The URL can be used to link to this page

Home My WebLink AboutContract 45189-AD1 (2)• CITY SECRETARY us/ nal. FEDERAL BUREAU OF TNVFSTrr aTrnNCCINrRACT NO2 CRIMINAL JUSTICE INFORMATION SERVICES SECURITY ADDENDUM Legal Authority for and Purpose and Genesis of the Security Addendum Traditionally, law enforcement and other criminal justice agencies have been responsible for the confidentiality of their information. Accordingly, until mid-1999, the Code of Federal Regulations Title 28, Part 20, subpart C, and the National Crime Information Center (NCIC) policy paper approved December 6, 1982, required that the management and exchange of criminal justice information be performed by a criminal justice agency or, in certain circumstances, by a noncriminal justice agency under the management control of a criminal justice agency. In light of the increasing desire of governmental agencies to contract with private entities to perform administration of criminal justice functions, the FBI sought and obtained approval from the United States Department of Justice (DOJ) to permit such privatization of traditional law enforcement functions under certain controlled circumstances. In the Federal Register of May 10, 1999, the FBI published a Notice of Proposed Rulemaking, announcing as follows: 1. Access to CHRI [Criminal History Record Information] and Related Information, Subject to Appropriate Controls, by a Private Contractor Pursuant to a Specific Agreement with an Authorized Governmental Agency To Perform an Administration of Criminal Justice Function (Privatization). Section 534 of title 28 of the United States Code authorizes the Attorney General to exchange identification, criminal identification, crime, and other records for the official use of authorized officials of the federal government, the states, cities, and penal and other institutions. This statute also provides, however, that such exchanges are subject to cancellation if dissemination is made outside the receiving departments or related agencies. Agencies authorized access to CHRI traditionally have been hesitant to disclose that information, even in furtherance of authorized criminal justice functions, to anyone other than actual agency employees lest such disclosure be viewed as unauthorized. In recent years, however, governmental agencies seeking greater efficiency and economy have become increasingly interested in obtaining support services for the administration of criminal justice from the private sector. With the concurrence of the FBI's Criminal Justice Information Services (CJIS) Advisory Policy Board, the DOJ has concluded that disclosures to private persons and entities providing support services for criminal justice agencies may, when subject to appropriate controls, properly be viewed as permissible disclosures for purposes of compliance with 28 U.S.C. 534. We are therefore proposing to revise 28 CFR 20.33(a) (7) to provide express authority for such arrangements. The proposed authority is similar to the authority that already exists in 28 CFR 20.21(b)(3) for state and local CHRI systems. Provision of CHRI under this authority would only be permitted pursuant to a specific agreement with an authorized governmental C SCANNED [Ft MOrculgilf, 710,1 .1 i!\� rat BEIGE:NED AEG 20 2015 CO.VOZ \1\100 agency for the purpose of providing services for the administration of criminal justice. The agreement would be required to incorporate a security addendum approved by the Director of the FBI (acting for the Attorney General). The security addendum would specifically authorize access to CHRI, limit the use of the information to the specific purposes for which it is being provided, ensure the security and confidentiality of the information consistent with applicable laws and regulations, provide for sanctions, and contain such other provisions as the Director of the FBI (acting for the Attorney General) may require. The security addendum, buttressed by ongoing audit programs of both the FBI and the sponsoring governmental agency, will provide an appropriate balance between the benefits of privatization protection of individual privacy interests, and preservation of the security of the FBI's CHRI systems. The FBI will develop a security addendum to be made available to interested governmental agencies. We anticipate that the security addendum will include physical and personnel security constraints historically required by NCIC security practices and other programmatic requirements, together with personal integrity and electronic security provisions comparable to those in NCIC User Agreements between the FBI and criminal justice agencies, and in existing Management Control Agreements between criminal justice agencies and noncriminal justice governmental entities. The security addendum will make clear that access to CHRI will be limited to those officers and employees of the private contractor or its subcontractor who require the information to properly perform services for the sponsoring governmental agency, and that the service provider may not access, modify, use or disseminate such information for inconsistent or unauthorized purposes. Consistent with such intent, Title 28 of the Code of Federal Regulations (C.F.R.) was amended to read: § 20.33 Dissemination of criminal history record information. a) Criminal history record information contained in the Interstate Identification Index (III) System and the Fingerprint Identification Records System (FIRS) may be made available: 1) To criminal justice agencies for criminal justice purposes, which purposes include the screening of employees or applicants for employment hired by criminal justice agencies. 