integrated security solutions


[PDF]integrated security solutions - Rackcdn.com10ba4283a7fbcc3461c6-31fb5188b09660555a4c2fcc1bea63d9.r13.cf1.rackcdn.com...

1 downloads 143 Views 932KB Size

State of Texas Office of the Attorney General REQUEST FOR OFFER

INTEGRATED SECURITY SOLUTIONS Requisition Number: 366619

NGIP Codes: 990-50, 939-84, 680-02, 936-73, 840-84, 910-82, 915-97 Posting Date: December 29, 2014

Table of Contents 1

2

INTRODUCTION .................................................................................................................................................1 1.1

OAG Objective ............................................................................................................................................1

1.2

Duration .......................................................................................................................................................1

1.3 Acronyms and Definitions ...........................................................................................................................2 PROCUREMENT PROCESS ...............................................................................................................................4 2.1

Authority ......................................................................................................................................................4

2.2

Schedule of Events .......................................................................................................................................4

2.3

Contract Documents .....................................................................................................................................4

2.4

Attachments and Forms ................................................................................................................................ 5

2.5

Points of Contact Information ......................................................................................................................5

2.6

Solicitation Conference Information ............................................................................................................6

2.7

Questions ......................................................................................................................................................6

2.8

HUB Subcontracting Probability Statement .................................................................................................6

2.9

Response Submission Instructions ...............................................................................................................8

2.10

Cost of Submission .................................................................................................................................... 14

2.11

Public Information Act ............................................................................................................................... 14

2.12

Response Irrevocability .............................................................................................................................. 15

2.13

Discussions and Best and Final Offer ........................................................................................................ 15

2.14

OAG Rights................................................................................................................................................ 15

2.15

Addendum .................................................................................................................................................. 16

2.16 Award ......................................................................................................................................................... 16 3 BACKGROUND AND OAG ASSUMPTIONS ................................................................................................. 17

4

3.1

Background ................................................................................................................................................ 17

3.2

Integrated Security Solutions (ISS) Business Processes ............................................................................ 18

3.3

Current Environment .................................................................................................................................. 18

3.4

OAG Assumptions ..................................................................................................................................... 19

3.5 OAG Responsibilities................................................................................................................................. 20 STATEMENT OF WORK .................................................................................................................................. 21 4.1

Moves, Adds and Changes (MACs) ........................................................................................................... 21

4.2

Maintenance and Technical Support .......................................................................................................... 23

4.3

Shipping, Handling and Storage................................................................................................................. 23

4.4

Title and Warranty ..................................................................................................................................... 24

4.5

Fees and Pricing ......................................................................................................................................... 25

4.6

Training ...................................................................................................................................................... 26

4.7

Implementation .......................................................................................................................................... 26

4.8

Transition ................................................................................................................................................... 27

i

5

BUSINESS CONTINUITY AND DISASTER RECOVERY REQUIREMENTS ............................................. 27 5.1

6

Supplemental Contract-specific Business Continuity / Disaster Recovery (BC/DR) Plan ........................ 27

5.2 Outages and Disaster Declarations ............................................................................................................. 27 CONTRACT MANAGEMENT REQUIREMENTS .......................................................................................... 28 6.1

Project / Operational Manager ................................................................................................................... 28

6.2

Performance ............................................................................................................................................... 28

6.3

Non-performance Remedies ....................................................................................................................... 30

6.4

Problem Resolution and Corrective Action Process .................................................................................. 31

6.5

Quality Assurance and Continuous Improvement ...................................................................................... 32

6.6

HUB Subcontracting Progress Assessment Reports .................................................................................. 32

6.7

Financial Reports ....................................................................................................................................... 32

6.8 Contract Changes ....................................................................................................................................... 33 7 INVOICING ........................................................................................................................................................ 33 7.1

Invoicing and Payment Procedures ............................................................................................................ 33

7.2

Submitting Invoices ................................................................................................................................... 33

7.3

Required Information for Invoice .............................................................................................................. 33

7.4

Invoice Schedule ........................................................................................................................................ 34

7.5

Invoice Review .......................................................................................................................................... 34

7.6 Billing at Contract Termination or Conclusion .......................................................................................... 34 8 INFORMATION PROTECTION PROVISIONS ............................................................................................... 34

9

8.1

General ....................................................................................................................................................... 34

8.2

Data Security .............................................................................................................................................. 36

8.3

Physical and System Security .................................................................................................................... 38

8.4

Security Audit ............................................................................................................................................ 40

8.5

Security Incidents ....................................................................................................................................... 41

8.6 Remedial Action ........................................................................................................................................ 42 CONTRACT TERMS AND CONDITIONS....................................................................................................... 44 9.1

Financial Terms and Conditions ................................................................................................................ 44

9.2

Contract Management ................................................................................................................................ 45

9.3

Amendment ................................................................................................................................................ 48

9.4

Termination of Contract ............................................................................................................................. 48

9.5

General Terms and Conditions ................................................................................................................... 49

ii

1 INTRODUCTION The Office of the Attorney General (OAG) is issuing this Request for Offer (RFO) to obtain the services of a vendor to provide Integrated Security Solutions to the OAG’s Child Support Division (CSD) in locations throughout the State of Texas. 1.1

OAG Objective

The objective of this procurement is to identify and obtain the services of the best qualified vendor to provide the following products and services as needed in present and future OAG locations throughout the State of Texas: 1. 2. 3. 4. 5.

6. 7. 8. 1.2

Recommend, provide and install new DSX-based location access control and monitoring systems as needed; Recommend, provide and perform upgrades to existing DSX-based systems as needed to achieve improved performance, expanded capabilities, regulatory compliance, reduced operating costs, and/or modernization; Recommend, provide, and install new or upgraded DSX software to support the centralized administration and monitoring of DSX-based systems in OAG locations throughout the state; Recommend, provide, and install new, commercial-grade, multi-camera closed circuit television (CCTV) and digital video recording (DVR) monitoring systems in OAG locations; Recommend, provide and perform upgrades to existing commercial grade, multi-camera CCTV and DVR surveillance systems as needed, to achieve improved performance, expanded capabilities, regulatory compliance, reduced operating costs, and/or modernization; Recommend, provide, and install economical, stand-alone, multi-camera CCTV and DVR systems in OAG locations; Relocate and reconfigure installed DSX-based systems and CCTV/DVR systems, or individual components thereof, to accommodate OAG office Moves, Adds or Changes (MACs); and Provide full warranty and maintenance of all installed DSX-based systems and CCTV/DVR systems, or individual components thereof, for a fixed monthly fee. Duration

1.2.1

Initial Term and Renewal

The Contract shall begin upon issuance of a Purchase Order (PO) and the Initial Term shall end on August 31, 2018. The Contract may be renewed for up to two (2), two (2) -year terms as follows:  

First (1st) renewal term beginning on September 1, 2018, and concluding on August 31, 2020 Second (2nd) renewal term beginning on September 1, 2020, and concluding on August 31, 2022

The decision to renew the Contract shall be at the sole and absolute discretion of the OAG. Such renewal(s) shall be subject to the requirements of the Contract, with the sole and limited exception that the original date of termination shall be extended pursuant to this provision. By submission of a Response to this RFO, a Respondent agrees to be bound, for the initial term of the agreement and for any renewal term(s) which the OAG may elect to exercise, to perform the within described services at the rates specified in the Contract. 1.2.2

Option to Extend

The Awarded Vendor agrees that the OAG may require continued performance, beyond the initial or any renewal Contract term, of any of the within described services at the rates specified in the Contract. This option may be exercised more than once, but the total extension of performance hereunder shall not exceed four (4) Calendar Months or December 31, 2022, whichever is later. Such extension of services shall be subject to the requirements of the Contract, with the sole and limited exception that the original date of termination shall be extended pursuant to this provision. The OAG may exercise this option upon thirty (30) Calendar Day written notice to the Awarded Vendor.

Integrated Security Solutions RFO, v1.0 Page 1 of 57

1.3

Acronyms and Definitions

When capitalized, the following terms have the meaning set forth below. All other terms have the meaning set forth in the Merriam Webster’s Collegiate Dictionary, Eleventh edition. Term

Definition

Acceptance Testing

The process of verifying that all requirements of an Installed System have been met.

Awarded Vendor

The vendor(s) awarded the Contract(s) resulting from this RFO.

Addendum

A modification of the RFO issued by the OAG and posted on the ESBD.

BAFO

Best and Final Offer

BACES

The OAG’s Building Access Control Equipment and Services contract.

BC/DR

Business Continuity/Disaster Recovery The days and hours (Monday through Friday, 7:00 a.m. to 6:00 p.m. Local Time) in which the OAG is open for business. The OAG is closed for business on the scheduled holidays indicated on the table below. If a scheduled holiday falls on a weekend, the holiday is generally not observed. The CSD Contract Manager or designee will communicate any variation from the standard holiday schedule as it becomes known.

Business Day

Holiday

When Observed

New Year’s Day

January 1

Martin Luther King, Jr. Day

third (3rd) Monday in January

President’s Day

third (3rd) Monday in February

Memorial Day

last Monday in May

Independence Day

July 4

Labor Day

first (1st) Monday in September

Veteran’s Day

November 11

Thanksgiving and the day after Thanksgiving

fourth (4th) Thursday and Friday in November

Christmas Eve, Christmas Day, and the day after Christmas

December 24, 25 and 26

Calendar Day

Any day in a Calendar Month, including a weekend or holiday.

Calendar Month

The full period, including all Calendar Days, from the first to last days of January, February, March, April, May, June, July, August, September, October, November and December. The Calendar Months may also be referred to numerically as 1-12, respectively.

CCTV

Closed Circuit Television

CMBL

Centralized Master Bidders List

CAC

Computer Allocation Center

Contract

Any contract resulting from this procurement/RFO, consisting of the contract document(s) as described in Section 2.3 Contract Documents.

Controlled Correspondence

Written communications used to request decisions and/or information pertaining to the resulting Contract. The communications shall be assigned numbers for tracking purposes.

Integrated Security Solutions RFO, v1.0 Page 2 of 57

Term

Definition

CSD

Texas OAG Child Support Division

CTCM

Certified Texas Contract Manager

CTPM

Certified Texas Procurement Manager

DSX

DSX Access Systems, Inc., the manufacturer of key components used in OAG CSD’s DSX Installed Systems and the DSX Communication Installed System.

DVR

Digital Video Recorder

ESBD

Electronic State Business Daily

Fiscal Year

An accounting and budgetary period of twelve complete Calendar Months. The Fiscal Year for the OAG begins on September 1 and ends on August 31.

FEIN

Federal Employer Identification Number

HSP

HUB Subcontracting Plan

Installed System

The combined equipment, wiring and installation thereof, including labor, that results in a complete, functioning system at a given OAG location, or across multiple locations, as defined in the Contract and accepted by the OAG.

LAN/WAN

Local Area Network/Wide Area Network; industry-standard terms for describing the basic topography of a data network.

Local Time

The prevailing official time in a given location.

Manufacturer's Price List

A price list, published by the manufacturer or distributor of a product, that is available to resellers and recognized by the trade.

MACs

Moves, Adds, or Changes; The three (3) primary types of service requests for non-warranty services that may be requested from the Awarded Vendor under this Contract.

NIGP

National Institute of Governmental Purchasing

OAG

The Texas Office of the Attorney General

OEM

Original Equipment Manufacturer

Performance Period

The OAG’s reliability standard requiring that each Installed System operate in conformity with the technical specifications stated herein with a reliability level of ninety-nine point eight percent (99.8%) for a period of one (1) Calendar Month.

PO

Purchase Order

POCN

Purchase Order Change Notice; a request to modify a PO

Respondent

Any individual, partnership, or corporation submitting a Response

Response RFO or Solicitation

A Respondent’s submission to this RFO Request for Offer, a formal document issued by the OAG to the market or vendor community requesting information or proposal for goods or services; (This document) The OAG Child Support Division administrative headquarters facility located at 5500 E. Oltorf, Austin, Texas 78741. Texas Comptroller of Public Accounts Texas Procurement and Support Services (division of TCPA)

State Office TCPA TPASS

Integrated Security Solutions RFO, v1.0 Page 3 of 57

2 PROCUREMENT PROCESS 2.1

Authority

This procurement shall be conducted in accordance with the State Purchasing and General Services Act (Title 10, Subtitle D, Chapters 2151 through 2176, Texas Government Code) and the rules of the Comptroller of Public Accounts (CPA) Texas Procurement and Support Services Division (TPASS), including, but not limited to, procedures prescribed by TPASS. All official communication (including, but not limited to, Schedule of Events changes, RFO Addenda and Question and Answer Documents) concerning this procurement will be posted on the Electronic State Business Daily (ESBD). The OAG has no responsibility to communicate personally with each possible Respondent for this procurement. Each possible Respondent is solely responsible for checking the ESBD for official OAG communication concerning this procurement. 2.2

Schedule of Events

The OAG reserves the right to change the dates shown below. Solicitation Conference

Tuesday, January 20th, 2015, 10:00 a.m. Local Time

Deadline for Submission of Questions

Friday, January 23rd, 2015, 2:00 p.m. Local Time

Questions and Answers Document Posted

No later than Tuesday, January 27th, 2015

Deadline for Submission of Responses

Wednesday, February 20th, 2015, 2:00 p.m. Local Time

Expected OAG Evaluation of Responses

February / March 2015

Expected Period for Discussions (if required)

March / April 2015

Expected Contract Award Date

May / June 2015

2.3

Contract Documents

The Contract resulting from this procurement may consist of the provisions in this RFO (including its attachments, forms, exhibits and any addenda); Awarded Vendor's Response; any OAG request for a Best and Final Offer (BAFO); Awarded Vendor's BAFO Response and the OAG PO. No prior agreement or understanding, oral or otherwise, of the parties or their agents will be valid or enforceable unless embodied in these documents. In the event of a conflict between the provisions of the documents, the documents are given the following order of priority: (1) OAG PO; (2) Request for BAFO, if any; (3) Awarded Vendor’s BAFO Response, if any; (4) Request for Offer; and (5) Awarded Vendor’s RFO Response. However, the OAG, in its sole discretion, may elect to have the Contract resulting from this procurement consist of one (1) document. This document will contain all of the rights and duties of the parties extracted from the relevant terms and conditions of: the Request for Offer (including its attachments, forms, exhibits, and any Addendum); the Awarded Vendor's Response; the Request for BAFO, if any; and the Awarded Vendor’s BAFO Response, if any. Prior to award the OAG will prepare the Contract for review by the apparent awardee(s). Discussions may be held concerning possible revisions to the Contract in order to clarify points, further define Contract text, or to correct minor technicalities. These discussions are to be finalized and all requests for revisions resolved within ten (10) OAG Business Days after the apparent awardee receives the Contract for review or such additional period that may be agreed to by the OAG. If the discussions are not finalized within such time frame, the Response may be rejected and discussions may be initiated with another Respondent who submitted a Response to this solicitation.

Integrated Security Solutions RFO, v1.0 Page 4 of 57

2.4

Attachments and Forms

This RFO includes the following attachments and forms in a separate ZIP file. Attachments: Title Attachment 1 - DSX Installed Systems Inventory List Attachment 2 - Contract-specific Business Continuity/Disaster Recovery (BC/DR) Plan Attachment 3 - Certificate of Destruction for Contractors and Vendors Attachment 4 - United States Internal Revenue Service Requirements for the Safeguarding of Federal Tax Information Including Federal Tax Returns and Return Information Forms: Title Form A - Respondent’s Execution of Offer and Assurances (with Certification) Form B - Pricing Form C - Past Performance References Form D - Canceled Contract References Form E - Respondent Release of Liability (to Reference) Form F - Certification Regarding Lobbying Form G - HUB Subcontracting Plan Form H - Respondent Information Form Form I - Preference to Texas and United States Products and Texas Services 2.5

Filename Attach1_OAGAccessControl InventoryReport_9-26-14.pdf Attach2_ Supplemental_Contract-Specific_BC-DR_Plan.docx Attach3_OAG_Certificate_of_Destruction.docx Attach4_IRS_Requirements_for_FTI.docx

Filename/Location Form_A_ISS_RespondentExecutionOfOfferProposal.docx Form_B_ISS_Pricing.docx Form_C_ISS_PastPerformanceReferences.docx Form_D_ISS_CanceledContractReferences.docx Form_E_ISS_RespondentReleaseOfLiability.docx Form_F_ISS_CertificationRegardingLobbying.docx See Section 2.8 for instructions Form_H_ISS_RespondentInformationForm.docx Form_I_ISS_Preference.docx

Points of Contact Information

Martin V. Blair, CTPM, CTCM, Procurement Division, phone (512) 936-7928, fax (512) 397-1603, is the sole point of contact for this procurement. Routine correspondence (not Respondent’s Response to this RFO; see Section 2.9.1) may be directed to Martin V. Blair as follows: Email: [email protected] Mailing address: Office of the Attorney General, Procurement Division Attn: Martin V. Blair, CTPM, CTCM P.O. Box 12548, MC 028 Austin, TX 78711-2548 Physical address: Office of the Attorney General, Procurement Division Attn: Martin V. Blair, CTPM, CTCM W. P. Clements Building 300 W. 15th St., 3rd Floor Austin, TX 78701-1649 DO NOT SUBMIT RESPONSES TO THE ABOVE MAILING ADDRESSES.

Integrated Security Solutions RFO, v1.0 Page 5 of 57

Respondents shall make no contact with other OAG personnel, except as permitted by the point of contact, concerning this RFO. The only exception to this requirement is that Respondents may contact the OAG Historically Underutilized Businesses (HUB) Coordinator directly with questions regarding proper submission of the HUB Subcontracting Plan. The HUB Coordinator, Mindy Sue Cohen, may be reached at 512-475-4411 or via email at [email protected]. Failure to comply with this requirement may result in disqualification. 2.6

Solicitation Conference Information

The Solicitation Conference is scheduled for the date and time listed above in Section 2.2, Schedule of Events. Attendance is encouraged, but not mandatory. The conference will be located at the address listed below: Southcliff Building 2015 South IH35, Room 2021/2022 Austin, Texas 78711 Participants may submit questions in advance of the Solicitation Conference. All questions should be submitted via email to the Point of Contact in Section 2.5. There will still be an opportunity to ask additional questions at the conference and the OAG will continue to accept written questions until the Deadline for Submission of Questions as listed in Section 2.2. The OAG may provide a response during the Conference. However, only written answers posted on the ESBD shall be considered official. Any questions submitted will be answered at the sole discretion of the OAG. 2.7

Questions

All questions regarding this procurement, including questions regarding the HUB Subcontracting plan, must be submitted, in writing, to the point of contact listed in Section 2.5. The deadline for submitting questions regarding this RFO is the date and time listed in Section 2.2. Note that procedural questions regarding Response submission, dates, and locations/addresses may be addressed orally or by email with the point of contact listed in Section 2.5. Any questions submitted will be answered at the sole discretion of the OAG in a Question and Answer Document posted on the ESBD. Only answers provided in writing by the OAG shall be considered official. All questions should, to the degree possible, cite the specific RFO section and paragraph number(s) to which the question refers. Information in any form other than the materials constituting this RFO, the Question and Answer Document(s), and any RFO addendum shall not be binding on the OAG. 2.8

HUB Subcontracting Probability Statement

It is the policy of the OAG to promote and encourage contracting and subcontracting opportunities for State of Texas certified Historically Underutilized Businesses (HUBs) in compliance with Texas Government Code, §2161.001-253 and Texas Administrative Code (TAC) §20.14. Respondents are encouraged to become HUBcertified. HUB certification applications and HUB Subcontracting Plan forms may be found at: http://www.window.state.tx.us/procurement/prog/hub/hub-forms/ Definitions for State of Texas HUB certifiable businesses can be found in Texas Administrative Code, Title 34, Part 1, Subchapter B, §Chapter 20.11 the Comptroller of Pubic Accounts Texas Procurement and Support Services (TPASS) program and HUB Rules. Please ensure that the potential HUB subcontractor’s status is “A” Active. Reference number: Integrated Security System It has been determined by the OAG that there are probable subcontracting opportunities in the scope of the work for this RFO. The HUB Goal for this procurement is twenty-four point six (24.6%) percent.

