Commonwealth of Massachusetts Massachusetts Office of Information Technology One Ashburton Place, Suite 1601 Boston, Massachusetts 02108-1552
Massachusetts Office Of Information Technology Professional Services For IBM Software Installation and Configuration and Testing of Database Monitoring/Threat Assessment (Guardium), Master Data Management (Initiate), Test Data Management (Optim), Reporting Tool (Cognos) & Activation of Netezza Native Encryption Functionality May 12, 2015 Request For Quote RFQ 15-73 THIS RFQ AND ALL RESPONSES HERETO INCLUDING THE WINNING BID SHALL BECOME PUBLIC RECORD AS OF THE DATE THE CONTRACT REFERENCED HEREIN IS AWARDED, AND CAN BE OBTAINED FROM THE MASSACHUSETTS OFFICE OF INFORMATION TECHNOLOGY, LEGAL UNIT BY SENDING AN EMAIL TO
[email protected]. ANY PORTIONS OF A RESPONSE THAT ARE LABELED AS CONFIDENTIAL WILL STILL BE CONSIDERED PUBLIC RECORD.
Table of Contents I.
GENERAL PROCUREMENT INFORMATION ...................................................................................................... 3
II.
AGENCY .......................................................................................................................................................... 3
III.
DESCRIPTION AND PURPOSE OF PROCUREMENT ....................................................................................... 4 Software Installation, Configuration and Test Activities (DEV Environment): .......................................................4 Software Installation Configuration and Test Activities (PROD Environment): .....................................................4 Activation of Native Netezza Encryption Functionality (DEV Environment): .........................................................4 Activation of Native Netezza Encryption Functionality (PROD Environment): .......................................................5
IV.
ORDER OF PRECEDENCE ............................................................................................................................. 6
V.
EVENT CALENDAR .......................................................................................................................................... 6
VI.
SUBMISSION REQUIREMENTS .................................................................................................................... 7
VII.
BIDDER RESPONSES .................................................................................................................................... 7 Timeframe .............................................................................................................................................................8 Bidder’s Experience ................................................................................................................................................8 Statement of Work ................................................................................................................................................8 Business/Commonwealth References ....................................................................................................................8 Personnel Resumes/CVs .........................................................................................................................................8 Commonwealth Resources Required .....................................................................................................................9 Assumptions...........................................................................................................................................................9
VIII.
REVIEW RIGHTS ........................................................................................................................................ 10
IX.
EVALUATION CRITERIA ............................................................................................................................. 10
ATTACHMENT A: STATEMENT OF WORK ............................................................................................................. 11 EXHIBIT I: INTELLECTUAL PROPERTY AND WORK EFFORT AGREEMENT FOR VENDOR’S EMPLOYEES, CONSULTANTS, AND AGENTS ................................................................................................................. 30 EXHIBIT II: WORKPLACE POLICIES .......................................................................................................... 33 ATTACHMENT B: COST RESPONSE TABLES ........................................................................................................... 41
Page 2 of 47
I.
General Procurement Information
Purchasing Department:
Massachusetts Office of Information Technology (MassIT)
Address:
One Ashburton Place, Rm 1601 Boston, Massachusetts 02108
Procurement Contact:
Elaine Gallant
Telephone:
(617) 626-4483
E-Mail Address:
[email protected]
RFQ File Number and Title: RFQ 15-73 Professional Services for the Installation, Configuration, and Testing of IBM Software, Including Database Monitoring (Guardium), Master Data Management (Initiate), Test Data Management (Optim), Reporting Tool (Cognos10) Implementations & Activation of Netezza Encryption Functionality Attachments:
Attachment A – Statement of Work Exhibit I – Intellectual Property & Work Effort Agreement Exhibit II - Workplace Policies Attachment B- Cost Response Tables 6 and 7
This Request for Quotes (RFQ) does not commit the Commonwealth of Massachusetts (Commonwealth) or the Massachusetts Office of Information Technology (MassIT) to approve a Statement of Work (SOW), pay any costs incurred in the preparation of a bidder’s response to this RFQ or to procure or contract for products or services. MassIT reserves the right to accept or reject any and all proposals received as a result of this RFQ and to contract for some, all or none of the products and services as a result of this RFQ. MassIT further reserves the right to negotiate with any or all qualified bidders and to cancel in part or in its entirety this RFQ if it is in the best interest of MassIT or the Commonwealth of Massachusetts to do so. MassIT reserves the right to amend this RFQ at any time prior to the date the responses are due. Any such amendment will be emailed. This RFQ is restricted to vendors on the following statewide contract: ITS53ITProjectServices
II.
Agency
The Massachusetts Office of Information Technology (MassIT) is responsible for the provision of infrastructure services, development of IT policy, and implementation and oversight of all information technology investments for the Commonwealth and its respective agencies. In addition, MassIT provides the processing and application programming services for many state departments using some of the most advanced hardware and software available. The ITS53 vendor team will report to Elaine Gallant, Business Systems Manager, at MassIT. The project shall be managed in accordance with Section 7 “Project Management” of the SOW.
Page 3 of 47
III.
Description and Purpose of Procurement
A. Description of Requested Software and Professional Services On behalf of the Commonwealth of Massachusetts, the Massachusetts Office of Information Technology (MassIT) is seeking bids from qualified vendors to provide installation, configuration and testing services for the following IBM software: Database Monitoring/Threat Assessment (Guardium and includes Guardium collector appliances), Master Data Management (Initiate), Test Data Management (Optim) and Cognos10. The winning bidder will also activate Netezza encryption functionality. The software will support two database environments: Netezza Striper and SQL Server. All work is to be performed at MassIT, One Ashburton Place, Boston, MA and, if needed, at the Massachusetts Information Technology Center (“MITC”), 200 Arlington Street, Chelsea, MA. All preparation work will be performed during normal business hours but cutover to production environments will be off-hours. Detail activities and priorities will be determined by the Director of Enterprise Application Services, but the general areas include, but are not limited to: Software Installation, Configuration and Test Activities (DEV Environment):
Providing an implementation roadmap and detail plan identifying inter-team dependencies
Providing a risk mitigation plan
Stand-up of the Guardium collection appliances o
Includes validating that the Guardium collectors currently in place are sufficient to meet both TwinFin and Striper requirements. If not, the purchase and stand-up an additional collector will be required.
Implementing data activity monitoring and vulnerability assessment software on the Netezza TwinFin.
Planning, conducting and, installing and configuring and implementing [use a word to sum up all the software]
Working with aligned internal resource to develop a comprehensive test plan for each installation and configuration
Validating that all software is configured and performing as expected in the DEV environment
Providing post-installation and configuration process review and lessons-learned knowledge transfer
Software Installation Configuration and Test Activities (PROD Environment):
Repeat DEV activities listed above
System testing according to comprehensive test plans and validation that all software is configured and performing in accordance with product documentation.
Pre-deployment process review and lessons-learned knowledge transfer
Deployment and sign-off
Post-deployment process review and lessons-learned knowledge transfer
Delivery of deployment documentation
Activation of Native Netezza Encryption Functionality (DEV Environment):
Providing a detail task and risk mitigation plan
Page 4 of 47
Conducting activation and configuration activities
Working with aligned internal resource to develop comprehensive test plans for target users and/or systems
Validation that encryption is configured and performing as expected in the DEV environment
Post-installation, configuration, and test process review and lessons-learned knowledge transfer
Activation of Native Netezza Encryption Functionality (PROD Environment):
Repeat DEV activities
System testing according to comprehensive test plans and validation that all software is configured and performing in accordance with product documentation.
Pre-activation process review
Deployment and sign-off
Delivery of deployment documentation
*We will be leveraging the Netezza TwinFin, which will already have Guardium and native encryption in place, as the Striper DEV environment. B. Contractor Qualifications: MassIT welcomes responses by individuals and organizations that are vendors on the ITS53ITProjectServices contract (solutions providers and technical specialists). Bidders’ responses must identify a lead project coordinator and all proposed project team members. oth lead project coordinators and individual team members must possess the following qualifications:
A Bachelor’s Degree in Computer Science, Information Technology, Systems Engineering or a related field
Netezza certified with a minimum of five years of providing Netezza support in a virtualized environment
A minimum of three years’ experience with Netezza native encryption
A minimum of three years of direct, hands-on experience with data monitoring, TDM and MDM installation and configurations in the Netezza environment and with at least two of those years supporting Guardium collection appliances.
Cognos certified with a minimum of two years’ hands-on experience with Cognos10 installation and configurations.
Knowledge of SQL-based relational and data warehousing dimensional databases required
An understanding of ETL processing is required and Informatica experience desirable
A proven track record of project planning and risk assessment/mitigation experience
Strong management, leadership, communication, team building and teaching skills desired
As part of the Bidder’s Business and Technical Response, Bidders must complete Tables 1 and 2 below with the respective details. The successful Bidder will perform installation, configuration, and testing of the new/upgraded software to achieve the required configuration requirements listed above. The professional services will be subject to a Statement of Work (“SOW”) in the form attached hereto as Attachment A. Most of the standard terms of the SOW are nonnegotiable (including without limitation
Page 5 of 47
the warranties set forth therein) but the parties will negotiate the specific approach to and timeline for tasks and deliverables. Unless otherwise agreed upon by MassIT and the successful Bidder, the professional services must be completed by 06/30/2015. C. Professional Services The required professional services tasks and deliverables are set forth in the SOW and also in the Cost Response, Attachment B. All deliverables are due by June 15, 2015.
IV.
Order of Precedence
Any contract resulting from this RFQ shall consist of the following documents in the following order of precedence: (1) The Commonwealth’s Terms and Conditions; (2) The Commonwealth’s Standard Form Contract; (3) The Commonwealth’s RFR ITS53 (4) The Bidder’s response thereto; (5) This RFQ 15-73(as it may be amended, including without limitation by amendments to the RFQ, answers to questions received, requests for technical corrections ,clarifications, and requests for best and final offers); (6) Any documents negotiated between the parties under this RFQ 15-73 (7) Bidder’s questions, and responses to Commonwealth requests for technical corrections, clarifications, best and final offers (8) The Bidder’s response to this RFQ 15-73, inclusive of all attachments. D. Term Although the SOW will have an initial term of three (3) months, beginning from the date of its execution by both parties, MassIT reserves the right to extend the term of the SOW for up to one month, as the needs of MassIT require and the parties agree. MassIT will consider renewals based upon the needs of MassIT and the Commonwealth as well as the performance of the Contractors and the availability of funding for the services. E. Payment Each Bidder will be required to submit with its Cost Response the hourly rates for identified in the Cost Response Tables 3,4,5,and 6. In support of its fixed price, the Contractor must provide the calculations of hourly rates, the names of specific individuals and their disciplines, and the number of hours each individual will be billed. This is a fixed price engagement. Payment will be made by MassIT to Contractors only after all work has been completed and the services have been accepted by MassIT.
V. All times in this RFQ are Eastern Standard Time.
Page 6 of 47
Event Calendar
Event Calendar CALENDAR EVENT
DAY
DATE
TIME
Questions Due
Friday
05/15/15
12:00 PM
Answers Posted
Tuesday
05/19/15
12:00 PM
RFQ Responses Due
Wednesday
05/27/15
5:00 PM
Vendor Selection
Thursday
05/28/15
5:00 PM
*Questions must be emailed to
[email protected], with a copy to
[email protected] no later than date and time indicated in the Event Calendar above. . The subject line of the email must read RFQ 15-73 IBM Professional Services [Vendor Name]. It is the bidder’s responsibility to verify the receipt of their questions. All questions and answers will be posted out on Commbuys.
VI.
Submission Requirements
All responses to this RFQ are due no later than the date and time listed in the Event Calendar above or they will not be evaluated. If Bidder has any issues with responding through COMMBUYS, it should contact the COMMBUYS Help Desk at
[email protected] or call during normal business hours (8AM – 5PM Monday – Friday) at 1-888-627-8283 or 617-720-3197. Useful Link:
Job aid on how to submit a quote: http://www.mass.gov/anf/docs/osd/commbuys/create-a-quote.pdf Webcast: How to Locate and Respond to a Bid in CommBuys, will familiarize bidders with CommBuys terminology, basic navigation, and provide guidance for locating bid opportunities in CommBuys and submitting an online quote.
When Bidders are uploading quotes they must make sure the “NO BID” is not activated and they must enter pricing so that “No Charge” is not activated.
VII.