2) To noncriminal justice governmental agencies performing criminal justice dispatching functions or data processing/information services for criminal justice agencies; and 3) To private contractors pursuant to a specific agreement with an agency identified in paragraphs (a)(1) or (a)(6) of this section and for the purpose of providing services for the administration of criminal justice pursuant to that agreement. The agreement must incorporate a security addendum approved by the Attorney General of the United States, which shall specifically authorize access to criminal history record information limit the use of the information to the purposes for which it is provided, ensure the security and confidentiality of the information consistent with these regulations provide for sanctions, and contain such other provisions as the Attorney General may require. The power and authority of the Attorney General hereunder shall be exercised by the FBI Director (or the Director's designee). This Security Addendum, appended to and incorporated by reference in a government -private sector contract entered into for such purpose, is intended to insure that the benefits of privatization are not attained with any accompanying degradation in the security of the national system of criminal records accessed by the contracting private party. This Security Addendum addresses both concerns for personal integrity and electronic security which have been addressed in previously executed user agreements and management control agreements. A government agency may privatize functions traditionally performed by criminal justice agencies (or noncriminal justice agencies acting under a management control agreement), subject to the terms of this Security Addendum. If privatized, access by a private contractor's personnel to NCIC data and other CJIS information is restricted to only that necessary to perform the privatized tasks consistent with the government agency's function and the focus of the contract. If privatized the contractor may not access, modify use or disseminate such data in any manner not expressly authorized by the government agency in consultation with the FBI. FEDERAL BUREAU OF INVESTIGATION CRIMINAL JUSTICE INFORMATION SERVICES SECURITY ADDENDUM The goal of this document is to augment the CJIS Security Policy to ensure adequate security is provided for criminal justice systems while (1)under the control or management of a private entity or (2) connectivity to FBI CJIS Systems has been provided to a private entity (contractor). Adequate security is defined in Office of Management and Budget Circular A- 130 as "security commensurate with the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of information." The intent of this Security Addendum is to require that the Contractor maintain a security program consistent with federal and state laws, regulations and standards (including the CJIS Security Policy in effect when the contract is executed), as well as with policies and standards established by the Criminal Justice Information Services (CJIS) Advisory Policy Board (APB). This Security Addendum identifies the duties and responsibilities with respect to the installation and maintenance of adequate internal controls within the contractual relationship so that the security and integrity of the FBI's information resources are not compromised. The security program shall include consideration of personnel security, site security, system security, and data security, and technical security. The provisions of this Security Addendum apply to all personnel, systems, networks and support facilities supporting and/or acting on behalf of the government agency. 1.00 Definitions 1.01 Contracting Government Agency (CGA) - the government agency, whether a Criminal Justice Agency or a Noncriminal Justice Agency, which enters into an agreement with a private contractor subject to this Security Addendum. 1.02 Contractoi - a private business, organization or individual which has entered into an agreement for the administration of criminal justice with a Criminal Justice Agency or a Noncriminal Justice Agency. 2.00 Responsibilities of the Contracting Government Agency. 2.01 The CGA will ensure that each Contractor employee receives a copy of the Security Addendum and the CJIS Security Policy and executes an acknowledgment of such receipt and the contents of the Security Addendum. The signed acknowledgments shall remain in the possession of the CGA and available for audit purposes. 3.00 Responsibilities of the Contractor. 3.01 The Contractor will maintain a security program consistent with federal and state laws, regulations, and standards (including the CJIS Security Policy in effect when the contract is executed), as well as with policies and standards established by the Criminal Justice Information Services (CJIS) Advisory Policy Board (APB). 