ANY PROPOSALS RECEIVED AFTER THE DEADLINE WILL BE RETURNED UNOPENED

Transcription

1 Request for Proposal Unify PBX Maintenance Agreement July 17, 2014 PROPOSAL DUE DATE: August 1, 2014, 11:00 am (CDT) ANY PROPOSALS RECEIVED AFTER THE DEADLINE WILL BE RETURNED UNOPENED The City of Lake Forest Joseph Gabanski Assistant Director IT Division 800 N. Field Drive Lake Forest, IL (847) /25

2 Table of Contents 1. Purpose of Request for Proposal Background Scope of Work Company Information Contract Terms Anticipated Project Schedule Proposal Submission Requirements Evaluation Criteria and Selection Process Award of Contract The City of Lake Forest Reservation of Rights Terms and Conditions Identity Theft Protection (Attachment A) General Certification Requirements City of Lake Forest Insurance Requirements Attachment A (Identity Theft Policy) Annex 1 - Price Page Annex 2 - Existing System Layout /25

3 1. Purpose of Request for Proposal The purpose of this Request for Proposal (RFP) is to establish a contract between The City of Lake Forest and a qualified vendor to maintain the City s Unify PBX and Xpressions voice mail systems. 2. Background The City of Lake Forest is a prestigious North Shore municipality of about 19,000 residents located north of Chicago. The City is currently served by a Unify (formerly Siemens) mult-site PBX system and an Expressions voice mail system. The system is over 10 years old and is currently covered under a Unify maintenance agreement. System configuration: The system serves the following City buildings: Buildings Address City Hall Municipal Service Center Public Safety Building Fire Station 2 Senior Center Library Recreation Center Cemetary Water Plant Cable Office 220 East Deerpath Road 800 North Field Drive 225 West Deerpath Road 1111 South Telegraph Road 100 East Old Mill Road 360 East Deerpath Road 400 North Hastings Road 520 East Spruce Avenue 1441 North Lake Road 95 West Deerpath Road Sites with IP telephones only Golf Course Wildlife Discovery Center Beach/Boat House 500 West Deerpath Road 1401 West Middle Fork Road 501 North Forest Park Road The system configuration includes: The Unify system utilizes the City s fiber WAN for connectivity between sites. Unify Version 4.0 software operating on the following systems: Building Unify Telco Services Digital Telephones City Hall HiPath POTs 14 Municipal Service Center HiPath 3700/3750 ISDN PRI 86 Public Safety Building HiPath 3700/3750 ISDN PRI 55 Fire Station 2 HiPath POTs 16 Senior Center HiPath POTs 14 Library HiPath POTs 27 Recreation Center HiPath 3700/ POTs 43 3/25

4 Cemetery HiPath POTs 3 Water Plant HiPath POTs 3 Cable Office HiPath 3500 none 4 Sites with IP telephones only Building IP Telephones Golf Course 8 Nature Center 1 Beach/Boat House 2 The equipment layout of each site is provided in Annex Scope of Work The selected vendor must have the ability to deliver the following: 3.1 Service and Maintenance Remote access (secure VPN) will be provided to the system. The vendor must be capable and utilize this access for diagnostic routines, addressing minor system alarms major system failures, and minor program changes. Dispatch and contact procedures must be established as part of the maintenance call process The agreement will be for Business Day (8:00 a.m. to 5:00 p.m. Monday through Friday) maintenance service. However, the agreement must guarantee that support will be available 7x24x365 should the City determine that it is necessary Provide the provisions and cost for maintenance during non-business hours should it be required A two-hour maximum response time by the vendor is required for a major outage or total system failure. A major outage is defined as: System unable to process calls % or more of administrative stations or trunks out of service A next business day maximum on site response time for normal type maintenance calls is required The vendor must be willing to take responsibility for diagnosing equipment problems and notifying the telephone company should the trouble be determined to exist in the LEC facilities. Your company must be responsible for any service charge billed to the City for service by the telephone company if it is determined that the trouble is in the interconnect equipment. 4/25

