The URL can be used to link to this page

Home My WebLink AboutStaff Report 13747 City of Palo Alto (ID # 13747) City Council Staff Report Meeting Date: 3/14/2022 Report Type: City of Palo Alto Page 1 Title: Approval of Surveillance Use Policy and Contract for E-Citation Devices/Services with Turbo Data Systems, Not-to-Exceed $218,545 for Five Years From: City Manager Lead Department: Police Recommendation Staff recommends the City Council: 1. Approve the surveillance use policy for electronic citation devices (attached), as required by the City’s Surveillance and Privacy Protection Ordinance (PAMC 2.30.620 et seq.); and 2. Approve and authorize the City Manager to execute the attached five-year contract with Turbo Data Systems, Inc., not to exceed $218,545, for the acquisition of handheld electronic citation devices with optical character recognition technology, and product support, for the purposes of traffic violation enforcement by police officers. Background In 2018, the City Council passed Ordinance 5450 (known as the Surveillance and Privacy Protection Ordinance), which requires Council approval for contracts involving surveillance technology. Council must approve contracts of any time and amount that include acquisition of surveillance technology. See PAMC 2.30.630. In addition, staff must provide a surveillance evaluation of the technology (below), and Council must approve a surveillance use policy in order to use the technology. PAMC 2.30.680(c) states: “Surveillance Technology” means any device or system primarily designed and actually used or intended to be used to collect and retain audio, electronic, visual, location, or similar information constituting personally identifiable information associated with any specific individual or group of specific individuals, for the purpose of tracking, monitoring or analysis associated with that individual or group of individuals. Examples of surveillance technology include, but are not limited to, drones with cameras or monitoring capabilities, automated license plate readers, closed-circuit cameras/televisions, cell-site simulators, biometrics-identification technology, and facial recognition technology. City of Palo Alto Page 2 As discussed below, the surveillance technology under review is a camera on the device that captures images when an operator initiates it. The images are processed through optical character recognition (OCR) analysis to call up the vehicle make and model information. Related issues are two other technologies: a magnetic card reader for driver’s license information auto-population and a fingerprint sensor for capturing photographs of fingerprints in the field. It is staff’s opinion that the magnetic reader and fingerprint sensor do not meet the intent of the municipal code, however, they are included here for consideration. Council approved of the use of State of California Citizens' Option for Public Safety (COPS) program funding in CMRs 5425 (2015) and 9852 (2019). A sole source exemption was approved to purchase the devices and enter into a contract with Turbo Data Systems (See Attachment A). Discussion The handheld E-Cite device for issuing traffic violation citations by sworn personnel will allow officers to issue the citations using streamlined technology that offers efficient and accurate data entry. E-Cites eliminate two common issues with paper citations: legible writing and omitted information. Unrelated to the camera technology (and possibility of surveillance), the E-cite system has added features that facilitate electronic submission of citations, currently hand-typed manually by Records Division personnel, into the Department’s Records Management System (RMS) and electronically to the county traffic court. Images of license plates, and their associated alpha-numeric characters, can facilitate the recall of vehicle information to populate specific fields in the citation record. This feature is a license plate reader (LPR) function that is manually initiated (as opposed to Automated License Plate Reader, or ALPR, technology, discussed in CMR 11492 for parking enforcement in the Residential Parking Program). The operator can either “point-and-click” to capture the license plate characters or manually enter the characters into their hand-held device. This report addresses the former. Further, the device allows for the capture and recall of driver’s license related information from the magnetic strip on the back of a state-issued driver’s license. This information populates the driver’s information in the citation record – also available for manual entry. Finally, the fingerprint sensor is an image scanner to be used in cases when violators do not have government issued identification at the ready. The fingerprint scanner does not connect to any government identification database. The data is stored in the Turbo Data Systems Software cloud server, accessible only by authorized law enforcement personnel. As device capture technology presents the potential to capture personal identifying information, an evaluation of this technology is provided below. Surveillance Evaluation Although this technology does not independently monitor any public activity, due to the technology using image-detection features, the department will explain the technological features of the equipment for Council consideration. City of Palo Alto Page 3 The E-cite vendor and product under consideration for engagement is Turbo Data nFORCER. The product does not continually scan, monitor, or send information to any source, rather, the officer only powers on and uses the unit after witnessing a vehicle code violation and contacts the violator. Photographs taken with the device are stored as an image along with the citation form and signature image. As required by the Surveillance and Privacy Protection ordinance, the following considerations are explained: 1. A description of the surveillance technology, including how it works and what information it captures: The Department will be using the product for issuing traffic violations by sworn officers. The product is an electronic citation device with printer, allowing for rapid citation issuance, decreased errors due to the electronic field platform, and has the additional features of photograph of the vehicle and license plate to add to the comprehensive record of the law enforcement contact. Once the rear vehicle image is captured, the software will populate the vehicle information (state of issue, license plate number, make, model and possibly color) using OCR. OCR is technology to recognize text inside images, such as letter characters within photographs. This is a feature of the software and is not something that all officers may use. It is at the officer’s discretion whether they take a photo of the license plate to allow for the software to populate those fields or whether they opt to manually enter the data on the device, achieving the same result – populated fields. The LPR feature used by the device is not the same as ALPR. An ALPR system takes active scans of every license plate that passes the camera (fixed or mobile). That image is then added to the system’s database for searching. Any scanned license plate that has been marked in the system as being stolen or flagged would trigger an alert in the software for the officer to view. The “LPR” feature of the device only relates to the software involving image recognition to auto- field population. The device contains a magnetic stripe to swipe a driver’s license or for the officer to use the camera to read the bar code of a driver’s license to auto populate the registered owner/driver information on the citation. It is optional for the officer to use this method of reading licensee information, they may use the camera to “scan” the bar code on the back of the driver’s license, if present, or they may enter the data manually. The device has a fingerprint sensor available on it to capture a detailed image of the driver’s fingerprint that attaches to the digital record. This feature will only be used, according the California law, as the positive identification of the person being issued the citation when that person does not possess a copy of their valid driver’s license or have another form of valid government-issued identification. The fingerprint scanner does not connect to any government identification database. City of Palo Alto Page 4 The driver will use the device stylus to sign the citation on the screen of the unit. The signature image for all citations is captured as a photo. The image is then transferred to the printed citation in the signature field. The officer will complete the citation process printing out the citation on the attached printer and providing the driver with a copy of the citation. Data Flow and Transmission Specifics After completion of the citation with a positive internet connection, the device will transfer the citation information electronically to a secured department account on the Turbo Data Systems cloud server through the vendor software. At a designated daily time, the software program will transfer a copy of the citation record to the department’s Records Management System (RMS), for permanent storage as a police record. Weekly, the Police Department Court Liaison Officer will initiate the electronic transfer of the citation records to the Santa Clara County Traffic Court. The court will process and retain the citation record according to the necessary legal process and the Court’s retention schedule, as is currently done with paper traffic citations. Copies of the citation records will reside on the Turbo Data Systems cloud server for 2 years, per the City’s retention schedule, then be purged. The citation data stored in the department RMS is permanent storage, subject to change per state law and the City Records Retention Policy. Citation data held on the Turbo Data Systems cloud server is accessible only to designated department personnel as needed for citation viewing and processing procedures. Turbo Data Systems does not release the citation data to outside entities other than described in the contract (Court and department RMS). Citation data in the department RMS is accessible only by designated department personnel and will only be released to the public according to the California Public Records Act under its legal allowances and restrictions. Please refer to the Turbo Data Systems drafted contract for further specific details. 2. Information on the proposed purpose, use and benefits of the surveillance technology: Currently, officers issue triplicate form paper citations for violations. The general citation issuing process will remain the same, which includes recording traffic stop information including driver’s license information, vehicle registration information, insurance information, date/time of offense, driving conditions, school or construction zones status and finally, the violations. The paper citations are handwritten, require the handwriting to be deciphered by records staff, and manually entered into the department’s existing RMS. The benefit of the handheld device is that it allows the officers to take a picture of the infraction in order to have a record of it. For instance, the Traffic officer will issue citations to vehicles parked in no parking zones and will take a picture of the vehicle, similar to what Department parking enforcement officers do. These images are cleared off of the device once the citation is uploaded to the vendor database and are attached as part of the citation record. Any photos captured are not sent to the courts or the violator. They are for reference only should the officer need to report to traffic court in the event the citation is being challenged. The department’s new RMS system, Sun Ridge RIMS, has an interface to automatically upload the e-citations into the system, eliminating the staff time for manual data entry. City of Palo Alto Page 5 The Turbo Data software allows for the electronic download of the citations and electronic transfer of those citations to the County Court System, thus significantly improving the timeliness of citation processing compared to the Department’s current fully manual process. This will allow the community member timely access to the citation data for expedited resolution through the court system, as needed. An additional benefit of this solution is the ability to update court information seamlessly through software updates. During the shelter-in- place as a result of the pandemic, County court locations changed multiple times, causing the Department to purchase and apply adhesive court location change addresses to every citation issued, along with handwritten citation correction forms. This product eliminates the need to order updated citation books when court information changes. 3. The location where the surveillance technology may be used: This technology will be used by sworn officers enforcing vehicle codes on public roadways in Palo Alto. 4. Present federal, state, and local laws and regulations applicable to the Surveillance Technology and the information it captures; the potential impacts on civil liberties and privacy; and proposals to mitigate and manage any impacts: The Turbo Data nForcer product is the electronic version of a paper citation for vehicle code enforcement. All data associated with the traffic violation stop will be recorded and stored in accordance with current law, policy or practice mandated by city or state that governs traffic violation citations. Images of license plates, along with any image captured in the field, will be captured and stored in accordance with the City of Palo Alto Records Retention Policy, which is a minimum of two years. Turbo Data has completed the necessary Vendor Information Security Assessment (VISA) forms and security mandates required by the City’s IT Department and has preliminary approval to operate the software. 