The URL can be used to link to this page

Home My WebLink AboutContract 29349 � CITY ONTRACTETARY No,, PROFESSIONAL SERVICES AGREEMENT This PROFESSIONAL SERVICES AGREEMENT ("Agreement") is made and entered into by and between the CITY OF FORT WORTH (the "City"), a home rule municipal corporation situated in portions of Tarrant, Wise and Denton Counties, Texas, acting by and through Richard Zavala, its duly authorized Acting Assistant City Manager, and SECURE COMMERCE SYSTEMS, INC. ("Consultant") a Texas corporation and acting by and through Ron Newman, its duly authorized Chief Operating Officer. 1. SCOPE OF SERVICES. Consultant hereby agrees to provide the City with professional consulting services addressing City network security. The specifics of the services to be provided are described in detail in Exhibit A "Statement of Work," attached hereto and incorporated for all purposes. In the event of conflict between the Exhibit and this Agreement, the terms of this Agreement shall control. 2. TERM. This Agreement shall commence upon the date that both the City and Consultant have executed this Agreement ("Effective Date") and shall continue in full force and effect until terminated in accordance with the provisions of this Agreement or when the City provides Consultant with written notice that Consultant has fulfilled its obligations under this Agreement and that Consultant's services are no longer required. 3. COMPENSATION. The City shall pay Consultant an amount $15,200.00 plus expenses per Exhibit A, also incorporated hereby for all purposes incident hereto, in accordance with the provisions of this Agreement. Consultant shall not perform any additional services for the City not specified by this Agreement unless the City requests and approves in writing the additional costs for such services. The City shall not be liable for any additional expenses of Consultant not specified by this Agreement unless the City first approves such expenses in writing. 4. TERMINATION. 4.1. Written Notice. The City or Consultant may terminate this Agreement at any time and for any reason by its providing the other party with 30 days' written notice of termination. FT; '3r,"fl, Tei, r 4.2 Non-appropriation of Funds. In the event no funds or insufficient funds are appropriated by the City in any fiscal period for any payments due hereunder, City will notify Consultant of such occurrence and this Agreement shall terminate on the last day of the fiscal period for which appropriations were received without penalty or expense to the City of any kind whatsoever, except as to the portions of the payments herein agreed upon for which funds shall be been appropriated. 4.3 Duties and Obligations of the Parties. In the event that this Agreement is terminated prior to the Expiration Date, the City shall pay Consultant for services actually rendered as of the effective date of termination and Consultant shall continue to provide the City with services requested by the City and in accordance with this Agreement up to the effective date of termination. 5. DISCLOSURE OF CONFLICTS AND CONFIDENTIAL INFORMATION. Consultant hereby warrants to the City that Consultant has made full disclosure in writing of any existing or potential conflicts of interest related to Consultant's services and proposed services with respect to the Scope of Services. In the event that any conflicts of interest arise after the Effective Date of this Agreement, Consultant hereby agrees immediately to make full disclosure to the City in writing. Consultant, for itself and its officers, agents and employees, further agrees that it shall treat all information provided to it by the City as confidential and shall not disclose any such information to a third party without the prior written approval of the City. 6. RIGHT TO AUDIT. Consultant agrees that the City shall, until the expiration of three (3) years after final payment under this contract, have access to and the right to examine at reasonable times any directly pertinent books, documents, papers and records of the consultant involving transactions relating to this Contract. Consultant agrees that the City shall have access during normal working hours to all necessary Consultant facilities and shall be provided adequate and appropriate work space in order to conduct audits in compliance with the provisions of this section. The City shall give Consultant reasonable advance notice of intended audits. Consultant further agrees to include in all its subcontractor agreements hereunder a provision to the effect that the subcontractor agrees that the City shall, until expiration of three (3) years after final payment of the subcontract, have access to and the right to examine at reasonable times any directly pertinent books, documents, papers and records of such subcontractor involving transactions related to the subcontract, and further that City shall have access during normal working hours to all subcontractor facilities and shall be provided adequate and appropriate work space in order to WOND ��1TY �E6P.E R, 2V conduct audits in compliance with the provisions of this paragraph. City shall give subcontractor reasonable notice of intended audits. 