State of California
Bid RFI 14075
5
Solicitation RFI 14075
RFI for Scanner/Optical Mark Reader
Bid designation: Public
State of California
6 12/19/2014 2:51 PM
p. 1
State of California
Bid RFI 14075
5
Bid RFI 14075 RFI for Scanner/Optical Mark Reader Bid Number
RFI 14075
Bid Title
RFI for Scanner/Optical Mark Reader
Bid Start Date
Dec 19, 2014 1:49:25 PM PST
Bid End Date
Jan 5, 2015 4:00:00 PM PST
Bid Contact
Marsha Fins 916-657-3516
[email protected]
Standard Disclaimer The State of California advises that prospective bidders periodically check the websites, including but not limited to Bidsync, and/or other state department links for modifications to bid documents. The State of California is not responsible for a prospective bidder's misunderstanding of the bid solicitation or nonresponsive bid due to failure to check these websites for updates or amendments to bid documents, and/or other information regarding the bid solicitations. Failure to periodically check these websites will be at the bidder's sole risk. The information published and/or responded to on these websites is public information. Confidential questions/issues/concerns should be directed to the contact on the ad.
Description The California Department of Social Services is providing the opportunity for interested bidders to participate in this Request for Information (RFI) to assist the State of California with a procurement of a Scanner/Optical Mark Reader which is compatible with the Microsoft Office Windows 7 operating system. Please see Statement of Work for requirements and specifications which is attached herein.
6 12/19/2014 2:51 PM
p. 2
State of California
DATE:
December 19, 2014
TO:
INTERESTED BIDDERS
SUBJECT:
REQUEST FOR INFORMATION (RFI) # 14075, SCANNER/OPTICAL MARK READER
Bid RFI 14075
INTRODUCTION The California Department of Social Services (CDSS) requires the replacement of a Scantron Optical Mark Reader unit. The existing Scanner/Optical Mark Reader is not compatible with the Microsoft Windows 7 (Win 7) operating system. In order to meet security networking requirements within the Department, the new scanner must be connected to and compatible with a PC that runs the Win 7 operating system. OBJECTIVE The CDSS is providing the opportunity for interested bidders to participate in this Request for Information (RFI) to assist the State of California with the procurement of a Scanner/Optical Mark Reader which is Win 7 compatible. The objectives of this RFI are to: •
Identify bidders who would be interested in participating in the subsequent solicitation process associated with this procurement
•
Identify any and all Brands of existing Scanner/Optical readers meeting the requirements within the attached Statement of Work
•
Gather feedback and comments regarding the attached Statement of Work
RESPONDENT’S COSTS The cost of preparing and submitting a response to this request is the responsibility of each respondent and shall not be chargeable to the State of California. Interested parties are not required to submit a response to this RFI in order to participate in the solicitation process. Additionally, the State does not guarantee that a Solicitation will be issued. KEY ACTION DATES Release of RFI: RFI Responses Due:
December 19, 2014 January 5, 2015
BACKGROUND CDSS’ Community Care Licensing Division’s (CCLD) Administrator Certification Program requires that each individual applying for a certification as an administrator of Residential Care Facilities for the Elderly, Adult Residential Facilities, or Group Homes must, as a component of the certification process, take and pass a written examination developed, administered and scored by the Administrator Certification Section (ACS) at CCLD. The ACS currently processes approximately 450 exams per month for 14 regional testing centers. New legislation (Assembly Bill 911 and Senate Bill 1570) requires ACS to revise each of Page 1 of 2 12/19/2014 2:51 PM
p. 3
State of California
Bid RFI 14075
its nine exams, expanding the number of questions on each exam from 40 to 100. Additionally, this legislation requires periodic test item analyses to ensure that exams are valid and reliable. RESPONDING TO THE RFI Potential bidders are requested to review the Statement of Work (Attachment A) attached herein with this RFI. After reviewing this document, please complete the attachments listed below: 1. Attachment B – Supplier Contact Information • Section I Supplier Contact Information – Provide contact information • Section II Additional Comments – Provide additional comments or suggestions 2. Attachment C - Supplier Questionnaire • Complete the questionnaire 3. CDSS is not purchasing Software as a Service (SaaS), although we will receive training as part of the purchase; the Cloud Provisions are not applicable. Please see Attachment D, State Model Cloud Computing Services Special Provisions (Software as a Service), Page 1, A, where state departments are asked to “classify their data”. CDSS is not uploading or downloading any information into the cloud as part of this purchase. We would be viewing training on the selected vendors webpage. Whether or not that training is on the cloud or not does not make these provisions applicable to the purchase. The Cloud provisions are not applicable to the purchase of this scanner. If you do not agree, please indicate why and tie back to the Cloud provisions and provide your explanation in the Comments/Suggestions section in Attachment B. RFI QUESTIONS Should you have any questions about completing the above attachments or the objective of this procurement, please submit written questions to Marsha Fins at
