Loading...
DS Enterprise Mobility VMwareAGREEMENT FOR PROFESSIONAL SERVICES FOR ENTERPRISE MOBILITY SYSTEM PLANNING PROJECT This Agreement is made and entered into this ~ day of A:pr\\ ,2018, by and between the CITY OF SAN RAP AEL (hereinafter "CITY"), and DATA WA Y, INC., (hereinafter "CONTRACTOR"). RECITALS WHEREAS, the CITY requires advice and assistance with planning a pilot project involving the implementation of VMware AirWatch, an enterprise mobility management system, to securely manage the deployment and support of mobile devices; and WHEREAS, CONTRACTOR is a consulting finn specializing in enterprise network technology, infonnation security, and Managed Services and is prepared to deliver design and implementation services for the CITY's AirWatch pilot project. AGREEMENT NOW, THEREFORE, the parties hereby agree as follows: l. PROJECT COORDINATION. A. CITY'S Project Manager. Infonnation Technology Manager Gus Bush is hereby designated the PROJECT MANAGER for the CITY, and said PROJECT MANAGER shall supervise all aspects of the progress and execution of this Agreement. B. CONTRACTOR'S Project Director. CONTRACTOR shall assign a single PROJECT DIRECTOR to have overall responsibility for the progress and execution of this Agreement for CONTRACTOR. Bindi Dave is hereby designated as the PROJECT DIRECTOR for CONTRACTOR. Should circumstances or conditions subsequent to the execution of this Agreement require a substitute PROJECT DIRECTOR, for any reason, the CONTRACTOR shall notify the CITY within ten (10) business days of the substitution. 2. DUTIES OF CONTRACTOR. CONTRACTOR shall perfonn the duties and/or provide services as described in the system planning and design phases of CONTRACTOR's Statement of Work dated March 15, 2018 (attached as Exhibit A and incorporated herein). 3. DUTIES OF CITY. ORIGINAL CITY shall pay the compensation as provided in Paragraph 4 and assist CONTRACTOR with system planning/implementation as required. 4. COMPENSATION. For the full perfonnance of the planning and design services described herein by CONTRACTOR, CITY shall pay CONTRACTOR fixed fees not to exceed $20,000. Once initial project planning is completed, should any additional work be identified for which additional time and materials charges will be incurred, this Agreement may be renegotiated and amended to cover the additional charges so long as the appropriate approvals are accomplished by both parties. Payment will be made according to the fixed fee portion of the schedule provided in the Statement of Work (Exhibit A) upon receipt by PROJECT MANAGER of itemized mVOlces submitted by CONTRACTOR. 5. TERM OF AGREEMENT. The tenn of this Agreement shall be for up to 6 months commencing on the date the CITY and CONTRACTOR enter into this Agreement, as shown above, and ending 6 months thereafter. Upon mutual agreement of the parties, and subject to the approval of the City Manager the tenn of this Agreement may be extended for up to an additional 6 months for a total period not to exceed a maximum of 1 year. 6. TERMINATION. A. Discretionary. Either party may tenninate this Agreement without cause upon thirty (30) days written notice mailed or personally delivered to the other party. B. Cause. Either party may tenninate this Agreement for cause upon fifteen (15) days written notice mailed or personally delivered to the other party, and the notified party's failure to cure or COlTect the cause of the tennination, to the reasonable satisfaction of the party giving such notice, within such fifteen (15) day time period. C. Effect of Termination . Upon receipt of notice of tennination, neither party shall incur additional obligations under any provision of this Agreement without the prior written consent ofthe other. D. Return of Documents. Upon tennination, any and all CITY documents or materials provided to CONTRACTOR and any and all of CONTRACTOR's documents and materials prepared for or relating to the perfonnance of its duties under this Agreement, shall be delivered to CITY as soon as possible, but not later than thirty (30) days after tennination. 7. OWNERSHIP OF DOCUMENTS. The written documents and materials prepared by the CONTRACTOR in connection with 2 the perfonnance of its duties under this Agreement, shall be the sole property of CITY. CITY may use said propelty for any purpose, including projects not contemplated by this Agreement. 8. INSPECTION AND AUDIT. Upon reasonable notice, CONTRACTOR shall make available to CITY, or its agent, for inspection and audit, all documents and materials maintained by CONTRACTOR in connection with its perfonnance of its duties under this Agreement. CONTRACTOR shall fully cooperate with CITY or its agent in any such audit or inspection. 9. ASSIGNABILITY. The parties agree that they shall not assign or transfer any interest in this Agreement nor the perfonnance of any of their respective obligations hereunder, without the prior written consent of the other party, and any attempt to so assign this Agreement or any rights, duties or obligations arising hereunder shall be void and of no effect. 10. IN SURANCE. A. Scope of Coverage. During the tenn of this Agreement, CONTRACTOR shall maintain, at no expense to CITY, the following insurance policies: 1. A commercial general liability insurance policy in the minimum amount of one million dollars ($1,000,000) per occurrence/two million dollars ($2,000,000) aggregate, for death, bodily injury, personal injury, or propelty damage. 2. An automobile liability (owned, non-owned, and hired vehicles) insurance policy in the minimum amount of one million dollars ($1,000,000) dollars per occurrence. 3. A cyber liability insurance policy in the amount of one million dollars ($1,000,000) per occurrence to cover expenses related to data and system breaches and/or to recover from such incidents. 4. If it employs any person, CONTRACTOR shall maintain worker's compensation insurance, as required by the State of California, with statutory limits, and employer's liability insurance with limits of no less than one million dollars ($1,000,000) per accident for bodily injury or disease. CONTRACTOR's worker's compensation insurance shall be specifically endorsed to waive any right of subrogation against CITY. B. Other Insurance Requirements. The insurance coverage required of the CONTRACTOR in subparagraph A of this section above shall also meet the following requirements: 1. Except for professional liability insurance or worker's compensation insurance, the insurance policies shall be specifically endorsed to include the CITY, its officers, agents, employees, and volunteers, as additionally named insureds (for both ongoing and completed operations) under the policies. 3 2. The additional insured coverage under CONTRACTOR'S insurance policies shal1 be primary with respect to any insurance or coverage maintained by CITY and shall not call upon CITY's insurance or self-insurance coverage for any contribution. The "primary and noncontributory" coverage in CONTRACTOR'S policies shal1 be at least as broad as ISO fonn CG20 01 04 13. 