Bidder Responses
Responses should be a straightforward description of the Bidder’s proposed services and should follow the outline described in this Section. Extraneous marketing or promotional materials are discouraged. The Bidder’s Response must include three (3) separate sections:
the Cover Letter; the Business and Technical Response; and the Cost Response
A. Cover Letter As part of its Business and Technical Responses, the Bidder must provide a dated cover letter, signed by an authorized signatory of the Bidder, in which the Bidder states that: (a) it agrees to all the terms of this RFQ (mentioning this RFQ by name and number); and
Page 7 of 47
(b) it will notify all members of its staff (including consultants) who will perform services under this RFQ that they must comply with the workplace policies of MassIT, attached to this RFQ as Attachment C. B. Business and Technical Response Timeframe Bidder must indicate the proposed start date for delivery of the services once a Purchase Order is issued. Unless otherwise agreed upon by MassIT and the successful bidder, all services must be delivered by June 15th, 2015. Bidder’s Experience Bidders must describe relevant previous experience installing, configuring and testing the subject IBM software in similar project environments. Bidder should provide feedback on the completeness of the MassIT proposed approach to the installation, configuration, and testing tasks identified in Table 2 on the SOW. If, based on the Bidder’s Experience, Bidder suggest additional tasks, Bidder shall advise accordingly. Statement of Work As part of its Business and Technical Response, the Bidder must complete the draft of the ITS53 Statement of Work that is attached to this RFQ as Attachment A, including completing Tables 1 and 2, and delineating the specific tasks, deliverables, and review and acceptance processes for each phase of every engagement entered into under the SOW. Except for descriptions of tasks and deliverables, the terms of the SOW are standard and largely non-negotiable. However, all Apparent Successful Bidders will be given the opportunity to finalize the draft SOW with MassIT, at which time the parties will more clearly define the deliverables, milestones, and reporting structure for this project. Attachment A should be completed to the extent relevant and feasible by the Bidder and should be returned as part of the Bidder’s Business and Technical Response. Bidders should clearly indicate any provisions that they deem inapplicable to RFQ 15- 73 or that they wish to try to negotiate with MassIT. Bidders are not required to sign the SOW when they submit it with their Response. NO COSTS SHOULD BE INCLUDED IN THE DRAFT SOW SUBMITTED BY THE BIDDER AS PART OF THE BIDDER’S RESPONSE. DO NOT COMPLETE TABLES 3 or 4 IN THE SOW. A BIDDER WHOSE SOW INCLUDES REFERENCES TO COST WILL BE DISQUALIFIED. Business/Commonwealth References The Bidder must provide contact information for references from three (3) organizations (other than MassIT), for which the Bidder has successfully completed similar services. If the Bidder has provided such services for any Commonwealth agency, a reference from one such agency is required. MassIT may contact some or all of the references provided in conjunction with this RFQ as well as any state or private entities not listed on the Business Reference Form that MassIT is aware that the Bidder has performed services for. Personnel Resumes/CVs The Bidder must provide a resume or CV for each of the Project team members indicated in Attachment D. The suggested limit is no more than four (4) pages per resume.
Page 8 of 47
Commonwealth Resources Required Note that the Commonwealth will provide the Contractor with such access to those facilities as will be required to perform its services under the Contract The Commonwealth will provide, for business use only, office furnishings and supplies, telephones, computers and peripheral devices, computer connections, copy machines, and network access and direct internet access as may be required for the Contractor to perform its work under the Contract. The Contractor’s employees may use Commonwealth facilities, furnishings and supplies only for work to be performed under the Contract. As part of its Business and Technical Response, the Bidder must list any resources the Contractor will need from the Commonwealth, in addition to the resources described above, if any. Bidder shall also provide a list of system requirements (such as servers, databases, programming language, etc.) that Bidder would need prepared in advance of the start date in order to begin work promptly. Assumptions
Bidder must expressly identify any additional assumptions used in pricing the response to this RFQ. C. Cost Response If any cost information is found in the Business and Technical Response, the entire Response will be disqualified. Bidders must provide the hourly rates for the roles in Cost Table 5 attached to the RFQ in Attachment B. A chart showing the names, roles, hourly rates and hours per resource of all Bidder personnel used to calculate the fixed price for all personnel who will provide Professional Services. Although this is a fixed price engagement, MassIT reserves the right to hire the winning Bidder, at the hourly rates included in its bid, and at no more than an aggregate cost for services of $50,000 (including the fixed price cost of the Professional Services), for work closely related to the project described in this RFQ but not specifically described herein. Hourly rates must be all-inclusive, including travel and all other costs and expenses. Bidder must issue a valid quote on vendor letterhead based on the pricing submitted in Tables 4, 5, and 6 that can be used to issue a purchase order. Quotes must be all-inclusive, including all costs and expenses, and be valid for a minimum of ninety (90) days from the date that the response is due. Bidder’s response must include every charge associated with this RFQ. The quote must include the address and contact information for the person to whom the purchase order can be sent. Costs that are not specifically identified in a Response, and not accepted by the Commonwealth as part of the Contract, will not be compensated under the Contract. The Commonwealth will not be responsible for any costs or expenses incurred by Bidders in responding to the RFQ. The Commonwealth will not reimburse travel-related expenses such as airfare, meals, lodging or car rental. The Commonwealth will not make any advance payments regardless of how they are classified (e.g., down payment, start-up costs, deposit, etc.). Any Bidder that offers a prompt pay discount under ITS53 is required to include the same or more favorable discounts in its Response for this engagement.
Page 9 of 47
MassIT reserves the right to request a Best and Final Offer of any Bidder. MassIT is not required to request a BAFO from every or any Bidder. MassIT reserves the right to hire the Contractor, at the hourly rates agreed upon by the parties for work closely related to the Project described in this RFQ, but not specifically described herein.
VIII.
Review Rights
Responses to this RFQ may be reviewed and evaluated by any person(s) at the discretion of MassIT including non-allied and independent consultants retained by MassIT now or in the future, for the sole purpose of obtaining an analysis of responses. Any and all respondents may be asked to further explain or clarify in writing areas of their response during the review process. MassIT retains the right to request further information from respondents.
IX.
Evaluation Criteria
The responses to this RFQ will be evaluated based on the criteria listed below. The criteria are listed in descending order of importance with the most important criteria listed first. The procurement management team reserves the right to remove from further consideration non-responsive bids and those that include attempts by the bidder to alter the Commonwealth’s standard legal terms. 1. 2. 3. 4. 5. 6.
Page 10 of 47
Quality of the Bidder feedback on Table 2 Tasks and Deliverables Vendor qualifications and previous experience Time for delivery Pricing Ability to meet requirements Quality and completeness of written response
ATTACHMENT A: Statement of Work STATEMENT OF WORK BETWEEN THE [NAME AGENCY] AND [NAME RFR VENDOR] FOR THE [NAME PROJECT] 1. INTRODUCTION The following document will serve as a Statement of Work (“SOW”) between the [Agency Name] (“[Agency Abbreviation]”) [of the [Name Parent Agency] and [Vendor Name] (“[Vendor Abbreviation]”) to apply to work on the [Name of System or Project to be Completed] ([Abbreviated Project Name]). The entire agreement (the “Agreement”) between the parties (the “Agreement”) consists of the following documents in the following order of precedence: (1) the Commonwealth Standard Terms and Conditions; (2) the Commonwealth’s Standard Form Contract; (3) Request for Response (“RFR”) RFR ITS53; (4) [Vendor Abbreviation]’s response thereto; (5) the Request for Quotes (“RFQ”) 15-73 [name and date of Agency’s RFQ]; (6) this SOW and any other documents negotiated between the parties under the RFQ; and (7) [Vendor Abbreviation]’s response thereto. 2. DEFINITIONS The terms used in this SOW, unless defined in this SOW or in an amendment made hereto, shall have the meaning ascribed to them in the other documents that constitute the Agreement between the parties. “Deliverable” means any work product that [Vendor Abbreviation] delivers for the purposes of fulfilling its obligations to [Agency Abbreviation] under the terms of the Agreement, including work product that [Vendor Abbreviation] must submit to [Agency Abbreviation] for [Agency Abbreviation]’s approval in accordance with the formal acceptance procedures set forth within the SOW or the Task Order(s) entered into hereunder. “Milestone Payment” means a defined payment amount associated with the completion of a particular Deliverable or set of Deliverables. “Task” means a material activity engaged in by [Vendor Abbreviation] for the purpose of fulfilling its obligations to [Agency Abbreviation] under the terms of the Agreement, which may or may not result in the creation of a Deliverable. “Task Order” means an amendment to this SOW that specifies Tasks, Deliverables, or hourly rate services to be completed by [Vendor Abbreviation] under the terms of this Agreement.
3. OVERVIEW, EFFECTIVE DATE AND TERM
[Provide a high level description of the project.]
This Agreement’s term (the “Term”) begins on the date on that it is executed by both parties (the “Effective Date”) and shall terminate at 5:00 p.m. on [INSERT END DATE] (“Termination Date”). Notwithstanding the foregoing, Sections 5.1 and 5.2 of System Security, Section 11.2 Warranty, and Section 11.3, Title and Intellectual Property Rights [Agency choose other sections that will survive termination] shall survive the termination of the remainder of this SOW. 4. POINTS OF CONTACT 4.1. Single Point of Contact [Vendor Abbreviation] and [Agency Abbreviation] will each assign a single point of contact with respect to this SOW. It is anticipated that the contact person will not change during the Term of this Agreement. In the event that a change is necessary, the party requesting the change will provide prompt written notice to the other. In the event a change occurs because of a nonemergency, two-week written notice is required. For a change resulting from an emergency, prompt notice is required. [Vendor Abbreviation]’s contact person is [Vendor Contact Name and Title], who can be reached at [Vendor Contact Address, phone number(s), email]. [Agency Abbreviation]’s contact is [Agency Contract Name and Title] who can be reached at [Agency Contact Address, phone number(s), email]. 4.2. Subcontractors [Delete provision 4.2, the following provision, if the Vendor is not using subcontractors] [Vendor Abbreviation] shall take full responsibility for project management. [Vendor Abbreviation] shall submit all subcontracts related to work to be performed hereunder for approval by [Agency Abbreviation] within two weeks of the Execution Date of this SOW and within two weeks for any Task Order issued hereunder which entails work by [Vendor Abbreviation] subcontractors. [Vendor Abbreviation] shall ensure that its subcontractor(s) that perform work efforts under this SOW shall comply with all terms of the Agreement. [Vendor Abbreviation] will act as prime contractor for the [Vendor Abbreviations]’s subcontractor (s) and be responsible for the performance of subcontractor. [Vendor Abbreviation] must submit for approval, be responsible for, and pass on all covenants, and warranties, etc. to subcontractor. 5. SYSTEM SECURITY As part of its work efforts under this SOW, [Vendor Abbreviation] will be required to use Commonwealth data and IT resources. For purposes of this work effort, “Commonwealth Data” shall mean data provided by the [Agency Abbreviation] to [Vendor Abbreviation], which may physically reside at a Commonwealth or [Agency Abbreviation] or [Vendor Abbreviation] location. 5.1. Commonwealth Data In connection with Commonwealth Data, [Vendor Abbreviation] will implement commercially reasonable safeguards necessary to: 5.1.1 5.1.2 5.1.3
Page 12 of 47
Prevent unauthorized access to Commonwealth Data from any public or private network; Prevent unauthorized physical access to any information technology resources involved in the development effort; and Prevent interception and manipulation of Commonwealth Data during transmission to and from any servers.
5.2
Commonwealth Personal Data In addition to the above requirements for Commonwealth Data, [Vendor Abbreviation] may be required to use the following Commonwealth personal data under MGL ch. 66A and/or personal information under MGL ch. 93H, or to work on or with information technology systems that contain such data as [here agency should list the categories of such data that the vendor will be required to use] in order to fulfill part of its specified tasks. For purposes of this work effort, electronic personal data and personal information includes data provided by the [Agency Abbreviation] to [Vendor Abbreviation] which may physically reside at a location owned and/or controlled by the Commonwealth or [Agency Abbreviation] or [Vendor Abbreviation]. In connection with electronic personal data and personal information, [Vendor Abbreviation] shall implement the maximum feasible safeguards reasonably needed to: 5.2.1
5.3
Ensure the security, confidentiality and integrity of electronic personal data and personal information; 5.2.2 Prevent unauthorized access to electronic personal data or personal information or any other Commonwealth Data from any public or private network; 5.2.3 Notify [Agency Abbreviation] immediately if any breach of such system or of the security, confidentiality, or integrity of electronic personal data or personal information occurs. 5.2.4 [Vendor Abbreviation] represents that it has executed the EO504 Contractor Certification Form, which is attached hereto as Exhibit B. Software Integrity Controls [Address the following controls if applicable, usually in the case wherein the Vendor will be developing code and migrating that code to a production environment] [Vendor Abbreviation] and [Agency Abbreviation] recognize the serious threat of fraud, misuse, and destruction or theft of data or funding. These threats could be introduced when unauthorized or inappropriate modifications are made to a production system. [Vendor Abbreviation] shall implement the following controls for the purpose of maintaining software integrity and traceability throughout the software creation life cycle, including during development, testing, and production: 5.3.1
[Vendor Abbreviation] shall configure at least two software environments including a development/quality assurance (QA) environment and a production environment.
5.3.2
[Vendor Abbreviation] shall implement a change management procedure to ensure that activities in the development/QA environment remain separate and distinct from the production environment. In particular the change management procedure shall incorporate at least the following: 5.3.2.1 Segregates duties between development and testing of software changes and migration of changes to the production environment; 5.3.2.2 Implements security controls to restrict individuals who have development or testing responsibilities from migrating changes to the production environment. 5.3.2.3 Includes a process to log and review all source control activities.