[email protected]. RFI RESULTS It is the intention of CDSS to use feedback to develop a Solicitaion with technical specifications that meet the State’s needs, meet manufacturers’ abilities and constraints regarding the acquisition of the Scanner/Optical Mark Reader. CDSS does not intend to publish the results of this RFI; however, information may be subject to the provisions of the California Public Records Act (G.C. Section 6250 et. seq.). Interested parties are requested to complete Attachments B and C and submit via email or facsimile, or U.S. Mail, no later than 4:00 P.M. (PST) January 5, 2015 to Marsha Fins: California Department of Social Services Contracts and Purchasing Bureau Attention: Marsha Fins 744 P Street, MS 8-14-747 Sacramento, CA 95814 Email:
[email protected] Telephone: (916) 657-1932 Facsimile: (916) 657-2362
Page 2 of 2
12/19/2014 2:51 PM
p. 4
State of California
RFI # 14075 California Department of Social Services
Bid RFI 14075
Attachment A Page 1 of 8
STATEMENT OF WORK This Statement of Work (SOW) reflects the equipment and services requested by the Department of Social Services (CDSS), Community Care Licensing Division, Administrator Certification Section (ACS). A. INTRODUCTION The Administrator Certification Program is legislatively mandated by the California Community Care Facilities Act (Health and Safety Code 1500 et seq) and the Residential Care Facilities for the Elderly Act (H&SC 1569 et seq). Each individual applying for a certification as an administrator of Residential Care Facilities for the Elderly (RCFE), Adult Residential Facilities (ARF), or Group Homes (GH) must, as a component of the certification process, take and pass a written examination developed, administered, and scored by ACS staff. Since 2009, ACS staff has utilized the Scantron Evolution Scanner/Optical Mark Reader (OMR), Model ScanMark ES 2260, and ScanBook software to score the written examination answer sheets received from 14 regional testing offices statewide. The exam answer sheets were custom-developed by Scantron Corporation for use with the administrator certification exams; additional answer sheets are purchased from Scantron when supplies are low. The results from the answer sheets are then transferred to the ACS Web-based application and made available through our Interactive Voice Recognition program. The ACS currently processes approximately 450 exams per month. The ACS requires the replacement of its Scantron optical mark reader unit, as the existing Scanner/Optical Mark Reader unit is not compatible with Microsoft Windows 7 (Win 7) operating system. The existing unit is connected to a PC that is not Win 7 compliant, presenting security challenges/risks. The PC must be updated but the Scantron unit will not operate under Win 7. In order to be compliant with the Department’s IT requirements, the purchase of an upgraded scanner/optical mark reader model will be required to be Win 7 Compatible to meet Security Networking within the Department. Additionally, new legislation (Assembly Bill 911 & Senate Bill 1570) requires the ACS to revise each of its nine exams, expanding the number of questions on each exam from 40 to 100, and requiring periodic test item analyses to ensure the exams are valid and reliable. Our current OMR software, ScanBook, does not possess the ability to perform this required analysis. The ACS requires replacement of its current
12/19/2014 2:51 PM
p. 5
State of California
RFI # 14075 California Department of Social Services
Bid RFI 14075
Attachment A Page 2 of 8
OMR and software with an OMR that is Win7 compliant and provides the ability to create, modify, and analyze exams and individual exam questions. When using the previous scanner, the ACS had partnered with Scantron Corporation in developing the test answer sheets that ensured compatibility with existing webbased application and Interactive Voice Recognition (IVR) system. B. DESCRIPTION OF GOODS The goods requested are to be installed at department headquarters located at 744 P Street, MS 9-14-89, Sacramento, CA 95844. The following goods/elements are requested to be included in the purchase request and statement of work o Scanner/Optical Mark Reader capable of dual-sided scanning of test answer sheets, size 8 1/2” x 11.” Minimum speed 2,200 pages per hour. Marks on answer sheet will be made by pencil. o Must have two read heads which allow simultaneous scanning of two-sided forms, reads marks by No. 2 pencils, is manual feed, 250-sheet hopper. o Scanner must have comparable capacity as a Motorola 68340 processor with 512KB memory. The communication interface must be comparable to a RS-232C serial interface with asynchronous American Standard Code for Information Interchange (ASCII) data output. o Warranty will be for 1 year upon issuance of the purchase order, with the option of 2 additional years. o Warranty/maintenance contract to include: a. Perform repairs if equipment malfunctions.
