County of Orange
Bid 042-C004168-RT
5
Solicitation 042-C004168-RT
ASSET MANAGEMENT SYSTEM
Bid designation: Public
County of Orange
6 3/3/2015 5:23 PM
p. 1
County of Orange
Bid 042-C004168-RT
Bid 042-C004168-RT ASSET MANAGEMENT SYSTEM Bid Number
042-C004168-RT
Bid Title
ASSET MANAGEMENT SYSTEM
Bid Start Date
Mar 3, 2015 4:21:53 PM PST
Bid End Date
Apr 3, 2015 4:00:00 PM PDT
Question & Answer End Date
Mar 10, 2015 4:00:00 PM PDT
Bid Contact
Roland Tabangin
5
[email protected]
Standard Disclaimer The County of Orange is not responsible for and accepts no liability for any technical difficulties or failures that result from conducting business electronically.
Description THE COUNTY OF ORANGE/HEALTH CARE AGENCY IS SOLICITING PROPOSALS FROM QUALIFIED VENDORS TO PROVIDE AN ASSET MANAGEMENT SYSTEM. THE RESULTANT CONTRACT SHALL BE EFFECTIVE: JUNE 1, 2015 THROUGH MAY 31, 2016 (TENTATIVE), RENEWABLE FOR FOUR (4) ADDITIONAL ONE-YEAR PERIODS. THE COUNTY RESERVES THE RIGHT TO REJECT ANY OR ALL PROPOSALS, IN WHOLE OR IN PART, TO WAIVE ANY INFORMALITY IN ANY PROPOSALS, AND TO ACCEPT THE PROPOSAL WHICH IN ITS DISCRETION, IS IN THE BEST INTEREST OF THE COUNTY. ALL QUESTIONS OR CLARIFICATIONS MUST BE POSTED ON WWW.BIDSYNC.COM BY March 10, 2015, 4 PM P.S.T.
6 3/3/2015 5:23 PM
p. 2
County of Orange
Bid 042-C004168-RT
RESPONSES MUST BE RECEIVED PRIOR TO April 3, 2015, 4:00 p.m. PST Date/Time
County of Orange Health Care Agency Purchasing 200 W. Santa Ana Blvd., Suite #650 Santa Ana, CA 92701
INSTRUCTIONS: Submit 1 (one) original, eight (8) copies, and 1 (one) electronic soft copy of your RFP. Return this page signed, with responses. All responses are to be identified with RFP# and returned in a sealed envelope/package.
042-C004168-RT RFP Number
Date: March 03, 2015
REQUEST FOR PROPOSAL (RFP) COVER PAGE The County of Orange Health Care Agency (HCA) hereinafter referred to as “County”, is soliciting proposals from qualified companies, hereinafter referred to as “Offeror(s)” to provide an Asset Management System. Offerors must meet the minimum qualifications and requirements set forth within this RFP, and must be capable of providing the services set forth in the Scope of Work attached hereto as Attachment A (Section III Model Contract). This RFP is set out in the following format: SECTION I: SECTION II: SECTION III:
Introduction and Instructions to Offerors Proposal Response Requirements/Minimum Qualifications Model Contract, Attachments and Exhibit(s)
All questions and inquiries related to this RFP must be directed to Roland Tabangin hereinafter referred to as “Deputy Purchasing Agent” or “DPA” via e-mail through BidSync at www.BidSync.com (RFP # 042-C004168-RT) by March 10, 2015 by 4:00PM PST. For BidSync assistance, contact BidSync Vendor Support Team at 800-9909339 Option 1. Offerors are not to contact other County personnel with any questions or clarifications concerning this RFP. The DPA will provide all official communication concerning this RFP. With respect to this RFP, any County response other than from the DPA and in writing will be unauthorized and the County shall bear no responsibility for any and all reliance upon the unauthorized communication.
I HAVE READ, UNDERSTOOD AND AGREE TO ALL STATEMENTS IN THIS RFP, AND TO THE TERMS, CONDITIONS, ATTACHMENTS AND EXHIBITS REFERENCED HEREIN.
Company Legal Name
Date
Authorized Signature
Print Name
Title
Authorized Signature
Print Name
Title
NOTE: If the company is a corporation, two signatures are required: one signature by the Chairman of the Board, President, or any Vice President; and one signature by the Secretary, any Assistant Secretary, Chief Financial Officer or any Assistant Treasurer. If signed by one authorized individual only, a copy of the corporate resolution or by-laws whereby the board of directors has empowered said authorized individual to act on its behalf by his or her signature alone is required to be attached to this Cover Page.