Integrated Security Solutions RFO, v1.0 Page 6 of 57

The OAG has provided a list of potential areas of subcontracting based upon the OAG’s understanding of this procurement request. Respondents are not limited to the potential subcontracting areas listed below. The OAG is relying upon the Respondent’s expertise to fully identify subcontracting opportunities that best align with their organization and this RFO. Respondents that intend to subcontract are responsible for identifying all areas that will be subcontracted. In accordance with 34 TAC §20.11, a subcontractor means a person who contracts with a prime contractor to work, to supply commodities, or contribute toward completing work for a governmental entity. The following is a list of potential areas of subcontracting by National Institute of Governmental Purchasing (NIGP) class and item based upon this procurement. Class

Item

Description

990

50

Security Equipment Installation Services

939

84

Closed Circuit Television Equipment, Maintenance and Repair

680

02

Access Control Systems and Security Systems, Card Reader System Parts and Accessories

936

73

Security and Access Systems Maintenance and Repair

840

84

Video and Audio Systems, Accessories and Parts (Closed Circuit TV) Including Surveillance Type, Digital Recorders

910

82

Wiring and other Electrical Maintenance and Repair Services

915

97

Wiring Services, Data/Voice

A HUB Subcontracting Plan Form must be completed and returned with any bid, offer or proposal to be considered responsive. If the Response does not include a completed HUB Subcontracting Plan, the Response shall be rejected as a material failure to comply with advertised specifications. All Prime Vendors (HUB or Non-HUB) are required to comply. Respondents may download the HUB Subcontracting Plan from the Office of the Comptroller of Public Accounts’ website. This version will guide the Respondent though the various fields and assist them in completing it correctly: http://www.window.state.tx.us/procurement/prog/hub/hub-subcontracting-plan/ Search the State of Texas HUB Database for HUB vendors by the NIGP class and item at the following link: http://www2.cpa.state.tx.us/cmbl/cmblhub.html The NIGP commodity code book may be found at the following link: http://www.window.state.tx.us/procurement/com_book/ Additional minority- and women-owned HUB trade and business development association resources are available for Respondents’ subcontracting solicitation notices to State of Texas HUB vendors at this link: http://www.window.state.tx.us/procurement/prog/hub/mwb-links-1/ If the Respondent has any questions about the HUB Subcontracting Form, identifying HUB vendors with proper NIGP codes, or the State of Texas HUB Program, please submit questions in writing to the OAG HUB Coordinator, Mindy Sue Cohen, [email protected]. This is the only exception to the single point-ofcontact listed in Section 2.5.

Integrated Security Solutions RFO, v1.0 Page 7 of 57

2.9

Response Submission Instructions

To ensure the integrity of the competitive process a Respondent may not directly or indirectly communicate any of the contents of its offer, bid, or proposal (hereafter referred to as offer) to:   

a competitor of the Respondent; any other company, corporation, firm, partnership, individual, or related entities of the same engaged in the same line of business as the Respondent; or a related entity of the Respondent engaged in the same line of business as the Respondent.

This prohibition is in effect during the preparation of the offer and while the offer is pending with the OAG, including the negotiation and finalization of any resulting Contract. The term related entities includes, but is not limited to, affiliates, subsidiaries, associates, branches and divisions. It does not include entities that may occasionally enter into teaming agreements with one another to provide services under a contract with a third party but otherwise have no legal relationship with each other. The Respondent may communicate with teaming partners, subcontractors and other entities that are part of the Respondent’s offer as long as they are not part of another offer. When a related entity of the Respondent (whether related at the time offers are due or at any time thereafter) submits a competing offer, the OAG may require additional information to ensure each separate offer is independent. Failure to provide or fully disclose all such information may, at OAG discretion, disqualify Respondent or result in the termination of any resulting Contract. RESPONDENT HAS AN ONGOING DUTY TO UPDATE ALL INFORMATION INCLUDED IN ITS OFFER AT ANY TIME THAT SUCH INFORMATION CHANGES. To be eligible for consideration, Responses must be received and time-stamped in the OAG Procurement Division prior to the date and time specified in Section 2.2, Schedule of Events. Late Responses will not be considered under any circumstance and will be returned unopened. Responses must be labeled as described in Sections 2.9.2 and 2.9.3. It is the Respondent’s responsibility to appropriately mark and deliver the Response to the OAG by the specified time and date. Telephone, email, U.S. Postal Service, and facsimile Responses will not be accepted. Responses may be accepted until the date and time established for receipt. 2.9.1

Response Submission Address

Responses may be submitted by hand delivery, commercial delivery (e.g., FedEx, UPS, DHL), or courier to the appropriate address listed below: Office of the Attorney General Procurement Division Attn: Martin V. Blair, CTPM, CTCM W. P. Clements Building 300 W. 15th St., 3rd Floor Austin, TX 78701-1649 Important Information Regarding Responses If sending a Response by courier, overnight delivery, or hand delivery it is incumbent upon the Respondent to allow sufficient time to permit delivery by the courier delivery service. Respondents are advised that due to security measures there may be delays to screen packages, route packages, and screen delivery personnel related to packages intended for the OAG. The Response must be received in the OAG Procurement Division located at 300 West 15th Street, 3rd Floor, by the required deadline. The time and date stamp of the OAG Procurement Division shall be the final determinant of whether a Response has been timely received by the OAG. The Respondent is solely responsible for allowing sufficient time for the timely arrival of the Response in the OAG Procurement Division. The Respondent must allow for the time taken by the delivery service and the OAG internal mail services or procedures to deliver the Response to the OAG Procurement Division.

Integrated Security Solutions RFO, v1.0 Page 8 of 57

2.9.2

Requirements Submission

Respondent shall submit one (1) original and five (5) hard copies of the Requirements Submission. Respondents shall also submit two (2) copies of optical media containing electronic copies of the Requirements submission in Microsoft Word format (*.doc or *.docx) or Adobe Portable Document Format (*.pdf). The electronic copies shall be indexed or bookmarked. Pages shall be numbered and contain an organized, paginated table of contents corresponding to the sections and pages of the Response. Major sections of the hardcopy Responses shall be tabbed. Except for the signatures associated with the one (1) original, the electronic copies and hard copies should be identical. This is especially important with regard to identifying proprietary or confidential information. If there are any disparities between the contents of the hard-copy Response and the electronic Response, the contents of the signed, original, hard-copy Response will take precedence. The Requirements Submission shall be organized and tabbed as follows.     

Section A: Company Qualifications Section B: Response to Statement of Work Section C: Financial Assurance Section D: Assumptions and Exceptions Section E: Forms

The Requirements Submission (the original, the copies and the media, with electronic copies) shall be sealed and clearly marked with the specified Response due date and time and the title: OAG Integrated Security Solutions Requirements Submission. Section A: Company Qualifications Respondent shall provide the following as part of their Response: Description of Respondent’s Business and its Legal Relationships Respondent shall provide a description of the business (and if this is a joint venture, describe all businesses involved in the venture) including: 1. 2. 3. 4. 5. 6.

Business name, Address, Type of organization, Date of formation, State of charter and corporate charter number, and Federal Employer Identification Number (FEIN).

Respondent shall provide the name(s) and provide description(s) of any relationship(s) with any individual or entity that are, or may be, in any way related, directly or indirectly, in: 1. 2.

Preparation of the Response to this RFO, and/or Performance of the Contract.

This requirement to disclose and describe information includes any individual(s) and/or entity(ies) that provide financing or otherwise financially support, or expect to financially support, the Respondent in its performance of services under the Contract. If the business is a division or subsidiary of any other organization, the summary shall include the following information about the parent organization: 1. 2. 3.

Business name, Address, Type of organization,

Integrated Security Solutions RFO, v1.0 Page 9 of 57

4. 5. 6.

Date of formation, State of charter and corporate charter number, and FEIN. Description of Subcontractors

Respondent shall provide a list of the subcontractors who will provide goods or services under the Contract, including the following information: 1. 2. 3. 4. 5. 6. 7. 8.

Business name, Address, Type of organization, Date of formation, State of charter and corporate charter number, Listing of each principle partner or officer, FEIN, and Percentage estimate of the subcontractor’s contribution to the overall project.

If the subcontracting company is a division or subsidiary of any other organization, Respondent shall include the following information about the subcontract company’s parent organization: 1. 2. 3. 4. 5. 6.

Business name, Address, Type of organization, Date of formation, State of charter and corporate charter number, and FEIN. Past Performance References

The Respondent shall provide a list of no more than two (2) contracts, performed by the Respondent as the prime vendor within the three (3) years preceding the issuance of this RFO, for which the Respondent was the prime vendor and that are similar in nature and scope to the project described in this RFO. All past performance references should be listed on the Form C, Past Performance References (Respondent may make copies of the form as necessary). For any listed contract, the Respondent must provide the following information: 1. 2. 3.

4. 5. 6.

The customer’s company or entity name, address, contact name, telephone number and email address (contact must be a senior representative of the customer who was directly responsible for interacting with the Respondent throughout the performance of the engagement and who can address questions about the performance of the Respondent from personal experience); if the reference listed is the OAG, the Respondent is not required to provide this information, the contract award date and the operational start date (Respondent’s work/solution was fully operational) and the operational end date, a summary description of the project(s) and service(s) provided, and a signed Form E, Respondent Release of Liability (to Reference) for each reference absolving the listed entity from liability for information provided to the OAG concerning the Respondent’s performance of its engagement. Canceled Contract References

The Respondent shall provide a completed Form D, Canceled Contract References for any contract that was canceled or prematurely terminated in the past five (5) years. The completed Form D, Canceled Contract References must provide details on the reason for the cancellation and the Respondent’s position relevant to the cancellation and the final resolution of the contract cancellation.

Integrated Security Solutions RFO, v1.0 Page 10 of 57

The Respondent shall include each customer’s: 1. 2. 3.

company or entity name, company address, contact name, telephone number, and email address (contact must be a senior representative of the customer who was directly responsible for interacting with the Respondent throughout the performance of the engagement and who can address questions about the performance of the Respondent from personal experience and must be able to address questions concerning the cancellation; if the references listed is the OAG, the Respondent is not required to provide this information), 4. the contract award date and the operations (Respondent’s work/solution was fully operational) start and end dates, and 5. a signed Form E, Respondent Release of Liability (to Reference) for each reference absolving the listed entity from liability for information provided to the OAG concerning the Respondent’s performance of its engagement The contact must be able to address questions concerning the cancellation. All canceled contract references should be listed on the Canceled Contracts Reference form. A signed Form E, Respondent Release of Liability (to Reference) shall be provided for each entity. Failure to fully disclose canceled contracts within the scope of this requirement may result in disqualification. If the failure to disclose is not learned until a Contract has been awarded to the Awarded Vendor, the Contract may be terminated. In the event of such termination, the Awarded Vendor shall be liable for all costs associated with the re-procurement including any increased costs for the services originally awarded. Respondent may make copies of the form as necessary. If there are no canceled contracts, the Respondent shall note that there are none on Form D, Canceled Contract References or within their Response. Section B: Response to Statement of Work Summary of Capabilities: Moves, Adds and Changes Respondent shall submit a Summary of Capabilities: Moves, Adds and Changes document describing the Respondent’s solutions, technical capabilities and experience in proposing, installing, upgrading, modifying and relocating location access and surveillance systems. At a minimum, the summary shall address all requirements stated in Section 4.1, including all subsections. The Summary of Capabilities: Moves, Adds and Changes document shall be no more than five (5) pages long. If more than five (5) pages are provided, only the first five (5) pages will be considered. Respondent shall attach the following to the Summary of Capabilities: Moves, Adds and Changes document, which will not be counted against the five (5) -page limitation:  

a photocopy of Respondent’s license(s) or other proof of Respondent being licensed under the Private Security Program of the Texas Department of Public Safety as required under the Private Security Act (Chapter 1702, Texas Occupations Code) (see Section 4.1.13); and copies of DSX and other Original Equipment Manufacturer (OEM) certifications for installation and maintenance personnel (see Section 4.1.16).

Summary of Capabilities: Technical Support Respondent shall submit a Summary of Capabilities: Technical Support document describing the Respondent’s capabilities and experience in providing customer service and technical support to customers with location access and surveillance systems, as well as the Respondent’s proposed solutions for the OAG. At a minimum, the summary shall address all requirements stated in Section 4.2, including all subsections. The Summary of Capabilities: Technical Support document shall be no more than five (5) pages long. If more than five (5) pages are provided, only the first five (5) pages will be considered.

Integrated Security Solutions RFO, v1.0 Page 11 of 57

Respondent shall attach the following to the Summary of Capabilities: Technical Support document, which will not be counted against the five (5) -page limitation: 

An organizational chart and resumes for the proposed Project/Operational Manager (see Section 6.1) and other key personnel, including any subcontractors, along with a summary of the roles and responsibilities for each.

Summary of Products Offered Respondent shall submit a Summary of Products Offered document listing all location access and surveillance systems products and/or product lines that the Respondent is able to provide to the OAG. The purpose of the Summary of Products Offered document is to provide the OAG with information regarding the range and type of products the Respondent is able to provide to the OAG. The document shall include only information about products and product lines listed in the Manufacturer's Price List(s) submitted as part of the Respondent’s Form B, Pricing (see Section 2.9.3). The document shall only provide the name, manufacturer and brief description of products, and shall not include any pricing information. Transition Checklist Respondent shall submit a checklist that describes all tasks that the Respondent recommends or requires to be completed during the implementation phase following Contract award (see Section 4.7). Section C: Financial Assurance The Respondent shall disclose if and when it has filed for bankruptcy within the last seven (7) years or make an affirmative statement that Respondent has not filed for bankruptcy within the last seven (7) years. If a Respondent is conducting business as a corporation, partnership, limited liability partnership, joint venture, or other form of artificial person, the Respondent shall disclose whether any of its principals, partners, or officers has filed for bankruptcy within the last seven (7) years or make an affirmative statement that the Respondent’s principals, partners, or officers have not filed for bankruptcy within the last seven (7) years. The Respondent shall describe any docketed or adjudicated civil or criminal litigation that has occurred within the past (10) years, including the caption of each action, the date of inception, a brief description of the action, and current status or disposition. If the Respondent has no litigation within the past 10 years, then Respondent shall provide an affirmative statement that there is no such litigation. Further, as part of the submission of the Response, the Respondent shall include: A current, Dun & Bradstreet “Comprehensive Insight Plus Report” prepared within the thirty (30) days prior to submitting the Response. If the Respondent is not rated by Dun & Bradstreet, Respondent may submit a report similar in content and detail to the Dun & Bradstreet “Comprehensive Insight Plus Report” from Standard & Poor’s, or any similar report providing sufficient documentation to allow verification of Respondent’s financial viability, as long as the report was prepared within the thirty (30) days prior to submitting the Response. This report should, at a minimum, include: 1. 2. 3. 4. 5. 6.

business and principal history, financial statement or at a minimum a financial statement summary, creditworthiness assessment based on past performance, details of any public filings, such as suits, judgments, liens, bankruptcies, UCC filings, etc., payment history, and description of affiliated companies and branches.

Audited financial statements for the three (3) most recent years prior to submitting the Response, including one (1) for the Respondent’s fiscal year ending within twelve (12) months prior to the RFO posting date. If any of the audited statements are not available, then unaudited financial statements may be submitted if certified as “true, accurate, and complete” by the Respondent’s chief financial officer and/or treasurer.

Integrated Security Solutions RFO, v1.0 Page 12 of 57

At a minimum, Respondents shall submit the following basic financial statements: 1. 2. 3.

Balance Sheet - also referred to as a statement of financial condition, reports on a company's assets, liabilities and net equity as of a given point in time. Income Statement - also referred to as Profit and Loss or Revenue and Expense statement, reports on a company's results of operations over a period of time. Cash Flow Statement - reports on a company's cash flow activities, particularly its operating, investing and financing activities.

If the Respondent is either a subsidiary of a parent company or subcontracting with any entity that represents equal to or greater than ten percent (10%) of the gross dollar value of Respondent’s Pricing Submission, then a Dun & Bradstreet “Comprehensive Insight Plus Report” and financial statements as required in 2.9.2.3.1 and 2.9.2.3.2 shall be submitted for that parent or subcontractor. If parent or subcontractor is not rated by Dun & Bradstreet, Respondent may submit, on behalf of the parent or subcontractor, a report similar in content and detail to the Dun & Bradstreet “Comprehensive Insight Plus Report” from Standard & Poor’s, or any similar report providing sufficient documentation to allow verification of parent or subcontractor’s financial viability, as long as the report was prepared within the thirty (30) days prior to submitting the Response. Requested information for the parent is not necessary if the Respondent is a wholly-owned subsidiary. If any of these elements are not available, Respondents shall provide a written statement explaining why the element is not available. The OAG, in its sole discretion, shall determine the adequacy of any information provided. The OAG reserves the right to request additional financial information at any point during the procurement, as it deems necessary, to evaluate the Respondent and/or the Respondent’s parent or subcontractors, and by submission of a Response, Respondent agrees to provide same. Section D: Exceptions and Assumptions The Respondent shall explicitly set forth any assumptions regarding, or exceptions to, any part of this RFO, referencing the specific RFO section number (formats shown below). Exceptions: Section

Section Title

Exception

Proposed Language

If there are no exceptions, the Respondent shall explicitly state that the Respondent takes no exception to any part of this RFO. Any exception may result in the Contract not being awarded to the Respondent. Assumptions: Section

Section Title

Assumption

Section E: Forms The forms described in Section 2.4 are to be completed and returned with Respondent’s Response Submission unless otherwise noted in this document. In addition to the forms, the Respondent shall include proof of insurance as required by Section 9.5.9.1. Form B, Pricing and Form G, HUB Subcontracting Plan shall be included with the Pricing Submission, as described below.

Integrated Security Solutions RFO, v1.0 Page 13 of 57

2.9.3

Pricing Submission and HUB Compliance

Respondents shall submit one (1) original and two (2) hard copies of the Pricing Submission. In addition, Respondents shall provide two (2) copies of optical media containing two (2) electronic copies of the Pricing Submission, one in Microsoft Word or Excel format (*.doc/*.docx or *.xls/*.xlsx) and one in Adobe Portable Document Format (*.pdf). Failure to submit a complete Pricing Submission may result in disqualification of the Response. Except for the one (1) original, the electronic copies and hard copies should be identical. This is especially important with regard to identifying proprietary or confidential information. The Pricing Submission (the original, the copies and the media with the electronic copies) should be sealed and clearly marked with the specified Response due date and time and the title: OAG Integrated Security Solutions Pricing Submission. The Pricing Submission shall consist of: 1. 2.

3.

The completed Form B, Pricing, which shall include all costs associated with any and all services to be provided, Assumptions upon which the price amounts are based and/or conditions attached to any price amount (these assumptions and/or conditions must be set forth in a separate document from the Form B, Pricing and not contain any price amounts), and The completed Form G, HUB Subcontracting Plan.

The Pricing Submission shall be sealed and submitted separately from the Requirements Submission. No price information shall be included in any other portion of the Response. Any Response which fails to adhere to this requirement may be disqualified as non-responsive. Any price assumptions and/or price conditions document shall only be submitted in the Pricing Submission and not in the Requirements Submission. The Respondent may offer additional options or features to the requested services, but under no circumstances, may a Respondent add any costs or take any credits for those additions. Inclusion of any changes or credits in the Response not specifically addressed may be grounds for the response to be disqualified. 2.10

Cost of Submission

The state will not reimburse Respondents for any cost related to Response preparation or submission. Respondents to this RFO are responsible for any expense related to the preparation and submission of a Response. 2.11

Public Information Act

As a state agency the OAG will strictly adhere to the requirements of (a) Chapter 441, Subchapter L of the Texas Government Code regarding the preservation, management, and retention of state records and (b) Chapter 552 of the Texas Government Code (the "Texas Public Information Act") regarding the disclosure of public information. As a result, by participating in this solicitation process you acknowledge that all information, documentation and other materials you submit in Response to this RFO may (a) constitute state records for the purposes of Chapter 441, subchapter L of the Texas Government Code and (b) be subject to public disclosure under the Texas Public Information Act. The CSD of the OAG is without authority to agree that any information submitted will not be subject to disclosure. Disclosure is governed by the Texas Public Information Act (the "Act"), Chapter 552 of the Texas Government Code. Under the Act, all information held by governmental bodies is open to public disclosure unless it falls within one of the Act's specific exceptions to disclosure. Respondents are advised to consult with their legal counsel concerning disclosure issues resulting from this process and to take precautions to safeguard trade secrets and other proprietary information.