12/19/2014 2:51 PM
•
Vendor will respond within 24 hours and will send a technician on site within two business days to repair or provide a replacement unit.
•
A ticket will be provided from the vendor asking CDSS if the problem has been resolved and if they can close the original ticket.
p. 6
State of California
RFI # 14075 California Department of Social Services
Bid RFI 14075
Attachment A Page 3 of 8
b. Complete cleaning of equipment will be completed, inside and outside on an annual basis at no additional cost to the State. c. Replacement of worn components •
Any belts or rollers found to be worn during scheduled preventive maintenance will be replaced by the contractor at no additional charge to the Department. Contractor shall bear all charges for travel, labor, and parts as part of annual preventive maintenance.
o Remark Classic OMR v4 Software for test development and analysis a. Remark Classic OMR software scans and processes data from tests, assessments, surveys, and other forms. The software is combined with an optical mark recognition reader to recognize filled-in marks on forms. Remark Classic OMR also includes test grading and survey analysis functions, which facilitate the analysis of test items for validity and reliability. Remark Classic OMR software is compatible with Sekonic, Clarity, and Scantron optical mark recognition scanners, and appears to be the most widely used and recommended software for this purpose. b. The version of Remark Classic purchased must be compatible with Microsoft Windows 7 operating system. o Creation of a scanning template/master answer sheet a. The ACS currently uses a single master answer sheet (sample attached) for all nine administrator exams. The answer sheet is two-sided, 8 ½ x 11, and has fields for the following data: • • • • • • • • • •
12/19/2014 2:51 PM
Name (First, MI, Last) Address Telephone number Social Security Number Date of Birth Facility Number Facility Type Vendor Number Test Date Test Number
p. 7
State of California
RFI # 14075 California Department of Social Services
Bid RFI 14075
Attachment A Page 4 of 8
•
Accommodates 40 questions-20 multiple choice and 20 true/false
•
New answer sheet must accommodate answers to 100 multiple choice questions (A – E responses) while keeping to an 8 ½ x 11 size answer sheet.
•
The font and print size will be formatted to fit the fields to accommodate 100 questions.
b. The prior answer sheet and template was based on ACS specifications to align with the data we need to score and process the exam. With the passage of AB 911 and SB 1570, the exams will need to be revised from 40 to 100 questions, requiring a new master answer sheet template. We require the same data fields, as well as fields for responses to 100 multiple-choice questions. c. The vendor chosen must be able to create a new answer sheet template. A sample of the prior answer sheet is attached. CDSS will provide information to be included on the new template. o User Training for Remark Classic software a. The ACS requests training from the vendor on the use of Remark Classic software. This could be online or onsite training. The training will be needed for three analysts and the manager of the Administrator Certification Section and should cover the following topics: • •
Process for scanning and scoring test answer sheets Process for performing test item analysis
b. Estimated training time 8 hours, will include time provided for questions and answers. Four individuals will attend the training on the use of Remark Classic software: C. DESCRIPTION OF SERVICES Contractor Responsibilities o Create and supply a scanning template to work with Remark Classic software in scoring ACS standardized test answer sheets. This is a one-time service/fee. The answer sheet must have the following elements/fields:
12/19/2014 2:51 PM
p. 8
State of California
RFI # 14075 California Department of Social Services
a. b. c. d. e. f. g. h. i. j. k. l. m.