4.00 Security Violations. 4.01 The CGA must report security violations to the CJIS Systems Officer (CSO) and the Director, FBI, along with indications of actions taken by the CGA and Contractor. 4.02 Security violations can justify termination of the appended agreement. 4.03 Upon notification, the FBI reserves the right to: a. Investigate or decline to investigate any report of unauthorized use; b. Suspend or terminate access and services, including telecommunications links. The FBI will provide the CSO with timely written notice of the suspension. Access and services will be reinstated only after satisfactory assurances have been provided to the FBI by the CJA and Contractor. Upon termination the Contractor's records containing CHRI must be deleted or returned to the CGA. 5.00 Audit 5.01 The FBI is authorized to perform a final audit of the Contractor's systems after termination of the Security Addendum. 6.00 Scope and Authority 6.01 This Security Addendum does not confer, grant, or authorize any rights privileges, or obhgations on any persons other than the Contractor, CGA CJA (where applicable), CSA, and FBI. 6.02 The following documents are incorporated by reference and made part of this agreement: (1) the Security Addendum, (2) the NCIC 2000 Operating Manual; (3) the CJIS Security Policy; and (4) Title 28, Code of Federal Regulations, Part 20. The parties are also subject to applicable federal and state laws and regulations. 6.03 The terms set forth in this document do not constitute the sole understanding by and between the parties hereto; lather they augment the provisions of the CJIS Security Policy to provide a minimum basis for the security of the system and contained information and it is understood that there may be terms and conditions of the appended Agreement which impose more stringent requirements upon the Contractor. 6.04 This Security Addendum may only be modified by the FBI, and may not be modified by the parties to the appended Agreement without the consent of the FBI. 6.05 All notices and correspondence shall be forwarded by First Class mail to: Assistant Director Criminal Justice Information Services Division, FBI 1000 Custer Hollow Road Clarksburg, West Virginia 26306 Texas Signatory Page The undersigned parties agree that the Security Addendum is now a part of the contract between the entities. The parties agree to abide by all requirements of the Security Addendum and the CJIS Security Policy, and it shall remain in force for the term of the contract. Any violation of this addendum constitutes a breach of the contract. To the extent there is a conflict between a confidentiality clause in the underlying contract and the Security Addendum and/or the CJIS Security Policy, the Security Addendum and the CJIS Security Policy shall govern any information covered by the Security Addendum and/or the CJIS Security Policy. (To be signed and dated by the vendor and law enforcement agency representative(s) who signed the original contract, or at least who have authority to bind each entity.) 5asmi0 A4.4l-r0/s Printed Name of Agency Representative 1/1-0 ()C 4sys,*Or &in/ filleM246,57L. Signatu e of Agency Representative Title &711 OF Mei' 00E7a# Agency Name and ORI A1161 LW) Printed Name of Vendor (Contractor) Representative i Signature of Vend(Contractor) Representative n‘i'ex SyS4cn-s Vendor Organization Name OFFICIAL RECORD CITY SECRETARY Ft WORTH, TX Date APPROVED AM LEGALITY: Ca 4 Male$hia 2.tiess=ait Senior 444,01:Laut City Attorney H&C: Nic ....1 Date Approved: ye Title $I»l1s Date • • - in • , . .. .O City Secretazy,. M&C Review ca steo a iyo o vo exas: O.UNCILIQ►GENDA .. COUNCIL ACTION: Approved As Amended on 11/5/2013 DATE: 11/5/2013 NO ERENCE C-26551 LOG 04TECHNOLOGY STAFFING AND NAME: PLACEMENT SERVICES MULTIPLE AWARD CODE: C TYPE: NON PUBLIC NO CONSENT HEARING: SUBJECT: Ratify Expenditures in the Amount of $7,473.00 and Authorize Execution of Professional Services Agreements for Technology Staffing and Placement Services with Apex Systems, Inc., Kforce Inc., Sentari Technologies, Inc. and TEKsystems, Inc., Using Multiple Texas Department of Information Resources Contracts for the Information Technology Solutions Department in the Combined Aggregate Amount of $3,142,630.00 on an Annual Basis (ALL COUNCIL DISTRICTS) RECOMMENDATION: It is recommended that the City Council authorize the City Manager to ratify expenditures in the amount of $7,473.00 and authorize the execution of Professional Services Agreements for Technology Staffing and Placement Services, using multiple Texas Department of Information Resources contracts with Apex Systems, Inc., using DIR-SDD-2274 with Kforce Inc., using DIR- SDD-2337 with Sentari Technologies, Inc., using DIR-SDD-2385 and with TEKsystems, Inc. using DIR-SDD-2367 for the Information Technology Solutions Department in the combined aggregate amount of $3,142,630.00 on an annual basis DISCUSSION: The purpose of these Professional Services Agreements (Agreements) is to allow the Information Technology Solutions (ITS) Department and other City departments to have Agreements in place for staff augmentation to assist in the development and implementation of technology projects and to use as temporary backfills for staffing vacancies. These