Integrated Security Solutions RFO, v1.0 Page 14 of 57

If it is necessary for a Respondent to include proprietary or otherwise confidential information in its Response, that proprietary or otherwise confidential information, documentation or materials must be clearly identified on each page upon which it appears and with a written notice (in a format as shown below) identifying the specific exception(s) to disclosure under the Texas Public Information Act that the Respondent claims is/are applicable to such information, documentation, or material. Subchapter C of the Texas Public Information Act sets forth the Act's exceptions to the required disclosure of information. Please note that claiming a disclosure exception for provided information does not automatically render such information confidential. Further merely making a blanket claim that all of the submitted information is protected from disclosure because it contains some proprietary information is not acceptable, and shall not render the entire submission confidential. Any information which is not clearly identified as proprietary or confidential shall be deemed to be subject to disclosure pursuant to the Act. Page number, section number

Exception to disclosure

In the event that the OAG receives a request under the Texas Public Information Act for a copy of any information, documentation, or other material for which an exception to required disclosure under the Act is claimed, the OAG will undertake its best efforts to provide the Respondent with notice of the request for release of provided information and afford the Respondent the opportunity to brief the facts that bring the information under the applicable exceptions of the Act. The Respondent would submit the brief to the Open Records Division of the OAG. The Open Records Division is the division within the OAG that governmental bodies (including divisions of the OAG) seeking to withhold information under the Public Information Act must apply to for a decision on whether the information is excepted from disclosure. It is not possible to obtain a decision prior to a request for public disclosure being made since the Open Records Division does not render advisory opinions. 2.12

Response Irrevocability

Responses to this RFO are irrevocable for one hundred twenty (120) Calendar Days following the closing date. This period may be extended at the OAG Procurement Division Director’s request only by a Respondent’s written agreement. 2.13

Discussions and Best and Final Offer

The OAG may discuss acceptable or potentially acceptable Responses with Respondents (in this context “discuss” means to clarify, modify and/or negotiate). If discussions occur, all Respondents with Responses found to be acceptable or potentially acceptable shall be given an opportunity to discuss their Responses with the OAG and, if applicable, revise Responses accordingly in accordance with the BAFO process described below. A time and place shall be set for receipt of any BAFO. Changes to Responses or prices after BAFO shall only be allowed if the OAG, in its sole discretion, determines that resubmission would be in the public interest. 2.14

OAG Rights

All submitted Responses become the property of the OAG. The OAG reserves the right to use any and all ideas presented in any Response to the RFO. Selection or rejection of any Response does not affect this right. The rights of the OAG include, but are not limited to: 1. 2. 3. 4. 5. 6.

cancellation of the RFO at its sole discretion, suspension of the procurement process and issuance of RFO addenda, rejection, in whole or in part, of any and all Responses received in response to this RFO, waiver of administrative deficiencies and/or minor technicalities in Responses received, utilization of any and all ideas submitted in the Responses received, directing any Respondent to submit Response modifications addressing subsequent RFO amendments,

Integrated Security Solutions RFO, v1.0 Page 15 of 57

7.

elimination of any requirements that are not met by all Respondents upon notice to all parties submitting Responses, 8. making typographical corrections to Responses, with the concurrence of the Respondent, 9. changing computational errors with the written concurrence of the Respondent, 10. requesting Respondents to clarify their Responses and/or submit additional information pertaining to their Response, and 11. making an award without: a. b. c. d. 2.15

requesting clarification of Responses, allowing modifications of the Responses, discussing and/or negotiating the Responses, or requesting a Best and Final Offer (BAFO).

Addendum

Should an addition or correction become necessary after an RFO is issued, an Addendum relating the necessary information will be posted on the ESBD. Respondents are responsible for periodically checking the ESBD for addenda or additional information. Respondents are required to acknowledge the Addendum by returning the Addendum with the Response or by including some other written acknowledgement in the Response. 2.16

Award

The OAG will award a Contract to the Respondent that offers the best value to the State and is in the State’s best interest, as determined using the evaluation factors described in this section. 2.16.1

Initial Responsiveness Screening

The OAG will perform an initial responsiveness screening of the Response to verify completion of a Response in accordance with Section 2.9 and signature of all required accompanying documentation. A Response determined not to be responsive may be disqualified. A Response which passes the initial responsiveness screening will move forward to the Financial Assurance Review. 2.16.2

Financial Assurance Review

The OAG will review the financial resources and financial responsibility of the Respondent and/or the Respondent’s agents to determine adequacy to perform the required services. Financial Assurance Review information determined not to be responsive may disqualify the Respondent from further consideration. Any Respondent whose financial resources or financial responsibility are determined to be inadequate to perform the required services shall be disqualified. Disqualification may occur at any time prior to Contract award. 2.16.3

Best Value Determination

The OAG will evaluate and score each Response based on the following criteria to determine which Response offers the best value and is in the State’s best interest: Section A: Company Qualifications (see Section 2.9.2.1) The Respondent’s Company Qualifications will account for twenty percent (20%) of the Respondent’s total evaluation score, to be calculated using the following information:  

Information gathered from references provided by the Respondent in Form C, Past Performance References (see Section 2.9.2.1.3); and Information provided by the Respondent in Form D, Canceled Contract References (see Section 2.9.2.1.4).

Integrated Security Solutions RFO, v1.0 Page 16 of 57

Section B: Response to Statement of Work (see Section 2.9.2.2) The Respondent’s Technical Solution will account for fifty percent (50%) of the Respondent’s total evaluation score, to be calculated using the following information:    

Respondent’s technical capabilities, as described in the Summary of Capabilities: Moves, Adds and Changes (see Section 2.9.2.2.1); Respondent’s technical support capabilities, as described in the Summary of Capabilities: Technical Support (see Section 2.9.2.2.2); The products that the Respondent is able to provide, as listed in the Summary of Products Offered (see Section 2.9.2.2.3); and Information provided in the Respondent’s Transition Checklist (see Section 2.9.2.2.4).

Pricing Submission: (see Section 2.9.3) The Respondent’s proposed pricing, as listed in Form B, Pricing Submission, will account for thirty percent (30%) of the Respondent’s total evaluation score, to be calculated using the following information:     

Respondent’s proposed implementation fees, as stated in Section 1.0 - Integrated Security Solutions, Implementation Services; Respondent’s proposed pricing for performing MACs, as stated in Section 2.0 - Labor Costs for Moves, Adds and Changes (MACs); Respondent’s proposed pricing for providing warranty coverage of Installed Systems, as stated in Section 3.0 - Monthly Fee for Warranty of Installed Systems; Respondent’s proposed pricing for additional training, as stated in Section 4.0 - Additional Training; and Manufacturer’s Price Lists and additional information provided by the Respondent in Section 5.0.

Evaluator comments and scores will be reviewed to determine if discussions are necessary, and, if so, which Responses qualify for discussions. If discussions are held, a Best and Final Offer (BAFO) may be requested, and Responses to the BAFO request will be reviewed and scored. Upon the conclusion of the Evaluation Process, the OAG will award to the Respondent with the highest-scoring Response, provided that it is in the State’s best interest to do so. 2.16.4 Evaluation for a Single Response If only one (1) Response is received in response to the advertised solicitation or only one (1) Response passes the Initial Responsiveness Screening, the OAG will review the Response for compliance with specifications, identify any areas of non-compliance, and if, applicable, identify questions that need to be asked of the Respondent to clarify the Response.

3 BACKGROUND AND OAG ASSUMPTIONS 3.1

Background

Under this solicitation, the OAG is combining the services it currently receives under two (2) separate contracts that will expire on August 31, 2015. The BACES (Building Access Control Equipment and Services) contract, in effect as of September 1, 2009, provides for the installation, maintenance and support of DSX equipment in OAG CSD facilities throughout the state. The Security Camera Equipment and Maintenance Services contract, in effect as of September 1, 2010, addresses the security cameras installed at State Office in Austin, TX. Due to the similarities in qualifications and expertise required by these contracts, the OAG has chosen to combine them into one, and the OAG expects that the resulting contract will provide greater value to the State of Texas through improved operational efficiency and greater flexibility.

Integrated Security Solutions RFO, v1.0 Page 17 of 57

3.2

Integrated Security Solutions (ISS) Business Processes

With this Contract, the OAG is addressing business needs that are part of a larger effort to ensure that the OAG is consistently providing quality, secure facilities for its staff and customers in locations throughout Texas. Managing the installation, maintenance, support and operation of each location’s access control, surveillance, security and monitoring systems is one of many OAG business processes that contribute toward achieving this goal. For this reason, the OAG seeks a vendor that can provide turnkey installation of complete, integrated systems at OAG locations, and maintain and support them, in collaboration with the OAG and its other vendor partners. Because the OAG business need addressed by this RFO calls for achieving complete, functional systems at OAG locations, the OAG has defined the term “Installed System” (see Section 1.3, Definitions and Acronyms) to facilitate the discussion, implementation, and evaluation of these systems, as well as remuneration to the Awarded Vendor for providing and maintaining them. OAG’s intent is for this term to be used both contractually and operationally. For the purpose of this Contract, the OAG defines four (4) distinct types of Installed Systems: 1.

DSX Installed System: An entire system, installed and accepted by the OAG in an OAG location, that consists, or may consist, of items such as DSX controllers, door readers, door strikes, door locks, door contact monitors, fail safe devices, door release buttons, egress motion detectors and other access control, security, safety or emergency-response devices, such as panic buttons, that may be integrated with and supported by the DSX controller(s).

2.

DSX Communication Installed System: An entire system, installed and accepted by the OAG, regardless of physical location, that consists, or may consist, of WinDSX Software instance(s), Comm server(s) software, database(s), network adapters, badges/swipe cards, and other such devices related to the centralized administration of multiple DSX Installed Systems. (Note: LAN/WAN network(s), MS Access database licenses, and server hardware are not considered to be part of the DSX Communication Installed System because they are owned and managed separately by the OAG.)

3.

Surveillance Camera Installed System: An entire system, installed and accepted by the OAG in an OAG location, consisting of commercial-grade, indoor and outdoor video surveillance components such as multicamera DVRs, high-resolution color dome cameras, environmental cameras, video monitors, power supplies, matrix switchers, joystick controllers, static and camera housings, brackets and mounts, video entry systems, and monitoring software.

4.

Monitoring Camera Installed System: An entire system, installed and accepted by the OAG in an OAG location, consisting of economical, indoor video surveillance components such as multi-camera DVRs, medium-resolution wireless cameras, power supplies and monitors.

3.3

Current Environment

Under the Contract, the Awarded Vendor will assume responsibility for maintaining and supporting all of the OAG’s Installed Systems, as well as for the sale and installation of equipment for new Installed Systems MACs to existing Installed Systems, as required by the OAG. 3.3.1

DSX Installed Systems The OAG has DSX Installed Systems in eighty (80) CSD locations throughout Texas at this time. Each DSX Installed System is connected to the DSX Communication Installed System via dedicated LAN/WAN connections. A typical DSX Installed System consists of: 1. one (1) or more DSX Controllers; 2. ten (10) card readers; 3. five (5) door strikes; 4. five (5) door contact monitors; 5. one (1) fail safe device;

Integrated Security Solutions RFO, v1.0 Page 18 of 57

6. 7.

one (1) door release button; and one (1) egress motion detector (only in some locations).

The OAG seeks a broader range of products that it may include in DSX Installed Systems under the Contract to provide the OAG with options to obtain other access control, security, safety, surveillance or emergency-response devices, such as panic buttons, that can be integrated into the DSX Installed System(s). 3.3.2

DSX Communication Installed System The OAG currently has one (1) DSX Communication Installed System, consisting of: 1. 2. 3. 4. 5.

approximately two thousand, five hundred (2,500) active HID 1326LMSMV Proxcard II Clamshell Proximity Card - H10302 Bit Format access cards; approximately eighty (80) Lantronix network devices; one (1) DSX Comm Server instance (executable); one (1) Access database instance; and five (5) instances of WinDSX access control and system monitoring software (currently v3.7.149).

The DSX Communication Installed System currently monitors approximately eighty (80) DSX Installed Systems. Both the Comm server and Access database instance run on a Windows 2003 virtual server in a secure, dedicated network domain. The WinDSX instances run on Windows 7 workstations. Network connectivity is provided by the OAG. Both the server and the network are maintained by the OAG. 3.3.3

Surveillance Camera Installed System The OAG has one (1) Surveillance Camera Installed System at this time, consisting of: 1) one (1) WH-HD716/4000 Panasonic DVR; 2) two (2) WV-CU650 Panasonic DVR controllers; 3) fourteen (14) cameras; a) five (5) WV-CW964 Panasonic dome cameras; b) seven (7) WV-CW504s Panasonic dome cameras; c) two (2) WV-CP 504 Panasonic cameras; and 4) two (2) KDL-52EX700 Sony Bravia 50" monitors.

3.3.4

Monitoring Camera Installed Systems The OAG has no Monitoring Camera Installed Systems at this time.

3.4

OAG Assumptions

3.4.1

The OAG intends to award the Contract prior to the expiration of the existing BACES and Security Camera Equipment and Maintenance Services contracts (see Section 3.1, Background), and may utilize the Contract for services that it deems unrelated to, or sufficiently independent of, services which may continue to be provided under the present contract(s) until expiration or termination thereof.

3.4.2

The OAG assumes that the technology used in OAG’s Installed Systems is adequate for OAG’s needs, and potential changes in supporting technology, such as network protocols, or other external factors will not, over the course of the Contract, render the currently-used technology inadequate or obsolete.

3.4.3

The OAG assumes, for planning purposes only, the following quantities for new and relocated Installed Systems (MACs) during the initial term of the Contract:

Integrated Security Solutions RFO, v1.0 Page 19 of 57

Projected New and Relocated Installed Systems per Fiscal Year DSX Installed Systems

Monitoring Camera Installed Systems

47

12

2016

37

61

2017

18

10

2018

17

10

Fiscal Year 2015 (Feb-Aug)

3.4.4

Surveillance Camera Installed System

DSX Communication Installed System

Zero (0)

Zero (0)

The OAG assumes, for planning purposes only, the following total quantities for Installed Systems under warranty during the initial term of the Contract: Projected Total Installed Systems per Fiscal Year

3.4.5

3.5

Fiscal Year

DSX Installed Systems

Monitoring Camera Installed Systems

2015

92

12

2016

99

73

2017

105

83

2018

110

92

Surveillance Camera Installed System

DSX Communication Installed System

One (1)

One (1)

The estimates provided in Sections 3.4.3 and 3.4.4 above are intended solely to provide potential volumes to Respondents. The OAG makes no representations as to specific plans, volumes or date(s). Actual volumes will be determined by a number of factors, some of which are beyond the OAG’s ability to control. OAG Responsibilities

3.5.1

The OAG will provide and maintain all secure network connectivity, including all routers, switches, connections and server(s) as needed to support Installed Systems. This does not include wireless connectivity in Monitoring Camera Installed Systems.

3.5.2

The OAG will provide and maintain the secure host server hardware and operating system(s), including system backups and anti-virus protection, as needed, to support Installed Systems.

3.5.3

The OAG will provide technical support to the Awarded Vendor when loading and upgrading software running on OAG workstations or servers.

3.5.4

The OAG will provide two (2) Virtual Private Network (VPN) accounts to the Awarded Vendor to permit access to the server, located in a separate network domain, and with limited permissions, as necessary to allow the Awarded Vendor sufficient access to software as required under this Contract.

3.5.5

The OAG will serve as the systems administrator of all Installed Systems.

3.5.6

The OAG will request quotes for services from, and will authorize the services to be performed by, the Awarded Vendor using a formal process to be defined during implementation of this Contract.

Integrated Security Solutions RFO, v1.0 Page 20 of 57

3.5.7

The OAG will assign a Contract Manager and one (1) or more Operations Manager(s) to administer and monitor activities of the Contract. The OAG Contract Manager will have responsibility for matters associated with the Contract and the OAG Operations Manager(s) will manage the day-to-day activities associated with the Installed Systems.

3.5.8

The OAG will be the first point-of-contact for inquiries from OAG staff regarding Installed Systems, including requests for emergency services.

3.5.9

The OAG will determine the appropriate response to all security-related events.

3.5.10

The OAG will notify the Awarded Vendor of all emergency and non-emergency maintenance and service requests via a dedicated telephone number, to be provided by the Awarded Vendor (see Section 4.2), and follow up with e-mail where appropriate.

3.5.11

The OAG will cooperate with the Awarded Vendor to facilitate and support the Awarded Vendor’s interactions with lessors, landlords, property management, building security and local and state authorities as needed to ensure that the Awarded Vendor is able to gain access to and render services at OAG locations.

3.5.12

The OAG will own all equipment belonging to Installed Systems, including spare or backup equipment.

3.5.13

The OAG will store at its facilities all equipment, including spare or backup equipment that has been purchased for, or removed from, an OAG location, unless otherwise specified by the OAG (see Section 4.3).

3.5.14

The OAG will issue and manage all OAG access control cards.

3.5.15

The OAG will provide all OAG-required training to the Awarded Vendor’s staff.

4 STATEMENT OF WORK 4.1

Moves, Adds and Changes (MACs) The Installed Systems are described in Section 3.2. The list of primary components currently in use in OAG DSX Installed Systems is provided in Attachment 2: DSX Installed Systems Inventory and List of Primary Components.

4.1.1

The Awarded Vendor shall recommend, provide and install new DSX Installed Systems in OAG locations as requested.

4.1.2

The Awarded Vendor shall recommend, provide and perform upgrades to existing DSX Installed Systems as needed to achieve improved performance, expanded capabilities, regulatory compliance, reduced operating costs, and/or modernization.

4.1.3

The Awarded Vendor shall recommend perform upgrades to the existing DSX Communication Installed System, and provide new DSX Communication Installed Systems as requested.

4.1.4

The Awarded Vendor shall recommend, provide, and install new Surveillance Camera Installed Systems in OAG locations as requested.

4.1.5

The Awarded Vendor shall recommend, provide, and perform upgrades to existing Surveillance Camera Installed Systems as needed, to achieve improved performance, expanded capabilities, regulatory compliance, reduced operating costs, and/or modernization.

Integrated Security Solutions RFO, v1.0 Page 21 of 57

4.1.6

The Awarded Vendor shall recommend, provide, and install and perform upgrades to Monitoring Camera Installed Systems in OAG locations, as requested. Monitoring Camera Installed Systems shall meet or exceed the following specifications: 1. low purchase and maintenance costs; 2. fixed-position, color wireless cameras, ceiling or wall mount, with 120VAC power supply adapter; 3. DVR with support for up to six (6) cameras with forty-eight (48)-hour recording capability; 4. a minimum of four hundred eighty (480) TV lines (TVL) to five hundred twenty (520) TVL image quality; and 5. color monitor.

4.1.7

The Awarded Vendor shall relocate and/or reconfigure any type of Installed System, or individual components thereof, to accommodate MACs.

4.1.8

The Awarded Vendor shall schedule and perform all installation, inspection, removal or repair services at a time and date provided by the OAG.

4.1.9

The Awarded Vendor shall be liable for any damage caused by it or its subcontractors or by defects in it or its subcontractor’s work, materials, or equipment. The Awarded Vendor shall be responsible, at its own expense, for repair or replacement of any furniture, equipment, carpets, floors or walls damaged by Awarded Vendor while performing MACs, inspections or repair services.

4.1.10

The Awarded Vendor shall ensure that all installations meet current OEM specifications, and shall not void the warranty or otherwise damage equipment being installed, other existing equipment, or equipment removed for relocation in another Installed System.

