HomeMy WebLinkAboutSanta Clara County - 2010 Agreement for CJIC System Network Services - Amendment No. 2
..
Your Technology Partner
1555 Berger Drive, Bldg. 2
San Jose, California 95112-2704
(408) 299-3611 Fax 286-6289
County of Santa Clara
Office of the County Executive
Information Services Department
SECOND AMENDMENT TO AGREEMENT FOR NETWORK SERVICES BILLING FOR ACCESS TO
GILROY POLICE DEPARTMENT
WHEREAS the County of Santa Clara (hereinafter "County") and the Gilroy Police Department
(hereinafter "Gilroy Police Department") entered into an Agreement for Criminal Justice
Information Teleprocessing Services on July 1, 2010 (hereinafter "Agreement").
WHEREAS the Agreement expressly provides that the Agreement may only be amended by
written agreement signed by the County and the Gilroy Police Department.
WHEREAS the County and Gilroy Police Department wish to amend the Agreement to add
"Exhibit A" - Vendor Remote Access Agreements.
NOW THEREFORE in consideration of the mutual covenants and promises herein contained,
the parties agree to the following:
The Agreement is amended as follows: EXHIBIT A, "Vendor Remote Access
Agreements," is added to the Agreement in its entirety.
IN WITNESS WHEREOF, the parties have executed this First Amendment as follows:
Date 7 /-:M to
/ /
Police Department I L_I.
ate~
Approved By:
Date~
Approved as to Form and Legality:
Date J r { <(cD
FY2009 - FY20 I 0 Agreement for Criminal Justiee Information Network Services Billing Second Amendment
Second Amendment to Agreement between the County of Santa Clara and Gilroy Poliee Department
Board of Supervisors: Donald F. Gage, Ken Yeager, Liz Kniss, Dave Cortese, George Shirakawa
County Executive: Jeffrey V. Smith
EXHIBIT A - VENDOR REMOTE ACCESS AGREEMENTS
Amendment to Agreement by and Between GILROY POLICE DEPARTMENT and COUNTY
OF SANTA CLARA
This is the Second Amendment to the Agreement between the COUNTY OF SANTA CLARA
(County) and Gilroy Police Department (Contractor) relating to Network Services Billing.
WHEREAS, County and Contractor entered into an Agreement effective July 1, 2010,
whereupon County provided services for Network Services Billing; and
WHEREAS, County and Contractor desire to amend the Agreement to describe the conditions
and limitations on Contractor's Remote Access to County information technology systems,
networks and related infrastructure.
NOW THEREFORE the parties agree to amend the Agreement by the addition of the following
provisions relating to Contractor's Remote Access to County information technology systems,
networks and related infrastructure, and this Amendment shall be effective as of the date both
parties sign this Amendment.
1. Scope of Access
a. "Remote Access" is the act of accessing County of Santa Clara ("County") systems from a
non-County network infrastructure. "Systems" include personal computers, workstations,
servers, mainframes, phone systems, and/or any device with network capabilities (e.g., a
workstation with an attached modem, routers, switches, laptop computers, handheld devices).
b. County hereby grants Remote Access privileges for Contractor to access the following
County systems, at the locations listed, collectively referred to as "IS," in accordance with the
terms of the Agreement:
County Systems: Criminal Justice Information Control (CJIC)
c. All other forms of access to the named Systems, or to any County System that is not
specifically named, is prohibited.
d. Remote Access is granted for the purpose of Contractor providing services and performing its
obligations as set forth in the Agreement including, but not limited to, supporting Contractor-
installed programs. Any access to IS and/or County data or information that is not specifically
authorized under the terms of this Agreement is prohibited and may result in contract
termination and any penalty allowed by law.
e. County will review the scope of Contractor's Remote Access rights periodically. In no
instance will Contractor's Remote Access rights be reduced, limited or modified in a way that
prevents or delays Contractor from performing its obligations as set forth in the Agreement. Any
modifications to Remote Access rights must be mutually agreed to in writing by County and
Contractor.
