HomeMy WebLinkAboutContract 28416CIiY �f�C��ii4�Y '� C� � i �
��o��ss����e� ���v«�� �������n�-��t���A�� r� . ��_
This PRaFESSIONAL SERVICES AGREEMENT ("Agreement") is made and
entered into by and between the �l fY O� �O�T l�R��RTH (#he "Cit�'), a home rule
municipal corporation situated in portians of Tarranf and Denton Caunties, Texas,
acting by and through Charles Boswell, its duly authorized Assistant City Manager,
and S�CUFtE C�11�1�11�RC� SYSiJ�NYS ("�onsuli�an�°') a Texas corpvration and
acting by and through I� "� - , its duiy auihorized
1. SCOP� O� S��V1C�5.
Consultant hereby agrees to provide the City with professional consulting
services addressing City network security, including fhe strategy for fihe �erielopment
of an. appropriate and effecti�e security �oficy. The specifics of the ser�ices to be
provided are described in detail in Exhibi� A"Statement of Work," atfached hereto and
incarporated for al� purposes. In the e�ent of conflict between the Exhibit and this
Ag�eement, the terms of this Agreement shall contral.
�. Yl��lt�.
This Agreement shall commence upon the date that bot� �he City and Consultant
ha�e executed this Agreement ("Effective Date") and shal{ continue in full force and
effect until terminated in accordance with #he pro�isions of this Agreement or when the
City provides Consultant with written nofice that Consul#ant has fulfilled its obliga#ions
under this Agreement and fhat Cansul�ant's services are no ionger required.
3. CO!l�PENSi4`�I�IV.
The City shall pay Consu[tant an amount r�ot fo exceed $24,500.00 plus
expenses per Exhibit D1 in accordance with the pro�isions of this Agreement.
Consultant shall not p�rForm any additional services far the City not spec�fied by this
Agreement unless the City requests and approves in writing the additional costs for
such services. The City shafl not be liable far any additional expenses of Consultant
not specified by this Agreemen� unless the City first approWes such expenses in wrifing.
4. ���II�IiV�iI�R�.
4.1. Written Notice.
The City or Consultant may terminate this Agr�ement at any time and for
any reason by its providing fhe other party with 30 days` writfen notice of
termination.
� �� �Illr'�II 1if�"�� I�'�� ■
rl � V
. T� �
4.2 Non�apqropriation of Funds.
In fihe e�ent no funds or insufficient funds are appropriated �y the City in
any fEscal period for any payments due hereunder, City wilf notify Consultant of
such occurrence and this Agreement shall terminate on the last day of th� fiscal
period for which appropriations were received without penalty or expense to the
City of any kind whatsoe�er, except as to the portions of the payments herein
agreed upon for which funds shafl be been appropriated.
4.3 Duties and Obfic�ations of the Parties.
In the event that this Agreement is terminated prior to the Expiration
Date, the City shall pay Consultant for services actually rendered as ofi the
effective date of termination and Consultant�shall continue to provide fihe City
wi#h services requ�sted by the City and in accordance with this Agreement up
to the effecti�e date of #ermination.
�. DiSCLOSUFtI� O� C�N�'�I��'� Af�� CONFID�IVTIAL IfV�Q�tIM�/��I�PI,
Consultant hereby warrants to the City that Consultant has made full disclosure
in writing of any existing or potential conflicts of interest related to Consultant's
services and proposed services with respect to the Scope of 5ervices. In the event
thaf any conflicts of rnterest arise after the Effecti�e Date of this Agreement,
Consultant hereby agrees immediately ta make full disclosure fo the City in writing.
Consultant, for itself and its officers, agents and employees, further agrees fhaf it shall
�reat all information pro�ided to it by the City as confidential and shall nof disclose any
such information to a third party without the prior written approval of the City.
6. IND���fV�I�Ni ��fV����O�.
li is expressly understood and agreed that Consultant shall operate as an
independen� contractor as to alf rights and privileges granted herein, and not as agent,
representative or employee of the City. Subject to and in accordance with fhe
conditions and provisions of t�is Agreement, Consultanf shall have the exclusi�e right
to cantrol the details of its operations and activiiies and be solely responsi�le for the
acts and omissions of its officers, agents, servants, employees, contractors and
subcontractors. Consultant acknowledges that the doctrine of respondeat superior
shall not apply as between the City, its officers, agen�s, servants and employees, and
Consultant, its officers, agents, employees, servants, contractors and subcontractors.
Consultant further agrees that not�ing herein shall be construed as the crea#ion of a
partnership or joint enterprise between City and Consultant.