4.1.11

The Awarded Vendor shall ensure that all installations shall meet all minimum requirements of the Americans with Disabilities Act of 1990, 42 USC 12101, et seq.

4.1.12

The Awarded Vendor shall comply with State of Texas Accessibility requirements for Electronic and Information Resources (EIR) as required by Chapter 2054, Subchapter M of the Texas Government Code and by the Rules of the Texas Department of Information Resources adopted in the Texas Administrative Code (TAC), Title 1, Part 10, including, but not limited to, those requirements specified in 1 TAC Chapter 206 and/or Chapter 213 when such products are available in the commercial marketplace or when such products are developed in response to a procurement solicitation. If new products are provided to the OAG, the Awarded Vendor shall provide accessibility information through either a completed Voluntary Product Accessibility Template (VPAT) or equivalent reporting templates.

4.1.13

The Awarded Vendor shall be licensed in all applicable categories by the Private Security Bureau of the Texas Department of Public Safety.

4.1.14

The Awarded Vendor shall ensure that all installations comply with applicable industry standards as well as all local, state, and federal regulations.

4.1.15

The Awarded Vendor shall ensure that all DSX Installed Systems comply with UL294 and UL1076 standards.

4.1.16

The Awarded Vendor shall ensure that a minimum of one (1) factory-trained or certified service personnel shall be present during installation, repair or upgrades of DSX and/or Panasonic equipment.

4.1.17

The Awarded Vendor shall comply with the following guidelines regarding all cable and cabling installations: 1. Cables shall be routed parallel and/or perpendicular to the building structure;

Integrated Security Solutions RFO, v1.0 Page 22 of 57

2. 3. 4. 5. 6. 7.

Cables shall be clearly labeled using permanent markers or labels; Cables shall not restrict removal of ceiling tiles, light fixtures and other ceiling components; Cables shall not lay on lights, ceiling tiles or grids; Cables shall not be fastened to conduits, pipes, ducts, or ceiling support wire; Cables shall not be routed across walkways or catwalks; and Cables shall not obstruct air conditioning drains or other heating, ventilating, and air conditioning (HVAC) equipment.

The Awarded Vendor shall close ceiling tiles after installation has been completed. The Awarded Vendor shall be responsible for replacing damaged tiles. The Award Vendor shall ensure that all cable installations are aesthetically pleasing. 4.1.18

4.2 4.2.1

The Awarded Vendor shall, at its own expense, properly dispose of obsolete or decommissioned equipment, old wiring, packaging and debris resulting from installation, repair or removal activities at OAG locations without using refuse containers at the OAG facility. Maintenance and Technical Support The Awarded Vendor shall provide the OAG with a process for reporting equipment failures and other technical problems to, and for obtaining technical support from, the Awarded Vendor. The Awarded Vendor shall provide the OAG with a dedicated telephone number, available twenty-four (24) hours per Calendar Day, for emergency and non-emergency maintenance and service requests. The Awarded Vendor shall provide the OAG with a dedicated e-mail address, available twenty-four (24) hours per Calendar Day, for emergency and non-emergency maintenance and service requests.

4.2.2

The Awarded Vendor shall provide the OAG with support, via telephone or meeting, to answer productrelated question(s) as part of standard, on-going support of products and services, at no additional cost.

4.2.3

The Awarded Vendor shall provide software, hardware and firmware upgrades for all Installed Systems as required to maintain the levels of performance stated in the Contract.

4.3 4.3.1

Shipping, Handling and Storage The Awarded Vendor shall receive, transport and install OAG equipment, including, but not limited to, equipment purchased by the OAG from the Awarded Vendor under this Contract, and equipment owned by the OAG and provided to the Awarded Vendor. Equipment purchased by the OAG from the Awarded Vendor shall become the property of the OAG upon installation thereof at an OAG location, or upon delivery to the Computer Allocation Center (CAC) (see Section 1.3, Definitions and Acronyms), whichever occurs first. Equipment removed from any OAG location shall remain the property of the OAG unless otherwise specifically authorized by the OAG. The Awarded Vendor shall not remove any equipment which may contain confidential recorded material, such as DVRs, or stored data, such as computers, from any OAG location without prior authorization from the OAG (see also Section 8.3.4.2). The OAG may, at its sole discretion, transfer ownership of equipment to the Awarded Vendor.

Integrated Security Solutions RFO, v1.0 Page 23 of 57

The Awarded Vendor shall notify the OAG immediately upon successful removal or installation of OAG equipment, and such notification shall include pertinent information such as the time, place, Awarded Vendor contact person, manufacturer’s serial number(s), OAG asset identification number(s), work authorization, and description of equipment, as required by the OAG. 4.3.2

The Awarded Vendor shall maintain a current inventory of all OAG equipment, by location, and shall provide the inventory to the OAG upon request.

4.3.3

The Awarded Vendor shall securely store all OAG equipment in its possession at any time. The Awarded Vendor shall securely transport and deliver to the CAC any OAG equipment that has not been installed at an OAG location within ten (10) Business Days from the date it was received by the Awarded Vendor, whether by removal from an OAG location or by receipt from the CAC. The OAG may, at its discretion, extend the amount of time the equipment may remain in the Awarded Vendor’s possession. The shipping address, contact information and business hours for the CAC are as follows: Office of Attorney General, Child Support Division Computer Allocation Center 4044 Promontory Point Drive, Suite 3 Austin, Texas 78744 Attn: Tony Manis Phone: 512-486-7239 Hours: Business Days, 8:00am – 3:00pm

4.4 4.4.1

Title and Warranty The Awarded Vendor shall warranty the operation of all OAG Installed Systems, including individual components thereof, for a fixed monthly fee throughout the term of the Contract and all renewals, beginning on September 1, 2015 (see also Section 6.2, Performance Measures) During the interim period starting upon Award of this Contract and ending no later than August 31, 2015, the Awarded Vendor shall warranty the operation of OAG Installed Systems installed by the Awarded Vendor.

4.4.2

The Awarded Vendor shall provide warranty coverage of the entire Installed System, regardless of whether any individual components thereof were purchased from the Awarded Vendor by the OAG or provided separately by the OAG.

4.4.3

The Awarded Vendor shall not be held responsible for providing warranty service for an Installed System if such service is needed as a result of vandalism, unintentional damage caused by a third party, an act of God, or any other cause not attributable to normal use and operation of the Installed System.

4.4.4

The Awarded Vendor shall maintain all active manufacturer warranty documentation and shall provide it to the Contract Manager upon request by the OAG.

4.4.5

The Awarded Vendor shall obtain, on behalf of the OAG, replacement equipment from the manufacturer or supplier if failed equipment is covered under warranty by the manufacturer or supplier.

4.4.6

The Awarded Vendor shall have title to each product purchased for, or provided to, the OAG, and shall have the right to possess, use, sell, and transfer each product to the OAG, free and clear of any claims, liens, assessments, rights of other parties, or restrictions on sale, use, or transfer.

Integrated Security Solutions RFO, v1.0 Page 24 of 57

4.4.7

4.5 4.5.1

The Awarded Vendor shall test and certify that all equipment installed in an OAG location meets or exceeds all manufacturer’s requirements, recommendations, guidelines, instructions and best practices, as applicable, and that the Awarded Vendor’s method of installation or application within the Installed System does not void or otherwise adversely impact any warranties provided by the manufacturer. Fees and Pricing The Awarded Vendor shall provide warranty coverage of all OAG Installed Systems for a fixed-rate price, based on the type of Installed System as defined in this Contract, to be billed on a monthly basis. Fees paid to the Awarded Vendor for warranty of Installed Systems shall be separate from all other fees and equipment costs, such as those charged for performing MACs. The fixed-rate price for warranty coverage of each DSX Installed System shall be determined by calculating the total number of devices, such as card readers and door strikes, installed at the location and supported by the DSX controller(s) in the DSX Installed System during the most recently-completed Performance Period prior to billing, in its entirety, and multiplying the number of devices by the perdevice/per-location price quoted by the Awarded Vendor. For example, if a DSX Installed System at an OAG location supports ten (10) card readers, five (5) door strikes, five (5) door contact monitors, one (1) Fail Safe Device, one (1) door release button and one (1) egress motion detector, with no other devices supported by the DSX Controller at that location, then the total number of installed devices is twenty-three (23). Assuming these devices were all part of the DSX Installed System during the most recently completed Performance Period prior to billing, the fixed-rate price for warranty coverage of the DSX Installed System at this location would be calculated as the perdevice/per-location price quoted by the Awarded Vendor multiplied by twenty-three (23). The fixed-rate price for warranty coverage of a DSX Communication Installed System shall be determined by the total number of DSX Installed Systems it supported during the most recently completed Performance Period prior to billing, in its entirety, multiplied by the per-location price quoted by the Awarded Vendor. For example, if there were seventy-five (75) DSX Installed Systems supported by the DSX Communication Installed System during the most recently-completed Performance Period prior to billing, the fixed-rate price for warranty coverage of the DSX Communication Installed System would be calculated as the per-location price quoted by the Awarded Vendor multiplied by seventy-five (75). The fixed-rate price for warranty coverage of a Surveillance Camera Installed System shall be determined by the total number of surveillance cameras that are part of the Surveillance Camera Installed System at that location during the most recently-completed Performance Period prior to billing, in its entirety, multiplied by the per-camera/per-location price quoted by the Awarded Vendor. For example, if there were fourteen (14) cameras in a Surveillance Camera Installed System at an OAG location during the most recently-completed Performance Period prior to billing, in its entirety, the fixedrate price for warranty coverage of the Surveillance Camera Installed System at that location would be calculated as the per-camera/per-location price quoted by the Awarded Vendor multiplied by fourteen (14). The fixed-rate price for warranty coverage of Monitoring Camera Installed Systems shall be based on the total number of Monitoring Camera Installed Systems during the most recently completed Performance Period prior to billing, in its entirety, multiplied by the price-per-system quoted by the Awarded Vendor. For example, if there were seventy-five (75) Monitoring Camera Installed Systems in operation during the most recently-completed Performance Period prior to billing, the fixed-rate price for warranty coverage of the Monitoring Camera Installed Systems would be calculated as the per-location price quoted by the Awarded Vendor multiplied by seventy-five (75).

Integrated Security Solutions RFO, v1.0 Page 25 of 57

4.5.2

The Awarded Vendor shall provide labor to perform MACs at a fixed, hourly rate. The Awarded Vendor may, in its Response, propose different rates for each of the four (4) types of Installed System as defined in this contract. The Awarded Vendor shall charge the same fixed, hourly rate for labor to perform MACs regardless of whether or not the OAG has purchased the equipment from, or provided the equipment to, the Awarded Vendor.

4.5.3

The Awarded Vendor shall provide equipment to the OAG at price(s) not to exceed the price(s) stated on the Manufacturer’s Price List. The Awarded Vendor shall provide current Manufacturer’s Price Lists to the OAG upon request.

4.6

Training

4.6.1

Designated employees of Awarded Vendor shall attend OAG training as required by the OAG.

4.6.2

The Awarded Vendor shall maintain a log of employee training, including name of the employee trained, course completed, dates completed and signature of the employee, and shall provide the log to the OAG upon request.

4.6.3

The Awarded Vendor shall supply, at no additional charge, a minimum of one (1) hour of on-site training per year per location to OAG staff in each location regarding the use and preventative maintenance of Installed System(s) at that location, including, but not limited to, software operation, troubleshooting, reporting capabilities, interpretation of schemes used to provide identifiers, system resets, and programming and operation of basic functions. The Awarded Vendor shall only perform on-site training at a time mutually agreed upon by OAG and the Awarded Vendor. The Awarded Vendor shall conduct on-site training concurrently with installation or upgrade of Installed Systems. Additional training beyond the one (1) hour per year per location may be requested of the Awarded Vendor. Additional training shall be billed at the hourly rate quoted in Form B.

4.7 4.7.1

Implementation The Awarded Vendor shall cooperate fully with the OAG to achieve a smooth transition during the implementation of services under this Contract, and shall ensure that the OAG does not experience any adverse impact from the transition of services from the incumbent vendor to the Awarded Vendor. Immediately following Contract award, the Awarded Vendor shall collaborate with the OAG to develop an implementation plan, based on the Transition Checklist submitted in the Awarded Vendor’s Response (see also Section 2.9.2.2.4). Within ten (10) Business Days following the Awarded Vendor’s receipt of the OAG’s request to produce a transition plan, the Awarded Vendor shall assign a Project Manager to work with the OAG to produce the transition plan, and shall provide the assigned Project Manager’s contact information to OAG Contract Manager.

Integrated Security Solutions RFO, v1.0 Page 26 of 57

The transition plan shall be completed no later than thirty (30) Business Days following award and shall specify all tasks to be performed by the parties, the schedule for performance and completion of such tasks, and the responsibilities of the parties associated with performing, supporting and validating the tasks. The implementation plan will include development of a Contract-specific Business Continuity/Disaster Recovery (BC/DR) Plan. A sample BC/DR Plan is attached (Attachment 2). 4.8 4.8.1

Transition At any time during the term of the Contract, the OAG may request that the Awarded Vendor collaborate with the OAG to produce a transition plan that provides for the orderly transition of all services and operations performed by or involving the Awarded Vendor under the Contract. The Awarded Vendor shall cooperate fully with the OAG to achieve a smooth transition and ensure that the OAG does not experience any adverse impact from the transition of services to a subsequent vendor. Within three (3) Business Days following the Awarded Vendor’s receipt of the OAG’s request to produce a transition plan, the Awarded Vendor shall assign a Project Manager to work with the OAG to produce the transition plan, and shall provide the assigned Project Manager’s contact information to OAG Contract Manager. The transition plan shall be completed no later than thirty (30) Business Days following the OAG’s request, and shall specify all tasks to be performed by the parties, the schedule for the performance of such tasks and the respective responsibilities of the parties associated with the tasks.

5 BUSINESS CONTINUITY AND DISASTER RECOVERY REQUIREMENTS 5.1

Supplemental Contract-specific Business Continuity / Disaster Recovery (BC/DR) Plan

5.1.1

The Awarded Vendor shall provide a supplemental Contract-specific BC/DR Plan to the OAG during the Implementation period (see Attachment 2).

5.1.2

The Awarded Vendor’s supplemental Contract-specific BC/DR Plan shall address communication and interdependencies between the OAG, other applicable OAG contractors, and the Awarded Vendor as it pertains to the Awarded Vendor’s recovery efforts.

5.1.3

The Awarded Vendor shall submit the supplemental Contract-specific BC/DR Plan to the OAG Contract Manager and the CSD Business Continuity Coordinator for written approval in accordance with the time frame in the implementation plan. The CSD Business Continuity Coordinator or designee and OAG Contract Manager will be available for consultation during development of the supplemental Contractspecific BC/DR Plan.

5.2 5.2.1

Outages and Disaster Declarations An outage incident is any inability to operate an Installed System in accordance with the Contract. Upon the occurrence of an outage incident, the Awarded Vendor shall immediately contact and coordinate with the OAG Contract Manager and the OAG Business Continuity Coordinator or designee.

5.2.2

Whether and how a disaster will be declared depends on the nature of the services.

Integrated Security Solutions RFO, v1.0 Page 27 of 57

If there is a disaster declaration, the Awarded Vendor and the OAG shall implement the supplemental, Contract-specific BC/DR Plan as appropriate, and shall restore the operation of all Installed Systems within agreed upon response times and service level agreements stated in the Contract-specific BC/DR Plan.

6 CONTRACT MANAGEMENT REQUIREMENTS 6.1 6.1.1

Project / Operational Manager The Awarded Vendor shall provide specifically-identified Project/Operational Manager(s) for the term of the Contract. The Awarded Vendor’s Project/Operational Manager(s) shall serve as the primary point(s) of contact for any inquiries made by the OAG. The Awarded Vendor shall notify the OAG within ten (10) Business Days of any changes in its Project/Operational Manager(s). In the event that a replacement is necessary, the Awarded Vendor shall provide a new Project/Operational Manager of equal experience, qualifications, credentials and certifications, with no interruption in services provided under this Contract.

6.2

Performance

6.2.1

Maintenance, Service Requests and Technical Support

6.2.2

The Awarded Vendor shall submit a quote for time and materials within five (5) Business Days in response to a request by the OAG Contract Manager, OAG Contract Lead or an OAG Operations Managers for MACs. The Awarded Vendor’s quote shall remain valid for thirty (30) Business Days from receipt thereof by the OAG. The Awarded Vendor’s quote shall indicate the hours necessary for all tasks, such as project start-up, installation and testing, as well as a proposed work schedule. The Awarded Vendor shall obtain prior approval from the OAG Contract Manager or an OAG Operations Manager for the time and date to perform MACs.

6.2.3

Acceptance Testing

6.2.4

Each new system or modified Installed System, including, but not limited to, systems that utilize new equipment, replacement equipment, repaired equipment, OAG-supplied equipment and upgraded equipment, shall successfully complete an Acceptance Testing period of no less than thirty (30) Calendar Days before it may be accepted by the OAG. Acceptance Testing shall consist of the OAG operating the system at the location, according to its intended use and during the established availability times (see Section 6.2.4.4), during the Acceptance Testing period. The OAG may opt to delay the start of Acceptance Testing due to circumstances beyond the control of the OAG or the Awarded Vendor. During the Acceptance Testing period, the performance of the system must meet or exceed (a) the technical specifications provided by the Awarded Vendor, the manufacturer(s) of the equipment, and the Contract, and (b) the reliability standard of ninety-nine point eight percent (99.8%).

Integrated Security Solutions RFO, v1.0 Page 28 of 57

Upon completion of the Acceptance Testing period, the Awarded Vendor shall notify the OAG regarding any malfunctions, anomalies or other pertinent information observed during the Acceptance Testing period. The Acceptance Testing period for a system shall begin on the first Business Day following the date the Awarded Vendor notifies the OAG that the system is ready for Acceptance Testing, and shall end on the last Calendar Day of the first complete Calendar Month thereafter. For example, if the Awarded Vendor notifies the OAG that a system is ready for Acceptance Testing on April 20th, the Acceptance Testing period will begin on April 21st and end on May 31st. Acceptance Testing shall be required for all new systems, as well as any time the normal operation of an Installed System, or component thereof, is interrupted for any reason, including, but not limited to, repairs, unscheduled maintenance, configuration, reconfiguration, or whenever an Installed System fails to meet the reliability standard or is not available for full and normal use by OAG. OAG will notify the Awarded Vendor of its acceptance of the Installed System upon verification of successful completion of Acceptance Testing. A system shall not be considered accepted, and no payments shall be made for equipment provided, or work performed, by the Awarded Vendor with regard to the system, until the system has successfully completed Acceptance Testing and the OAG has accepted the Installed System. 6.2.5

Performance Periods The Performance Periods for an Installed System shall have a duration of one (1) Calendar Month each, and shall repeat, without interruption during each successive Calendar Month for the Installed System until the Performance Period is interrupted. The Performance Period for each Installed System shall begin on the first Calendar Day of the first Calendar Month following the successful completion of Acceptance Testing of the system.

6.2.6

Warranty of Installed Systems The Awarded Vendor shall provide all labor and replacement parts associated with warranty maintenance of Installed Systems. The Awarded Vendor shall respond to all OAG requests for warranty service (emergency or nonemergency) within the time frames set forth below. The Awarded Vendor shall respond to emergency requests (defined as those situations that materially affect security, such as a door not locking) within one (1) hour of when the Awarded Vendor is first notified by any authorized OAG individual. This time frame applies to all Calendar Days, including weekends and holidays. The Awarded Vendor shall respond to non-emergency calls within four (4) hours of when the Awarded Vendor is first notified by any authorized OAG individual during a Business Day. If the four (4) -hour response time exceeds the end of the Business Day, the Awarded Vendor shall respond at the start of the following Business Day. The Awarded Vendor must resolve all technical issue(s) that prompted the OAG’s request for a service call (emergency or non-emergency) within the time frames set forth below. The Awarded Vendor shall satisfactorily resolve each emergency call received from the OAG within twenty-four (24) hours of when the OAG first notified the Awarded Vendor of the emergency (refer to Section 6.3.5 for remedies regarding emergency calls not resolved on time). This time frame applies to all Calendar Days, including weekends and holidays.