5 3.2 Manufacturer Support: Will Unify offer written assurance to the City that they will stand behind your service? This includes the potential circumstance if your company were to fail or not fulfill your maintenance obligations. If so, attach document. 3.3 Does your company perform all of your own maintenance? Will you commit to this? Please include an attachment as evidence to this guarantee. 3.4 Billing The City of Lake Forest will have a single point of contact for all billing questions. Regardless of the nature of a billing question the City of Lake Forest will only be required to deal with one person (or department). The vendor will be required to provide complete internal coordination (between departments, if required) to resolve the issue in question. 3.5 Service/Repair Orders The City of Lake Forest will have a single point of contact for placing all orders. Regardless of the nature of an order, the City of Lake Forest will only be required to deal with one person (or department). The vendor will be required to provide complete internal coordination (between departments, if required) of any order for service. 4. Company Information 4.1 Provide a brief description of your company including: Ownership (private or public) Number of years in business Number of years in business related to this RFP Financial information Annual Report Number of Unify customers in the Chicago metropolitan area Number of Unify certified technicians based in the Chicago metropolitan area Unify dealer level designation 5. Contract Terms 5.1. The terms of the contract shall be 12 months. The Agreement will have a one year term of service (Term) commencing on the Term Commencement Date specified in the Vendor s Response. The City may elect to terminate the Term by giving the Vendor 30 days prior written notice, which will be effective after the 30 th day. 5/25

6 6. Anticipated Project Schedule This schedule represents the project milestones. July 17, 2014 RFP issued and posted on City web site July 28, 2014 (12:00p.m. CDT) Submit Intention to Respond and Questions for Clarification July 29, 2014 Response to Questions Returned August 1, :00 a.m. RFP Proposal Due 7. Proposal Submission Requirements 7.1. Applicants must submit 1 original physical & 1 electronic copy of their Proposal to The City. Proposals shall be submitted in a sealed envelope bearing the legend "Sealed Proposal for Unify PBX Maintenance Agreement". All proposals received after the time specified for proposals due shall be returned unopened. The electronic copy must be in.pdf format and must be enclosed in the sealed envelope on CD/DVD, or USB flash drive All inquiries or questions regarding this RFP are to be ed only to the following individual: Joseph Gabanski, Assistant Director IT Division Address: GabanskiJ@cityoflakeforest.com 7.3. Responses to questions will be provided by July 29, Sealed Proposals to be delivered to: Joseph Gabanski, Assistant Director IT Division The City of Lake Forest 800 North Field Drive Lake Forest, IL All proposals due by August 1, 2014, 11:00 a.m. (CDT). Any proposals received after the deadline will be returned unopened Proposal Format: RFP Cover letter a signed letter briefly stating the proposer s understanding of the work to be done in compliance with the City s Request for Proposal, a statement why the firm believes itself to be the best qualified firm to perform the services, and a statement that the proposal is a firm and irrevocable offer for 180 days. Any exceptions to requirements listed in the City s Request for Proposal must be clearly identified in the Cover letter, including exceptions to the desired 6/25

7 scope of services outlined in Section 3. The Cover letter must be signed by an authorized representative of the firm Response to each item in section 3, Scope of Work and section 4, Company Information The cost of services to be provided (See Annex 1- Price Proposal) and an explanation of the basis on which fees are determined. All potential services and associated pricing must be disclosed Qualifications of service staff to be assigned to The City Minimum of three (3) professional references for similar projects: Please provide contact name and number for each reference Complete required signatures for The City of Lake Forest Identity Theft and General Certification Requirements understanding. Please submit a fully completed RFP section 11 and section Evaluation Criteria and Selection Process 8.1. The City of Lake Forest will evaluate each vendor s proposal in a fair, consistent, and objective manner. The selection of the vendor shall be based on response requirements identified in this RFP. The final decision regarding selection and contract award will be made by the City Council recommended by a City of Lake Forest staff RFP review committee. The staff RFP review committee will carefully and thoughtfully consider all RFP responses. Each potential vendor will be evaluated on the following criteria: Completeness of Proposal Conformance to RFP Requirements Availability Ability to meet The City of Lake Forest anticipated schedule Qualifications Each respondent should include their current repair technicians qualifications. The identification of technicians qualifications must be for the individual(s) designated to work on The City s networked printers (see section 6.6.4) Customer References Please include at least 3 references from similar projects (see section 6.6.5) Cost Proposal 9. Award of Contract The selected vendor will enter into a contract for services with The City. Such contract shall reflect the terms and conditions included in the RFP and the selected vendor s response, as well as any other provisions mutually agreed to by both parties. The contract is subject to approval by the City Council of The City of Lake Forest. 7/25

