE, HEREBY
AGREES TO /NDEMN/FY, DEFEND AND HOLD HARMLESS THE CITY, lTS OFF/CERS,
AGENTS, SERVANTS AND/OR EMPLOYEES FROM AND AGA/NST ANY CLA/M,
LAWSUIT, DEMAND OR OTHER ACTION TO THE EXTENT THAT THE SAME AR/SES
FROM THE NEGL/GENT ACT(S) OR OMISS/ON(S) OR /NTENT/ONAL MISCONDUCT OF
CONTRACTOR, lTS OFFICERS, AGENTS, SERVANTS OR EMPLOYEES,
4. UNUATHORIZED ACCESS.
Contractor, for itself and its officers, agents and employees, agrees that it shall treat all
information to which it is given access, or information that is provided to it by the City as
confidential and shall not disclose any such information to a third party without the prior written
approval of the City. Contractor shall only access City Information in a secure manner and
shall not allow unauthorized users to view, access, modify, delete or otherwise corrupt City
Information in any way. Contractor shall notify the City immediately if the security or integrity of
any City information has been compromised or is believed to have been compromised.
5. AGREEMENT CUMULATIVE.
This Agreement is cumulative of and in addition to any written contracts, agreements,
understandings or acknowledgments with the City signed by Contractor. To the extent that any
term or condition of this Agreement conflicts with any term or condition of City Secretary
Contract No. 34402, City Secretary Contract No. 34402 shall control.
lV�����7JG�`!` �:Sv�%�U -
� ;;,� /-', � �� ,n1`!�
1N ��� � � ,�! i i�( I,I
v v..l: U� a..
�� `:'�'';���:�w � s�
� i ��c•a�
6. ENTIRE AGREEMENT.
The terms of this Agreement shall not be waived, altered, modified, supplemented, or
amended in any manner except by written instrument signed by an authorized representative of
both the City and Contractor. This Agreement and any other documents incorporated herein by
reference constitute the entire understanding and Agreement between the City and Contractor
as to the matters contained herein regarding Contractor's access to and use of the City's
Network. The signature below of an authorized representative acknowledges that the Contractor
has read this Agreement and agrees to be bound by terms and conditions set forth herein.
IN ITN SS WHE OF, the arties hereto have ecuted this Agreement on this
day of I� , 20 �.
CITY OF F�JRT VI
/ ��
By: -=- �° ,--�
Assi � City
�
Date: l �
ATTEST:
By:
City Secretary
Date:
H:
t�
er
M & C: none reauired
APPROVED TO F AND LEGALITY:
By:
Assistant City Attorney
Date: � �3 (� %
C R CT R:
��
at Svacina
Date. 7 ��� �
�,�,�I{�`7 �y�(l, ��1I n � �, -.,^, ��I!/
�V'r �1 � �.� ) JZ ;�. J: ��'V v �� ���✓
v��l� �}�l;!°���'�-`�:�1�� .
� �J� `.'�.^' �-;;'U r,c.;.;, r
��:�� i :n; s �.�,•
EXHIBIT "A"
EXTRANET STANDARD
Overview
The purpose of this standard is to establish the requirements under which third party
organizations may connect to the City of Fort Worth networks for the purpose of transacting City
business. The standards listed are specific activities required by Section 2.2 of the City of Fort
Worth Information Security Policy.
Scope
Connections between third parties that require access to non-public City of Fort Worth
resources fall under this standard, regardless of whether a telecommunications circuit (such as
frame relay or ISDN) or Virtual Privacy Network (VPN) technology is used for the connection.
Connectivity to third parties such as the Internet Service Providers (ISPs) that provide Internet
access for the City of Fort Worth or to the Public Switched Telephone Network do not fall under
this standard.
Standard
Securitv Review
All new extranet connectivity will go through a security review with the Information Security
department (IT Solutions). The reviews are to ensure that all access matches the business
requirements in a best possible way, and that the principle of least access is followed.
Third Partv Connection Aqreement
All new connection requests between third parties and the City of Fort Worth require that the
third party and the City of Fort Worth representatives agree to and sign a third party agreement.
This agreement must be signed by the Director of the sponsoring organization as well as a
representative from the third party who is legally empowered to sign on behalf of the third party.
The signed document is to be kept on file with IT Solutions. All documents pertaining to
connections into the City of Fort Worth labs are to be kept on file with IT Solutions.
Business Case
All production extranet connections must be accompanied by a valid business justification, in
writing, that is approved by a project manager in IT Solutions. Lab connections must be
approved by IT Solutions. Typically this function is handled as part of a third party agreement.
The sponsoring organization must designate a person to be the Point of Contact (POC) for the
Extranet connection. The POC acts on behalf of the sponsoring organization, and is responsible
for those portions of this policy and the third party agreement that pertain to it. In the event that
the POC changes, IT Solutions must be informed promptly.
Establishinq Connectivitv
Sponsoring organizations within the City of Fort Worth that wish to establish connectivity to a
third party are to file a new site request with IT Solutions to address security issues inherent in
the project. If the proposed connection is to terminate within a lab at the City of Fo-�la�-�-m.=__-___,
r•. „�
� r� � r,,^ �.
�' ;�; '�,, ],';;� � ,�'s �� NJ � D�
����c% ������?L����' 1�,
4 f� ����:,�.C,;�U ����
�3 �
� v!. P �:,-+{�
sponsoring organization must engage IT Solutions. The sponsoring organization must provide
full and complete information as to the nature of the proposed access to the extranet group and
IT Solutions, as requested.
All connectivity established must be based on the least-access principle, in accordance with the
approved business requirements and the security review. In no case will the City of Fort Worth
rely upon the third party to protect the City of Fort Worth's network or resources.
Modifyinq or Chanqinq Connectivitv and Access
All changes in access must be accompanied by a valid business justification, and are subject to
security review. Changes are to be implemented via corporate change management process.
The sponsoring organization is responsible for notifying IT Solutions when there is a material
change in their originally provided information so that security and connectivity evolve
accordingly.
Terminatinq Access
When access is no longer required, the sponsoring organization within the City of Fort Worth
must notify IT Solutions, which will then terminate the access. This may mean a modification of
existing permissions up to terminating the circuit, as appropriate. IT Solutions must conduct an
audit of their respective connections on an annual basis to ensure that all existing connections
are still needed, and that the access provided meets the needs of the connection. Connections
that are found to be deprecated, and/or are no longer being used to conduct the City of Fort
Worth business, will be terminated immediately. Should a security incident or a finding that a
circuit has been deprecated and is no longer being used to conduct the City of Fort Worth
business necessitate a modification of existing permissions, or termination of connectivity, IT
Solutions will notify the POC or the sponsoring organization of the change prior to taking any
action.
Definitions
Circuit For the purposes of this policy, circuit refers
network access, whether it's through traditional
etc. or via VPN encryption technologies.
Sponsoring Organization
Third Party
to the method of
ISDN, Frame Relay
The City of Fort Worth organization that requested that the third
party have access to the City of Fort Worth network.
A business that is not a formal or subsidiary part of the City of Fort
Worth.