Integrated Security Solutions RFO, v1.0 Page 29 of 57

The Awarded Vendor shall satisfactorily resolve each non-emergency call received from the OAG within three (3) Business Days of when the OAG first notified the Awarded Vendor of the problem (refer to Section 6.3.6 for non-emergency calls not resolved on time). The Awarded Vendor shall provide the OAG with two (2) or more contacts, including names and telephone numbers, of management-level technical or operational personnel to whom escalated, unresolved warranty issues may be directed. 6.2.7

Performance Standard for Installed Systems The performance standard for Installed Systems shall be expressed as a percentage and computed by dividing actual availability time (excluding any scheduled system downtime) by the total possible availability for the period. The Awarded Vendor shall meet the following availability times for all Installed Systems: DSX Installed Systems, DSX Communication Installed Systems, and Surveillance Camera Installed Systems shall be available twenty-four (24) hours per Calendar Day; Monitoring Camera Installed Systems shall be available no less than twelve (12) hours per Business Day, from 7:00am to 7:00 pm Local Time.

6.2.8

Example of performance standard calculation:  

 

The total potential availability time, in hours, for a 30-day period is 720, assuming 24-hour-perday availability. The adjusted potential availability time is the total potential availability time (720 hours) less the amount of previously scheduled downtime during that period. For this example, we will assume that there were 2 hours of scheduled downtime, resulting in 718 hours of adjusted potential availability time. The actual availability time during the example period was 717 hours, because there were 2 hours of scheduled downtime and 1 hour of outage time. The actual availability time (717), divided by the adjusted availability time (718), equals 0.9986. Expressed as a percentage, the actual availability time is 99.86%.

Example of performance standard calculation for DSX Systems and Surveillance Cameras: Number of days in period Required hours of availability per day Total potential availability time (Days * Hours) Total scheduled downtime in Performance Period Adjusted availability time (potential availability time less scheduled downtime) Actual availability time Reliability standard calculation 6.3 6.3.1

30 Calendar Days 24 720 hours 2 hours 718 hours 717 hours 99.86%

Non-performance Remedies The Awarded Vendor shall perform all services under this Contract in accordance with the provisions, terms and conditions stated therein.

Integrated Security Solutions RFO, v1.0 Page 30 of 57

In the event that the Awarded Vendor fails to perform services according to a provision, term or condition not covered by another remedy, the OAG may, subject to the nature and extent of the non-compliance, withhold up to ten percent (10%) of payments for all Awarded Vendor services until compliance is achieved. Before withholding may begin, the OAG shall issue a written demand and provide the Awarded Vendor a period of at least thirty (30) Calendar Days to achieve compliance. 6.3.2

If a system fails to meet the reliability standard after sixty (60) consecutive Calendar Days of Acceptance Testing, the OAG may, at its option, request the Awarded Vendor to replace the system, seek to recover damages, and apply any other remedies available within this Contract, or at law or in equity, including, but not limited to, termination of the Contract. If the OAG requests replacement of a failed system, the Awarded Vendor shall, within fourteen (14) Calendar Days, deliver a replacement system that is ready to begin Acceptance Testing.

6.3.3

In the event that the Awarded Vendor fails to respond to an emergency call within the response time set forth in Section 6.2.6.2.1, the OAG may assess against Awarded Vendor the remedy of two hundred dollars ($200.00) per hour for every hour following the one (1) hour response period as liquidated damages, prorated in quarter (1/4) hour increments and rounded up to the nearest quarter (1/4) hour for each partial hour.

6.3.4

In the event that the Awarded Vendor fails to respond to a non-emergency call within the response time set forth in Section 6.2.6.2.2, the OAG may assess against Awarded Vendor the remedy of one hundred dollars ($100.00) per hour for every hour following the four (4) hour response period as liquidated damages, prorated in quarter (1/4) hour increments and rounded up to the nearest quarter (1/4) hour for each partial hour.

6.3.5

In the event that the Awarded Vendor fails to restore an Installed System to full operation following an emergency call within the response time set forth in Section 6.2.6.3.1, the OAG may assess against Awarded Vendor the remedy of two hundred dollars ($200.00) per hour for every hour following the twenty-four (24) hour response period as liquidated damages, prorated in quarter (1/4) hour increments and rounded up to the nearest quarter (1/4) hour for each partial hour.

6.3.6

In the event that the Awarded Vendor fails to restore an Installed System to full operation following a nonemergency call within the response time set forth in Section 6.2.6.3.2, the OAG may assess against Awarded Vendor the remedy of one hundred dollars ($100.00) per hour for every hour following the three (3) Business Day response period as liquidated damages, prorated in quarter (1/4) hour increments and rounded up to the nearest quarter (1/4) hour for each partial hour.

6.3.7

Any liquidated damages may be deducted or withheld from monies owed to the Awarded Vendor. If there are no outstanding payments owed to the Awarded Vendor, the OAG may invoice the Awarded Vendor for the amount of the damages assessed within thirty (30) Calendar Days of notification or discovery of the amount of the damages, and the Awarded Vendor shall make payment within thirty (30) Calendar Days of receipt thereof. Failure to reimburse the OAG for damages may result in cancellation of the Contract.

6.4 6.4.1

Problem Resolution and Corrective Action Process It is the intent of the OAG to establish a good working relationship with the Awarded Vendor and make a good faith effort to resolve problems identified by either the OAG or the Awarded Vendor in a timely manner. Identification of problems by either the OAG or the Awarded Vendor shall be sufficiently detailed to enable the OAG to make prompt decisions as to the best method for resolving the problem and continuing with the established time frames for performance under the Contract resulting from this RFO.

Integrated Security Solutions RFO, v1.0 Page 31 of 57

6.4.2

The Awarded Vendor and the OAG will establish a plan and timeline for resolution of operational or contractual issues which may arise. If all efforts between the Awarded Vendor and the OAG fail to resolve the problem within the stated timeline and to the OAG’s satisfaction, the OAG may escalate the problem to the Awarded Vendor’s management and OAG Executive Management for resolution.

6.4.3

If the Awarded Vendor is aware that a problem exists and fails to report the problem to the OAG, the Awarded Vendor shall continue to be responsible for meeting the goals and timelines established during the term of the Contract.

6.4.4

If the Awarded Vendor is unable to resolve a problem within the established timeline and to the satisfaction of the OAG, the OAG may elect to exercise its options under this Contract, including any available remedy at law or in equity up to and including termination of the Contract.

6.5 6.5.1

Quality Assurance and Continuous Improvement The Awarded Vendor shall maintain a record of all device malfunctions and problem resolutions regarding OAG Installed Systems. The Awarded Vendor shall provide the OAG Contract Manager or OAG Operations Manager a report of malfunctions and problem resolutions, in a mutually agreeable format, upon request.

6.5.2

The Awarded Vendor shall, on a continuous basis, identify ways to improve the quality of services, related technology, and pricing provided to OAG under the Contract, and identify and apply proven tools and techniques from within its operations that would benefit OAG either operationally or financially.

6.5.3

The Awarded Vendor shall advise the OAG Contract Manager of any new opportunities of which Awarded Vendor is aware that relate to the services being provided under the Contract, and shall, at the OAG’s request, assist in the evaluation and testing of such opportunities in connection with the performance of such services. Without limiting the foregoing, Awarded Vendor shall inform the OAG Contract Manager of any new building access system services, products, technologies, process improvements, business trends and best practice of which Awarded Vendor is aware that may be relevant to the services being provided under the Contract.

6.5.4

If the OAG, as a result of Awarded Vendor’s continuous improvement and best practices reviews, wishes to change a contractual requirement, and if that change requires a hardware or software modification and/or addition to the Awarded Vendor’s responsibilities, the Awarded Vendor will be compensated for such change in accordance with Section 6.8, Contract Changes. The OAG shall not be liable for any other costs associated with a change in a contractual requirement.

6.6

HUB Subcontracting Progress Assessment Reports

Monthly HUB Progress Assessment Reports (PARS), including payments made to HUB subcontractors during the previous month, are a requirement of this contract. 6.6.1 6.7 6.7.1

The Successful Respondent shall send, via email, monthly HUB PARS to the OAG’s HUB Coordinator, on or by the fifth (5th) Calendar Day of each month. Financial Reports The Awarded Vendor and any applicable parent or subcontractor(s) shall submit annual financial statements, including balance sheet; income statement; and cash flow statement, no later than sixty (60) calendar days after the end of the respective fiscal year period.

Integrated Security Solutions RFO, v1.0 Page 32 of 57

6.8

Contract Changes

This Contract shall only be amended or modified as follows. First, duly authorized representatives of the parties must execute a writing denominated as an amendment to the Contract. Second, the OAG must adopt the amendment by issuing it as an attachment to an OAG Purchase Order Change Notice (POCN). The Awarded Vendor shall not be entitled to payment for any additional services, work, or products that are not authorized by a properly executed Contract amendment.

7 INVOICING 7.1

Invoicing and Payment Procedures The OAG shall not be liable for any performances rendered or obligations incurred on behalf of the OAG by the Awarded Vendor before execution of a PO. The OAG shall process a properly prepared invoice for payment in accordance with the state procedures for issuing state payments and Chapter 2251 of the Texas Government Code (the “Texas Prompt Payment Act”). The OAG will not pay any amounts responded to and identified as insurance or taxes of any kind. Liability for such items remains with the Awarded Vendor and the response price quoted must include any such cost. The OAG will not be liable for arranging for, or remitting payment for, insurance or taxes of any kind. The Awarded Vendor is responsible for any mileage, travel, per diem cost, and parking. The OAG will not pay for mileage, per diem, travel costs or parking.

7.2

Submitting Invoices Invoices shall be submitted to the OAG Accounting Division at: Accounts Payable Section Office of the Attorney General Accounting Division, Mail Code 003 P.O. Box 12548 Austin, TX 78711-2548 Email: [email protected]

7.3

Required Information for Invoice The Awarded Vendor shall provide the following information on all invoices to the OAG: 1. 2. 3. 4. 5.

Awarded Vendor’s name; Awarded Vendor's Tax Identification Number; Awarded Vendor's address; Awarded Vendor’s contact name and phone number; and The Contract name and OAG PO number.

The Awarded Vendor must invoice the OAG in keeping with the scope and descriptions of, and shall not combine or separate items or amounts as stated in the OAG’s authorization to provide the products and services, including, but not limited to: 1. 2. 3. 4. 5. 6.

Description of goods delivered or services provided, including serial numbers Description of goods removed from the location, including OAG asset numbers; Unit price for each item; Delivery date and location; Installation date and location; and Date of completed Acceptance Testing.

Integrated Security Solutions RFO, v1.0 Page 33 of 57

7.4 7.4.1

Invoice Schedule Invoices for Warranty Fees

The Awarded Vendor shall submit one (1) invoice for warranty fees for all OAG Installed Systems on the tenth (10th) day of every Calendar Month. The OAG PO shall constitute the prior authorization required for this invoice. Note that each system must successfully complete Acceptance Testing to meet the definition of an Installed System. 7.4.2

Invoices for MACs for Installed Systems

The Awarded Vendor shall submit an invoice for MACs to an Installed System, in keeping with the scope and descriptions provided in the OAG’s authorization thereof, after the system has successfully completed Acceptance Testing and meets the definition of an Installed System. 7.4.3

Invoices for Other Products and Services

The Awarded Vendor shall submit invoices for other products and services at the time specified in the OAG’s work authorization. 7.5

Invoice Review

The OAG shall review each invoice for Contract compliance and completeness. If the OAG determines that an invoice is not acceptable under the provisions of the Contract or is otherwise incomplete, the Awarded Vendor shall correct any deficiencies before the OAG will process the invoice for payment. The Awarded Vendor shall provide additional information and/or documentation as the OAG may reasonably require. The Awarded Vendor shall respond to an OAG request for additional information and/or documentation to support payment within three (3) Business Days of receipt. 7.6

Billing at Contract Termination or Conclusion

Upon termination of the Contract for any reason or conclusion of the Contract, and in the event remedies are pending or quality assurance measures are not complete, the Awarded Vendor shall allow the OAG sufficient time to finalize all quality control issues. After all quality control issues have been resolved, the OAG shall notify the Awarded Vendor to invoice the OAG for the remaining balance due.

8 INFORMATION PROTECTION PROVISIONS 8.1 8.1.1

General Survival of Provisions Perpetual Survival and Severability OAG rights and privileges applicable to OAG Data shall survive expiration or any termination of this Contract, and shall be perpetual. As an exception to the foregoing perpetual survival, if certain OAG Data become publicly known and made generally available through no action or inaction of Awarded Vendor, then Awarded Vendor may use such publicly known OAG Data to the same extent as any other member of the public.

Integrated Security Solutions RFO, v1.0 Page 34 of 57

If any term or provision of this Contract, including these Information Protection Provisions, shall be found to be illegal or unenforceable, it shall be deemed independent and divisible, and notwithstanding such illegality or unenforceability, all other terms or provisions in this Contract, including these Information Protection Provisions, shall remain in full force and effect and such term or provision shall be deemed to be deleted. 8.1.2

Applicability References in the Information Protection Provisions All references to “OAG” shall mean the Office of the Attorney General. All references to “OAG-CSD ISO” shall mean the Office of the Attorney General-Child Support Division Information Security Officer. All references to “Awarded Vendor” shall mean [business name and address of Awarded Vendor]. All references to “Awarded Vendor’s Agents” shall mean Awarded Vendor’s officials, employees, agents, consultants, subcontractors, and representatives, and all other persons that perform Contract Services on Awarded Vendor’s behalf. All references to “Contract Services” shall include activities within the scope of the executed Contract. All references to “OAG Data” shall mean all data and information (i) conveyed to Awarded Vendor, whether intentionally or unintentionally, by or on behalf of OAG, (ii) obtained, developed, or produced by Awarded Vendor in connection with this Contract, or (iii) to which Awarded Vendor has access in connection with provision of the Contract Services. All references to “OAG Customers” shall mean any person or entity that delivers, receives, accesses, or uses OAG Data. The term "Security Incident" means an occurrence or event where the confidentiality, integrity or availability of OAG Data may have been compromised and includes, without limitation, a failure by Awarded Vendor to perform its obligations under Section 8.2, Data Security, and Section 8.3, Physical and System Security, subsections below. Inclusion in all Subcontracts The requirements of these confidentiality and security provisions shall be included in, and apply to, all subcontracts and any agreements Awarded Vendor has with anyone performing Contract Services on Awarded Vendor’s behalf. Third Parties This Contract is between Awarded Vendor and the OAG, and is not intended to create any independent cause of action by any third party, individual, or entity against OAG or Awarded Vendor.

8.1.3

Termination for Non-Compliance In the event that either Awarded Vendor or Awarded Vendor’s Agent fails to comply with any of the Information Protection provisions, OAG may exercise any remedy, including immediate termination of this Contract.

8.1.4

Personnel Briefings Training and Acknowledgments

Integrated Security Solutions RFO, v1.0 Page 35 of 57

Awarded Vendor shall ensure that all persons having access to data obtained from OAG Systems are thoroughly briefed on related security procedures, restricted usage, and instructions requiring their awareness and compliance. Awarded Vendor’s Agents accessing OAG Data must complete OAG required security training and execute any OAG required security agreements, acknowledgments or certifications. The OAG Contract Manager shall provide direction to the Awarded Vendor regarding the acquiring of any necessary access, completion of required security training and execution of required security agreements, acknowledgments and certifications. Awarded Vendor shall provide annual reorientation sessions and all of Awarded Vendor’s Agents that perform or are assigned to perform Contract Services shall re-execute, and/or renew their acceptance of, all applicable security documents to ensure that they remain current regarding all applicable security requirements. 8.1.5

Key Person Dependence or Collusion Awarded Vendor shall protect against any key-person dependence or collusion by enforcing policies of separation of duties, restricted job responsibilities, audit logging, and job rotation.

8.2 8.2.1

Data Security Rights in OAG Data Awarded Vendor and Awarded Vendor's Agents possess no special right to access, use or disclose OAG Data as a result of Awarded Vendor 's contractual or fiduciary relationship with the OAG. As between the OAG and the Awarded Vendor, all OAG Data shall be considered the property of OAG and shall be deemed confidential. Awarded Vendor hereby irrevocably assigns, transfers, and conveys, and shall cause Awarded Vendor’s Agents to irrevocably assign, transfer, and convey to OAG without further consideration all of its and their right title and interest to OAG Data. Upon request by OAG, Awarded Vendor shall execute and deliver and shall cause Awarded Vendor’s Agents to execute and deliver to OAG any documents that may be necessary or desirable under any law to preserve or enable OAG to enforce its rights with respect to OAG Data.

8.2.2

Use of OAG Data OAG Data have been, or will be, provided to Awarded Vendor and Awarded Vendor’s Agents solely for use in connection with providing the Contract Services. Re-use of OAG Data in any form is not permitted. Awarded Vendor agrees that it will not access, use or disclose OAG Data for any purpose not necessary for the performance of its duties under this Contract. Without OAG’s approval (in its sole discretion), neither Awarded Vendor nor Awarded Vendor’s Agents shall: (i) use OAG Data other than in connection with providing the Contract Services; (ii) disclose, sell, assign, lease, or otherwise provide OAG Data to third parties, including any local, state, or Federal legislative body; (iii) commercially exploit OAG Data or allow OAG Data to be commercially exploited; or (iv) create, distribute, or use any electronic or hard copy mailing list of OAG Customers. In the event of any unauthorized disclosure or loss of OAG Data, Awarded Vendor shall immediately comply with the Notice subsection of the Security Incidents subsection set forth below. Awarded Vendor or Awarded Vendor’s Agents may, however, disclose OAG Data to the extent required by law or by order of a court or governmental agency; provided that Awarded Vendor shall give OAG, and shall cause Awarded Vendor’s Agents to give OAG, notice as soon as it or they are aware of the requirement; and use its or their best efforts to cooperate with OAG if OAG wishes to obtain a protective order or otherwise protect the confidentiality of such OAG Data. OAG reserves the right to obtain a protective order or otherwise protect the confidentiality of OAG Data.

8.2.3

Protection of OAG Data

Integrated Security Solutions RFO, v1.0 Page 36 of 57

Awarded Vendor shall engage in a continuous cycle of process improvement and vigilance to assess risks, monitor and test security protection, and implement change to protect OAG Data. Awarded Vendor agrees to perform such continuous process improvement and to upgrade its security protection during the term of this Contract. 8.2.4

Statutory, Regulatory and Policy Compliance Awarded Vendor agrees to comply with all OAG policies, standards and requirements, state and federal statutes, rules, regulations, and standards regarding the protection and confidentiality of OAG Data, for which it has received written notice, as currently effective, subsequently enacted or as may be amended. The existing requirements that are applicable to Awarded Vendor’s obligations under this Contract are included in this Contract. Awarded Vendor shall also comply with any requirements set forth in Section 9.0, “Computer System Security” of the IRS Publication 1075 (Rev. 10-2014) and Attachment 4 to this Contract: “United States Internal Revenue Service Requirements for the Safeguarding of Federal Tax Information Including Federal Tax Returns and Return Information”.

8.2.5

Data Retention and Destruction Within thirty (30) Business Days of Contract award, Awarded Vendor and OAG shall develop, and mutually agree upon, a detailed schedule for the retention and possible destruction of OAG Data. The schedule will be based upon the Contract Services being performed and the Awarded Vendor’s limited authorization to access, use, and disclose OAG Data. Subsequent to developing and agreeing upon that schedule, Awarded Vendor shall: 1. Retain and destroy OAG Data in accordance with the detailed schedule for its retention and destruction (According to OAG Data Sanitization standards); 2. Destroy or purge OAG Data in a manner consistent with state policy and Federal regulations for destruction of private or confidential data and in such a way so that the Data are unusable and irrecoverable; 3. Destroy all hard copy OAG Data by shredding to effect 5/16 inch wide or smaller strips and then either incinerating or pulping the shredded material; and 4. Within five (5) Calendar Days (excluding weekends and federal holidays) of destruction or purging, provide the OAG with a completed OAG-Child Support Division “Certificate of Destruction for Contractors and Vendors,” a copy of which is attached hereto and included herein (Attachment 3). In the event of Contract expiration or termination for any reason, Awarded Vendor and Awarded Vendor’s Agents shall completely purge all OAG Data from the information systems of Awarded Vendor and Awarded Vendor’s Agents and no OAG Data will be retained by the Awarded Vendor. All hard-copy OAG Data shall (in accordance with the detailed retention schedule agreed to by Awarded Vendor and OAG under Section 8.2.5.1 above) be destroyed. If immediate purging of all data storage components is not possible, the Awarded Vendor agrees that any OAG Data remaining in any storage component will be protected to prevent unauthorized disclosures. Within twenty (20) Business Days of Contract expiration or termination, Awarded Vendor shall provide OAG with a signed statement detailing the nature of the OAG Data retained, type of storage media, physical location(s), and any planned destruction date. In its sole discretion, the OAG may waive notification requirements or request reasonable changes to the detailed schedule for the retention and destruction of OAG Data.