3/3/2015 5:23 PM
p. 3
County of Orange
Bid 042-C004168-RT
TABLE OF CONTENTS Page No. COVER PAGE ............................................................................................................................ 1 TABLE OF CONTENTS ............................................................................................................. 2 SECTION I: INTRODUCTION AND INSTRUCTIONS TO OFFERORS A. Introduction .............................................................................................................. B. Proposed RFP Time Schedule ................................................................................ C. Instructions to Offerors and Procedures for Submittal ............................................ D. Protest Procedures ................................................................................................... E. Evaluation Process and Criteria .............................................................................. F. Selection/Award Process .......................................................................................... G. County of Orange Child Support and EDD Requirements ......................................
4 4 4 6 6 8 9
SECTION II: PROPOSAL RESPONSE REQUIREMENTS A. Proposal Response Requirements ...........................................................................11 B. Minimum Qualifications ............................................................................................11 Part 1 A. Cover Letter ............................................................................................................. 12 B. Certifications ............................................................................................................. 12 Part 2 Company Profile ................................................................................................................... 14 Part 3 1. 2. 3. 4. 5. 6. 7.
Scope of Work ........................................................................................................... Submittals ................................................................................................................... References ................................................................................................................ Resources to be Provided by County ........................................................................ Financial Information ................................................................................................. Exhibit 1 – Security Deliverables................................................................................ Exhibit 2 – Application Service Provider Questionnaire .............................................
15 15 16 17 17 63 65
SECTION III: MODEL CONTRACT, ATTACHMENTS, AND EXHIBITS 1. Table of Contents .................................................................................................... 19 2. Articles of General and Additional Terms ................................................................. 21 3. Model Contract Signature Page .............................................................................. 38 4. Attachment A – Scope of Work ............................................................................... 39 5. Attachment B – Compensation and Invoicing .......................................................... 60 6. Attachment C – Cost Summary/Pricing .................................................................... 62 7. Exhibit 1 – Security Deliverables .............................................................................. 63 8. Exhibit 2 – Application Service Provider Questionnaire ........................................... 65 9. Exhibit 3 – County of Orange Child Support Enforcement Certification ....................89
County of Orange Health Care Agency
2
RFP 042-C001919-AF
Assets Tracker System
3/3/2015 5:23 PM
p. 4
County of Orange
Bid 042-C004168-RT
SECTION I
INTRODUCTION AND INSTRUCTIONS TO OFFERORS
County of Orange Health Care Agency
3
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 5
County of Orange
Bid 042-C004168-RT
SECTION I: INTRODUCTION AND INSTRUCTIONS TO OFFERORS A. INTRODUCTION This RFP is being released for an Asset Management System. This RFP is an opportunity to allow qualified Offerors to present proposals that will assist HCA in selecting a contractor(s) that will best meet the needs of the Scope of Work stated in Attachment A. The HCA/Purchasing Department (HCAPD) maintains an inventory of fixed assets and controlled equipment to ensure all items are identified, monitored, and controlled. The HCA Agency Director is ultimately responsible for all capital assets and controlled equipment within HCA, and has designated a Property Officer within HCAPD to control such assets. There are 15,000 assets listed in the current system. Asset inventory activities are assigned to two staff within HCAPD, who are assisted by offsite staff as needed for periodic and standard inventory cycles.
RFP TIME SCHEDULE The dates below are tentative. The County reserves the right to modify these dates at any given time. 03/3/2015
RFP Posting to Bidsync.com
03/10/2015
Written questions from Offerors: Due by 4:00 P.M. PST
03/13/2015
Response to Questions/Clarifications
04/3/2015
Deadline for Proposals: Due by 4:00 pm. PST.
04/08/2015
Offeror Interviews/presentation and/or site visits (if needed)
04/21/2015
Evaluation of Proposals
04/30/2015
Vendor Selection and Negotiations
06/01/2015
Contract Start Date
B. INSTRUCTIONS TO OFFERORS AND PROCEDURES FOR SUBMITTAL 1. Clearly identified proposals are due on or before March 30, 2015 by 4:00 P.M. PST, and are to be delivered in a sealed package with the following information to: RE: RFP # 042-C004168-RT - Asset Management System County of Orange/Health Care Agency Attn: Roland Tabangin 200 W. Santa Ana Blvd., Suite #650 Santa Ana, CA 92701 HCA/Purchasing Regular Business Hours: Monday through Friday 8:00 A.M. to 5:00 P.M. PST Proposals must be date and time-stamped on the outside of the sealed package by a HCA Purchasing staff upon delivery. It is the sole responsibility of the Offeror to ensure that delivery is made to County prior to the closing date and time. Delivery receipts are available upon request. Late Proposals will not be accepted.
County of Orange Health Care Agency
4
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 6
County of Orange
2.