5. The costs for the surveillance technology, including acquisition, maintenance, personnel, and other costs, and current or potential of funding: $218,545.67 will purchase the equipment (to own) and fund the service and supplies for five years. Please refer to the “Resource Impact” section below and Attachment A for Turbo Data Systems Service Contract details. Timeline Upon approval, the Department will purchase and deploy the technology upon receipt. Resource Impact City of Palo Alto Page 6 The initial equipment will be purchased using previously-allocated funds in the special revenue fund – Supplemental Law Enforcement Services Fund (COPS)– Fund 248. The Department plans on using this funding for the initial purchase of the technology to include thirteen devices, printers, and software, extended warranty, the first year licensing for an initial program startup total of $78,826. The subsequent years 2-5 will be funded through the IT Department’s normal technology maintenance agreement ($94,852 for years 2-5). The Police Department operating budget will absorb the annual operating costs associated with the devices including the purchase of special paper for the printer unit; approximately $3,200 per year. This cost can be offset by the reduction in the amount of printed citation books purchased annually by the Department. In 2020, the Department spent $3,100 on printed paper citation books. The program does require a $2 per citation processing fee, charged by the vendor, which is an estimated $17,000 fee the Police Department must cover annually (based on 2018 citation data). The processing fees will be charged to the Department’s operating budget. Despite the initial and ongoing costs, the Department recommends pursuing this technology to offset personnel reductions. Currently, Records staff allocate approximately 1,400 hours per year manually entering data (10 minutes per citation multiplied by 8,500 citations) and staff currently physically transports the citations to the Traffic Court. With the integration of this electronic solution with the RMS and the Court system, staff time will be reduced from 27 hours per week to approximately an hour per week. As a result of the elimination of all hourly Records Division personnel in FY 2020/2021, the Records Division has struggled to meet paperwork processing deadlines within the regular workday. This solution will free up staff time to attend to other critical Records duties. Policy Implications If approved, the use of this technology will be subject to the attached surveillance policy. Stakeholder Engagement No stakeholder engagement was completed for the consideration and selection of the citation issuing system. Environmental Review Approval of this technology is exempt from the requirements of California Environmental Protection Act (CEQA) pursuant to Section 15061(b)(3). Attachments: • Attachment A: S22177725 Turbo Data Systems • Attachment B: Surveillance Use Policy for E Citations • Attachment C: ticketPRO_nFORCER_eBrochure • Attachment D: City of Palo Alto Police Records Retention Schedule Professional Services Rev. Dec.15, 2020 Page 1 of 40 CITY OF PALO ALTO CONTRACT NO. S22177725 AGREEMENT FOR PROFESSIONAL SERVICES BETWEEN THE CITY OF PALO ALTO AND TURBO DATA SYSTEMS, INC. This Agreement for Professional Services (this “Agreement”) is entered into as of the 7th day of March, 2022 (the “Effective Date”), by and between the CITY OF PALO ALTO, a California chartered municipal corporation (“CITY”), and TURBO DATA SYSTEMS, INC., a California corporation, located at 1551 N Tustin Avenue Suite 950, Santa Ana CA 92705 (“CONSULTANT”). The following recitals are a substantive portion of this Agreement and are fully incorporated herein by this reference: RECITALS A. CITY intends for CITY officers to electronically issue and process moving violations without writing traffic citations (the “Project”) and desires to engage a consultant to implement a Traffic Module and data collecting technology platform for electronic citation issuance and processing of moving violations in connection with the Project (the “Services”, as detailed more fully in Exhibit A). B. CONSULTANT represents that it, its employees and subconsultants, if any, possess the necessary professional expertise, qualifications, and capability, and all required licenses and/or certifications to provide the Services. C. CITY, in reliance on these representations, desires to engage CONSULTANT to provide the Services as more fully described in Exhibit A, entitled “SCOPE OF SERVICES”. NOW, THEREFORE, in consideration of the recitals, covenants, terms, and conditions, in this Agreement, the parties agree as follows: SECTION 1. SCOPE OF SERVICES. CONSULTANT shall perform the Services described in Exhibit A in accordance with the terms and conditions contained in this Agreement. The performance of all Services shall be to the reasonable satisfaction of CITY. SECTION 2. TERM. The term of this Agreement shall be from the date of its full execution through March 6, 2027 unless terminated earlier pursuant to Section 19 (Termination) of this Agreement. SECTION 3. SCHEDULE OF PERFORMANCE. Time is of the essence in the performance of Services under this Agreement. CONSULTANT shall complete the Services within the term of this DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 2 of 40 Agreement and in accordance with the schedule set forth in Exhibit B, entitled “SCHEDULE OF PERFORMANCE”. Any Services for which times for performance are not specified in this Agreement shall be commenced and completed by CONSULTANT in a reasonably prompt and timely manner based upon the circumstances and direction communicated to the CONSULTANT. CITY’s agreement to extend the term or the schedule for performance shall not preclude recovery of damages for delay if the extension is required due to the fault of CONSULTANT. SECTION 4. NOT TO EXCEED COMPENSATION. The compensation to be paid to CONSULTANT for performance of the Services shall be based on the compensation structure detailed in Exhibit C, entitled “COMPENSATION,” including any reimbursable expenses specified therein, and the maximum total compensation shall not exceed One Hundred Ninety Eight Thousand Six Hundred Seventy Seven Dollars and Eighty Eight Cents ($198,677.88). The hourly schedule of rates, if applicable, is set out in Exhibit C-1, entitled “SCHEDULE OF RATES.” Any work performed or expenses incurred for which payment would result in a total exceeding the maximum compensation set forth in this Section 4 shall be at no cost to the CITY. Optional Additional Services Provision (This provision applies only if checked and a not- to-exceed compensation amount for Additional Services is allocated below under this Section 4.) In addition to the not-to-exceed compensation specified above, CITY has set aside the not- to-exceed compensation amount of Nineteen Thousand Eight Hundred Sixty Seven Dollars and Seventy Nine Cents Dollars ($19,867.79) for the performance of Additional Services (as defined below). The total compensation for performance of the Services, Additional Services and any reimbursable expenses specified in Exhibit C, shall not exceed Two Hundred Eighteen Thousand Five Hundred Forty Five Dollars and Sixty Seven Cents ($218,545.67), as detailed in Exhibit C. “Additional Services” means any work that is determined by CITY to be necessary for the proper completion of the Project, but which is not included within the Scope of Services described at Exhibit A. CITY may elect to, but is not required to, authorize Additional Services up to the maximum amount of compensation set forth for Additional Services in this Section 4. CONSULTANT shall provide Additional Services only by advanced, written authorization from CITY as detailed in this Section. Additional Services, if any, shall be authorized by CITY with a Task Order assigned and authorized by CITY’s Project Manager, as identified in Section 13 (Project Management). Each Task Order shall be in substantially the same form as Exhibit A-1, entitled “PROFESSIONAL SERVICES TASK ORDER”. Each Task Order shall contain a specific scope of services, schedule of performance and maximum compensation amount, in accordance with the provisions of this Agreement. Compensation for Additional Services shall be specified by CITY in the Task Order, based on whichever is lowest: the compensation structure set forth in Exhibit C, the hourly rates set forth in Exhibit C-1, or a negotiated lump sum. To accept a Task Order, CONSULTANT shall sign the Task Order and return it to CITY’s Project Manager within the time specified by the Project Manager, and upon authorization by CITY (defined as counter-signature by the CITY Project Manager), the fully executed DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 3 of 40 Task Order shall become part of this Agreement. The cumulative total compensation to CONSULTANT for all Task Orders authorized under this Agreement shall not exceed the amount of compensation set forth for Additional Services in this Section 4. CONSULTANT shall only be compensated for Additional Services performed under an authorized Task Order and only up to the maximum amount of compensation set forth for Additional Services in this Section 4. Performance of and payment for any Additional Services are subject to all requirements and restrictions in this Agreement. SECTION 5. INVOICES. In order to request payment, CONSULTANT shall submit monthly invoices to the CITY describing the Services performed and the applicable charges (including, if applicable, an identification of personnel who performed the Services, hours worked, hourly rates, and reimbursable expenses), based upon Exhibit C or, as applicable, CONSULTANT’s schedule of rates set forth in Exhibit C-1. If applicable, the invoice shall also describe the percentage of completion of each task. The information in CONSULTANT’s invoices shall be subject to verification by CITY. CONSULTANT shall send all invoices to CITY’s Project Manager at the address specified in Section 13 (Project Management) below. CITY will generally process and pay invoices within thirty (30) days of receipt of an acceptable invoice. SECTION 6. QUALIFICATIONS/STANDARD OF CARE. All Services shall be performed by CONSULTANT or under CONSULTANT’s supervision. CONSULTANT represents that it, its employees and subcontractors, if any, possess the professional and technical personnel necessary to perform the Services required by this Agreement and that the personnel have sufficient skill and experience to perform the Services assigned to them. CONSULTANT represents that it, its employees and subcontractors, if any, have and shall maintain during the term of this Agreement all licenses, permits, qualifications, insurance and approvals of whatever nature that are legally required to perform the Services. All Services to be furnished by CONSULTANT under this Agreement shall meet the professional standard and quality that prevail among professionals in the same discipline and of similar knowledge and skill engaged in related work throughout California under the same or similar circumstances. SECTION 7. COMPLIANCE WITH LAWS. CONSULTANT shall keep itself informed of and in compliance with all federal, state and local laws, ordinances, regulations, and orders that may affect in any manner the Project or the performance of the Services or those engaged to perform Services under this Agreement, as amended from time to time. CONSULTANT shall procure all permits and licenses, pay all charges and fees, and give all notices required by law in the performance of the Services. SECTION 8. ERRORS/OMISSIONS. CONSULTANT is solely responsible for costs, including, but not limited to, increases in the cost of Services, arising from or caused by CONSULTANT’s errors and omissions, including, but not limited to, the costs of corrections such errors and omissions, any change order markup costs, or costs arising from delay caused by the errors and omissions or unreasonable delay in correcting the errors and omissions. SECTION 9. COST ESTIMATES. If this Agreement pertains to the design of a public works project, CONSULTANT shall submit estimates of probable construction costs at each phase of design submittal. If the total estimated construction cost at any submittal exceeds the CITY’s stated DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 4 of 40 construction budget by ten percent (10%) or more, CONSULTANT shall make recommendations to CITY for aligning the Project design with the budget, incorporate CITY approved recommendations, and revise the design to meet the Project budget, at no additional cost to CITY. SECTION 10. INDEPENDENT CONTRACTOR. CONSULTANT acknowledges and agrees that CONSULTANT and any agent or employee of CONSULTANT will act as and shall be deemed at all times to be an independent contractor and shall be wholly responsible for the manner in which CONSULTANT performs the Services requested by CITY under this Agreement. CONSULTANT and any agent or employee of CONSULTANT will not have employee status with CITY, nor be entitled to participate in any plans, arrangements, or distributions by CITY pertaining to or in connection with any retirement, health or other benefits that CITY may offer its employees. CONSULTANT will be responsible for all obligations and payments, whether imposed by federal, state or local law, including, but not limited to, FICA, income tax withholdings, workers’ compensation, unemployment compensation, insurance, and other similar responsibilities related to CONSULTANT’s performance of the Services, or any agent or employee of CONSULTANT providing same. Nothing in this Agreement shall be construed as creating an employment or agency relationship between CITY and CONSULTANT or any agent or employee of CONSULTANT. Any terms in this Agreement referring to direction from CITY shall be construed as providing for direction as to policy and the result of CONSULTANT’s provision of the Services only, and not as to the means by which such a result is obtained. SECTION 11. ASSIGNMENT. The parties agree that the expertise and experience of CONSULTANT are material considerations for this Agreement. CONSULTANT shall not assign or transfer any interest in this Agreement nor the performance of any of CONSULTANT’s obligations hereunder without the prior written approval of the City Manager. Any purported assignment made without the prior written approval of the City Manager will be void and without effect. Subject to the foregoing, the covenants, terms, conditions and provisions of this Agreement will apply to, and will bind, the heirs, successors, executors, administrators and assignees of the parties. SECTION 12. SUBCONTRACTING. Option A: No Subcontractor: CONSULTANT shall not subcontract any portion of the Services