3. Except for professional liability insurance or worker's compensation insurance, the insurance policies shal1 include, in their text or by endorsement, coverage for contractual liability and personal injury. 4. By execution of this Agreement, CONTRACTOR hereby grants to CITY a waiver of any right to subrogation which any insurer of CONTRACTOR may acquire against CITY by virtue of the payment of any loss under such insurance. CONTRACTOR agrees to obtain any endorsement that may be necessary to effect this waiver of subrogation, but this provision applies regardless of whether or not CITY has received a waiver of SUbrogation endorsement from the insurer. 5. Ifthe insurance is written on a Claims Made Fonn, then, fol1owing tennination of this Agreement, said insurance coverage shall survive for a period of not less than five years. 6. The insurance policies shall provide for a retroactive date of placement coinciding with the effective date of this Agreement. 7. The limits of insurance required in this Agreement may be satisfied by a combination of primary and umbrella or excess insurance. Any umbrella or excess insurance shall contain or be endorsed to contain a provision that such coverage shall also apply on a primary and noncontributory basis for the benefit of CITY (if agreed to in a written contract or agreement) before CITY'S own insurance or self-insurance shall be called upon to protect it as a named insured. 8. It shall be a requirement under this Agreement that any available insurance proceeds broader than or in excess of the specified minimum insurance coverage requirements and/or limits shall be available to CITY or any other additional insured party. Furthennore, the requirements for coverage and limits shall be: (1) the minimum coverage and limits specified in this Agreement; or (2) the broader coverage and maximum limits of coverage of any insurance policy or proceeds available to the named insured; whichever is greater. C. Deductibles and SIR's. Any deductibles or self-insured retentions in CONTRACTOR's insurance policies must be declared to and approved by the PROJECT MANAGER and City Attorney, and shall not reduce the limits of liability. Policies containing any self-insured retention (SIR) provision shal1 provide or be endorsed to provide that the SIR may be satisfied by either the named insured or CITY or other additional insured party. At CITY's option, the deductibles or self-insured retentions with respect to CITY shall be reduced or eliminated to CITY's satisfaction, or CONTRACTOR shall procure a bond guaranteeing payment of losses and related investigations, claims administration, attorney's fees and defense expenses. 4 D. Proof of Insurance. CONTRACTOR shall provide to the PROJECT MANAGER or CITY'S City Attorney all of the following: (1) Certificates of Insurance evidencing the insurance coverage required in this Agreement; (2) a copy of the policy declaration page and/or endorsement page listing all policy endorsements for the commercial general liability policy, and (3) excerpts of policy language or specific endorsements evidencing the other insurance requirements set forth in this Agreement. CITY reserves the right to obtain a full certified copy of any insurance policy and endorsements from CONTRACTOR. Failure to exercise this right shall not constitute a waiver of the right to exercise it later. The insurance shall be approved as to form and sufficiency by PROJECT MANAGER and the City Attorney. 11. INDEMNIFICATION. A. Except as otherwise provided in Paragraph B., CONTRACTOR shall, to the fullest extent permitted by law, indemnify, release, defend with counsel approved by CITY, and hold harmless CITY, its officers, agents, employees and volunteers (collectively, the "City Indemnitees"), from and against any claim, demand, suit, judgment, loss, liability or expense of any kind, including but not limited to attorney's fees, expert fees and all other costs and fees of litigation, (collectively "CLAIMS"), arising out of CONTRACTOR'S perfonnance of its obligations or conduct of its operations under this Agreement. The CONTRACTOR's obligations apply regardless of whether or not a liability is caused or contributed to by the active or passive negligence of the City Indemnitees. However, to the extent that liability is caused by the active negligence or willful misconduct of the City Indemnitees, the CONTRACTOR's indemnification obligation shall be reduced in proportion to the City Indemnitees' share of liability for the active negligence or willful misconduct. In addition, the acceptance or approval of the CONTRACTOR's work or work product by the CITY or any of its directors, officers or employees shall not relieve or reduce the CONTRACTOR's indemnification obligations. In the event the City Indemnitees are made a party to any action, lawsuit, or other adversarial proceeding arising from CONTRACTOR'S performance of or operations under this Agreement, CONTRACTOR shall provide a defense to the City Indemnitees or at CITY'S option reimburse the City Indemnitees their costs of defense, including reasonable attorneys' fees, incurred in defense of such claims. B. Where the services to be provided by CONTRACTOR under this Agreement are design professional services to be performed by a design professional as that term is defined under Civil Code Section 2782 .8, CONTRACTOR shall, to the fullest extent pennitted by law, indemnify, release, defend and hold harmless the City Indemnitees from and against any CLAIMS that arise out of, pertain to, or relate to the negligence, recklessness, or willful misconduct of CONTRACTOR in the performance of its duties and obligations under this Agreement or its failure to comply with any of its obligations contained in this Agreement, except such CLAIM which is caused by the sole negligence or willful misconduct of CITY. In no event shall the cost to defend charged to the design professional exceed the design professional's proportionate percentage of fault. C. The defense and indemnification obligations of this Agreement are undertaken in addition to, and shall not in any way be limited by, the insurance obligations contained in this Agreement, and shall survive the termination or completion of this Agreement for the full period 5 of time allowed by law. 12. NONDISCRIMINATION. CONTRACTOR shal1 not discriminate, in any way, against any person on the basis of age, sex, race, color, religion, ancestry, national origin or disability in connection with or related to the perfonnance of its duties and obligations under this Agreement. 