The URL can be used to link to this page

Home My WebLink AboutStaff Report 2305-1415CITY OF PALO ALTO CITY COUNCIL Special Meeting Monday, August 07, 2023 Council Chambers & Hybrid 5:30 PM Agenda Item 10.Approval and Authorization of the City Manager to Execute a Contract with Allied Universal Technology Services (AUTS) (C24187696) in an Amount Not-to-Exceed $778,275 over 5 years and one month period ending June 30, 2028 to provide Intrusion Detection System (IDS) monitoring and notification services. CEQA status - not a project. Supplemental Report added, Q&A 2 1 4 6 City Council Staff Report From: City Manager Report Type: CONSENT CALENDAR Lead Department: Office of Emergency Services Meeting Date: August 7, 2023 Report #:2305-1415 TITLE Approval and Authorization of the City Manager to Execute a Contract with Allied Universal Technology Services (AUTS) (C24187696) in an Amount Not-to-Exceed $778,275 over 5 years and one month period ending June 30, 2028 to provide Intrusion Detection System (IDS) monitoring and notification services. CEQA status - not a project. RECOMMENDATION Staff recommends that Council approve and authorize the City Manager or their designee to execute a contract with Allied Universal Technology Services (AUTS) in an Amount Not-to- Exceed $778,275 for the period June 2, 2023 – June 30, 2028, to provide IDS monitoring and notification services. BACKGROUND In June 2018 the City of Palo Alto contracted with G4S (Contract number C18172456) to provide remote video monitoring of the four at-grade rail crossings in the City limits and to make notifications to public safety agencies when established criteria were observed. The current contract period ended on June 1, 2023. ANALYSIS The IDS became operational in September 2018 and has been in use since that time to monitor the four Caltrain at-grade crossings. This followed more than three years of monitoring efforts initially by volunteers then staffed by contracted staffing at roughly $xxx annually, which proved problematic for multiple reasons. The four Caltrain rail crossings include Palo Alto Avenue, Churchill Avenue, W. Meadow Drive, and W. Charleston Road. Each crossing has six cameras with a combination of fixed, thermal and PTZ (pan, tilt, zoom) with the capability of viewing objects up to 1,000 feet in both north and south directions in variable light and weather conditions, and covers the area of the crossing and intersection with Alma Street. City fiber provides the backhaul of video imagery to a server system in the Palo Alto City Hall that is also used by the vendor at a remote monitoring center. A notification protocol is followed by the monitoring center operator to make 2 1 4 6 appropriate notifications to local public safety agencies when specific criteria are met (unsafe conditions). The City of Palo Alto City Council approved the IDS system in June 2017 when they authorized the design and construction of the CalTrain Corridor Video Management System Installation capital project (PE-18001). (CMR Staff Report #8065)1. In December 2019, G4S rebranded post-merger under the name Allied Universal Technology Services. Starting in fiscal year 2021 OES began reporting on the number of annual reported incidents within the Caltrain right of way. Data was recorded starting in FY 2020, the table below is an output of published metrics in FY2020-2022. This measure provides the number of incidents reported to by the third party under contract. FY 2020 FY2021 FY2022 FY23 Annual Incidents 110 57 68 25 The contractor is responsible for 24/7/365 monitoring and notifications. In the event of the system detecting an intrusion or other unsafe condition (such as a car stalled on the tracks), the contractor notifies the responsible public safety agency (San Mateo County Sheriff) to take immediate action, such as stopping trains. The contractor also notifies the City of Palo Alto 911 Communications Center who dispatches City of Palo Alto resources to respond. The contractor may also activate on-site audio warnings if applicable. City of Palo Alto staff review incident reports for any actionable recommendations. Allied Universal Technology Services has properly performed the required services in the current term. Bid Process On 10 April, 2023, the City issued a notice inviting formal bids under RFP 187696, Intrusion Detection System (IDS) Monitoring & Notifications. A Pre-proposal Teleconference was conducted with three providers in attendance: Allied Universal Technology Services, Siemens Industries, and Garcia’s Private Security. Allied Universal Technology Services provided the only bid to the City for this RFP. The City evaluated the proposal for completeness and alignment with the services requested, based on the responsive proposal, performance, and experience, the City recommends award of a contract with Allied Universal Technology Services. Subsequent to the bid process, OES staff reached out to potential bidders that did not submit proposals to inquire as to why they decided not to participate. No responses were received. 1 City of Palo Alto Staff Report #8065 at https://www.cityofpaloalto.org/files/assets/public/agendas-minutes- reports/reports/city-manager-reports-cmrs/year-archive/2017/id-8065-caltrain.pdf 2 1 4 6 Intrusion Detection System (IDS) monitoring and notification services. Proposed Length of Project 5 years Number of Bids Mailed to Contractors 6 Number of Websites 1 (City’s eprocurement portal, PlanetBids) Total Days to Respond to Bid 21 Optional Pre-Bid Meeting May 20, 2021 at 9:30 A.M. # of Company Attendees at Pre-Bid Meeting 3 Number of Bids Received:1 Bid Price Range $778,275 The five-year cost in this agreement (61 months) is for $778,275. The previous 5-year contract (60 months) was awarded to G4S at a cost of $600,000 which did not include any annual increase in contract cost during the term. This agreement differs as costs increase each year as detailed in Exhibit C of the contract, and it includes an additional month of services to align with the City’s fiscal year. This cost escalation is in line with standard inflation expectations. FISCAL/RESOURCE IMPACT The total five-year and one month cost of the contract is $778,275. The first-year amount of $144,040 is anticipated to be available in the OES operating budget in Fiscal Year 2024 pending the City Council adoption of the FY 2024 Operating budget, scheduled for June 19, 2023. Future year funding is subject to Council approval as part of the annual budget process. STAKEHOLDER ENGAGEMENT No stakeholder engagement was conducted for this contracting action. OES involved members of the Police and Utilities departments in the RFP evaluation. ENVIRONMENTAL REVIEW The recommendation in this report does not constitute a project requiring review under the California Environmental Quality Act (CEQA) since there is no potential for a direct or reasonably foreseeable indirect physical change in the environment. Council’s prior approval of the IDS system was determined exempt from CEQA review under Class 1 of the CEQA guidelines as repair, maintenance, and/or minor alteration of existing facilities. ATTACHMENTS Attachment A: Allied Universal Technology Services Contract C24187696 APPROVED BY: Ken Dueker, Director Office of Emergency Services Professional Services Rev. Dec.15, 2020 Page 1 of 21 CITY OF PALO ALTO CONTRACT NO. C24187696 AGREEMENT FOR PROFESSIONAL SERVICES BETWEEN THE CITY OF PALO ALTO AND UNIVERSAL PROTECTION SECURITY SYSTEMS LP dba ALLIED UNIVERSAL TECHNOLOGY SERVICES This Agreement for Professional Services (this “Agreement”) is entered into as of the 2nd day of June, 2023 (the “Effective Date”), by and between the CITY OF PALO ALTO, a California chartered municipal corporation (“CITY”), and UNIVERSAL PROTECTION SECURITY SYSTEMS dba ALLIED UNIVERSAL TECHNOLOGY SERVICES , a California Limited Partnership, located at 2301 Armstrong Street, Suite 101, Livermore, CA 94551 (“CONSULTANT”). The following recitals are a substantive portion of this Agreement and are fully incorporated herein by this reference: RECITALS A.CITY intends to issue a contract to monitor video intrusion detection system at four Caltrain rail crossings (“Project”) and desires to engage a consultant to provide 24-hour remote monitoring and notification services in connection with the Project (the “Services”, as detailed more fully in Exhibit A). B.CONSULTANT represents that it, its employees and subconsultants, if any, possess the necessary professional expertise, qualifications, and capability, and all required licenses and/or certifications to provide the Services. C.CITY, in reliance on these representations, desires to engage CONSULTANT to provide the Services as more fully described in Exhibit A, entitled “SCOPE OF SERVICES”. NOW, THEREFORE, in consideration of the recitals, covenants, terms, and conditions, in this Agreement, the parties agree as follows: SECTION 1. SCOPE OF SERVICES. CONSULTANT shall perform the Services described in Exhibit A in accordance with the terms and conditions contained in this Agreement. The performance of all Services shall be to the reasonable satisfaction of CITY. SECTION 2. TERM. The term of this Agreement shall be from the effective date shown above through June 30, 2028 unless terminated earlier pursuant to Section 19 (Termination) of this Agreement. SECTION 3. SCHEDULE OF PERFORMANCE. Time is of the essence in the performance of Services under this Agreement. CONSULTANT shall complete the Services within the term of this Agreement and in accordance with the schedule set forth in Exhibit B, entitled “SCHEDULE OF PERFORMANCE”. Any Services for which times for performance are not specified in this Agreement shall be commenced and completed by CONSULTANT in a reasonably prompt and DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 Professional Services Rev. Dec.15, 2020 Page 2 of 21 timely manner based upon the circumstances and direction communicated to the CONSULTANT. CITY’s agreement to extend the term or the schedule for performance shall not preclude recovery of damages for delay if the extension is required due to the fault of CONSULTANT. SECTION 4. NOT TO EXCEED COMPENSATION. The compensation to be paid to CONSULTANT for performance of the Services shall be based on the compensation structure detailed in Exhibit C, entitled “COMPENSATION,” including any reimbursable expenses specified therein, and the maximum total compensation shall not exceed Seven Hundred Seventy Eight Thousand Two Hundred Seventy Five Dollars and Thirty-Three Cents ($778,275.33). The hourly schedule of rates, if applicable, is set out in Exhibit C-1, entitled “SCHEDULE OF RATES.” Any work performed or expenses incurred for which payment would result in a total exceeding the maximum compensation set forth in this Section 4 shall be at no cost to the CITY. SECTION 5. INVOICES. In order to request payment, CONSULTANT shall submit monthly invoices to the CITY describing the Services performed and the applicable charges (including, if applicable, an identification of personnel who performed the Services, hours worked, hourly rates, and reimbursable expenses), based upon Exhibit C or, as applicable, CONSULTANT’s schedule of rates set forth in Exhibit C-1. If applicable, the invoice shall also describe the percentage of completion of each task. The information in CONSULTANT’s invoices shall be subject to verification by CITY. CONSULTANT shall send all invoices to CITY’s Project Manager at the address specified in Section 13 (Project Management) below. CITY will generally process and pay invoices within thirty (30) days of receipt of an acceptable invoice. SECTION 6. QUALIFICATIONS/STANDARD OF CARE. All Services shall be performed by CONSULTANT or under CONSULTANT’s supervision. CONSULTANT represents that it, its employees and subcontractors, if any, possess the professional and technical personnel necessary to perform the Services required by this Agreement and that the personnel have sufficient skill and experience to perform the Services assigned to them. CONSULTANT represents that it, its employees and subcontractors, if any, have and shall maintain during the