to be performed under this Agreement without the prior written authorization of the City Manager or designee. In the event CONSULTANT does subcontract any portion of the work to be performed under this Agreement, CONSULTANT shall be fully responsible for all acts and omissions of subcontractors. Option B: Subcontracts Authorized: Notwithstanding Section 11 (Assignment) above, CITY agrees that subcontractors may be used to complete the Services. The subcontractors authorized by CITY to perform work on this Project are: None CONSULTANT shall be responsible for directing the work of any subcontractors and for any compensation due to subcontractors. CITY assumes no responsibility whatsoever concerning compensation of subcontractors. CONSULTANT shall be fully responsible to CITY for all acts and omissions of subcontractors. CONSULTANT shall change or add subcontractors only with the prior DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 5 of 40 written approval of the City Manager or designee. SECTION 13. PROJECT MANAGEMENT. CONSULTANT will assign Elie M Sleiman, Email: elie@turbodata.com, Telephone: (714) 368-4888 as the CONSULTANT’s Project Manager to have supervisory responsibility for the performance, progress, and execution of the Services and represent CONSULTANT during the day-to-day performance of the Services. If circumstances cause the substitution of the CONSULTANT’s Project Manager or any other of CONSULTANT’s key personnel for any reason, the appointment of a substitute Project Manager and the assignment of any key new or replacement personnel will be subject to the prior written approval of the CITY’s Project Manager. CONSULTANT, at CITY’s request, shall promptly remove CONSULTANT personnel who CITY finds do not perform the Services in an acceptable manner, are uncooperative, or present a threat to the adequate or timely completion of the Services or a threat to the safety of persons or property. CITY’s Project Manager is Nicole Frazier, email: Nicole.Frazier@CityofPaloAlto.org Police Department, Technology Service Division, 275 Forest Avenue, A-Level, Palo Alto, CA, zipcode: 94301, Telephone: (650) 329-2257. CITY’s Project Manager will be CONSULTANT’s point of contact with respect to performance, progress and execution of the Services. CITY may designate an alternate Project Manager from time to time. SECTION 14. OWNERSHIP OF MATERIALS. All work product, including without limitation, all writings, drawings, studies, sketches, photographs, plans, reports, specifications, computations, models, recordings, data, documents, and other materials and copyright interests developed under this Agreement, in any form or media, shall be and remain the exclusive property of CITY without restriction or limitation upon their use. CONSULTANT agrees that all copyrights which arise from creation of the work product pursuant to this Agreement are vested in CITY, and CONSULTANT hereby waives and relinquishes all claims to copyright or other intellectual property rights in favor of CITY. Neither CONSULTANT nor its subcontractors, if any, shall make any of such work product available to any individual or organization without the prior written approval of the City Manager or designee. CONSULTANT makes no representation of the suitability of the work product for use in or application to circumstances not contemplated by the Scope of Services. SECTION 15. AUDITS. CONSULTANT agrees to permit CITY and its authorized representatives to audit, at any reasonable time during the term of this Agreement and for four (4) years from the date of final payment, CONSULTANT’s records pertaining to matters covered by this Agreement, including without limitation records demonstrating compliance with the requirements of Section 10 (Independent Contractor). CONSULTANT further agrees to maintain and retain accurate books and records in accordance with generally accepted accounting principles for at least four (4) years after the expiration or earlier termination of this Agreement or the completion of any audit hereunder, whichever is later. SECTION 16. INDEMNITY. [Option A applies to the following design professionals pursuant to Civil Code Section 2782.8: architects; landscape architects; registered professional engineers and licensed professional land surveyors.] 16.1. To the fullest extent permitted by law, CONSULTANT shall DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 6 of 40 indemnify, defend and hold harmless CITY, its Council members, officers, employees and agents (each an “Indemnified Party”) from and against any and all third party demands, claims, or liability of any nature, including death or injury to any person, property damage or any other loss, including all costs and expenses of whatever nature including attorney’s fees, experts fees, court costs and disbursements (“Claims”) to the extent that such Claims arise out of, pertain to, or relate to the negligence, recklessness, or willful misconduct of CONSULTANT, its officers, employees, agents or contractors under this Agreement, regardless of whether or not it is caused in part by an Indemnified Party. CITY will reimburse CONSULTANT for the proportionate percentage of defense costs exceeding CONSULTANT’s proportionate percentage of fault as determined by the final judgment of a court of competent jurisdiction. [Option B applies to any consultant who does not qualify as a design professional as defined in Civil Code Section 2782.8.] 16.1. To the fullest extent permitted by law, CONSULTANT shall indemnify, defend and hold harmless CITY, its Council members, officers, employees and agents (each an “Indemnified Party”) from and against any and all demands, claims, or liability of any nature, including death or injury to any person, property damage or any other loss, including all costs and expenses of whatever nature including attorney’s fees, experts fees, court costs and disbursements (“Claims”) resulting from, arising out of or in any manner related to performance or nonperformance by CONSULTANT, its officers, employees, agents or contractors under this Agreement, regardless of whether or not it is caused in part by an Indemnified Party. 16.2. Notwithstanding the above, nothing in this Section 16 shall be construed to require CONSULTANT to indemnify an Indemnified Party from a Claim arising from the active negligence or willful misconduct of an Indemnified Party that is not contributed to by any act of, or by any omission to perform a duty imposed by law or agreement by, CONSULTANT, its officers, employees, agents or contractors under this Agreement. 16.3. The acceptance of CONSULTANT’s Services and duties by CITY shall not operate as a waiver of the right of indemnification. The provisions of this Section 16 shall survive the expiration or early termination of this Agreement. SECTION 17. WAIVERS. No waiver of a condition or nonperformance of an obligation under this Agreement is effective unless it is in writing in accordance with Section 29.4 of this Agreement. No delay or failure to require performance of any provision of this Agreement shall constitute a waiver of that provision as to that or any other instance. Any waiver granted shall apply solely to the specific instance expressly stated. No single or partial exercise of any right or remedy will preclude any other or further exercise of any right or remedy. SECTION 18. INSURANCE. 18.1. CONSULTANT, at its sole cost and expense, shall obtain and maintain, in full force and effect during the term of this Agreement, the insurance coverage described in Exhibit D, entitled “INSURANCE REQUIREMENTS”. CONSULTANT and its contractors, if any, shall obtain a policy endorsement naming CITY as an additional insured under any general liability or automobile policy or policies. DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 7 of 40 18.2. All insurance coverage required hereunder shall be provided through carriers with AM Best’s Key Rating Guide ratings of A-:VII or higher which are licensed or authorized to transact insurance business in the State of California. Any and all contractors of CONSULTANT retained to perform Services under this Agreement will obtain and maintain, in full force and effect during the term of this Agreement, identical insurance coverage, naming CITY as an additional insured under such policies as required above. 18.3. Certificates evidencing such insurance shall be filed with CITY concurrently with the execution of this Agreement. The certificates will be subject to the approval of CITY’s Risk Manager and will contain an endorsement stating that the insurance is primary coverage and will not be canceled, or materially reduced in coverage or limits, by the insurer except after filing with the Purchasing Manager thirty (30) days’ prior written notice of the cancellation or modification. If the insurer cancels or modifies the insurance and provides less than thirty (30) days’ notice to CONSULTANT, CONSULTANT shall provide the Purchasing Manager written notice of the cancellation or modification within two (2) business days of the CONSULTANT’s receipt of such notice. CONSULTANT shall be responsible for ensuring that current certificates evidencing the insurance are provided to CITY’s Chief Procurement Officer during the entire term of this Agreement. 18.4. The procuring of such required policy or policies of insurance will not be construed to limit CONSULTANT’s liability hereunder nor to fulfill the indemnification provisions of this Agreement. Notwithstanding the policy or policies of insurance, CONSULTANT will be obligated for the full and total amount of any damage, injury, or loss caused by or directly arising as a result of the Services performed under this Agreement, including such damage, injury, or loss arising after the Agreement is terminated or the term has expired. SECTION 19. TERMINATION OR SUSPENSION OF AGREEMENT OR SERVICES. 19.1. The City Manager may suspend the performance of the Services, in whole or in part, or terminate this Agreement, with or without cause, by giving ten (10) days prior written notice thereof to CONSULTANT. If CONSULTANT fails to perform any of its material obligations under this Agreement, in addition to all other remedies provided under this Agreement or at law, the City Manager may terminate this Agreement sooner upon written notice of termination. Upon receipt of any notice of suspension or termination, CONSULTANT will discontinue its performance of the Services on the effective date in the notice of suspension or termination. 19.2. In event of suspension or termination, CONSULTANT will deliver to the City Manager on or before the effective date in the notice of suspension or termination, any and all work product, as detailed in Section 14 (Ownership of Materials), whether or not completed, prepared by CONSULTANT or its contractors, if any, in the performance of this Agreement. Such work product is the property of CITY, as detailed in Section 14 (Ownership of Materials). 19.3. In event of suspension or termination, CONSULTANT will be paid for the Services rendered and work products delivered to CITY in accordance with the Scope of Services up to the effective date in the notice of suspension or termination; provided, however, if this DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 8 of 40 Agreement is suspended or terminated on account of a default by CONSULTANT, CITY will be obligated to compensate CONSULTANT only for that portion of CONSULTANT’s Services provided in material conformity with this Agreement as such determination is made by the City Manager acting in the reasonable exercise of his/her discretion. The following Sections will survive any expiration or termination of this Agreement: 14, 15, 16, 17, 19.2, 19.3, 19.4, 20, 25, 27, 28, 29 and 30. 19.4. No payment, partial payment, acceptance, or partial acceptance by CITY will operate as a waiver on the part of CITY of any of its rights under this Agreement, unless made in accordance with Section 17 (Waivers). SECTION 20. NOTICES. All notices hereunder will be given in writing and mailed, postage prepaid, by certified mail, addressed as follows: To CITY: Office of the City Clerk City of Palo Alto Post Office Box 10250 Palo Alto, CA 94303 With a copy to the Purchasing Manager To CONSULTANT: Attention of the Project Manager at the address of CONSULTANT recited on the first page of this Agreement. CONSULTANT shall provide written notice to CITY of any change of address. SECTION 21. CONFLICT OF INTEREST. 21.1. In executing this Agreement, CONSULTANT covenants that it presently has no interest, and will not acquire any interest, direct or indirect, financial or otherwise, which would conflict in any manner or degree with the performance of the Services. 21.2. CONSULTANT further covenants that, in the performance of this Agreement, it will not employ subcontractors or other persons or parties having such an interest. CONSULTANT certifies that no person who has or will have any financial interest under this Agreement is an officer or employee of CITY; this provision will be interpreted in accordance with the applicable provisions of the Palo Alto Municipal Code and the Government Code of the State of California, as amended from time to time. CONSULTANT agrees to notify CITY if any conflict arises. 21.3. If the CONSULTANT meets the definition of a “Consultant” as defined by the Regulations of the Fair Political Practices Commission, CONSULTANT will file the appropriate financial disclosure documents required by the Palo Alto Municipal Code and the Political Reform Act of 1974, as amended from time to time. DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 9 of 40 SECTION 22. NONDISCRIMINATION; COMPLIANCE WITH ADA. 22.1. As set forth in Palo Alto Municipal Code Section 2.30.510, as amended from time to time, CONSULTANT certifies that in the performance of this Agreement, it shall not discriminate in the employment of any person due to that person’s race, skin color, gender, gender identity, age, religion, disability, national origin, ancestry, sexual orientation, pregnancy, genetic information or condition, housing status, marital status, familial status, weight or height of such person. CONSULTANT acknowledges that it has read and understands the provisions of Section 2.30.510 of the Palo Alto Municipal Code relating to Nondiscrimination Requirements and the penalties for violation thereof, and agrees to meet all requirements of Section 2.30.510 pertaining to nondiscrimination in employment. 