8 10. The City of Lake Forest Reservation of Rights The City reserves the right, at its sole discretion, to use without limitation any and all information, concepts, and data submitted in response to this RFP, or derived by further investigation thereof. The City further reserves the right at any time and for any reason to cancel this solicitation, to reject any or all Proposals, to supplement, add to, delete from, or otherwise change this RFP if conditions dictate. The City may seek clarifications from a vendor at any time and failure to respond promptly may be cause for rejection. The City also reserves the right to consider those vendors it determines shall provide the most advantageous services and to negotiate with one or more vendors to develop contract terms acceptable to The City. 11. Terms and Conditions This RFP is issued pursuant to applicable provisions of the City s Purchasing Policies and Procedures. Responses to this RFP shall be opened in private by City officials to avoid disclosure of contents that may contain confidential or proprietary information to competing Respondents The City will not be liable in any way for any costs incurred by respondents inreplying to this RFP An agreement or contract resulting from the acceptance of a Proposal shall be on forms approved by the City s legal counsel and shall contain, as a minimum, the applicable provisions of this RFP and the Proposal itself. The City reserves the right to reject any agreement or contract which does not conform to the request for Proposal, the Proposal of the firm concerned, or the City s requirements for agreements and contracts The contracted firm shall not assign any interest in the contract and shall not transfer any interest without the prior written consent of the City If, through any cause, the contracted firm fails to fulfill the obligations agreed to in a timely and proper manner, the City shall have the right to terminate the contract by notifying the firm in writing and specifying a termination date not less than thirty (30) calendar days in advance. In such event, the contracted firm shall be entitled to just and equitable compensation for any satisfactory work completed Modifications Any modifications to or clarifications of this RFP will be distributed by the City to each Respondent requiring to be so informed, who also provides a fax number, mailing address, and/or address for such purpose. 8/25

9 Confidentiality City officials shall direct the examination of the Proposals and other documents submitted to determine the validity of any written requests for nondisclosure of proprietary or confidential information. After award of the contract, all responses, documents, and materials submitted by the Respondent pertaining to this RFP will be considered public information unless otherwise determined by the City. All data, documents and other information developed because of these contractual services shall become the property of the City. Based on the public nature of RFP s a Respondent must inform the City, in writing, of the exact materials in the submittal, which it believes, are proprietary or confidential, and should not be made part of the public record in accordance with the Illinois Freedom of Information Act. The Respondent will be financially responsible for all expenses of the City, its public officials, consultants, employees, agents and representatives in defending the denial of access to such material pursuant to a Freedom of Information Act request. 12. Identity Theft Protection (Attachment A) All City vendors with access to sensitive material must acknowledge receipt of The City of Lake Forest s identity theft prevention policy. All proposals submitted in response to this RFP must include a fully executed certification (see section ). IDENTITY THEFT PREVENTION PROGRAM CERTIFICATION I certify that I have read, understood and agree to comply with The City of Lake Forest s Identity Theft Prevention Program, (see Attachment A). Institution Signature Title Date 9/25

10 13. General Certification Requirements STATE OF ILLINOIS ) ) SS COUNTY OF ))) ) PROPOSER S CERTIFICATION The undersigned, being first duly sworn on oath, deposes and states that all statements made herein are made on behalf of Proposer, that this deponent is authorized to make them, and that the statements contained herein are true and correct. Proposer deposes, states, and certifies that Proposer is not barred from contracting with a unit of state or local government as a result of (i) a delinquency in the payment of any tax administered by the Illinois Department of Revenue unless Contractor is contesting, in accordance with the procedures established by the appropriate revenue Act, its liability for the tax or the amount of the tax, as set forth in 65 ILCS 5/ ; (ii) a violation of either Section 33E-3 or Section 33E-4 of Article 33 of the Criminal Code of 1961, 720 ILCS 5/33E-1 et seq.; or (iii) a violation of the USA Patriot Act of 2001, 107 Public Law 56 (October 26, 2001) (the Patriot Act ) or other statutes, orders, rules, and regulations of the United States government and its various executive departments, agencies and offices related to the subject matter of the Patriot Act, including, but not limited to, Executive Order effective September 24, DATED This Day Of, 20. Attest/Witness: Proposer s Name: By: By: Title: Title: Subscribed and Sworn to My Commission Expires: before me this day of, 20. [SEAL] Notary Public 10/25