term of this Agreement all licenses, permits, qualifications, insurance and approvals of whatever nature that are legally required to perform the Services. All Services to be furnished by CONSULTANT under this Agreement shall meet the professional standard and quality that prevail among professionals in the same discipline and of similar knowledge and skill engaged in related work throughout California under the same or similar circumstances. SECTION 7. COMPLIANCE WITH LAWS. CONSULTANT shall keep itself informed of and in compliance with all federal, state and local laws, ordinances, regulations, and orders that may affect in any manner the Project or the performance of the Services or those engaged to perform Services under this Agreement, as amended from time to time. CONSULTANT shall procure all permits and licenses, pay all charges and fees, and give all notices required by law in the performance of the Services. SECTION 8. ERRORS/OMISSIONS. CONSULTANT is solely responsible for costs, including, but not limited to, increases in the cost of Services, arising from or caused by CONSULTANT’s errors and omissions, including, but not limited to, the costs of corrections such errors and omissions, any change order markup costs, or costs arising from delay caused by the errors and omissions or unreasonable delay in correcting the errors and omissions. DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 Professional Services Rev. Dec.15, 2020 Page 3 of 21 SECTION 9. COST ESTIMATES. If this Agreement pertains to the design of a public works project, CONSULTANT shall submit estimates of probable construction costs at each phase of design submittal. If the total estimated construction cost at any submittal exceeds the CITY’s stated construction budget by ten percent (10%) or more, CONSULTANT shall make recommendations to CITY for aligning the Project design with the budget, incorporate CITY approved recommendations, and revise the design to meet the Project budget, at no additional cost to CITY. SECTION 10. INDEPENDENT CONTRACTOR. CONSULTANT acknowledges and agrees that CONSULTANT and any agent or employee of CONSULTANT will act as and shall be deemed at all times to be an independent contractor and shall be wholly responsible for the manner in which CONSULTANT performs the Services requested by CITY under this Agreement. CONSULTANT and any agent or employee of CONSULTANT will not have employee status with CITY, nor be entitled to participate in any plans, arrangements, or distributions by CITY pertaining to or in connection with any retirement, health or other benefits that CITY may offer its employees. CONSULTANT will be responsible for all obligations and payments, whether imposed by federal, state or local law, including, but not limited to, FICA, income tax withholdings, workers’ compensation, unemployment compensation, insurance, and other similar responsibilities related to CONSULTANT’s performance of the Services, or any agent or employee of CONSULTANT providing same. Nothing in this Agreement shall be construed as creating an employment or agency relationship between CITY and CONSULTANT or any agent or employee of CONSULTANT. Any terms in this Agreement referring to direction from CITY shall be construed as providing for direction as to policy and the result of CONSULTANT’s provision of the Services only, and not as to the means by which such a result is obtained. SECTION 11. ASSIGNMENT. The parties agree that the expertise and experience of CONSULTANT are material considerations for this Agreement. CONSULTANT shall not assign or transfer any interest in this Agreement nor the performance of any of CONSULTANT’s obligations hereunder without the prior written approval of the City Manager. Any purported assignment made without the prior written approval of the City Manager will be void and without effect. Subject to the foregoing, the covenants, terms, conditions and provisions of this Agreement will apply to, and will bind, the heirs, successors, executors, administrators and assignees of the parties. SECTION 12. SUBCONTRACTING. Option A: No Subcontractor: CONSULTANT shall not subcontract any portion of the Services to be performed under this Agreement without the prior written authorization of the City Manager or designee. In the event CONSULTANT does subcontract any portion of the work to be performed under this Agreement, CONSULTANT shall be fully responsible for all acts and omissions of subcontractors. Option B: Subcontracts Authorized: Notwithstanding Section 11 (Assignment) above, CITY agrees that subcontractors may be used to complete the Services. The subcontractors authorized by CITY to perform work on this Project are: CONSULTANT shall be responsible for directing the work of any subcontractors and for any DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 Professional Services Rev. Dec.15, 2020 Page 4 of 21 compensation due to subcontractors. CITY assumes no responsibility whatsoever concerning compensation of subcontractors. CONSULTANT shall be fully responsible to CITY for all acts and omissions of subcontractors. CONSULTANT shall change or add subcontractors only with the prior written approval of the City Manager or designee. SECTION 13. PROJECT MANAGEMENT. CONSULTANT will assign Eric Hinderliter as the CONSULTANT’s Project Manager to have supervisory responsibility for the performance, progress, and execution of the Services and represent CONSULTANT during the day-to-day performance of the Services. If circumstances cause the substitution of the CONSULTANT’s Project Manager or any other of CONSULTANT’s key personnel for any reason, the appointment of a substitute Project Manager and the assignment of any key new or replacement personnel will be subject to the prior written approval of the CITY’s Project Manager. CONSULTANT, at CITY’s request, shall promptly remove CONSULTANT personnel who CITY finds do not perform the Services in an acceptable manner, are uncooperative, or present a threat to the adequate or timely completion of the Services or a threat to the safety of persons or property. CITY’s Project Manager is Nathan Rainey, Police Department, Office of Emergency Services Division, 250 Hamilton Ave., Palo Alto, CA, 94301, Telephone: (650) 617-3197, Email: Nathaniel.Rainey@CityofPaloAlto.org. CITY’s Project Manager will be CONSULTANT’s point of contact with respect to performance, progress and execution of the Services. CITY may designate an alternate Project Manager from time to time. SECTION 14. OWNERSHIP OF MATERIALS. All work product, including without limitation, all writings, drawings, studies, sketches, photographs, plans, reports, specifications, computations, models, recordings, data, documents, and other materials and copyright interests developed under this Agreement, in any form or media, shall be and remain the exclusive property of CITY without restriction or limitation upon their use. CONSULTANT agrees that all copyrights which arise from creation of the work product pursuant to this Agreement are vested in CITY, and CONSULTANT hereby waives and relinquishes all claims to copyright or other intellectual property rights in favor of CITY. Neither CONSULTANT nor its subcontractors, if any, shall make any of such work product available to any individual or organization without the prior written approval of the City Manager or designee. CONSULTANT makes no representation of the suitability of the work product for use in or application to circumstances not contemplated by the Scope of Services. SECTION 15. AUDITS. CONSULTANT agrees to permit CITY and its authorized representatives to audit, at any reasonable time during the term of this Agreement and for four (4) years from the date of final payment, CONSULTANT’s records pertaining to matters covered by this Agreement, including without limitation records demonstrating compliance with the requirements of Section 10 (Independent Contractor). CONSULTANT further agrees to maintain and retain accurate books and records in accordance with generally accepted accounting principles for at least four (4) years after the expiration or earlier termination of this Agreement or the completion of any audit hereunder, whichever is later. SECTION 16. INDEMNITY. 16.1. To the fullest extent permitted by law, CONSULTANT shall indemnify, defend and hold harmless CITY, its Council members, officers, employees and agents (each an DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 Professional Services Rev. Dec.15, 2020 Page 5 of 21 “Indemnified Party”) from and against any and all demands, claims, or liability of any nature, including death or injury to any person, property damage or any other loss, including all costs and expenses of whatever nature including attorney’s fees, experts fees, court costs and disbursements (“Claims”) resulting from, arising out of or in any manner related to performance or nonperformance by CONSULTANT, its officers, employees, agents or contractors under this Agreement, regardless of whether or not it is caused in part by an Indemnified Party. 16.2. Notwithstanding the above, nothing in this Section 16 shall be construed to require CONSULTANT to indemnify an Indemnified Party from a Claim arising from the active negligence or willful misconduct of an Indemnified Party that is not contributed to by any act of, or by any omission to perform a duty imposed by law or agreement by, CONSULTANT, its officers, employees, agents or contractors under this Agreement. 16.3. The acceptance of CONSULTANT’s Services and duties by CITY shall not operate as a waiver of the right of indemnification. The provisions of this Section 16 shall survive the expiration or early termination of this Agreement. SECTION 16.A. LIMITATION OF LIABILITY. 16.A.1. LIMITATION OF LIABILITY OF CONSULTANT. NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT, IN NO EVENT SHALL CONSULTANT BE LIABLE TO CITY, REGARDLESS OF WHETHER ANY CLAIM IS BASED ON CONTRACT OR TORT, FOR SPECIAL, CONSEQUENTIAL, INDIRECT OR INCIDENTAL DAMAGES OR FOR ANY LOSS OF PROFIT OR LOSS OF BUSINESS BY CITY, EVEN IF CONSULTANT HAS BEEN ADVISED OF THE POSSIBILITY OF ANY SUCH POTENTIAL CLAIM, LOSS OR DAMAGE. EXCEPT AS PROVIDED IN THE IMMEDIATELY FOLLOWING SENTENCE, IN NO EVENT SHALL THE TOTAL AGGREGATE LIABILITY UNDER THIS AGREEMENT OF CONSULTANT TO CITY EXCEED THE DOLLAR AMOUNT PROVIDED FOR IN SECTION 4 (“NOT TO EXCEED COMPENSATION”) OF THIS AGREEMENT. CONSULTANT'S LIABILITY LIMIT SET FORTH HEREIN SHALL NOT APPLY TO (1) DAMAGES CAUSED BY CONSULTANT'S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, (2) CONSULTANT'S OBLIGATIONS TO INDEMNIFY AND DEFEND CITY PURSUANT TO SECTION 16 (“INDEMNIFICATION”) OF THIS AGREEMENT, (3) LIMIT CLAIMS OR GENERAL DAMAGES THAT FALL WITHIN THE INSURANCE COVERAGE OF THIS AGREEMENT, (4) STATUTORY DAMAGES, AND (5) WRONGFUL DEATH CAUSED BY CONSULTANT. 16.A.2. LIMITATION OF LIABILITY OF CITY. CITY’S PAYMENT OBLIGATIONS UNDER THIS AGREEMENT SHALL BE LIMITED TO THE PAYMENT OF THE COMPENSATION PROVIDED FOR IN SECTION 4 (“NOT TO EXCEED COMPENSATION”) OF THIS AGREEMENT. NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT, IN NO EVENT SHALL CITY BE LIABLE, REGARDLESS OF WHETHER ANY CLAIM IS BASED ON CONTRACT OR TORT, FOR ANY SPECIAL, CONSEQUENTIAL, INDIRECT OR INCIDENTAL DAMAGES, INCLUDING, BUT NOT LIMITED TO, LOST PROFITS, ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR THE SERVICES PERFORMED IN CONNECTION WITH THIS AGREEMENT. SECTION 17. WAIVERS. No waiver of a condition or nonperformance of an obligation under DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 Professional Services Rev. Dec.15, 2020 Page 6 of 21 this Agreement is effective unless it is in writing in accordance with Section 29.4 of this Agreement. No delay or failure to require performance of any provision of this Agreement shall constitute a waiver of that provision as to that or any other instance. Any waiver granted shall apply solely to the specific instance expressly stated. No single or partial exercise of any right or remedy will preclude any other or further exercise of any right or remedy. SECTION 18. INSURANCE. 