22.2. CONSULTANT understands and agrees that pursuant to the Americans Disabilities Act (“ADA”), programs, services and other activities provided by a public entity to the public, whether directly or through a contractor or subcontractor, are required to be accessible to the disabled public. CONSULTANT will provide the Services specified in this Agreement in a manner that complies with the ADA and any other applicable federal, state and local disability rights laws and regulations, as amended from time to time. CONSULTANT will not discriminate against persons with disabilities in the provision of services, benefits or activities provided under this Agreement. SECTION 23. ENVIRONMENTALLY PREFERRED PURCHASING AND ZERO WASTE REQUIREMENTS. CONSULTANT shall comply with the CITY’s Environmentally Preferred Purchasing policies which are available at CITY’s Purchasing Department, hereby incorporated by reference and as amended from time to time. CONSULTANT shall comply with waste reduction, reuse, recycling and disposal requirements of CITY’s Zero Waste Program. Zero Waste best practices include, first, minimizing and reducing waste; second, reusing waste; and, third, recycling or composting waste. In particular, CONSULTANT shall comply with the following Zero Waste requirements: (a) All printed materials provided by CONSULTANT to CITY generated from a personal computer and printer including but not limited to, proposals, quotes, invoices, reports, and public education materials, shall be double-sided and printed on a minimum of 30% or greater post- consumer content paper, unless otherwise approved by CITY’s Project Manager. Any submitted materials printed by a professional printing company shall be a minimum of 30% or greater post- consumer material and printed with vegetable-based inks. (b) Goods purchased by CONSULTANT on behalf of CITY shall be purchased in accordance with CITY’s Environmental Purchasing Policy including but not limited to Extended Producer Responsibility requirements for products and packaging. A copy of this policy is on file at the Purchasing Department’s office. (c) Reusable/returnable pallets shall be taken back by CONSULTANT, at no additional cost to CITY, for reuse or recycling. CONSULTANT shall provide documentation from the facility accepting the pallets to verify that pallets are not being disposed. DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 10 of 40 SECTION 24. COMPLIANCE WITH PALO ALTO MINIMUM WAGE ORDINANCE. CONSULTANT shall comply with all requirements of the Palo Alto Municipal Code Chapter 4.62 (Citywide Minimum Wage), as amended from time to time. In particular, for any employee otherwise entitled to the State minimum wage, who performs at least two (2) hours of work in a calendar week within the geographic boundaries of the City, CONSULTANT shall pay such employees no less than the minimum wage set forth in Palo Alto Municipal Code Section 4.62.030 for each hour worked within the geographic boundaries of the City of Palo Alto. In addition, CONSULTANT shall post notices regarding the Palo Alto Minimum Wage Ordinance in accordance with Palo Alto Municipal Code Section 4.62.060. SECTION 25. NON-APPROPRIATION. This Agreement is subject to the fiscal provisions of the Charter of the City of Palo Alto and the Palo Alto Municipal Code, as amended from time to time. This Agreement will terminate without any penalty (a) at the end of any fiscal year in the event that funds are not appropriated for the following fiscal year, or (b) at any time within a fiscal year in the event that funds are only appropriated for a portion of the fiscal year and funds for this Agreement are no longer available. This Section shall take precedence in the event of a conflict with any other covenant, term, condition, or provision of this Agreement. SECTION 26. PREVAILING WAGES AND DIR REGISTRATION FOR PUBLIC WORKS CONTRACTS. 26.1. This Project is not subject to prevailing wages and related requirements. CONSULTANT is not required to pay prevailing wages and meet related requirements under the California Labor Code and California Code of Regulations in the performance and implementation of the Project if the contract: (1) is not a public works contract; (2) is for a public works construction project of $25,000 or less, per California Labor Code Sections 1782(d)(1), 1725.5(f) and 1773.3(j); or (3) is for a public works alteration, demolition, repair, or maintenance project of $15,000 or less, per California Labor Code Sections 1782(d)(1), 1725.5(f) and 1773.3(j). SECTION 27. CLAIMS PROCEDURE FOR “9204 PUBLIC WORKS PROJECTS”. For purposes of this Section 27, a “9204 Public Works Project” means the erection, construction, alteration, repair, or improvement of any public structure, building, road, or other public improvement of any kind. (Cal. Pub. Cont. Code § 9204.) Per California Public Contract Code Section 9204, for Public Works Projects, certain claims procedures shall apply, as set forth in Exhibit F, entitled “Claims for Public Contract Code Section 9204 Public Works Projects”. This Project is not a 9204 Public Works Project. SECTION 28. CONFIDENTIAL INFORMATION. 28.1. In the performance of this Agreement, CONSULTANT may have access to CITY’s Confidential Information (defined below). CONSULTANT will hold Confidential Information in strict confidence, not disclose it to any third party, and will use it only for the DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 11 of 40 performance of its obligations to CITY under this Agreement and for no other purpose. CONSULTANT will maintain reasonable and appropriate administrative, technical and physical safeguards to ensure the security, confidentiality and integrity of the Confidential Information. Notwithstanding the foregoing, CONSULTANT may disclose Confidential Information to its employees, agents and subcontractors, if any, to the extent they have a need to know in order to perform CONSULTANT’s obligations to CITY under this Agreement and for no other purpose, provided that the CONSULTANT informs them of, and requires them to follow, the confidentiality and security obligations of this Agreement. 28.2. “Confidential Information” means all data, information (including without limitation “Personal Information” about a California resident as defined in Civil Code Section 1798 et seq., as amended from time to time) and materials, in any form or media, tangible or intangible, provided or otherwise made available to CONSULTANT by CITY, directly or indirectly, pursuant to this Agreement. Confidential Information excludes information that CONSULTANT can show by appropriate documentation: (i) was publicly known at the time it was provided or has subsequently become publicly known other than by a breach of this Agreement; (ii) was rightfully in CONSULTANT’s possession free of any obligation of confidence prior to receipt of Confidential Information; (iii) is rightfully obtained by CONSULTANT from a third party without breach of any confidentiality obligation; (iv) is independently developed by employees of CONSULTANT without any use of or access to the Confidential Information; or (v) CONSULTANT has written consent to disclose signed by an authorized representative of CITY. 28.3. Notwithstanding the foregoing, CONSULTANT may disclose Confidential Information to the extent required by order of a court of competent jurisdiction or governmental body, provided that CONSULTANT will notify CITY in writing of such order immediately upon receipt and prior to any such disclosure (unless CONSULTANT is prohibited by law from doing so), to give CITY an opportunity to oppose or otherwise respond to such order. 28.4. CONSULTANT will notify City promptly upon learning of any breach in the security of its systems or unauthorized disclosure of, or access to, Confidential Information in its possession or control, and if such Confidential Information consists of Personal Information, CONSULTANT will provide information to CITY sufficient to meet the notice requirements of Civil Code Section 1798 et seq., as applicable, as amended from time to time. 28.5. Prior to or upon termination or expiration of this Agreement, CONSULTANT will honor any request from the CITY to return or securely destroy all copies of Confidential Information. All Confidential Information is and will remain the property of the CITY and nothing contained in this Agreement grants or confers any rights to such Confidential Information on CONSULTANT. 28.6. If selected in Section 30 (Exhibits), this Agreement is also subject to the terms and conditions of the Information Privacy Policy and Cybersecurity Terms and Conditions. SECTION 29. MISCELLANEOUS PROVISIONS. 29.1. This Agreement will be governed by California law, without regard to its DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 12 of 40 conflict of law provisions. 29.2. In the event that an action is brought, the parties agree that trial of such action will be vested exclusively in the state courts of California in the County of Santa Clara, State of California. 29.3. The prevailing party in any action brought to enforce the provisions of this Agreement may recover its reasonable costs and attorneys’ fees expended in connection with that action. The prevailing party shall be entitled to recover an amount equal to the fair market value of legal services provided by attorneys employed by it as well as any attorneys’ fees paid to third parties. 29.4. This Agreement, including all exhibits, constitutes the entire and integrated agreement between the parties with respect to the subject matter of this Agreement, and supersedes all prior agreements, negotiations, representations, statements and undertakings, either oral or written. This Agreement may be amended only by a written instrument, which is signed by the authorized representatives of the parties and approved as required under Palo Alto Municipal Code, as amended from time to time. 29.5. If a court of competent jurisdiction finds or rules that any provision of this Agreement is void or unenforceable, the unaffected provisions of this Agreement will remain in full force and effect. 29.6. In the event of a conflict between the terms of this Agreement and the exhibits hereto (per Section 30) or CONSULTANT’s proposal (if any), the Agreement shall control. In the event of a conflict between the exhibits hereto and CONSULTANT’s proposal (if any), the exhibits shall control. 29.7. The provisions of all checked boxes in this Agreement shall apply to this Agreement; the provisions of any unchecked boxes shall not apply to this Agreement. 29.8. All section headings contained in this Agreement are for convenience and reference only and are not intended to define or limit the scope of any provision of this Agreement. 29.9. This Agreement may be signed in multiple counterparts, which, when executed by the authorized representatives of the parties, shall together constitute a single binding agreement. SECTION 30. EXHIBITS. Each of the following exhibits, if the check box for such exhibit is selected below, is hereby attached and incorporated into this Agreement by reference as though fully set forth herein: EXHIBIT A: SCOPE OF SERVICES EXHIBIT A-1 PROFESSIONAL SERVICES TASK ORDER EXHIBIT B: SCHEDULE OF PERFORMANCE EXHIBIT C: COMPENSATION DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 13 of 40 EXHIBIT C-1: SCHEDULE OF RATES EXHIBIT D: INSURANCE REQUIREMENTS EXHIBIT E: SURVEILLANCE ORDINANCE EXHIBIT F: INFORMATION PRIVACY POLICY EXHIBIT G: CYBERSECURITY TERMS AND CONDITIONS EXHIBIT H: RETENTION RECORD SCHEDULE POLICY THIS AGREEMENT IS NOT COMPLETE UNLESS ALL SELECTED EXHIBITS ARE ATTACHED. DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 14 of 40 CONTRACT No. S22177725 SIGNATURE PAGE IN WITNESS WHEREOF, the parties hereto have by their duly authorized representatives executed this Agreement as of the date first above written. CITY OF PALO ALTO ____________________________ City Manager APPROVED AS TO FORM: __________________________ City Attorney or designee TURBO DATA SYSTEMS, INC. Officer 1 By: Name: Title: Officer 2 (Required for Corp. or LLC) By: Name: Title: DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 President Roberta J. Rosen VP/CIO Elie M. Sleiman Professional Services Rev. Dec.15, 2020 Page 15 of 40 EXHIBIT A SCOPE OF SERVICES CONSULTANT shall provide the Services detailed in this Exhibit A, entitled “SCOPE OF SERVICES”. CONSULTANT will provide CITY with an electronic citation solution to implement ticketPRO Traffic Module that will provide the following workflow functions and features: A. Issuance and Processing of Moving Violations The ticketPRO Traffic Module is designed for effective issuance of electronic moving violations (eCitations). Based on a Smartphone technology platform, which includes many features with the sole purpose of making the officer’s experience effortless. The software is focused on empowering the officer to develop their own patterns for writing a traffic ticket. This will reduce the time it takes to write a traffic citation. In addition to the smart-input screen layout and navigation tools, CONSULTANT added intelligent functions to leverage data input methods that will make collecting Driver’s License Number (DL#) and Vehicle Identification Number (VIN), information a quick and simple task. As important as it is to write a quick ticket, which ticketPRO will do, validation of data is equally as important. With a simple operational use, the officer can preview all data pertaining to the citation on one screen and edit/correct the information in question. DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 16 of 40 B. ticketPRO nFORCER Features and Functions CONSULTANT will furnish thirteen (13) ticketPRO nFORCER-II Scan devices with ticektPRO Magic Traffic (Moving) Enforcement Software and built-in Biometric FAP30 Fingerprint Scanner. The 13 device packages will include device setup and configuration with one (1) training session. The ticketPRO nFORCER device will perform the following features and functions: 1. License Plate Recognition (LPR) feature which will not only decipher the Plate number for all 50 States but also performs returns State, Make, Model and Year of vehicle along with vehicle image capture. 