Integrated Security Solutions RFO, v1.0 Page 37 of 57

8.2.6

Requests to Awarded Vendor for Confidential or Public Information Awarded Vendor and Awarded Vendor's Agents expressly do not have any actual or implied authority to determine whether any OAG Data are public or exempted from disclosure. Tex. Gov’t Code Chapter 552 defines the exclusive mechanism for determining whether OAG Data are subject to public disclosure. Awarded Vendor is not authorized to respond to public information requests on behalf of the OAG. Awarded Vendor agrees to forward to the OAG, by facsimile within one (1) Business Day from receipt all request(s) for information associated with the Awarded Vendor’s services under this Contract. Awarded Vendor shall forward any information requests to: OAG Public Information Coordinator Fax (512) 494-8017

8.3 8.3.1

Physical and System Security General/Administrative Protections At all times Awarded Vendor shall be fully responsible to OAG for the security of the storage, processing, compilation, or transmission of all OAG Data to which it has access, and of all equipment, storage facilities, and transmission facilities on which or for which such OAG Data are stored, processed, compiled, or transmitted. The Awarded Vendor (and Awarded Vendor’s Agents) shall develop and implement internal protection systems, including information security access lists and physical security access lists (the “access protection lists”), designed to protect OAG Data in accordance with applicable law and the provisions for Data Security, Physical Security, and Logical/Information System Protections contained in this Contract. The access protection lists shall document the name and other identifying data for any individual authorized to access, use or disclose OAG Data, as well as any special conditions and limitations applicable to each authorization. The Awarded Vendor shall remove individuals from or change the access rights of individuals on the applicable access protection list immediately upon such individual no longer requiring certain access. At least monthly, the Awarded Vendor shall review and update its access protection lists and ensure that the access protection lists accurately reflect the individuals and their access level currently authorized. At least monthly, the Awarded Vendor shall report the results of these reviews and access changes to the OAG Contract Manager. The OAG shall have the right to review the Awarded Vendor's internal protection systems and access protection lists for all areas of the work site(s). The OAG may, with or without cause, and without cost or liability, revoke or deny any or all authorizations of individuals performing services under this Contract. If any authorization is revoked or denied by OAG, then Awarded Vendor shall immediately use its best efforts to assist the OAG in preventing access, use or disclosure of OAG Data and the Awarded Vendor shall be given written notice of the denial. OAG, in its sole discretion and without consulting Awarded Vendor, may immediately terminate OAG system access for anyone performing services under this Contract. Awarded Vendor shall immediately notify the OAG Contract Manager when any person Awarded Vendor authorized to access OAG Data is no longer authorized to have such access. This notice includes re-assigned or terminated individuals.

Integrated Security Solutions RFO, v1.0 Page 38 of 57

The Awarded Vendor’s physical access security and logical access security systems must track and log all access attempts and failures. The access security systems must produce access logs on request. These logs must identify all access failures and breaches. Notwithstanding anything to the contrary in this Contract, the physical access and logical access security systems logs for any particular calendar year must be retained for a period of seven (7) calendar years after the last Calendar Day of the calendar year in which they were created. Thus a log created on January 1, 2007 may be disposed of, with all other systems access logs created in 2007, on January 1, 2015. All physical access and logical access security systems logs must be stored to electronic media. Any stored log must be produced for viewing access and copying upon request of the OAG within five (5) business days of the request. Awarded Vendor shall maintain appropriate audit trails to provide accountability for use and updates to OAG Data, charges, procedures, and performances. Audit trails maintained by Awarded Vendor shall, at a minimum, identify the supporting documentation prepared by Awarded Vendor to permit an audit of the system by tracing the activities of individuals through the system Awarded Vendor 's automated systems must provide the means whereby authorized personnel have the ability to audit and to verify contractually required performances and to establish individual accountability for any action that can potentially cause access to, generation of, or modification of OAG Data. Awarded Vendor agrees that Awarded Vendor's failure to maintain adequate audit trails and corresponding documentation shall create a presumption that the services or performances were not performed. 8.3.2

Physical Security The computer site and related infrastructures (e.g., information system servers, protected interface equipment, associated peripherals, communications equipment, wire closets, patch panels, etc.) must have physical security that at all times protects OAG Data against any unauthorized access to, or routine viewing of, computer devices, access devices, and printed and stored data. Data accessed shall always be maintained in a secure environment (with limited access by authorized personnel both during work and non-work hours) using devices and methods such as, but not limited to: alarm systems, locked containers of various types, fireproof safes, restricted areas, locked rooms, locked buildings, identification systems, guards, or other devices reasonably expected to prevent loss or unauthorized removal of manually held data. Awarded Vendor shall also protect against unauthorized use of passwords, keys, combinations, access logs, and badges. The Awarded Vendor agrees that the systems operation room (which houses network equipment, servers and other centralized processing hardware) shall be accessible only by authorized IT personnel or executive management. In situations such as remote terminals, or office work sites where all of the requirements of a secure area with restricted access cannot be maintained, the equipment shall receive the highest level of protection. This protection must include (where communication is through an external, non-organization-controlled network [e.g., the Internet]) multifactor authentication that is compliant with NIST SP 800-63, Electronic Authentication Guidance level 3 or 4, and shall be consistent with Section 4.7 “Telework Locations” and Section 9.3.11.9 “Alternate Worksite (PE-17)” of IRS Publication 1075 (Rev. 10-2014). Awarded Vendor shall protect information systems against environmental hazards and provide appropriate environmental protection in facilities containing information systems.

8.3.3

Logical/Information System Protections The Awarded Vendor shall take all reasonable steps to ensure the logical security of all information systems used in the performance of this Contract, including: 1. Independent oversight of systems administrators and programmers; 2. Restriction of user, operator, and administrator accounts in accordance with job duties; 3. Authentication of users to the operating system and application software programs;

Integrated Security Solutions RFO, v1.0 Page 39 of 57

4. 5. 6. 7. 8.

Awarded Vendor shall adhere to OAG-approved access methods, and the protection and use of unique identifiers such as user identifications and passwords; Awarded Vendor shall have an authorization process for user access and privileges. Any access not granted is prohibited; Awarded Vendor shall maintain an access protection list that details the rights and privileges with respect to each such user; Audit trails for user account adds, deletes, and changes, as well as, access attempts and updates to individual data records; and Protection to prevent unauthorized processing in or changes to software, systems, and OAG Data in the production environment.

Awarded Vendor shall implement protection for the prevention, detection and correction of processing failure, or deliberate or accidental acts that may threaten the confidentiality, availability, or integrity of OAG Data. Awarded Vendor shall implement counter-protection against malicious software on Awarded Vendor’s internal systems used in Contract performance. Awarded Vendor shall ensure that relevant Security Incidents are identified, monitored, analyzed, and addressed. Awarded Vendor shall apply a high-level of protection toward hardening all security and critical server communications platforms and ensure that operating system versions are kept current. Awarded Vendor shall adhere to mutually agreed upon procedures for authorizing hardware and software changes, and for evaluation of their security impact. Awarded Vendor shall institute a process that provides for immediate revocation of a user’s access rights and the termination of the connection between systems, if warranted by the nature of any Security Incident. 8.3.4

Encryption OAG Data must be encrypted while at rest on any media (e.g., USB drives, laptops, workstations, and server hard drives), in transmission, and during transport (i.e. the physical moving of media containing OAG Data). OAG Data must be encrypted using current FIPS validated cryptographic modules. The OAG will specify the minimum encryption level necessary. Any change to this minimum encryption level will be communicated in writing to the Awarded Vendor by the OAG Contract Manager. The Awarded Vendor shall adhere to mutually agreed upon procedures for data transmission. OAG Data are not allowed on mobile/remote/portable storage devices; nor may storage media be removed from the facility used by Awarded Vendor. Awarded Vendor may submit, to the OAG Contract Manager, a written request for an exception to these prohibitions. A granted exception will be communicated in writing to the Awarded Vendor by the OAG Contract Manager. If OAG finds it necessary to allow storage media to be removed from a facility used by Awarded Vendor, OAG will specify the circumstance(s) under which storage media may be removed. This prohibition does not apply to Awarded Vendor Information Systems backup procedure. Awarded Vendor Information Systems backup procedure is subject to the United States Internal Revenue Service requirements set forth in Section 9.3.6.7 “Information System Backup (CP-9)” of IRS Publication 1075 (Rev. 10-2014) and Attachment 4 entitled “United States Internal Revenue Service Requirements for the Safeguarding of Federal Tax Information Including Federal Tax Returns and Return Information”.

8.4 8.4.1

Security Audit Right to Audit, Investigate and Inspect

Integrated Security Solutions RFO, v1.0 Page 40 of 57

Without notice, the Awarded Vendor shall permit, and shall require Awarded Vendor’s Agents to, permit the OAG, the State Auditor of Texas, the United States Internal Revenue Service, the United States Department of Health and Human Services and the Comptroller General of the United States to: 1. Monitor and observe the operations of, and to perform security investigations, audits, and reviews of the operations and records of, the Awarded Vendor and Awarded Vendor’s Agents; 2.

Inspect its information system in order to assess security at the operating system, network, and application levels; provided, however, that such assessment shall not interfere with the daily operations of managing and running the system;

3.

Enter, unannounced, into the offices and places of business of the Awarded Vendor and Awarded Vendor’s Agents for a security inspection of the facilities and operations used in the performance of Contract Services. Specific remedial measures may be required in cases where the Awarded Vendor or Awarded Vendor’s Agents are found to be noncompliant with physical and/or data security protection.

Any audit of documents shall be conducted at the Awarded Vendor's principal place of business and/or the location(s) of the Awarded Vendor's operations during the Awarded Vendor's normal business hours and at the OAG's expense. Awarded Vendor shall provide to OAG and such auditors and inspectors as OAG may designate in writing, on Awarded Vendor's premises, (or if the audit is being performed of a Awarded Vendor’s Agent, the Agent’s premises, if necessary) space, office furnishings (including lockable cabinets), telephone and facsimile services, at least one workstation connected to each Awarded Vendor system subject to the audit, utilities and office-related equipment and duplicating services as OAG or such auditors and inspectors may reasonably require to perform the audits. Awarded Vendor shall supply to the OAG and the State of Texas any data or reports rendered or available in conjunction with any security audit of Awarded Vendor or Awarded Vendor’s Agents if those reports pertain, in whole or in part, to the Contract Services. This obligation shall extend to include any report(s) or other data generated by any security audit conducted up to one (1) year after the date of termination or expiration of the Contract. 8.5 8.5.1

Security Incidents Response to Security Incidents Awarded Vendor shall detect and respond to Security Incidents which might occur. Awarded Vendor shall document its relevant procedures and processes into an internal incident response plan and provide such plan for OAG approval no later than thirty (30) Calendar Days prior to OAG Data being provided to Awarded Vendor. The OAG, in its discretion, may withhold fifty percent (50%) of Awarded Vendor's monthly invoices for each month until an OAG-approved incident response plan is in place.

8.5.2

Notice Within one (1) hour of discovering or having any reason to believe that there has been, any physical, personnel, system, or OAG Data Security Incident, Awarded Vendor shall initiate risk mitigation and notify the OAG-CSD ISO and the OAG Contract Manager, by telephone and by email, of the Security Incident and the initial risk mitigation steps taken. The Awarded Vendor must also notify the Tax Inspector General for Tax Administration in Dallas by phone (713-209-3711). If unable to contact the Dallas office, contact the National Office at Hotline Number: 800-589-3718.

Integrated Security Solutions RFO, v1.0 Page 41 of 57

Within twenty-four (24) hours of the discovery, Awarded Vendor shall conduct a preliminary risk analysis of the Security Incident; commence an investigation into the incident; and provide a written report utilizing the attached Security Incident Report (Attachment 3) to the OAG-CSD ISO, with a copy to the OAG Contract Manager fully disclosing all information relating to the Security Incident and the results of the preliminary risk analysis. This initial report shall include, at a minimum: nature of the incident (e.g., data loss/corruption/intrusion); cause(s); mitigation efforts; corrective actions; and estimated recovery time. Each Calendar Day thereafter until the investigation is complete, Awarded Vendor shall: 1. Provide the OAG-CSD ISO, or the OAG-CSD ISO’s designee, with a daily oral or email report regarding the investigation status and current risk analysis; and 2. Confer with the OAG-CSD ISO or the OAG-CSD ISO’s designee, regarding the proper course of the investigation and risk mitigation. Whenever daily oral reports are provided, Awarded Vendor shall provide, by close of business each Friday, an email report detailing the foregoing daily requirements. 8.5.3

Final Report Within five (5) Business Days of completing the risk analysis and investigation, Awarded Vendor shall submit a written Final Report to the OAG-CSD ISO with a copy to the OAG Contract Manager, which shall include: A detailed explanation of the cause(s) of the Security Incident; A detailed description of the nature of the Security Incident, including, but not limited to, extent of intruder activity (such as files changed, edited or removed; Trojans), and the particular OAG Data affected; and A specific cure for the Security Incident and the date by which such cure shall be implemented, or if the cure has been put in place, a certification to the OAG that states: the date that Awarded Vendor implemented the cure and a description of how the cure protects against the possibility of a recurrence. If the cure has not been put in place by the time the report is submitted, Awarded Vendor shall within thirty (30) Calendar Days after submission of the final report, provide a certification to the OAG that states: the date that Awarded Vendor implemented the cure and a description of how the cure protects against the possibility of a recurrence. If Awarded Vendor fails to provide a Final Report and Certification within forty-five (45) Calendar Days, or as otherwise agreed to, of the Security Incident, Awarded Vendor agrees the OAG may exercise any remedy in equity, provided by law, or identified in the Contract.

8.5.4

Independent Right to Investigate The OAG reserves the right to conduct an independent investigation of any Security Incident, and should OAG choose to do so, Awarded Vendor shall cooperate fully, making resources, personnel and systems access available.

8.6 8.6.1

Remedial Action Remedies Not Exclusive and Injunctive Relief

Integrated Security Solutions RFO, v1.0 Page 42 of 57

The remedies provided in this section are in addition to, and not exclusive of, all other remedies available within this Contract, or at law or in equity. OAG’s pursuit or non-pursuit of any one remedy for a Security Incident(s) does not constitute a waiver of any other remedy that OAG may have at law or equity. If injunctive or other equitable relief is available, then Awarded Vendor agrees that the OAG shall not be required to post bond or other security as a condition of such relief. 8.6.2

Notice and Compensation to Third Parties In the event of a Security Incident, third-party or individual data may be compromised, and the OAG and Awarded Vendor agree that the actual harm to such third parties caused by the Security Incident is difficult to estimate. Furthermore, OAG and Awarded Vendor agree, that a reasonable forecast of just compensation is for the Awarded Vendor to provide to individuals whose personal, confidential, or privileged data were compromised or likely compromised as a result of the Security Incident: 1. Notification of the event; 2. Actual damages sustained by the individual as a result of the Security Incident and any prescribed statutory damages; and 3. One year of credit monitoring services, at no-cost to each such individual, entity, or the OAG. Subject to OAG review and approval, Awarded Vendor shall provide notice of the Security Incident, with such notice to include: 1. A brief description of what happened; 2. A description, to the extent possible, of the types of personal data that were involved in the security breach (e.g., full name, SSN, date of birth, home address, account number, etc.); 3. A brief description of what is being done to investigate the breach, mitigate losses, and to protect against any further breaches; 4. Contact procedures for those wishing to ask questions or learn additional data, including a toll-free telephone number, website and postal address; 5. Steps individuals should take to protect themselves from the risk of identity theft, including steps to take advantage of any credit monitoring or other service the Awarded Vendor shall offer; and 6. Contact information for the Federal Trade Commission website, including specific publications. Notice of the Security Incident shall comply with Section 504 of the Rehabilitation Action of 1973, with accommodations that may include establishing a Telecommunications Device for the Deaf (TDD) or posting a larger-type notice on the website containing notice. Awarded Vendor and OAG shall mutually agree on the methodology for providing the notice required in this subsection. Neither party shall unreasonably withhold such agreement; however the notice method must comply with the notification requirements of Section 521.053, Texas Business and Commerce Code (as currently enacted or subsequently amended). Provided further that Awarded Vendor must also comply with Section 521.053’s "consumer reporting agency" notification requirements. If OAG, in its sole discretion, elects to send notice of the Security Incident in lieu of the Awarded Vendor sending notice, then Awarded Vendor shall reimburse to the OAG all costs associated with preparing and providing notice. If the Awarded Vendor does not reimburse such cost within thirty (30) Calendar Days of request OAG shall have the right to collect such cost by offsetting or reducing any future payments owed to Awarded Vendor.

8.6.3

Commencement of Legal Action

Integrated Security Solutions RFO, v1.0 Page 43 of 57

Awarded Vendor shall not commence any legal proceeding on OAG’s behalf without the OAG’s express written consent.

9 CONTRACT TERMS AND CONDITIONS 9.1

Financial Terms and Conditions

9.1.1 Audit Exceptions The Awarded Vendor has no unresolved audit exceptions with the OAG. An unresolved audit exception is an exception for which the Awarded Vendor has exhausted all administrative and/or judicial remedies and refuses to comply with any resulting demand for payment. 9.1.2 Audit and Investigation Awarded Vendor understands that acceptance of funds under this Contract acts as acceptance of the authority of the State Auditor's Office, or any successor agency, to conduct an audit or investigation in connection with those funds. Awarded Vendor further agrees to cooperate fully with the State Auditor's office or its successor in the conduct of the audit or investigation, including providing all records requested. Awarded Vendor shall ensure that this clause concerning the authority to audit funds received indirectly by subcontractors through Awarded Vendor and the requirement to cooperate is included in any subcontract it awards. 9.1.3 Legislative Appropriations All obligations of the OAG are subject to the availability of legislative appropriations and, for federally funded procurements, to the availability of federal funds applicable to this procurement. The parties acknowledge that the ability of the OAG to make payments under this Contract is contingent upon the continued availability of funds for the Child Support Enforcement Strategy and the State Disbursement Unit Strategy (collectively “Strategies”). The parties acknowledge that funds are not specifically appropriated for this Contract and the OAG’s continual ability to make payments under this Contract is contingent upon the funding levels appropriated to the OAG for the Strategies for each particular appropriation period. The OAG will use all reasonable efforts to ensure that such funds are available. The parties agree that if future levels of funding for the OAG Child Support Enforcement Strategy and/or the State Disbursement Unit Strategy are not sufficient to continue operations without any operational reductions, the OAG, in its discretion, may terminate this Contract, either in whole or in part. In the event of such termination, the OAG will not be considered to be in default or breach under this Contract, nor shall it be liable for any further payments ordinarily due under this Contract, nor shall it be liable for any damages or any other amounts which are caused by or associated with such termination. The OAG shall make best efforts to provide reasonable written advance notice to Awarded Vendor of any such termination. In the event of such a termination, Awarded Vendor shall, unless otherwise mutually agreed upon in writing, cease all work immediately upon the effective date of termination. OAG shall be liable for payments limited only to the portion of work the OAG authorized in writing and which the Awarded Vendor has completed, delivered to the OAG, and which has been accepted by the OAG. All such work shall have been completed, per the Contract requirements, prior to the effective date of termination. 9.1.4 Provisions of Funding by United States It is expressly understood that any and all of the OAG’s obligations and liabilities hereunder are contingent upon the existence of a state plan for child support enforcement approved by the United States Department of Health and Human Services providing for the statewide program of child support enforcement, pursuant to the Social Security Act, and on the availability of Federal Financial Participation for the activities described herein. In the event that such approval of the state plan or the availability of Federal Financial Participation should lapse or otherwise terminate, the OAG shall promptly notify Vendor of such fact in writing. Upon such occurrence the OAG shall discontinue payment hereunder.