11 14. City of Lake Forest Insurance Requirements These requirements are baseline standards for insurance to be provided in City procurements. They may require adjustment from time to time based on a variety of factors, including the nature, scope, duration, and value of the procurement, subject to approval of the City Manager. I. DESIGN PROFESSIONALS AND OTHER SIMILAR CONSULTANTS: A. Worker s Compensation and Employer s Liability with limits not less than: (1) Worker s Compensation: Statutory; (2) Employer s Liability: $500,000 injury-per occurrence $500,000 disease-per employee $500,000 disease-policy limit Such insurance shall evidence that coverage applies in the State of Illinois. B. Comprehensive Motor Vehicle Liability with a combined single limit of liability for bodily injury and property damage of not less than $1,000,000 for vehicles owned, non-owned, or rented. All employees shall be included as insureds. C. Comprehensive General Liability with coverage written on an occurrence basis and with limits no less than: $2,000,000 Bodily Injury and Property Damage Combined Single Limit Coverage is to be written on an occurrence basis. Coverages shall include: - Broad Form Property Damage Endorsement - Blanket Contractual Liability (must expressly cover the indemnity provisions of the Contract) - Independent Contractors - Personal Injury (with Employment Exclusion deleted) - Broad Form Property Damage Endorsement - Bodily Injury and Property Damage D. Professional Liability Insurance, with a limit of liability of not less than $1,000,000 per occurrence and $2,000,000 in the aggregate and covering the supplier or vendor against all sums that supplier or vendor may be obligated to pay on account of any liability arising out of the contract. This requirement shall apply to design and consulting projects, as well as to contracts for professionals involved in construction projects. E. Umbrella Policy. The required coverages may be in any combination of primary, excess, and umbrella policies. Any excess or umbrella policy must provide excess coverage over underlying insurance on a following-form basis such that when any loss covered by the primary policy exceeds the limits under the primary policy, the excess or umbrella policy becomes effective to cover such loss. F. City as Additional Insured. The City shall be named as an Additional Insured on all policies except for: Worker s Compensation Professional Liability (if applicable) Each such additional Insured endorsement shall identify the City as follows: The City of Lake Forest, including its City Council members and elected and appointed officials, its officers, employees, agents, attorneys, consultants, and representatives. G. Other Parties as Additional Insureds. Other entities should be included and named as additional insured on appropriate policies. 11/25

12 15. Attachment A (Identity Theft Policy) I. POLICY PURPOSE This Policy is to help protect employees, customers, contractors, and the City from harm and damage related to, or caused by, the loss of misuse of sensitive information. The Policy also will assist the City in detecting, preventing, and mitigating identity theft. The Policy does so by identifying certain red flags that suggest or indicate the possibility of identity theft, and by providing guidelines on how the City should respond once it detects any such Red Flags. Further, the Policy will: 1. Define sensitive information; 2. Describe the physical security of data when it is printed on paper; 3. Describe the electronic security of data when stored and distributed; and 4. Place the City in compliance with state and federal law regarding identity theft protection. The policy also covers the Identity Protection Act (5ILCS179), which took effect June 1, The Policy has been tailored to the size, complexity and the nature of the City s operations. The Policy also has been designed in order to: 1. Identify relevant Red Flags for new and existing covered accounts and incorporate those Red Flags into the Policy; 2. Detect Red Flags that have been incorporated into the Policy; 3. Allow the City to respond appropriately to any Red Flags that are detected to prevent and mitigate Identity Theft; and 4. Ensure that the Policy is reviewed periodically, and updated, if necessary, to reflect changes in risks to customers or to the safety and soundness of the City from identity theft. II. POLICY DEFINITIONS 12/25

13 1. Covered Account means: (i) an account that the City offers or maintains, primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions, such as a utility account; and (ii) any other account that the City offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the City, including financial, operational, compliance, reputation, or litigation risks. 2. Credit means the right granted by a creditor to a debtor to defer payment of debt or to incur debts and defer its payment or to purchase property or services and defer payment therefore. 3 Creditor means any person who regularly extends, renews, or continues credit; any person who regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who participates in the decision to extend, renew, or continue credit, including utility companies. 4. Customer means a person that has a covered account with a creditor. 5. Identity Theft means a fraud committed or attempted using identifying information of another person without authority. 6. Person means a natural person, a corporation, government or governmental subdivision or agency, trust, estate, partnership, cooperative, or association. 7. Sensitive Information means any name or number that may be used, alone or in conjunction with any other information, to identify a specific person, including, but not limited to, a person s credit card account information, debit card information, bank account information, drivers license information, social security number, mother s birth name, date of birth, electronic identification number, computer Internet Protocol address, and routing code. 8. Red Flag means a pattern, practice, or specific activity that indicates the possible existence of identity theft. 9. Service Provider means a person that provides a service directly to the City. 13/25