2. REAL-TIME Parking & Traffic ticket enforcement solution on a single device. 3. Provide a DL# scan option via Photo scan. 4. Built-in Biometric Finger Print Scanner. 5. Cloud ZIP-Code Lookup. 6. Global Positioning Satellite System (GPS) Query of current location. Geo tagging of citation. 7. Geo-Tagging for citation. 8. Type Notes and voice dictation notes. 9. Multiple High-resolution color photo capture. (Vehicle, Person, Evidence, etc.) 10. Automatic court date assignment including holiday schedule tracking. 11. Support for Judicial Council Standards TR145 3" eCitation. 12. Single ticket stock for both Traffic & Parking Citations. 13. REMOTE support for maintenance and software upgrades. 14. Traffic/Moving Violations form (court submission, amendments TR100) processing. 15. Northern CA operation and support team located in San Jose. 16. County wide city and street data listings. Data Support for multi-county. 17. Device Geo-Fencing for protection and tracking. 18. Citation log to view issued citations and apply specific actions. 19. Repeat-ticket and Re-print functionality. 20. Notice to Appear and Warning options. C. Back-Office Data Support All citation data (citation form and images (photo, signature, and fingerprint)) upload from the nFORCER device to the CONTRACTOR’s data center. CONTRACTOR will offer a secured logically separated IT environment. CONTRACTOR shall provide an easy way to view all traffic ticket data via a secure and simple web interface with very intuitive search, filters, sort and viewing capabilities. Access to Photo, GPS and Interactive Maps is also available via this interface. Reporting is also provided for lists or individual citation records. Custom reports can also be provided based on CITY requirements. CONTRACTOR will implement IP based access control to restrict user access to CITY data through the specified CITY IP addresses provided. DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 17 of 40 Data export will be provided in various document formatting forms (XML, Excel, CSV, etc.) for electronic filing/submission to the court. Interfacing to CITY records management systems, for example, RIMS, Tritech, and Coplink, will be available. CONTRACTOR will work with current CITY Records Management System (RMS) vendor to coordinate and integrate electronically date transfer. This is a major time saver for records staff. Traffic eCitations Processing & Communication/Software License includes:  Cloud Hosting  Electronic Court Integration/Export and maintenance  RMS system Integration/Export (RIMS) and maintenance  Electronic TR-100 corrections  Support for records personnel  Security Account management and maintenance  Web access for viewing records including photos/signatures/Biometrics  Daily/Monthly shift summary reporting  Citation reprint for officer or public  Fee is per contract/site, not per unit  Ongoing Client Support and Training D. Data Retention Schedule All citations and related images (i.e.: signatures, fingerprints, photos) are to be deleted from the system in accordance with the City’s retention policy regarding Traffic Citations of the calendar year plus two (2) years (C+2). The retention schedule is attached in this agreement as Exhibit H. DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 18 of 40 EXHIBIT A-1 PROFESSIONAL SERVICES TASK ORDER CONSULTANT shall perform the Services detailed below in accordance with all the terms and conditions of the Agreement referenced in Item 1A below. All exhibits referenced in Item 8 are incorporated into this Task Order by this reference. CONSULTANT shall furnish the necessary facilities, professional, technical and supporting personnel required by this Task Order as described below. CONTRACT NO. OR PURCHASE ORDER REQUISITION NO. (AS APPLICABLE) 1A. MASTER AGREEMENT NO. (MAY BE SAME AS CONTRACT / P.O. NO. ABOVE): 1B. TASK ORDER NO.: 2. CONSULTANT NAME: 3. PERIOD OF PERFORMANCE: START: COMPLETION: 4 TOTAL TASK ORDER PRICE: $__________________ BALANCE REMAINING IN MASTER AGREEMENT/CONTRACT $_______________ 5. BUDGET CODE_______________ COST CENTER________________ COST ELEMENT______________ WBS/CIP__________ PHASE__________ 6. CITY PROJECT MANAGER’S NAME & DEPARTMENT:_____________________________________ 7. DESCRIPTION OF SCOPE OF SERVICES (Attachment A) MUST INCLUDE:  SERVICES AND DELIVERABLES TO BE PROVIDED  SCHEDULE OF PERFORMANCE  MAXIMUM COMPENSATION AMOUNT AND RATE SCHEDULE (as applicable)  REIMBURSABLE EXPENSES, if any (with “not to exceed” amount) 8. ATTACHMENTS: A: Task Order Scope of Services B (if any): _____________________________ I hereby authorize the performance of the work described in this Task Order. APPROVED: CITY OF PALO ALTO BY:____________________________________ Name __________________________________ Title___________________________________ Date ___________________________________ I hereby acknowledge receipt and acceptance of this Task Order and warrant that I have authority to sign on behalf of Consultant. APPROVED: COMPANY NAME: ______________________ BY:____________________________________ Name __________________________________ Title___________________________________ Date ___________________________________ DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 19 of 40 EXHIBIT B SCHEDULE OF PERFORMANCE CONSULTANT shall perform the Services so as to complete each milestone within the date specified below. The time to complete each milestone may be increased or decreased by mutual written agreement of the Project Managers for CONSULTANT and CITY so long as all work is completed within the term of the Agreement. CONSULTANT shall provide a detailed schedule of work consistent with the schedule below within 2 weeks of receipt of the notice to proceed (“NTP”) from the CITY. Milestones Completion Date (as specified below) from NTP 1. 13 ticketPRO nFORCER traffic module implementation to daily perform a) moving violation e-citation issuance and system processing, b) module features and functions & c) back-office data support - collecting, searching, submissions and system maintenance. March 6, 2027 DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 20 of 40 EXHIBIT C COMPENSATION CITY agrees to compensate CONSULTANT for the Services performed in accordance with the terms and conditions of this Agreement, including Services, any specified reimbursable expenses, and Additional Services (if any, per Section 4 of the Agreement), based on the hourly rate schedule attached as Exhibit C-1. The compensation to be paid to CONSULTANT under this Agreement for all Services, any specified reimbursable expenses, and Additional Services (if any, per Section 4), shall not exceed the amount(s) stated in Section 4 of this Agreement. CONSULTANT agrees to complete all Services, any specified reimbursable expenses, and Additional Services (if any, per Section 4), within this/these amount(s). Any work performed or expenses incurred for which payment would result in a total exceeding the maximum amount of compensation set forth in this Agreement shall be at no cost to the CITY. REIMBURSABLE EXPENSES CONSULTANT’S ordinary business expenses, such as administrative, overhead, administrative support time/overtime, information systems, software and hardware, photocopying, telecommunications (telephone, internet), in-house printing, insurance and other ordinary business expenses, are included within the scope of payment for Services and are not reimbursable expenses hereunder. Reimbursable expenses, if any are specified as reimbursable under this section, will be reimbursed at actual cost. The expenses (by type, e.g. travel) for which CONSULTANT will be reimbursed are: NONE up to the not-to-exceed amount of: $0.00. DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 21 of 40 EXHIBIT C-1 SCHEDULE OF RATES CONSULTANT’s schedule of rates is as follows: Project Implementation (Year 1) Line ITEM DESCRIPTION QTY UNIT UNIT PRICE SUBTOTAL SALES TAX TOTAL COST 1 TicketPRO nFORCER – Purchase 13 Each $3,885.00 $50,505.00 $4,608.58 $55,113.58 2 TicketPRO nFORCER Warranty Extended to 5 Years (Year 1) 13 Each $250.00 $3,250.00 $296.56 $3,546.56 Software License & Citation Processing Access 3 Annual TicketPRO nFORCER Communications / Software Fee for 13 devices (Year 1) 12 Monthly $1040.00 $12,480 $1,138.8 $13,618.80 4 Annual TicketPRO Electronic Moving Citation Processing System Access for 13 devices (Year 1) 12 Monthly $500.00 $6,000.00 $547.50 $6,547.50 Year 1 Total $78,826.44 Annual Fees (Years 2-5) Line ITEM DESCRIPTION QTY UNIT UNIT PRICE w/ TAX TOTAL COST 1 Annual Communications/Software License Fee – Years 2-5 4 Years $13,618.80 $54,475.20 2 Annual TicketPRO Moving Citation Processing System Processing – Years 2-5 4 Years $6,547.50 $26,190 3 TicketPRO nFORCER Warranty – Years 2-5 4 Years $3,546.56 $14,186.24 Total $94,851.44 DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 22 of 40 Traffic eCitations Processing Fees: Electronic Moving Citation Fee per issued and Citation Supply-Standard TR-145 per 50 ticket rolls Electronic Moving Citation Fee per issued $2 Citation Supplies – Standard TR-145 per 50 ticket rolls $654 As needed, E-Citations Processing Fees and Ticket Rolls not-to-exceed total: $25,000 Total Compensation Summary: Sub-total for Year 1 and Year 2-5 Services $173,677.88 Traffic eCitations Processing Fees and supplies as needed through the term of the agreement: $25,000 Reimbursable Expenses (if any) $0 Total for Services and Reimbursable Expenses $198,677.88 Additional Services (if any, per Section 4) $19,867.79 Maximum Total Compensation $218,545.67 DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 23 of 40 EXHIBIT D INSURANCE REQUIREMENTS CONTRACTORS TO THE CITY OF PALO ALTO (CITY), AT THEIR SOLE EXPENSE, SHALL FOR THE TERM OF THE CONTRACT OBTAIN AND MAINTAIN INSURANCE IN THE AMOUNTS FOR THE COVERAGE SPECIFIED BELOW, AFFORDED BY COMPANIES WITH AM BEST’S KEY RATING OF A-:VII, OR HIGHER, AUTHORIZED TO TRANSACT INSURANCE BUSINESS IN THE STATE OF CALIFORNIA. AWARD IS CONTINGENT ON COMPLIANCE WITH CITY’S INSURANCE REQUIREMENTS, AS SPECIFIED, BELOW: REQUIR ED TYPE OF COVERAGE REQUIREMENT MINIMUM LIMITS EACH OCCURREN CE AGGREGATE YES YES WORKER’S COMPENSATION EMPLOYER’S LIABILITY STATUTORY STATUTORY YES GENERAL LIABILITY, INCLUDING PERSONAL INJURY, BROAD FORM PROPERTY DAMAGE BLANKET CONTRACTUAL, PRODUCTS/COMPLETED OPERATIONS AND FIRE LEGAL LIABILITY BODILY INJURY PROPERTY DAMAGE BODILY INJURY & PROPERTY DAMAGE COMBINED. $2,000,000 $2,000,000 $2,000,000 $2,000,000 $2,000,000 $2,000,000 YES TECHNOLOGY ERRORS AND OMISSIONS LIABILITY COVERAGE. THE POLICY SHALL AT A MINIMUM COVER PROFESSIONAL MISCONDUCT OR LACK OF REQUISITE SKILL FOR THE PERFORMANCE OF SERVICES DEFINED IN THE CONTRACT AND SHALL ALSO PROVIDE COVERAGE FOR THE FOLLOWING RISKS: (i) NETWORK SECURITY LIABILITYARISING FROM UNAUTHORIZED ACCESS TO, USE OF, OR TAMPERING WITH COMPUTERS OR COMPUTER SYSTEMS, INCLUDING HACKERS, EXTORTION, AND (ii) LIABILITY ARISING FROM INTRODUCTION OF ANY FORM OF MALICIOUS SOFTWARE INCLUDING COMPUTER VIRUSES INTO, OR OTHERWISE CAUSING DAMAGE TO THE CITY’S OR THIRD PERSON’S COMPUTER, COMPUTER SYSTEM, NETWORK, OR SIMILAR COMPUTER RELATED PROPERTY AND THE DATA, SOFTWARE AND PROGRAMS THEREON. CONTRACTOR SHALL MAINTAIN IN FORCE DURING THE FULL LIFE OF THE CONTRACT. THE POLICY SHALL PROVIDE COVERAGE FOR BREACH RESPONSE COSTS AS WELL AS REGULATORY FINES AND PENALTIES AS WELL AS CREDIT MONITORING EXPENSES WITH LIMITS SUFFICIENT TO RESPOND TO THESE OBLIGATIONS. ALL DAMAGES $1,000,000 $2,000,000 DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 24 of 40 YES Cyber and Privacy Insurance SUCH INSURANCE SHALL INCLUDE COVERAGE FOR LIABILITY ARISING FROM COVERAGE IN AN AMOUNT SUFFICIENT TO COVER THE FULL REPLACEMENT VALUE OF DAMAGE TO, ALTERATION OF, LOSS OF, THEFT, DISSEMINATION OR DESTRUCTION OF ELECTRONIC DATA AND/OR USE OF CONFIDENTIAL INFORMATION, “PROPERTY” OF THE CITY OF PALO ALTO THAT WILL BE IN THE CARE, CUSTODY, OR CONTROL OF VENDOR. INFORMATION INCLUDING BUT NOT LIMITED TO, BANK AND CREDIT CARD ACCOUNT INFORMATION OR PERSONAL INFORMATION, SUCH AS NAME, ADDRESS, SOCIAL SECURITY NUMBERS, PROTECTED HEALTH INFORMATION OR OTHER PERSONAL IDENTIFICATION INFORMATION, STORED OR TRAMSITTED IN ELECTRONIC FORM. ALL DAMAGES $1,000,000 $2,000,000 YES AUTOMOBILE LIABILITY, INCLUDING ALL OWNED, HIRED, NON-OWNED BODILY INJURY - EACH PERSON - EACH OCCURRENCE PROPERTY DAMAGE BODILY INJURY AND PROPERTY DAMAGE, COMBINED $1,000,000 $1,000,000 $1,000,000 $1,000,000 $1,000,000 $1,000,000 $1,000,000 $1,000,000 $1,000,000 $1,000,000 NO PROFESSIONAL LIABILITY, INCLUDING, ERRORS AND OMISSIONS, MALPRACTICE (WHEN APPLICABLE), AND NEGLIGENT PERFORMANCE ALL DAMAGES $1,000,000 YES THE CITY OF PALO ALTO IS TO BE NAMED AS AN ADDITIONAL INSURED: CONTRACTOR, AT ITS SOLE COST AND EXPENSE, SHALL OBTAIN AND MAINTAIN, IN FULL FORCE AND EFFECT THROUGHOUT THE ENTIRE TERM OF ANY RESULTANT AGREEMENT, THE INSURANCE COVERAGE HEREIN DESCRIBED, INSURING NOT ONLY CONTRACTOR AND ITS SUBCONSULTANTS, IF ANY, BUT ALSO, WITH THE EXCEPTION OF WORKERS’ COMPENSATION, EMPLOYER’S LIABILITY AND PROFESSIONAL INSURANCE, NAMING AS ADDITIONAL INSUREDS CITY, ITS COUNCIL MEMBERS, OFFICERS, AGENTS, AND EMPLOYEES. I. INSURANCE COVERAGE MUST INCLUDE: A. A CONTRACTUAL LIABILITY ENDORSEMENT PROVIDING INSURANCE COVERAGE FOR CONTRACTOR’S AGREEMENT TO INDEMNIFY CITY. II. ENDORSEMENT PROVISIONS, WITH RESPECT TO THE INSURANCE AFFORDED TO “ADDITIONAL INSUREDS” A. PRIMARY COVERAGE WITH RESPECT TO CLAIMS ARISING OUT OF THE OPERATIONS OF THE NAMED INSURED, INSURANCE AS AFFORDED BY THIS POLICY IS PRIMARY AND IS NOT ADDITIONAL TO OR CONTRIBUTING WITH ANY OTHER INSURANCE CARRIED BY OR FOR THE BENEFIT OF THE ADDITIONAL INSUREDS. DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 25 of 40 B. CROSS LIABILITY THE NAMING OF MORE THAN ONE PERSON, FIRM, OR CORPORATION AS INSUREDS UNDER THE POLICY SHALL NOT, FOR THAT REASON ALONE, EXTINGUISH ANY RIGHTS OF THE INSURED AGAINST ANOTHER, BUT THIS ENDORSEMENT, AND THE NAMING OF MULTIPLE INSUREDS, SHALL NOT INCREASE THE TOTAL LIABILITY OF THE COMPANY UNDER THIS POLICY. III. CONTRACTOR MUST SUBMIT CERTIFICATES(S) OF INSURANCE EVIDENCING REQUIRED COVERAGE AT THE FOLLOWING URL: https://www.planetbids.com/portal/portal.cfm?CompanyID=25569. NOTICE OF CANCELLATION 1. IF THE POLICY IS CANCELED BEFORE ITS EXPIRATION DATE FOR ANY REASON OTHER THAN THE NON-PAYMENT OF PREMIUM, THE CONSULTANT SHALL PROVIDE CITY AT LEAST A THIRTY (30) DAY WRITTEN NOTICE BEFORE THE EFFECTIVE DATE OF CANCELLATION. 