Loading...
DS JusticeMDM Application ServicesInteroffice Memorandum To: Jim Schutz, City Manager CC: Cristine Alilovich, Assistant City Manager Thru: City Attorney's Office From: Gus Bush, IT Manager Date: 8/16/2018 Re: MOU with CA DOJ for JusticeMDM Application Services Request City Manager's signature on the attached Memorandum of Understanding (MOU) with the California Department of Justice (CA DOJ) for the City to receive mobile data management (MDM) services. Since April 2018, IT has been working with CA DOJ to pilot services from their JusticeMDM system. The system can be used to centrally manage the configuration and control of the mobile devices such as smartphones and tablets. We have had 12-15 test users from IT, SRPD, and SRFD during the pilot phase. SRPD is particularly interested in this technology because it will allow them to eventually gain access to DOJ data from their smartphones, to supplement what they can already access from their vehicle computers. In addition to providing expanded DOJ data access for SRPD, the system will allow participating departments to control the configuration settings and applications installed on each device, to secure the data on the devices, and to update data/configurations remotely. This will include the ability to wipe data in the event a device is lost or stolen. In addition to meeting departments' functional needs, implementation of an MDM system is one of this year's goals for the IT security program. IT recommends the City implement DOJ's system with an initial 140 connection licenses, at a cost of approximately $4,200 per year. This will allow SRPD to connect all of their current mobile devices, without DOJ data access for the time being (until a formal application is completed with DOJ for expanded access). It will also allow SRFD and IT to continue testing the system for usability by other departments. If all City departments eventually sign up to use the system, IT estimates the yearly cost will be somewhere between $10,000 and $15,000 per year (depending on the exact number of devices and the level of security required for each device). These costs would be covered in the Technology Fund (Fund 601) and budgeted as needed each fiscal year. Please let me know if you have any questions/concerns. Thanks Ji -3- �y5 Memorandum of Understanding JusticeMDM Application Services BETWEEN California Department of Justice California Justice Information Services Division Technology Support Bureau W. City of San Rafael FOR OFFICIAL USE ONLY August 2018 California Department of Justice Technology Support Bureau 1. Purpose Memorandum of Understanding The California Department of Justice (DOJ), California Justice Information Services Division, Technology Support Bureau (TSB), also referred to as State, and the City of San Rafael, hereafter referred to as Agency, enter into this memorandum of understanding (MOU) for the purposes of DOJ to provide JusticeMDM application services to the Agency. 2. Background The Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) Security Policy hereinafter referred as the FBI Criminal Justice Information Services Security Policy (CSP), outlines the requirements agencies need to adhere to in order to access CJIS data on mobile devices. In the spring of 2013, the DOJ Hawkins Data Center (HDC) successfully completed the deployment of mobile devices with access to CJIS data to DOJ Special Agents. Using this newly developed solution, DOJ is assisting its Law Enforcement Agency Partners (LEAP) in being able to access CJIS data on their Agency owned devices. This service is built to suit, modular in design and available to all LEAP in good standing. 3. Services and Responsibilities DOJ JusticeMDM - This level of service does not include access to Criminal Justice Information and is strictly for the use of those jurisdictions wishing to take advantage of the California Department of Justice's services for Mobile Device Management (MDM). If an agency wishes to utilize their own infrastructure to access Criminal Justice Information they can do so with the approval of a California Law Enforcement Telecommunications System (CLETS) upgrade application to the CLETS Administration Section (CAS) and the CLETS Advisory Committee (CAC). Agency and DOJ will review DOJ's performance and discuss other issues related to service planning. During these reviews, the Agency is obligated to present any changes in the workload requirements and to report on any changes in the service quality or delivery. In addition, DOJ is obligated to advise the Agency of any changes which will affect service quality, ability to meet the workload requirements of client agencies and/or variances in schedules or cost. Revised 5125/2018 DOJ/Agency — 8116/2018 3:14 PM Page 2 of 8 California Department of Justice Technology Support Bureau The DOJ will be responsible for the following: JusticeMDM Team Memorandum of Understanding 1. Install, configure, monitor and maintain physical server hardware located at DOJ facilities. 2. Install, configure, and monitor virtual server instance(s) running on hardware at DOJ facilities. 3. Provide Simple Mail Transport Protocol (SMTP) service for the MDM instance for routing MDM email traffic. 