7. INDEPENDENT CONTRACTOR. It is expressly understood and agreed that Consultant shall operate as an independent contractor as to all rights and privileges granted herein, and not as agent, representative or employee of the City. Subject to and in accordance with the conditions and provisions of this Agreement, Consultant shall have the exclusive right to control the details of its operations and activities and be solely responsible for the acts and omissions of its officers, agents, servants, employees, contractors and subcontractors. Consultant acknowledges that the doctrine of respondeat superior shall not apply as between the City, its officers, agents, servants and employees, and Consultant, its officers, agents, employees, servants, contractors and subcontractors. Consultant further agrees that nothing herein shall be construed as the creation of a partnership or joint enterprise between City and Consultant. 8. LIABILITY AND INDEMNIFICATION. CONSULTANT SHALL BE LIABLE AND RESPONSIBLE FOR ANY AND ALL PROPERTY LOSS, PROPERTY DAMAGE ANDIOR PERSONAL INJURY, INCLUDING DEATH, TO ANY AND ALL PERSONS, OF ANY KIND OR CHARACTER, WHETHER REAL OR ASSERTED, TO THE EXTENT CAUSED BY THE NEGLIGENT ACT(S) OR OMISSION(S), MALFEASANCE OR INTENTIONAL MISCONDUCT OF CONSULTANT, ITS OFFICERS, AGENTS, SERVANTS OR EMPLOYEES. CONSULTANT COVENANTS AND AGREES TO, AND DOES HEREBY, INDEMNIFY, HOLD HARMLESS AND DEFEND THE CITY, ITS OFFICERS, AGENTS, SERVANTS AND EMPLOYEES, FROM AND AGAINST ANY AND ALL CLAIMS OR LAWSUITS FOR EITHER PROPERTY DAMAGE OR LOSS (INCLUDING ALLEGED DAMAGE OR LOSS TO CONSULTANT'S BUSINESS AND ANY RESULTING LOST PROFITS) ANDIOR PERSONAL INJURY, INCLUDING DEATH, TO ANY AND ALL PERSONS, OF ANY KIND OR CHARACTER, WHETHER REAL OR ASSERTED, ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, TO THE EXTENT CAUSED BY THE NEGLIGENT ACTS OR OMISSIONS OR MALFEASANCE OF CONSULTANT, ITS OFFICERS, AGENTS, SERVANTS OR EMPLOYEES. 9. ASSIGNMENT AND SUBCONTRACTING. Consultant shall not assign or subcontract any of its duties, obligations or rights under this Agreement without the prior written consent of the City. If the City grants such consent, the assignee or subcontractor shall execute a written agreement with the City under which the assignee or subcontractor agrees to be bound by the duties and obligations of Consultant under this Agreement. 10. COMPLIANCE WITH LAWS, ORDINANCES, RULES AND REGULATIONS. Consultant agrees to comply with all federal, state and local laws, ordinances, rules and regulations. If the City notifies Consultant of any violation of such laws, ordinances, rules or regulations, Consultant shall immediately desist from and correct the violation. 11. NON-DISCRIMINATION COVENANT. Consultant, for itself, its personal representatives, assigns, subcontractors and successors in interest, as part of the consideration herein, agrees that in the performance of Consultant's duties and obligations hereunder, it shall not discriminate in the treatment or employment of any individual or group of individuals on the basis of race, color, national origin, religion, handicap, sex, or familial status. If any claim arises from an alleged violation of this non-discrimination covenant by Consultant, its personal representatives, assigns, subcontractors or successors in interest, Consultant agrees to assume such liability and to indemnify and defend the City and hold the City harmless from such claim. 12. NOTICES. Notices required pursuant to the provisions of this Agreement shall be conclusively determined to have been delivered when (1) hand-delivered to the other party, its agents, employees, servants or representatives, (2) delivered by facsimile with electronic confirmation of the transmission, or (3) received by the other party by United States Mail, registered, return receipt requested, addressed as follows: To THE CITY: To CONSULTANT: City of Fort Worth/IT Solutions Secure Commerce Systems, Inc. 1000 Throckmorton 7528 Sweetgum Fort Worth TX 76102-6311 Irving, TX 75063 Facsimile: (817) 871-8654 Facsimile: 972-444-8279 13. SOLICITATION OF EMPLOYEES. Neither the City nor Consultant shall, during the term of this agreement and additionally a period of one year after its termination, solicit for employment or employ, whether as employee or independent contractor, any person who is or has been employed by the other during the term of this agreement, without the prior written consent of the person's employer. CITE 015j:IER!"l :b n U qn N ` 14. GOVERNMENTAL POWERS. It is understood and agreed that by execution of this Agreement, the City does not waive or surrender any of its governmental powers. 