18.1. CONSULTANT, at its sole cost and expense, shall obtain and maintain, in full force and effect during the term of this Agreement, the insurance coverage described in Exhibit D, entitled “INSURANCE REQUIREMENTS”. CONSULTANT and its contractors, if any, shall obtain a policy endorsement naming CITY as an additional insured under any general liability or automobile policy or policies. 18.2. All insurance coverage required hereunder shall be provided through carriers with AM Best’s Key Rating Guide ratings of A-:VII or higher which are licensed or authorized to transact insurance business in the State of California. Any and all contractors of CONSULTANT retained to perform Services under this Agreement will obtain and maintain, in full force and effect during the term of this Agreement, identical insurance coverage, naming CITY as an additional insured under such policies as required above. 18.3. Certificates evidencing such insurance shall be filed with CITY concurrently with the execution of this Agreement. The certificates will be subject to the approval of CITY’s Risk Manager and will contain an endorsement stating that the insurance is primary coverage and will not be canceled, or materially reduced in coverage or limits, by the insurer except after filing with the Purchasing Manager thirty (30) days’ prior written notice of the cancellation or modification. If the insurer cancels or modifies the insurance and provides less than thirty (30) days’ notice to CONSULTANT, CONSULTANT shall provide the Purchasing Manager written notice of the cancellation or modification within two (2) business days of the CONSULTANT’s receipt of such notice. CONSULTANT shall be responsible for ensuring that current certificates evidencing the insurance are provided to CITY’s Chief Procurement Officer during the entire term of this Agreement. 18.4. The procuring of such required policy or policies of insurance will not be construed to limit CONSULTANT’s liability hereunder nor to fulfill the indemnification provisions of this Agreement. Notwithstanding the policy or policies of insurance, CONSULTANT will be obligated for the full and total amount of any damage, injury, or loss caused by or directly arising as a result of the Services performed under this Agreement, including such damage, injury, or loss arising after the Agreement is terminated or the term has expired. SECTION 19. TERMINATION OR SUSPENSION OF AGREEMENT OR SERVICES. 19.1. The City Manager may suspend the performance of the Services, in whole or in part, or terminate this Agreement, with or without cause, by giving ten (10) days prior written notice thereof to CONSULTANT. If CONSULTANT fails to perform any of its material obligations under this Agreement, in addition to all other remedies provided under this Agreement or at law, the City Manager may terminate this Agreement sooner upon written notice of termination. Upon receipt of any notice of suspension or termination, CONSULTANT will DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 Professional Services Rev. Dec.15, 2020 Page 7 of 21 discontinue its performance of the Services on the effective date in the notice of suspension or termination. 19.2. CONSULTANT may terminate this Agreement or suspend its performance of the Services by giving thirty (30) days prior written notice thereof to CITY, but only in the event of a substantial failure of performance by CITY. 19.3. In event of suspension or termination, CONSULTANT will deliver to the City Manager on or before the effective date in the notice of suspension or termination, any and all work product, as detailed in Section 14 (Ownership of Materials), whether or not completed, prepared by CONSULTANT or its contractors, if any, in the performance of this Agreement. Such work product is the property of CITY, as detailed in Section 14 (Ownership of Materials). 19.4. In event of suspension or termination, CONSULTANT will be paid for the Services rendered and work products delivered to CITY in accordance with the Scope of Services up to the effective date in the notice of suspension or termination; provided, however, if this Agreement is suspended or terminated on account of a default by CONSULTANT, CITY will be obligated to compensate CONSULTANT only for that portion of CONSULTANT’s Services provided in material conformity with this Agreement as such determination is made by the City Manager acting in the reasonable exercise of his/her discretion. The following Sections will survive any expiration or termination of this Agreement: 14, 15, 16, 16.A, 17, 19.3, 19.4, 19.5, 20, 25, 27, 28, 29 and 30. 19.5. No payment, partial payment, acceptance, or partial acceptance by CITY will operate as a waiver on the part of CITY of any of its rights under this Agreement, unless made in accordance with Section 17 (Waivers). SECTION 20. NOTICES. All notices hereunder will be given in writing and mailed, postage prepaid, by certified mail, addressed as follows: To CITY: Office of the City Clerk City of Palo Alto Post Office Box 10250 Palo Alto, CA 94303 With a copy to the Purchasing Manager To CONSULTANT: Attention of the Project Manager at the address of CONSULTANT recited on the first page of this Agreement. CONSULTANT shall provide written notice to CITY of any change of address. SECTION 21. CONFLICT OF INTEREST. 21.1. In executing this Agreement, CONSULTANT covenants that it presently DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 Professional Services Rev. Dec.15, 2020 Page 8 of 21 has no interest, and will not acquire any interest, direct or indirect, financial or otherwise, which would conflict in any manner or degree with the performance of the Services. 21.2. CONSULTANT further covenants that, in the performance of this Agreement, it will not employ subcontractors or other persons or parties having such an interest. CONSULTANT certifies that no person who has or will have any financial interest under this Agreement is an officer or employee of CITY; this provision will be interpreted in accordance with the applicable provisions of the Palo Alto Municipal Code and the Government Code of the State of California, as amended from time to time. CONSULTANT agrees to notify CITY if any conflict arises. 21.3. If the CONSULTANT meets the definition of a “Consultant” as defined by the Regulations of the Fair Political Practices Commission, CONSULTANT will file the appropriate financial disclosure documents required by the Palo Alto Municipal Code and the Political Reform Act of 1974, as amended from time to time. SECTION 22. NONDISCRIMINATION; COMPLIANCE WITH ADA. 22.1. As set forth in Palo Alto Municipal Code Section 2.30.510, as amended from time to time, CONSULTANT certifies that in the performance of this Agreement, it shall not discriminate in the employment of any person due to that person’s race, skin color, gender, gender identity, age, religion, disability, national origin, ancestry, sexual orientation, pregnancy, genetic information or condition, housing status, marital status, familial status, weight or height of such person. CONSULTANT acknowledges that it has read and understands the provisions of Section 2.30.510 of the Palo Alto Municipal Code relating to Nondiscrimination Requirements and the penalties for violation thereof, and agrees to meet all requirements of Section 2.30.510 pertaining to nondiscrimination in employment. 22.2. CONSULTANT understands and agrees that pursuant to the Americans Disabilities Act (“ADA”), programs, services and other activities provided by a public entity to the public, whether directly or through a contractor or subcontractor, are required to be accessible to the disabled public. CONSULTANT will provide the Services specified in this Agreement in a manner that complies with the ADA and any other applicable federal, state and local disability rights laws and regulations, as amended from time to time. CONSULTANT will not discriminate against persons with disabilities in the provision of services, benefits or activities provided under this Agreement. SECTION 23. ENVIRONMENTALLY PREFERRED PURCHASING AND ZERO WASTE REQUIREMENTS. CONSULTANT shall comply with the CITY’s Environmentally Preferred Purchasing policies which are available at CITY’s Purchasing Department, hereby incorporated by reference and as amended from time to time. CONSULTANT shall comply with waste reduction, reuse, recycling and disposal requirements of CITY’s Zero Waste Program. Zero Waste best practices include, first, minimizing and reducing waste; second, reusing waste; and, third, recycling or composting waste. In particular, CONSULTANT shall comply with the following Zero Waste requirements: (a) All printed materials provided by CONSULTANT to CITY generated from a personal computer and printer including but not limited to, proposals, quotes, invoices, reports, and public education materials, shall be double-sided and printed on a minimum of 30% or greater DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 Professional Services Rev. Dec.15, 2020 Page 9 of 21 post-consumer content paper, unless otherwise approved by CITY’s Project Manager. Any submitted materials printed by a professional printing company shall be a minimum of 30% or greater post-consumer material and printed with vegetable-based inks. (b) Goods purchased by CONSULTANT on behalf of CITY shall be purchased in accordance with CITY’s Environmental Purchasing Policy including but not limited to Extended Producer Responsibility requirements for products and packaging. A copy of this policy is on file at the Purchasing Department’s office. (c) Reusable/returnable pallets shall be taken back by CONSULTANT, at no additional cost to CITY, for reuse or recycling. CONSULTANT shall provide documentation from the facility accepting the pallets to verify that pallets are not being disposed. SECTION 24. COMPLIANCE WITH PALO ALTO MINIMUM WAGE ORDINANCE. CONSULTANT shall comply with all requirements of the Palo Alto Municipal Code Chapter 4.62 (Citywide Minimum Wage), as amended from time to time. In particular, for any employee otherwise entitled to the State minimum wage, who performs at least two (2) hours of work in a calendar week within the geographic boundaries of the City, CONSULTANT shall pay such employees no less than the minimum wage set forth in Palo Alto Municipal Code Section 4.62.030 for each hour worked within the geographic boundaries of the City of Palo Alto. In addition, CONSULTANT shall post notices regarding the Palo Alto Minimum Wage Ordinance in accordance with Palo Alto Municipal Code Section 4.62.060. SECTION 25. NON-APPROPRIATION. This Agreement is subject to the fiscal provisions of the Charter of the City of Palo Alto and the Palo Alto Municipal Code, as amended from time to time. This Agreement will terminate without any penalty (a) at the end of any fiscal year in the event that funds are not appropriated for the following fiscal year, or (b) at any time within a fiscal year in the event that funds are only appropriated for a portion of the fiscal year and funds for this Agreement are no longer available. This Section shall take precedence in the event of a conflict with any other covenant, term, condition, or provision of this Agreement. SECTION 26. PREVAILING WAGES AND DIR REGISTRATION FOR PUBLIC WORKS CONTRACTS. 26.1. This Project is not subject to prevailing wages and related requirements. CONSULTANT is not required to pay prevailing wages and meet related requirements under the California Labor Code and California Code of Regulations in the performance and implementation of the Project if the contract: (1) is not a public works contract; (2) is for a public works construction project of $25,000 or less, per California Labor Code Sections 1782(d)(1), 1725.5(f) and 1773.3(j); or (3) is for a public works alteration, demolition, repair, or maintenance project of $15,000 or less, per California Labor Code Sections 1782(d)(1), 1725.5(f) and 1773.3(j). SECTION 27. CLAIMS PROCEDURE FOR “9204 PUBLIC WORKS PROJECTS”. For purposes of this Section 27, a “9204 Public Works Project” means the erection, construction, alteration, repair, or improvement of any public structure, building, road, or other public improvement of any kind. (Cal. Pub. Cont. Code § 9204.) Per California Public Contract Code Section 9204, for Public Works Projects, certain claims procedures shall apply, as set forth in DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 Professional Services Rev. Dec.15, 2020 Page 10 of 21 Exhibit F, entitled “Claims for Public Contract Code Section 9204 Public Works Projects”. This Project is not a 9204 Public Works Project. SECTION 28. CONFIDENTIAL INFORMATION. 