4. Serve as the central point of contact and liaison for HDC operations, network, server, password issues and security sections by the DOJ Computer Operations Unit. 5. Provide server and network support to authorized subscribing Agency's administrators during regular business hours 8:00 a.m. to 5:00 p.m. (Pacific Standard Time) Monday through Friday, excluding holidays and provide afterhours call back services for support of MDM infrastructure and services. 6. Maintain licensing for subscribing agency. 7. Maintain separate MDM instance of subscribing LEAP for security. 8. Purchase and provide MDM licenses as stated in Exhibit D, Costs and Payment Method, to Agency during the term of the MOU. 9. Provide invoice(s) for the MDM licenses to Agency 10. Provide Virtual Machine (VM) Server licensing for two VM's each at HDC and DOJ's Disaster Recovery (DR) location. 11. Create and maintain Apple Push Notification Service certificates for agencies. The DOJ will provide the following services: California Justice Information Services Division (CJISD), Information Security and Digital Investigation Services Section CJISD, IT Contracts & • Oversee and maintain end point CJIS security requirements . Maintain and administer the MOU Procurement Unit (ITCPU) Revised 5125/2018 DOJ/Agency — 8/16/2018 3:14 PM Page 3 of 8 Prepare MOU amendments and renewals Submit request to DOJ's Accounting Office to invoice Agency for reimbursement of costs California Department of Justice Memorandum of Understanding Technology Support Bureau TSB will provide the core support services for the JusticeMDM as shown in the diagram below: DD C uRer IS IKI I'Mr, flf■lFitt�® ■mei■i i■i■i■® =13 NEW till■NEW SAIN M■ Jtiw=MW UU I ler Irewal, rl."I DIN. I 4 ■i® ■EEi■�0� w: iii11•i1 � i■iiiw MENE 0 illl'i'ilwi 'liliJ � a Lnwl Ie6winUrner U01 ntrt et Router LAtdrnal1lre-x414 JuaticeMuale Internal I Irma App't, ur And•u.d MUM Service Ckr� cr, California Department of Justice Network JusticeMDM — Higlt Level Overivew California Department of Justice Revised 5125/2018 DOJ/Agency — 8/16/2018 3:14 PM Page 4 of 8 California Department of Justice Memorandum of Understanding Technology Support Bureau Agency The Agency is obligated to contact DOJ's Computer Operations Unit when reporting any problems with the JusticeMDM solution (see System and Software Maintenance section for contact information). Changes in workload projections, equipment configurations, application configuration, service changes, or additional clients may increase charges and require a modification of this MOU. The Agency will be responsible for the following: 1. Provision and manage Agency users within the JusticeMDM solution. 2. Provision Agency mobile devices with JusticeMDM solution. 3. Provide troubleshooting and technical support for Agency mobile devices. 4. Ensure Policy compliance with CJIS Security Policy on all devices that will access CJIS data as stated in Exhibit B. 5. Maintain applications in the Agency Application Store. 6. Manage deployment of policies, configuration and applications to Agency mobile devices. 7. Manage accounts and licenses for Agency instance using the MDM Console. 8. Request number of Clients/devices on an annual basis as part of the MOU renewal, which should commence 90 days prior to expiration annually. 9. The Agency will reconcile licenses being used annually. 4. Responsible Parties Representatives for the term of the contract will be: DOJ Name, Title, Role Business Agency I Address Kelli Luther Supervisor, Enterprise Information Systems Unit Lisa Saucedo Contract Analyst, ITCPU Manages 4949 Broadway onboarding Sacramento, JusticeMDM CA 95820 Manages the MOU Revised 5/25/2018 DOJ/Agency — 8/16/2018 3:14 PM Page 5 of 8 4949 Broadway Sacramento, CA 95820 I Phone/Email (916) 210-5063 Kelli. Luther63-doj.ca.gov i (916) 210-5358 ITMOUI�doj.ca.gov California Department of Justice Technology Support Bureau DOJ JusticeMDM Computer Point of Operations Contact Unit Agency Memorandum of Understanding 4949 Broadway (916) 227-3000 Sacramento, HDC.ComputerOperations(cD-doi.ca.gov CA 95820 Name, Title, Business Agency Role Address Gus Bush, City of San Agency 1400 Fifth Rafael IT contact for IT Avenue, San 415- billing and Rafael CA gus. Manager policy 94901 Vinh Pham, City of San Technical lead 1400 Fifth Rafael Senior for Agency Avenue, San 415 - Network network Rafael CA vinh Administrator services 94901 Clyne Acosta, City of San Rafael IT Primary 1400 Fifth Security contact for Avenue, San 707- Program Agency MDM Rafael, CA clyn Coordinator implementation 94901 City of San Maintains and 1400 Fifth Rafael IT Help supports Avenue, San 415 - Desk Agency mobile Rafael, CA ithel devices 94901 5. Term of Agreement Phone/Email 458-5302 bush@cityofsanrafael.org 485-3028 pham@cityofsanrafael.org 646-9773 e.acosta@cityofsanrafael org 485-3462 p@cityofsanrafael.org This MOU will commence on August 20, 2018 and expire on August 19, 2019. Billing will occur annually upfront. This MOU will be evaluated ninety (90) days prior to its expiration to renew and/or negotiate changes. Changes may include, but are not limited to scope, schedule or costs. If renewing, a new contract with updated signatures and current dates will be required. This Agreement may be amended by mutual consent of both parties. The DOJ may also terminate this MOU at any time if circumstances warrant such action, refer to Exhibit B, Item 3 for additional details. Revised 5/25/2018 DOJ/Agency — 8/28/2018 12:48 PM Page 6 of 8 California Department