Bid RFI 14075
Attachment A Page 5 of 8
Name (First, MI, Last) Address Telephone number Social Security Number Date of Birth Facility Number Facility Type Vendor Number Test Date Test Number Accommodate 100 multiple choice questions (A – E responses) Two-sided 8 ½ x 11 size The font and print size will be formatted to fit the fields to accommodate 100 questions.
o Provide one year of customer technical support upon installation of the scanner and software. a. Technical support includes assistance with software application on an asneeded and requested basis. This assistance will be provided online. b. Support must include the development of .txt files that will be compatible with existing ACS Web-based application. Currently when tests are scored, a .txt file is created in a network folder. Our Web Application reads from this folder and interfaces with an IVR system, which allows test takers to retrieve pass/fail results. Existing files were set up by Scantron Corporation to work specifically with IVR and ACS Web Application. The vendor we choose must perform this or assist us in performing this task. c. Remark Automation Wizard to create .txt files that will be compatible with our existing ACS Web Application. Department Responsibilities o Setup and install OMR Scanner a. ACS staff will work with Information Systems Division (ISD) to install OMR scanner. Existing scanner will be disconnected to allow PC to be
12/19/2014 2:51 PM
p. 9
State of California
RFI # 14075 California Department of Social Services
Bid RFI 14075
Attachment A Page 6 of 8
upgraded/updated to current Win 7 specifications, and then new scanner will be connected to the same PC. b. No impact to network security, as the existing scanner and new scanner will be connected the same way and accomplish the same tasks. c. It is estimated that the scanner will take less than one hour to install and setup; no assistance by contractor is needed. o Install Remark Classic software a. Remark Classic software will be installed by CDSS personnel, with assistance by ACS staff. Remark software will replace ScanBook software currently installed on a PC supporting the Scantron OMR. Network security will not change, as both ScanBook and Remark software programs access the same information and network folders in the same way. It is estimated the software installation will take less than one hour. b. It is not necessary for contractor to come on site for the installation of software. o Coordinate with contractor on requirements for scanning template/master o Identify individuals to attend online group training a. Four individuals will attend the training on the use of Remark Classic software. Additional Information The vendor selected for this purchase must be willing and able to ensure that the hardware and software can be made compatible with our ACS Web Application, as test data is exported into a folder that is read from our Web Application. A sample of this file and data can be made available to vendors electronically.
12/19/2014 2:51 PM
p. 10
Bid RFI 14075
p. 11
Atachment A Page 7 of 8
12/19/2014 2:51 PM
State of California
RFI # 14075
Bid RFI 14075
p. 12
Attachment A Page 8 of 8
12/19/2014 2:51 PM
State of California
RFI # 14075
State of California
Bid RFI 14075
Attachment B Page 1 of 1
RFI #14075 California Department of Social Services
SUPPLIER CONTACT INFORMATION Interested parties are requested to complete Attachment B and submit via email or facsimile, or U.S. Mail, no later than 12:00 P.M. (PST) December 29, 2014 to Marsha Fins.
SECTION I COMPANY NAME DBA NAME (if applicable) STREET ADDRESS CITY, STATE, ZIP CODE CONTACT NAME
TITLE
TELEPHONE NUMBER (include area code and extension) EMAIL ADDRESS Are you a certified with the Department of General Services, Office of Small Business and Disabled Veteran Business Services (OSDS) as: a. California Small Business b. Disabled Veteran Business Enterprise Yes
No
Yes
No
If yes, enter certification number:
If yes, enter certification number:
_____________________________
______________________________
SECTION II COMMENTS/SUGGESTIONS
SIGNATURE
DATE
_____________________________________________
________________
Thank you for your response 12/19/2014 2:51 PM
p. 13
State of California
Bid RFI 14075
RFI #14075 California Department of Social Services
Attachment C Page 1 of 1
SUPPLIER QUESTIONNAIRE #
Questions What make and model of scanner would your company be able to provide? Would the scanner provided be able to provide Remark 2. Classic OMR v4 Software or a product with comparable functionality? Provide the software information. Would the software be able to create fields for a 100 multiple choice questions (A-E), double-sided on an 8 ½ X 3. 11 answer sheet comparable to that provided on pages 7-8 in the Statement of Work? Will the scanner provided be compatible with a Microsoft 4. Windows 7 Operating System? Will the scanner provided have two heads which allows the 5. simultaneous scanning of two-sided forms, reads marks by #2 pencils and is manual fed with a 250 sheet feeder? Will the scanner have a memory capacity of 512 KB and 6. have a communication interface comparable to a RS-232C serial interface with asynchronous ASCII data output? Will your company be able to provide warranty/maintenance 7. service as outlined in Attachment A, Statement of Work, Pages 2-3? Will your company be able to provide 8 hours of online or 8. on-site training? How many years of experience do you have providing scanner/optical services with comparable functionality as 9. required in this Statement of Work? Name three companies to whom you have provided these services. How many years of experience do you have providing warranty/service maintenance for scanner/optical services? 10. Name three companies to whom you have provided these services.