Integrated Security Solutions RFO, v1.0 Page 44 of 57

9.1.5 Antitrust and Assignment of Claims Pursuant to 15 U.S.C. §1, et seq., and Tex. Bus. & Comm. Code §15.01, et seq., the Awarded Vendor affirms that it has not violated the Texas antitrust laws or federal antitrust laws and has not communicated its bid for this Contract directly or indirectly to any competitor or any other person engaged in such line of business. The Awarded Vendor hereby assigns to the OAG any claims for overcharges associated with this Contract under 15 U.S.C. §1, et seq., and Tex. Bus. & Comm. Code §15.01, et seq. 9.2 9.2.1

Contract Management Notices and Liaisons

Written Notices Delivery Any notice required or permitted to be given under this Contract by one party to the other party shall be in writing and shall be addressed to the receiving party at the address hereinafter specified. The notice shall be deemed to have been given immediately if delivered in person to the recipient’s address hereinafter specified. It shall be deemed to have been given on the date of certified receipt if placed in the United States mail, postage prepaid, by registered or certified mail with Return Receipt requested, addressed to the receiving party at the address hereinafter specified. 9.2.2 Awarded Vendor The address of the Awarded Vendor for all purposes under this SOW and for all notices hereunder shall be designated at the time of Contract Award. 9.2.3 OAG The address of the OAG for all purposes under this SOW and for all notices hereunder shall be designated at Contract Award. With copies to (Registered or Certified Mail with return receipt is not required for copies): Maria Rivera, Managing Attorney (or successor) Office of General Counsel, Transactional Attorneys Section MC 044, Office of the Attorney General P. O. Box 12017 Austin, Texas 78711-2017 9.2.4 Liaisons Awarded Vendor and OAG each agree to maintain specifically identified liaison personnel for their mutual benefit during the term of the Contract. The liaison(s) named by Awarded Vendor shall serve as the initial point(s) of contact for any inquiries made pursuant to this Contract by OAG and respond to any such inquiries by OAG. The liaison(s) named by OAG shall serve as the initial point(s) of contact for any inquiries made pursuant to this Contract by Awarded Vendor and respond to any such inquiries by Awarded Vendor. The liaison(s) shall be named in writing at the time of the execution of this Contract. Subsequent changes in liaison personnel shall be communicated by the respective parties in writing. 9.2.5 No Assignment by Awarded Vendor Awarded Vendor will not assign its rights under this Contract or delegate the performance of its duties under this Contract without prior written approval from the OAG. Notwithstanding anything to the contrary in the Texas Business Organizations Code or any other Texas or other state statute a merger shall not act to cause the assumption, by the surviving entity or entities, of this Contract and/or its associated rights and duties without the prior written approval of the OAG. The term "merger" as used in this Section includes, without limitation, the combining of two corporations into a single surviving corporation, the combining of two existing corporations to form a third newly created corporation; or the combining of a corporation with another form of business organization.

Integrated Security Solutions RFO, v1.0 Page 45 of 57

9.2.6 Reporting Fraud, Waste or Abuse The Awarded Vendor must report any suspected incident of fraud, waste or abuse associated with the performance of this Contract to any one of the following listed entities:  the Contract Manager;  the Deputy Director for Contract Operations, Child Support Division;  the Deputy Director, Child Support Division;  the Director, Child Support Division;  the OAG Ethics Advisor;  the OAG’s Fraud, Waste and Abuse Prevention Program (“FWAPP”) Hotline (866-552-7937) or the FWAPP E-mailbox ([email protected]);  The State Auditor’s Office hotline for fraud (1-800-892-8348). The report of suspected misconduct shall include (if known):  the specific suspected misconduct;  the names of the individual(s)/entity(ies) involved;  the date(s)/location(s) of the alleged activity(ies);  the names and all available contact information (phone numbers, addresses) of possible witnesses or other individuals who may have relevant information; and  any documents which tend to support the allegations. The words fraud, waste or abuse as used in this Section have the following meanings:  Fraud is the use of one’s position for obtaining personal benefit (including benefit for family/friends) through the deliberate misuse or misapplication of resources or assets.  Waste is the extravagant careless or needless expenditure of funds or consumption of property that results from deficient practices, system controls, or decisions.  Abuse is the misuse of one’s position, title or authority to obtain a personal benefit (including benefit for family/friends) or to attempt to damage someone else. 9.2.7

Controlled Correspondence In order to track and document requests for decisions and/or information pertaining to this Contract, and the subsequent response to those requests, the OAG and the Awarded Vendor shall use Controlled Correspondence. The OAG shall manage the Controlled Correspondence for this Contract. For each Controlled Correspondence document, the OAG shall assign a tracking number and the document shall be signed by the appropriate party’s Contract Manager. Controlled Correspondence shall not be used to change pricing or alter the terms of this Contract. Controlled Correspondence shall not be the basis of a claim for equitable adjustment of pricing. Any changes that involve the pricing or the terms of this Contract must be by an IAC amendment. However, the Controlled Correspondence process may be used to document refinements and interpretations of the provisions of this Contract. Controlled Correspondence documents shall be maintained by both parties in on-going logs and shall become part of the normal status reporting process. Any communication not generated in accordance with such process shall not be binding upon the parties and shall be of no effect.

9.2.8

Transition Requirements The OAG and the Awarded Vendor shall develop a Transition Plan for the transition of all services and operations at the termination of the Contract(s). The plan shall specify the tasks to be performed by the parties, the schedule for the performance of such tasks and the respective responsibilities of the parties associated with the tasks.

Integrated Security Solutions RFO, v1.0 Page 46 of 57

The Awarded Vendor’s Transition Plan shall also address the following at a minimum:    

Transfer (to either the OAG or another vendor) or close-out of operations including the method by which operations will be continued during the transition period and the organizational structure proposed during transition; Closeout of financial processes, including invoicing, lease, outstanding Contractual items, etc.; Transition of open operational items, including outstanding customer service and Contract monitoring issues; and Transfer of data, Source Documents, and any other OAG property.

A draft of the Transition Plan shall be completed at a date agreed upon by the OAG and the Awarded Vendor, but not later than forty-five (45) Calendar Days from the date of Contract award. The Awarded Vendor and the OAG shall meet annually to review and discuss any modifications to the Transition Plan. The Awarded Vendor shall make any necessary modifications to the Transition Plan within twenty (20) Business Days and forward the plan to the OAG for final approval. During the transition period, the Awarded Vendor shall meet with the transition team (comprised of OAG staff members, Awarded Vendor and the incoming vendor), weekly to review progress and update the Transition Plan. The Awarded Vendor shall return all OAG documentation and property to the OAG in accordance with the provisions for “Data Security”, Section 8.2. The OAG will not issue payment for services or costs incurred by the Awarded Vendor in performing transition responsibilities that do not involve services performed pursuant to the specifications of this Contract. 9.2.9

Optional Services The OAG may request optional services or programming changes after implementation of the Awarded Vendor’s solution. The decision to obtain optional services or programming changes will be within the sole discretion of the OAG. In the event the OAG elects to exercise this option, the OAG shall provide the Awarded Vendor with a statement of work and the Awarded Vendor shall provide proposed pricing for the optional services. The OAG may accept or reject these optional services from the Awarded Vendor and refine the requirements and negotiate final costs. The OAG CSD is not responsible or liable for payment for software development/modifications until the OAG CSD determines that any associated test results are acceptable.

9.2.10 Cooperation with the OAG The Awarded Vendor must ensure that it cooperates with the OAG and other state or federal administrative agencies, at no charge to the OAG, for purposes relating to the administration of this Contract. The Awarded Vendor agrees to reasonably cooperate with and work with the OAG’s contractors, subcontractors, and third party representatives as requested by the OAG. The Office of the Attorney General (OAG) Child Support Division (CSD) is in the process of renewing its Child Support Enforcement System, known as TXCSES. The new system is referred to as T2. 9.2.11

Dispute Resolution Process for Claims of Breach of Contract The dispute resolution process provided for in Chapter 2260 of the Government Code shall be used, as further described herein, by the OAG and Awarded Vendor to attempt to resolve any claim for breach of Contract made by Awarded Vendor.

Integrated Security Solutions RFO, v1.0 Page 47 of 57

A claim for breach of Contract that the parties cannot resolve in the ordinary course of business shall be submitted to the negotiation process provided in Chapter 2260, Subchapter B, of the Government Code. To initiate the process, Awarded Vendor shall submit written notice, as required by Subchapter B, to the Deputy for Child Support, Office of the Attorney General, P.O. Box 12017 (Mail Code 033) Austin, Texas 78711-2017. The notice shall specifically state that the provisions of Chapter 2260, Subchapter B, are being invoked. A copy of the notice shall also be given to all other representatives of the parties otherwise entitled to notice. Compliance with Subchapter B is a condition precedent to the filing of a contested case proceeding under Chapter 2260, Subchapter C, of the Government Code. The contested case process provided in Chapter 2260, Subchapter C, of the Government Code is the sole and exclusive process for seeking a remedy for any and all alleged breaches of Contract by the OAG if the parties are unable to resolve their disputes under the negotiation process. Compliance with the contested case process is a condition precedent to seeking consent to sue from the Legislature under Chapter 107 of the Civil Practices and Remedies Code. Neither the execution of this Contract by the OAG nor any other conduct of any representative of the OAG relating to the Contract shall be considered a waiver of sovereign immunity to suit. The submission, processing and resolution of a claim for breach of Contract is governed by the published rules adopted by the OAG pursuant to Chapter 2260, as currently effective, hereafter enacted or subsequently amended. Neither the occurrence of an event nor the pendency of a claim constitutes grounds for the suspension of performance by Awarded Vendor, in whole or in part. 9.3

Amendment

This Contract shall only be amended or modified as follows: First, duly authorized representatives of the parties must execute a writing denominated as an amendment to the Contract. Second, the OAG must adopt the amendment by issuing it as an attachment to an OAG purchase order change notice. Awarded Vendor shall not be entitled to payment for any additional services, work, or products that are not authorized by a properly executed Contract amendment. 9.4

Termination of Contract

9.4.1 Convenience of the State of Texas OAG reserves the right to terminate the Contract at any time, in whole or in part, without penalty, by providing thirty (30) Calendar Days’ advance written notice, if OAG determines that such termination is in its best interest. In the event of such a termination, Awarded Vendor shall, unless otherwise mutually agreed upon in writing, cease all work immediately upon the effective date of termination. OAG shall be liable for payments limited only to the portion of work the OAG authorized in writing and which the Awarded Vendor has completed, delivered to the OAG, and which has been accepted by the OAG. All such work shall have been completed, per the Contract requirements, prior to the effective date of termination. The OAG shall have no other liability including no liability for any costs associated with the termination. 9.4.2 Cause/Default If the Awarded Vendor fails to provide the contracted for commodities and or services according to the provisions of this Contract, or fails to comply with any of the terms or conditions of this Contract, the OAG may, upon written notice of default to the Awarded Vendor, immediately terminate all or any part of this Contract. Termination is not an exclusive remedy, but will be in addition to any other rights and remedies provided in equity, by law or under this Contract.

Integrated Security Solutions RFO, v1.0 Page 48 of 57

The OAG may exercise any other right, remedy or privilege which may be available to it under applicable law of the State and any other applicable law or proceed by appropriate court action to enforce the provisions of this Contract, or to recover damages for the breach of any agreement being derived from this Contract. The exercise of any of the foregoing remedies will not constitute a termination of this Contract unless the OAG notifies the Awarded Vendor in writing prior to the exercise of such remedy. The Awarded Vendor will remain liable for all covenants and indemnities under the aforesaid agreement. The Awarded Vendor will be liable for all costs and expenses, including court costs, incurred by the OAG with respect to the enforcement of any of the remedies listed herein. 9.4.3 Change in Federal or State Requirements If Federal or State laws or regulations or other Federal or State requirements are amended or judicially interpreted so that either party cannot reasonably fulfill this Contract and if the parties cannot agree to an amendment that would enable substantial continuation of the Contract, the parties shall be discharged from any further obligations under this Contract. 9.4.4 Rights upon Termination of the Contract In the event that the Contract is terminated for any reason, or upon its expiration, the OAG shall retain ownership of all associated work products and documentation with any order that results from or is associated with this Contract in whatever form that they exist. 9.4.5 Survival of Terms Termination of this Contract for any reason shall not release the Awarded Vendor from any liability or obligation set forth in this Contract that is expressly stated to survive any such termination or by its nature would be intended to be applicable following any such termination. 9.5 9.5.1

General Terms and Conditions Federal Terms and Conditions

Compliance with Law Awarded Vendor shall comply with all state and federal laws, rules, regulations, requirements and guidelines applicable to Awarded Vendor: (1) performing its obligations hereunder and to assure with respect to its performances hereunder that OAG is carrying out the program of child support enforcement pursuant to Title IV, Part D of the federal Social Security Act of 1935 as amended; (2) providing services to OAG as these laws, rules, regulations, requirements and guidelines currently exist and as they are amended throughout the term of this Contract. Awarded Vendor’s obligations include compliance with all such state and federal laws, rules, regulations, requirements and guidelines applicable to Awarded Vendor that become effective at any time during any term or renewal of this Contract. OAG reserves the right, in its sole discretion, to unilaterally amend this Contract throughout its term to incorporate any modifications necessary for OAG's or Awarded Vendor's compliance with all applicable state and federal laws, rules, regulations, requirements and guidelines. Civil Rights The Awarded Vendor agrees that no person shall, on the ground of race, color, religion, sex, national origin, age, disability, political affiliation, or religious belief, be excluded from the participation in, be denied the benefits of, be subjected to discrimination under, or be denied employment in the administration of, or in connection with, any program or activity funded in whole or in part with funds available under this Contract. The Awarded Vendor shall comply with Executive Order 11246, "Equal Employment Opportunity" as amended by Executive Order 11375, "Amending Executive Order 11246 relating to Equal Employment Opportunity", and as supplemented by regulations at 41 C.F.R. Part 60, "Office of Federal Contract Compliance Programs, Equal Employment Opportunity Department of Labor". The Awarded Vendor shall ensure that all subcontracts comply with the above referenced provisions.

Integrated Security Solutions RFO, v1.0 Page 49 of 57

Certification Regarding Debarment, Suspension, Ineligibility, and Voluntary Exclusion from Participation Awarded Vendor certifies by entering into this Contract, that neither it nor its principals are debarred, suspended, proposed for debarment, declared ineligible, or otherwise excluded from participation in this transaction by any federal department or agency. Records Retention Awarded Vendor shall retain all financial records, supporting documents, statistical records, and any other records or books relating to the performances called for in this Contract. Awarded Vendor shall retain all such records for a period of five (5) years after the expiration of the term of this Contract, or until the OAG or the United States are satisfied that all audit and litigation matters are resolved, whichever period is longer. Awarded Vendor shall grant access to all books, records and documents pertinent to this Contract to the OAG, the State Auditor of Texas, the United States Department of Health and Human Services and the Comptroller General of the United States for the purposes of inspecting, auditing, or copying such books, records and documents. The requirements of this provision shall be included in all subcontracts. Environmental Protection Awarded Vendor shall be in compliance with all applicable standards, orders, or requirements issued under section 306 of the Clean Air Act (42 USC 1857(h)) Section 508 of the Clean Water Act (33 USC 1368) Executive Order 11738, and Environmental Protection Agency regulations (40 CFR part 15). The requirements of this provision shall be included in all subcontracts that exceed $100,000. Lobbying Disclosure Awarded Vendor shall comply with the provisions of a federal law known generally as the Lobbying Disclosure Acts of 1989, and the regulations of the United States Department of Health and Human Services promulgated pursuant to said law, and shall make all disclosures and certifications as required by law. Awarded Vendor shall submit with its response the Certification Regarding Lobbying included with this solicitation.This certification certifies that the Awarded Vendor will not and has not used federally appropriated funds to pay any person or organization for influencing or attempting to influence any officer or employee of any Federal agency, a member of Congress, officer or employee of Congress, or an employee of a member of Congress in connection with obtaining any Federal contract, grant or any other award covered by 31 U.S.C. 1352. It also certifies that the Awarded Vendor will disclose any lobbying with non-Federal funds that takes place in connection with obtaining any Federal award by completing and submitting Standard Form F, Certification Regarding Lobbying. The requirements of this provision shall be included in all subcontracts exceeding $100,000. 9.5.2

Certifications

Certification Concerning Child Support Obligations Under Section 231.006, Texas Family Code, (relating to child support) the Awarded Vendor, by signing this Contract, certifies that it is not ineligible to receive a payments under this Contract and acknowledges that this Contract may be terminated and payment may be withheld if this certification is inaccurate. Certification Concerning Dealings with Public Servants Awarded Vendor, by signing this Contract, certifies that it has not given nor intends to give at any time hereafter any economic opportunity, future employment, gift, loan, gratuity, special discount, trip, favor, or service to a public servant in connection with this transaction. Certification Concerning Financial Participation Pursuant to §2155.004, Government Code, the Awarded Vendor certifies that the individual or business entity named in this Contract is not ineligible to receive the Contract and acknowledges that this Contract may be terminated and payment withheld if this certification is inaccurate. Section 2155.004 prohibits a person or entity from receiving a state contract if they received compensation for participating in preparing the solicitation or specifications for the Contract.