2. IF THE POLICY IS CANCELED BEFORE ITS EXPIRATION DATE FOR THE NON-PAYMENT OF PREMIUM, THE CONSULTANT SHALL PROVIDE CITY AT LEAST A TEN (10) DAY WRITTEN NOTICE BEFORE THE EFFECTIVE DATE OF CANCELLATION. Vendors are required to file their evidence of insurance and any other related notices with the City of Palo Alto at the following URL: https://www.planetbids.com/portal/portal.cfm?CompanyID=25569 OR http://www.cityofpaloalto.org/gov/depts/asd/planet_bids_how_to.asp DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 26 of 40 EXHIBIT E Surveillance Use Policy for E Citation Devices for the Police Department Traffic Citations In accordance with Palo Alto Municipal Code Section PAMC 2.30.680(d), the Surveillance Use Policy for the use of E Citation devices for traffic enforcement is as follows: 1. Intended purpose of technology. The intended purposes of the E Citation devices are for sworn officers to issue California Vehicle Code (CVC) traffic citations within the jurisdiction of Palo Alto. This technology replaces the current triplicate paper citations with fully electronic means of citation issuance and processing. 2. Authorized uses of the information. The information collected by the officer and entered into the handheld devices are for the purpose of issuing CVC violations to persons who violate the law. The information is shared with the Santa Clara County Court system and entered into the police department Record Management System (RMS) for necessary citation processing procedures. The citation information will be shared with the court and involved party pursuant to California and federal laws. The Police Department Custodian of Records is responsible for overseeing record release processes according to City policy and procedure. 3. Information collected by the technology. The E Citation device does not independently collect information, rather the officer operator inputs information. The unit has a camera that the officer can use to photograph the rear of the involved vehicle. The unit software uses Optical Character Recognition (OCR). OCR is technology to recognize text inside images, such as scanned documents and photos to auto-populate certain text fields such as license plate number and vehicle make and model. The operator can choose to use the camera to pre-populate data fields or enter the information manually. The device contains a camera to read the bar code of a driver’s license to auto populate the registered owner/driver information on the citation. It is optional for the officer to use this method of reading licensee information, they may enter the data manually. The device has a fingerprint sensor available on it to capture a detailed image of the driver’s fingerprint that attaches to the digital record. This feature will only be used, according the California law, as the positive identification of the person being issued the citation when that person does not possess a copy of their valid driver’s license or have another form of valid government-issued identification. The driver will use the device stylus to sign the citation on the screen of the unit. The signature image for all citations is captured as a photo. The image is then transferred to the printed citation in the signature field. The device does not connect to any government identification database. 4. Safeguards and Compliance Features. All E Citation data downloaded to the vendor system will be accessible only through a login/password-protected system capable of documenting all access of information by name, date and time. Only authorized Police Department and Information Technology staff will have access to the E Citation devices and software system. The devices will be housed within a secure area of the Police Department and be checked out DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 27 of 40 by officers for field use during their shift. The procurement of this technology will follow compliance procedures in accordance with and accepted by the City’s documented Vendor Information Security Assessment (VISA) evaluation and approval processes for technology vendor contracts. The scope of Vendor Information Security Assessment (VISA) is to assess vendor IT environment of the Cloud Service Provider (the Vendor), which intends to provide to the City of Palo Alto (the City) any or all of the following services: Software as a Service (SaaS); Platform as a Service (PaaS); and Infrastructure as a Service (IaaS). The VISA assesses whether SaaS, PaaS and IaaS service providers database applications, computer network infrastructure and computer hardware and software platforms can be safely hosted by the Vendor and made available to the City via interconnected in a network, typically the Internet. The vendor completed the City’s VISA documentation and was approved. 5. Information Retention. Pursuant to the City of Palo Alto Records Retention Policy and Gov Code section 34090, the department must retain copies of all issued citations for a minimum of two years plus current, or pursuant to the violation’s statute of limitations. Citation records may be kept longer in extenuating circumstances, such as for collections of unpaid fines. Purging of citation data will be per state law and the City’s documented purging policy and procedure. Images captured on the device will be stored with the citation record for internal purposes only to document the conditions of the violation and for officer use during prosecution in court as necessary. The vendor software system allows the City to set required purging guidelines within the database. The Police Department Custodian of Records is responsible for overseeing record purging procedures. 6. Access to Information Outside of City. Citation records are shared with the involved parties, the court system (for processing), and authorized law enforcement representatives per official requests for police records. Citation dispositions are shared from the court to the Department of Motor Vehicles. Citation data within the vendor software system, may, with the City’s permission, be viewable by law enforcement agencies that use the same system for the purpose of knowing if a violator has been issued other citations. Currently, Santa Clara County SO, San Mateo County SO, San Francisco County SO, Alameda County SO, and other allied agencies use the Turbo Data system. Citation data will automatically transfer into the Department’s new Records Management System (RMS), which is viewable by partnering law enforcement agencies that have been authorized to view police records in the same RMS. Citation data entered into the department’s RMS is not currently set to purge. 7. Compliance Procedures. Information from the E Citation software program is transmitted daily for citation processing. Department personnel review the citation information and system functionality every weekday. Authorized operating personnel will be trained on the device handling and transmission procedures, including the prompt notification of the City’s Information Technology Department in the event of suspected unauthorized system access. DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 28 of 40 EXHIBIT F INFORMATION PRIVACY POLICY POLICY STATEMENT The City of Palo Alto (the “City”) strives to promote and sustain a superior quality of life for persons in Palo Alto. In promoting the quality of life of these persons, it is the policy of the City, consistent with the provisions of the California Public Records Act, California Government Code §§ 6250 – 6270, to take appropriate measures to safeguard the security and privacy of the personal (including, without limitation, financial) information of persons, collected in the ordinary course and scope of conducting the City’s business as a local government agency. These measures are generally observed by federal, state and local authorities and reflected in federal and California laws, the City’s rules and regulations, and industry best practices, including, without limitation, the provisions of California Civil Code §§ 1798.3(a), 1798.24, 1798.79.8(b), 1798.80(e), 1798.81.5, 1798.82(e), 1798.83(e)(7), and 1798.92(c). Though some of these provisions do not apply to local government agencies like the City, the City will conduct business in a manner which promotes the privacy of personal information, as reflected in federal and California laws. The objective of this Policy is to describe the City’s data security goals and objectives, to ensure the ongoing protection of the Personal Information, Personally Identifiable Information, Protected Critical Infrastructure Information and Personally Identifying Information of persons doing business with the City and receiving services from the City or a third party under contract to the City to provide services. The terms “Personal Information,” “Protected Critical Infrastructure Information”, “Personally Identifiable Information” and “Personally Identifying Information” (collectively, the “Information”) are defined in the California Civil Code sections, referred to above, and are incorporated in this Policy by reference. PURPOSE The City, acting in its governmental and proprietary capacities, collects the Information pertaining to persons who do business with or receive services from the City. The Information is collected by a variety of means, including, without limitation, from persons applying to receive services provided by the City, persons accessing the City’s website, and persons who access other information portals maintained by the City’s staff and/or authorized third-party contractors. The City is committed to protecting the privacy and security of the Information collected by the City. The City acknowledges federal and California laws, policies, rules, regulations and procedures, and industry best practices are dedicated to ensuring the Information is collected, stored and utilized in compliance with applicable laws. The goals and objectives of the Policy are: (a) a safe, productive, and inoffensive work environment for all users having access to the City’s applications and databases; (b) the appropriate maintenance and security of database information assets owned by, or entrusted to, the City; (c) the controlled access and security of the Information provided to the City’s staff and third party contractors; and (d) faithful compliance with legal and regulatory requirements. SCOPE The Policy will guide the City’s staff and, indirectly, third party contractors, which are by contract required to protect the confidentiality and privacy of the Information of the persons whose personal information data are intended to be covered by the Policy and which will be advised by City staff to conform their performances to the Policy should they enjoy conditional access to that information. DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 29 of 40 CONSEQUENCES The City’s employees shall comply with the Policy in the execution of their official duties to the extent their work implicates access to the Information referred to in this Policy. A failure to comply may result in employment and/or legal consequences. EXCEPTIONS In the event that a City employee cannot fully comply with one or more element(s) described in this Policy, the employee may request an exception by submitting Security Exception Request. The exception request will be reviewed and administered by the City’s Information Security Manager (the “ISM”). The employee, with the approval of his or her supervisor, will provide any additional information as may be requested by the ISM. The ISM will conduct a risk assessment of the requested exception in accordance with guidelines approved by the City’s Chief Information Officer (“CIO”) and approved as to form by the City Attorney. The Policy’s guidelines will include at a minimum: purpose, source, collection, storage, access, retention, usage, and protection of the Information identified in the request. The ISM will consult with the CIO to approve or deny the exception request. After due consideration is given to the request, the exception request disposition will be communicated, in writing, to the City employee and his or her supervisor. The approval of any request may be subject to countermeasures established by the CIO, acting by the ISM. MUNICIPAL ORDINANCE This Policy will supersede any City policy, rule, regulation or procedure regarding information privacy. RESPONSIBILITIES OF CITY STAFF A. RESPONSIBILITY OF CIO AND ISM The CIO, acting by the ISM, will establish an information security management framework to initiate and coordinate the implementation of information security measures by the City’s government. The City’s employees, in particular, software application users and database users, and, indirectly, third party contractors under contract to the City to provide services, shall by guided by this Policy in the performance of their job responsibilities. The ISM will be responsible for: (a) developing and updating the Policy, (b) enforcing compliance with and the effectiveness of the Policy; (c) the development of privacy standards that will manifest the Policy in detailed, auditable technical requirements, which will be designed and maintained by the persons responsible for the City’s IT environments; (d) assisting the City’s staff in evaluating security and privacy incidents that arise in regard to potential violations of the Policy; (e) reviewing and approving department-specific policies and procedures which fall under the purview of this Policy; and (f) reviewing Non-Disclosure Agreements (NDAs) signed by third party contractors, which will provide services, including, without limitation, local or ‘cloud-based’ software services to the City. B. RESPONSIBILITY OF INFORMATION SECURITY STEERING COMMITTEE The Information Security Steering Committee (the “ISSC”), which is comprised of the City’s employees, drawn from the various City departments, will provide the primary direction, prioritization and approval for all information security efforts, including key information security and privacy risks, programs, initiatives and activities. The ISSC will provide input to the DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 30 of 40 information security and privacy strategic planning