Bid 042-C004168-RT
The County has attempted to provide all information available. It is the responsibility of each Offeror to review, evaluate, and where necessary, request any clarification prior to submission of a proposal. If any person contemplating submitting a proposal is in doubt as to the true meaning of any part of this RFP or finds discrepancies in or omissions from the specifications, they may submit a written request for clarification to the referenced DPA, via BidSync. If clarification or interpretation of this RFP is considered necessary by the County, an addendum shall be issued. Any interpretation of, or correction to this RFP, will be made only by an addendum issued by the assigned DPA via BidSync. It is the Offeror’s responsibility to ensure that they have reviewed any and all addendums to this RFP. The County shall be responsible for any other explanations, corrections to, or interpretations of the documents, including any oral information.
3.
There will be no pre-proposal conference for this RFP.
4.
Proposals must be valid for a period of at least three hundred and sixty five calendar days from the closing date and time for receipt. No Proposals may be withdrawn after the submission date.
5.
Prior to the award of any contract, all proposals will be designated confidential to the extent permitted by applicable state and federal law. However, all proposals will likely be regarded as public records upon completion of negotiations with the top-ranked proponent(s), or once all proposals are rejected and this solicitation is terminated. Any information a firm considers highly confidential information should not be deposited in writing with the County. If it is necessary to include proprietary/trade or confidential information in your response, the County recommends that the proprietary/trade or confidential information be clearly indicated as confidential. While the County will take all reasonable precautions, it cannot guarantee protection of the information furnished in a proposal. Additionally, all responses shall become the property of the County. The County reserves the right to make use of any information or ideas in the responses submitted.
6.
By submitting a proposal, the Offeror attest that it has thoroughly examined the County’s requirements reference in all applicable Sections of this RFP, is familiar with the services required in this RFP, and is qualified and capable of providing the services to achieve the County’s objectives.
7.
Each Offeror must submit a proposal in strict accordance with all requirements of this RFP, and compliance must be stated in the response. Deviations, clarifications and/or exceptions must be clearly identified and listed separately as alternative items for the County’s consideration in Section II, Part 1, B. 7. Statement of Compliance.
8.
The County reserves the right to negotiate modifications with any Offeror as necessary to serve the best interests of the County. Any response may be rejected as non-responsive if it is conditional, incomplete or deviates from specifications in this RFP. The County reserves the right to waive, at its discretion, any procedural irregularity, immaterial defect, or other impropriety which the County deems reasonably correctable or otherwise not warranting rejection of the proposal. No such waiver will excuse an Offeror from full compliance with all other sections of the RFP.
9.
Pre-contractual expenses are not to be included in, or as part of the Compensation and Payment amount stated in the Model Contract’s Attachment B. Pre-contractual expenses are defined as including, but not limited to, costs incurred by the Offeror in preparing its qualifications in proposal to this RFP; submitting that proposal to the County; negotiating with the County any matter
County of Orange Health Care Agency
5
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 7
County of Orange
Bid 042-C004168-RT
related to Offeror's proposal; and any other expenses incurred by the Offeror prior to date of award and execution, if any, of the Contract. 10. The County reserves the right to: a) negotiate the final Contract with any Offeror(s) as necessary to serve the best interests of the County; b) withdraw this RFP in whole or in part at any time without prior notice and, furthermore, makes no representations that any Contract will be awarded to any Offeror responding to this RFP; c) award its total requirements to one Offeror or to apportion those requirements among two or more Offerors as the County may deem to be in its best interests; d) reject any response if it is conditional, incomplete or deviates significantly from the services requested in this RFP or f) request Best and Final Offer from any Offerors determined to be within the competitive range. Late Best and Final Offers will not be accepted by the County for any reason. In addition, negotiations may or may not be conducted with Offerors; therefore, the proposal submitted should contain Offeror's most favorable terms and conditions, since the selection and award may be made without discussion with any Offeror. 11. The County intends to contract with a single firm or multiple firms; therefore, joint venture and prime/subcontract proposals will not be accepted. 12. The County does not require and neither encourages nor discourages the use of lobbyists or other consultants for the purpose of securing business. D.
PROTEST PROCEDURES Any actual or prospective Offeror or contractor who alleges an error or impropriety in the solicitation or award of a contract may submit a grievance or protest to the appropriate agency/department DPA. All protests shall be typed under the protester’s letterhead and submitted in accordance with the provisions stated herein. All protests shall include at a minimum the following information: •
The name, address and telephone number of the protester;
•
The signature of the protester or the protester’s representative;
•
The solicitation or contract number;
•
A detailed statement of the legal and/or factual grounds for the protest; and
•
The form of relief requested.