of Justice Memorandum of Understanding Technology Support Bureau 6. Exhibits All applicable exhibits are included with this MOU. The Agency agrees to accept and abide by the requirements outlined in each Exhibit. However, it should be noted that ALL language contained within every exhibit may not apply to every MOU. A. Special Terms and Conditions Refer to Exhibit A B. Miscellaneous Provisions Including Termination Refer to Exhibit B C. Confidentiality and Access Refer to Exhibit C (NOT APPLICABLE AND THEREFORE NOT ATTACHED) D. Costs and Payment Method Refer to Exhibit D E. Breach Response Refer to Exhibit E Revised 5/25/2018 DOJ/Agency — 8/16/2018 3:14 PM Page 7 of 8 California Department of Justice Technology Support Bureau Memorandum of Understanding IN WITNESS WHEREOF, the parties hereto have executed this MOU on the day and year as indicated: Lee Mosbrucker, Director Technology Services Bureau Department of Justice, California Justice Information Services Division Joe Dominic, Chief Information Officer (CIO) and Chief, Department of Justice, California Justice Information Services Division Chris Ryan, Chief Department of Justice Division of Operations Date Date Date Todd Ibbotson, CJIS Information Security Officer Date Department of Justice J hutz, City ager Date City of San Rafael Attest: Lindsay Lara, City Clerk Date City of San Rafael Approved as to Form: 0 L 2-- f 2b/ g' Robert F. Epstein, City A rney Da e City of San Rafael Revised 5M/201-8 DOJ/Agency — 8/17/2018 3:44 PM Page 8 of 8 California Department of Justice Memorandum of Understanding Exhibit A. Special Terms and Conditions EXHIBIT A SPECIAL TERMS AND CONDITIONS 1. STATE OF CONFIDENTIALITY: The DOJ has criminal justice and other confidential data in its custody. Unauthorized inspection or disclosure of criminal justice data or other confidential data is punishable by law. Unauthorized inspection or disclosure of criminal justice data and other confidential data may be punishable by jail time and/or a fine. Each Agency and each of its employees who may have access to the confidential or sensitive data of the other agency will be required to have on file a signed confidentiality statement, attesting to the fact that it/he/she is aware of the confidential data and the penalties for unauthorized disclosure thereof under applicable state and federal law. The confidentiality statement shall be renewed every two (2) years. 2. USE OF INFORMATION: The Agency agrees that the information furnished or secured pursuant to this MOU shall be used solely for the purposes described in the Purpose outlined in the Section 1 of the MOU. The Agency further agrees that information obtained under this MOU will not be reproduced, published, sold or released in original or in any other form. 3. DATA OWNERSHIP: The criminal justice information or sensitive information being provided under this MOU remains the exclusive property of the respective criminal justice agency that submitted the data to the DOJ. Confidential criminal justice and sensitive data/information are not open to the public and require special precautions to protect from loss and unauthorized use, disclosure, modification, or destruction. The recipient agency shall have the right to use and process the disclosed information for the purposes stated in the Purpose outlined in Section 1 of this MOU. All rights shall be revoked and terminated immediately upon termination of this MOU. 4. EMPLOYEE ACCESS TO INFORMATION: The Agency agrees that the information obtained will be kept in the strictest confidence and shall make information available to its own employees only on a "need to know" basis. The "need to know" standard is met by authorized employees who need the information to perform their official duties in connection with the uses of the information authorized by the MOU. The Agency recognizes its responsibilities to protect the confidentiality of the information in their custody as provided by law and ensures such information is disclosed only to those individuals and of such purpose, authorized by the respective laws. 5. INFORMATION SECURITY: Information security is defined as the preservation of the confidentiality, integrity, and availability of information. A secure environment is required to protect the confidential information obtained by pursuant to this MOU. The Revised 6/14/2018__ Page 1 of 5 California Department of Justice Memorandum of Understanding Exhibit A, Special Terms and Conditions Agency will store information so that it is physically secure from unauthorized access. All data and records received will be securely maintained and accessible only by the employees of the specified program who are committed to protect the data from unauthorized access, use or disclosure. 6. CLOUD COMPUTING ENVIRONMENT: A Cloud Computing Environment cannot be used to receive, transmit, store or process DOJ's confidential criminal justice data. 7. DESTRUCTION OF RECORDS: All records received by Agency from DOJ and any documents created, copies made, or files attributed to the records received will be destroyed within 30 days of completion of the business purpose for which it was obtained. The records shall be destroyed in a manner to be deemed unusable or unreadable and to the extent that an individual record can no longer be reasonably ascertained. 