Answers
1.
12/19/2014 2:51 PM
Yes_______
No_______ Software ______________________
Yes_______
No_______
Yes_______
No_______
Yes_______
No_______
Yes_______
No_______
Yes_______
No_______
Yes_______
No_______
p. 14
RFI # 14075 California Department of Social Services
State of California
Attachment D
Bid RFI 14075
STATE MODEL CLOUD COMPUTING SERVICES SPECIAL PROVISIONS (Software as a Service) THESE SPECIAL PROVISIONS ARE ONLY TO BE USED FOR SOFTWARE AS A SERVICE (SaaS), AS DEFINED BELOW. THESE SPECIAL PROVISIONS ARE TO BE ATTACHED TO THE GENERAL PROVISIONS – INFORMATION TECHNOLOGY AND ACCOMPANIED BY, AT MINIMUM, A STATEMENT OF WORK (SOW) AND SERVICE LEVEL AGREEMENT (SLA). STATE AGENCIES MUST FIRST: A. CLASSIFY THEIR DATA PURSUANT TO THE CALIFORNIA STATE ADMINISTRATIVE MANUAL (SAM) 5305.5; B. CONSIDER THE FACTORS TO BE TAKEN INTO ACCOUNT WHEN SELECTING A PARTICULAR TECHNOLOGICAL APPROACH, IN ACCORDANCE WITH SAM 4981.1, 4983 AND 4983.1 AND THEN; C. MODIFY THESE SPECIAL PROVISIONS THROUGH THE SOW AND/OR SLA TO MEET THE NEEDS OF EACH ACQUISITION. 1. Definitions a) “Cloud Software as a Service (SaaS)” - The capability provided to the consumer is to use applications made available by the provider running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. b) “Cloud Platform as a Service (PaaS)” - The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations. c) “Cloud Infrastructure as a Service (IaaS)” - The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems; storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls). d) “Data” - means any information, formulae, algorithms, or other content that the State, the State’s employees, agents and end users upload, create or modify using the SaaS pursuant to this Contract. Data also includes user identification information and metadata which may contain Data or from which the State’s Data may be ascertainable. e) “Data Breach” - means any access, destruction, loss, theft, use, modification or disclosure of Data by an unauthorized party or that is in violation of Contract terms and/or applicable state or federal law. f) “Recovery Point Objective (RPO)” - means the point in time to which Data can be recovered and/or systems restored when service is restored after an interruption. The Recovery Point Objective is expressed as a length of time between the interruption and the most proximate backup of Data immediately preceding the interruption. The RPO is detailed in the SLA. g) “Recovery Time Objective (RTO)” - means the period of time within which information technology services, systems, applications and functions must be recovered following an unplanned interruption. The RTO is detailed in the SLA.
