The URL can be used to link to this page

Home My WebLink AboutContract 52378 weaver Austin Conroe I Dallas I Fort Worth I Houston Los Angeles Midland I New York City I San Antonio Assurance-Tax•Advisory CITY May 20,2019 ��0�� C�TRACT NO.- 5a373 Ms.Susan Alanis G\`yOS�GQ Assistant City Manager City of Fort Worth 200 Texas Street Fort Worth,TX 76102 Dear Ms. Alanis: We look forward to the opportunity to provide Payment Card Industry (PCI) Data Security Standard (DSS)Self-Assessment Questionnaire (SAQ) D readiness and consulting services to City of Fort Worth ("the City").This letter is to confirm our engagement to provide PCI DSS SAQ-D readiness and consulting, including scoping, services; and to set the scope, responsibilities, timing and fee arrangements. This engagement will be executed under Weaver's cooperative purchasing agreement through the State of Texas Department of Information Resources (DIR), contract number DIR-TSO-3877. Your IT Advisory Partner will be Brian Thomas. Scope of Services We will perform professional services that will assist the City in meeting its PCI DSS objectives. We will remain independent throughout the engagement and will not perform management functions, make management decisions or act or appear to act in a capacity equivalent to that of an employee, outside of the PCI DSS consulting role you have directed us to perform. We will work closely with management personnel, as needed, to provide guidance or advice on PCI DSS related matters. Our services will be conducted in accordance with Statements of Standards for Consulting Services issued by the AICPA Management Consulting Services Executive Committee. This engagement is not to perform an audit of the financial statements of the City and we will not express an opinion or any other form of assurances on them. Our engagement cannot be relied on to disclose errors, fraud, or other illegal acts that may exist within the City. However, we will inform you of any such matters that come to our attention. We will not provide a report of our findings unless otherwise discussed and agreed upon. Functions and Responsibilities The purpose of our engagement is to advise you in PCI DSS related matters as needed to aid the City in achieving its business and risk management objectives. Management is responsible for establishing and monitoring a system of internal control and the security of its systems.Additionally, { � y management is responsible for approving the scope of our services and for evaluating and approving the adequacy of our plan, the procedures to be performed, evaluating the findings i ex and recommendations resulting from our procedures and the actions,if any, necessary to respond to the findings and recommendations. 3 The City is also responsible for management decisions and functions; for designated an individual V LL with suitable skill, knowledge, or experience, to oversee our services and any other non-attest services we may provide; and for evaluating the adequacy and results of those services and accepting responsibility for them. Weaver and Tidwell, I.L.P. 2821 West 7th Street,Suite 700 ( Fort Worth,Texas 76107 Main:817.332.7905 1 Fax:817.429.5936 CPAs AND ADVISORS I WEAVER.COM Ms. Susan Afanis City of Fort Worth May 14, 2019 Page 2 Timing and Delivery of Services The services defined in the scope will start upon execution of this agreement and will be performed in June and July 2019. We will conduct our procedures at your local office in Fort Worth, Texas and from our offices. We will, at all times, coordinate the location of our work with your staff to provide the least disruption of the City's day-to-day operations. All information concerning the business, customers, products, processes and trade secret information of City and City's client ("Confidential Information") disclosed to us during the course of our work under this scope is confidential to City, shall be used by us for the sole purpose of performing the services and shall be disclosed to our employees on a need to know basis and shall not be disclosed by us to any third party without the prior written consent of City. All Confidential Information shall remain the property of City (or City's client, as the case may be) and shall be deemed to have been entrusted to us only for the limited purposes of performing work pursuant to this Agreement, and we will not, without the prior written consent of City use, reproduce or copy, or permit the use, reproduction or copying of any Confidential Information; provided, however, that we may make adequate reproductions and copies for the purpose of carrying out the audit. All Confidential Information received or created by us and any reproductions or copies thereof made by us shall be delivered to City at any time prior to termination of this Agreement at the request of City and shall be delivered to City immediately upon termination of this Agreement. Nothing contained in this Agreement or in any disclosures made by City under it shall be construed as granting us any license or other rights of City in or to Confidential Information or under any copyright or patent which has been or may in the future be issued with respect to Confidential Information. Accordingly, we maintain internal policies, procedures and safeguards to protect the confidentiality of your company and personal information. In addition, we will secure