5.3.3
Page 13 of 47
[Vendor Abbreviation] shall implement a source control tool to ensure that all changes made to the production system are authorized, tested, and approved before migration to the production environment.
5.3.4
[Vendor Abbreviation] shall not make any development or code changes in a production environment.
5.3.5
[Vendor Abbreviation] shall implement additional internal controls as specified in [Agency and Vendor incorporate attachment if relevant].
6. ACCEPTANCE OR REJECTION PROCESS [Vendor Abbreviation] will submit the required Deliverables specified in this SOW, or any Task Order entered into hereunder, to the [Agency Abbreviation] Project Manager for approval and acceptance. [Agency Abbreviation] will review work product for each of the Deliverables and evaluate whether each Deliverable has clearly met in all material respects the criteria established in this Agreement and the relevant Task Order specifications. Once reviewed and favorably evaluated, the Deliverables will be deemed acceptable. Within ten (10) working days of receipt of each Deliverable, the [Agency Abbreviation] Project Manager will notify [Vendor Abbreviation], in writing, of the acceptance or rejection of said Deliverable using the acceptance criteria specified in this Section and associated with the Task or Deliverable specifications in this Agreement. A form signed by [Agency Abbreviation] shall indicate acceptance. [Vendor Abbreviation] shall acknowledge receipt of acceptance forms in writing. Any rejection will include a written description of the defects of the Deliverable. If [Agency Abbreviation] does not respond to the submission of the Deliverable, within five (5) working days of [Agency Abbreviation’s] receipt of each Deliverable, [Vendor Abbreviation] shall provide a reminder notice to the [Agency Abbreviation] Project Manager. If [Agency Abbreviation] fails to reject a Deliverable within five (5) business days after [Agency Abbreviation]’s receipt of the reminder notice, the Task or Deliverable is deemed accepted. If [Agency Abbreviation] rejects a Deliverable, [Vendor Abbreviation] will, upon receipt of such rejection, act diligently to correct the specified defects and deliver an updated version of the Deliverable to the Commonwealth. [Agency Abbreviation] will then have an additional 5 (five) business days from receipt of the updated Deliverable to notify [Vendor Abbreviation], in writing, of the acceptance or rejection of the updated Deliverable. Any such rejections will include a description of the way in which the updated Deliverable fails to correct the previously reported deficiency. Following any acceptance of a Deliverable which requires additional work to be entirely compliant with the pertinent specifications, and until the next delivery, [Vendor Abbreviation] will use reasonable efforts to provide a prompt correction or workaround. 7. PROJECT MANAGEMENT [Vendor Abbreviation] and [Agency Abbreviation] must notify the other party’s Project Managers of any change in the name, address, phone number, fax number, or email address of their respective Project Manager. 7.1. [Agency Abbreviation] Project Manager
[INSERT NAME OF Agency Abbreviation Designed Project Manager, Agency Project Manager Title] (“[Agency Abbreviation]’s Project Manager”) shall perform project management on behalf of [Agency Abbreviation] for this engagement. [Agency Abbreviation]’s Project Manager will:
Page 14 of 47
7.1.1
Work closely with [Vendor Abbreviation] Project Manager to ensure successful completion of the project.
7.1.2
Consult with [Vendor Abbreviation] Project Manager to develop the Project Management Plan.
7.1.3
Review weekly status reports and schedule weekly meetings with [Vendor Abbreviation], as necessary.
7.1.4
Coordinate participation from [name other agencies and/or vendors] as required during the engagement.
7.1.5
Acquire [Agency Abbreviation] project team members as needed.
7.1.6
Coordinate [Agency Abbreviation]’s review of the Deliverables and sign an acceptance form to signify acceptance for each accepted Deliverable.
[Agency Abbreviation]’s Project Manager reports to [name and title], who reports to [name and title][repeat this phrase until last named individual is agency head]. [Name individual, with title] will sign this SOW and all amendments hereto on behalf of [Agency Abbreviation]. 7.2. Vendor Project Manager [The parties may insert additional language in this Section to incorporate the vendor’s additional project management practices for project planning, tracking, reporting and management, including the types, frequency and contents of reports that will be provided by the developer to the agency.] [INSERT NAME OF Vendor Abbreviation Designed Project Manager, Vendor Project Manager Title] (“[Vendor Abbreviation]’s Project Manager”) shall perform project management on behalf of [Vendor Abbreviation] for this engagement. [Vendor Abbreviation]’s Project Manager will: 7.2.1
Be responsible for administering this Agreement and the managing of the day-today operations under this Agreement.
7.2.2
Serve as an interface between the [Agency Abbreviation] Project Manager and all [Vendor Abbreviation] personnel participating in this engagement.
7.2.3
Develop and maintain the Project Management Plan, in consultation with the [Agency Abbreviation] Project Manager.
7.2.4
Facilitate regular communication with the [Agency Abbreviation] Project Manager, including weekly status reports/updates, and review the project performance against the project plan. Facilitate weekly project status meetings for the duration of the engagement.
7.2.5
Update the project plan on a weekly basis and distribute at weekly meetings for the duration of the engagement.
7.2.6
Sign acceptance forms to acknowledge their receipt from [Agency Abbreviation].
7.2.7
Be responsible for the management and deployment of [Vendor Abbreviation] personnel.
[Vendor Abbreviation]’s Project Manager reports to _____, who reports to_____ [repeat until reaching engagement partner or equivalent]. [Name and title], being an authorized signatory named in [Vendor Abbreviation]’s response to RFR, will sign this SOW and all amendments thereto on behalf of [Vendor Abbreviation]. 7.3. Issue Resolution The Project Managers from each organization bear the primary responsibility for ensuring issue resolution. If they mutually agree that they are unable to resolve an issue, they are responsible for escalating the issue to [insert name and title of respective persons at agency and vendor].
Page 15 of 47
8. AMENDMENTS TO THE SCOPE OF WORK This Agreement may be amended prior to the end of the Term. The Project Manager who would like to request a change in scope for this engagement or any other terms contained within the Agreement, will provide the suggested amendment in writing to the other party’s Project Manager. The Project Managers will jointly determine whether the change impacts any terms contained within the Agreement. The parties may mutually agree to the change through a written amendment to this SOW. For any amendment entered into under this Agreement where [Vendor Abbreviation] will be providing services on a Time and Materials basis, the parties shall apply the Time and Materials terms as described in Section 12 of this SOW to the relevant Task Order. 9. PERSONNEL 9.1. Key Personnel [Vendor Abbreviation] agrees to provide the following personnel for the following amounts of time for the duration of this project: TABLE 1 KEY PERSONNEL
Staff Members
Role
Time Commitment expressed as percentage of full time
[Vendor Abbreviation] shall assign all of the foregoing personnel to this engagement on the time basis set forth in Table 1. In the event that a change is necessary, [Vendor Abbreviation] Project Manager will provide prompt written notice to [Agency Abbreviation] Project Manager of the proposed change. If the personnel change is a result of a non-emergency, the [Vendor Abbreviation] Project Manager shall provide the [Agency Abbreviation] Project Manager twoweek written notice. For personnel changes that result from an emergency, [Vendor Abbreviation] Project Manager shall provide prompt written notice to [Agency Abbreviation] Project Manager. [Agency Abbreviation] Project Manager has the right to accept or reject all personnel. [Vendor Abbreviation]’s personnel must comply with the Information Technology Division’s relevant Policies, Standards and Guidance, which may be located at www.mass.gov/itd and [Agency Abbreviation]’s workplace policies, which may be located at [Agency – put in URL for location of relevant workplace policies or attach policies to SOW].
Page 16 of 47
9.2. Equipment, Work Space, Office Supplies [Agency Abbreviation] will provide [workspace, cubicles, standard office equipment, and standard network connectivity provided to state employees] for [Vendor Abbreviation] team members working on-site for activities defined by this SOW or in the relevant Task Order. [Vendor Abbreviation] will submit a list of employees who will need access to the building and to state systems before execution of this SOW. Any [Vendor Abbreviation] employees who have access to IT resources must comply with the “Acceptable Use Policy” (see www.mass.gov/itd) or any alternative Acceptable Use Policy adopted by the [Agency Abbreviation]. 9.3. Related Project Knowledge In addition to the “Statewide Contract IT Specifications” and all other terms of RFR, [Vendor Abbreviation] shall, prior to commencing any other work under this SOW, become familiar with the following documents: [here list any other material that the vendor must master in order to perform under the contract, such as prior studies, agreements, reports, etc.]. 9.4. Intellectual Property and Work Effort Agreement for [Vendor Abbreviation]’s Employees, Contractors and Consultants and Agents [Vendor Abbreviation] shall ensure that each of [Vendor Abbreviation] personnel providing services under this SOW, regardless of whether the individual is an employee, contractor, or agent of [Vendor Abbreviation], shall, prior to rendering any services under this SOW, sign the “Intellectual Property and Work Effort Agreement for Vendor’s Employees, Contractors, Consultants, and Agents” (the “IPAWE Agreement”) which is attached hereto as Exhibit A. If [Vendor Abbreviation]’s personnel who will be rendering services under this SOW have already executed an agreement that, in the opinion of [Agency Abbreviation]’s counsel, provides legal protection to the Commonwealth as strong as that provided by the IPAWE Agreement, [Vendor Abbreviation] may substitute such agreement in place of the IPAWE Agreement for such personnel. [Vendor Abbreviation] shall return the signed copies of the IPAWE Agreement, or the [Agency Abbreviation] Project Manager’s pre-approved substitute agreement, to [Agency Abbreviation]’s Project Manager prior to the rendering of any services under this SOW. 10. ADDITIONAL TERMS 10.1. Code Review All Deliverables that include software code or applications shall follow current industry design and best practices, including, but not limited to those published by The National Institute of Standards & Technology (NIST), the SANS (SysAdmin, Audit, Network, Security (SANS) Institute), and other recognized bodies. [Vendor Abbreviation] shall cooperate with [Agency’s Abbreviation’s] code review of the relevant software or application Deliverables. Prior to implementation or acceptance of a Deliverable, [Vendor Abbreviation] shall subject Deliverables that include software code or script to independent application review by [Agency Abbreviation] or its delegated reviewer to validate that all applicable enterprise IT standards and security policies have been met, as well as other specifications as identified in this Agreement or the relevant Task Order. The review shall be performed by individuals other than [Vendor Abbreviation] or [Agency Abbreviation]’s staff who developed the Deliverables. For purposes of this requirement, "independent" may include other staff of the [Agency Abbreviation] provided no direct reporting relationships exist between the development and review organizations.
Page 17 of 47
10.2. Warranty Consistent with the RFR, [Vendor Abbreviation] represents and warrants to [Agency Abbreviation] that:
[Vendor Abbreviation] and its subcontractors are sufficiently staffed and equipped to fulfill [Vendor Abbreviation]’s obligations under this Agreement;
[Vendor Abbreviation]’s services will be performed: o By appropriately qualified and trained personnel; o With due care and diligence and to a high standard of quality as is customary in the industry; o In compliance with the Milestone Schedule and the terms and conditions of this Agreement; and o In accordance with all applicable professional standards for the field of expertise;
Deliverables delivered under this Agreement will substantially conform with the Tasks and Deliverable descriptions set forth in this Agreement;
All media on which [Vendor Abbreviation] provides any software under this Agreement shall be free from defects;
All software delivered by [Vendor Abbreviation] under this Agreement shall be free of Trojan horses, back doors, and other malicious code;
[Vendor Abbreviation] has obtained all rights, grants, assignments, conveyances, licenses, permissions and authorizations necessary or incidental to any materials owned by third parties supplied or specified by [Vendor Abbreviation] for incorporation in the Deliverables to be developed;
Documentation provided by [Vendor Abbreviation] under this Agreement shall be in sufficient detail so as to allow suitably skilled, trained, and educated [Agency Abbreviation] personnel to understand the operation of the Deliverables. [Vendor Abbreviation] shall promptly, at no additional cost to [Agency Abbreviation] make corrections to any documentation that does not conform to this warranty; and
Any systems created or modified by [Vendor Abbreviation] under this SOW shall operate in substantial conformance with the specifications for the system or modifications for a minimum of three months (the “Warranty Period”) after Agency accepts such system or modifications pursuant to Section 6 of this SOW. During the Warranty Period, [Vendor Abbreviation] shall correct any Severity Level I, II or III defects, as defined in the RFR, at no charge to [Agency Abbreviation].