DGS Procurement Division
12/19/2014 2:51 PM
Page 1
09/03/14
p. 15
RFI # 14075 California Department of Social Services
State of California
Attachment D
Bid RFI 14075
STATE MODEL CLOUD COMPUTING SERVICES SPECIAL PROVISIONS (Software as a Service) Terms 2. SaaS AVAILABILITY: Unless otherwise stated in the Statement of Work, a) The SaaS shall be available twenty-four (24) hours per day, 365 days per year (excluding agreed-upon maintenance downtime). b) If SaaS monthly availability averages less than 99.9% (excluding agreed-upon maintenance downtime), the State shall be entitled to recover damages, apply credits or use other contractual remedies as set forth in the Statement of Work. c) If SaaS monthly availability averages less than 99.9% (excluding agreed-upon maintenance downtime), for three (3) or more months in a rolling twelve-month period, the State may terminate the contract for material breach in accordance with the Termination for Default provision in the General Provisions – Information Technology. d) Contractor shall provide advance written notice to the State in the manner set forth in the Statement of Work of any major upgrades or changes that will affect the SaaS availability. 3. DATA AVAILABILITY: Unless otherwise stated in the Statement of Work, a) The Data shall be available twenty-four (24) hours per day, 365 days per year (excluding agreed-upon maintenance downtime). b) If Data monthly availability averages less than 99.9% (excluding agreed-upon maintenance downtime), the State shall be entitled to recover damages, apply credits or use other contractual remedies as set forth in the Statement of Work if the State is unable to access the Data as a result of: 1) Acts or omission of Contractor; 2) Acts or omissions of third parties working on behalf of Contractor; 3) Network compromise, network intrusion, hacks, introduction of viruses, disabling devices, malware and other forms of attack that can disrupt access to Contractor’s server, to the extent such attack would have been prevented by Contractor taking reasonable industry standard precautions; 4) Power outages or other telecommunications or Internet failures, to the extent such outages were within Contractor’s direct or express control. c) If Data monthly availability averages less than 99.9% (excluding agreed-upon maintenance downtime), for three (3) or more months in a rolling twelve-month period, the State may terminate the contract for material breach in accordance with the Termination for Default provision in the General Provisions – Information Technology. 4. SaaS and DATA SECURITY: a) In addition to the Compliance with Statutes and Regulations provision set forth in the General Provisions – Information Technology, Contractor shall certify to the State: 1) The sufficiency of its security standards, tools, technologies and procedures in providing SaaS under this Contract; 2) Compliance with the following: i. The California Information Practices Act (Civil Code Sections 1798 et seq.); ii. Security provisions of the California State Administrative Manual (Chapters 5100 and 5300) and the California Statewide Information Management Manual (Sections 58C, 58D, 66B, 5305A, 5310A and B, 5325A and B, 5330A, B and C, 5340A, B and C, 5360B);
DGS Procurement Division
12/19/2014 2:51 PM
Page 2
09/03/14
p. 16
RFI # 14075 California Department of Social Services
State of California
Attachment D
Bid RFI 14075
STATE MODEL CLOUD COMPUTING SERVICES SPECIAL PROVISIONS (Software as a Service)
b)
c) d) e) f)
iii. Undergo an annual Statement on Standards for Attestation Engagements (SSAE) No. 16 Service Organization Control (SOC) 2 Type II audit. Audit results and Contractor’s plan to correct any negative findings shall be made available to the State upon request; and iv. Privacy provisions of the Federal Privacy Act of 1974; 3) Compliance with applicable industry standards and guidelines, including but not limited to relevant security provisions of the Payment Card Industry (PCI) Data Security Standard (PCIDSS) including the PCIDSS Cloud Computing Guidelines. Contractor shall implement and maintain all appropriate administrative, physical, technical and procedural safeguards in accordance with section a) above at all times during the term of this Contract to secure such Data from Data Breach, protect the Data and the SaaS from hacks, introduction of viruses, disabling devices, malware and other forms of malicious or inadvertent acts that can disrupt the State’s access to its Data. Contractor shall allow the State reasonable access to SaaS security logs, latency statistics, and other related SaaS security data that affect this Contract and the State’s Data, at no cost to the State. Contractor assumes responsibility for the security and confidentiality of the Data under its control. No Data shall be copied, modified, destroyed or deleted by Contractor other than for normal operation or maintenance of SaaS during the Contract period without prior written notice to and written approval by the State. Remote access to Data from outside the continental United States, including remote access to Data by authorized SaaS support staff in identified support centers, is prohibited unless approved in advance by the State Chief Information Security Officer.
