HomeMy WebLinkAboutContract 53198-R5CSC No. 53198-R5
CITY OF FORT WORTH
CONTRACT RENEWAL NOTICE
November 15, 2024
Weaver and Tidwell LLP
Attn: Legal Department
24 Greenway Plaza, Ste 1800
Houston, Texas 76046
Re: Contract Renewal Notice
Contract No. CSC No. 53198 (the "Contract")
Renewal Term No. 5 of 5, December 10, 2024 to December 9, 2025
The above referenced Contract with the City of Fort Worth expires on December 9, 2024
(the "Expiration Date"). Pursuant to the Contract, contract renewals are at the sole option of the
City. This letter is to inform you that the City is exercising its right to renew the Contract for an
additional one (1) year period, which will begin immediately after the Expiration Date. All other
terms and conditions of the Contract remain unchanged. Please return this signed
acknowledgement letter, along with your quote for charges for the new renewal term, and
current insurance certificate, to the address set forth below, acknowledging receipt of the
Contract Renewal Notice.
To ensure that your company information is correct and up-to-date, please log onto
PeopleSoft Purchasing at htti)s://www.fortworthtexas.2ov/departments/finance/purchasing.
If you have any questions concerning this Contract Renewal Notice, please contact us at
the email address listed below.
Sincerely,
City of Fort Worth
IT Solutions I Finance I Contracts
100 Fort Worth Trail
Fort Worth, TX, 76102
zz IT Finance Contracts(afortworthtexas.Rov
OFFICIAL RECORD
CITY SECRETARY
FT. WORTH, TX
Contract Renewal Page 1 of 2
[Executed effective as of the date signed by the Assistant City Manager below.] / [ACCEPTED
AND AGREED:]
City:
By:
\-44911K �`
Name:
Mark McDaniel
Title:
Deputy City Manager
Date:
12/02/2024
Weaver and Tidwell LLP
By: V
Name:
Title: I
Date: 11 /ZS/
/ /
CITY OF FORT WORTH INTERNAL ROUTING PROCESS:
Approval Recommended:
By:
Name:
Kevin Gunn
Title:
Director, IT Solutions
Approved as to Form and Legality:
By: Michael Anders (Dec 2, 202414:50 CST)
Name: Hye Won Kim
Title: Assistant City Attorney
Contract Authorization:
M&C: 24-0699
Approval Date: 09/06/2024
Form 1295:2024-1186402
Contract Compliance Manager:
By signing I acknowledge that I am the person
responsible for the monitoring and administration
of this contract, including ensuring all performance
and reporting requirements.
By: Sudong Lee (Nov 27, 202411:44 CST)
Name: Sudong Lee
Title: Sr. IT Solutions Manager
City Secretary: 4�FOR>°9B,
dv� oo,00000,N,0
By:
aa¢nn�64g44
Name: Jannette Goodall
Title: City Secretary
OFFICIAL RECORD
CITY SECRETARY
FT. WORTH, TX
Contract Renewal Page 2 of 2
City of Fort Worth - PCI SAID Services
City of Fort Worth PCI Services Estimate for PCI SAQ Services
Roles
Weaver: Perform testing over the applicable requirements and provide a completed SAQ-D and AOC for the Courts payment
channel.
City: Review of the SAQ-D and AOC, provide the requested documentation, and be available for walkthroughs.
Requirement Scope
Courts payment channel: Requirements outlined in the SAQ A are in -scope.
Activity:] Estimate
Courts Payment Channel =
Firs
Fee
Planning / Proj Mgmt
25
$
6,125
Fieldwork Execution & SAQ Population
65
$
15,925
Review / Reporting / Issuance
30
$
7,350
Courts Payment Channel Total
120
$
29,400
Invoicing:
Fees will be invoiced in three (3) installments throughout the engagement. Invoices will be for the following amounts:
1. Installment 1: $9,800
2. Installment2: $9,800
3. Installment3: $9,800
SAQ Services Assumptions:
1. City will provide accurate data/network flow diagrams and system and device inventories prior to the issuance of a Document
Request List from Weaver.
2. Initial requests for documentation or evidence for testing will be fulfilled within 15 business days (e.g. populations, inventories,
policies, etc.). Subsequent requests for information (e.g. samples for testing, clarifications on previous requests) will be
responded to within 3 business days. All initial requests are provided prior to the start of fieldwork.
3. For the Courts payment channel the applicable SAQ-A requirements will be evaluated and documented with the SAQ-D. See
highlighted green cells in column G of the "Requirement Type Summary' tab for the applicable requirements.