10.3. Title and Intellectual Property Rights [These terms will apply if [Vendor Abbreviation] will be developing or modifying software or will be developing Deliverables that contain other intellectual property. They are subject to negotiation. However, the approval of the General Counsel for MassIT is required for any changes to these terms.] 10.4. Definition of Property The term Property as used herein includes the following forms of property: (1) confidential, proprietary, and trade secret information; (2) trademarks, trade names, discoveries, inventions processes, methods and improvements, whether or not patentable or subject to copyright protection and whether or not reduced to tangible form or reduced to practice; and (3) works of authorship, wherein such forms of property are required by [Vendor Abbreviation] to develop, test, and install the [name product to be developed] that may consist of computer programs (in
Page 18 of 47
object and source code form), scripts, data, documentation, the audio, visual and audiovisual content related to the layout and graphic presentation of the [name product to be developed], text, photographs, video, pictures, animation, sound recordings, training materials, images, techniques, methods, algorithms, program images, text visible on the Internet, HTML code and images, illustrations, graphics, pages, storyboards, writings, drawings, sketches, models, samples, data, other technical or business information, reports, and other works of authorship fixed in any tangible medium. 10.5. Source of Property The development of the [name product to be developed] will involve intellectual property derived from four different sources: (1) a third party such as …[this provision may not apply to all contracts, but it could apply if [Vendor Abbreviation] is using third party intellectual property to perform tasks or deliver Deliverables, e.g. configuring another entity’s COTS]; (2) that developed by [Vendor Abbreviation] for the open market (e.g. [Vendor Abbreviation]’s commercial off the shelf software); (3) that developed by [Vendor Abbreviation] for other individual clients, or for internal purposes prior to the Effective Date of this Statement of Work and not delivered to any other client of [Vendor Abbreviation]’s; and (4) developed by [Vendor Abbreviation] specifically for the purposes of fulfilling its obligations to [Agency Abbreviation] under the terms of this Agreement. Ownership of the first and second categories of intellectual property is addressed in separate agreements between [Agency Abbreviation] and the contractors and resellers of work product. This Section of 11 the Statement of Work addresses exclusively ownership rights in the third and fourth categories of intellectual property. 10.6. [Vendor Abbreviation] Property and License [Vendor Abbreviation] will retain all right, title and interest in and to all Property developed by it, i) for clients other than the Commonwealth, and ii) for internal purposes and not yet delivered to any client, including all copyright, patent, trade secret, trademark and other intellectual property rights created by [Vendor Abbreviation] in connection with such work (hereinafter the "[Vendor Abbreviation] Property"). [Agency Abbreviation] acknowledges that its possession, installation or use of [Vendor Abbreviation] Property will not transfer to it any title to such property. [Agency Abbreviation] acknowledges that [Vendor Abbreviation] Property contains or constitutes commercially valuable and proprietary trade secrets of [Vendor Abbreviation], the development of which involved the expenditure of substantial time and money and the use of skilled development experts. [Agency Abbreviation] acknowledges that [Vendor Abbreviation] Property is being disclosed to [Agency Abbreviation] to be used only as expressly permitted under the terms herein. [Agency Abbreviation] will take no affirmative steps to disclose such information to third parties, and, if required to do so under the Commonwealth’s Public Records Law, M.G.L. c. 66 § 10, or by legal process, will promptly notify [Vendor Abbreviation] of the imminent disclosure so that [Vendor Abbreviation] can take steps to defend itself against such disclosure. Except as expressly authorized herein, [Agency Abbreviation] will not copy, modify, distribute or transfer by any means, display, sublicense, rent, reverse engineer, decompile or disassemble [Vendor Abbreviation] Property. [Vendor Abbreviation] grants to [Agency Abbreviation], a fully-paid, royalty-free, non-exclusive, non-transferable, worldwide, irrevocable, perpetual, assignable license to make, have made, use, reproduce, distribute, modify, publicly display, publicly perform, digitally perform, transmit, copy, sublicense to any [Agency Abbreviation] subcontractor for purposes of creating, implementing, maintaining or enhancing a Deliverable, and create derivative works based upon [Vendor Abbreviation] Property, in any media now known or hereafter known, to the extent the same are embodied in the Deliverables, or otherwise required to exploit the Deliverables. During
Page 19 of 47
the Term of this Agreement and immediately upon any expiration or termination thereof for any reason, [Vendor Abbreviation] will provide to [Agency Abbreviation] the most current copies of any [Vendor Abbreviation] Property to which [Agency Abbreviation] has rights pursuant to the foregoing, including any related documentation. Notwithstanding anything contained herein to the contrary, and notwithstanding [Agency Abbreviation]’s use of [Vendor Abbreviation] Property under the license created herein, [Vendor Abbreviation] shall have all the rights and incidents of ownership with respect to [Vendor Abbreviation] Property, including the right to use such property for any purpose whatsoever and to grant licenses in the same to third parties. Vender shall not encumber or otherwise transfer any rights that would preclude a free and clear license grant to the Commonwealth. 10.7. Commonwealth Property In conformance with the Commonwealth’s Standard Terms and Conditions, all Deliverables created under this Agreement whether made by [Vendor Abbreviation], subcontractor or both are the property of [Agency Abbreviation], except for the [Vendor Abbreviation] Property embodied in the Deliverable. [Vendor Abbreviation] irrevocably and unconditionally sells, transfers and assigns to [Agency Abbreviation] or its designee(s), the entire right, title, and interest in and to all intellectual property rights that it may now or hereafter possess in said Deliverables, except for the [Vendor Abbreviation] Property embodied in the Deliverables, and all derivative works thereof. This sale, transfer and assignment shall be effective immediately upon creation of each Deliverable and shall include all copyright, patent, trade secret, trademark and other intellectual property rights created by [Vendor Abbreviation] or [Vendor Abbreviation]’s subcontractor in connection with such work (hereinafter the "Commonwealth Property"). All copyrightable material contained within a Deliverable and created under this Agreement are works made for hire. [Vendor Abbreviation] bears the burden to prove that a work within a Deliverable was not created under this Agreement. If work is determined to not be made for hire or that designation is not sufficient to secure rights, to the fullest extent allowable and for the full term of protection otherwise accorded to [Vendor Abbreviation] under such law, [Vendor Abbreviation] shall and hereby irrevocably does, assign and transfer to [Agency Abbreviation] free from all liens and other encumbrances or restrictions, all right, title and interest [Vendor Abbreviation] may have or come to have in and to such Deliverable. [Vendor Abbreviation] HEREBY WAIVES IN FAVOR OF [AGENCY ABBREVIATION] (AND SHALL CAUSE ITS PERSONNEL TO WAIVE IN FAVOR OF CLIENT IN WRITING SIGNED BY SUCH PERSONNEL) ANY AND ALL ARTIST’S OR MORAL RIGHTS (INCLUDING, WITHOUT LIMITATION, ALL RIGHTS OF INTEGRITY AND ATTRIBUTION) IT MAY HAVE PURSUANT TO ANY STATE OR FEDERAL LAWS OF THE UNITED STATES IN RESPECT TO ANY DELIVERABLE AND ALL SIMILAR RIGHTS UNDER THE LAWS OF ALL OTHER APPLICABLE JURISDICTIONS. [Vendor Abbreviation] agrees to execute all documents and take all actions that may be reasonably requested by [Agency Abbreviation] to evidence the transfer of ownership of or license to intellectual property rights described in this Section 11, including providing any code used exclusively to develop such Deliverables for [Agency Abbreviation] and the documentation for such code. [Vendor Abbreviation] acknowledges that there are currently and that there may be future rights that the Commonwealth may otherwise become entitled to with respect to Commonwealth Property that does not yet exist, as well as new uses, media, means and forms of exploitation, current or future technology yet to be developed, and that [Vendor Abbreviation] specifically intends the foregoing ownership or rights by the Commonwealth to include all such now known or unknown uses, media and forms of exploitation. Page 20 of 47
The Commonwealth retains all right, title and interest in and to all derivative works of Commonwealth Property. [Agency Abbreviation] hereby grants to [Vendor Abbreviation] a nonexclusive, revocable license to use, copy, modify and prepare derivative works of Commonwealth Property only during the Term and only for the purpose of performing services and developing Deliverables for the [Agency Abbreviation] under this Agreement. With respect to web site development contracts, [Agency Abbreviation] will bear sole responsibility for registering the software or system domain name or URL, applying for any trademark registration relating to the software or system domain name or URL and applying for any copyright registration related to its copyright ownership with respect to any Commonwealth Property. 10.8. Third-party Intellectual Property If the Deliverables contain or will contain any third-party intellectual property to which [Vendor Abbreviation] intends to provide a sublicense, [Vendor Abbreviation] must provide copies of all such sublicense agreements as early in the process as possible. The sublicense agreements must be included in [Vendor Abbreviation]’s initial quotation to the [Agency Abbreviation], or, if the requirement to utilize sublicensed intellectual property is not known at the outset of the project, as soon as the requirement becomes known. Sublicenses to third-party intellectual property can ONLY be provided under RFR if they are provided at no charge to the Commonwealth. 10.9. [Agency Abbreviation]’s Responsibilities In addition to the Tasks set forth in ”Equipment, Work Space, Office Supplies,” [Agency Abbreviation] shall be responsible for the following [insert any additional obligations that agency must fulfill; use this section sparingly; include responsibility for procuring hardware and commercial off the shelf software licenses or providing travel reimbursement.]. 10.10. Software Escrow [Address software escrow if applicable, usually in the case wherein Agency is purchasing a system based on code that will not be owned by the Commonwealth. If the Commonwealth will own the code, software escrow is not needed unless the code will be shared by multiple agencies.] 11. [VENDOR ABBREVIATION] TASKS AND DELIVERABLES This Section describes the Deliverables that [Vendor Abbreviation] will provide to [Agency Abbreviation] and the Tasks that [Vendor Abbreviation] will complete by the end of the engagement described in this SOW. A Task or Deliverable will be considered “complete” when all the acceptance criteria set forth in this SOW have been met or the prescribed review period for each Deliverable or Task has expired without written response from [Agency Abbreviation]. The Task/Deliverable numbers are referred to in subsequent sections throughout this SOW. All written documents shall be delivered in machine-readable format, capable of being completely and accurately reproduced by computer software on a laser printer. All itemized and/or annotated lists shall be delivered in computer spreadsheets, capable of being imported to Microsoft Excel 2000 [or name alternative desktop software used by agency]. All meetings shall be held in [INSERT LOCATION FOR MEETINGS, SUCH AS ADDRESS OF RELEVANT AGENCY OFFICE] unless agreed to otherwise by the Project Managers. Meetings must be scheduled at least three full business days in advance, with reasonable accommodation of attendees’ schedules. All meeting results will be described in a follow-up report generated by [Vendor Abbreviation] Project Manager and approved by the [Agency Abbreviation] Project Manager.