28.1. In the performance of this Agreement, CONSULTANT may have access to CITY’s Confidential Information (defined below). CONSULTANT will hold Confidential Information in strict confidence, not disclose it to any third party, and will use it only for the performance of its obligations to CITY under this Agreement and for no other purpose. CONSULTANT will maintain reasonable and appropriate administrative, technical and physical safeguards to ensure the security, confidentiality and integrity of the Confidential Information. Notwithstanding the foregoing, CONSULTANT may disclose Confidential Information to its employees, agents and subcontractors, if any, to the extent they have a need to know in order to perform CONSULTANT’s obligations to CITY under this Agreement and for no other purpose, provided that the CONSULTANT informs them of, and requires them to follow, the confidentiality and security obligations of this Agreement. 28.2. “Confidential Information” means all data, information (including without limitation “Personal Information” about a California resident as defined in Civil Code Section 1798 et seq., as amended from time to time) and materials, in any form or media, tangible or intangible, provided or otherwise made available to CONSULTANT by CITY, directly or indirectly, pursuant to this Agreement. Confidential Information excludes information that CONSULTANT can show by appropriate documentation: (i) was publicly known at the time it was provided or has subsequently become publicly known other than by a breach of this Agreement; (ii) was rightfully in CONSULTANT’s possession free of any obligation of confidence prior to receipt of Confidential Information; (iii) is rightfully obtained by CONSULTANT from a third party without breach of any confidentiality obligation; (iv) is independently developed by employees of CONSULTANT without any use of or access to the Confidential Information; or (v) CONSULTANT has written consent to disclose signed by an authorized representative of CITY. 28.3. Notwithstanding the foregoing, CONSULTANT may disclose Confidential Information to the extent required by order of a court of competent jurisdiction or governmental body, provided that CONSULTANT will notify CITY in writing of such order immediately upon receipt and prior to any such disclosure (unless CONSULTANT is prohibited by law from doing so), to give CITY an opportunity to oppose or otherwise respond to such order. 28.4. CONSULTANT will notify City promptly upon learning of any breach in the security of its systems or unauthorized disclosure of, or access to, Confidential Information in its possession or control, and if such Confidential Information consists of Personal Information, CONSULTANT will provide information to CITY sufficient to meet the notice requirements of Civil Code Section 1798 et seq., as applicable, as amended from time to time. 28.5. Prior to or upon termination or expiration of this Agreement, CONSULTANT will honor any request from the CITY to return or securely destroy all copies of Confidential Information. All Confidential Information is and will remain the property of the CITY and nothing contained in this Agreement grants or confers any rights to such Confidential DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 Professional Services Rev. Dec.15, 2020 Page 11 of 21 Information on CONSULTANT. 28.6. If selected in Section 30 (Exhibits), this Agreement is also subject to the terms and conditions of the Information Privacy Policy and Cybersecurity Terms and Conditions. SECTION 29. MISCELLANEOUS PROVISIONS. 29.1. This Agreement will be governed by California law, without regard to its conflict of law provisions. 29.2. In the event that an action is brought, the parties agree that trial of such action will be vested exclusively in the state courts of California in the County of Santa Clara, State of California. 29.3. The prevailing party in any action brought to enforce the provisions of this Agreement may recover its reasonable costs and attorneys’ fees expended in connection with that action. The prevailing party shall be entitled to recover an amount equal to the fair market value of legal services provided by attorneys employed by it as well as any attorneys’ fees paid to third parties. 29.4. This Agreement, including all exhibits, constitutes the entire and integrated agreement between the parties with respect to the subject matter of this Agreement, and supersedes all prior agreements, negotiations, representations, statements and undertakings, either oral or written. This Agreement may be amended only by a written instrument, which is signed by the authorized representatives of the parties and approved as required under Palo Alto Municipal Code, as amended from time to time. 29.5. If a court of competent jurisdiction finds or rules that any provision of this Agreement is void or unenforceable, the unaffected provisions of this Agreement will remain in full force and effect. 29.6. In the event of a conflict between the terms of this Agreement and the exhibits hereto (per Section 30) or CONSULTANT’s proposal (if any), the Agreement shall control. In the event of a conflict between the exhibits hereto and CONSULTANT’s proposal (if any), the exhibits shall control. 29.7. The provisions of all checked boxes in this Agreement shall apply to this Agreement; the provisions of any unchecked boxes shall not apply to this Agreement. 29.8. All section headings contained in this Agreement are for convenience and reference only and are not intended to define or limit the scope of any provision of this Agreement. 29.9. This Agreement may be signed in multiple counterparts, which, when executed by the authorized representatives of the parties, shall together constitute a single binding agreement. SECTION 30. EXHIBITS. Each of the following exhibits, if the check box for such exhibit is selected below, is hereby attached and incorporated into this Agreement by reference as though fully set forth herein: DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 Professional Services Rev. Dec.15, 2020 Page 12 of 21 EXHIBIT A: SCOPE OF SERVICES EXHIBIT C: COMPENSATION EXHIBIT D: INSURANCE REQUIREMENTS EXHIBIT E: INFORMATION PRIVACY POLICY EXHIBIT F: CYBERSECURITY TERMS AND CONDITIONS THIS AGREEMENT IS NOT COMPLETE UNLESS ALL SELECTED EXHIBITS ARE ATTACHED. DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 Professional Services Rev. Dec.15, 2020 Page 13 of 21 CONTRACT NO. C24187696 SIGNATURE PAGE IN WITNESS WHEREOF, the parties hereto have by their duly authorized representatives executed this Agreement as of the date first above written. CITY OF PALO ALTO City Manager APPROVED AS TO FORM: City Attorney or designee UNIVERSAL PROTECTION SECURITY SYSTEMS LP dba ALLIED UNIVERSAL TECHNOLOGY SERVICES Officer 1 By: Name: Title: Officer 2 By: Name: Title: DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 President Carey Boethel David Buckman EVP and General Counsel Professional Services Rev. Dec.15, 2020 Page 14 of 21 EXHIBIT A SCOPE OF SERVICES CONSULTANT shall provide the Services detailed in this Exhibit A, entitled “SCOPE OF SERVICES”. 1.0 PROJECT OVERVIEW Consultant will provide software, to be run on City servers, to provide 24-hour remote monitoring of the video Intrusion Detection System (IDS) at four Peninsula Corridor Joint Powers Board (PCJPB)/Caltrain Corridor crossings in City. The four Caltrain rail crossings include Palo Alto Avenue, Churchill Avenue, W. Meadow Drive and W. Charleston Road. Each crossing has six cameras with a combination of fixed, thermal and PTZ (pan, tilt, zoom) with the capability of viewing objects up to 1,000 feet in both north and south directions in variable light and weather conditions, and also covers the area of the crossing and intersection with Alma Street. The Consultant’s software will allow the City to operate the video IDS installed by Consultant in order enable monitoring of the rail crossings as detailed herein, and Consultant will provide video monitoring services as detailed herein. This system currently uses an Avigilon software system for local monitoring. 2.0 GOVERNING STANDARDS AND CODES During the monitoring of this project, Consultant shall comply with the following standards and codes: All applicable Local and State codes, regulations, rules and ordinances; City’s Information Privacy Policy, SaaS Security Privacy Terms and Conditions, and Video Management System (VMS) Policies (each of which is hereby attached and incorporated into this Agreement by reference as though fully set forth herein); and City’s Confidential Incident Notification Protocol administered by the Office of Emergency Services and the Police Department. 2.1 MONITORING SERVICES Consultant shall provide highly qualified technical resources with substantial experience in field configuration, SureView Immix programming, IT/communications, video analytics configuration, incident management as well as event monitoring and response. Consultant shall: Provide continuous monitoring services of the four PCIPB/Caltrain Corridor crossings in Palo Alto for sixty one months, with monitoring provided twenty-four hours a day, 7 days a week. Utilize the existing Avigilon analytics event generated alerts validated from the MaRC. Take action as described in the Incident Notification Protocol. Utilize the Immix platform and adhere to current reporting standards and requirements. Notify the City of any power failures, connectivity issues or other problems with the system. Provide timely incident reports when required to the City of Palo Alto Office of Emergency Services. Maintain a UL listed and CASS five diamond certification Intelligent Security Operations Center (ISOC) during the term of this Agreement. DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 Professional Services Rev. Dec.15, 2020 Page 15 of 21 Engage the City’s Office of Emergency Services and the Police Department as appropriate to improve system performance. 2.2 Monitoring Assumptions The City shall supply and maintain the internet service provider (ISP) network. The “network” is the ISP portion network owned or operated on behalf of the City that extends from City Hall to the outbound port on the border router and includes all redundant internet connectivity, bandwidth, routers, cabling and switches. Avigilon & Flir software integration to SureView Immix is current and stable. 2.3 Theory of Operation Camera field of view images will be streamed to and recorded using the City’s in-house local Avigilon network video recording processes and storage system. The cameras are fitted with software designed to interface with the Avigilon ACC VMS such that rules may be created to identify certain conditions which might be indicative of persons at risk of being harmed by passing trains. The analytic rules will create an alert event, and when an event is triggered by the analytics, the Allied Universal Monitoring and Response Center (MaRC), will receive an alarm event showing the circumstances in real time. Once validated as a positive alarm, the monitoring center agent will take action as described in the Incident Notification Protocol. This may include the use of the public address (PA) speaker system. The Avigilon multi-sensor analytic cameras overlooking the intersections and the wide-angle and Long Range FLIR thermal cameras looking north and south along the Caltrain right-of-way will drive the analytic alarm event triggers 2.4 Incident Report and Analytic Responsibilities Allied Universal will use its event processing automation system, Immix as the foundation platform to provide the City with the level of surveillance services required to fulfill the scope of work. A web portal which has been set up for the City provides constant access to view incident review incident types and outcomes. An incident report will be created on all incidents meeting the criteria provided by the City of Palo Alto and agreed to by Allied Universal. The report shall contain still photos and a comprehensive audit trail of all actions related to the incident. Reports are generated through the use of the security automation platform. Incident reports shall be created immediately following an incident and available via the web portal. Additional information shall be added to the report as the monitoring center receives additional information. Customer reporting shall be available on the security platform to meet the City’s preferences. A database of incidents shall be compiled to allow the City the ability to identify trends and optimize the safety and security programs. 