5. ENCRYPTION: Confidential, sensitive or personal information shall be encrypted in accordance with California State Administrative Manual 5350.1 and California Statewide Information Management Manual 5305-A. 6. DATA LOCATION: Unless otherwise stated in the Statement of Work and approved in advance by the State Chief Information Security Officer, the physical location of Contractor’s data center where the Data is stored shall be within the continental United States. 7. RIGHTS TO DATA: The parties agree that as between them, all rights, including all intellectual property rights, in and to Data shall remain the exclusive property of the State, and Contractor has a limited, non-exclusive license to access and use the Data as provided to Contractor solely for performing its obligations under the Contract. Nothing herein shall be construed to confer any license or right to the Data, including user tracking and exception Data within the system, by implication, estoppel or otherwise, under copyright or other intellectual property rights, to any third party. Unauthorized use of Data by Contractor or third parties is prohibited. For the purposes of this requirement, the phrase “unauthorized use” means the data mining or processing of data, stored or transmitted by the service, for unrelated commercial purposes, advertising or advertising-related purposes, or for any other purpose other than security or service delivery analysis that is not explicitly authorized. 8. TRANSITION PERIOD: a) For ninety (90) days prior to the expiration date of this Contract, or upon notice of termination of this Contract, Contractor shall assist the State in extracting and/or transitioning all Data in the format determined by the State (“Transition Period”). b) The Transition Period may be modified in the SOW or as agreed upon in writing by the parties in a contract amendment.
DGS Procurement Division
12/19/2014 2:51 PM
Page 3
09/03/14
p. 17
RFI # 14075 California Department of Social Services
State of California
Attachment D
Bid RFI 14075
STATE MODEL CLOUD COMPUTING SERVICES SPECIAL PROVISIONS (Software as a Service) c) During the Transition Period, SaaS and Data access shall continue to be made available to the State without alteration. d) Contractor agrees to compensate the State for damages or losses the State incurs as a result of Contractor’s failure to comply with this section in accordance with the Limitation of Liability provision set forth in the General Provisions - Information Technology. e) Unless otherwise stated in the SOW, the Contractor shall permanently destroy or render inaccessible any portion of the Data in Contractor’s and/or subcontractor’s possession or control following the expiration of all obligations in this section. Within thirty (30) days, Contractor shall issue a written statement to the State confirming the destruction or inaccessibility of the State’s Data. f) The State at its option, may purchase additional transition services as agreed upon in the SOW. 9. DATA BREACH: Unless otherwise stated in the Statement of Work, a) Upon discovery or reasonable belief of any Data Breach, Contractor shall notify the State by the fastest means available and also in writing, with additional notification provided to the Chief Information Security Officer or designee of the contracting agency. Contractor shall provide such notification within forty-eight (48) hours after Contractor reasonably believes there has been such a Data Breach. Contractor’s notification shall identify: 1) The nature of the Data Breach; 2) The Data accessed, used or disclosed; 3) The person(s) who accessed, used, disclosed and/or received Data (if known); 4) What Contractor has done or will do to quarantine and mitigate the Data Breach; and 5) What corrective action Contractor has taken or will take to prevent future Data Breaches. b) Contractor will provide daily updates, or more frequently if required by the State, regarding findings and actions performed by Contractor until the Data Breach has been effectively resolved to the State’s satisfaction. c) Contractor shall quarantine the Data Breach, ensure secure access to Data, and repair SaaS as needed in accordance with the SLA. Failure to do so may result in the State exercising its options for assessing damages or other remedies under this Contract. d) Notwithstanding anything to the contrary in the General Provisions - Information Technology, in performing services under this Contract, and to the extent authorized by the State in the Statement of Work, Contractor may be permitted by the State to use systems, or may be granted access to the State systems, which store, transmit or process State owned, licensed or maintained computerized Data consisting of personal information, as defined by Civil Code Section 1798.29 (g). If the Contractor causes or knowingly experiences a breach of the security of such Data, Contractor shall immediately report any breach of security of such system to the State following discovery or notification of the breach in the security of such Data. The State’s Chief Information Security Officer, or designee, shall determine whether notification to the individuals whose Data has been lost or breached is appropriate. If personal information of any resident of California was, or is reasonably believed to have been acquired by an unauthorized person as a result of a security breach of such system and Data that is not due to the fault of the State or any person or entity under the control of the State, Contractor shall bear any and all costs associated with the State’s notification obligations and other obligations set forth in Civil Code Section 1798.29 (d) as well as the cost of credit monitoring, subject to the dollar limitation, if any, agreed to by the State and Contractor in the applicable Statement of Work. These costs may include, but are not limited to staff time, material costs, postage, media announcements, and other identifiable costs associated with the breach of the security of such personal information.