8. SAFEGUARD REVIEW: The DOJ retains the right to conduct on site safeguard review of the Agency use of DOJ information and security controls established. The DOJ will provide a minimum of seven (7) days' notice of a safeguard review being conducted by DOJ staff. 9. POTENTIAL SUBCONTRACTORS: Prior to the use of a subcontractor(s) to store, use, process, transmit, and/or access DOJ data, notification to, and written approval from DOJ is required 60 days in advance. The notification must include complete name and address of the entity, purpose for use of a subcontractor, location(s) where the data is or will be stored or used, and contact information. Nothing contained in this MOU or otherwise shall create any contractual relationship between the DOJ and any subcontractors, and no subcontract shall relieve the Agency of its responsibilities and obligations hereunder. The Agency agrees to be as fully responsible to the DOJ for the acts and omissions of its subcontractors and of persons either directly or indirectly employed by any of them, as it is for the acts and omissions of persons directly employed by the Agency. The Agency obligation to pay its subcontractors is an independent obligation from the DOJ's obligation, if any, to make payments to the Agency. As a result, the DOJ shall have no obligation to pay or to verify the payment of any monies to any subcontractor. 10. System and Software Maintenance: Hours of Operation: DOJ systems are monitored 24x7x365 by the DOJ Computer Operations Unit Revised 6/14/20`18 Page 2 of 5 California Department of Justice Memorandum of Understanding Exhibit A, Special Terms and Conditions Contact Phone Email Business Hours DOJ Computer (916) 227-3000 HDC.ComputerOperations 24x7x365 O Operations Unit p (cD-doi.ca.gov support Service Level Agreement The Service Level Agreement (SLA) outlines the response and resolution times agreed upon by DOJ and the [Insert Agency Acronym] per the criticality defined below: Critical 1. A problem that severely impacts the use of JusticeMDM software in the production environment. 2. The production system is down or unusable as a result of a problem. 3. A degraded mode of operation is not available or acceptable. 4. Problem causes mission -critical impact on customer's operation with no acceptable workaround or functionality to perform tasks essential to customer operations. High 1. A problem where the JusticeMDM software is functioning, but production environment usage is reduced. 2. System is up and running and the problem causes moderate or limited impact while most business operations remain functional. 3. Service is necessary, but an immediate resolution is not essential. 4. The problem is important to long-term productivity but not causing an immediate work stoppage. 5. A workaround may exist. Standard 1. A problem with JusticeMDM that does not have significant impact to the customer's business operations. 2. The software continues to function. 3. A workaround may exist. 4. Low impact on the ability for the software to provide full functionality. 5. Annoyances or issues that can be repaired during standard planned maintenance windows. Low 1. Request for Enhancement. 2. General Usage Questions. Service Level during regular Business Hours (7 a.m. to 5 p.m.) Revised 611412018 Page 3 of 5 California Department of Justice Memorandum of Understanding Exhibit A, Special Terms and Conditions Service Level Response Resolution Critical <30 minutes 1 hour High 1 hour 2 hours Standard 2 hours 4 hours Low 4 hours 8 hours Resolution means that DOJ has resolved the issue or escalated the issue appropriately to the software vendor. Service Level during non -regular Business Hours (5:01 p.m. to 6:59 a.m.) Service Level Response Resolution Critical 1 hour 2 hours High 2 hours 4 hours Standard Next business day Next maintenance window Low Next business day I Next business da Resolution means that DOJ has resolved the issue, escalated the issue appropriately to the software vendor, or provided a response to re uestor. If escalation path is slow or no response occurs contact one of the following: Kelli Luther (916) 210-5063 Supervisor Enterprise Information Systems Unit Technology Support Bureau Chris Cademarti (916) 210-5221 Manager Services Support & Cloud Infrastructure Section Technology Support Bureau If the level of service related to a request is not satisfactory contact Nancy Johnson, Information Technology Manager II, Strategic Transport & Technology Services Branch at Nancy.Johnson@doj.ca.gov. Agency input will be appropriately categorized and processed and a response will be provided indicating the action taken. Maintenance Process. System software and hardware upgrades and maintenance will be routinely conducted to provide optimum reliable service performance. Scheduled downtime for system maintenance will be limited to non -regular business hours; however, security updates requiring immediate attention will be performed when needed. During scheduled maintenance periods, users may experience temporary interruptions. The [Insert Agency Acronym] will receive an e-mail notification of scheduled maintenance activities three (3) calendar days before scheduled service interruptions. The notification will include an abbreviated overview of planned activities and potential service interruption. Revised 6/14/2018 Page 4 of 5 California Department of Justice Memorandum of