Integrated Security Solutions RFO, v1.0 Page 50 of 57

Certification Concerning Hurricane Relief Sections 2155.006 and 2261.053, Government Code, prohibit the OAG from awarding a contract to any person who, in the past five years, has been convicted of violating a federal law or assessed a penalty in connection with a contract involving relief for Hurricane Rita, Hurricane Katrina, or any other disaster, as defined by §418.004 of the Government Code, occurring after September 24, 2005. Under §2155.006 , Government Code, the Awarded Vendor certifies that the individual or business entity named in this Contract is not ineligible to receive this Contract and acknowledges that the Contract may be terminated and payment withheld if this certification is inaccurate. Certification Concerning Participation Eligibility Awarded Vendor certifies that it and its principals are eligible to participate in this Contract and have not been subjected to suspension, debarment, or similar ineligibility determined by any federal state or local governmental entity and that Awarded Vendor is in compliance with the State of Texas statutes and rules relating to procurement and contracting and that Awarded Vendor is not listed on the federal government's terrorism watch list as described in Executive Order 13224. Entities ineligible for federal procurement are listed at https://www.sam.gov. Certification Concerning Conflicts of Interest Awarded Vendor represents and warrants that it has no actual or potential conflicts of interest in providing the requested items to the OAG under this Contract and that Awarded Vendor’s provision of the requested items under this Contract would not reasonably create an appearance of impropriety. Buy Texas In accordance with §2155.4441, Texas Government Code, the Awarded Vendor shall, in performing any services under this Contract, purchase products and materials produced in Texas when they are available at a comparable price and in a comparable period of time to products and materials produced outside Texas. 9.5.3

General Responsibilities

Independent Contractor This Contract shall not render the Awarded Vendor an employee, officer, or agent of the OAG for any purpose. The Awarded Vendor is and shall remain an independent contractor in relationship to the OAG. The OAG shall not be responsible for withholding taxes with respect to the Awarded Vendor’s compensation under this Contract. The Awarded Vendor shall have no claim against the OAG under this Contract for vacation pay, sick leave, retirement benefits, social security, worker's compensation, health or disability benefits, unemployment insurance benefits, or employee benefits of any kind. No Implied Authority Any authority delegated to the Awarded Vendor by the OAG is limited to the terms of this Contract. The Awarded Vendor shall not rely upon implied authority and specifically is not delegated authority under this Contract to: Make public policy; Promulgate, amend, or disregard OAG Child Support program policy; or Unilaterally communicate or negotiate, on behalf of the OAG, with any member of the U.S. Congress or any member of their staff, any member of the Texas Legislature or any member of their staff, or any federal or state agency. However, the Awarded Vendor is required to cooperate fully with the OAG in communications and negotiations with federal and state agencies, as directed by the OAG. Indemnification and Liability

Integrated Security Solutions RFO, v1.0 Page 51 of 57

HOLD HARMLESS, INDEMNIFICATION AND DEFENSE THE AWARDED VENDOR SHALL HOLD HARMLESS, INDEMNIFY AND DEFEND THE OAG AND ITS EMPLOYEES, AGENTS, AND CONTRACTORS FROM AND AGAINST ANY AND ALL CLAIMS, DEMANDS, ALLEGATIONS, SUITS, ACTIONS, JUDGMENTS, LOSSES, DAMAGES, OR LIABILITIES, OF ANY NATURE WHATSOEVER, ARISING OUT OF OR RESULTING FROM ANY ACTS OR OMISSIONS OF THE AWARDED VENDOR OR ITS AGENTS, EMPLOYEES, SUBCONTRACTORS, ORDER FULFILLERS, OR SUPPLIERS OF SUBCONTRACTORS RELATING TO THIS CONTRACT, OR THAT ARE MADE OR THREATENED AS A RESULT OF THIS CONTRACT, OR THAT ARE ASSOCIATED WITH THE PERFORMANCE OF THIS CONTRACT (HEREINAFTER “CLAIMS”). THE TERM "CLAIMS" ALSO INCLUDES ANY CLAIM FOR THE INFRINGEMENT OF ANY UNITED STATES OR INTERNATIONALLY PROTECTED PATENTS, COPYRIGHTS, TRADE AND SERVICE MARKS, AND ANY OTHER INTELLECTUAL OR INTANGIBLE PROPERTY RIGHTS ARISING OUT OF THE AWARDED VENDOR’S OR THE OAG’S USE OF ANY EQUIPMENT, MATERIALS, INFORMATION, OR IDEAS EMPLOYED OR FURNISHED BY THE AWARDED VENDOR IN CONNECTION WITH THE PERFORMANCES CALLED FOR IN THIS CONTRACT. THE TERM "CLAIMS" ALSO INCLUDES ANY CLAIM RELATED TO INJURIES TO ANY PERSONS PRESENT ON OAG OWNED, LEASED, OR OCCUPIED PROPERTY OR PREMISES, WHETHER OR NOT THOSE PERSONS ARE OAG EMPLOYEES, AND IT INCLUDES DAMAGES TO ANY PERSONAL PROPERTY THAT IS PRESENT ON OAG OWNED, LEASED, OR OCCUPIED PROPERTY OR PREMISES, WHETHER OR NOT THE PERSONAL PROPERTY IS OWNED BY THE OAG. THE AWARDED VENDOR SHALL BE LIABLE FOR ALL COSTS OF DEFENSE AND SHALL REIMBURSE THE OAG FOR ALL COSTS INCURRED BY THE OAG IN DEFENDING ANY AND ALL CLAIMS. THE DEFENSE SHALL BE COORDINATED BY THE AWARDED VENDOR WITH THE OAG AND THE AWARDED VENDOR SHALL NOT AGREE TO ANY SETTLEMENT WITHOUT FIRST OBTAINING THE CONCURRENCE OF THE OAG. THE AWARDED VENDOR’S OBLIGATION TO INDEMNIFY AND DEFEND THE OAG AND REIMBURSE THE OAG’S DEFENSE COSTS SHALL ARISE AT THE TIME NOTICE OF A CLAIM IS FIRST PROVIDED TO EITHER THE AWARDED VENDOR OR THE OAG, REGARDLESS OF WHETHER OR NOT A CLAIMANT HAS FILED SUIT ON THE CLAIM. THE AWARDED VENDOR AND THE OAG AGREE TO FURNISH, WITHIN TEN (10) CALENDAR DAYS OF RECEIPT OR KNOWLEDGE OF A CLAIM, WRITTEN NOTICE TO EACH OTHER OF ANY SUCH CLAIM. UPON THE OAG’S WRITTEN DEMAND, THE AWARDED VENDOR SHALL REIMBURSE THE OAG, WITHIN THIRTY (30) CALENDAR DAYS OF THE WRITTEN DEMAND, FOR THE OAG’S COSTS INCURRED DUE TO ANY CLAIM, INCLUDING BUT NOT LIMITED TO, COURT COSTS, ADMINISTRATIVE PROCEEDINGS COSTS, EXPERT FEES, ATTORNEYS’ FEES INCURRED BY THE OAG IN DEFENDING OR INVESTIGATING CLAIMS, AND, ANY MONIES NECESSARY TO SETTLE ANY CLAIM AGAINST THE OAG. AWARDED VENDOR’S LIABILITY FOR DAMAGE TO OAG PROPERTY The Awarded Vendor shall be liable for all damages to OAG owned, leased, or occupied property and equipment caused by the Awarded Vendor and its employees, agents, subcontractors, and suppliers, including any delivery or cartage company, in connection with any performance pursuant to this Contract. The Awarded Vendor shall notify the OAG Contract Manager in writing of any such damage within one (1) Calendar Day. For damage to equipment, the Awarded Vendor shall, at the sole option of the OAG, repair, replace, or pay for any and all OAG owned, leased, or controlled equipment that is damaged or lost by the Awarded Vendor or its employees, agents, subcontractors, or suppliers (including delivery and cartage companies) in connection with any performance pursuant to this Contract. If the OAG directs the Awarded Vendor to repair, replace, or pay for such equipment, then the Awarded Vendor shall do so within forty-eight (48) hours of being notified of same by the OAG. For damages to real property or structures on real property, the Awarded Vendor shall present to the OAG for prior approval, within forty-eight (48) hours of the damage occurring, a detailed plan for repairing the damage. Such plan shall include a schedule showing when the repairs should be completed. The OAG shall have a reasonable period of time to review and approve the plan. The OAG shall not unreasonably withhold approval of the plan and shall discuss its concerns with the Awarded Vendor before disapproving any plan.

Integrated Security Solutions RFO, v1.0 Page 52 of 57

If the Parties cannot resolve the OAG’s concerns, the Awarded Vendor may not implement the plan and shall instead submit an alternative plan for repair to the OAG within forty-eight (48) hours of being instructed to do so by the OAG in writing. The Awarded Vendor may implement the plan for repair once written approval from the OAG is received. The Awarded Vendor shall maintain a control system to always exercise reasonable care of special high-risk items. “Special high-risk items” include, but are not limited to, portable computers, smart phones, portable printers, digital cameras, and cellular telephones used to access OAG Data in performing work under the Contract or any documents containing OAG Data. “Reasonable care” shall mean that Awarded Vendor has taken steps to maintain the upkeep of any special high-risk item in an acceptable manner, to ensure the security of any special high-risk item, to ensure that a special high-risk item can be located at any time requested, and to ensure that the person responsible for the high-risk item is known. A portable computer must be secured with a cable-locking system in the office environment and in offsite situations when appropriate. The Awarded Vendor shall never leave special high-risk items in a vehicle overnight. If the Awarded Vendor must leave a special high-risk item in a vehicle while conducting their regular course of business during work hours, the Awarded Vendor shall secure the item in the trunk of the vehicle. The Awarded Vendor shall make every attempt to secure the item in the trunk of the vehicle in a manner that would not alert a member of the general public that an item of value has been left in the vehicle. Awarded Vendor shall hold harmless and indemnify the OAG, and shall be liable to the OAG, for any pecuniary loss due to the negligent failure to exercise reasonable care for the safekeeping of special high-risk items on the part of Awarded Vendor. The Awarded Vendor shall be liable for all costs of defense and shall reimburse the OAG for all costs incurred by the OAG in defending any and all claims relating to such pecuniary loss. In the event of a missing special high-risk item, the Awarded Vendor shall make every attempt to locate the item. If the missing item is not found within one (1) work day a Security Incident Report (Attachment 3, incorporated herein and made a part hereof) shall be submitted to the OAG Contract Manager. If there is a suspicion of theft, Awarded Vendor shall notify the local police department immediately and a copy of the police incident report shall also be submitted to the OAG Contract Manager. The Awarded Vendor shall ensure that Awarded Vendor’s Agents comply with the above referenced provisions. For purposes of this section, “Awarded Vendor’s Agents” shall mean Awarded Vendor’s officials, employees, agents, consultants, subcontractors, and representatives, and all other persons that perform Contract Services on Awarded Vendor’s behalf. The requirements of this provision shall be included in all subcontracts. Limitation of Liability 9.5.3.3.3.1

Force Majeure The OAG shall not be responsible for performance of the Contract should it be prevented from performance by an act of war, order of legal authority, act of God, or other unavoidable cause not attributable to the fault or negligence of the OAG.

9.5.3.3.3.2

The Awarded Vendor shall not be liable to the OAG for non-performance or delay in performance of a requirement under this Contract if such non-performance or delay is due to one of the following occurrences, which occurrence must not be preventable through the exercise of reasonable diligence, be beyond the control of the Awarded Vendor, cannot be circumvented through the use of alternate sources, work-around plans, or other means and occur without its fault or negligence: fire; flood; lightning strike; weather damage; earthquake; tornado; hurricane; snow or ice storms; equipment break down; acts of war, terrorism, riots, or civil disorder; strikes and disruption or outage of communications, power, or other utility.

Integrated Security Solutions RFO, v1.0 Page 53 of 57

9.5.3.3.3.3

In the event of an occurrence under Section 9.5.8.3.3.1, the Awarded Vendor will be excused from any further performance or observance of the requirements so affected for as long as such circumstances prevail and the Awarded Vendor continues to use commercially reasonable efforts to recommence performance or observance whenever and to whatever extent possible without delay. The Awarded Vendor shall immediately notify the OAG Contract Manager by telephone (to be confirmed in writing within five (5) Calendar Days of the inception of such occurrence) and describe at a reasonable level of detail the circumstances causing the non-performance or delay in performance.

News Releases or Pronouncements No public disclosures or news releases pertaining to this Contract shall be made without prior written approval of the OAG. Debts or Delinquencies Owed Texas As required by §2252.903, Government Code, the Awarded Vendor agrees that any payments due under this Contract shall be directly applied towards eliminating any debt or delinquency including, but not limited to, delinquent taxes, delinquent student loan payments, and delinquent child support. Comportment The Awarded Vendor and the Awarded Vendor's subcontractor personnel and agents shall be courteous and professional in all communications during their performance of the requirements of this SOW. Any actions deemed unprofessional must be remedied to the satisfaction of the OAG Contract Manager. The OAG reserves the right, in its sole discretion, to require the immediate removal and replacement of any Awarded Vendor and/or Awarded Vendor subcontractor personnel and agents deemed by the OAG to be discourteous, unprofessional, incompetent, careless, unsuitable or otherwise objectionable. Any replacement personnel assigned by Awarded Vendor to perform services under this SOW must have qualifications for the assigned position that equal or exceed those of the person being replaced. Right of Removal OAG expects all services under this Contract to be competently and professionally performed. Awarded Vendor and Awarded Vendor subcontractor personnel and agents shall comply with all OAG policy, procedures and requirements relating to standards of conduct and shall be courteous and professional in all communications during their performance of the requirements of this Contract. Any actions deemed incompetent or unprofessional must be remedied to the satisfaction of the OAG Contract Manager. The OAG reserves the right, in its sole discretion, to require the immediate removal from the performance of services under this Contract and replacement of any Awarded Vendor and/or Awarded Vendor subcontractor personnel and agents deemed by the OAG to be discourteous, unprofessional, incompetent, careless, unsuitable or otherwise objectionable. Any replacement personnel assigned by Awarded Vendor to perform services under this Contract must have qualifications for the assigned position that equal or exceed those of the person being replaced. 9.5.4

Special Terms and Conditions Insurance Awarded Vendor will be required to obtain the following insurance coverage in connection with this Contract:

9.5.4.1.1.1

Comprehensive General Liability Insurance with a minimum limit of $500,000 for each occurrence with an aggregate of $1,000,000;

9.5.4.1.1.2

Automobile Liability Insurance for all owned, non-owned and hired vehicles with minimum limits of Bodily Injury of $250,000 for each person and $500,000 for each occurrence and Property Damage Limits of $100,000 for each occurrence; and

9.5.4.1.1.3

Workers' Compensation coverage as required by law with statutory limits for the State of Texas.

Integrated Security Solutions RFO, v1.0 Page 54 of 57

All policies must contain a waiver of subrogation against the OAG, its officers and employees, for bodily injury (including death), property damage or any other loss. Proof of, or commitment for, the insurance coverage must be presented in the form acceptable to the OAG at the time of response. If Awarded Vendor submits a commitment for insurance, an award of this Contract to the Awarded Vendor may, in the sole discretion of the OAG, be revoked if actual proof of insurance is not received by the OAG within ten (10) Calendar Days of the Awarded Vendor being notified of the award. THE AWARDED VENDOR SHALL NOT COMMENCE ANY WORK UNDER THIS CONTRACT UNTIL PROOF OF INSURANCE, IN THE FORM ACCEPTABLE TO THE OAG, HAS BEEN RECEIVED BY THE OAG. The insurance coverage must be written by a company licensed to do business in the State of Texas and rated A- or better by A.M. Best Company and/or otherwise acceptable to the OAG, and Awarded Vendor shall not cause said insurance coverage to be canceled nor permit any insurance to lapse. Failure to maintain such coverage may void the Contract. The proof of, or commitment for, the insurance and the insurance policies shall contain a provision that coverage afforded under the policies will not be modified, canceled or allowed to expire until at least thirty (30) Calendar Days prior written notice has been given to the OAG. Awarded Vendor shall provide the OAG with immediate written notice of cancellation by the insurer of any required coverage or a material change by Awarded Vendor or the insurer that affects the coverage. In the event that any of the coverage is canceled by the insurer for any reason, the Awarded Vendor shall obtain replacement coverage acceptable to the OAG no later than fifteen (15) Business Days after the cancellation of coverage. If the Awarded Vendor fails to maintain the required coverage, the OAG shall have the right (without the obligation to do so) to secure same in the name and for the account of the OAG, in which event the Awarded Vendor shall pay the cost thereof. If any of the insurance coverage detailed above are required to remain in force after the completion of all services, an additional certificate evidencing continuation of such coverage shall be submitted at the same time that Awarded Vendor submits its final invoice for payment under the Contract. Awarded Date Standard Four-digit year elements will be used for the purposes of electronic data interchange in any recorded form. The year shall encompass a two digit century that precedes, and is contiguous with, a two digit year of century (e.g. 1999, 2000, etc.). Applications that require day and month information will be coded in the following format: CCYYMMDD. Additional representations for week, hour, minute, and second, if required, will comply with the international standard ISO 8601: 1988, “Data elements and interchange formats--Information interchange-Representation of dates and times.” Offshoring All work to be performed under this Contract, unless pre-approved differently in writing by the OAG, shall be performed entirely within the United States and its territories. 9.5.5 Background Reviews By entering into the Contract, the Awarded Vendor certifies that it will perform a background review, to include criminal history record information, of all Awarded Vendor Agents before allowing an Awarded Vendor Agent to access OAG Data or work in an OAG facility. Such background review shall not occur any earlier than six (6) months prior to the Awarded Vendor Agent accessing OAG Data or working in an OAG facility. The term Awarded Vendor Agent as used in this “Background Reviews” provision means: Awarded Vendor’s officials, employees, agents, consultants, subcontractors, and representatives, and all other persons that perform contract services on Awarded Vendor’s behalf. No Awarded Vendor Agent who has been convicted of a felony for crimes involving violence, child abuse or neglect, sexual offenses, theft or fraud or is a registered sex offender may access OAG Data or work in an OAG facility.

Integrated Security Solutions RFO, v1.0 Page 55 of 57

The CSD of the OAG is the Title IV-D agency for the State of Texas. Pursuant to Texas Government Code Section 411.127 the Child Support Division has the right to obtain criminal history record information that relates to an entity who proposes to enter into a contract with or that has a contract with the CSD. OAG shall have the right under this contract to perform initial and periodic detailed background reviews, to include a criminal history records check, on Awarded Vendor and any of Awarded Vendor’s Agents that work in an OAG facility or are authorized to access, or are requesting to access, OAG Data. Upon request, and to assist OAG in performing background reviews and criminal records checks, Awarded Vendor shall provide identifying data and any required consent and authorization to perform such reviews and checks. OAG is prohibited from revealing the results of any criminal history records check to the Awarded Vendor. Within ten (10) Business Days of award, Awarded Vendor (unless directed otherwise in Controlled Correspondence) shall provide the OAG with a list of all Awarded Vendor Agents who will be accessing OAG Data or working in an OAG facility. The list shall contain the following information: 1. Name (including any other names used); 2. Day-time phone number; 3. Responsibilities under the Contract; 4. Date of birth; 5. Driver License number; 6. Social Security number; and 7. Criminal Offense convictions, if known by the Awarded Vendor and if the Awarded Vendor is not prohibited from disclosing the criminal offense convictions to the OAG. Awarded Vendor shall provide an updated list to the OAG whenever a new Awarded Vendor Agent is assigned to access OAG Data or to work in an OAG facility. Awarded Vendor shall notify the OAG whenever an Awarded Vendor Agent is to assume a new responsibility with regard to accessing OAG Data or working in an OAG facility. No Awarded Vendor shall access OAG Data or work in an OAG facility or assume new responsibilities regarding same without prior written consent from the OAG through Controlled Correspondence. Awarded Vendor must require all Awarded Vendor Agents to notify Awarded Vendor of any arrest (to include the date of arrest, arresting entity, and charges) at the earliest possible opportunity but no later than the end of the first Business Day following an arrest. Within one (1) Business Day of an arrest notification the Awarded Vendor shall notify the OAG of the arrest. Awarded Vendor must also require any Awarded Vendor Agent who has been arrested to provide an official offense report to the Awarded Vendor as soon as possible but no later than thirty (30) Calendar Days from the date of the arrest. Within one (1) Business Day of receipt of the report, the Awarded Vendor shall provide the OAG with a copy of the offense report. 9.5.6 Non-Waiver of Rights Failure of a party to require performance by another party under this Contract will not affect the right of such party to require performance in the future. No delay, failure, or waiver of either party’s exercise or partial exercise of any right or remedy under this Contract shall operate to limit, impair, preclude, cancel, waive or otherwise affect such right or remedy. A waiver by a party of any breach of any term of this Contract will not be construed as a waiver of any continuing or succeeding breach. Should any provision of this Contract be invalid or unenforceable, the remainder of the provisions will remain in effect. 9.5.7 No Waiver of Sovereign Immunity THE PARTIES EXPRESSLY AGREE THAT NO PROVISION OF THIS CONTRACT IS IN ANY WAY INTENDED TO CONSTITUTE A WAIVER BY THE OAG OR THE STATE OF TEXAS OF ANY IMMUNITIES FROM SUIT OR FROM LIABILITY THAT THE OAG OR THE STATE OF TEXAS MAY HAVE BY OPERATION OF LAW.

Integrated Security Solutions RFO, v1.0 Page 56 of 57

9.5.8 Severability If any provision of this Contract is construed to be illegal or invalid, such construction will not affect the legality or validity of any of its other provisions. The illegal or invalid provision will be deemed severable and stricken from the Contract as if it had never been incorporated herein, but all other provisions will continue in full force and effect. 9.5.9 Applicable Law and Venue Awarded Vendor agrees that this Contract in all respects shall be governed by and construed in accordance with the laws of the State of Texas, except for its provisions regarding conflicts of laws. Awarded Vendor also agrees that the exclusive venue and jurisdiction of any legal action or suit concerning this Contract is, and that any such legal action or suit shall be brought, in a court of competent jurisdiction in Travis County, Texas. Awarded Vendor further agrees that all payments shall be due and payable in Travis County, Texas. 9.5.10 Headings The headings for each section of this Contract are stated for convenience only and are not to be construed as limiting.

Integrated Security Solutions RFO, v1.0 Page 57 of 57