DGS Procurement Division
12/19/2014 2:51 PM
Page 4
09/03/14
p. 18
RFI # 14075 California Department of Social Services
State of California
Attachment D
Bid RFI 14075
STATE MODEL CLOUD COMPUTING SERVICES SPECIAL PROVISIONS (Software as a Service) e) Contractor shall conduct an investigation of the Data Breach and shall share the report of the investigation with the State. The State and/or its authorized agents shall have the right to lead (if required by law) or participate in the investigation. Contractor shall cooperate fully with the State, its agents and law enforcement. 10. DISASTER RECOVERY/BUSINESS CONTINUITY: Unless otherwise stated in the Statement of Work, a) In the event of disaster or catastrophic failure that results in significant Data loss or extended loss of access to Data, Contractor shall notify the State by the fastest means available and also in writing, with additional notification provided to the Chief Information Security Officer or designee of the contracting agency. Contractor shall provide such notification within twenty-four (24) hours after Contractor reasonably believes there has been such a disaster or catastrophic failure. In the notification, Contactor shall inform the State of: 1) The scale and quantity of the Data loss; 2) What Contractor has done or will do to recover the Data and mitigate any deleterious effect of the Data loss; and 3) What corrective action Contractor has taken or will take to prevent future Data loss. 4) If Contractor fails to respond immediately and remedy the failure, the State may exercise its options for assessing damages or other remedies under this Contract. b) Contractor shall restore continuity of SaaS, restore Data in accordance with the RPO and RTO as set forth in the SLA, restore accessibility of Data, and repair SaaS as needed to meet the performance requirements stated in the SLA. Failure to do so may result in the State exercising its options for assessing damages or other remedies under this Contract. c) Contractor shall conduct an investigation of the disaster or catastrophic failure and shall share the report of the investigation with the State. The State and/or its authorized agents shall have the right to lead (if required by law) or participate in the investigation. Contractor shall cooperate fully with the State, its agents and law enforcement. 11. EXAMINATION AND AUDIT: In addition to the Examination and Audit provision set forth in the General Provisions - Information Technology, unless otherwise stated in the Statement of Work: a) Upon advance written request, Contractor agrees that the State or its designated representative shall have access to Contractor’s SaaS, operational documentation, records and databases, including online inspections, that relate to the SaaS purchased by the State. b) The online inspection shall allow the State, its authorized agents, or a mutually acceptable third party to test that controls are in place and working as intended. Tests may include, but not be limited to, the following: 1) Operating system/network vulnerability scans, 2) Web application vulnerability scans, 3) Database application vulnerability scans, and 4) Any other scans to be performed by the State or representatives on behalf of the State. c) After any significant Data loss or Data Breach or as a result of any disaster or catastrophic failure, Contractor will at its expense have an independent, industry-recognized, State-approved third party perform an information security audit. The audit results shall be shared with the State within seven (7) days of Contractor’s receipt of such results. Upon Contractor receiving the results of the audit, Contractor will provide the State with written evidence of planned remediation within thirty (30) days and promptly modify its security measures in order to meet its obligations under this Contract. 12. DISCOVERY: Contractor shall promptly notify the State upon receipt of any requests which in any way might reasonably require access to the Data of the State or the State's use of the SaaS. Contractor shall notify the State DGS Procurement Division
12/19/2014 2:51 PM
Page 5
09/03/14
p. 19
RFI # 14075 California Department of Social Services
State of California
Attachment D
Bid RFI 14075
STATE MODEL CLOUD COMPUTING SERVICES SPECIAL PROVISIONS (Software as a Service) by the fastest means available and also in writing, with additional notification provided to the Chief Information Security Officer or designee of the contracting agency, unless prohibited by law from providing such notification. Contractor shall provide such notification within forty-eight (48) hours after Contractor receives the request. Contractor shall not respond to subpoenas, service of process, Public Records Act requests, and other legal requests directed at Contractor regarding this Contract without first notifying the State unless prohibited by law from providing such notification. Contractor agrees to provide its intended responses to the State with adequate time for the State to review, revise and, if necessary, seek a protective order in a court of competent jurisdiction. Contractor shall not respond to legal requests directed at the State unless authorized in writing to do so by the State.
DGS Procurement Division
12/19/2014 2:51 PM
Page 6
09/03/14
p. 20
State of California
Question and Answers for Bid #RFI 14075 - RFI for Scanner/Optical Mark Reader
Bid RFI 14075
5
OVERALL BID QUESTIONS There are no questions associated with this bid.
6 12/19/2014 2:51 PM
p. 21