Understanding Exhibit A, Special Terms and Conditions Scheduled, non -emergency downtime. System maintenance will be limited to non - regular business hours. The [Insert Agency Acronym] will receive an e-mail notification of scheduled maintenance activities three (3) calendar days prior to scheduled service interruptions. The notification will include an abbreviated overview of planned activities and potential service interruption. • Unscheduled, emergency downtime. Unscheduled system maintenance will be conducted only when a system component has failed without warning, or the operational integrity or system security is faced with an immediate failure. If possible, the Agency will receive an e-mail announcement of unscheduled emergency maintenance activities prior to the unscheduled service interruption. The notification will include an abbreviated overview of planned activities and potential service interruption. Change Management Process. DOJ agrees to notify the Agency in advance of any technical or system changes that will affect the JusticeMDM system or access to the system. This includes any scheduled maintenance periods, or emergency maintenance; disconnection or suspension of the service by either agency party; modifications to agreed upon configurations or outages. Contacts for such notification are listed in the Responsible Parties section. • Disaster Recovery Process. In the event of a major service disruption or major catastrophic event, DOJ agrees to coordinate the recovery of JusticeMDM to meet the recovery time objective for the system or service. DOJ will address the JusticeMDM service after all DOJ systems have been addressed. 11. Miscellaneous Provisions Includinq Termination: Agency or DOJ may terminate this agreement with at least ninety (90) calendar days written notice prior to the effective date of such termination, which date shall be specified in such notice. Early termination of the MOU will result in the forfeiture of fees paid through the end of MOU agreement term. 12. Confidentiality and Access: All agency systems and users are expected to protect DOTS, Law Enforcement Network and associated information, in accordance with the Privacy Act and Trade Secrets Act (18 U.S. Code 1905), the Unauthorized Access Act (18 U.S. Code 2701 and 2710), the California Information Practices Act of 1977 (Civil Code 1798), and the State Administrative Manual Chapter 5300 — 5365.3. Revised 6114/2018 Page 5 of 5 California Department of Justice Memorandum of Understanding Exhibit B, Miscellaneous Provisions EXHIBIT B MISCELLANEOUS PROVISIONS 1. APPLICABLE LAW: This MOU shall be governed by and shall be interpreted in accordance with the laws of the State of California; venue of any action brought with regard to this MOU shall be in Sacramento County, Sacramento, California. 2. COMPLIANCE WITH STATUTES AND REGULATIONS: a. The State and Agency warrants and certifies that in the performance of this MOU, it will comply with all applicable statutes, rules, regulations and orders stated in this MOU. The Agency agrees to indemnify the State against any loss, cost, damage or liability by reason of the Agency violation of this provision. b. The State will notify the Agency of any such claim in writing and tender the defense thereof within a reasonable time; and c. The Agency will have sole control of the defense of any action on such claim and all negotiations for its settlement or compromise; provided that (i) when substantial principles of government or public law are involved, when litigation might create precedent affecting future State operations or liability, or when involvement of the State is otherwise mandated by law, the State may participate in such action at its own expense with respect to attorneys' fees and costs (but not liability); (ii) where a settlement would impose liability on the State, affect principles of California government or public law, or impact the authority of the State, the State will have the right to approved or disapprove any settlement or compromise, which approval will not unreasonably be withheld or delayed; and (iii) the State will reasonably cooperate in the defense and in any related settlement negotiations. 3. TERMINATION FOR THE CONVENIENCE OF THE STATE: a. The State may terminate performance of work under this MOU for its convenience in whole or, from time to time, in part, if the DOJ determines that a termination is in the State's interest. The DOJ shall terminate by delivering to the Agency a Notice of Termination specifying the extent of termination and the effective date thereof. b. After receipt of a Notice of Termination, and except as directed by the State, the Agency shall immediately proceed with the following obligations, as applicable, regardless of any delay in determining or adjusting any amounts due under this clause. The Agency shall: i. Stop work as specified in the Notice of Termination. ii. Place no further subcontracts for materials, services, or facilities, except as necessary to complete the continuing portion of the MOU. Revised 6/14118 Page 1 of 5 California Department of Justice Memorandum of Understanding Exhibit B, Miscellaneous Provisions iii. Terminate all subcontracts to the extent they relate to the work terminated. iv. Settle all outstanding liabilities and termination settlement proposals arising from the termination of