2.5 Terms and Definitions DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 Professional Services Rev. Dec.15, 2020 Page 16 of 21 1. “Beneficial Use” means substantial availability of the Monitoring Services, except for minor adjustments and corrections. 2. “In-Service Date” means the date on which Beneficial Use is available to the City. 3. “Listed Event(s)” means the specific scenarios that direct AUTS response to alarm events that are listed in this Scope of Work. 4. “Monitoring Facility” means AUTS’ location(s) (including those of its subcontractors) which receive City’s data, images, videos and/or signals. 5. “Services” means the services (including software used in the performance of the services) provided to City as detailed in this Agreement. 6. “System” means the “24-hour remote monitored video Intrusion Detection System (IDS) at four PCJPB/Caltrain Corridor crossings in City.” i. After the In-Service Date, City agrees to (a) not to make any change which impair or to otherwise affect the transmission of data, images, videos, and/or signals from the System to the Monitoring Facility; (b) to repair; service and/or to assure the proper operation of any other property, equipment, system, or device of City associated with or connected to the System; (c) to provide necessary electrical power at the sites; (d) provide necessary network services for the sites; (e) to regularly test and set the System, understanding that the sensitivity and area of coverage of space protection devices may change, that the Monitoring Facility is unable to detect such changes unless the City notifies AUTS in writing and accordingly, and that tests in the area(s) of such coverage area necessary to ensure adequate System operation; (f) to not interfere with the effectiveness of the transmission of data, images, videos, and/or signals to the Monitoring Facility and/or the recording of images and/or videos by the System; (g) to secure, at its own cost and expense, whatever permission or licenses are necessary from the authorities having jurisdiction (including Utility companies) to transmit data, images, videos, and signals from the System to the Monitoring Facility and otherwise receive Services; and (h) to use the System properly and to follow associated instructions. ii. The City acknowledges and agrees that AUTS may record images, videos, wire and oral transmissions or communications in connection with AUTS’ performance of the Services and the City hereby authorizes and consents (on behalf of itself and its employees, agents and other representatives) to AUTS intercepting, recording, retrieving, reviewing, copying disclosing and otherwise using the contents of all telephone, video, wire, oral, electronic and other forms of transmission or communications to which the City and its employees, agents and other representatives are parties in each case solely in connection with AUTS’ performance of the Services under this Agreement. iii.AUTS shall monitor data, images, videos and signals in accordance with this scope of work. If the Monitoring Facility receives an alarm signal, image and/or video from the System that qualifies as a Listed Event (as defined below), AUTS shall respond as set forth below to the Listed Event within a reasonable period of time under the circumstances. AUTS may, in its discretion, verify any data, DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 Professional Services Rev. Dec.15, 2020 Page 17 of 21 alarm signal, image or video by telephone or otherwise before notifying emergency personnel. Contractor has no obligation to respond to any signals and/or subjective interpretations of images or videos received by the Monitoring Facility which are not Listed Events or to take any actions which are not expressly set forth in this scope. iv. City acknowledges that the data, images, videos, and signals from the System are transmitted to the Monitoring Facility using the City and/or third-party equipment, regular telephone or network services and internet service which are wholly beyond the control of AUTS. City acknowledges and agrees that images, videos and signals transmitted by the System will not be received by the Monitoring Facility during any disruption, interference, malfunction, or other non-performance of any such equipment and/or services. City acknowledges and agrees that AUTS shall bear no responsibility or liability for any actual or claimed damages incurred as a direct or indirect result of such outages of such applications, equipment, and/or services not caused by the fault of AUTS. v. Under no circumstance shall AUTS be liable for any fees assessed with respect to the occurrence of any false alarm not caused by AUTS. vi.AUTS does not represent or warrant that the monitoring services shall prevent any loss by burglary, holdup, fire or otherwise, or that the services shall in all cases provide the protection for which they are intended. vii. The City shall provide AUTS reasonable access to the sites and the System in order to perform the Services, including, by way of example, testing, servicing and monitoring of any equipment or components. Monitoring Services – Service Level Agreements: “Listed Event(s)” means the specific scenarios that direct G4S response to alarm events that are listed in the Scope of Work. Monitoring Service is required along with Remote Monitoring Center for access to other services. Required availability for these Monitoring Services if 95% percent uptime, not counting planned maintenance time. The 95% percent availability metric will be measured by a rolling six-month period. Reports of availability “uptime” will be sent on a quarterly basis to the Project Manager. 3.0 Kick-off Meeting Vendor shall hold a “start of service period” meeting to review contract documents, confirm system and network design, confirm monitoring services and notification protocols, and other items requiring immediate attention. Prior to the kickoff, vendor will coordinate with the City on the agenda and logistics for this meeting. DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 Professional Services Rev. Dec.15, 2020 Page 18 of 21 EXHIBIT C COMPENSATION CITY agrees to compensate CONSULTANT for Services performed in accordance with the terms and conditions of this Agreement, and as set forth in the budget schedule below. Compensation shall be calculated based on the rate schedule attached as Exhibit C-1 up to the not to exceed budget amount for each task set forth below. CITY’s Project Manager may approve in writing the transfer of budget amounts between any of the tasks or categories listed below, provided that the total compensation for the Services, including any specified reimbursable expenses, and the total compensation for Additional Services (if any, per Section 4 of the Agreement) do not exceed the amounts set forth in Section 4 of this Agreement. CONSULTANT agrees to complete all Services, any specified reimbursable expenses, and Additional Services (if any, per Section 4), within this/these amount(s). Any work performed or expenses incurred for which payment would result in a total exceeding the maximum amount of compensation set forth in this Agreement shall be at no cost to the CITY. BUDGET SCHEDULE NOT TO EXCEED AMOUNT Task 1 ((Monitoring Year 1)) $144,040 Task 2 (Monitoring Year 2) $148,356.00 Task 3 (Monitoring Year 3) $152,828.00 Task 4 (Monitoring Year 4) $157,404.00 Task 5 (Monitoring Year 5+ last month) $175,647.33 Sub-total for Services $778,275.33 Reimbursable Expenses (if any) $0 Total for Services and Reimbursable Expenses $778,275.33 Additional Services (if any, per Section 4) $0 Maximum Total Compensation $778,275.33 DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 Professional Services Rev. Dec.15, 2020 Page 19 of 21 REIMBURSABLE EXPENSES CONSULTANT’S ordinary business expenses, such as administrative, overhead, administrative support time/overtime, information systems, software and hardware, photocopying, telecommunications (telephone, internet), in-house printing, insurance and other ordinary business expenses, are included within the scope of payment for Services and are not reimbursable expenses hereunder. Reimbursable expenses, if any are specified as reimbursable under this section, will be reimbursed at actual cost. The expenses (by type, e.g. travel) for which CONSULTANT will be reimbursed are: NONE up to the not-to-exceed amount of: $0.00. A. Travel outside the San Francisco Bay Area, including transportation and meals, if specified as reimbursable, will be reimbursed at actual cost subject to the City of Palo Alto’s policy for reimbursement of travel and meal expenses. All requests for reimbursement of expenses, if any are specified as reimbursable under this section, shall be accompanied by appropriate backup documentation and information. DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 Professional Services Rev. Dec.15, 2020 Page 20 of 21 EXHIBIT D INSURANCE REQUIREMENTS CONSULTANTS TO THE CITY OF PALO ALTO (CITY), AT THEIR SOLE EXPENSE, SHALL FOR THE TERM OF THE CONTRACT OBTAIN AND MAINTAIN INSURANCE IN THE AMOUNTS FOR THE COVERAGE SPECIFIED BELOW, AFFORDED BY COMPANIES WITH AM BEST’S KEY RATING OF A-:VII, OR HIGHER, LICENSED OR AUTHORIZED TO TRANSACT INSURANCE BUSINESS IN THE STATE OF CALIFORNIA. AWARD IS CONTINGENT ON COMPLIANCE WITH CITY’S INSURANCE REQUIREMENTS AS SPECIFIED HEREIN. REQUIRED TYPE OF COVERAGE REQUIREMENT MINIMUM LIMITS EACH OCCURRENCE AGGREGATE YES YES WORKER’S COMPENSATION EMPLOYER’S LIABILITY STATUTORY STATUTORY STATUTORY STATUTORY YES GENERAL LIABILITY, INCLUDING PERSONAL INJURY, BROAD FORM PROPERTY DAMAGE BLANKET CONTRACTUAL, AND FIRE LEGAL LIABILITY BODILY INJURY PROPERTY DAMAGE BODILY INJURY & PROPERTY DAMAGE COMBINED. $1,000,000 $1,000,000 $1,000,000 $1,000,000 $1,000,000 $1,000,000 BODILY INJURY $1,000,000 $1,000,000 - EACH PERSON $1,000,000 $1,000,000 YES AUTOMOBILE LIABILITY, - EACH OCCURRENCE $1,000,000 $1,000,000 INCLUDING ALL OWNED, HIRED, NON-OWNED PROPERTY DAMAGE $1,000,000 $1,000,000 BODILY INJURY AND PROPERTY $1,000,000 $1,000,000 DAMAGE, COMBINED YES PROFESSIONAL LIABILITY, INCLUDING, ERRORS AND OMISSIONS, MALPRACTICE (WHEN APPLICABLE), AND NEGLIGENT PERFORMANCE ALL DAMAGES $1,000,000 YES THE CITY OF PALO ALTO IS TO BE NAMED AS AN ADDITIONAL INSURED: CONSULTANT, AT ITS SOLE COST AND EXPENSE, SHALL OBTAIN AND MAINTAIN, IN FULL FORCE AND EFFECT THROUGHOUT THE ENTIRE TERM OF ANY RESULTANT AGREEMENT, THE INSURANCE COVERAGE HEREIN DESCRIBED, INSURING NOT ONLY CONSULTANT AND ITS SUBCONSULTANTS, IF ANY, BUT ALSO, WITH THE EXCEPTION OF WORKERS’ COMPENSATION, EMPLOYER’S LIABILITY AND PROFESSIONAL INSURANCE, NAMING AS ADDITIONAL INSUREDS CITY, ITS COUNCIL MEMBERS, OFFICERS, AGENTS, AND EMPLOYEES. I.INSURANCE COVERAGE MUST INCLUDE: A.A CONTRACTUAL LIABILITY ENDORSEMENT PROVIDING INSURANCE COVERAGE FOR CONSULTANT’S AGREEMENT TO INDEMNIFY CITY. II.THE CONSULTANT MUST SUBMIT CERTIFICATES(S) OF INSURANCE EVIDENCING REQUIRED COVERAGE AT THE FOLLOWING URL: HTTPS://WWW.PLANETBIDS.COM/PORTAL/PORTAL.CFM?COMPANYID=25569 III.ENDORSEMENT PROVISIONS WITH RESPECT TO THE INSURANCE AFFORDED TO ADDITIONAL INSUREDS: A.PRIMARY COVERAGE WITH RESPECT TO CLAIMS ARISING OUT OF THE OPERATIONS OF THE NAMED INSURED, INSURANCE AS AFFORDED BY THIS POLICY IS PRIMARY AND IS NOT ADDITIONAL TO OR CONTRIBUTING WITH ANY OTHER INSURANCE CARRIED BY OR FOR THE BENEFIT OF THE ADDITIONAL INSUREDS. DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 Professional Services Rev. Dec.15, 2020 Page 21 of 21 B. CROSS LIABILITY THE NAMING OF MORE THAN ONE PERSON, FIRM, OR CORPORATION AS INSUREDS UNDER THE POLICY SHALL NOT, FOR THAT REASON ALONE, EXTINGUISH ANY RIGHTS OF THE INSURED AGAINST ANOTHER, BUT THIS ENDORSEMENT, AND THE NAMING OF MULTIPLE INSUREDS, SHALL NOT INCREASE THE TOTAL LIABILITY OF THE COMPANY UNDER THIS POLICY. C.NOTICE OF CANCELLATION 1.IF THE POLICY IS CANCELED BEFORE ITS EXPIRATION DATE FOR ANY REASON OTHER THAN THE NON-PAYMENT OF PREMIUM, THE CONSULTANT SHALL PROVIDE CITY AT LEAST A THIRTY (30) DAY WRITTEN NOTICE BEFORE THE EFFECTIVE DATE OF CANCELLATION. 