FY2009 - FY20 I 0 Agreement for Criminal Justice Information Network Services Billing Second Amendment
Second Amendment to Agreement between the County of Santa Clara and Gilroy Police Department
Boan! of Supervisors: Donald F. Gage, Ken Yeager, Liz Kniss, Dave Cortese, George Shirakawa
County Executive: Jeffrey V. Smith
2. Security Requirements
a. Contractor will not install any Remote Access capabilities on any County owned or managed
system or network unless such installation and configuration is approved in writing by County's
and Contractor's respective designees.
b. Contractor may only install and configure Remote Access capabilities on County systems or
networks in accordance with industry standard protocols and procedures, which must be
reviewed and approved by County's designee.
c. Contractor will only Remotely Access County systems, including access initiated from a
County system, if the following conditions are met:
1. Contractor will submit documentation verifying its own network security mechanisms
to County for County's review and approval. The County requires advanced written
approval of Contractor's security mechanisms prior to Contractor being granted Remote
Access.
2. Contractor Remote Access must include the following minimum control mechanisms:
A. Two-Factor Authentication: An authentication method that requires two of the
following three factors to confirm the identity of the user attempting Remote
Access. Those factors include: 1) something you possess (e.g., security token
and/or smart card); 2) something you know (e.g., a personal identification
number (PIN)); or 3) something you are (e.g., fingerprints, retina scan). The
only exceptions are County approved County site to Contractor site Virtual
Private Network (VPN) infrastructure.
b. Centrally controlled authorizations (permissions) that are user specific (e.g.,
access lists that limit access to specific systems or networks).
c. Audit tools that create detailed records/logs of access attempts.
d. All Contractor systems used to Remotely Access County systems must have
industry-standard anti-virus and other security measures that might be required
by the County (e.g., software firewall) installed, configured, and activated.
e. Access must be established through a centralized collection of hardware and
software centrally managed and controlled by County's and Contractor's
respective designees.
3. Monitoring/Audit
County will monitor access to, and activities on, County owned or managed systems and
networks, including all Remote Access attempts. Data on all activities will be logged on a
County managed system and will include the date, time, and user identification.
4. Copying, Deleting or Modifying Data
Contractor is prohibited from copying, modifying, or deleting any data contained in or on any
County IS unless otherwise stated in the Agreement or unless Contractor receives prior written
approval from County. This does not include data installed by the Contractor to fulfill its
obligations as set forth in the Agreement.
FY2009 - FY20 I 0 Agreement for Criminal Justice Information Network Services Billing Second Amendment
Second Amendment to Agreement between the County of Santa Clara and Gilroy Poliee Department
Board of Supervisors: Donald F. Gage, Ken Yeager, Liz Kniss, Dave Cortese, George Shirakawa
County Executive: Jeffrey V. Smith
5. Connections to Non-County Networks and/or Systems
Contractor agrees to make every effort to protect County's data contained on County owned
and/or managed systems and networks within Contractor's control from unauthorized access.
Prior written approval is required before Contractor may access County networks or systems
from non-County owned and/or managed networks or systems. Such access will be made in
accordance with industry standard protocols and procedures as mutually agreed upon and will
be approved in writing by County in a timely manner. Remote Access must include the control
mechanisms noted in Paragraph 2.c.2 above.
6. Person Authorized to Act on Behalf of Parties
The following persons are the designees for purposes of this Agreement:
Contractor: Title/ Designee
County: Title/ Designee Jovce Wino. Chief Information Officer
Either party may change the aforementioned names and or designees by providing the other
party with no less than three (3) business day's prior written notice.