subcontracts; c. After termination, the Agency shall submit a final termination settlement proposal to the State in the form and with the information prescribed by the State. The Agency shall submit the proposal promptly, but no later than 90 days after the effective date of termination, unless a different time is provided in the Purpose or in the Notice of Termination. d. The Agency and the State may agree upon the whole or any part of the amount to be paid as requested under subsection (c) above. e. Unless otherwise set forth in the Purpose if the Agency and the State fail to agree on the amount to be paid because of the termination for convenience, the State will pay the Agency the following amounts; provided that in no event will total payments exceed the amount payable to the Agency if the MOU had been fully performed: i. The MOU price for Deliverables or services accepted or retained by the State and not previously paid for, adjusted for any savings on freight and other charges; and ii. The total of: A. The reasonable costs incurred in the performance of the work terminated, including initial costs and preparatory expenses allocable thereto, but excluding any cost attributable to Deliverables or services paid or to be paid; B. The reasonable cost of settling and paying termination settlement proposals under terminated subcontracts that are properly chargeable to the terminated portion of the MOU; and C. Reasonable storage, transportation, demobilization, unamortized overhead and capital costs, and other costs reasonably incurred by the Agency in winding down and terminating its work. f. The Agency will use generally accepted accounting principles, or accounting principles otherwise agreed to in writing by the parties, and sound business practices in determining all costs claimed, agreed to, or determined under this clause. 4. INDEMNIFICATION: The Agency agrees to indemnify, defend and save harmless the State, its officers, agents and employees from any and all third party claims, costs (including without limitation reasonable attorneys' fees), and losses due to the injury or death of any individual, or the loss or damage to any real or tangible personal property, resulting from the willful misconduct or negligent acts or omissions of the Agency or any of its affiliates, agents, subcontractors, employees, suppliers, or laborers furnishing or supplying work, services, materials, or supplies Revised 6/14/18 Page 2 of 5 California Department of Justice Memorandum of Understanding Exhibit B, Miscellaneous Provisions in connection with the performance of this MOU. Such defense and payment will be conditional upon the following: a. The State will notify the Agency of any such claim in writing and tender the defense thereof within a reasonable time; and b. The Agency will have sole control of the defense of any action on such claim and all negotiations for its settlement or compromise; provided that (i) when substantial principles of government or public law are involved, when litigation might create precedent affecting the future State operations or liability, or when involvement of the State is otherwise mandated by law, the State may participate in such action at its own expense with respect to attorneys' fees and costs (but not liability; (ii) where a settlement would impose liability on the State, affect principles of California government or public law, or impact the authority of the State, the State will have the rights to approve or disapprove any settlement or compromise, which approval will not unreasonably be withheld or delayed; and (iii) the State will reasonably cooperate in the defense and in any related settlement negotiations. 5. CONFIDENTIALITY OF DATA: All financial, statistical, personal, technical and other data and information relating to the State's operation which are designated confidential by the State and made available to the Agency in order to carry out this MOU, or which become available to the Agency in carrying out this MOU, shall be protected by the Agency from unauthorized use and disclosure through the observance of the same or more effective procedural requirements as are applicable to the State. If the methods and procedures employed by the Agency for the protection of the Agency data and information are deemed by the State to be adequate for the protection of the State's confidential information, such methods and procedures may be used, with the written consent of the State, to carry out the intent of this paragraph. The Agency shall not be required under the provisions of this paragraph to keep confidential any data or information which is or becomes publicly available, is already rightfully in the Agency's possession without obligation of confidentiality, is independently developed by the Agency outside the scope of this MOU, or is rightfully obtained from third parties. 