processes to ensure that information security risks are adequately considered, assessed and addressed at the appropriate City department level. C. RESPONSIBILITY OF USERS All authorized users of the Information will be responsible for complying with information privacy processes and technologies within the scope of responsibility of each user. D. RESPONSIBILITY OF INFORMATION TECHNOLOGY (IT) MANAGERS The City’s IT Managers, who are responsible for internal, external, direct and indirect connections to the City’s networks, will be responsible for configuring, maintaining and securing the City’s IT networks in compliance with the City’s information security and privacy policies. They are also responsible for timely internal reporting of events that may have compromised network, system or data security. E. RESPONSIBILITY OF AUTHORIZATION COORDINATION The ISM will ensure that the City’s employees secure the execution of Non-Disclosure Agreements (NDA), whenever access to the Information will be granted to third party contractors, in conjunction with the Software as a Service (SaaS) Security and Privacy Terms and Conditions. An NDA must be executed prior to the sharing of the Information of persons covered by this Policy with third party contractors. The City’s approach to managing information security and its implementation (i.e. objectives, policies, processes, and procedures for information security) will be reviewed independently by the ISM at planned intervals, or whenever significant changes to security implementation have occurred. The CIO, acting by the ISM, will review and recommend changes to the Policy annually, or as appropriate, commencing from the date of its adoption. GENERAL PROCEDURE FOR INFORMATION PRIVACY A. OVERVIEW The Policy applies to activities that involve the use of the City’s information assets, namely, the Information of persons doing business with the City or receiving services from the City, which are owned by, or entrusted to, the City and will be made available to the City’s employees and third- party contractors under contract to the City to provide Software as a Service consulting services. These activities include, without limitation, accessing the Internet, using e-mail, accessing the City’s intranet or other networks, systems, or devices. The term “information assets” also includes the personal information of the City’s employees and any other related organizations while those assets are under the City’s control. Security measures will be designed, implemented, and maintained to ensure that only authorized persons will enjoy access to the information assets. The City’s staff will act to protect its information assets from theft, damage, loss, compromise, and inappropriate disclosure or alteration. The City will plan, design, implement and maintain information management systems, networks and processes in order to assure the appropriate confidentiality, integrity, and availability of its information assets to the City’s employees and authorized third parties. B. PERSONAL INFORMATION AND CHOICE Except as permitted or provided by applicable laws, the City will not share the Information of any person doing business with the City, or receiving services from the City, in violation of this Policy, unless that person has consented to the City’s sharing of such information during the conduct of DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 31 of 40 the City’s business as a local government agency with third parties under contract to the City to provide services. C. METHODS OF COLLECTION OF PERSONAL INFORMATION The City may gather the Information from a variety of sources and resources, provided that the collection of such information is both necessary and appropriate in order for the City to conduct business as a local government agency in its governmental and proprietary capacities. That information may be gathered at service windows and contact centers as well as at web sites, by mobile applications, and with other technologies, wherever the City may interact with persons who need to share such formation in order to secure the City’s services. The City’s staff will inform the persons whose Information are covered by this Policy that the City’s web site may use “cookies” to customize the browsing experience with the City of Palo Alto web site. The City will note that a cookie contains unique information that a web site can use to track, among others, the Internet Protocol address of the computer used to access the City’s web sites, the identification of the browser software and operating systems used, the date and time a user accessed the site, and the Internet address of the website from which the user linked to the City’s web sites. Cookies created on the user’s computer by using the City’s web site do not contain the Information, and thus do not compromise the user’s privacy or security. Users can refuse the cookies or delete the cookie files from their computers by using any of the widely available methods. If the user chooses not to accept a cookie on his or her computer, it will not prevent or prohibit the user from gaining access to or using the City’s sites. D. UTILITIES SERVICE In the provision of utility services to persons located within Palo Alto, the City of Palo Alto Utilities Department (“CPAU”) will collect the Information in order to initiate and manage utility services to customers. To the extent the management of that information is not specifically addressed in the Utilities Rules and Regulations or other ordinances, rules, regulations or procedures, this Policy will apply; provided, however, any such Rules and Regulations must conform to this Policy, unless otherwise directed or approved by the Council. This includes the sharing of CPAU-collected Information with other City departments except as may be required by law. Businesses and residents with standard utility meters and/or having non-metered monthly services will have secure access through a CPAU website to their Information, including, without limitation, their monthly utility usage and billing data. In addition to their regular monthly utilities billing, businesses and residents with non-standard or experimental electric, water or natural gas meters may have their usage and/or billing data provided to them through non-City electronic portals at different intervals than with the standard monthly billing. Businesses and residents with such non-standard or experimental metering will have their Information covered by the same privacy protections and personal information exchange rules applicable to Information under applicable federal and California laws. E. PUBLIC DISCLOSURE The Information that is collected by the City in the ordinary course and scope of conducting its business could be incorporated in a public record that may be subject to inspection and copying by the public, unless such information is exempt from disclosure to the public by California law. DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 32 of 40 F. ACCESS TO PERSONAL INFORMATION The City will take reasonable steps to verify a person’s identity before the City will grant anyone online access to that person’s Information. Each City department that collects Information will afford access to affected persons who can review and update that information at reasonable times. G. SECURITY, CONFIDENTIALITY AND NON-DISCLOSURE Except as otherwise provided by applicable law or this Policy, the City will treat the Information of persons covered by this Policy as confidential and will not disclose it, or permit it to be disclosed, to third parties without the express written consent of the person affected. The City will develop and maintain reasonable controls that are designed to protect the confidentiality and security of the Information of persons covered by this Policy. The City may authorize the City’s employee and or third-party contractors to access and/or use the Information of persons who do business with the City or receive services from the City. In those instances, the City will require the City’s employee and/or the third-party contractors to agree to use such Information only in furtherance of City-related business and in accordance with the Policy. If the City becomes aware of a breach or has reasonable grounds to believe that a security breach has occurred, with respect to the Information of a person, the City will notify the affected person of such breach in accordance with applicable laws. The notice of breach will include the date(s) or estimated date(s) of the known or suspected breach, the nature of the Information that is the subject of the breach, and the proposed action to be taken or the responsive action taken by the City. H. DATA RETENTION / INFORMATION RETENTION The City will store and secure all Information for a period of time as may be required by law, or if no period is established by law, for seven (7) years, and thereafter such information will be scheduled for destruction. I. SOFTWARE AS A SERVICE (SAAS) OVERSIGHT The City may engage third party contractors and vendors to provide software application and database services, commonly known as Software-as-a-Service (SaaS). In order to assure the privacy and security of the Information of those who do business with the City and those who received services from the City, as a condition of selling goods and/or services to the City, the SaaS services provider and its subcontractors, if any, including any IT infrastructure services provider, shall design, install, provide, and maintain a secure IT environment, while it performs such services and/or furnishes goods to the City, to the extent any scope of work or services implicates the confidentiality and privacy of the Information. These requirements include information security directives pertaining to: (a) the IT infrastructure, by which the services are provided to the City, including connection to the City's IT systems; (b) the SaaS services provider’s operations and maintenance processes needed to support the IT environment, including disaster recovery and business continuity planning; and (c) the IT infrastructure performance monitoring services to ensure a secure and reliable environment and service availability to the City. The term “IT infrastructure” refers to the integrated framework, including, without limitation, data centers, computers, and database management devices, upon which digital networks operate. Prior to entering into an agreement to provide services to the City, the City’s staff will require the SaaS services provider to complete and submit an Information Security and Privacy Questionnaire. In the event that the SaaS services provider reasonably determines that it cannot fulfill the DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 33 of 40 information security requirements during the course of providing services, the City will require the SaaS services provider to promptly inform the ISM. J. FAIR AND ACCURATE CREDIT TRANSACTION ACT OF 2003 CPAU will require utility customers to provide their Information in order for the City to initiate and manage utility services to them. Federal regulations, implementing the Fair and Accurate Credit Transactions Act of 2003 (Public Law 108-159), including the Red Flag Rules, require that CPAU, as a “covered financial institution or creditor” which provides services in advance of payment and which can affect consumer credit, develop and implement procedures for an identity theft program for new and existing accounts to detect, prevent, respond and mitigate potential identity theft of its customers’ Information. CPAU procedures for potential identity theft will be reviewed independently by the ISM annually or whenever significant changes to security implementation have occurred. The ISM will recommend changes to CPAU identity theft procedures, or as appropriate, so as to conform to this Policy. There are California laws which are applicable to identity theft; they are set forth in California Civil Code § 1798.92. NOTE: Questions regarding this policy should be referred to the Information Technology Department, as appropriate. DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 34 of 40 EXHIBIT G CYBERSECURITY TERMS AND CONDITIONS In order to assure the privacy and security of the personal information of the City's customers and people who do business with the City, including, without limitation, vendors, utility customers, library patrons, and other individuals and companies, who are required to share such information with the City, as a condition of receiving services from the City or selling goods and services to the City, including, without limitation, the Software as a Service services provider (the "Consultant") and its subcontractors, if any, including, without limitation, any Information Technology ("IT") infrastructure services provider, shall design, install, provide, and maintain a secure IT environment, described below, while it renders and performs the Services and furnishes goods, if any, described in the Statement of Work, Exhibit B, to the extent any scope of work implicates the confidentiality and privacy of the personal information of the City's customers. The Consultant shall fulfill the data and information security requirements (the "Requirements") set forth in Part A below. A "secure IT environment" includes (a) the IT infrastructure, by which the Services are provided to the City, including connection to the City's IT systems; (b) the Consultant's operations and maintenance processes needed to support the environment, including disaster recovery and business continuity planning; and (c) the IT infrastructure performance monitoring services to ensure a secure and reliable environment and service availability to the City. "IT infrastructure" refers to the integrated framework, including, without limitation, data centers, computers, and database management devices, upon which digital networks operate. In the event that, after the Effective Date, the Consultant reasonably determines that it cannot fulfill the Requirements, the Consultant shall promptly inform the City of its determination and submit, in writing, one or more alternate countermeasure options to the Requirements (the "Alternate Requirements" as set forth in Part B), which may be accepted or rejected in the reasonable satisfaction of the Information