Protest of Bid/Proposal Specifications All protests related to the RFP specifications must be submitted to the DPA no later than five business days prior to the close of the RFP. Protests received after the five business day deadline will not be considered by the County. In the event the protest of specifications is denied and the protester wishes to continue in the solicitation process, they must still submit a proposal to the close of the solicitation in accordance with the submittal procedures provided in the RFP. Protest of Award of Contract In accordance with the Section 4.2-110 of the Contract Policy Manual, immediately upon completion of negotiations with the top-ranked vendor(s), but prior to the filing of an Agenda Staff Report (ASR)
County of Orange Health Care Agency
6
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 8
County of Orange
Bid 042-C004168-RT
for award of contract, the DPA shall send a Notice of Intent to Award a Contract to all participating vendors and submit a copy to the Clerk of the Board. a) Vendors will have five business days from the date of the notice in which to file a protest concerning the award of the contract. b) Protests relating to a proposed contract award which are received after the five business day deadline will not be considered by the County. c) During the five business day period, RFP information, including the final evaluator score sheets with the names of individual evaluators redacted, are subject to public disclosure. d) Upon expiration of the five business day period or proper resolution of a protest/appeal, the department may move forward with the contract award or if necessary, filing the item for approval by the Board of Supervisors. Protest Process In the event of a timely protest, the County shall not proceed with the solicitation or award of the contract until the DPA, the County Purchasing Agent or the Procurement Appeals Board renders a decision on the protest. Upon receipt of a timely protest, the DPA will within ten business days of the receipt of the protest, issue a decision in writing which shall state the reasons for the actions taken. The County may, after providing written justification to be included in the procurement file, make the determination that an immediate award of the contract is necessary to protect the substantial interests of the County. The award of a contract shall in no way compromise the protester’s right to the protest procedures outlined herein. If the protester disagrees with the decision of the DPA, the protestor may submit a written notice to the Office of the County Purchasing Agent requesting an appeal to the Procurement Appeals Board, in accordance with the process stated below.
Appeal Process If the protester wishes to appeal the decision of the DPA, the protester must submit, within three business days from receipt of the Deputy Purchasing Agent’s decision, a written appeal to the Office of the County Purchasing Agent. Within fifteen business days, the County Purchasing Agent will review all materials in connection with the grievance, assess the merits of the protest and provide a written determination that shall contain his or her decision on whether the protest shall be forwarded to the Procurement Appeals Board. The decision of the County Purchasing Agent on whether to allow the appeal to go forward will be final and there shall be no right to any administrative appeals of this decision. E. EVALUATION PROCESS AND CRITERIA PROCEDURES Proposals will be evaluated by a panel of job knowledge expert on the basis of the responsiveness to the questions and all requirements in this RFP. Contract award shall be made to the responsible Offeror(s) whose proposal is most advantageous to the County, taking into consideration the applicable evaluation criteria set forth below. The listing of County of Orange Health Care Agency
7
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 9
County of Orange
Bid 042-C004168-RT
proposed cost as an evaluation criteria does not require the County to select Offeror with the lowest cost proposal. The County shall use the following criteria in its evaluations and comparisons of Offerors. No inference is to be drawn concerning relative importance of criteria based on the order presented. EVALUATION CRITERIA: 1. 2. 3. 4. 5. 6. 7.
Scope of experience. Staffing, certificates, and licenses. Overall understanding of the County’s requirement. Proposed cost. Financial stability and statements. Presentation/interview/site visits (optional). IT Security.
Prior to receipt of proposals, an evaluation committee will establish criteria weighting and assigning points which measure how responsive the Offeror’s proposal is to the particular specification or requirement in question. The total number of points earned will be tallied for each proposal and then the proposals will be ranked according to the total number of points awarded. The evaluation panel shall select firms that best meet County requirements. The County will create a list of such firms that may be contacted at the County’s discretion to negotiate a contract. By submitting a response, the proponent agrees to the decision of the County’s Purchasing Agent as final. Following the initial evaluation process, the highest-ranking Offerors may or may not be invited to an oral interview/presentation and/or requested to have a site visit. If highest-ranking proposer(s)are invited to an oral interview/presentation or requested to have a site visit, they should be able to appear for an interview/presentation and/or to schedule a site visit within five days upon notification by the assigned buyer.
F. SELECTION/AWARD PROCESS Upon completion of the evaluation process, the evaluation panel will make a recommendation for award to the DPA. The recommendation for award may be presented to the County’s Board of Supervisors for approval of the contract for the services requested in this solicitation. The Model Contract contained in Section III of this RFP is the contract proposed for execution. It may be modified to incorporate negotiated items and other pertinent terms and conditions set forth in this RFP, including special conditions and requirements and those added by addendum, necessary attachments, and to reflect the Offeror’s proposal and qualifications. Negotiations may or may not be conducted with the finalist(s); therefore, the proposal submitted should contain Offeror’s most favorable terms and conditions, since the selection and award may be made without further discussion or need for clarification. Any exceptions to the terms and conditions of the proposed contract or the statements regarding Offeror’s inability to comply with any of the provisions thereof are to be declared in the Offeror’s proposal: Section II entitled Proposal Response Requirements. Any additional exceptions to the terms and conditions made by any Offeror after submission of its proposal may result in elimination from further consideration.