7. LI�►�I�I�Y �►iV� [N���i�[�IC,�iI�R�.
CONSUL7ANT SHALL BE LIABLE AND RESPONSIBLE FOR ANY AND ALL
PROPERTY LOSS, PROPERTY DAMAGE ANDIOR PERSONAL INJURY,
INCLUDING DEATH, TO ANY AND ALL PERSONS, OF ANY KIND DR CHAR,4CTER,
WHETHER REAL OR ASSERTED, TO THF EXTENT CAUSED BY THE NEGLIGEIVT
ACT(S) OR OMISSION(5), 14/IALFEASA11lCE OR lNTENTIONAL MlSC4NDUCT OF
CONSULTANT, ITS OFFICERS, AGENTS, SERVANTS OR EMPLOYEES.
COIVSULTANT COVEIVANTS AND AGREES TO, AND DOES HEREBY,
INDEMNIFY, H�LD HARMLESS AND DEFEND THE CITY, !TS OFFICERS,
AGENTS, SERVANTS AND EMPLOYEES, FROM AND AGAINST ANY AND ALL
CLAIMS OR LAWSUI7S FOR EITHER PROPEfr'TY DAMAGE OR L�SS
(lNCL,UDING ALLEGED DAMAGE OR L.OSS TO CONSULTANT`S BUSINESS �INU
ANY RESULTING LOST PROFITS) ANDIOR PERSONAL INJURY, INCLUDING
DE�1 TH, TO ANY AND ALL PERS�NS, OF ANY KIND OR CHARACTER, WNETHER
REAL OR ASSERTED, ARISING OUT OF OR IN CONNECTION W1TH TH15
AGREEMENT, TO 7NE EXTENT CAUSED BY THE NEGLIGENT ACTS OR
OMISSI�NS OR MALFEASANCE OF CONSULTANT, ITS OFFICERS, AGENTS,
SER1/ANTS OR EMPLOYEES.
8. �15SICN��IV� �e9� S�I�CO[dT�4C�1NC�.
ConSulfiant shall not assign ar subcontract any of its duties, obligations-or rights
under this Agreement without the prior written consent of the City. If the City grants
such consent, the assignee or subeontractor shall execute a written agreement with the
City under which the a�signee or subcontractor agrees to be batand by fhe duties and
obligations of Consu[tant under this Agreement.
9. ��IR��LIANC� 11VI�H ��l�S. �RDIiVAIVC�S, �[J��S �ND R�CULi4�18N�.
Consultant agrees ta comply with all federal, sfiate and local laws, ordinanees,
rules and regulations. If the City notifies Consultanf of any. �io[ation of such laws,
ordinances, rules or regulatians, Consultant shall immediafely desist �rom and corr�ct
the violation.
� a. n�o�-�is��i�i����vr� �o��n��n��.
Consultant, for itself, its personal representatives, assigns, subcontractors and
successors in interest, as part of the considera�ion herein, agrees that in the
performance of Cansultant's duties and obligations hereunder, it shall not discriminate
in the #reatment or em�aloyment of any individual or group of indi�iduals on the basis of
race, color, national origin, refigion, handicap, sex, or familial status. If any claim arises
from an alleged �iolation of this non-discriminafion co�enant by Consultant, its personal
representatives, assigns, subcontractors or successors in interest, Consuitant agr�es to
assume such liability and to ind�mnify and defend the City and hold the City harmless
from such claim. '
1 � . PIO�I���.
Natices required pursuant ta fihe provisions of this Agreement shall be
conclusively determined fo have been delivered when (1) hand-delivered to the other
party, its agents, employees, servants or repr�sentatives, (2) delivered by facsimile
with electron�c canfirmation of ihe transmission, or (3} recei�ed f�y the other party by
United Stat�s Mail, registered, re�urn receipt reques�ed, addressed as fallows:
To THE CITY:
Ci�y of Fort WorthljT Soiutians
10p0 Throckmorton
Fort Worth TX 76102-6311
Ta G�NSULTANT:
Secure Commerce Systems, Inc,
17225 EI Camino Real, Suite 340
Houston, TX 77�58
Facsimile: (817) 87'f-8654
1a. SO�ICIi��IOR! D�' �flA�LOY��S.
Facsimile: (281 } 286-2607
Neith�r the City nor Consultanf shall, during the ierm of this agreement and
additionafly a period of one year after its termination, solicit for employment or employ,
wh�ther as employee or independent contractor, any p�rson who is or has been
employed by the other during the term of this agreement, without the prior written
consent of the person's employer.
'93. C�BV��Pl��R�iA� �O'V�l�F��.
]t is understood and agreed #hat by execution of �his Agreement, the City do�s
not waive or surrender any of its ga�ernmental powers.
� 4. REO 1�N1�►IV��.