2.IF THE POLICY IS CANCELED BEFORE ITS EXPIRATION DATE FOR THE NON-PAYMENT OF PREMIUM, THE CONSULTANT SHALL PROVIDE CITY AT LEAST A TEN (10) DAY WRITTEN NOTICE BEFORE THE EFFECTIVE DATE OF CANCELLATION. EVIDENCE OF INSURANCE AND OTHER RELATED NOTICES ARE REQUIRED TO BE FILED WITH THE CITY OF PALO ALTO AT THE FOLLOWING URL: HTTPS://WWW.PLANETBIDS.COM/PORTAL/PORTAL.CFM?COMPANYID=25569 OR HTTP://WWW.CITYOFPALOALTO.ORG/GOV/DEPTS/ASD/PLANET_BIDS_HOW_TO.ASP DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 POLICY AND PROCEDURES 1-XX/ITD Revised: July 2017 EXHIBIT E INFORMATION PRIVACY POLICY POLICY STATEMENT The City of Palo Alto (the “City”) strives to promote and sustain a superior quality of life for persons in Palo Alto. In promoting the quality of life of these persons, it is the policy of the City, consistent with the provisions of the California Public Records Act, California Government Code §§6250 – 6270, to take appropriate measures to safeguard the security and privacy of the personal (including, without limitation, financial) information of persons, collected in the ordinary course and scope of conducting the City’s business as a local government agency. These measures are generally observed by federal, state and local authorities and reflected in federal and California laws, the City’s rules and regulations, and industry best practices, including, without limitation, the provisions of California Civil Code §§ 1798.3(a), 1798.24, 1798.79.8(b), 1798.80(e), 1798.81.5, 1798.82(e), 1798.83(e)(7), and 1798.92(c). Though some of these provisions do not apply to local government agencies like the City, the City will conduct business in a manner which promotes the privacy of personal information, as reflected in federal and California laws. The objective of this Policy is to describe the City’s data security goals and objectives, to ensure the ongoing protection of the Personal Information, Personally Identifiable Information, Protected Critical Infrastructure Information and Personally Identifying Information of persons doing business with the City and receiving services from the City or a third party under contract to the City to provide services. The terms “Personal Information,” “Protected Critical Infrastructure Information”, “Personally Identifiable Information” and “Personally Identifying Information” (collectively, the “Information”) are defined in the California Civil Code sections, referred to above, and are incorporated in this Policy by reference. PURPOSE The City, acting in its governmental and proprietary capacities, collects the Information pertaining to persons who do business with or receive services from the City. The Information is collected by a variety of means, including, without limitation, from persons applying to receive services provided by the City, persons accessing the City’s website, and persons who access other information portals maintained by the City’s staff and/or authorized third-party contractors. The City is committed to protecting the privacy and security of the Information collected by the City. The City acknowledges federal and California laws, policies, rules, regulations and procedures, Page 1 of 8 DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 POLICY AND PROCEDURES 1-XX/ITD Revised: July 2017 Page 2 of 8 and industry best practices are dedicated to ensuring the Information is collected, stored and utilized in compliance with applicable laws. The goals and objectives of the Policy are: (a) a safe, productive, and inoffensive work environment for all users having access to the City’s applications and databases; (b) the appropriate maintenance and security of database information assets owned by, or entrusted to, the City; (c) the controlled access and security of the Information provided to the City’s staff and third party contractors; and (d) faithful compliance with legal and regulatory requirements. SCOPE The Policy will guide the City’s staff and, indirectly, third party contractors, which are by contract required to protect the confidentiality and privacy of the Information of the persons whose personal information data are intended to be covered by the Policy and which will be advised by City staff to conform their performances to the Policy should they enjoy conditional access to that information. CONSEQUENCES The City’s employees shall comply with the Policy in the execution of their official duties to the extent their work implicates access to the Information referred to in this Policy. A failure to comply may result in employment and/or legal consequences. EXCEPTIONS In the event that a City employee cannot fully comply with one or more element(s) described in this Policy, the employee may request an exception by submitting Security Exception Request. The exception request will be reviewed and administered by the City’s Information Security Manager (the “ISM”). The employee, with the approval of his or her supervisor, will provide any additional information as may be requested by the ISM. The ISM will conduct a risk assessment of the requested exception in accordance with guidelines approved by the City’s Chief Information Officer (“CIO”) and approved as to form by the City Attorney. The Policy’s guidelines will include at a minimum: purpose, source, collection, storage, access, retention, usage, and protection of the Information identified in the request. The ISM will consult with the CIO to approve or deny the exception request. After due consideration is given to the request, the exception request disposition will be communicated, in writing, to the City employee and his or her supervisor. The approval of any request may be subject to countermeasures establis hed by the CIO, acting by the ISM. MUNICIPAL ORDINANCE This Policy will supersede any City policy, rule, regulation or procedure regarding information privacy. DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 POLICY AND PROCEDURES 1-XX/ITD Revised: July 2017 Page 3 of 8 RESPONSIBILITIES OF CITY STAFF A.RESPONSIBILITY OF CIO AND ISM The CIO, acting by the ISM, will establish an information security management framework to initiate and coordinate the implementation of information security measures by the City’s government. The City’s employees, in particular, software application use rs and database users, and, indirectly, third party contractors under contract to the City to provide services, shall by guided by this Policy in the performance of their job responsibilities. The ISM will be responsible for: (a) developing and updating the Policy, (b) enforcing compliance with and the effectiveness of the Policy; (c) the development of privacy standards that will manifest the Policy in detailed, auditable technical requirements, which will be designed and maintained by the persons respon sible for the City’s IT environments; (d) assisting the City’s staff in evaluating security and privacy incidents that arise in regard to potential violations of the Policy; (e) reviewing and approving department-specific policies and procedures which fall under the purview of this Policy; and (f) reviewing Non -Disclosure Agreements (NDAs) signed by third party contractors, which will provide services, including, without limitation, local or ‘cloud-based’ software services to the City. B.RESPONSIBILITY OF INFORMATION SECURITY STEERING COMMITTEE The Information Security Steering Committee (the “ISSC”), which is comprised of the City’s employees, drawn from the various City departments, will provide the primary direction, prioritization and approval for all information security efforts, including key information security and privacy risks, programs, initiatives and activities. The ISSC will provide input to the information security and privacy strategic planning processes to ensure that information security risks are adequately considered, assessed and addressed at the appropriate City department level. C.RESPONSIBILITY OF USERS All authorized users of the Information will be responsible for complying with information privacy processes and technologies within the scope of responsibility of each user. D.RESPONSIBILITY OF INFORMATION TECHNOLOGY (IT) MANAGERS The City’s IT Managers, who are responsible for internal, external, direct and indirect connections to the City’s networks, will be responsible for configurin g, maintaining and securing the City’s IT networks in compliance with the City’s information security and privacy DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 POLICY AND PROCEDURES 1-XX/ITD Revised: July 2017 Page 4 of 8 policies. They are also responsible for timely internal reporting of events that may have compromised network, system or data security. E.RESPONSIBILITY OF AUTHORIZATION COORDINATION The ISM will ensure that the City’s employees secure the execution of Non -Disclosure Agreements (NDA), whenever access to the Information will be granted to third party contractors, in conjunction with the Software as a Service (SaaS) Security and Privacy Terms and Conditions. An NDA must be executed prior to the sharing of the Information of persons covered by this Policy with third party contractors. The City’s approach to managing information security and its implementation (i.e. objectives, policies, processes, and procedures for information security) will be reviewed independently by the ISM at planned intervals, or whenever significant changes to security implementation have occurred. The CIO, acting by the ISM, will review and recommend changes to the Policy annually, or as appropriate, commencing from the date of its adoption. GENERAL PROCEDURE FOR INFORMATION PRIVACY A.OVERVIEW The Policy applies to activities that involve the use of the City’s information assets, namely, the Information of persons doing business with the City or receiving services from the City, which are owned by, or entrusted to, the City and will be made available to the City’s employees and third party contractors under contract to the City to provide Software as a Service consulting services. These activities include, without limitation, accessing the Internet, using e-mail, accessing the City’s intranet or other networks, systems, or devices. The term “information assets” also includes the personal information of the City’s employees and any other related organizations while those assets are under the City’s control. Security measures will be designed, implemented, and maintained to ensure that only authorized persons will enjoy access to the information assets. The City’s staff will act to protect its information assets from theft, damage, loss, compromise, and inappropriate disclosure or alteration. The City will plan, design, implement and maintain information management systems, networks and processes in order to assure the appropriate confidentiality, integrity, and availability of its information assets to the City’s employees and authorized third parties. B.PERSONAL INFORMATION AND CHOICE Except as permitted or provided by applicable laws, the City will not share the Information of any person doing business with the City, or receiving services from the City, in violation of this Policy, unless that person has consented to the City’s sharing of such information during DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 