County of Orange Health Care Agency
8
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 10
County of Orange
Bid 042-C004168-RT
G. COUNTY OF ORANGE CHILD SUPPORT AND EDD REQUIREMENTS 1.
Orange County Child Support Enforcement Offeror agrees to comply with the Child Support Enforcement regulations pursuant to Section III Model Contract, # 11.
2. EDD – Independent Contractor Reporting Requirements Offeror agrees to comply with the EDD Independent Contractor Reporting Requirements pursuant to Section III Model Contract, Additional Terms and Conditions, # 26.
County of Orange Health Care Agency
9
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 11
County of Orange
Bid 042-C004168-RT
SECTION II
PROPOSAL RESPONSE REQUIREMENTS/ MINIMUM QUALIFICATIONS
County of Orange Health Care Agency
10
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 12
County of Orange
Bid 042-C004168-RT
SECTION II: PROPOSAL RESPONSE REQUIREMENTS/MINIMUM QUALIFICATIONS
A. PROPOSAL RESPONSE REQUIREMENTS It is imperative that all Offerors responding to this RFP comply exactly and completely with the instructions set forth herein. 1. Proposals are to be typewritten and submitted in Microsoft Word format, except where otherwise provided or noted, on standard 8.5 x 11–inch paper. All pages are to be numbered and identified sequentially by section, and tabbed and indexed in accordance with the information requested in Section II Proposal Response Requirements/Minimum Qualifications. Additional material such as technical documents may be referenced in any response if the material is included in the same section as the additional information. 2. Proposals must include three tabbed sections: Part 1, Part 2, and Part 3, and must be indexed in the order outlined below. List questions and your responses and/or attachments as numbered and listed within each section. 3. Proposals must be prepared simply and economically, providing a straightforward, concise description of capabilities to satisfy the requirements of this RFP. Emphasis shall be on completeness and clarity of content with sufficient detail to allow for accurate evaluation and comparative analysis. 4. Offeror must provide one original hard copy with original signatures, clearly marked as “original” on the outside cover; five hard copies clearly marked as “copy”, and one electronic copy (e.g., CD-ROM, flash drive). B. MINIMUM QUALIFICATIONS Offeror must meet the minimum qualifications below in order to be deemed responsive to this RFP. 1. Complete all required RFP sections defined in Part 1, Part 2, and Part 3; and pass all requirements defined in Part 1 and Part 3. 2. Have a minimum five years’ consecutive years as provider of an Asset Management System at the working level appropriate for the proposed services as describe in Scope of Work, Attachment A.
County of Orange Health Care Agency
11
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 13
County of Orange
Bid 042-C004168-RT
SECTION II, PART 1 COVER LETTER AND CERTIFICATIONS (Complete this section and submit as Part 1) A.
COVER LETTER Response must be accompanied by a Cover Letter of introduction and executive summary of the RFP. The Cover Letter must be signed by the appropriate corporate officers, as stated on the Cover Page of this RFP. An unsigned proposal or failure to comply with corporate signature requirements is grounds for rejection and disqualification from further participation in this RFP process. All responses shall include in this first tabbed section, the first page of this RFP and any subsequent addenda issued to this RFP with appropriate signatures as required.
B.
CERTIFICATIONS 1. Validity of Response Offeror hereby certifies that Offeror’s proposal is valid for 365 days from the RFP closing date. Proposals which are not valid for at least 365 days will be considered non-responsive and subject to rejection. 2. Certification of Understanding Offeror certifies they understand and have considered in this proposal, that the County assumes no responsibility for any understanding of the Offeror or representation made by any of its officers, employees or agents during or prior to the execution of any contract resulting from this RFP unless: a. Such understanding or representations are expressly stated in the Contract; and b. The Contract expressly provides that the County the responsibility. 3. Minimum Qualification Statement Offeror certifies that it meets all minimum qualifications and requirements set forth in Section II of this RFP. 4. Certificate of Insurance Offeror certifies their willingness and ability to provide the required insurance coverage and certificates as set forth in Section III Model Contract of this RFP. (See General Terms and Conditions, Articles P and HH for insurance requirements). 5. Child Support Enforcement and EDD Independent Contractor Requirements Offeror certifies their willingness and ability to provide the required Orange County Child Support Enforcement as set forth in Section I and Exhibit 1 of Model Contract of this RFP.