Tl�e failure of the City or Consultant ia insist upon the performance of any term
or pro�ision of this Agreement or to exercise any right granted herein shall nofi
constitute a waiver of t�e City's ar Consultant's respecti�e rigF�t .to insist upon
appropriaie performance or to assert any such right an any future occasion.
1 �. CORlSTRUCiI�R�.
This Agreement shall be construed in accordance with the internal laws of the State of
Texas. If any action, whefher real or asse�ted, at law or in equity, is brought on the
basis of this Agreement, venue for such action shalf lie in state courts located in Tarrant
Gounty, Texas or fihe United States District Court for the Northern District of Texas, Fork
Wor�h Divisian.
7C. 5�1/��4�I�I�Y.
If any provision of this Agreement is held to be invalid, illegal or unenforceable,
the �alidity, legality and enforceability of the remaining provisions shall not in any way
be a�Fected ar impaired.
1!, FOI�CI� f�➢AJI�UFt�.
The City and Consultant shall exercise their best efforts to meet their res�ec#ive
duties and obligations as set forth in this Agreement, but shall not be held liable for any
deiay or omission in perFormance due to force majeure or other causes beyond t�eir
reasonable control, inc�uding, but r�ot limi#ed to, compliance with any go�ernmeni law,
ordinance or regulation, acts of God, acts of amissior�, fires, strikes, fockouts, national
disasters, wars, riots, material or labor restrictions by any governmental authority,
transportation �roblems andlor any other similar causes.
18. HI��aDIfVGS iVO� �BiV��O��IN�.
Headings and fitles used irt this Agreement are for reference purposes only and
shall not be deemed a part of this Agreement.
19. �RliI���Y O� AGR����R�i.
This Agreement, including the schedule of exhibits attached hereto and any
documents incorporated herein by refere�ce, contains the entire understanding and
agreement befiween the Gity and Consultant, th�ir assigns and successors in interesi,
as to the matters contained herein. Any prior or contemporaneous oral or written
agreement is hereby declared null and void to fihe extent in conflict with any pro�ision
of this Agreemenf.
IN WITNESS WHEREOF, the parkies hereto F�a�e exeeuted this Agreement .in
multiples this , _ � � day af �� ", , 2003.
CITY OF FORT 1NORTH: SECURE COMMERCE SYSTEMS,
INC.
By:
Charles R. Boswell
Assistant City Manager
ATTEST:
� -
By: ���c � / ; ` ..s.,�.,.
City�S�cretary ,
�
APPROVED AS TO FORM AND
LEGALITY:
B ;; � ��
Y�
(name)
(title) . . r -
ATTEST:
:
t
.� ��. �
Assi�ant �fy Attorney
������� �--�. o . _
Con�raet �utharix�'����
_. _ .
_ _ _-. �ru� .��.��__. ,
.�_--==--- — -
����
i 1
�
• l+ I
!� �I ,
l�Xbl�l� A
Statement of Work
Secure Commerce Systems is pleased to propose assistance to �he City of Fort Worth
in addressing the recommendations made in the security vulnerability assessment
repor�. This proposal is �ased on the "Network Security & Vulnerability Assessment
Report, " da�ed D�cember 16, 2002; a re�iew of the City of Fort Worth n�iwork; and
Secure Commerce Systems' �xpert knowledge and experience wifh BS 7799, ISD
17799, Department of Homeland Defense, "The National Strategy to Secure
Cyberspace"- Best Practices, and other standards appiicable to the City of Fort Worth.
A. Scope of Work
Under the scope of #his agreement, Secure Commerc� Systems will pro�ide to the City
of Fort Worth senior technical consulting services, both on-site at the City of Fort Worth
and remo�ely �ia e-mail and �elephone, for t�e development of strategies for:
� Resolutron of n�twark security �ulnerabilities identified in the assessment report
� Security policy de�elopment and implementation
The scope for these senior technical consulting services will include the information
systems administered by the IT Solutions Depar�ment of the City of Fort Wor�h. Many of
these systems are centrally focated at City Hall, f�ut not a!I are located in the lT
Salutions computer room.
Secure Commerce Systems' information security support will begin fio address dafa
collection and programmatic multi-year planning for securifiy programs that wi[I be
required to bring tf�e City of Fort Worth information tec�nolagy from a Level 2 to a Level
4 assurance rating. Such programmatic p[anning wifl include:
� Security Architecture Improvements
O Internal access eontroi {firewalls and intrusian detection systemsj
O Internet remote access (VPN) authentication
O Dial-In remote aceess
� Incident Respanse Capability
O CER T team creation �
O Security awareness program
O Information security intranet web site
� Security Management System
O Log collection from critical servers, routers, firewalls, IDS, and anti-virus
O Evenfi correlation and heuristic analysis
O Multiple redundant event suppression
O Evenf notification and escafatio�
An objecti�e of this planning is to begin working with City of Fort Worth IT personnel to
de�elop an accurate information security sfirategy to address the concerns raised in the
security �ulnerability assessment report. This pianning will provide engineering support
far a three-year security pragram that wilf include budget estimat�s and resource
loaded schedules. All of this wor�t cannat be accomplished in the scope of this
proposal, �ut if will be the goal of the security staff augmeniation over the next few
months. This proposal is anticipated to make tangible progress on the first two bullets
and fio address the remaining bullets over the next few months.