POLICY AND PROCEDURES 1-XX/ITD Revised: July 2017 Page 5 of 8 the conduct of the City’s business as a local government agency with third parties under contract to the City to provide services. C.METHODS OF COLLECTION OF PERSONAL INFORMATION The City may gather the Information from a variety of sources and resources, provided that the collection of such information is both necessary and appropriate in order for the City to conduct business as a local government agency in its governmental and proprietary capacities. That information may be gathered at service windows and contact centers as well as at web sites, by mobile applications, and with other technologies, wherever the City may interact with persons who need to share such formation in order to secure the City’s services. The City’s staff will inform the persons whose Information are covered by this Policy that the City’s web site may use “cookies” to customize the browsing experience with the City of Palo Alto web site. The City will note that a cookie contains unique inf ormation that a web site can use to track, among others, the Internet Protocol address of the computer used to access the City’s web sites, the identification of the browser software and operating systems used, the date and time a user accessed the site, and the Internet address of the website from which the user linked to the City’s web sites. Cookies created on the user’s computer by using the City’s web site do not contain the Information, and thus do not compromise the user’s privacy or security. Users can refuse the cookies or delete the cookie files from their computers by using any of the widely available methods. If the user chooses not to accept a cookie on his or her computer, it will not prevent or prohibit the user from gaining access to or using the City’s sites. D.UTILITIES SERVICE In the provision of utility services to persons located within Palo Alto, the City of Palo Alto Utilities Department (“CPAU”) will collect the Information in order to initiate and manage utility services to customers. To the extent the management of that information is not specifically addressed in the Utilities Rules and Regulations or other ordinances, rules, regulations or procedures, this Policy will apply; provided, however, any such Rules and Regulations must conform to this Policy, unless otherwise directed or approved by the Council. This includes the sharing of CPAU-collected Information with other City departments except as may be required by law. Businesses and residents with standard utility meters and/or having non-metered monthly services will have secure access through a CPAU website to their Information, including, without limitation, their monthly utility usage and billing data. In addition to their regular monthly utilities billing, businesses and residents with non-standard or experimental electric, water or natural gas meters may have their usage and/or billing data provided to them through non-City electronic portals at different intervals than with the standard monthly billing. DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 POLICY AND PROCEDURES 1-XX/ITD Revised: July 2017 Page 6 of 8 Businesses and residents with such non-standard or experimental metering will have their Information covered by the same privacy protections and personal information exchange rules applicable to Information under applicable federal and California laws. E.PUBLIC DISCLOSURE The Information that is collected by the City in the ordinary course and scope of conducting its business could be incorporated in a public record that may be subject to inspection and copying by the public, unless such information is exempt from disclosure to the public by California law. F.ACCESS TO PERSONAL INFORMATION The City will take reasonable steps to verify a person’s identity before the City will grant anyone online access to that person’s Information. Each City department that collects Information will afford access to affected persons who can review and update that information at reasonable times. G.SECURITY, CONFIDENTIALITY AND NON-DISCLOSURE Except as otherwise provided by applicable law or this Policy, the City will treat the Information of persons covered by this Policy as confidential and will not disclose it, or permit it to be disclosed, to third parties without the express written consent of the person affected. The City will develop and maintain reasonable controls that are designed to protect the confidentiality and security of the Information of persons covered by this Policy. The City may authorize the City’s employee and or third party contractors to access and/or use the Information of persons who do business with the City or receiv e services from the City. In those instances, the City will require the City’s employee and/or the third party contractors to agree to use such Information only in furtherance of City-related business and in accordance with the Policy. If the City becomes aware of a breach, or has reasonable grounds to believe that a security breach has occurred, with respect to the Information of a person, the City will notify the affected person of such breach in accordance with applicable laws. The notice of breach wil l include the date(s) or estimated date(s) of the known or suspected breach, the nature of the Information that is the subject of the breach, and the proposed action to be taken or the responsive action taken by the City. H.DATA RETENTION / INFORMATION RETENTION DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 POLICY AND PROCEDURES 1-XX/ITD Revised: July 2017 Page 7 of 8 The City will store and secure all Information for a period of time as may be required by law, or if no period is established by law, for seven (7) years, and thereafter such information will be scheduled for destruction. I.SOFTWARE AS A SERVICE (SAAS) OVERSIGHT The City may engage third party contractors and vendors to provide software application and database services, commonly known as Software-as-a-Service (SaaS). In order to assure the privacy and security of the Information of those who do bu siness with the City and those who received services from the City, as a condition of selling goods and/or services to the City, the SaaS services provider and its subcontractors, if any, including any IT infrastructure services provider, shall design, install, provide, and maintain a secure IT environment, while it performs such services and/or furnishes goods to the City, to the extent any scope of work or services implicates the confidentiality and privacy of the Information. These requirements include information security directives pertaining to: (a) the IT infrastructure, by which the services are provided to the City, including connection to the City's IT systems; (b) the SaaS services provider’s operations and maintenance processes needed to support the IT environment, including disaster recovery and business continuity planning; and (c) the IT infrastructure performance monitoring services to ensure a secure and reliable environment and service availability to the City. The term “IT infrastructure” refers to the integrated framework, including, without limitation, data centers, computers, and database management devices, upon which digital networks operate. Prior to entering into an agreement to provide services to the City, the City’s staff will require the SaaS services provider to complete and submit an Information Security and Privacy Questionnaire. In the event that the SaaS services provider reasonably determines that it cannot fulfill the information security requirements during the course of providing services, the City will require the SaaS services provider to promptly inform the ISM. J.FAIR AND ACCURATE CREDIT TRANSACTION ACT OF 2003 CPAU will require utility customers to provide their Information in order for the City to initiate and manage utility services to them. Federal regulations, implementing the Fair and Accurate Credit Transactions Act of 2003 (Public Law 108-159), including the Red Flag Rules, require that CPAU, as a “covered financial institution or creditor” which provides services in advance of payment and which can affect consumer credit, develop and implement procedures for an identity theft program for new and existing accounts to detect, prevent, respond and mitigate potential identity theft of its customers’ Information. DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 POLICY AND PROCEDURES 1-XX/ITD Revised: July 2017 Page 8 of 8 CPAU procedures for potential identity theft will be reviewed independently by the ISM annually or whenever significant changes to security implementation have occurred. The ISM will recommend changes to CPAU identity theft procedures, or as appropriat e, so as to conform to this Policy. There are California laws which are applicable to identity theft; they are set forth in California Civil Code § 1798.92. NOTE: Questions regarding this policy should be referred to the Information Technology Department, as appropriate. DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 City of Palo Alto Information Security Document Version: V3.0 Doc: InfoSec 110 Page 1 of 3 EXHIBIT F CYBERSECURITY TERMS AND CONDITIONS In order to assure the privacy and security of the personal information of the City's customers and people who do business with the City, including, without limitation, vendors, utility customers, library patrons, and other individuals and companies, who are required to share such information with the City, as a condition of receiving services from the City or selling goods and services to the City, including, without limitation, the Software as a Service services provider (the "Consultant") and its subcontractors, if any, including, without limitation, any Information Technology ("IT") infrastructure services provider, shall design, install, provide, and maintain a secure IT environment, described below, while it renders and performs the Services and furnishes goods, if any, described in the Statement of Work, Exhibit B, to the extent any scope of work implicates the confidentiality and privacy of the personal information of the C ity's customers. The Consultant shall fulfill the data and information sec urity requirements (the "Requirements") set forth in Part A below. A "secure IT environment" includes (a) the IT infrastructure, by which the Services are provided to the City, including connection to the City's IT systems; (b) the Consultant 's o perations and maintenance processes needed to support the environment, including disaster recovery and business continuity planning; and (c) the IT infrastructure performance monitoring services to ensure a secure and reliable environment and service availability to the City. "IT infrastructure" refers to the integrated framework, including, without limitation, data centers, computers, and database management devices, upon which digital networks operate. In the event that, after the Effective Date, the Consultant reasonably determines that it cannot fulfill the Requirements, the Consultant shall promptly inform the City of its determination and submit, in writing, one or more alternate countermeasure options to the Requirements (the "Alternate Requirements" as set forth in Part B), which may be accepted or rejected in the reasonable satisfaction of the Information Security Manager (the "ISM"). Part A. Requirements: The Consultant shall at all times during the term of any contract between the City and the Consultant: (a)Appoint or designate an employee, preferably an executive officer, as the security liaison to the City with respect to the Services to be performed under this Agreement. (b)Comply with the City's Information Privacy Policy: (c) Have adopted and implemented information security and privacy policies that are documented, are accessible to the City, and conform to ISO 27001/2 – Information Security Management Systems (ISMS) Standards. See the following: http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=42103 http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=50297 (d)Conduct routine data and information security