13. COMPLIANCE WITH ALL LAWS. CONTRACTOR shal1 observe and comply with al1 applicable federal, state and local laws, ordinances, codes and regulations, in the perfonnance of its duties and obligations under this Agreement. CONTRACTOR shal1 perfonn all services under this Agreement in accordance with these laws, ordinances, codes and regulations. CONTRACTOR shal1 release, defend, indemnify and hold hannless CITY, its officers, agents and employees from any and al1 damages, liabilities, penalties, fines and all other consequences from any noncompliance or violation of any laws, ordinances, codes or regulations. 14. NO THIRD PARTY BENEFICIARIES. CITY and CONTRACTOR do not intend, by any provision of this Agreement, to create in any third party, any benefit or right owed by one party, under the tenns and conditions of this Agreement, to the other party. 15. NOTICES. All notices and other communications required or pennitted to be given under this Agreement, including any notice of change of address, shall be in writing and given by personal delivery, or deposited with the United States Postal Service, postage prepaid, addressed to the parties intended to be notified. Notice shal1 be deemed given as of the date of personal delivery, or if mailed, upon the date of deposit with the United States Postal Service. Notice shal1 be given as fol1ows: TO CITY's Project Manager: TO CONTRACTOR's Project Director: 16. INDEPENDENT CONTRACTOR. Gus Bush, IT Manager City of San Rafael 1400 Fifth Avenue San Rafael, CA 94901 Bindi Dave Dataway, Inc. 255 Golden Gate Ave San Francisco, CA 94102 For the purposes, and for the duration, of this Agreement, CONTRACTOR, its officers, agents and employees shal1 act in the capacity of an Independent Contractor, and not as employees of 6 the CITY. CONTRACTOR and CITY expressly intend and agree that the status of CONTRACTOR, its officers, agents and employees be that of an Independent Contractor and not that of an employee of CITY. 17. ENTIRE AGREEMENT --AMENDM ENTS. A. The tenns and conditions of this Agreement, all exhibits attached, and all documents expressly incorporated by reference, represent the entire Agreement of the parties with respect to the subject matter of this Agreement. B. This written Agreement shall supersede any and all prior agreements, oral or written, regarding the subject matter between the CONTRACTOR and the CITY. C. No other agreement, promise or statement, written or oral, relating to the subject matter of this Agreement, shall be valid or binding, except by way of a written amendment to this Agreement. D. The tenns and conditions of this Agreement shall not be altered or modified except by a written amendment to this Agreement signed by the CONTRACTOR and the CITY. E. If any conflicts arise between the tenns and conditions of this Agreement, and the tenns and conditions of the attached exhibits or the documents expressly incorporated by reference, the tenns and conditions of this Agreement shall control. 18. SET-OFF AGAINST DEBTS. CONTRACTOR agrees that CITY may deduct from any payment due to CONTRACTOR under this Agreement, any monies which CONTRACTOR owes CITY under any ordinance, agreement, contract or resolution for any unpaid taxes, fees, licenses, assessments, unpaid checks or other amounts. 19. WAIVERS. The waiver by either party of any breach or violation of any tenn, covenant or condition of this Agreement, or of any ordinance, law or regulation, shall not be deemed to be a waiver of any other tenn, covenant, condition, ordinance, law or regulation, or of any subsequent breach or violation of the same or other tenn, covenant, condition, ordinance, law or regulation. The subsequent acceptance by either party of any fee, perfonnance, or other consideration which may become due or owing under this Agreement, shall not be deemed to be a waiver of any preceding breach or violation by the other patty of any tenn, condition, covenant ofthis Agreement or any applicable law, ordinance or regulation. 20. COSTS AND ATTORNEY'S FEES. The prevailing party in any action brought to enforce the tenns and conditions of this Agreement, or arising out of the perfonnance of this Agreement, may recover its reasonable costs 7 (including claims administration) and attorney's fees expended in connection with such action. 21. CITY BUSINESS LICENSE / OTHER TAXES. CONTRACTOR shall obtain and maintain during the duration ofthis Agreement, a CITY business license as required by the San Rafael Municipal Code CONTRACTOR shall pay any and all state and federal taxes and any other applicable taxes. CITY shall not be required to pay for any work perfonTIed under this Agreement, until CONTRACTOR has provided CITY with a completed Internal Revenue Service FonTI W-9 (Request for Taxpayer Identification Number and Certification). 22. APPLICABLE LAW. The laws of the State of California shall govern this Agreement. IN WITNESS WHEREOF, the parties have executed this Agreement as of the day, month and year first above written. CITY OF SAN RAFAEL JIM ATTEST: LINDSAY LARA, City Clerk APPROVED AS TO FORM: 8 CONTRACTOR BY: __ ~ ________ _ Name: :;/M:1 h.. I.e ~ Q~A Title of Corporate Officer: IV'"" ----=----- and BY:~ Name:j);;J h~cft Title of Corporate Officer: __ V_'Y'f--__ _ DATAWAY STATEMENT OF WORK Enterprise Mobility Management Pilot Project Presented to : City of San Rafael SAN RAFAEL THE CITY WITH A MISSION On March 15, 2018 by: Dataway, Inc 255 Golden Gate Avenue San Francisco, CA 94102 415.882.8700 www.dataway.com Confidential & Proprietary Statement of Work I Enterpnse Moblity Management P'lot Project City of San Rafael This page intentionally left blank. Confidential & Proprietary 2 of 18 Statement of Work I Enterprise Mobility Management Pilot Project City of San Rafael Table of Con tents Table of Contents Introduction ................................................................................................................................................. 4 About Dataway ....................................................................................................................................... 4 Project Background .................................................................................................................................... 5 Assumptions ........................................................................................................................................... 5 Project Phases ............................................................................................................................................ 6 Scope and Boundaries ............................................................................................................................. 10 Deliverables .......................................................................................................................................... 15 Financial Investment ................................................................................................................................. 