4. The City has reviewed all "in -scope" requirements in the table "Requirement Type Summary' and agrees that the applicable
requirements are In -Place and documented evidence can be made available to demonstrate it as such.
5. For the payment channel the following assumptions were made to identify the applicable requirements:
• No cardholder data is retained or stored. All cardholder data is encrypted at the Point of Interaction (POI) or Point of
Sale (POS) and the City only retains tokenized transaction information received from the processor.
• All applications are off the shelf and no custom code development is performed for the CDE.
• SSL and early TLS are not utilized for encryption.
6. The city has performed scans of their networks and systems for cardholder data and can provide documentation
demonstrating no cardholder data exists.
7. Issues identified in prior assessments have been remediated and in place for any required periods of time.
8. All "in -scope" requirements in the table "Requirement Type Summor/' have been implemented, requiring multiple rounds of
follow-up between the City and Weaver.
9. Provided documentation is accurate or fully addresses the request or requirement.
This estimate is dated November 15, 2024 and is valid through May 31, 2025.
weaver
City of Fort Worth - PCI SAQ Services
City of Fort Worth PCI Services Estimate for PCI SAQ Services
Roles
Weaver: Perform testing over the applicable requirements and provide two completed SAQ-D's and AOC's for Water and City
payment channels.
City: Review of the two SAQ-D's and AOC's, provide the requested documentation, and be available for walkthroughs.
Reauirement Scooe
Non -water payment channel: Requirements outlined in the SAQ P2PE are in -scope.
Water payment channel: 264 Requirements based on the assumptions outlined below and in the "Requirement Type Summary" tab.
of Fort Worth PCI Services Estimate for PCI SAQ
Payment Channel
Hrs
Estimate
Planning / Proj Mgmt
25
$
6,000
Fieldwork Execution & SAQ Population
55
$
13,500
Review / Reporting / Issuance
35
$
8,500
Non -Water Payment Channel Total
$
28,000
(Water Payment Channel
Fee
Planning / Proj Mgmt
40
$
9,750
Fieldwork Execution & SAQ Population
100
$
24,500
Review / Reporting / Issuance
40
$
9,750
Water Payment Channel Total
180
$
44,000
SAQ Services Total:
72,000
Invoicing:
Fees will be invoiced in three (3) installments throughout the engagement. Invoices will be for the following amounts:
1. Installment]: $24,000
2. Installment2: $24,000
3. Installment3: $24,000
SAQ Services Assumptions:
1. City will provide accurate data/network flow diagrams and system and device inventories prior to the issuance of a Document
Request List from Weaver.
2. Initial requests for documentation or evidence for testing will be fulfilled within 15 business days (e.g. populations, inventories,
policies, etc.). Subsequent requests for information (e.g. samples for testing, clarifications on previous requests) will be
responded to within 3 business days. All initial requests are provided prior to the start of fieldwork.
3. For the Water payment channel the applicable SAQ-D requirements will be evaluated and documented with the SAQ-D. See
highlighted green cells in column E of the "Requirement Type Summary tab for the applicable requirements.
4. For the City payment channel that encrypts cardholder data at the point of interaction and can only be decrypted by the
processor, the applicable requirements outlined in the SAQ-P2PE will be evaluated and documented with the SAQ-D. See
highlighted green cells in column F of the "Requirement Type Summary'tab for the applicable requirements.
5. The City has reviewed all "in -scope" requirements in the table "Requirement Type Summary' and agrees that the applicable
requirements are In -Place and documented evidence can be made available to demonstrate it as such.
6. For both payment channels the following assumptions were made to identify the applicable requirements:
• No cardholder data is retained or stored. All cardholder data is encrypted at the Point of Interaction (POI) or Point of
Sale (POS) and the City only retains tokenized transaction information received from the processor.
• All applications are off the shelf and no custom code development is performed for the CDE.
• SSL and early TLS are not utilized for encryption.
7. The city has performed scans of their networks and systems for cardholder data and can provide documentation
demonstrating no cardholder data exists.
8. The Water cardholder data environment is fully segmented from other networks and systems.
9. Issues identified in prior assessments have been remediated and in place for any required periods of time.
10. All "in -scope" requirements in the table "Requirement Type Summary' have been implemented, requiring multiple rounds of
follow-up between the City and Weaver.