7. Remote Access Provisions
Contractor agrees to the following:
a. Only staff providing services or fulfilling Contractor obligations under the Agreement will be
given Remote Access rights.
b. Any access to IS and/or County information that is not specifically authorized under the terms
of this Agreement is prohibited and may result in contract termination and any other penalty
allowed by law.
c. An encryption method reviewed and approved by the County will be used. County is solely
responsible and liable for any delay or failure of County, as applicable, to approve the
encryption method to be used by Contractor where such delay or failure causes Contractor
to fail to meet or perform, or be delayed in meeting or performing, any of its obligations
under the Agreement.
d. Contractor will be required to log all access activity to the County. These logs will be kept for
a minimum of 90 days and be made available to County no more frequently than once every
90 days.
8. Remote Access Methods
a. All forms of Remote Access will be made in accordance with mutually agreed upon industry
standard protocols and procedures, which must be approved in writing by the County.
b. A Remote Access Back-Up Method may be used in the event that the primary method of
Remote Access is inoperable.
c. Contractor agrees to abide by the following provisions related to the Primary and (if
applicable) Backup Remote Access Methods selected below. (Please mark appropriate box for
each applicable Remote Access Method; if a method is inapplicable, please check the box
marked N/A).
FY2009 - FY20 I 0 Agreement for Criminal Justice Information Network Serviees Billing Second Amendment
Second Amendment to Agreement between the County of Santa Clara and Gilroy Police Department
Board of Supervisors: Donald F. Gage, Ken Yeager, Liz Kniss, Dave Cortese, George Shirakawa
County Executive: Jeffrey V. Smith
1. VPN Site-to-Site }S. Primary Backup N/A
The VPN Site-to-Site method involves a VPN concentrator at both the vendor site and at
the County, with a secure "tunnel" opened between the two concentrators. If using the
VPN Site-to-Site Method, Contractor support staff will have access to the designated
software, devices and systems within the County, as specified above in Paragraph 1.b,
from selected network-attached devices at the vendor site.
2. VPN Client Access Primary Backup X N/A
In the VPN Client Access method, a VPN Client (software) is installed on one or more
specific devices at the Contractor site, with Remote Access to the County (via a County
VPN concentrator) granted from those specific devices only.
A CryptoCard will be issued to the Contractor in order to authenticate Contractor staff
when accessing County IS via this method. The Contractor agrees to the following when
issued a CryptoCard authentication device:
a. Because the CryptoCard allows access to privileged or confidential information
residing on the County's IS, the Contractor agrees to treat the CryptoCard as it
would a signature authorizing a financial commitment on the part of the
Contractor.
b. The CryptoCard is a County-owned device, and will be labeled as such. The
label must remain attached at all times.
c. The CryptoCard must be kept in a secured environment under the direct control
of the Contractor, such as a locked office where public or other unauthorized
access is not allowed.
d. If the Contractor's remote access equipment is moved to a non-secured site,
such as a repair location, the CryptoCard will be kept under Contractor control.
e. The CryptoCard is issued to an individual employee of the Contractor and may
only be used by the designated individual.
f. If the CryptoCard is misplaced, stolen, or damaged, the Contractor will notify
County by phone within one (1) business day.
g. Contractor agrees to use the CryptoCard as part of its normal business
operations and for legitimate business purposes only.
h. The CryptoCard will be issued to Contractor following execution of this
Agreement. The CryptoCard will be returned to the County's designee within five
(5) business days following contract termination, or upon written request of the
County for any reason. Contractor will notify County's designee within one
working day of any change in personnel affecting use and possession of the
CryptoCard. Contractor will obtain the CryptoCard from any employee who no
longer has a legitimate need to possess the CryptoCard. Lost or non-returned
CryptoCards will be billed to the Contractor in the amount of $300 per card.
i. Contractor will not store password documentation or PINs with CryptoCards.
j. Contractor agrees that all employees, agents, contractors, and subcontractors
who are issued the CryptoCard will be made aware of the responsibilities set
forth in this Agreement in written form. Each person having possession of a
CryptoCard will execute this Agreement where indicated below certifying that
they have read and understood the terms of this Agreement.