15. NO WAIVER. The failure of the City or Consultant to insist upon the performance of any term or provision of this Agreement or to exercise any right granted herein shall not constitute a waiver of the City's or Consultant's respective right to insist upon appropriate performance or to assert any such right on any future occasion. 16. CONSTRUCTION. This Agreement shall be construed in accordance with the internal laws of the State of Texas. If any action, whether real or asserted, at law or in equity, is brought on the basis of this Agreement, venue for such action shall lie in state courts located in Tarrant County, Texas or the United States District Court for the Northern District of Texas, Fort Worth Division. 17. SEVERABILITY. If any provision of this Agreement is held to be invalid, illegal or unenforceable, the validity, legality and enforceability of the remaining provisions shall not in any way be affected or impaired. 18. FORCE MAJEURE. The City and Consultant shall exercise their best efforts to meet their respective duties and obligations as set forth in this Agreement, but shall not be held liable for any delay or omission in performance due to force majeure or other causes beyond their reasonable control, including, but not limited to, compliance with any government law, ordinance or regulation, acts of God, acts of omission, fires, strikes, lockouts, national disasters, wars, riots, material or labor restrictions by any governmental authority, transportation problems and/or any other similar causes. 19. HEADINGS NOT CONTROLLING. Headings and titles used in this Agreement are for reference purposes only and shall not be deemed a part of this Agreement. P :`5ae 20. ENTIRETY OF AGREEMENT. This Agreement, including the schedule of exhibits attached hereto and any documents incorporated herein by reference, contains the entire understanding and agreement between the City and Consultant, their assigns and successors in interest, as to the matters contained herein. Any prior or contemporaneous oral or written agreement is hereby declared null and void to the extent in conflict with any provision of this Agreement. IN WITNESS WHEREOF, '-_- t parties hereto have executed this Agreement in multiples this day of kYL& 1`f1 , , 2003. CITY OF FORT WORTH: SECURE COMMERCE SYSTEMS, INC. LCWaQBy:_ By: Richard Zavala Ron Newman ssistant City Manager Chief Operating Officer ATTEST: ATTEST: By: By: City ecretary APPROVED AS TO FORM AND I� LEGALITY: contract Authorization Assist City Attorney EXHIBIT A 1.0 Statement of Work Secure Commerce Systems is pleased to propose assistance to the City of Fort Worth in documenting the Library Level 2 and Level 3 network configuration and analyzing those configurations for a gap analysis against network security best practices. 1.1 Scope of Work Under the scope of this agreement, Secure Commerce Systems will provide to the City of Fort Worth technical consulting services, both on-site at the City of Fort Worth and remotely via e-mail and telephone, for the documentation and assessment of the following: ➢ Evaluation and documentation of the Layer 2/3 network (Data and Voice) at the Library in conjunction with the Library staff and City of Fort Worth IT Solutions team, plus. ➢ Evaluation and documentation of the Layer 2/3 network (Data and Voice) at the Police department in conjunction with the Police Department and IT Solutions staff. 1.2 Deliverables Under the scope of this agreement, Secure Commerce Systems will deliver to the City of Fort Worth the following work products: ➢ Layer 2/3 Visio network maps shall be provided for the Library that document all systems, network devices and interconnects to other external and internal interfaces with delineation of the public and private networks as they currently exist. SCS shall provide assessment and design recommendations including recommended Visio logical architecture change recommendations complete with preliminary cost and resource estimates to implement. Recommendations for audit compliance certification process should be identified as well as security and Quality of Service (QOS) performance related recommendations for Voice over IP Network redesign. ➢ Layer 2/3 Visio network maps shall be provided