16 Project Pricing ....................................................................................................................................... 16 Payment ................................................................................................................................................ 16 Travel Expenses ................................................................................................................................... 16 Terms and Conditions .......................................................................................................................... 17 Planning ......................................................................................................................................... 17 Pricing Adjustments .............................................................................................................................. 17 Acceptance ................................................................................................................................................ 18 Confidential & Proprietary 3 of 18 S'atefT'£ It 0' W~ k I=~terpnc;c Me':> ty Manaqer' ~." ~ilot project City of Sar ~afael Introduction rtroducf on Dataway, Inc ("Dataway") submits this Statement of Work ("SoW') for the Enterprise Mobility Management Pilot Project to the City of San Rafael (the "City", or "the Client") for its review and approval on March 15, 2018. This SoW becomes effective once executed by the City. The City has engaged Dataway to provide professional services consultation and engineering expertise to assist with a pilot deployment of VMware® AirWatch TM. Dataway will align consultancy with the United States Department of Justice ("DOJ") cybersecurity MDM/BYOD criteria. The DOJ Cybersecurity program provides the governance framework for uniform policy; ensures appropriate privacy protections for DOJ information and information system security; confirms authorities; and assigns responsibilities for protecting information and information systems that store, process, or transmit DOJ electronic information. This SOW is based off of DOJ directives authored on 9/15/2016, reflecting updates to security requirements for DOJ information and information systems. Dataway appreciates the opportunity to present this SoW and looks forward to working with the City's team on this engagement. About Dataway Dataway is a San Francisco, California based technology consulting firm specializing in enterprise network technology, information security, and Managed Services for over 25 years. Dataway's engineers pride themselves in delivering tool-agnostic technology recommendations, and designs and implementations purpose-built to meet our clients' needs. Dataway's engineering team is expert in computer networking, data security policy and processes (including GDPR, HIPAA, SOX, and PCI compliance standards), threat mitigation, and security solution design. Dataway architects, designs, implements, and maintains systems that keep up with the ever-changing cyber security landscape. Broad industry knowledge, a proven track record, a stellar reputation, and long-standing client and vendor relationships are what set us apart from other security firms. Dataway's engineering team has conducted thousands of network implementations and security assessments for clients ranging from mid- size companies to Fortune 100 Corporations, building a solid reputation of excellence. Guided by its security-focused design philosophy, Dataway provides penetration testing, risk management, compliance management, incident response handling, engineering remediation, and security workforce personnel to financial services, healthcare, banking, entertainment and media, transportation, insurance, retail, cloud providers and professional services organizations. Dataway is committed to creating long-lasting relationships by partnering with clients and staying connected as a true partner and advisor, not just as a vendor. Dataway's technology partnerships are based on broad industry knowledge and expertise. Dataway forges strong relationships with industry leaders in the technology space, empowering Dataway to deliver purpose-driven solutions. Dataway's engineers research, vet and evaluate new technologies and best-practice standards to securely and reliably meet diverse organizational business objectives. Dataway's engineers partner with organizations to provide valuable extensions to internal technology teams, otherwise burdened with daily operational tasks. Confidentia' & Propnetary 4 Of 18 Statement of Work I Enterprise Mobility Management Pilot Project City of San Rafael Project Background Dataway provides Managed Services to clients across five (5) continents. The result of engaging Dataway's Managed Services is a well-managed infrastructure that continuously exceeds expectations. In the event of a disaster, Dataway provides business continuity with the ability to restore from secure offsite backups. Managed Services are delivered 24x7x365 from Dataway's network & security Operation Centers in San Francisco, California and in Dublin, Ireland. Project Background The City of San Rafael initiated this project to secure mobile devices used by staff to access and use privileged data residing on City-networked resources, such as databases. To accomplish this, the City is developing a pilot AirWatch deployment that will follow cybersecurity directives defined by the City and the DOJ to customize feature settings to meet the City's specific cybersecurity needs. AirWatch, a product of VMWare, Inc., is an Enterprise Mobility Management (UEMM") software tool. EMM is software, or a combination of software, that allows organizations to securely enable employee use of mobile devices, and typically involves some combination of Mobile Device Management ("MDM"), Mobile Application Management (UMAM"), Mobile Content Management (UMCM"), and identity and access management. The pilot will include personnel from three departments: Information Technology, Police, and Fire. The results of the pilot deployment will form the basis for scaling the AirWatch deployment to additional Users within the City's user community. Dataway's consultancy services aims to meet each of the technical requirements in sequence, as defined in the Scope and Boundaries, below. Dataway will review the City's cybersecurity policies and recommend any changes as they pertain to AirWatch and DOJ directives. AirWatch features configuration modifications and settings will be guided by the City's cybersecurity policies, and AirWatch will be the primary tool used to enforce the City's policies and DOJ guidelines within the scope of this project. Assumptions Dataway is approaching this project with the following assumptions: • This project will be managed by the City of Rafael's IT Department. • This project is intended for the Pilot effort only, up to 12 Users, as defined below. Confidential & Proprietary 5 of 