14 III. IDENTIFICATION OF RED FLAGS. In order to identify relevant Red Flags, the City considers the types of accounts that it offers and maintains, the methods it provides to open its accounts, the methods it provides to access its accounts, and its previous experiences with Identity Theft. The City identifies the following Red Flags, in the following listed categories: A. Notifications and Warnings from Credit Reporting Agencies Red Flags 1. Report of fraud accompanying a credit report; 2. Notice or report from a credit agency of a credit freeze on a customer or applicant; 3. Notice or report from a credit agency of an active duty alert for an applicant; and 4. Indication from a credit report of activity that is inconsistent with a customer s usual pattern or activity. B. Suspicious Documents Red Flags 1. Identification document or card that appears to be forged, altered or otherwise inauthentic; 2. Identification document or card on which a person s photograph or physical description is not consistent with the person presenting the document; 3. Other documentation with information that is not consistent with existing customer information (e.g. a person s signature on a check appears forged); and 4. Application for service that appears to have been altered or forged. 14/25

15 C. Suspicious Personal Identifying Information Red Flags 1. Identifying information presented that is inconsistent with other information the customer provides (e.g. inconsistent birth dates); 2. Identifying information presented that is inconsistent with other sources of information (e.g. an address not matching an address on a credit report); 3. Identifying information presented that is the same as information shown on other applications that were found to be fraudulent; 4. Identifying information presented that is consistent with fraudulent activity (e.g. an invalid phone number or an answering service, or fictitious billing address, mail drop or prison); 5. Social security number presented that is the same as one given by another customer; 6. An address or phone number presented that is the same as that of another person; 7. A person fails to provide complete personal identifying information on an application when reminded to do so; and 8. A person s identifying information is not consistent with the information that is on file for the customer. D. Suspicious Account Activity or Unusual Use of Account Red Flags 1. Change of address for an account followed by a request to change the account holder s name; 2. Payments stop on an otherwise consistently up-to-date account; 3. Account used in a way that is not consistent with prior use (e.g. very high activity); 4. Mail sent to the account holder is repeatedly returned as undeliverable; 15/25

16 5. Notice to the City that a customer is not receiving mail sent by the City; 6. Notice to the City that an account has unauthorized activity; 7. Breach in the City s computer system security; and 8. Unauthorized access to or use of customer account information. E. Alerts from Others Red Flag 1. Notice to the City from a customer, identity theft victim, law enforcement or other person that it has opened or is maintaining a fraudulent account for a person engaged in Identity Theft. IV. DETECTING RED FLAGS. A. New Covered Accounts In order to try and detect any of the Red Flags identified above associated with the opening of a new Covered Account, City personnel should take the following steps to obtain and verify the identity of the person opening the Covered Account: 1. Require certain identifying information such as name, date of birth, residential or business address, principal place of business for an entity, driver's license or other identification; 2. Verify the customer s identity (e.g. review a driver s license or other identification card); 3, Review documentation showing the existence of a business entity; and 4. Independently contact the customer if appropriate. B. Existing Covered Accounts 16/25