11. Provided documentation is accurate or fully addresses the request or requirement.
This estimate is dated November 15, 2024 and is valid through May 31, 2025.
weaverr> -
ACITY COUNCIL AGEND
Create New From This M&C
DATE: 8/27/2024 REFERENCE **M&C 24- LOG NAME:
NO.: 0699
CODE: C TYPE: CONSENT PUBLIC
HEARING.
Official site of the City of Fort Wort , Texas
FoRTWoRn
04PAYMENT CARD
INDUSTRY AUDIT WEAVER
AND TIDWELL
Rej
SUBJECT: (ALL) Authorize an Amendment to City Secretary Contract No. 53198 with Weaver and
Tidwell, LLP to Increase the Annual Contract by $50,000.00 for a Recurring Total Annual
Contract Not to Exceed $150,000.00 for the State of Texas Required Annual Payment
Card Industry Audit for the Information Technology Solutions Department, and Authorize
an Additional One -Year Renewal Term Option
RECOMMENDATION:
It is recommended that the City Council authorize an amendment to City Secretary Contract No.
53198 with Weaver and Tidwell, LLP to increase the annual contract by $50,000.00 for a recurring
total annual contract not to exceed $150,000.00 for the State of Texas required Annual Payment Card
Industry Audit for the Information Technology Solutions Department, and authorize an additional one-
year renewal term option.
DISCUSSION:
On December 10, 2019, the City of Fort Worth entered into City Secretary Contract, (CSC), No.
53198, a Vendor Services Agreement with Weaver and Tidwell, LLP to provide the City with Payment
Card Industry, (PCI), Qualified Security Assessor Services and audit the Information Technology
Solutions (ITS) Department and how the City of Fort Worth processes credit card payment made by
residents, customers, and clientele throughout several departments, as required each year by the
State of Texas, to validate the City of Fort Worth's adherence to the Payment Card Industry, (PCI),
compliance.
The firm selected is required to be a Qualified Security Assessor (QSA) that has been certified by the
PCI Security Standards Council, and the certification must be in accordance with the processing
bank's requirements. Weaver and Tidwell, LLP is a licensed, experienced auditing firm with certified IT
and Accounting professionals.
This Mayor and Council Communication (M&C), requests authorization to amend CSC 53198 to
increase the annual amount of the contract by $50,000.00 for the new recurring annual total of
$150,000.00, for the Annual PCI Audit and add a one-year term renewal option.
A Chapter 252 exemption form, related to these professional services, was approved by the City
Attorney's Office.
AGREEMENT TERM - Upon City Council's approval, this Amendment will begin once executed by the
Deputy City Manager and end December 9, 2024.
RENEWAL OPTIONS - This agreement may be renewed for one successive one-year term at the
City's option. This action does not require specific City Council approval provided that the City Council
has appropriated sufficient funds to satisfy the City's obligations during the renewal term.
ADMINISTRATIVE CHANGE ORDER: An administrative change order or increase may be made by
the City Manager up to the amount allowed by relevant law and the Fort Worth City Code and does not
require specific City Council approval as long as sufficient funds have been appropriated.
DVIN: This project was approved for a waiver per the Chapter 252 exemption, as a sole source by the
Legal Department. Therefore, the business equity goal requirement is not applicable.
Funding is budgeted in the Other Contractual Services account within the Grants Capital Projects
Federal Fund for ARPA ITS initiatives project for the IT Solutions Department.
FISCAL INFORMATION/CERTIFICATION:
The Director of Finance certifies that funds are available in the current capital budget, as previously
appropriated, in the Grants Cap Projects Federal Fund for the ARPA ITS initiatives project to support
the approval of the above recommendation and execution of the contract. Prior to any expenditure
being incurred, the Information Technology Solutions Department has the responsibility to validate the
availability of funds.This is a reimbursement grant.
TO
Fund Department Account Project Program Activity Budget Reference # Amount
ID ID Year (Chartfield 2)
FROM
Fund Department Account Project Program Activity Budget Reference # Amount
ID ID Year (Chartfield 2)
Submitted for City Manager's Office by_ Mark McDaniel O
Originating Department Head: Kevin Gunn (2015)
Additional Information Contact: Donlen Ruffin (2017)
ATTACHMENTS
Approved & Sianed Waiver.pdf (CFW Internal)
FID Table PCI Audit.XLSX (CFW Internal)
Form 1295 Certificate 101233108 Sianed.pdf (CFW Internal)
Funds Availabilitv 7-18-24.docx (CFW Internal)
SAM.pdf (CFW Internal)