18 Slaler"e It Of Work I E:r lerpnse Mob I ty Ma 1agelT'e"l F' 01 pro) cl C ty of SC1r Raf le Project Phases ProjE'c' Phase''; Implementation and upgrade projects typically occur over the following general phased timeline: Analysis Design Documentation Design Review I "Go Live" Support (Optional) Develop Final Deliverables Deliverable QA Deliverable Submission Review Session I Finalize Plan Issue Project Plan Discovery Implementation Testing Managed Services Onboarding (Optional) Fieldwork Preparation Planning Initiation Pilot Phase(s) Project Closure Note that several factors can impact the timeline, deliverables, and schedule of a given project, including availability of Client environment, timely return of information requests, the date the SoW is executed, and other considerations. Dataway requires close coordination with clients to ensure project success. Said coordination includes Dataway's client requirements, which enable Dataway resources to perform agreed-upon work efforts and to establish identifiable success criteria. The Scope and Boundaries section, below, lists those general phases that apply to the project covered under this SoW, as well as the specific tasks and responsibilities of Dataway and the Client (including Dataway's client requirements). Updates to the phase names/identifiers, as well as to scope and boundaries, project dates, and deliverables, are all determined during planning with the Client. General project timeline phases are as follows: • Initiation and Planning Phase: The project is initiated upon Client signature of the SoW. Initiation means that the project scope, resources, tasks, and budget begin to be actively monitored and managed, and that an initial project planning session is arranged with the Client Sponsor, Client Project Lead, Dataway Project Manager, and other stakeholders as identified by the Client. This session is typically scheduled within a week of initiation. The following additional sub-phases and work efforts occur during this phase: • Planning: The scheduled planning session is conducted and led by the Dataway Project Manager. During the planning session, the scope of services is reviewed, additional stakeholders are identified and documented , and execution planning CO'lfldent'al & prOPrietary Statement of Work I Enterprise Mobility Management Pilot ProJect City of San Rafael ProJect Phases requirements are defined. Specific details, and a prioritized set of requirements, are fleshed out as an integral part of the project planning phase. Time is reserved during the session for questions, as a subset of Client stakeholders may be new to the engagement planning. The project schedule is also discussed and confirmed. Factors that influence when work commences include Dataway and Client resource availability , site readiness , and other constraints identified during the planning session. Important! The project planning sub-phase is an ideal time for the Client to begin developing their application/end-user test plan. Dataway performs testing to confirm that underlying network infrastructure performs per the project design. However, Dataway does not develop the testing for the Client applications that run across the network. It is the Client's responsibility to develop and carry out an application/end-user test plan to check that the new/changed network environment is acceptable to the end- users. Whenever possible, the Client must perform these tests prior to the change in the network, in order to establish a pre-change performance baseline. The same tests are then repeated post network change to help ensure that the result of the network project is successful. Meeting (or exceeding) application/end-user test plan criteria is generally a key determinant of project success. Fieldwork Preparation: Based on the scope of review, certain tasks are coordinated and completed. For example, if travel is a factor, arrangements for travel (including, but not limited to, transportation and accommodations) are made. • Discovery: Upon project initiation, the Client furnishes Dataway with requested Cybersecurity policies and other relevant documentation as deemed necessary by the Dataway project resources . Documentation may include network logical and physical maps of the environment, as well as any business process, requirement, legal, or regulatory writings-in essence , any available information that provides background of and/or affects the project. Dataway must receive documentation in a timely manner, as Dataway personnel need time to review the material in preparation for project planning. Issue Project Plan: Following the conclusion of the initial planning session, Dataway develops an initial project plan. The project plan documents timing, approach , and additional information necessary to conduct the work. The project plan is issued to the Client for review, accompanied with a summary of open items requiring completion. • Finalize Project Plan: If there are open items, the Client completes the appropriate areas of the plan and returns to Dataway. Dataway performs a final review and issues the plan as final. • Design Phase: The design phase is a critical step in the project. During the design phase, Dataway resources document and review how the implementation will be configured. The iterative review and validation of requirements by the Client personnel during the design phase is critical to the success of the project. Once the design is complete, any changes to the design are considered out-of-scope and require a change order. Additional key sub- phase activities that occur in this phase include the following : Confidential & Proprietary 7 of 18 State"lenl of 'No"~ Enlerpr'se l\i!v) ty Mar age"lenl Pilol Prolect C ty of S l ' R jfael Analysis: The project team reviews information gathered during the discovery sub- phase, the planned hardware configurations, and current best practices in order to develop baseline design information. • Design Documentation: Dataway staff lead an effort to develop a final design custom to the Client. The effort is an interactive process between Dataway engineers and the Client staff, as tradeoffs in design decisions, implementation impacts and issues, and the final selection of features for implementation are discussed . • Design Review: Reviews of the design are used as both educational tools, and as forums for transferring knowledge to staff performing implementation work. • Fieldwork: This is an umbrella phase encompassing the practical, "hands-on", application of Dataway's expertise as the expertise pertains to the project's goals and objectives. For example, if the engagement is strictly an analysis of policies, with no actual changes to Client network software and/or hardware, then the examination and analysis of the Client's policies constitutes the work in this phase, with a recommendations document being a possible deliverable. If