confidentiality agreements with all service providers to maintain the confidentiality of your information and we will take reasonable precautions to determine that they have appropriate procedures in place to prevent the unauthorized release of your confidential information to others. Furthermore, the firm will remain responsible for the work provided by any such third-party service providers Dispute Resolution In the unlikely event that circumstances occur which we in our sole discretion believe could create a conflict with either the ethical standards of our firm or the ethical standards of our profession in continuing our engagement, we may suspend our services until a satisfactory resolution can be achieved or we may resign from the engagement. We will notify you of such conflict as soon as practicable, and will discuss with you any possible means of resolving them prior to suspending our services. The hiring of or potential employment discussions with any of our personnel could impair our independence. Accordingly, you agree to inform the engagement partner prior to any such potential employment discussions taking place. Ms.Susan Alanis City of Fort Worth May 14, 2019 Page 3 Both of us agree that any dispute between you and Weaver and Tidwell, L.L.P., arising from the engagement,this agreement, or the breach of it, may, if negotiations and other discussion fail be first submitted to mediation in accordance with the provisions of the Commercial Mediation Rules of the American Arbitration Association (AAA) then in effect. Both of us agree to conduct any mediation in good faith and make reasonable efforts to resolve any dispute by mediation. We agree to conduct the mediation in Fort Worth, Texas or another mutually agreed upon location. The prevailing party in any litigation shall be entitled to recover from the other party court costs and reasonable attorneys' and expert witness fees incurred in the litigation in addition to any other relief that may be awarded. If any term of this engagement letter is declared illegal, unenforceable, or unconscionable, that term shall be severed and the remaining terms of the engagement letter shall remain in force. Both of us agree that the Court should modify any term declared to be illegal, unenforceable, or unconscionable in a manner that will retain the intended term as closely as possible. If a dispute arising from the engagement or from this agreement or any term of it or any alleged breach of it is submitted to a Court for interpretation or adjudication, both of us irrevocably waive the right to trial by jury and agree that the provisions of this engagement letter regarding damages,attorneys' fees, and expenses shall be applied and enforced by the Court. During the course of the engagement,we may communicate with you or with your personnel via fax or email, and you should be aware that communication in those mediums contains a risk of misdirected or intercepted communications. Fees for Services Our fees for the PCI DSS SAQ-D readiness and consulting,including scoping,services will be based upon our actual time incurred at the agreed upon fee of $19,500. All hours and work schedules will be coordinated with management to ensure the goals of the City are achieved. If significant additional time is necessary, we will keep you informed of any problems we encounter and our fees may be adjusted accordingly. We make the following assumptions in performing the engagement: 1. Weaver will not issue a PCI Report on Compliance (ROC) for the City. 2. Weaver will not issue a PCI Attestation of Compliance (AOC) for Self-Assessment Questionnaire (SAQ) D for the City. 3. Procedures to evaluate remediation efforts or re-performance of procedures for failed PCI requirements will be subject to additional fees and based on scheduling constraints. Our fees will be billed as work progresses. Payment for our services is due upon receipt of our invoices. For bills not paid within 60 days of the billing date, a late charge will be added to the outstanding balance. The late charge will be assessed at .5% on the unpaid balance per month. It is understood that neither our fees nor the payment thereof will be contingent upon the results of our services. Ms. Susan Alanis City of Fort Worth May 14, 2019 Page 4 We appreciate the opportunity to be of service to you and believe this letter accurately summarizes the significant terms of our engagement.If you have any questions,please let us know. If you agree with the terms of our engagement as described in this letter, please sign the enclosed copy and return it to us. Sincerely, L.cJD.Cr.GcP�i u4 J wo, p , P WEAVER AND TIDWELL, L.L.P. RESPONSE: The services described in this letter are in accordance with our agreement.The terms described are acceptable to me and are hereby agreed to. Accepted by: City of Fort Worth Officer signature:_ Title: Su"n Date: s Attested by Mary J. Kay r, i Secretary , a Jc� B• Strong, ista t C�lty A ftornC3' OFFICIAL RECORD CITY SECRETARY FT. WORTH,TX Weaver and Tidwell,LLP Letter of Engagement for PCI Readiness Contract Compliance Manager: By signing I acknowledge that I am the person responsible for the monitoring and administration of this contract, including ensuring all performance and reporting requirements. Z—'6 S eve Streiffert Assistant Director, IT Solutions Department OFFICIAL RECORD CITY SECRETARY FT. WORTH,TX