Security Manager (the "ISM"). Part A. Requirements: The Consultant shall at all times during the term of any contract between the City and the Consultant: (a) Appoint or designate an employee, preferably an executive officer, as the security liaison to the City with respect to the Services to be performed under this Agreement. (b) Comply with the City's Information Privacy Policy: (c) Have adopted and implemented information security and privacy policies that are documented, are accessible to the City, and conform to ISO 27001/2 – Information Security Management Systems (ISMS) Standards. See the following: http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=42103 http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=50297 (d) Conduct routine data and information security compliance training of its personnel that is appropriate to their role. (e) Develop and maintain detailed documentation of the IT infrastructure, including software versions and patch levels. DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 35 of 40 (f) Develop an independently verifiable process, consistent with industry standards, for performing professional and criminal background checks of its employees that (1) would permit verification of employees' personal identity and employment status, and (2) would enable the immediate denial of access to the City's confidential data and information by any of its employees who no longer would require access to that information or who are terminated. (g) Provide a list of IT infrastructure components in order to verify whether the Consultant has met or has failed to meet any objective terms and conditions. (h) Implement access accountability (identification and authentication) architecture and support role-based access control ("RBAC") and segregation of duties ("SoD") mechanisms for all personnel, systems, and Software used to provide the Services. "RBAC" refers to a computer systems security approach to restricting access only to authorized users. "SoD" is an approach that would require more than one individual to complete a security task in order to promote the detection and prevention of fraud and errors. (i) Assist the City in undertaking annually an assessment to assure that: (1) all elements of the Services' environment design and deployment are known to the City, and (2) it has implemented measures in accordance with industry best practices applicable to secure coding and secure IT architecture. (j) Provide and maintain secure intersystem communication paths that would ensure the confidentiality, integrity, and availability of the City's information. (k) Deploy and maintain IT system upgrades, patches and configurations conforming to current patch and/or release levels by not later than one (1) week after its date of release. Emergency security patches must be installed within 24 hours after its date of release. (l) Provide for the timely detection of, response to, and the reporting of security incidents, including on-going incident monitoring with logging. (m) Notify the City within one (1) hour of detecting a security incident that results in the unauthorized access to or the misuse of the City's confidential data and information. (n) Inform the City that any third party service provider(s) meet(s) all of the Requirements. (o) Perform security self-audits on a regular basis and not less frequently than on a quarterly basis, and provide the required summary reports of those self-audits to the ISM on the annual anniversary date or any other date agreed to by the Parties. (p) Accommodate, as practicable, and upon reasonable prior notice by the City, the City's performance of random site security audits at the Consultant's site(s), including the site(s) of a third-party service provider(s), as applicable. The scope of these audits will extend to the Consultant's and its third-party service provider(s)' awareness of security policies and practices, systems configurations, access authentication and authorization, and incident detection and response. (q) Cooperate with the City to ensure that to the extent required by applicable laws, rules and regulations, and the Confidential Information will be accessible only by the Consultant and any authorized third-party service provider's personnel. (r) Perform regular, reliable secured backups of all data needed to maximize the availability of the Services. Adequately encrypt the City of Palo Alto's data, during the operational process, hosted at rest, and the backup stage at the Vendors' environment (including Vendor's contracting organization's environment). (s) Maintain records relating to the Services for a period of three (3) years after the expiration or earlier termination of this Agreement and in a mutually agreeable storage medium. Within thirty (30) days after the effective date of expiration or earlier termination of this DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 36 of 40 Agreement, all of those records relating to the performance of the Services shall be provided to the ISM. (t) Maintain the Confidential Information in accordance with applicable federal, state, and local data and information privacy laws, rules, and regulations. (u) Encrypt the Confidential Information before delivering the same by electronic mail to the City and or any authorized recipient. (v) Provide Network Layer IP filtering services to allow access only from the City of Palo Alto's IP address to the Vendor environment (primarily hosted for the City of Palo Alto). (w) Offer a robust disaster recovery and business continuity (DR-BCP) solutions to the City for the systems and services the Vendor provides to the City. (x) Provide and support Single Sign-on (SSO) and Multifactor Authentication (MFA) solutions for authentication and authorization services from the "City's environment to the Vendor's environment," and Vendor's environment to the Vendor's cloud services/hosted environment." The Vendor shall allow two employees of the City to have superuser and super-admin access to the Vendor's IT environment, and a cloud-hosted IT environment belongs to the City. (y) Unless otherwise addressed in the Agreement, shall not hold the City liable for any direct, indirect or punitive damages whatsoever including, without limitation, damages for loss of use, data or profits, arising out of or in any way connected with the City's IT environment, including, without limitation, IT infrastructure communications. (z) The Vendor must provide evidence of valid cyber liability insurance policy per the City’s EXHIBIT “D” INSURANCE REQUIREMENTS. DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 37 of 40 EXHIBIT H DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 38 of 40 DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 39 of 40 DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 Professional Services Rev. Dec.15, 2020 Page 40 of 40 DocuSign Envelope ID: 4FBEEC30-8DCF-483F-AADB-54FEE6A87611 CMR 13747- Attachment F Surveillance Use Policy for E Citation Devices for the Police Department Traffic Citations In accordance with Palo Alto Municipal Code Section PAMC 2.30.680(d), the Surveillance Use Policy for the use of E Citation devices for traffic enforcement is as follows: 1. Intended purpose of technology. The intended purposes of the E Citation devices are for sworn officers to issue California Vehicle Code (CVC) traffic citations within the jurisdiction of Palo Alto. This technology replaces the current triplicate paper citations with fully electronic means of citation issuance and processing. 2. Authorized uses of the information. The information collected by the officer and entered into the handheld devices are for the purpose of issuing CVC violations to persons who violate the law. The information is shared with the Santa Clara County Court system and entered into the police department Record Management System (RMS) for necessary citation processing procedures. The citation information will be shared with the court and involved party pursuant to California and federal laws. The Police Department Custodian of Records is responsible for overseeing record release processes according to City policy and procedure. 3. Information collected by the technology. The E Citation device does not independently collect information, rather the officer operator inputs information. The unit has a camera that the officer can use to photograph the rear of the involved vehicle. The unit software uses Optical Character Recognition (OCR). OCR is technology to recognize text inside images, such as scanned documents and photos to auto-populate certain text fields such as license plate number and vehicle make and model. The operator can choose to use the camera to pre-populate data fields or enter the information manually. The device contains a magnetic stripe to swipe a driver’s license or for the officer to use the camera to read the bar code of a driver’s license to auto populate the registered owner/driver information on the citation. It is optional for the officer to use this method of reading licensee information, they may use the camera to “scan” the bar code on the back of the driver’s license, if present, or they may enter the data manually. The device has a fingerprint sensor available on it to capture a detailed image of the driver’s fingerprint that attaches to the digital record. This feature will only be used, according the California law, as the positive identification of the person being issued the citation when that person does not possess a copy of their valid driver’s license or have another form of valid government-issued identification. The driver will use the device stylus to sign the citation on the screen of the unit. The signature image for all citations is captured as a photo. The image is then transferred to the printed citation in the signature field. The device does not connect to any government identification database. CMR 13747- Attachment F 4. Safeguards and Compliance Features. All E Citation data downloaded to the vendor system will be accessible only through a login/password-protected system capable of documenting all access of information by name, date and time. Only authorized Police Department and Information Technology staff will have access to the E Citation devices and software system. The devices will be housed within a secure area of the Police Department and be checked out by officers for field use during their shift. The procurement of this technology will follow compliance procedures in accordance with and accepted by the City’s documented Vendor Information Security Assessment (VISA) evaluation and approval processes for technology vendor contracts. The scope of Vendor Information Security Assessment (VISA) is to assess vendor IT environment of the Cloud Service Provider (the Vendor), which intends to provide to the City of Palo Alto (the City) any or all of the following services: Software as a Service (SaaS); Platform as a Service (PaaS); and Infrastructure as a Service (IaaS). The VISA assesses whether SaaS, PaaS and IaaS service providers database applications, computer network infrastructure and computer hardware and software platforms can be safely hosted by the Vendor and made available to the City via interconnected in a network, typically the Internet. The vendor completed the City’s VISA documentation and was approved. 5. Information Retention. Pursuant to the City of Palo Alto Records Retention Policy and Gov Code section 34090, the department must retain copies of all issued citations for a minimum of two years plus current, or pursuant to the violation’s statute of limitations. Citation records may be kept longer in extenuating circumstances, such as for collections of unpaid fines. Purging of citation data will be per state law and the City’s documented purging policy and procedure. Images captured on the device will be stored with the citation record for internal purposes only to document the conditions of the violation and for officer use during prosecution in court as necessary. The vendor software system allows the City to set required purging guidelines within the database. The Police Department Custodian of Records is responsible for overseeing record purging procedures. 6. Access to Information Outside of City. Citation records are shared with the involved parties, the court system (for processing), and authorized law enforcement representatives per official requests for police records. Citation dispositions are shared from the court to the Department of Motor Vehicles. Citation data within the vendor software system, may, with the City’s permission, be viewable by law enforcement agencies that use the same system for the purpose of knowing if a violator has been issued other citations. Currently, Santa Clara County SO, San Mateo County SO, San Francisco County SO, Alameda County SO, and other allied agencies use the Turbo Data system. Citation data will automatically transfer into the Department’s new Records Management System (RMS), which is viewable by partnering law enforcement agencies that have been authorized to view police records in the same RMS. Citation data entered into the department’s RMS is not currently set to purge. CMR 13747- Attachment F 7. Compliance Procedures. Information from the E Citation software program is transmitted daily for citation processing. Department personnel review the citation information and system functionality every weekday. Authorized operating personnel will be trained on the device handling and transmission procedures, including the prompt notification of the City’s Information Technology Department in the event of suspected unauthorized system access. eCitations • Moving • Parking • Administrative • Fare Evasion All-in-one nFORCER Device Features • FIPS201 compliant fingerprint reader • Integrated thermal printer • Bi-directional magnetic stripe reader • Integrated laser scan engine • Hot swappable and integrated battery • Simultaneously charge both batteries • Rugged IP65 rated housing • Android operating system • Backlit function keys • Multiple carry options • 16 megapixel camera • LED flash Traffic/Moving eCitations • Barcode/Laser Scanner/MSR • DL & VIN • RMS Integration • Court Reporting • Corrections (TR100) • Compliance (TR145) nFORCERAll-in-one Two Locations: 888.755.0625 Southern California Northern California sales@turbodata.com