Page 21 of 47
11.1. Fixed Price Tasks and Deliverables: [AGENCY AND VENDOR INSERT: Draft the specific description for each fixed price Task and Deliverable that is material for completion of services and deliverables for work efforts under the RFQ.] For the Fixed Price Tasks and Deliverables of this Agreement, [Vendor Abbreviation] shall perform Tasks or deliver Deliverables in conformance with the Description and Metrics of Acceptance on or before Milestone Schedule date set forth in Table 2. TABLE 2 Deliverables and Tasks Deliverable or Task 1.0 Planning 1.1. A deployment roadmap and detail plan including system requirements, inter-team dependencies and timeline 1.2. Comprehensive test planning completed for each product installation and configuration and deployment 1.3. Risk assessment/mitigation approach
Description and Metrics of Acceptance
Estimated Hours
A deployment roadmap and detail plan identifying system requirements, interteam dependencies and timeline is delivered and accepted by MassIT A comprehensive test plan detailing what is being testing, how and pass/fail criteria is developed in partnership with MassIT resources and accepted by MassIT A risk mitigation plan including probability and impact levels identified is delivered and accepted by MassIT 2.0 Standing Up Guardium & Netezza Native Encryption - TwinFin Environments 2.1. Guardium Data Monitoring/Vulnerability Assessment - DEV 2.1.1. Guardium - Data Monitoring 2.1.1.1 Guardium collector Guardium collector appliance is installed appliance stood-up (DEV) and configured for the DEV environment 2.1.1.2 Guardium data activity Guardium data activity monitoring monitoring software software is installed and configured on the successfully configured and Netezza TwinFin DEV environment installed (TwinFin DEV) 2.1.1.3 Guardium data activity Testing identified in Task 1.2 for data monitoring install activity monitoring in the Guardium successfully tested (TwinFin TwinFin DEV environment is successfully DEV) completed, knowledge transfer conducted and all work accepted by MassIT 2.1.2. Guardium – Vulnerability Assessment 2.1.2.1 Guardium vulnerability Guardium vulnerability assessment assessment software software is installed and configured on the successfully configured and Netezza TwinFin DEV environment installed (TwinFin DEV) 2.1.2.2 Guardium vulnerability Testing identified in Task 1.2 for assessment install vulnerability assessment in the Guardium successfully tested (TwinFin TwinFin DEV environment is successfully DEV) completed, knowledge transfer conducted and all work accepted by MassIT 2.1.2.2 Guardium TwinFin DEV Post-installation and configuration process post-installation and review and lessons-learned knowledge
Page 22 of 47
Deliverable or Task configuration process review and lessons-learned knowledge transfer conducted
Description and Metrics of Acceptance transfer conducted and accepted by MassIT
2.2. Guardium Data Monitoring/Vulnerability Assessment – PROD 2.2.1 Guardium – Vulnerability Assessment 4.1.2.1 Striper PROD data acivity Post-installation and configuration process monitoring post-installation review and lessons-learned knowledge and configuration process transfer conducted and accepted by review and lessons-learned MassIT knowledge transfer conducted 4.1.2.2 Guardium vulnerability Testing identified in Task 1.2 for assessment software vulnerability assessment in the Guardium successfully configured and Striper PROD environment is successfully installed completed, knowledge transfer conducted and all work accepted by MassIT 4.1.2.3 Guardium vulnerability Post-installation and configuration process assessment post-installation review and lessons-learned knowledge and configuration process transfer conducted and accepted by review and lessons-learned MassIT knowledge transfer conducted 2.2.2 Guardium – Vulnerability Assessment 2.2.2.1 Guardium vulnerability Guardium vulnerability assessment assessment software software is installed and configured on the successfully configured and TwinFin PROD environment installed (TwinFin PROD) 2.2.2.2 Guardium vulnerability Testing identified in Task 1.2 for assessment install vulnerability assessment in the Guardium successfully tested (TwinFin TwinFin PROD environment is PROD) successfully completed, knowledge transfer conducted and all work accepted by MassIT 2.2.2.3 Guardium TwinFin PROD Post-installation and configuration process post-installation and review and lessons-learned knowledge configuration process review transfer conducted and accepted by and lessons-learned MassIT knowledge transfer conducted 2.3. Netezza Native Encryption 2.3.1 Netezza Native Encryption Functionality –DEV 2.3.1.1 Netezza native encryption Native encryption is installed and fully functional configured in the TwinFin DEV environment, knowledge transfer conducted and all work accepted by MassIT
Page 23 of 47
Estimated Hours
Deliverable or Task 2.3.1.2 Netezza native encryption functionality successfully tested
Description and Metrics of Acceptance Testing identified in Task 1.2 for native encryption TwinFin DEV environment is successfully completed, knowledge transfer conducted and all work accepted by MassIT Post-installation and configuration process review and lessons-learned knowledge transfer conducted and accepted by MassIT
2.3.1.3 Native encryption functionality postinstallation and configuration process review and lessons-learned knowledge transfer conducted 2.3.2 Netezza Native Encryption Functionality –PROD 2.3.2.1 Netezza native encryption Native encryption is installed and fully functional configured in the TwinFin PROD environment, knowledge transfer conducted and all work accepted by MassIT 2.3.2.2 Netezza native encryption Testing identified in Task 1.2 for native functionality successfully encryption TwinFin PROD environment is tested successfully completed, knowledge transfer conducted and all work accepted by MassIT 2.3.2.3 Native encryption Post-installation and configuration process functionality postreview and lessons-learned knowledge installation and transfer conducted and accepted by configuration process review MassIT and lessons-learned knowledge transfer conducted 3.0 Implementing Netezza Native Encryption Functionality (Striper PROD Only) 3.1 Netezza native encryption Native encryption is installed and fully functional configured in the Striper PROD environment, knowledge transfer conducted and all work accepted by MassIT 3.2 Netezza native encryption Testing identified in Task 1.2 for native functionality successfully encryption Striper PROD environment is tested successfully completed, knowledge transfer conducted and all work accepted by MassIT 3.3 Striper PROD native Post-installation and configuration process encryption functionality review and lessons-learned knowledge post-installation and transfer conducted and accepted by configuration process review MassIT and lessons-learned knowledge transfer conducted 4.0 Standing Up Guardium – Striper (PROD only) 4.1. Guardium – Data Monitoring/Vulnerability Assessment 4.1.1 Guardium - Data Monitoring
Page 24 of 47
Estimated Hours
Deliverable or Task 4.1.1.1 Guardium collector appliance stood-up (PROD) 4.1.1.2 Guardium data activity monitoring software successfully configured and installed 4.1.1.3 Guardium data activity monitoring install successfully tested
Description and Metrics of Acceptance Guardium collector appliance is installed and configured for the PROD environment Guardium data activity monitoring software is installed and configured on the Netezza Striper PROD environment
Testing identified in Task 1.2 for data activity monitoring in the Guardium Striper PROD environment is successfully completed, knowledge transfer conducted and all work accepted by MassIT 4.1.2 Guardium – Vulnerability Assessment 4.1.2.1 Striper PROD data acivity Post-installation and configuration process monitoring post-installation review and lessons-learned knowledge and configuration process transfer conducted and accepted by review and lessons-learned MassIT knowledge transfer conducted 4.1.2.2 Guardium vulnerability Testing identified in Task 1.2 for assessment software vulnerability assessment in the Guardium successfully configured and Striper PROD environment is successfully installed completed, knowledge transfer conducted and all work accepted by MassIT 4.1.2.3 Guardium vulnerability Post-installation and configuration process assessment post-installation review and lessons-learned knowledge and configuration process transfer conducted and accepted by review and lessons-learned MassIT knowledge transfer conducted 5.0 Standing Up Optim 5.1. Optim – Netezza Environments (TwinFin and Striper) 5.1.1 Optim – Netezza TwinFin DEV 5.1.1.1 Optim test data management Optim TDM is installed and configured (TDM) software successfully and working in conjunction with the configured and installed Netezza TwinFin DEV environment 5.1.1.2 Optim install successfully Testing identified in Task 1.2 for Optim in tested the TwinFin DEV environment is successfully completed, knowledge transfer conducted and all work accepted by MassIT. 5.1.1.3 Optim TwinFin DEV postPost-installation and configuration process installation and review and lessons-learned knowledge configuration process review transfer conducted and accepted by and lessons-learned MassIT knowledge transfer conducted 5.1.2 Optim – Netezza TwinFin PROD 5.1.2.1 Optim test data management Optim TDM is installed and configured (TDM) software successfully and working in conjunction with the configured and installed Netezza TwinFin PROD environment.
Page 25 of 47
Estimated Hours
Deliverable or Task 5.1.2.2 Optim install successfully tested
Description and Metrics of Acceptance Testing identified in Task 1.2 Optim TwinFin PROD environment is successfully completed, knowledge transfer conducted and all work accepted by MassIT. Post-installation and configuration process review and lessons-learned knowledge transfer conducted and accepted by MassIT
5.1.2.3 Optim TwinFin PROD postinstallation and configuration process review and lessons-learned knowledge transfer conducted 5.1.3 Optim – Striper PROD 5.1.3.1 Optim test data management Optim TDM is installed and configured (TDM) software successfully and working in conjunction with the configured and installed Netezza Striper PROD environment. 5.1.3.2 Optim install successfully Testing identified in Task 1.2 Optim tested Striper PROD environment is successfully completed, knowledge transfer conducted and all work accepted by MassIT. 5.1.3.4 Optim Striper PROD postPost-installation and configuration process installation and review and lessons-learned knowledge configuration process review transfer conducted and accepted by and lessons-learned MassIT knowledge transfer conducted 6.0 Standing Up Initiate 6.1. Initiate – Netezza Environment (TwinFin DEV/Striper PROD) 6.1.1 Initiate – TwinFin DEV 6.1.1.1 Initiate master data Initiate MDM is installed and configured management (MDM) and working in conjunction with the software successfully Netezza TwinFin DEV environment. configured and installed 6.1.1.2 Initiate install successfully Testing identified in Task 1.2 for Initiate tested in the TwinFin DEV environment is successfully completed, knowledge transfer conducted and all work accepted by MassIT. 6.1.1.3 Initiate TwinFin DEV postPost-installation and configuration process installation and review and lessons-learned knowledge configuration process review transfer conducted and accepted by and lessons-learned MassIT knowledge transfer conducted 6.1.2 Initiate – Striper PROD 6.1.2.1 Initiate master data Initiate MDM is installed and configured management (MDM) and working in conjunction with the software successfully Netezza Striper PROD environment, configured and installed knowledge transfer conducted and all work accepted by MassIT
Page 26 of 47
Estimated Hours
Deliverable or Task 6.1.2.2 Initiate install successfully tested 6.1.2.3 Initiate Striper PROD postinstallation and configuration process review and lessons-learned knowledge transfer conducted
Description and Metrics of Acceptance Testing identified in Task 1.2 Initiate Striper PROD environment is successfully completed and accepted by MassIT. Post-installation and configuration process review and lessons-learned knowledge transfer conducted and accepted by MassIT
Estimated Hours
7.0 Standing Up Cognos Environment 7.1. Cognos - DEV 7.1.1 Cognos10 is successfully Cognos10 is installed and configured in installed the DEV environment and accepted by MassIT 7.1.2 Cognos10 install Testing identified in Task 1.2 for successfully tested Cognos10 in the DEV environment is successfully completed, knowledge transfer conducted and all work accepted by MassIT. 7.1.3 Cognos10 DEV postPost-installation and configuration process installation and review and lessons-learned knowledge configuration process review transfer conducted and accepted by and lessons-learned MassIT knowledge transfer conducted 7.2. Cognos - PROD 7.2.1 Cognos10 is successfully Cognos10 is installed and configured in installed (PROD) the PROD environment and accepted by MassIT 7.2.2 Cognos10 install Testing identified in Task 1.2 for successfully tested (PROD) Cognos10 in the PROD environment is successfully completed, knowledge transfer conducted and all work accepted by MassIT. 7.2.3 Cognos10 PROD postPost-installation and configuration process installation and review and lessons-learned knowledge configuration process review transfer conducted and accepted by and lessons-learned MassIT knowledge transfer conducted
12. TIME AND MATERIALS PERSONNEL [VENDOR ABBREVIATION] agrees to provide the following Named Resources, whose resume is attached hereto as Exhibit [INSERT NUMBER], on a Time and Materials basis and as described in any relevant Task Order entered into hereunder [Please note: Do not include rates in the Business and Technical response sections]:
Page 27 of 47
TABLE 3 Time and Materials Resources
Named Resource
Title
Hourly Rate
12.1. Payment Terms All payments under this Agreement shall be made in accordance with the Commonwealth's bill paying policy. 12.1.1. Fixed Price Payments for Tasks and Deliverables This is a fixed price engagement. Payment will be made by MassIT to Vendor only after all services have has been completed and the services have been accepted by MassIT. A Deliverable or Task will be considered “completed” when [Agency Abbreviation] has determined that the acceptance criteria for that specific Deliverable or Task has been met as specified in Table 2 of this SOW, and elsewhere in this Agreement. [Vendor Abbreviation] agrees to invoice the Commonwealth for the Deliverables or work completed per the requirements set forth in this SOW and the relevant Task Order. [Agency Abbreviation] will make payments to [Vendor Abbreviation] only after receiving an accurate invoice for Tasks and Deliverables completed and accepted pursuant to Section 6 of this SOW. Payments for specific Tasks and Deliverables shall be made in accordance with Table 4 below. TABLE 4 Fixed Price Deliverables and Tasks [Please note: Do not include rates in the Business and Technical response sections] Deliverable or Task Number 1.1 through 7.2.3
Deliverable or Task Name
Payment
All Tasks and Deliverables under this SOW
12.1.2. Time and Materials Payments For the Time and Materials Services provided in any Task Order entered hereunder, [VENDOR ABBREVIATION] shall complete the work described in the relevant Task Order and as scheduled through weekly planning meetings. [VENDOR ABBREVIATION] will submit weekly reports to the [Agency Abbreviation] Project Manager detailing the hours actually worked by the Named Resource performing Time and Materials work and described herein or in the relevant Task Order. The weekly reporting must show actual resource hours worked against assigned tasks. [VENDOR ABBREVIATION] will also report weekly to the [Agency Abbreviation] Project Manager its expected work effort the forthcoming week, showing the Named Resource’s expected level of effort. The Named Resource will be authorized for work without the prior review and authorization by the [Agency Abbreviation] Project Manager.
Page 28 of 47
[VENDOR ABBREVIATION] shall provide a bi-weekly invoice to [Agency Abbreviation] Project Manager for the actual hours worked per week of the Named Resource identified in Table 3. No invoice will exceed 37.5 hours per week per resource, and the total payments under this SOW or the relevant Task Order will not exceed the authorized hours or the total authorized amount as identified in the relevant Task Order. The [Agency Abbreviation] Project Manager will review and approve these invoices based on satisfactory work performance by the Named Resource. The [Agency Abbreviation] Project Manager may terminate use of the Named Resource by providing ten (10) days written notice to [VENDOR ABBREVIATION] Project Manager. If termination is “For Cause”, or for a violation of a term of this Agreement, [Agency Abbreviation] may terminate use of the Named Resource effective immediately by providing written notice to [VENDOR ABBREVIATION] Project Manager.
13. TRANSFER OF ENGAGEMENT PRODUCTS AT CONTRACT TERMINATION [Address any special requirements for transfer of the application and/or other engagement products to the Commonwealth or to another vendor at Contract Termination. 14. MAINTENANCE [Agency and Vendor: Address maintenance to be provided by vendor, if any, and cost thereof] The undersigned hereby represent that they are duly authorized to execute this SOW on behalf of their respective organizations.