projects would include, but are not limited to: Public Safety Radio Communications System Upgrade; Radio Tower Replacement Project; Software package installation and implementation - i.e., e-mail archiving system, Windows 7, etc.; and Migrations of unsupported database versions to the most recent and supported version of MS SQL Server database. Funds are included in the approved operating and capital budgets of the specific projects. Texas Department of Information Resources (DIR) is authorized to offer the Cooperative Purchasing Program to state agencies, public institutions of higher learning, public school districts and local governments. Pursuant to state law, a local government that purchases goods or services under the Interlocal Cooperation Act satisfies otherwise applicable competitive bidding requirements. MIWBE OFFICE A waiver of the goal for MBE/SBE subcontracting requirements was requested by the IT Solutions Department and approved by the MIWBE Office, in accordance with the MIWBE or BDE Ordinance, because the purchase of goods or services is from sources where FORT WORTH httpa/apps.cfwnet.org/councilpacket/me review.asp?ID=19039&councildate=11/5/2013[8/19/2014 2:11:19 MI] M&C Review subcontracting or supplier opportunities are negligible. AGREEMENT TERMS - Upon City Council approval, these Agreements shall be authorized for a combined aggregate amount of $3,142,630.00 annually Each Agreement shall begin on November 6 2013 and expire on the dates indicated below to coincide with the expiration dates of the respective cooperative DIR contracts. All of the Agreements will be non-exclusive and services will be provided by the vendors based on the City's staffing needs and the availability of qualified vendor resources. No specific amount is guaranteed for either Agreement. VENDOR CONTRACT AUTHORIZED COOPERATIVE NUMBER CONTRACT AGREEMENT -*MOUNT END DATE Apex Systems, Inc. DIR-SDD-2274 I $ 571,315.00 8/28/2014 Kforce, Inc. DIR SDD 2337 I $ 571,315.00 8/07/2014 Sentari Technologies, Inc. DIR-SDD-2385 I $1,O00,000.00 8/07/2014 TEKsystems, Inc. DIR-SDD-2367 ( $1,000,000.00 9/03/2014 RENEWAL OPTIONS - Each Agreement may be renewed for up to two additional one year terms at the City's option, in accordance with the terms established in the contracts between DIR and the individual vendor. This action does not require specific City Council approval provided that the City Council has appropriated sufficient funds to satisfy the City's obligation during the renewal term. ADMINISTRATIVE AMENDMENT - An administrative amendment or increase may be made by the City Manager in the amount up to $50,000.00 for each Agreement and does not require City Council approval as long as sufficient funds have been appropriated. FISCAL INFORMATION/CERTIFICATION: The Financial Management Services Director certifies that funds will be available in the Fiscal Year 2014 operating budgets and cap'tal budgets, as appropriated, of the Information Systems Fund, Information Systems Capital Projects Fund, General Fund and Stormwater Utility Fund. TO Fund/Account/Centers FROM Fund/Account/Centers P 168 539120 0043010 P 168 539120 0045021 P I68 539120 0043020 P 168 539120 0045000 P I68 539120 0045010 P 168 539120 0045030 P 168 539120 0048001 P I68 539120 0048002 P251 539120 041030173580 P E69 539120 0209000 GG01 539120 0135010 C296 539120 0131030136180 GG01 539120 0141000 P I68 539120 0046020 $598.890.00 $1.646.748.00 $6.474.00 $114.167.00 $334.231.00 $190.669.00 $452 145.00 $157,021.00 $214.979.00 $251.690.00 $167.186.00 $100.942.00 $400.000.00 $83.173.00 http:/Lapps.cfivnet.org!council packet/me review.asp?ID=19039&councildate=11/5/2013[8/19/20142:11:19 PM] M&C Review Submitted for City Manager's Office by: Susan Alanis (8180) Oriainatina Department Head: Peter Anderson (8781) Additional Information Contact: Mai Tran (8858) ATTACHMENTS http://apps.cfivnet.org/council packet/mc_review.asp?1D=19039&councildate=11/5/2013[8/I9/2014 2:11:19 PM] Agency Identification Agency &_7'�te ©F lzT u�o2 Agency Address /000 mgoC k mvert City 00477/ - e Agency Repr sentative Title and name / 5 , 5/5 ✓ 7- Phone Number 211- a9a - 8/ 390 Email address ORI pr7k /e au-) tin/ /i?grri &`72. Fax Number Z a4s • A--1-x)iss i 1 oD-Ti-f A-5. 6°U Contractor Identification Company Name APEX SYSTEMS INC Company Address 669 AIRPORT FREEWAY. SUITE 410 City HURST Contractor Representative (Title and Name) CHELSEA KNEE APEX ACCOUNT MANAGER Phone Number 682-432-1400 Email address ckneeaaoexsystemsinc.com State TX Fax Number 682-432-1401 Submit hard copies and any applicant finger print cards to: Via USPS: Texas Department of Public Safety CJIS Security Office \ Information Technology P 0 Box 4143 MSC 214 Austin, TX 78765 4143 Zip 76053 Via overnight carrier: Texas Department of Public Safety CJIS Security Office \ Information Technology 5805 N. Lamar, Bldg. G Austin, TX 78752 Email can be sent to: Securitv.Committee a,txdbs.state.tx.us Main office number is: (512) 424-5686 Parties may use the following Security Addendum with the Texas Signatory Page or, in their contract, choose to incorporate the Security Addendum by reference. If the Addendum is incorporated by reference into the contract, a copy of the contract must be provided to the TX DPS CJIS Security Office.