6. NEWS RELEASES: Unless otherwise exempted, news releases, endorsements, advertising, and social media content pertaining to this MOU shall not be made without prior written approval of the DOJ. 7. MOU MODIFICATION: No amendment or variation of the terms of this MOU shall be valid unless made in writing, signed by the parties and approved as required. No oral understanding or agreement not incorporated in the MOU is binding on any of the parties. Revised 6114118 Page 3 of 5 California Department of Justice Memorandum of Understanding Exhibit B, Miscellaneous Provisions 8. CHANGE MANAGEMENT PROCESS: Each agency agrees to notify the other agency in advance of any changes associated with this MOU, including technical or system changes, that will affect or impact either the business or technical environment of either agency. This may include any scheduled maintenance periods, or emergency maintenance; disconnection or suspension of the service by either agency party; modifications to agreed upon configurations or outages. Contacts for such notification are listed in the Responsible Parties section of the MOU. 9. RULES OF BEHAVIOR: All agency systems and users are expected to protect DOJ's Law Enforcement Network and associated information, in accordance with the Privacy Act and Trade Secrets Act (18 U.S Code 1905), the Unauthorized Access Act (18 U.S. Code 2701 and 2710), the California Information Practices Act of 1977 (Civil Code 1798), and the State Administrative Manual Chapter 5300 - 5365.3. 10. ISSUE RESOLUTION PROCEDURE: If the Agency or DOJ has a concern regarding the services, deliverables, invoicing, or MOU terms and conditions which cannot be informally resolved, the Agency or DOJ will document their concern and advise the responsible parties. Once an issue has been identified, a meeting will take place within thirty (30) calendar days, between the Agency and the DOJ to discuss and resolve the issue. If an agreement cannot be reached, all information pertaining to the issue shall be elevated to the Executive Management of the Agency and DOJ. Contacts for such notification are listed in the Responsible Parties section of the MOU. Agency and DOJ agree that they will continue to carry out all their MOU responsibilities that are not affected by the issue. 11. DISPUTES: a. The parties shall deal in good faith and attempt to resolve potential disputes informally. If the dispute persists, the Agency shall submit to the DOJ Division Chief or designee a written demand for a final decision regarding the disposition of any dispute between the parties arising under, related to or involving this MOU. The Agency's written demand shall be fully supported by factual information, and if such demand involves a cost adjustment to the MOU, the MOU shall include with the demand a written statement signed by an authorized person indicating that the demand is made in good faith, that the supporting data are accurate and complete and that the amount requested accurately reflects the MOU adjustment for which the Agency believes the Revised 6114118 Page 4 of 5 California Department of Justice Memorandum of Understanding Exhibit B, Miscellaneous Provisions State is liable. The DOJ Division Chief or designee shall have 30 days after receipt of the Agency's written demand invoking this Section "Disputes" to render a written decision. Revised 6/14/18 Page 5 of 5 California Department of Justice EXHIBIT D COSTS AND PAYMENT METHOD Invoicing Memorandum of Understanding Exhibit D, Costs and Payment Method The MOU costs will be billed annually. Invoices shall be sent to the Agency in advance for the purchase of all items including but not limited to software licenses, equipment, and communication costs. Agency agrees to pay DOJ for services thirty (30) days upon receipt of a DOJ invoice for costs described in the DOJ Services and Support Costs table below. Costs for JusticeMDM: Description -- T Quantity MDM Licenses) including maintenance and - + associated hardware costs for each year 140 I MDM License(s) and AirWatch Secure Content Locker License(s) including maintenance and associated hardware costs for each year Virtual Private Networking/Advanced Authentication/MDM License(s) including maintenance and associated hardware costs for ear one N N cost per Device Total License* I $30.00 $60.00 $90.00 $4,200.00 A W Virtual Private Networking/Advanced Authentication/MDM License(s) including 0 $40.00 0 maintenance and associated hardware costs for one year renewal Total 140 $4,200.00 *Software license and maintenance cost can fluctuate therefore, the costs above are an estimate. An annual Security Review of system setup and configuration is provided at no i charge. 1 Total Reimbursement Amount: Custom and additional services are available upon request. The cost of these additional services will be determined on an individual basis. To obtain additional services, Agency will submit a written request to the JusticeMobile@doj.ca.gov. Revised 6/14/2018 Page 1 of 2 California Department of Justice Memorandum of Understanding Exhibit D, Costs and Payment Method Agency can increase the number of licenses at any time during the MOU term by submitting a written request to ITCPU at ITMOU@doj.ca.gov with a copy to: justicemobile@doj.ca.gov. Send all requests for invoicing and general questions related to this MOU to: Department of Justice IT Contracts & Procurement Unit Attention: Lisa Saucedo 4949 Broadway, Room D-232 Sacramento, CA 95820 Or email to: ITMOU(a)-doi.ca.gov All invoices should be billed to/mailed to the following address: City of San Rafael 1400 Fifth Avenue San Rafael, CA 94901 ATTN: Information Technology For billing questions, contact Gus Bush at 415-458-5302 or gus.bush(D-Cityofsanrafael.org. Revised 6/14/2018 Page 2 of 2 California Department of Justice EXHIBIT E BREACH RESPONSE Memorandum of Understanding