MassIT
Louis Angeloni, CFO
Date
Page 29 of 47
[Vendor Name]
[Vendor Signatory and Title] Date
EXHIBIT I: Intellectual Property and Work Effort Agreement for Vendor’s Employees, Consultants, and Agents Confidentiality, Assignment of Inventions and Representation of Non-Infringement Agreement; Other Representations The undersigned hereby acknowledges that he or she is an employee or consultant to of the following vendor of the Commonwealth of Massachusetts: Name of Vendor: ________________________ (“Vendor”) and desires to be assigned by the Vendor to perform services for the Commonwealth, and that the Vendor desires to assign you to perform services on one or more projects for the Commonwealth, but only under the condition that you sign this Agreement and agree to be bound by all of its terms and conditions. NOW THEREFORE, in consideration of your assignment to work for the Commonwealth, the access you have to the confidential information of the Commonwealth, and for other good and valuable consideration, the parties agree as follows: 1.
Confidentiality of the Commonwealth’s Materials. You agree that both during your assignment at the Commonwealth and thereafter you will not use for your own benefit, or divulge or disclose to anyone except to persons within the Commonwealth whose positions require them to know it, any information not already lawfully available to the public concerning the Commonwealth (“Confidential Information”), including but not limited to information regarding any website of the Commonwealth, any e-commerce products or services, any web development strategy, any financial information or any information regarding users of or vendors to the Commonwealth’s websites. Confidential Information also includes, without limitation, any technical data, design, pattern, formula, computer program, source code, object code, algorithm, subroutine, manual, product specification, or plan for a new, revised or existing product or web site; any business, marketing, financial or sales information; and the present or future plans of the Commonwealth with respect to the development of its web sites and web services.
2.
All Developments the Property of the Commonwealth. All confidential, proprietary or other trade secret information and all other works of authorship, trademarks, trade names, discoveries, inventions, processes, methods and improvements, conceived, developed, or otherwise made by you, alone or with others, and in any way relating to the Commonwealth or any of its web development projects, whether or not patentable or subject to copyright protection and whether or not reduced to tangible form or reduced to practice during the period of your assignment with the Commonwealth (“Developments”) shall be the sole property of the Vendor’s customer, the Commonwealth. All copyrightable material contained within a Development during the period of your assignment with the Commonwealth are works made for hire. You bear the burden to prove that a work was not made during the period of your assignment with the Commonwealth. If a work is determined to not be made for hire or that designation is not sufficient to secure rights, to the fullest extent allowable and for the full term of protection otherwise accorded to you under such law, you shall and hereby irrevocably do, assign and transfer to the Commonwealth free from all liens and other encumbrances or restrictions, all right, title and interest you may have or come to have in and to such Development. YOU HEREBY WAIVE IN FAVOR OF THE COMMONWEALTH ANY AND ALL ARTIST’S OR MORAL RIGHTS (INCLUDING, WITHOUT LIMITATION, ALL RIGHTS OF INTEGRITY AND ATTRIBUTION) YOU MAY HAVE PURSUANT TO ANY STATE OR FEDERAL LAWS OF THE UNITED STATES IN RESPECT TO ANY DELIVERABLE AND ALL SIMILAR RIGHTS UNDER THE LAWS OF ALL OTHER APPLICABLE JURISDICTIONS. You agree to disclose all Developments promptly, fully and in writing to the Commonwealth promptly after development of the same, and at any time upon request. You agree to, and hereby do assign to the Commonwealth all your right, title and interest throughout the world in and to all Developments without any obligation on the part of the Commonwealth to pay royalties or any other consideration to you in respect of such Developments. You agree to assist the Vendor’s customer the Commonwealth, (without charge, but at no cost to you) to obtain and maintain for itself such rights.
3.
Return of the Commonwealth’s Materials. At the time of the termination of your assignment with the Commonwealth, you agree to return to the Commonwealth all Commonwealth materials, documents and property, in your possession or control, including without limitation, all materials relating to work done while assigned by the Vendor to projects for Commonwealth or relating to the processes and materials of the Commonwealth. You also agree to return to the Commonwealth all materials concerning past, present and future or potential products and/or services of the Commonwealth. You also agree to return to the Commonwealth all materials provided by persons doing business with the Commonwealth and all teaching materials provided by the Commonwealth.
4.
Representation of Non-Infringement. You hereby represent and warrant that, to your best knowledge, no software, no web content and no other intellectual property that you develop during your assignment to and deliver to the Commonwealth, and no Developments made by you and assigned to the Commonwealth pursuant to Section 2 above, shall infringe a patent, copyright, trade secret or other proprietary or intellectual property right of any third party.
5.
No Conflicting Agreements. You represent and warrant that you are not a party to any agreement or arrangement which would constitute a conflict of interest with the obligations undertaken hereunder or would prevent you from carrying out your obligations hereunder.
6.
Tax Payments. You hereby represent and warrant that you have paid all due state and federal taxes, or, if your tax status is in dispute or in the process of settlement, that you have responded as directed and within the required timeframes to all communications received from the state or federal government.
7.
You acknowledge that you are not an employee of any Massachusetts state or municipal government agency, and are not entitled to any benefits, guarantees or other rights granted to state or municipal government agencies, including but not limited to group insurance, disability insurance, paid vacations, sick leave or other leave, retirements plans, health plans, or premium overtime pay. Should you be deemed to be entitled to receive any such benefits by operation of law or otherwise, you expressly waive any claim or entitlement to receiving such benefits from Massachusetts state or municipal government agencies.
8.
Miscellaneous: a.
The Commonwealth is a third party beneficiary of this Agreement with full rights to enforce its terms directly
b.
This Agreement contains the entire agreement between the parties with respect to the subject matter hereof, superseding any previous oral or written agreements.
c.
Your obligations under this Agreement shall survive the termination of your assignment with the Commonwealth regardless of the manner of or reasons for such termination. Your obligations under this Agreement shall be binding upon and shall inure to the benefits of the heirs, assigns, executors, administrators and representatives of the parties.
d.
You agree that the terms of this Agreement are reasonable and properly required for the adequate protection of our customer the Commonwealth’s legitimate business interests. You agree that in the event that any of the provisions of this Agreement are determined by a court of competent jurisdiction to be contrary to any applicable statute, law, rule, or policy or for any reason unenforceable as written, then such court may modify any of such provisions so as to permit enforcement thereof to the maximum extent permissible as thus modified. Further, you agree that any finding by a court of competent jurisdiction that any provision of this Agreement is contrary to any applicable statute, law, or policy or for any reason unenforceable as written shall have no effect upon any other provisions and all other provisions shall remain in full force and effect.
e.
You agree that any breach of this Agreement will cause immediate and irreparable harm to the Vendor’s customer the Commonwealth not compensable by monetary damages and that the Commonwealth will be entitled to obtain injunctive relief, in addition to all other relief, in any court of competent jurisdiction, to enforce the terms of this Agreement, without having to prove or show any actual damage to the Commonwealth.
f.
No failure to insist upon strict compliance with any of the terms, covenants, or conditions hereof, and no delay or omission in exercising any right under this Agreement, will operate as a waiver of such terms, covenants, conditions or rights. A waiver or consent given on any one occasion is
Page 31 of 47
effective only in that instance and will not be construed as a bar to or waiver of any right on any other occasion. g.
This Agreement shall be governed by and construed in accordance with the laws of the Commonwealth of Massachusetts, without regard to the doctrine of conflicts of law. This Agreement is executed under seal.
The undersigned believes that this Agreement imposes reasonable standards of conduct for all of the employees, consultants, and agents of the vendor on assignment at the Commonwealth, and that this Agreement will serve to best protect the interests of all involved parties. If you agree with the terms set forth herein, please sign and return this Agreement.
Agreed and Accepted: Name of Vendor:
________________________
Name of Employee, Consultant, or Agent:
________________________
Vendor Signatory Name:
________________________
Title:
________________________
Vendor Signatory Title:
________________________
Signature:
________________________
Vendor Signature:
________________________
Date:
________________________
Vendor Signature Date:
________________________
Page 32 of 47
Exhibit II: Workplace Policies A. MASSIT HR Policy 2008-01 Effective 10/1/2008: Policy of Zero Tolerance for Sexual Assault, Domestic Violence and Stalking B. MASSIT HR Policy 2008-03 Effective 8/1/2008: Policy of Zero Tolerance for Workplace Violence C. MASSIT HR Policy 2006-01 Effective 7/1/2006: Sexual Harassment Policy All contractors working on site at Commonwealth locations must comply with the attached Workplace Policies.
Page 33 of 47
A. MASSIT HR Policy 2008-01 Effective 10/1/2008: Policy of Zero Tolerance for Sexual Assault, Domestic Violence and Stalking Policy The Commonwealth has a zero-tolerance policy for sexual assault, domestic violence, and stalking occurring within or outside the workplace. Effective immediately, it is the policy of the Information Technology Division (MASSIT) that all employees work in an environment free from all forms of sexual assault and domestic violence. Sexual assault and domestic violence undermine the integrity of the work place and the personal safety of the individual. Authority Executive Order 491 establishes a zero tolerance policy for sexual assault, domestic violence and stalking and requires state agencies to issue written policies and to provide copies of the policy to all employees. The Executive Order applies to all individuals employed on a full-time or part-time basis by the Office of the Governor or any state agency under the Executive Department. Definition of Domestic Violence Chapter 209A of the Massachusetts General Laws defines domestic violence as a form of abuse among family or household members, which includes those individuals who are or have been involved in a substantive dating relationship. Abuse is defined as the occurrence of one or more of the following acts between family or household members: attempting to cause or causing physical harm; or placing another in fear of imminent serious physical harm; or causing another to engage involuntarily in sexual relations by force, threat of force, or duress. Family or household members are persons who: are or were married to one another; are or were residing together in the same household; are or were related by blood or marriage; have a child in common regardless of whether they have ever married or lived together; or are or have been in a substantive dating or engagement relationship. Chapter 209A provides a victim protection from an abuser through the issuance of a restraining order. Such an order may order the abuser to refrain from abuse, to vacate the home, to comply with temporary custody and support orders, and/or to have no contact with the victim at all times. Although Chapter 209A orders are civil in nature, violations of certain provisions are criminal in nature and arrest following such violations is mandatory. MASSIT will not initiate disciplinary action against an employee accused of abuse alleged to have occurred outside the workplace unless presented with an authentic copy of a document showing a judicial finding of probable cause that the employee committed an act of abuse against a family or household member. MASSIT may require an employee who is an abuser to accept reassignment to a different geographic location, if MASSIT determines that such reassignment will help better ensure the safety of the victim or others in the workplace. While maintaining confidentiality to the extent practicable, MASSIT may consult with appropriate legal staff, human resource/labor relations directors and/or domestic violence professionals for guidance in these matters. Definition of Sexual Assault and Stalking “Sexual assault” includes any action causing another to engage in sexual relations by force, threat, or duress in violation of Chapter 209A or chapter 265 of the General Laws, or any other applicable law of the Commonwealth. “Stalking” includes any pattern or series of acts, conduct or threats causing or intended to cause alarm or fear in violation of chapter 209A or chapter 265 of the General Laws, or any other applicable law of the Commonwealth. MASSIT will not initiate disciplinary action against an employee accused of stalking or sexual assault alleged to have occurred outside the workplace unless presented with an authentic copy of a document showing a judicial finding of probable cause that the employee committed an act of stalking or sexual assault. MASSIT may require an employee who is a stalker or abuser to accept reassignment to a different geographic location, if MASSIT determines that such reassignment will help better ensure the
Page 34 of 47
safety of the victim or others in the workplace. While maintaining confidentiality to the extent practicable, MASSIT may consult with appropriate legal staff, human resource/labor relations directors and/or domestic violence professionals for guidance in these matters. The Commonwealth’s view of sexual assault, domestic violence, and stalking reflects, but is not limited to, the following considerations: A man as well as a woman may be the victim of sexual assault, domestic violence, or stalking, and a woman as well as a man may be the abuser. The victim does not have to be the opposite sex from the abuser or stalker. The Director of Human Resources shall: When appropriate, ensure written workplace safety plans are completed in response to confirmed reports of domestic violence, sexual assault, and stalking; When appropriate, while maintaining confidentiality to the extent practicable, work with victims in consultation with MASSIT’s domestic violence coordinator, HR personnel, and/or Legal Counsel in addressing workplace safety and security plans that may impact victims and/or co-workers. Respect the privacy of victims and perpetrators and preserve confidentiality at all times, to the extent possible, in dealing with situations involving sexual assault, domestic violence or stalking; When notified of a restraining order in effect, utilize all reasonable efforts to address the employee’s concerns about safety and report any workplace violations of such order to the police.