compliance training of its personnel that is appropriate to their role. (e)Develop and maintain detailed documentation of the IT infrastructure, including software versions and patch levels. (f)Develop an independently verifiable process, consistent with industry standards, for performing professional and criminal background checks of its employees that (1) would permit verification of employees' personal identity and employment status, and (2) would enable the immediate denial of access to the City's confidential data and information by any of its employees who no DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 City of Palo Alto Information Security Document Version: V3.0 Doc: InfoSec 110 Page 2 of 3 longer would require access to that information or who are terminated. (g) Provide a list of IT infrastructure components in order to verify whether the Consultant has met or has failed to meet any objective terms and conditions. (h) Implement access accountability (identification and authentication) architecture and support role-based access control ("RBAC") and segregation of duties ("SoD") mechanisms for all personnel, systems, and Software used to provide the Services. "RBAC" refers to a computer systems security approach to restricting access only to authorized users. "SoD" is an approach that would require more than one individual to complete a security task in order to promote the detection and prevention of fraud and errors. (i) Assist the City in undertaking annually an assessment to assure that: (1) all elements of the Services' environment design and deployment are known to the City, and (2) it has implemented measures in accordance with industry best practices applicable to secure coding and secure IT architecture. (j) Provide and maintain secure intersystem communication paths that would ensure the confidentiality, integrity, and availability of the City's information. (k) Deploy and maintain IT system upgrades, patches and configurations conforming to current patch and/or release levels by not later than one (1) week after its date of release. Emergency security patches must be installed within 24 hours after its date of release. (l) Provide for the timely detection of, response to, and the reporting of security incidents, including on-going incident monitoring with logging. (m) Notify the City within one (1) hour of detecting a security incident that results in the unauthorized access to or the misuse of the City's confidential data and information. (n) Inform the City that any third party service provider(s) meet(s) all of the Requirements. (o) Perform security self-audits on a regular basis and not less frequently than on a quarterly basis, and provide the required summary reports of those self-audits to the ISM on the annual anniversary date or any other date agreed to by the Parties. (p) Accommodate, as practicable, and upon reasonable prior notice by the City, the City's performance of random site security audits at the Consultant's site(s), including the site(s) of a third-party service provider(s), as applicable. The scope of these audits will extend to the Consultant's and its third-party service provider(s)' awareness of security policies and practices, systems configurations, access authentication and authorization, and incident detection and response. (q) Cooperate with the City to ensure that to the extent required by applicable laws, rules and regulations, and the Confidential Information will be accessible only by the Consultant and any authorized third-party service provider's personnel. (r) Perform regular, reliable secured backups of all data needed to maximize the availability of the Services. Adequately encrypt the City of Palo Alto's data, during the operational process, hosted at rest, and the backup stage at the Vendors' environment (including Vendor's contracting organization's environment). (s) Maintain records relating to the Services for a period of three (3) years after the expiration or earlier termination of this Agreement and in a mutually agreeable storage medium. Within thirty (30) days after the effective date of expiration or earlier termination of this Agreement, all of those records relating to the performance of the Services shall be provided to the ISM. (t) Maintain the Confidential Information in accordance with applicable federal, state, and local data and information privacy laws, rules, and regulations. (u) Encrypt the Confidential Information before delivering the same by electronic mail to the City and or any authorized recipient. (v) Provide Network Layer IP filtering services to allow access only from the City of Palo Alto's IP address to the Vendor environment (primarily hosted for the City of Palo Alto). (w) Offer a robust disaster recovery and business continuity (DR-BCP) solutions to the City for the systems and services the Vendor provides to the City. DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 City of Palo Alto Information Security Document Version: V3.0 Doc: InfoSec 110 Page 3 of 3 (x) Provide and support Single Sign-on (SSO) and Multifactor Authentication (MFA) solutions for authentication and authorization services from the "City's environment to the Vendor's environment," and Vendor's environment to the Vendor's cloud services/hosted environment." The Vendor shall allow two employees of the City to have superuser and super-admin access to the Vendor's IT environment, and a cloud-hosted IT environment belongs to the City. (y) Unless otherwise addressed in the Agreement, shall not hold the City liable for any direct, indirect or punitive damages whatsoever including, without limitation, damages for loss of use, data or profits, arising out of or in any way connected with the City's IT environment, including, without limitation, IT infrastructure communications. (z) The Vendor must provide evidence of valid cyber liability insurance policy per the City’s EXHIBIT “D” INSURANCE REQUIREMENTS. Part B. Alternate Requirements: DocuSign Envelope ID: 39347347-1DCC-4710-A725-EDC386DA65F9 City Council Supplemental Report From: Ken Dueker, Director Office of Emergency Services Meeting Date: August 7, 2023 Report #:2308-1881 TITLE Amendment to Agenda Item 10 on the consent calendar for the City Council Meeting on August 7, 2023 regarding Approval and Authorization of the City Manager to Execute a Contract with Allied Universal Technology Services (AUTS) for Intrusion Detection System (IDS) monitoring and notification services. CEQA status - not a project. RECOMMENDATION Staff recommends that Council approve and authorize the City Manager or their designee to execute a contract with Allied Universal Technology Services (AUTS) in an Amount Not-to- Exceed $144,040 for the period of June 2, 2023 – June 30, 2024, to provide IDS monitoring and notification services. BACKGROUND After the agenda was published for the August 7, 2023 Council meeting, staff recommends a change to the contract terms with AUTS as follows: 1. The term of the contract is for one year, expiring on June 30, 2024. 2. The not-to-exceed compensation for the contract is $144,040. The remaining contract terms are unchanged. Staff is currently working with the vendor to revise the terms to reflect a 1-year contract term. A new contract will be placed at places at the August 7 Council Meeting. During the year, staff plans to evaluate with the Council this system, its goals, and the Council priorities to support this technology. ATTACHMENTS None. APPROVED BY: Ken Dueker, Director Office of Emergency Services Dear Mayor and Council Members: On behalf of City Manager Ed Shikada, please find below the staff responses to questions from Councilmember Tanaka regarding the Monday, August 7 Council Meeting consent agenda items. Item 10: Approval and Authorization of the City Manager to Execute a Contract with Allied Universal Technology Services (AUTS) (C24187696) in an Amount Not-to-Exceed $778,275 over 5 years and one month period ending June 30, 2028 to provide Intrusion Detection System (IDS) monitoring and notification services. CEQA status - not a project. 1. The new contract includes annual cost increases to account for inflation expectations, which were not part of the previous contract. How are these increases calculated, and what specific costs or factors do they account for? Can you provide a detailed breakdown of the cost differences between the two contracts? Staff response: The staff recommendation has been revised in a supplemental memorandum released as part of the revised August 7, 2023 agenda, reflecting a one year contract term and no longer includes this provision. Item 12: Approval of FY 2024 Budget Amendment in the Residential Housing In-Lieu Fund for the Reappropriation of $3.0 million from FY 2023 to FY 2024 for 231 Grant Avenue Loan Agreement; CEQA – Not a Project 1. How were Mercy Housing and Abode Communities selected as the developers, and what criteria were used in the selection process? Was there an open bid for the development contract, and if not, why not? Staff response: In February 2019, Santa Clara County issued a Request for Proposals (RFP) to “create a high-quality educator workforce housing development at a central location in Palo Alto”. Both Mercy Housing and Abode Communities responded to the RFP and were later selected by the County. City staff do not have the details of the RFP criteria. For more information, please visit the Mercy Housing California and Abode Communities Frequently Asked Questions webpage. Item 14: Approval of a General Services Contract with All City Management Services in an Amount not to Exceed $3,920,865 Over a Five Year Term, for Crossing Guard Services; and Approval of a FY 2024 Budget Amendment in the General Fund (2/3 vote required); CEQA status - not a project. 1. The document also notes that the previous bid process received three bids, whereas the current one received only one. Although information about providers’ needs to provide 8- hour shifts is mentioned as an obstacle to responding, the RFP was sent to 741 vendors and no other possible explanations for the lack of responses are mentioned. Why did this bid process only result in one bid, and what efforts were made to encourage vendors to make bids? Staff response: Police Department staff can only presume to know the reason why only one company responded to the bid. Police staff are aware there are very few companies that provide crossing guard services in the region. Staff was able to identify three companies as possibly being capable of performing these services in compliance with the City of Palo Alto and State of CA traffic laws and regulations. Those three vendors were solicited. Police staff are not able to explain why the purchasing portal contains 741 potential vendors. Several cities perform crossing guard services through a city-led, internal program, if they are not contracting those services. However, the Police staff recognized, many years ago, the most cost-effective method to perform crossing guard services in Palo Alto was through an independent contractor. Staff still maintains that position due to the added workload of recruiting, hiring, staffing, and managing over 30 workers and their alternates (up to 60 part-time workers) to assign to 30 locations at short shifts, 180 days each school year. 2. The 27% cost increase is attributed to labor cost increases, but were there any other factors? If so, what were they? Regarding labor costs, it is important to note that for the previous 5-year contract, the wage rate only rose from $23.02 in 2018 to $25.25 in 2023. The last several years post- pandemic, there have been some staffing and supervision issues, due to the nature of the job and the relatively few hours per day, that staff anticipates the increase in hourly wage should alleviate. The additional labor cost can also be attributed to increases in spending for hiring/recruitment, additional in-field supervision, training, equipment, and insurance costs (according to All Cities Management Service). The current bid being reviewed has an increase of $1.63/hour each year for the 5-year period, from $30.47 in 2023 to $37.08 in 2028.