Exhibit E, Breach Response Discovery of Breach. Agency agrees to notify DOJ immediately by telephone call plus email or fax upon the discovery of any breach of security of any files containing classified criminal justice data (in whatever form, paper or electronic) if the data involved was, or is reasonably believed to have been, acquired by an unauthorized person, or within 24 hours by email or fax of the discovery of any suspected security incident, intrusion or unauthorized use or disclosure of files containing classified criminal justice data in violation of this MOU or potential loss of confidential data affecting this MOU. Notification shall be provided to the DOJ Program and Technical Manager, the DOJ Information Security Officer and the DOJ Chief Information Officer. If the incident occurs after business hours or on a weekend or holiday and involves electronic data, notification shall be provided by contacting the DOJ Information Security Officer. DOJ shall take: I. Prompt corrective action to mitigate any risks or damages involved with the breach and to protect the operating environment and II. Any action pertaining to such unauthorized disclosure required by applicable Federal and State laws and regulations. 2. Investigation of Breach. Agency shall immediately investigate such security incident, breach, or unauthorized use or disclosure of criminal justice data or any other confidential data. Within 72 hours of the discovery, Agency shall notify the DOJ Program and Technical Manager, the DOJ Information Security Officer and the DOJ Chief Information Officer of: I. The data elements involved and the extent of the data involved in the breach, II. A description of the unauthorized persons known or reasonably believed to have improperly used or disclosed confidential data, III. A description of where the confidential data is believed to have been improperly transmitted, sent, or utilized, IV. A description of the probably causes of the improper use or disclosure; and V. Whether Civil Code sections 1798.29 or 1798.82 or any other federal or state laws requiring individual notifications of breaches are triggered. 3. Written Report. Agency shall provide a written report of the investigation to the DOJ Program and Technical Manager, the DOJ Information Security Office and the DOJ Chief Information Officer within ten (10) working days of the discovery of the breach or unauthorized use or disclosure. The report shall include, but not be limited to, the Revised 6/14/2018 -- Page 1 of 2 California Department of Justice Memorandum of Understanding Exhibit E, Breach Response information specified above, as well as a full, detailed corrective action plan, including information on measures that were taken to halt and/or contain the improper use or disclosure. I. A description of the unauthorized persons known or reasonably believed to have improperly used or disclosed confidential data, II. A description of where the confidential data is believed to have been improperly transmitted, sent, or utilized, III. A description of the probable causes of the improper use or disclosure; and IV. Whether Civil Code sections 1798.28 or 1798.82 or any other federal or state laws requiring individual notifications of breaches are triggered. Name, Title, Agency Business Address Email Todd Ibbotson, DOJ 4949 Broadway Information Sacramento, DOJISO@doj.ca.gov Security CA 95820 Officer Joe Dominic, DOJ Chief 4949 Broadway Information Sacramento, CIOApproval@doj.ca.gov Officer CA 95820 Revised 6/14/2018 Page 2 of 2 XA RAFq�I i 2 0 �'Ty WITH P CONTRACT ROUTING FORM INSTRUCTIONS: Use this cover sheet to circulate all contracts for review and approval in the order shown below. TO BE COMPLETED BY INITIATING DEPARTMENT PROJECT MANAGER: Contracting Department: Information Technology Project Manager: Gus Bush Extension: x5302 Contractor Name: CA Department of Justice Contractor's Contact: Lisa Saucedo Contact's Email: ITMOU@doj.ca.gov ❑ FPPC: Check if Contractor/Consultant must file Form 700 Step �WY RESPONSIBLE DEPARTMENT 1 { Project Manager 2 City Attorney 3 Project Manager 4 1 Project Manager I PRINT t 5 Project Manager 6 City Attorney 7 City Attorney 8 City Manager/ Mayor 9 J City Clerk Z4 -.2i-T+D DESCRIPTION a. Email PINS Introductory Notice to Contractor b. Email contract (in Word) & attachments to City Atty c/o Laraine.Gittens@cityofsanrafael.org a. Review, revise, and comment on draft agreement and return to Project Manager b. Confirm insurance requirements, create Job on PINS, send PINS insurance notice to contractor Forward three (3) originals of final agreement to contractor for their signature When necessary, * contractor -signed agreement agendized for Council approval *PSA > $20,000; or Purchase > $35,000; or Public Works Contract > $125,000 Date of Council approval CONTINUE ROUTING PROCESS WITH HARD COPY Forward signed original agreements to City Attorney with printed copy of this routing form Review and approve hard copy of signed agreement Review and approve insurance in PINS, a d bonds 0) (for Public Works Contracts) A -- Agreement executed by Council authorized official Attest signatures, retains original agreement and forwards copies to Project Manager COMPLETED DATE N/A REVIEWER Check/Initial GB 8/16/2018 lZ 8/17/2018 ® LG 8/17/2018 ® LG N/A Click here to ❑ enter a date. ❑ N/A Or ❑ GiCK here to enter a date.