MASSIT Employees shall: Refrain from participating in any form of domestic violence, sexual assault, or stalking either within or outside the workplace; Cooperate in the investigation of alleged domestic violence, sexual assault, and stalking by providing information they possess concerning such matters; Report behavior in the workplace which they believe to be sexual assault, domestic violence, or stalking to their supervisor, or the police when appropriate. Protection to domestic violence, sexual assault, and stalking victims MASSIT recognizes that victims of domestic violence, sexual assault, and stalking may suffer from physical, mental, emotional, and sexual abuse. In an effort to afford victims of domestic violence, sexual assault, and stalking the ability to protect themselves and their families, and to ensure the safety of all employees, MASSIT has established the following policies: An employee who is a victim of domestic violence, sexual assault or stalking, or whose children are victims (where the employee is not the abuser) shall be entitled to up to fifteen (15) days of paid leave per calendar year for the purposes of counseling, obtaining medical treatment, attending legal proceedings, or carrying out other necessary activities resulting from domestic violence, sexual assault, or stalking. The fifteen (15) days of paid leave will not be charged to sick, vacation or personal leave accrual. An employee who is a victim of sexual assault, domestic violence, or stalking and/or whose children are victims and the employee is not the abuser may be granted up to six (6) months of unpaid leave, where the employee requests such leave as a result of domestic violence, sexual assault or stalking. Leave accruals and insurance benefits shall be handled in the same way as is done for any other type of leave without pay. Upon the employee’s return from leave, MASSIT shall restore the employee to the same position or to an equivalent position, with equivalent employment benefits, pay, and other terms and conditions of employment, provided that the employee has not been displaced from his/her position in the interim due to a reduction in force. Due to the emergency nature of leave requests, the employee may not be able to provide such documentation. However, when appropriate, agencies may request the following documentation: A judicial finding of domestic violence, such as a 209A restraining order or pending criminal charges; A signed letter from a district attorney’s office, police department, or district, probate, or superior court;
Page 35 of 47
Signed affidavits from third parties having knowledge of the abuse. To the extent possible, all documentation submitted shall be kept in a secure and confidential manner so as to respect the employee’s right to privacy. A victim of domestic violence, sexual assault, or stalking is strongly encouraged to notify MASSIT of the existence of a restraining order protecting the employee. Upon such notification, MASSIT shall make all reasonable efforts to enforce the restraining order in the workplace. Such efforts may include: Notifying security personnel of the identity of the person against whom the order is issued (defendant); Providing security personnel with a photograph or other identifying information, such as motor vehicle information; After notifying the employee, having the employee’s calls screened; Moving the employee’s workstation away from an unsecured entrance. If MASSIT becomes aware that an active restraining order protects an employee, the agency may offer that employee a reassignment to a different geographical location. Where the victim has requested reassignment, MASSIT shall give the request top priority. MASSIT shall immediately notify the police if a violation of a restraining order occurs at the workplace. MASSIT will provide a list of domestic violence and sexual assault assistance programs, including the state-wide Safe-Link Hotline emergency hotline number, to employees who are victims of domestic violence, sexual assault, or stalking to assist them in finding available services. Procedures for Investigating and Disciplining Abusers MASSIT takes all instances of sexual assault, domestic violence, and stalking seriously. The following are guidelines for disciplining abusers: MASSIT shall immediately report any incident of domestic violence, sexual assault or stalking that occurs in the workplace, including violation of 209A restraining orders, to the appropriate law enforcement authorities. MASSIT must follow existing provisions in the collective bargaining agreements when disciplining abusers. MASSIT will consult with appropriate legal staff, human resource/labor relations directors and or domestic violence professionals for guidance in these matters. All investigations of domestic violence, sexual assault, or stalking policy violations alleged to have occurred within the workplace will be conducted in a manner to protect the confidentiality of the alleged victim, the alleged abuser and all witnesses. All parties involved in the proceedings will be advised to maintain strict confidentiality. Acts of domestic violence, sexual assault, or stalking, regardless of where they occur, will not be tolerated and may result in discipline, including, but not limited to: An oral warning or reprimand; A written warning or reprimand to be placed in a personnel file; Required completion of a certified batterer intervention program; Suspension or termination; or Any combination of the above. Incidents of domestic violence, sexual assault, or stalking resulting in the conviction of a felony within the past five years, may be used as a factor in hiring determinations. As with all other such actions, disciplinary actions taken against abusers become part of their work history and will be considered when selecting employees for promotion, new work assignments and other types of personnel actions.
Page 36 of 47
B. MASSIT HR Policy 2008-03 Effective 8/1/2008: Policy of Zero Tolerance for Workplace Violence Policy Workplace violence undermines the integrity of the workplace and the personal safety of the individual employee. Therefore, the Commonwealth maintains a zero tolerance policy for workplace violence. Effective immediately, it is the policy of the Information Technology Division that all of its employees work in an environment free from workplace violence. Authority Executive Order #442 establishes a zero tolerance policy for workplace violence and requires state agencies to promptly disseminate written copies of the policy to all employees. The Executive Order applies to individuals employed on a full time or part time basis by the Office of the Governor or any state agency under the Executive department. Definition of Workplace Violence For the purposes of this policy, “workplace” is defined as: Any Commonwealth owned or leased property; Any location where Commonwealth business is conducted; Commonwealth vehicles or private vehicles being used for Commonwealth business; In addition, workplace violence can occur at any location if the violence has resulted from an act or decision made during the course of conducting Commonwealth business. Workplace violence includes but it not limited to the following: Physical assault and/or battery; Threats and/or acts of intimidation communicated by any means that cause an employee to be in fear of their own physical safety or that of a colleague; Disruptive or aggressive behavior that places a reasonable person in fear of physical harm and/or that causes a disruption of workplace productivity; and/or Property damage. Violent behavior can include actions or communication in person, by letter or note, telephone, fax, or electronic mail. Incidents of workplace violence may be acted out individually or take place between employees, employees and clients/customers, employees and acquaintances/partners and employees and the general public.
MASSIT CIO and Director of Human Resources shall: When necessary, notify state/and or local police in response to serious incidents of workplace violence; Establish a Safety Incidence Team comprised of senior executive staff representing agency human resources, labor relations, security, training, and legal to devise and review policies, procedures and safety protocols, and to ensure consistent, coordinated responses to acts of workplace violence; Ensure written workplace protection plans are devised for employees who are victims of workplace violence; and implement any necessary workplace safety protocols designed to further protect employees from harm MASSIT Supervisors and Managers shall: Report all incidents to the Director of Human Resources to insure appropriate documentation and swift investigation of reports of workplace violence
Page 37 of 47
MASSIT Employees shall: Ensure that they do not participate in any form of workplace violence Cooperate in the investigation of alleged workplace violence; and Report behavior in the workplace they believe to be workplace violence to their supervisor, or the police when appropriate.
Procedures for Investigation and Disciplining Perpetrator As stated above, the Commonwealth maintains a zero tolerance policy for workplace violence. The Information Technology Division takes all instances of workplace violence seriously. The following are guidelines for disciplining perpetrators: MASSIT shall immediately report incidents of workplace violence that include physical assault and/or battery, and/or threats to do physical harm, to the appropriate law enforcement authorities; All investigations of workplace violence will be conducted in a manner that is sensitive to the safety concerns and privacy of the victim(s), the perpetrator, and all witnesses. MASSIT must follow existing provisions in the collective bargaining agreements when disciplining perpetrators; Acts of workplace violence are among the most serious forms of misconduct and may result in discipline commensurate with the severity of the misconduct, including, but not limited to: o An oral reprimand o A written reprimand to be placed in the perpetrator’s personnel file o Suspension, demotion, or termination, or o Any combination of the above. In the interim, between a charge and the final disposition of a workplace violence case, the CIO may take action to address employees’ safety concerns. Depending on the severity of the charge, such action may include placing the alleged perpetrator on leave with or without pay. In addition to the measures mentioned above, disciplinary measures may include the successful completion of counseling, anger management education or other equivalent programs.
Page 38 of 47
C. MASSIT HR Policy 2006-01 Effective 7/1/2006: Sexual Harassment Policy I. Introduction It is the goal of the Massachusetts Information Technology Division to promote a workplace that is free of sexual harassment. Sexual harassment of employees occurring in the workplace or in other settings related to their employment is unlawful and will not be tolerated by MASSIT. Further, any retaliation against an individual who has complained about sexual harassment or retaliation against individuals for cooperating with an investigation of a sexual harassment complaint is similarly unlawful and will not be tolerated. To achieve our goal of providing a workplace free from sexual harassment, the conduct that is described in this policy will not be tolerated and we have provided a procedure by which inappropriate conduct will be dealt with, if encountered by employees. Because MASSIT takes allegations of sexual harassment seriously, we will respond promptly to complaints of sexual harassment and where it is determined that such inappropriate conduct has occurred, we will act promptly to eliminate the conduct and impose such corrective action as is necessary, including disciplinary action where appropriate. Please note that while this policy sets forth our goals of promoting a workplace that is free of sexual harassment, the policy is not designed or intended to limit our authority to discipline or take remedial action for workplace conduct which we deem unacceptable, regardless of whether that conduct satisfies the definition of sexual harassment. II. Definition Of Sexual Harassment In Massachusetts, "sexual harassment" means sexual advances, requests for sexual favors, and verbal or physical conduct of a sexual nature when: (a) submission to or rejection of such advances, requests or conduct is made either explicitly or implicitly a term or condition of employment or as a basis for employment decisions; or, (b) such advances, requests or conduct have the purpose or effect of unreasonably interfering with an individual's work performance by creating an intimidating, hostile, humiliating or sexually offensive work environment. Under these definitions, direct or implied requests by a supervisor for sexual favors in exchange for actual or promised job benefits such as favorable reviews, salary increases, promotions, increased benefits, or continued employment constitutes sexual harassment. The legal definition of sexual harassment is broad and in addition to the above examples, includes other sexually oriented conduct, whether it is intended or not, that is unwelcome and has the effect of creating a work place environment that is hostile, offensive, intimidating, or humiliating to male or female workers. While it is not possible to list all those additional circumstances that may constitute sexual harassment, the following are some examples of conduct, which if unwelcome, may constitute sexual harassment depending upon the totality of the circumstances including the severity of the conduct and its pervasiveness: Unwelcome sexual advances -- whether they involve physical touching or not; Sexual epithets, jokes, written or oral references to sexual conduct, gossip regarding one's sex life; comment on an individual's body, comment about an individual's sexual activity, deficiencies, or prowess; Displaying sexually suggestive objects, pictures, cartoons; Unwelcome leering, whistling, brushing against the body, sexual gestures, suggestive or insulting comments; Inquiries into one's sexual experiences; and, Discussion of one's sexual activities.
Page 39 of 47
The complainant does not have to be the person at whom the unwelcome sexual conduct is directed. The complainant, regardless of gender, may be a witness to and personally offended by such conduct. The harasser may be anyone including a supervisor, a co-worker, or a non-employee, such as a recipient of public services or a vendor. All employees should take special note that, as stated above, retaliation against an individual who has complained about sexual harassment, and retaliation against individuals for cooperating with an investigation of a sexual harassment complaint is unlawful and will not be tolerated by the Commonwealth of Massachusetts. III. Complaints of Sexual Harassment If any MASSIT employee believes that he/she has been subjected to sexual harassment, the employee has the right to file a complaint. This may be done in writing or orally. If you would like to file a complaint you may do so by contacting MASSIT’s Sexual Harassment Officer, Ellen Wright. The Sexual Harassment Officer is also available to discuss any concerns you may have and to provide information to you about MASSIT’s policy on sexual harassment and MASSIT’s complaint process. The procedures for reporting sexual harassment can be located on the HRD website or by contacting any member of the MASSIT Human Resource Department. IV. Sexual Harassment Investigation When MASSIT receives a complaint it will promptly investigate the allegation in a fair and expeditious manner. The investigation will be conducted by the Sexual Harassment Officer in such a way as to maintain confidentiality to the extent practicable under the circumstances. The investigation will include a private interview with the person filing the complaint and with witnesses. The Sexual Harassment Officer will also interview the person alleged to have committed sexual harassment. When the investigation is completed, MASSIT will, to the extent appropriate, inform the person filing the complaint and the person alleged to have committed the conduct of the results of that investigation. If it is determined that inappropriate conduct has occurred, MASSIT will act promptly to eliminate the offending conduct, and where it is appropriate will impose disciplinary action. V. Disciplinary Action If it is determined that an employee has engaged in inappropriate conduct, MASSIT will take such action as is appropriate under the circumstances. Such action may range from counseling to termination from employment, and may include such other forms of disciplinary action deemed appropriate under the circumstances. VI. State and Federal Remedies In addition to the above, if you believe you have been subjected to sexual harassment, you may file a formal complaint with either or both of the government agencies set forth below. Using our complaint process does not prohibit you from filing a complaint with these agencies. Each of the agencies has a short time period for filing a claim (EEOC - 300 days; MCAD - 300 days). 1. The United States Equal Employment Opportunity Commission ("EEOC") One Congress Street, 10th Floor Boston, MA 02114, (617) 565-3200. 2. The Massachusetts Commission Against Discrimination ("MCAD") Boston Office: One Ashburton Place, Rm. 601, Boston, MA 02108, (617) 994-6000. Springfield Office: 424 Dwight Street, Rm. 220, Springfield, MA 01103, (413) 739-2145
Page 40 of 47
ATTACHMENT B: COST RESPONSE TABLES THIS COST TABLE IS TO BE INCLUDED IN THE COST RESPONSE ONLY. ANY COST INFORMATION FOUND IN THE BUSINESS AND TECHNICAL RESPONSE WILL CAUSE THE ENTIRE RESPONSE TO BE DISQUALIFIED.