�4. 9. �trategy for �esolufion o� �iscovered Vulnerabiliiies
The security �uEnerability assessment report delivered to the City of Fort Worth
recommended that th� high and medium risk ��fnerabilities that wer� iden�ified be
resolved as quickly as possible.
Secure Commerce �ystems proposes to assist fihe City of Fort Warth in the
development of a strategy for remediation of the �ulnerabilities. This strategy will
include a sc�edufe ofi steps that need to be taken as well as a description of whtat is
required for each step. This strategy will �alce into accoun� a number of issues such as:
� Identification of high risk vulnerabiGt�es and mission critica[ computing resources
Prioritizatian of the �ulnerabilities based on the se�erity ofi risic and the
importance of tf�e affect�d resaurce
o Identification and procurement of patches, updates, or upgrades needed for
v�lnerability remediation
o Identification of automated tools to facilitate vulnerability r�meciiation efforts
• Identification of system administration staff required for fhe �ulnerabilify
remediation efforts
• ldentificatian of resources availa�le for fiesting of patches, updates, or upgrades
� ldenfification of good and bad time periods for making changes to �ulnerab[e
sysfems
� Identification of any Change Manag�ment and Change Con�rol procedures tha�
should be followed or changed as needed to meet best practic�s
�.2 5trafegy for �ecurity Policy Developmeni and Implemenfa�ion
The security vulnerability assessment report defivered to the Ciiy of Fort Worth
recommended an imm�diate review of the City of Fo�t Worth's �olicies on 1T security. ft
recommended that one centralized security policy be iden�ified or created and that this
policy be re�iewed and formally adopted by all City deparkments. The adopted paCicy
would supercede all departmenfal security guidelines #hat are afready in place and
should be endorsed �y the Mayor, City Manager, and City Council
Secure Commerce Systems proposes to assist t�e City of Fort Worth in the
development of a sfirategy fior the implementation of a centralized security policy
documen# that will meet the specifiic operational, business, and political requirements of
the City of Fort Workh. Per the wishes of the Cifiy of Fort Workh, Secure Commerce
Systems proposes to pe�Form the following work:
� Review the City af Fort Warth Administrati�e Regulatians 0-5, D-6, D-7, and D-8
and benchmark against other security policies in particular ISO 17799
� De�elop a template securi#y policy document based on the Administrative
Regulations
• De�elop a lis# of security policy ifiems that are not addressed by the
Administrati�e R�gula�ions and tF�at need action to develop
• Ideniify ISO, NIST, and other standards that address some of the security policy
items not addressed by the Administrative Regulations
� Develop a strategy for completion and approual of the template security plan that
includes a schedule of steps that need to be taken and a description af what is
required for each step
�.
�eliverables
Under the scope of this agreement, Secure Commerce 5ystems will deliver to t�e City
of Fort Worth the �Follouving work products:
� Network securify vulnerability remediation strategy documenf
� Security policy temp[ate document
� Security policy completion and approval strategy document
C. Cifiy of �ort 1dVorth Resp�nsibilifiies
The City of Fort Worth will identify and make a�ailable the necessary personnel and
documentation to provide the relevant information necessary to perform the specified
assessmenfi work.
The City of Fort Worth will pro�ide o�fice space, supplies, and telecommunications
facilities as required during on-site wori�.
D. Staff and Fees
Barry Di[ler and Keith Hayes will be the security consultants for this project, each wi�h a
$'� 75.00 fee rate per hour.
2
Strategy for resoiution of network sectrrity
�u[nerabilities
Strategy far securi#y policy de�elopment and
implementation
Totai, not includinc� expenses
S� $14,000
60 $10,�00
$24,500
Secure Cammerce Systems is a 5tate of Texas Qualified Information Systems Vendor
(QISV), number 176D694594100.
�.9 �xpenses
Professional fees do not include travei and li�ing casts. Actual travel and li�ing
expenses incurred by Secure Commerce Sysfems consultants will be passed on to the
City of Fort Worth for reiml�ursement under the terms of �his agreement. Secure
Commerce Systems strives to reduc� travel expenses on behalf of its clients.
�.2 Schedule
Secure Commerce System's consultants �re ready ta begin work the week of January
27th, 2003 and require a 1-week notice in advance.