the engagement is for an add/change/remove of Client network software and/or hardware, then the Fieldwork is where the design is applied in an implementation (a build-out, and/or software/configuration changes, in accordance with the design). Often, projects involve aspects of both Client policy review, and subsequent changes to the Client environment. Fieldwork varies based on the scope selected and other timing factors discussed during planning. In appropriate projects, the actual duration is defined during planning to ensure any required testing is performed only during authorized dates and time windows. Field work can occur onsite or remotely, as arranged with the Client. • Testing: Dataway performs incremental testing during fieldwork and Pilot phases, in order to verify the design, as well as the hardware and software configuration, and to test agreed-upon functionalities. Note that Dataway's testing is generally confined to the network infrastructure, and specifically does not include testing the applications/data flows that traverse the infrastructure. This type of application testing is the responsibility of the Client. • Stabilization and Deliverables Phase: Post-fieldwork, Dataway can be readily available over a period of stabilization. Post-fieldwork is also when documentation is completed. Important work that occurs during this time includes the following: • Stabilization/"Go Live" Support: Dataway offers clients the opportunity to have one or more the Professional Services Organization (PSO) engineers who designed and/or helped implement the project on retainer for a pre-agreed stabilization duration and schedule. Dataway will not re-prioritize or reallocate these resources during the stabilization period. The PSO engineer(s) will be available to respond with alacrity to any issues that arise in the project-deployed environment. A small percentage of clients elect to not have this "Go Live" Support. However, clients must be aware that if they elect to not utilize "Go Live" Support, that they cannot be guaranteed immediate access to PSO engineers. Instead, clients would most likely be routed through Dataway's Managed Services Department, if supported. Confldt nIl, & Pr")p~ ·etary 8 of 18 Statement of Work I Enterprise Mobility Management Pilot Prolect City of San Rafael Project Phases The Client's approach to post-implementation stabilization and "Go Live" Support is defined during the planning phase. Note: "'Go Live' Support" refers to PSO engineers being available to assist clients with post-implementation network issues. "Support" refers to the team within Dataway who deliver Managed Services. Final Deliverable Development: The final deliverables list and timeline are defined during the planning phase. Final deliverables are submitted to the previously agree- upon recipients. Deliverable Quality Assurance: The deliverable is subject to Dataway's QA process prior to issuance. • Deliverable Submission: The deliverable is issued to the Client, typically within three weeks of stabilization completion. Upon submission, Dataway will also coordinate a review session with the Client. • Review Session: During the review session, Dataway and the Client will discuss any key findings, answer questions, discuss remediation approaches and identify any clarifications or revisions. • Closure and Managed Services: Project completion and closeout are recorded in writing , and if the Client has purchased continued support through Dataway's Managed Services , then the newly implemented devices/services are onboarded into Dataway's monitoring and management tools. Closure: Written Client acceptance (email suffices) of project-closing documentation, including: all project deliverables; a project closure report, recounting, at a high level, the services rendered to the Client; and the application test results from the testing phase, will constitute official project closure. Managed Services: Transitioning infrastructure from an active project to Managed Services requires that the infrastructure undergo an onboarding process to Dataway's monitoring and management tools. The onboarding process is detailed in a SoW that is provided to those who purchase Managed Services; essentially, the process involves Dataway PSO engineers gathering information that would be needed by Dataway Support staff to perform their job: information such as configuration file data, licensing, monitoring thresholds (which are used to instrument (configure) the monitoring tool), device passwords, login/device access method, and authorization/escalation/contact trees. If Managed Services are purchased to coincide with a project deployment, most of the above information will be generated and already known through project deliverables/artifacts. Confidential & Proprietary 9 of 18 Statement of Work I Enterpnse Mobility Management Pilot Project City of San Rafael Scope and Boundar es Scope and Boundaries To meet the City's objectives, the work efforts detailed in this SoW will be performed as they pertain to the scope and boundaries defined below. Also defined are the City's responsibilities to ensure project success. Phase I Work Effort Initiation and Planning Scope and Boundaries Dataway and City Scope Host a remote project planning session. Mobile Devices In Scope: • iOS • Android End-user Population In Scope: 12 users, total , across three City departments : • 6 Police • 3 Fire • 3 Information Technology Determine Project Schedule: The City has scheduled this project to begin in mid -March of this year. Dataway anticipates a 90 day timeline for a pilot deployment of this type . Schedule to be detailed and finalized during project kickoff/readiness . Determine Project Location(s): Dataway's work will take place both onsite at location(s) determined by the City of Rafael 's IT department, and remotely from the City. City of San Rafael will identify onsite location(s) during project kickoff/readiness . Determine Onsite Contact(s): At project kickoff/readiness , the City of San Rafael will assign one primary and one secondary contact on site (per location , if necessary). These contacts (or their designees) will be available to assist onsite Dataway resources , on mutually scheduled onsite work days , with such issues as access to facilities/locations in scope of this project, helping to ensure that any location preparation that is needed for work to take place is completed , and answering project-related questions as they arise in the course of work. Primary Contact Clyne Acosta City of San Rafael IT Security Program Coordinator clyne.acosta@cityofsanrafael .org Mobile : 707 .771 .9773 ~--------~------------------------------------------------------~ Con'Ic .;"tldl !l. Propneta-y 10 of 18 Statement of Work I Enterprise Mobility ManagemEnt Pilot ProjEct City of San Rafael Secondary Contact Gus Bush IT Manager, City of San Rafael Gus .Bush@cityofsanrafael .org Office : 415-458-5302 Project Management Scope and Boundaries The general process to implement a project such as this is as follows : • Initiation: Upon receipt of the executed SoW; Dataway's Project Manager will contact the project lead within 1-3 business days to acknowledge receipt and initiate the project. Initiation means that project scope, resources, tasks, and budget begin to be actively monitored and managed , and that an initial project planning session is arranged with the Client Project Lead , the Dataway Project Manager, and other stakeholders as identified by the Client Project Lead. This session is typically scheduled within a week of initiation . • Planning Session: The scheduled planning session is conducted and led by the Dataway Project Manager. During the planning session , the project is "kicked-off' through introductions of project personnel (resources and stakeholders), and project readiness is confirmed through review of the scope of services (including resources , technologies , locations , work tasks, and deliverables), the identification and documentation of additional stakeholders , the definition and/or confirmation of technical planning requirements , as well as the listing and/or confirmation of items or tasks that are needed for project Discovery . Time is reserved during the session for questions , as a subset of Client stakeholders may be new to the project. The fieldwork schedule is also discussed and confirmed. For most projects , the initial fieldwork typically begins within three weeks following the schedule confirmation ; however, this may vary based on Dataway and Client resource availability , site readiness , or other constraints identified during the planning session . • Issue Project Plan: Following the conclusion of the initial planning session , Dataway will develop an initial project plan . The project plan documents timing , approach , and additional information necessary to conduct the project. The project plan is issued to the Client for review , accompanied with a summary of open items requiring completion . • Finalize Project Plan: If there are open items , the Client completes the appropriate areas of the plan and returns to Dataway. Dataway will perform a final review and issue the plan as final. • Fieldwork Preparation: Based on the scope of work , certain tasks are coordinated and completed . For example : o If travel is a factor, arrangements for travel (including , but not limited to , transportation and accommodations) are made . o Any required onsite access is arranged for. o Credentialing (username/password/access and authority levels) for the technology in scope is provided to Dataway resources , as are the methods by which Dataway will be able to access the technology (for example , remo_te_IYL-v _ia-LJ_um_l-,---plho_s--,-t)L-. ______ --' Co"nfidentlal & Proprietary 11 of 18 Statef'1e It Of War" E..nterpnse Mool tv ManagelT ert Pitot ProjE'C t C ty of Sal' Rafael Sea le and 80 ,'1dar e, Fieldwork o If certain connectivity requirements were identified during planning , these are coordinated and implemented in advance of fieldwork. • Fieldwork, Testing, and Training: The duration of the project fieldwork, testing, and training generally spans 12 weeks , but varies based on the scope selected and other timing factors discussed during planning . In appropriate projects, the actual duration is defined during planning to ensure testing is performed only during authorized dates and time windows . • Deliverable Development: Following the conclusion of fieldwork , Dataway will develop the agreed upon project deliverables. • Deliverable Quality Assurance: The deliverable is subject to Dataway's QA process prior to issuance. City and Dataway Scope Architecture requirements: To meet the City 's Architecture requirements for this project , Dataway and the City will partner to identify and apply best MOM practices . The plan will include the following for the Pilot scope : • Define end-user population • Sequence of changes • Communication plan Policy requirements: Dataway and the City will partner to identity the applications that will be required to run on the mobile devices utilized in the pilot. This is one of the tasks that fulfills the Policy requirements . Identification of the required applications is crucial to development of a City white/black mobile application list , which in turn informs AirWatch template configuration , as well as any template test plans that the City develops . Dataway Scope Architecture requirements: Dataway will complete the following tasks to meet the City 's Architecture requirements for this project: • Centralized Management: Dataway will provide gu idance towards centralized management while allowing assigned responsibility to sub- groups , as supported by Airwatch • Scalability: Dataway will provide guidance towards a scalable solution that could handle the inclusion of other City departments • Standardized Workflow: OW will develop and provide a standardized workflow to deploy devices. Policy requirements: Dataway will complete the following tasks to meet the City 's Policy requirements for this project: • Recommend Security best practice (as defined by Federal , State , and local data management and privacy laws) available features to enable on AirWatch • Present San Rafael with recommendations for which AirWatch features to enable - C'lrfldentlal & Proprretary 12 of 18 Statement of Work I Enterprise Mobility Management Pilot Project City of San Rafael Scope and Boundanes • City of San Rafael cybersecurity policy review : Review San Rafael BYOO/EMM and Acceptable Use policies; advise on changes needed for use with new EMM approach. • Configure anti-virus/posture checks • Configure centralized control of applications (e.g. install/uninstall), including operating system patches and updates Security requirements: Oataway will complete the following tasks to meet the City's Security requirements for this project , as supported by AirWatch : • Provide advice and assistance with preparing AirWatch templates for use by San Rafael Police , Fire , and IT users, including recommended restrictions to impose on mobile devices . • Information Security Tasks • Perform business-level information security risk analysis to confirm features enabled are optimal for OOJ requirements and user community impact is approved by San Rafael project sponsorship • Review monitoring process in place • Confirm roles and responsibilities for identifying and responding to security threats • Configure Security features : passcode, encryption , restriction of jailbreak/rooting • Configure Containerization of data and/or apps , restriction of apps or phone features , and separation of Corporate and personal data on devices • Configure remote locate , lock, Enterprise wipe (only affect enterprise data/applications) • Configure backup of designated device files