17 In order to detect any of the Red Flags identified in Section V above for an existing Covered Account, City personnel will take the following steps to monitor transactions with a Covered Account: 1. Verify the identification of customers if they request information (in person, via telephone, via facsimile, via , or otherwise); 2. Verify the validity of requests to change billing addresses; and 3. Verify changes in banking information given for billing and payment purposes. V. PREVENTING AND MITIGATING IDENTITY THEFT A. Securing Sensitive Information City personnel are encouraged to use common sense judgment in securing sensitive and confidential information. Furthermore, in exercising such judgment, consideration should be given to the Illinois Freedom of Information Act ( FOIA ). If an employee is uncertain of the sensitivity of a particular piece of information, the employee should contact their supervisor or the Policy Administrator. Further, if the City receives a FOIA or other request seeking Sensitive Information, or documents containing Sensitive Information, said requests should be forwarded to the City Manager and the City Attorney. In order to further prevent the likelihood of Identity Theft occurring with respect to City accounts, the City shall make reasonable efforts to take the following steps with respect to its internal operating procedures to protect customer identifying information: 1. Take steps to ensure that the City s website is secure or provide clear notice that the website is not secure; 2. Attempt to ensure destruction of paper documents and computer files containing Sensitive Information; 3. Keep file cabinets, desk drawers, cabinets, and any other storage space containing documents with Sensitive Information locked when not in use; 4. Lock storage rooms containing documents with Sensitive Information and record retention area at the end of the work day or when unsupervised. 17/25

18 5. Attempt to ensure that office computers with access to Covered Accounts and/or Sensitive Information are password protected and that computer screens lock after a set period of time; 6. Keep workstations, work areas, and offices clear of papers containing Sensitive Information; 7. Request only the last 4 digits of social security numbers (if any); 8. Attempt to ensure that computer virus protection is up to date; 9. Require and keep only the kinds of Sensitive Information that are necessary for the City s purposes; and 10. Account statements and receipts for Covered Accounts shall only include the last four digits of the credit card, debit card, or the bank account used for payment of the covered account. B. Electronic Distribution Each employee, service provider, or contractor performing work for the City will comply with the following policies: 1. With respect to internal electronic distribution, Sensitive Information may be transmitted using approved City electronic mail. 2. With respect to external electronic distribution, Sensitive Information should only be transmitted in an encrypted format and should contain a statement such as this: This message may contain sensitive, confidential and/or proprietary information and is intended for the person/entity to whom it was originally addressed. Any use by others is strictly prohibited. C. Responses When Red Flags Detected In the event City personnel detect any identified Red Flags, such personnel should take one or more of the following steps, depending on the degree of risk posed by the Red Flag: 1. Continue to monitor an account for evidence of Identity Theft; 2. Contact the customer; 18/25

19 3. Change any passwords or other security devices that permit access to Covered Accounts; 4. Decline or otherwise refuse to open a new Covered Account; 5. Close an existing Covered Account; 6. Reopen a Covered Account with a new number; 7. Notify the Policy Administrator for determination of the appropriate step(s) to take; 8. Notify law enforcement; or 9. Determine that no response is warranted under the particular circumstances. 19/25

20 VI. ILLINOIS IDENTITY PROTECTION ACT A. In compliance with the Identity Protection Act, the City prohibits any employee from doing the following: 1. Publicly post or publicly display in any manner an individual's social security number. 2. Print an individual's social security number on any card required for the individual to access products or services provided by the City. 3. Require an individual to transmit his or her social security number over the Internet, unless the connection is secure or the social security number is encrypted. 4. Print an individual's social security number on any materials that are mailed to the individual, through the U.S. Postal Service, any private mail service, electronic mail, or any similar method of delivery, unless State or federal law requires the social security number to be on the document to be mailed. Notwithstanding any provision in this Section to the contrary, social security numbers may be included in applications and forms sent by mail, including, but not limited to, any material mailed in connection with the administration of the Unemployment Insurance Act, any material mailed in connection with any tax administered by the Department of Revenue, and documents sent as part of an application or enrollment process or to establish, amend, or terminate an account, contract, or policy or to confirm the accuracy of the social security number. A social security number that may permissibly be mailed under this Section may not be printed, in whole or in part, on a postcard or other mailer that does not require an envelope or be visible on an envelope without the envelope having been opened. 5. Collect, use, or disclose a social security number from an individual, unless (i) required to do so under State or federal law, rules, or regulations, or the collection, use, or disclosure of the social security number is otherwise necessary for the performance of that agency's duties and responsibilities; (ii) the need and purpose for the social security number is documented before collection of the social security number; and (iii) the social security number collected is relevant to the documented need and purpose. 6. Require an individual to use his or her social security number to access an Internet website. 7. Use the social security number for any purpose other than the purpose for which it was collected. The prohibitions set forth in items 5-7 do not apply in the following circumstances: 1. The disclosure of social security numbers to agents, employees, contractors, or subcontractors of a governmental entity or disclosure by a governmental entity to another governmental entity or its agents, employees, contractors, or subcontractors if disclosure is necessary in order for the entity to perform its duties and responsibilities; and, if disclosing to a contractor or subcontractor, prior to such disclosure, the governmental entity must first receive from the contractor or subcontractor a copy of the contractor's or subcontractor's policy that sets forth how the requirements imposed under this Act on a governmental entity to protect an individual's social security number will be achieved. 2. The disclosure of social security numbers pursuant to a court order, warrant, or subpoena. 3. The collection, use, or disclosure of social security numbers in order to ensure the safety of: State and local government employees; persons committed to correctional facilities, local jails, and other lawenforcement facilities or retention centers; wards of the State; and all persons working in or visiting a State or local government agency facility. 4. The collection, use, or disclosure of social security numbers for internal verification or administrative purposes. 20/25