County of Orange Health Care Agency
12
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 14
County of Orange
Bid 042-C004168-RT
6. Conflict of Interest Offeror certifies: (I) Offeror has provided the County with disclosures required in (a) and (b) below as part of its proposal, or (II) that no relationships as outlined in (a) and (b) exist. a. Disclose any financial, business or other relationship with the County or other entity that the County Board of Supervisors governs, or any County Board member, officer or employee, which may have an impact, effect or influence on the outcome of the services you propose to provide. Provide a list of current clients, employees, principals or shareholders (including family members) who may have a financial interest in the outcome of services you proposed to provide. b. Disclose any financial, business or other relationship within the last three years with any firm or member of any firm who may have a financial interest in the outcome of the work. 7. Statement of Compliance Offeror certifies it is in strict compliance with this RFP, including, but not limited to the terms and conditions set forth in Section III Model Contract and its Attachments and Exhibits, and no exceptions are proposed. OR Is in strict compliance with this RFP, including the terms and conditions set forth in Section III Model Contract and its Attachments and Exhibits, except for those exceptions expressly listed as required by this RFP and attached hereto. Attachments for each proposed exception to this RFP, including, but not limited to Section III Model Contract, must include: a. The complete provision Offeror is taking exception to. b. The RFP page number and section of the provision Offeror is taking exception to. c.
The suggested rewording by way of Microsoft Word track changes.
d. Reason(s) for submitting the proposed exception. e. Any impact the proposed exception may have on the services to be provided.
By signing below, Offeror certifies it has read, understands, and accepts all conditions set forth in Section II, Part I of this RFP.
_________________________________ Authorized Signature
County of Orange Health Care Agency
_________________________________ Authorized Signature
13
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 15
County of Orange
Bid 042-C004168-RT
SECTION II, PART 2 COMPANY PROFILE (Complete this section and submit as Part 2) Company Legal Name: Company Legal Status (corporation, partnership, etc.): Business Address: Telephone Number: (___)
Facsimile Number: (___)
Website Address: ______________________________Email Address: ________________________ Length of time the firm has been in business: Is your firm a sole proprietorship?
Length of time at current location:
Yes
No
Is your firm a sole proprietorship doing business under a different name:
Yes
No
If yes, please indicate sole proprietor’s name and the name you are doing business under: ______________________________________________________________________________ Is your firm incorporated:
Yes
No
If yes, State of Incorporation:
Federal Taxpayer ID Number Regular business hours: Regular holidays and hours when business is closed: Contact person in reference to this RFP: Telephone Number: (___)
Facsimile Number: (___)
Email Address: Contact person for accounts payable: Telephone Number: (___)
Facsimile Number: (___)
Email Address: Name of service manager: Telephone Number: (___)
Facsimile Number: (___)
Email Address: In the event of an emergency or declared disaster, the following information is required; Name of contact during non-business hours: Telephone Number: (___)
Facsimile Number: (___)
Email Address:
Cell or Pager Number:
County of Orange Health Care Agency
14
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 16
County of Orange
Bid 042-C004168-RT
SECTION II, PART 3 OFFEROR’S PROPOSAL (COMPLETE THIS SECTION AND SUBMIT AS PART 3) 1.
Scope of Work The purpose of this RFP is to procure a fully functioning, agile, and scalable Asset Inventory System (AIS) to replace the current legacy Microsoft Access-based HCA Asset Management System. The system may be installed on HCA’s premises or hosted by the vendor. At the time the system goes live, the system must be fully functional and have the ability to convert/transfer existing data into the system from the aforementioned legacy system. The AIS must have the capacity to allow multiple users, approximately thirty (30), to input data and have the ability to track assets at approximately three hundred (300) locations throughout Orange County. The proposed system must also have a bar code scanning component to accurately capture asset information during audits, year-end inventory, and to track asset movements. HCA locations often do not possess any form of wireless capability; therefore the data capturing mechanism must have the ability to obtain data and sync to the proposed system once connected to the Internet or the HCA network at a later time. The system must employ comprehensive asset tracking and control best practices currently in use with an organization of comparable complexity and size. Use in a government organization is a plus. It is the desire of HCA to approach this project in a multiphase approach as listed below:
Initial installation and configuration with the HCA Purchasing staff as the primary users Convert and validate imported data End user and Administrator level training Bring on additional sites and users at a later date in a manner agreed upon by HCA Purchasing management
TYPE OF ASSETS CONTROLLED BY HCA PURCHASING Capital Assets These are assets whose values are greater than $5000. Fixed Assets are reportable to the County Of Orange Auditor Controller on an on-going basis. Controlled Assets These are assets whose values are less than $5000 and greater than $600. These assets are purchased solely through the HCAPD. Creation of a controlled asset tag will be automatically and randomly generated. Non-Capital Non-Controlled Assets (NCNC) These are assets whose costs are less than $500. These assets are in most cases directly purchased by and delivered to HCA programs. These are classified as NCNC, creation of NCNC asset records and printing of NCNC Asset Tags will be created by both HCAPD and program that have access to the system. HCAPD and program will have access to the creation of a NCNC asset tag and will be automatically and randomly generated.