for the Police Department that documents all systems, network devices and interconnects to other entities with delineation of the risks associated with this interconnectivity as they currently exist. Recommendations should be made for fast track remediation on existing assessment findings. ➢ SCS shall provide knowledge transfer to work with and coach IT Solutions team on security methods, best practice processes during the course of the engagement 1.3 City of Fort Worth Responsibilities The City of Fort Worth will identify and make available the necessary personnel and documentation to provide the relevant information necessary to perform the specified assessment work. The City of Fort Worth will provide office space, supplies, and telecommunications facilities as required during on-site work. 2.0 Staffing and Fees Keith Hayes and Brian White will be the security consultants for this project, each with a $90.00 fee rate per hour. Task Description Estimated Hours Cost 1 Library network assessment and 84 $7,560 documentation 2 Strategy for security policy 84 $7,560 develo ment and implementation Total, not including expenses $15,720 Secure Commerce Systems is a State of Texas Qualified Information Systems Vendor (QISV), number 1760694594100. 2.1 Expenses Professional fees do not include travel and living costs. Actual travel and living expenses incurred by Secure Commerce Systems consultants will be passed on to the City of Fort Worth for reimbursement under the terms of this agreement. Secure Commerce Systems strives to reduce travel expenses on behalf of its clients. 2.2 Schedule Secure Commerce System's consultants are ready to begin work the week of November 2nd, 2003. v� r�vLn!1 �2ECal0 i Pagel of 3 City of Fort Worth, Texas Mayor and Council Communication COUNCIL ACTION: Approved on 11/18/2003 DATE: Tuesday, November 18, 2003 LOG NAME: 13P03-0267 REFERENCE NO.: P-9880 SUBJECT: Purchase of Professional Computer Security Services, Network Analysis and Authorize a Contract for Professional Services with Secure Commerce Systems, Inc. for the Information Technology Solutions Department RECOMMENDATION: It is recommended that the City Council authorize the City Manager to enter into two contracts with Secure Commerce Systems, Inc. for the period November 18, 2003, to June 30, 2004, for an amount not to exceed $97,620. DISCUSSION: The City's Internal Audit Department engaged Secure Commerce Systems, Inc. to evaluate the City's computer security pursuant to a competitive selection process (Request for Proposal) and awarded a contract for this assessment (M&C P-9691 dated October 8, 2002). In December 2002, Secure Commerce Systems, Inc. provided a report to the Government and Neighborhood Relations Committee regarding the status of computer security, and made certain recommendations for remediation of identified deficiencies. In February 2003, at the time of the management transition in the Information Technology Solutions Department (IT Solutions), Secure Commerce Systems, Inc. was engaged to assure the continued security of the City's computer network during the transition. This firm had recently completed a security audit, and was deemed uniquely qualified to assist in assuring on-going integrity and stability. On April 8, 2003 (M&C P-9781), the City Council approved the engagement of Secure Commerce Systems, Inc. to provide additional assistance to implement certain remediation actions to address high and medium risk security deficiencies as identified in their original assessment. The agreed scope of work was to be completed in six months, at a cost not to exceed $152,400. This Mayor and Council Communication is for the continuation of related security initiatives. A Secure Commerce Systems, Inc. senior security consultant will perform tasks in support of a focused set of security initiatives intended to address specific deficiencies in the City's security posture. The focused set of security initiatives will be based on Secure Commerce Systems, Inc.'s enterprise security methodology. Work is currently being performed under separate contract to develop a comprehensive, centralized Information Security Policy that will be approved by the City Manager. Work is also currently being performed under separate contract to develop enterprise-wide security standards and guidelines for implementing the approved Information Security Policy. IT Solutions proposes that the following additional security initiatives be pursued: Internet Worm Incident Review Secure Commerce Systems, Inc. proposes to provide a high-level review of the Internet worm incident that http://www.cfwnet.org/council_packet/Reports/mc_print.asp 12/4/2003 Page 2 of 3 the City