21 5. The disclosure of social security numbers by a State agency to any entity for the collection of delinquent child support or of any State debt or to a governmental agency to assist with an investigation or the prevention of fraud. 6. The collection or use of social security numbers to investigate or prevent fraud, to conduct background checks, to collect a debt, to obtain a credit report from a consumer reporting agency under the federal Fair Credit Reporting Act, to undertake any permissible purpose that is enumerated under the federal Gramm Leach Bliley Act, or to locate a missing person, a lost relative, or a person who is due a benefit, such as a pension benefit or an unclaimed property benefit. VII. POLICY UPDATES This Policy will be periodically reviewed and updated to try and reflect changes in risks to employees and customers and the soundness of the City from Identity Theft. At least once a year, the Policy Administrator will consider the City s experiences with Identity Theft, changes in Identity Theft methods, changes in Identity Theft detection and prevention methods, changes in types of accounts the City maintains and changes in the City s business arrangements with other entities. After considering these factors, the Policy Administrator will determine whether changes to the Policy, including the listing of Red Flags and internal practices, are warranted. If warranted, the Policy Administrator will update the Policy or present the Mayor and City Council with his or her recommended changes and the Mayor and City Council will make a determination of whether to accept, modify or reject those changes to the Policy. VIII. POLICY ADMINISTRATION. A. Oversight Responsibility for developing, implementing and updating this Policy lies with the Identity Theft Committee. The Committee shall be headed by the Policy Administrator or his or her appointee. Two or more other individuals appointed by the City Council shall comprise the remainder of the committee membership. The Policy Administrator will be responsible for the Policy administration, for ensuring appropriate training of City staff on the Policy, for reviewing any staff reports regarding the detection of Red Flags and the steps for preventing and mitigating Identity Theft, determining which steps of prevention and mitigation should be taken in particular circumstances and considering periodic changes to the Policy. B. Staff Training and Reports 21/25

22 City staff responsible for implementing the Policy shall be trained either by or under the direction of the Policy Administrator in the detection of Red Flags and Identity Protection Act, and the responsive steps to be taken when a Red Flag or problem is detected. Further training shall also be provided on a yearly basis or as needed to address changes in the Policy. C. Service Provider Arrangements In the event the City engages a Service Provider to perform an activity in connection with one or more Covered Accounts, the City will take the following steps to ensure the Service Provider performs its activity in accordance with reasonable policies and procedures designed to detect, prevent, and mitigate the risk of Identity Theft. 1. Require, by contract, that Service Providers have such policies and procedures in place; and 2. Require, by contract, that Service Providers review the City s Policy and report any Red Flags to the Policy Administrator. D. Specific Policy Elements and Confidentiality For the effectiveness of Identity Theft prevention policies, the Red Flag Rule envisions a degree of confidentiality regarding the City s specific practices relating to Identity Theft detection, prevention and mitigation. Therefore, under this Policy, knowledge of such specific practices is to be limited to the Identity Theft Committee and those employees who need to know them for purposes of preventing Identity Theft. Because this Policy is to be adopted by a public body and thus publicly available, it would be counterproductive to list these specific practices here. Therefore, only the Policy s general Red Flag detection, implementation and prevention practices are listed in this document. 22/25