from device to network • Configure enforcement of security measures : higher level of complexity of passcode and other locking mechanisms Training and Support Requirements: To meet the City 's Training and Support requirements , Oataway will provide technical assistance for the following activities : • Assistance preparing documentation and delivering end-user training during MOM pilot process . • Technical assistance to San Rafael 's IT staff with implementing AirWatch features during MOM pilot process . • Technical assistance with migration of pilot users onto AirWatch , including resolution of common issues encountered . City Scope Oataway highly recommends that in the City develop an AirWatch template test plan for the devices , applications , and end-users in scope for this pilot. Test results would indicate the success of the pilot , and areas in need of remediation and retesting . Testing Generally speaking , in technology deployment projects , one or more specific testing phase(s) precede(s) the deployment of the technology to a Confidential & Proprietary 13 of 18 Slale nel I Jf Work :. lk'rpnse Moblilly !\JIand~f',..,~nl P 101 pro) .;1 Cily Of San Rdfa ... '1 Sc.ope C!"d Bourc c:;r ('s r,:-raining Sustain ability and Transition to Operation Deliverables Closure and Managed Services larger audience beyond the IT group that worked on the technology. However. this AirWatch pilot project as a whole is a testlproof-of-concept where the goal is precisely to have user groups beyond IT test the deployment of a technology. Therefore . for this project. a project phase designated as "Testing" here follows the deployment phase . City Scope Dataway highly recommends that the City carry out a defined test plan for the devices. applications. and end-users in scope for this pilot. Test results would indicate the success of the pilot. and areas in need of remediation and retesting. City and Dataway Scope Training and Support Requirements: As noted above . to meet the City's Training and Support requ irements . the City and Dataway will partner to produce documentation to support training. Dataway Scope Dataway can provide consultation in the following areas to help the City plan for long-term success of the AirWatch template deployment: • Provide recommendations . based off of client support infrastructure. for identifying. tracking . and resolving problems with an operational AirWatch environment. • Determine how Users will be prioritized • Provide recommendations on how user change requests will be addressed ~.------------- Dataway Scope Ensure that all deliverables listed in the Deliverables section . below . have been provided to the Client. City Scope Review all deliverables Dataway Scope • Author project closure report . which recounts . at a high level . the work that Dataway performed for the Client. • Conduct onboarding process if the Client has purchased Managed Services. This is a process outside the scope of this SoW. and which would be covered under its own SoW. City Scope • Confirm network is working as expected • Notify the Project Manager of acceptance of closure report and completion of project - 14 of 18 • ! Statement of Work I Enterprise Mobility Management Pilot Project City of San Rafael Scope and Boundaries Deliverables Dataway will generate the following project artifacts (written and/or illustrated documentation) for delivery at mutually scheduled times to coincide with the appropriate project phase for each deliverable : • Meeting notes and/or minutes (applicable to entire project) • Project Plan • Recommendations of Airwatch features to enable , for joint teams' review • Revised BYOD/MDM and Acceptable Use policies, as deemed appropriate by DW • Standardized deployment workflow recommendation • Recommended communication plan to pilot user community • Project closure report Confidential & Proprretary 15 of 18 Stat 'lei lor Wo k I ~nler(' 'Sf> Mobility 'VIanaqelT' ~ 'I p, ~! P'oJect City of Sa ' Ra'ael Financial Investment Project Pricing The system planning and design efforts will be billed on a fixed fee basis. Additional work, to be identified during planning, will be billed on a time and materials basis. Dataway will conduct regular status checks with City to track progress and to provide updated estimates, if needed. Work Description Financiallnvesbnent Fixed Fee for system planning and design $20 ,000 Time and Materials (for additional work to be identified during planning) TBD Total system plann in g and design $20 ,000 Payment Fees will be paid in accordance to the following schedule: # Milestone/Date Amount 1. Fixed Fee Project Retainer $4 ,000 (20%) 2. Fixed Fee Milestone : Completion of work through the Architecture $8 ,000 (40%) Requirements of the Fieldwork Jlhase $8 ,000 (40%) 3. Fixed Fee M ilestone : Completion of Security Requirements work in Fieldwork phase 4. Time and Material ($250/hr. billed weekly) TBD Total system planning and design $20 ,000 Travel Expenses Travel expenses are billed as incurred with receipts provided for any expense over $20. Confld~.,tl 1& pr ,'JIlt' i:lry CONTRACT ROUTING FORM INSTRUCTIONS: Use this cover sheet to circulate all contracts for review and approval in the order shown below. TO BE COMPLETED BY INITIATING DEPARTMENT PROJECT MANAGER: Contracting Department: Information Technology Project Manager: Gus Bush Extension: x5302 Contractor Name: Dataway, Inc. Contractor's Contact: Jason Lawrence Contact's Email: jlawrence@dataway.com o FPPC: Check if Contractor/Consultant must file Form 700 Step RESPONSIBLE DESCRIPTION DEPARTMENT 1 Project Manager a. Email PINS Introductory Notice to Contractor b . Email contract (in Word) & attachments to City Atty c/o Laraine.Gittens@cityofsanrafael.org 2 City Attorney a. Review, revise, and comment on draft agreement and return to Project Manager b. Confirm insurance requirements, create Job on PINS, send PINS insurance notice to contractor 3 Project Manager Forward three (3) originals offinal agreement to contractor for their signature 4 Project Manager When necessary, * contractor-signed agreement agendized for Council approval *P5A > $20,000; or Purchase> $35,000; or Public Works Contract> $125,000 Date of Council approval PRINT CONTINUE ROUTING PROCESS WITH HARD COPY 5 Project Manager Forward signed original agreements to City Attorney with printed copy of this routing form 6 City Attorney Review and approve hard copy of signed agreement 7 City Attorney Review and approve insurance in PINS, and bonds (for Public Works Contracts) 8 City Manager / Mayor Agreement executed by Council authorized official 9 City Clerk Attest signatures, retains original agreement and forwards copies to Project Manager COMPLETED DATE 3/22/2018 3/22/2018 4/5/2018 4/5/2018 4/9/2018 ~ N/A Or Click here to enter a date. 4/17/2018 'f/lffh~ '-I /Itg I /g Lf /UJI (~ t;l\\ \~ REVIEWER Check/Initial ~ GB ~ ~ LG ~ LG ~ GB 0 ;;:vGB IJs- 4- ~ ~ "-~~