FY2009 - FY2010 Agreement for Criminal Justice Information Network Services Billing Second Amendment
Second Amendment to Agreement between the County of Santa Clara and Gilroy Police Department
Board of Supervisors: Donald F. Gage, Ken Yeager, Liz Kniss, Dave Cortese, George Shirakawa
County Executive: Jeffrey V. Smith
3. County-Controlled VPN Client Access 0 Primary 0 Backup >s. N/A
This form of Remote Access is similar to VPN Client access, except that the County will
maintain control of the CryptoCard authentication token and a PIN number will be
provided to the Contractor for use as identification for Remote Access purposes. When
the Contractor needs to access County IS, the Contractor must first notify the County's
designee.
The County's designee will verify the PIN number provided by the Contractor. After
verification of the PIN the County's designee will give the Contractor a one-time
password which will be used to authenticate Contractor when accessing the County's IS.
Contractor agrees to the following:
a. Because the PIN number allows access to privileged or confidential information
residing on the County's IS, the Contractor agrees to treat the PIN number as it
would a signature authorizing a financial commitment on the part of the
Contractor.
b. The PIN number is confidential, County-owned, and will be identified as such.
c. The PIN number must be kept in a secured environment under the direct control
of the Contractor, such as a locked office where public or other unauthorized
access is not allowed.
d. If the Contractor's remote access equipment is moved to a non-secured site,
such as a repair location, the PIN number will be kept under Contractor control.
e. The PIN number can only be released to an authorized employee of the
Contractor and may only be used by the designated individual.
f. If the PIN number is compromised or misused, the Contractor will notify the
County's designee within one (1) business day.
g. Contractor will use the PIN number as part its normal business operations and
for legitimate business purposes only. Any access to IS and/or County data
information that is not specifically authorized under the terms of this Agreement
is prohibited and may result in contract termination and any other penalty allowed
bylaw.
h. The PIN number will be issued to Contractor following execution of this
Agreement.
i. The PIN number will be inactivated by the County's designee within five (5)
business days following contract termination, or as required by the County for
any reason.
4. Manually Switched Dialup Modem 0 Primary 0 Backup X N/A
Although not generally used, the Contractor may be provided Remote Access to County
IS using a dialup modem. Contractor agrees to the following if using Switched Dialup
Modem access:
a. Contractor will use reasonable efforts to notify the County's Technical Services
Manager or designee at least ~ hour prior to access to allow County to activate
the Switched Dialup Modem connection. Contractor will give the estimated time
that the connection will be required, and specify when the access can be
deactivated by County.
FY2009 - FY20 I 0 Agreement for Criminal Justice Information Network Services Billing Second Amendment
Seeond Amendment to Agreement between the County of Santa Clara and Gilroy Police Department
Boan! of Supervisors: Donald F. Gage, Ken Yeager, Liz Kniss, Dave Cortese, George Shirakawa
County Executive: Jeffrey V. Smith
b. County acknowledges that Contractor may not be able to provide certain of its
services (including, but not limited to, implementation services, maintenance and
support (including Standard Support Services) and training services) using a
Switched Dialup Modem connection.
c. County is solely responsible and liable for any inability or delay in Contractor
performing its obligations under the Agreement where such inability or delay is
caused by the use of a Switched Dialup Modem connection.
CONTRACTOR:
[TYPE NAME HERE]
Date:
[TITLE]
CONTRACTOR:
[TYPE NAME HERE]
Date:
[TITLE]
CONTRACTOR:
[TYPE NAME HERE]
Date:
[TITLE]
CONTRACTOR:
[TYPE NAME HERE]
Date:
[TITLE]
CONTRACTOR:
[TYPE NAME HERE]
Date:
[TITLE]
FY2009 - FY20 I 0 Agreement for Criminal Justice Information Network Services Billing Second Amendment
Second Amendment to Agreement between the County of Santa Clara and Gilroy Police Department
Board of Supervisors: Donald F. Gage, Ken Yeager, Liz Kniss, Dave Cortese, George Shirakawa
County Executive: Jeffrey V. Smith