County of Orange Health Care Agency
15
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 17
County of Orange
Bid 042-C004168-RT
Receiving Assets - Capital/Fixed Assets The County Of Orange Auditor Controller will notify purchasing that a fixed asset has been purchased and paid for. HCAPD will send the supporting documentation of the fixed asset to the Auditor Controller. Once the Auditor Controller receives the documentation they will assign a fixed asset number and send purchasing the asset tag which depicts the Capital/Fixed Asset Number that is on the Auditor Controllers Fixed Asset list. This number will used in creating an HCA Capital Asset Tag in the Asset Management Database. Controlled Assets HCAPD receives Controlled Assets at the HCA warehouse. The warehouse staff creates the Controlled Asset record in the Asset Management System and an asset number is automatically generated. HCAPD staff creates the asset record by entering the description, model, serial number, employee name, and all relevant information that pertains to the asset. Not Controlled Not Capital (NCNC) Assets These assets cost less than $600 and are tracked at the discretion of HCA. The Program Asset Control Officer will create these records in the Asset Tracking Management System and print the tags as needed. 2.
Submittals The following information should be divided into tabbed, marked sections and should include, but not limited to, information regarding each of the following: a. Brief company history including size of staff, principal business location and any other service locations, primary line of business, and length of time firm has been providing services(s) described in Attachment A – Scope of Work. b. Identify key management and operating personnel who would provide basic services and include their areas of responsibility. Provide a resume for each individual and include a summary of their pertinent experiences and qualifications. c.
Identify all outside consultants that would be employed by your firm. For each consultant listed, please provide a resume for each individual and include a summary of their pertinent experiences and qualifications.
d. Describe any additional experience, philosophy, approach, or awards received that would demonstrate your firm’s unique ability to perform the services requested. Specialties and strengths of your firm should be emphasized, along with a statement of why your firm should be selected. e. Provide a proposed work plan as outlined in Attachment A – Scope of Work of Section III. f.
Offeror must complete the Security Deliverables form referenced in Exhibit 1.
g. Offeror must complete and provide all documentation and responses as outlined in the Application Service Provider Questionnaire shown in Exhibit 2.
County of Orange Health Care Agency
16
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 18
County of Orange
3.
Bid 042-C004168-RT
References Offeror must provide a minimum of three positive references from organizations with whom the Offeror has done business with in the last five years, whose requirements are approximate in scope to the County’s. One reference must be from a governmental entity. For each reference, Offeror shall provide the name of firm, address, and telephone number of the person the County may contact that works directly with Offeror in overseeing the services for that firm, and completion date and cost. These references will be checked and could affect the award of the contract.
4.
Resources To Be Provided By County Offeror shall identify and list any requirements for County-furnished items such as equipment, materials, facilities, or any other County support that will be necessary to implement and complete this project. The County reserves the right to accept or reject any and all additional requests/requirements for County-furnished items and resources not specifically set forth in its response.
5.
Financial Information a. Financial Statements: Offeror shall submit audited financial statement for the three most recent fiscal years. Unaudited financial statements will not be accepted. Financial statements shall be prepared in conformity with generally accepted accounting principles. b. Bankruptcy Information: Offeror shall indicate whether Offeror, its principals, directors, or majority shareholder(s), or any company Offeror has held a controlling interest in, or which has held a controlling interest in Offeror, has ever filed for or has been involuntarily put into bankruptcy or has been declared bankrupt. If yes, attach a statement indicating the bankruptcy date, court jurisdiction, trustee’s name and telephone number, amount of liabilities, amount of assets and current status of bankruptcy. c.
Pending Litigation: Attach detailed information regarding any existing or threatened litigation, liens, or claims involving Offeror, or any company Offeror holds a controlling interest in, or any company that holds an interest in Offeror, or any of the principal officers of the Offeror’s firm. No action pending
County of Orange Health Care Agency
No prior action
17
Information attached
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 19
County of Orange
Bid 042-C004168-RT
SECTION III MODEL CONTRACT NO. TBD FOR
ASSET MANAGEMENT SYSTEM BETWEEN THE COUNTY OF ORANGE HEALTH CARE AGENCY AND
TBD
County of Orange Health Care Agency
18
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 20
County of Orange
Bid 042-C004168-RT
Table of Contents Contract Cover Page ................................................................................................................................... 17 Table of Contents ........................................................................................................................................ 18 Recitals ………………………………………………………………………………………………………. ......... 20 ARTICLES
PAGE
General Terms and Conditions A. B. C. D. E. F. G. H. I. J. K. L. M. N. O. P. Q. R. S. T. U. V. W. X. Y. Z. AA. BB. CC. DD. EE. FF. GG. HH. II.