23 ANNEX 1-PRICE PROPOSAL One-Year Maintenance Cost: $ Hourly Labor Rate: Technician Level Hourly Rate $ $ $ 23/25

24 Annex 2-Current Equipment Layout Rec Center CBCPR SLM0 24 SLA 24 N SLM0 24 OPEN HXGM3 OPEN TMGL8 HiPath 3700/3750 HiPath 3000 V4.0 S30810-Q2936-X000-H1 S30810-Q2901-X-7 S30810-Q2929X S30810-Q2901-X-7 S30810-Q2942-X/X100 Cemetary CBRC (STLS2) S30810-Q2935-Z HiPath 3500 SLU8 4SLA integrated in CBFC 2 3 HiPath 3000 V4.0 HXGS3 S30810-Q2943-X/X100 OPEN 6 7 OPEN OPEN 8 9 TMGL4 S30810-Q2918-Z OPEN 4 5 S30810-Q2703X Water Plant CBRC (STLS2) S30810-Q2935-Z HiPath 3500 SLU8 4SLA integrated in CBFC 2 3 HiPath 3000 V4.0 HXGS3 S30810-Q2943-X/X100 OPEN 6 7 OPEN OPEN 8 9 TMGL4 S30810-Q2918-Z OPEN 4 5 Cable Office CBRC (STLS2) S30810-Q2935-Z HiPath 3500 SLU8 4SLA integrated in CBFC 2 3 HiPath 3000 V4.0 HXGS3 S30810-Q2943-X/X100 OPEN 6 7 TMGL4 S30810-Q2918-Z OPEN 8 9 TMGL4 S30810-Q2918-Z OPEN 4 5 Fire Station 2 CBRC (STLS2) S30810-Q2935-Z HiPath 3500 SLU8 4SLA integrated in CBFC 2 3 HiPath 3000 V4.0 HXGS3 S30810-Q2943-X/X100 OPEN 6 7 OPEN OPEN 8 9 TMGL4 S30810-Q2918-Z SLU8 S30817-Q0922-Z Senior Center CBRC (STLS2) S30810-Q2935-Z HiPath 3500 SLU8 4SLA integrated in CBFC 2 3 HiPath 3000 V4.0 HXGS3 S30810-Q2943-X/X100 OPEN 6 7 SLU8 S30817-Q0922-Z301 SLU8 S30817-Q0922-Z TMGL4 S30810-Q2918-Z SLU8 S30817-Q0922-Z /25

25 City Hall CBRC (STLS2) S30810-Q2935-Z HiPath 3500 SLU8 4SLA integrated in CBFC 2 3 HiPath 3000 V4.0 HXGS3 S30810-Q2943-X/X100 OPEN 6 7 OPEN OPEN 8 9 TMGL4 S30810-Q2918-Z SLU8 S30817-Q0922-Z Library CBCPR SLM0 24 SLA 24 N SLM0 24 OPEN HXGM3 OPEN TMGL8 PSU HiPath 3700/3750 HiPath 3000 V4.0 S30810-Q2936-X000-H1 S30810-Q2901-X-7 S30810-Q2929X S30810-Q2901-X-7 S30810-Q2942-X/X100 S30810-Q2703X Box 0 Public Safety CBCPR SLM0 24 SLA 24 N SLM0 24 OPEN HXGM3 TMST1 TMGL8 PSU HiPath 3700/3750 HiPath 3000 V4.0 S30810-Q2936-X000-H1 Box1 SLM0 24 S30810-Q2901-X-7 S30810-Q2901-X-7 S30810-Q2929X S30810-Q2901-X-7 S30810-Q2942-X/X100 S30810-Q2920X S30810-Q2703X PSU S30122-K5083-X S30122-K5083-X S30122-K5083-X S30810-Q2936-X000-H1 S30810-Q2920X S30810-Q2942-X/X100 S30810-Q2936-X000-H1 S30810-Q2901-X-7 S30810-Q2929X Municipal Services-G CBCPR TMST1 HXGM3 HXGM3 HXGM3 HXGM3 SLA 24 N TMST1 PSU HiPath 3700/3750 HiPath 3000 V S30810-Q2942-X/X100 S30810-Q2942-X/X100 S30810-Q2942-X/X100 S30810-Q2929X S30810-Q2920X Municipal Services CBCPR SLM0 24 SLA 24 N SLM0 24 SLM0 24 HXGM3 SLM0 24 TMGL8 PSU HiPath 3700/3750 HiPath 3000 V4.0 S30810-Q2901-X-7 S30810-Q2901-X-7 S30810-Q2942-X/X100 S30810-Q2901-X-7 S30810-Q2703X S30122-K5083-X S30122-K5083-X 25/25