Table 5- Hourly Rates Name of Proposed Staff
Functional Title/Role
Hourly Rate $ $ $ $ $ $ $
Insert additional rows if necessary. Identify proposed Key Personnel and their titles/roles. These rates (as negotiated and agreed upon by MassIT and the Contractor) will determine the cost of services to be performed for MassIT that are within the scope of the RFQ as well as the hourly cost of any services that are not specifically called for in the RFQ, but that are related to such services. Each Hourly Rate listed in the above Cost Table must be “fully loaded.” MassIT will not pay for travel, lodging, meals or similar costs. Table 6- Fixed Price Services Proposal TABLE B: Deliverables and Tasks Deliverable or Task 8.0 Planning 1.4. A deployment roadmap and detail plan including system requirements, inter-team dependencies and timeline
Page 41 of 47
Description and Metrics of Acceptance A deployment roadmap and detail plan identifying system requirements, interteam dependencies and timeline is delivered and accepted by MassIT
Fixed Price
Deliverable or Task 1.5. Comprehensive test planning completed for each product installation and configuration and deployment 1.6. Risk assessment/mitigation approach
Description and Metrics of Acceptance Fixed Price A comprehensive test plan detailing what is being testing, how and pass/fail criteria is developed in partnership with MassIT resources and accepted by MassIT A risk mitigation plan including probability and impact levels identified is delivered and accepted by MassIT 9.0 Standing Up Guardium & Netezza Native Encryption - TwinFin Environments 9.1. Guardium Data Monitoring/Vulnerability Assessment - DEV 2.1.3. Guardium - Data Monitoring 2.1.1.1 Guardium collector Guardium collector appliance is installed appliance stood-up (DEV) and configured for the DEV environment 2.1.1.2 Guardium data activity Guardium data activity monitoring monitoring software software is installed and configured on the successfully configured and Netezza TwinFin DEV environment installed (TwinFin DEV) 2.1.1.3 Guardium data activity Testing identified in Task 1.2 for data monitoring install activity monitoring in the Guardium successfully tested (TwinFin TwinFin DEV environment is successfully DEV) completed, knowledge transfer conducted and all work accepted by MassIT 2.1.4. Guardium – Vulnerability Assessment 2.1.2.1 Guardium vulnerability Guardium vulnerability assessment assessment software software is installed and configured on the successfully configured and Netezza TwinFin DEV environment installed (TwinFin DEV) 2.1.2.2 Guardium vulnerability Testing identified in Task 1.2 for assessment install vulnerability assessment in the Guardium successfully tested (TwinFin TwinFin DEV environment is successfully DEV) completed, knowledge transfer conducted and all work accepted by MassIT 2.1.2.2 Guardium TwinFin DEV Post-installation and configuration process post-installation and review and lessons-learned knowledge configuration process review transfer conducted and accepted by and lessons-learned MassIT knowledge transfer conducted 9.2. Guardium Data Monitoring/Vulnerability Assessment – PROD 2.2.1 Guardium – Vulnerability Assessment 4.1.2.1 Striper PROD data acivity Post-installation and configuration process monitoring post-installation review and lessons-learned knowledge and configuration process transfer conducted and accepted by review and lessons-learned MassIT knowledge transfer conducted
Page 42 of 47
Deliverable or Task 4.1.2.2 Guardium vulnerability assessment software successfully configured and installed
Description and Metrics of Acceptance Testing identified in Task 1.2 for vulnerability assessment in the Guardium Striper PROD environment is successfully completed, knowledge transfer conducted and all work accepted by MassIT Post-installation and configuration process review and lessons-learned knowledge transfer conducted and accepted by MassIT
4.1.2.3 Guardium vulnerability assessment post-installation and configuration process review and lessons-learned knowledge transfer conducted 2.2.2 Guardium – Vulnerability Assessment 2.2.2.1 Guardium vulnerability Guardium vulnerability assessment assessment software software is installed and configured on the successfully configured and TwinFin PROD environment installed (TwinFin PROD) 2.2.2.2 Guardium vulnerability Testing identified in Task 1.2 for assessment install vulnerability assessment in the Guardium successfully tested (TwinFin TwinFin PROD environment is PROD) successfully completed, knowledge transfer conducted and all work accepted by MassIT 2.2.2.3 Guardium TwinFin PROD Post-installation and configuration process post-installation and review and lessons-learned knowledge configuration process review transfer conducted and accepted by and lessons-learned MassIT knowledge transfer conducted 9.3. Netezza Native Encryption 2.3.1 Netezza Native Encryption Functionality –DEV 2.3.1.1 Netezza native encryption Native encryption is installed and fully functional configured in the TwinFin DEV environment, knowledge transfer conducted and all work accepted by MassIT 2.3.1.2 Netezza native encryption Testing identified in Task 1.2 for native functionality successfully encryption TwinFin DEV environment is tested successfully completed, knowledge transfer conducted and all work accepted by MassIT 2.3.1.3 Native encryption Post-installation and configuration process functionality postreview and lessons-learned knowledge installation and transfer conducted and accepted by configuration process review MassIT and lessons-learned knowledge transfer conducted 2.3.2 Netezza Native Encryption Functionality –PROD
Page 43 of 47
Fixed Price
Deliverable or Task 2.3.2.1 Netezza native encryption fully functional
2.3.2.2 Netezza native encryption functionality successfully tested
Description and Metrics of Acceptance Native encryption is installed and configured in the TwinFin PROD environment, knowledge transfer conducted and all work accepted by MassIT Testing identified in Task 1.2 for native encryption TwinFin PROD environment is successfully completed, knowledge transfer conducted and all work accepted by MassIT Post-installation and configuration process review and lessons-learned knowledge transfer conducted and accepted by MassIT
Fixed Price
2.3.2.3 Native encryption functionality postinstallation and configuration process review and lessons-learned knowledge transfer conducted 10.0 Implementing Netezza Native Encryption Functionality (Striper PROD Only) 3.1 Netezza native encryption Native encryption is installed and fully functional configured in the Striper PROD environment, knowledge transfer conducted and all work accepted by MassIT 3.2 Netezza native encryption Testing identified in Task 1.2 for native functionality successfully encryption Striper PROD environment is tested successfully completed, knowledge transfer conducted and all work accepted by MassIT 3.3 Striper PROD native Post-installation and configuration process encryption functionality review and lessons-learned knowledge post-installation and transfer conducted and accepted by configuration process review MassIT and lessons-learned knowledge transfer conducted 11.0 Standing Up Guardium – Striper (PROD only) 11.1. Guardium – Data Monitoring/Vulnerability Assessment 4.1.1 Guardium - Data Monitoring 4.1.1.1 Guardium collector Guardium collector appliance is installed appliance stood-up (PROD) and configured for the PROD environment 4.1.1.2 Guardium data activity Guardium data activity monitoring monitoring software software is installed and configured on the successfully configured and Netezza Striper PROD environment installed 4.1.1.3 Guardium data activity Testing identified in Task 1.2 for data monitoring install activity monitoring in the Guardium successfully tested Striper PROD environment is successfully completed, knowledge transfer conducted and all work accepted by MassIT 4.1.2 Guardium – Vulnerability Assessment
Page 44 of 47
Deliverable or Task 4.1.2.1 Striper PROD data acivity monitoring post-installation and configuration process review and lessons-learned knowledge transfer conducted 4.1.2.2 Guardium vulnerability assessment software successfully configured and installed
Description and Metrics of Acceptance Post-installation and configuration process review and lessons-learned knowledge transfer conducted and accepted by MassIT
Testing identified in Task 1.2 for vulnerability assessment in the Guardium Striper PROD environment is successfully completed, knowledge transfer conducted and all work accepted by MassIT Post-installation and configuration process review and lessons-learned knowledge transfer conducted and accepted by MassIT
4.1.2.3 Guardium vulnerability assessment post-installation and configuration process review and lessons-learned knowledge transfer conducted 12.0 Standing Up Optim 12.1. Optim – Netezza Environments (TwinFin and Striper) 5.1.1 Optim – Netezza TwinFin DEV 5.1.1.1 Optim test data management Optim TDM is installed and configured (TDM) software successfully and working in conjunction with the configured and installed Netezza TwinFin DEV environment 5.1.1.2 Optim install successfully Testing identified in Task 1.2 for Optim in tested the TwinFin DEV environment is successfully completed, knowledge transfer conducted and all work accepted by MassIT. 5.1.1.3 Optim TwinFin DEV postPost-installation and configuration process installation and review and lessons-learned knowledge configuration process review transfer conducted and accepted by and lessons-learned MassIT knowledge transfer conducted 5.1.2 Optim – Netezza TwinFin PROD 5.1.2.1 Optim test data management Optim TDM is installed and configured (TDM) software successfully and working in conjunction with the configured and installed Netezza TwinFin PROD environment. 5.1.2.2 Optim install successfully Testing identified in Task 1.2 Optim tested TwinFin PROD environment is successfully completed, knowledge transfer conducted and all work accepted by MassIT. 5.1.2.3 Optim TwinFin PROD post- Post-installation and configuration process installation and review and lessons-learned knowledge configuration process review transfer conducted and accepted by and lessons-learned MassIT knowledge transfer conducted 5.1.3 Optim – Striper PROD
Page 45 of 47
Fixed Price
Deliverable or Task 5.1.3.1 Optim test data management (TDM) software successfully configured and installed 5.1.3.2 Optim install successfully tested
Description and Metrics of Acceptance Optim TDM is installed and configured and working in conjunction with the Netezza Striper PROD environment. Testing identified in Task 1.2 Optim Striper PROD environment is successfully completed, knowledge transfer conducted and all work accepted by MassIT. Post-installation and configuration process review and lessons-learned knowledge transfer conducted and accepted by MassIT
5.1.3.4 Optim Striper PROD postinstallation and configuration process review and lessons-learned knowledge transfer conducted 13.0 Standing Up Initiate 13.1. Initiate – Netezza Environment (TwinFin DEV/Striper PROD) 6.1.1 Initiate – TwinFin DEV 6.1.1.1 Initiate master data Initiate MDM is installed and configured management (MDM) and working in conjunction with the software successfully Netezza TwinFin DEV environment. configured and installed 6.1.1.2 Initiate install successfully Testing identified in Task 1.2 for Initiate tested in the TwinFin DEV environment is successfully completed, knowledge transfer conducted and all work accepted by MassIT. 6.1.1.3 Initiate TwinFin DEV postPost-installation and configuration process installation and review and lessons-learned knowledge configuration process review transfer conducted and accepted by and lessons-learned MassIT knowledge transfer conducted 6.1.2 Initiate – Striper PROD 6.1.2.1 Initiate master data Initiate MDM is installed and configured management (MDM) and working in conjunction with the software successfully Netezza Striper PROD environment, configured and installed knowledge transfer conducted and all work accepted by MassIT 6.1.2.2 Initiate install successfully Testing identified in Task 1.2 Initiate tested Striper PROD environment is successfully completed and accepted by MassIT. 6.1.2.3 Initiate Striper PROD postPost-installation and configuration process installation and review and lessons-learned knowledge configuration process review transfer conducted and accepted by and lessons-learned MassIT knowledge transfer conducted
14.0
Standing Up Cognos Environment
Page 46 of 47
Fixed Price
Deliverable or Task 14.1. Cognos - DEV 7.1.1 Cognos10 is successfully installed 7.1.2
Cognos10 install successfully tested
7.1.3
Cognos10 DEV postinstallation and configuration process review and lessons-learned knowledge transfer conducted 14.2. Cognos - PROD 7.2.1 Cognos10 is successfully installed (PROD) 7.2.2
Cognos10 install successfully tested (PROD)
7.2.3
Cognos10 PROD postinstallation and configuration process review and lessons-learned knowledge transfer conducted
Page 47 of 47
Description and Metrics of Acceptance Cognos10 is installed and configured in the DEV environment and accepted by MassIT Testing identified in Task 1.2 for Cognos10 in the DEV environment is successfully completed, knowledge transfer conducted and all work accepted by MassIT. Post-installation and configuration process review and lessons-learned knowledge transfer conducted and accepted by MassIT
Cognos10 is installed and configured in the PROD environment and accepted by MassIT Testing identified in Task 1.2 for Cognos10 in the PROD environment is successfully completed, knowledge transfer conducted and all work accepted by MassIT. Post-installation and configuration process review and lessons-learned knowledge transfer conducted and accepted by MassIT
Fixed Price