experienced beginning on or about August 21, 2003. This analysis will attempt to document how the worm entered the City networks, what things were done well in handling the infection, what things could have been done better in handling the infection, and how such an infection might be prevented in the, future. Security Awareness Program Development Secure Commerce Systems, Inc. proposes to assist the City in the establishment of a new security awareness program. A security awareness program will be implemented to assist City employees in understanding the new Information Security Policy and their responsibilities under the new security program. The purpose and content of an approved Information Security Policy will be discussed, and new security requirements mandated by the policy will be described. The content of the security awareness program will be tailored for the various City employees receiving the information. On!:going Computer Information Security Officer(CISO) Support Secure Commerce Systems, Inc. proposes on-going Computer Information Security Officer (CISO) support to assist the City in its security operations processes and procedures for a six-month period. Secure Commerce Systems, Inc. will provide an experienced security consultant who will be available for, on average, one day a week for the duration of the six-month period. This consultant will provide interim CISO services and act as an advisor on behalf of IT Solutions, the Chief Information Officer, the City Manager's Office, the City Council, and the Mayor's Office. This consultant will be available on-site, and remotely via e-mail and telephone, as needed. The cost for these professional services is: Service Cost Internet Worm Incident Review $ 6,000 Security Awareness Program Development $38,400 On-going CISO Support $28,800 TOTAL CONSULTING SERVICE $73,200 (not including travel and living costs) Professional fees do not include travel and living costs. Actual travel and living expenses incurred by Secure Commerce Systems, Inc.'s consultants will be passed on to the City for reimbursement under the terms of this agreement. Secure Commerce Systems, Inc. strives to reduce travel expenses on behalf of its clients. The estimated expenses for this contract are $7,320. This estimate will not be exceeded. In addition to the above project, the City has a need for an engineering security analysis of the network for the Library and Police Departments. The Library Department has a separate network from the rest of the City. The portion of the Library network may be consolidated into the City network. Since the Library network serves both the public and staff, the network architecture needs to be evaluated and a plan developed that allows staff to access the City network, and at the same time ensures security requirements. The Police Department needs help to remediate and put in place additional access control for the Police Department. In the audit of security in December 2002, it was recommended that additional security measures be incorporated at the Police Department. Secure Commerce Systems, Inc. has submitted a statement of work for the two projects, and it can be accomplished for an amount not to exceed $17,100. The security engineering analysis for the two departments will be completed by June 30, 2004. http://www.cfwnet.org/council_packet/Reports/mc_print.asp 12/4/2003 Page 3 of 3 Secure Commerce Systems, Inc. is designated as a Catalog Information Systems Vendor by the State of Texas. Under Section 271.083 of the Texas Local Government Code, a local government satisfies otherwise applicable competitive requirements when it makes a purchase through the Texas Building and Procurement Commission catalogue purchasing procedure as established by Section 2157.061 of the Texas Government Code. The City will comply with that procedure for the purchase agreement under this Mayor and Council Communication. M/WBE - A waiver of the goal for MM/BE subcontracting requirements was requested by the Purchasing Division and approved by the M/WBE Office because the purchase of services is from sources where subcontracting or supplier opportunities are negligible. FISCAL INFORMATION/CERTIFICATION: The Finance Director certifies that funds are available in the current operating budget, as appropriated, of the Information Systems Fund. BQN\03-0267\lgs TO Fund/Account/Centers FROM Fund/Account/Centers P168 531200 0041000 $97,620.00 Submitted for City Manager's Office bT. Richard Zavala (Acting) (6183) Originating Department Head: Jim Keyes (8517) Robert Combs (8357) Additional Information Contact: Kate Yarhouse (8465) http://www.cfwnet.org/council_packet/Reports/mc_print.asp 12/4/2003