Governing Law and Venue ................................................................................................................. 21 Entire Contract .................................................................................................................................... 21 Amendments ....................................................................................................................................... 21 Taxes ................................................................................................................................................. 22 Delivery .............................................................................................................................................. 22 Acceptance/Payment .......................................................................................................................... 22 Warranty.............................................................................................................................................. 22 Patent/Copyright Materials/Proprietary Infringement .......................................................................... 22 Assignment or Subcontracting ............................................................................................................ 22 Non-Discrimination .............................................................................................................................. 22 Termination ......................................................................................................................................... 23 Consent to Breach Not Waiver ........................................................................................................... 23 Remedies Not Exclusive ..................................................................................................................... 23 Independent Contractor ...................................................................................................................... 23 Performance........................................................................................................................................ 23 Insurance Provisions ........................................................................................................................... 23 Bill and Liens ....................................................................................................................................... 23 Changes .............................................................................................................................................. 25 Change of Ownership ......................................................................................................................... 25 Force Majeure ..................................................................................................................................... 25 Confidentiality...................................................................................................................................... 25 Compliance with Laws ........................................................................................................................ 25 Freight (F.O.B Destination .................................................................................................................. 26 Pricing ................................................................................................................................................. 26 Intentional left blank ............................................................................................................................ 26 Terms and Conditions ......................................................................................................................... 26 Headings ............................................................................................................................................. 26 Severability.......................................................................................................................................... 26 Calendar Days .................................................................................................................................... 26 Attorney’s Fees ................................................................................................................................... 26 Interpretation ....................................................................................................................................... 26 Authority .............................................................................................................................................. 26 Employee Eligibility Verification .......................................................................................................... 26 Indemnification .................................................................................................................................... 27 Audits/Inspections ............................................................................................................................... 27
Additional Terms and Conditions 1. Scope of Contract ................................................................................................................................... 2. Term of Contract ................................................................................................................................. 28 3. Precedence ......................................................................................................................................... 28 4. Pricing Structure ................................................................................................................................. 28 5. Fiscal Appropriations – Subject to ...................................................................................................... 28 6. Contingency of Funds ......................................................................................................................... 28 7. Termination ......................................................................................................................................... 28 County of Orange Health Care Agency
19
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 21
County of Orange
8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31. 32. 33. 34. 35. 36. 37.
Bid 042-C004168-RT
County Project Manager ..................................................................................................................... 29 Contractor Project Manager ............................................................................................................... .29 Breach of Contract .............................................................................................................................. 29 County of Orange Child Support Enforcement ................................................................................... 29 Conflict of Interest ............................................................................................................................... 30 Conflict with Existing Law ................................................................................................................... 30 Contractor Bankruptcy/Insolvency ...................................................................................................... 30 Disputes – Contract ............................................................................................................................ 30 Notices ................................................................................................................................................ 31 Contractor’s Records .......................................................................................................................... 32 News/Information Release .................................................................................................................. 32 California Public Records Act ............................................................................................................. 32 Validity................................................................................................................................................. 32 Gratuities ............................................................................................................................................. 32 Parking ................................................................................................................................................ 32 Amendments – Changes/Extra Work ................................................................................................. 32 Reports/Meetings ................................................................................................................................ 32 Software – Right to Copy or Modify .................................................................................................... 33 EDD Independent Contractor Reporting Requirements ..................................................................... 33 Debarment .......................................................................................................................................... 33 Lobbying.............................................................................................................................................. 34 Contractor Personnel-Drug Free Workplace ...................................................................................... 34 Software – Protection .......................................................................................................................... 34 Software – Maintenance ..................................................................................................................... 35 Software License ................................................................................................................................ 35 Software Installation ............................................................................................................................ 35 Software – Acceptance Testing .......................................................................................................... 36 Software – Documentation.................................................................................................................. 36 Software – Future Releases ............................................................................................................... 36 Compliance with County Information Technology Policies and Procedures ...................................... 36
Signature Page ........................................................................................................................................... 38
ATTACHMENTS Attachment A - Scope of Work .................................................................................................................... 39 Attachment B – Compensation and Invoicing ............................................................................................. 60 Attachment C – Cost Summary/Pricing ...................................................................................................... 62 EXHIBITS Exhibit 1 – Security Deliverables ................................................................................................................ 63 Exhibit 2 – Application Service Provider Questionnaire .............................................................................. 65 Exhibit 3 - Child Support Enforcement Requirements ................................................................................ 89
County of Orange Health Care Agency
20
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 22
County of Orange
Bid 042-C004168-RT
CONTRACT NO. TBD ASSET MANAGEMENT SYSTEM This Contract number ______________ (hereinafter “Contract”), is made and entered into this ______ day of _______________, 2015 or upon execution of all necessary signatures between _________________________________, (hereinafter “Contractor"), with a place of business at__________________________________________________ and the County of Orange, Health Care Agency (hereinafter "County”), a political subdivision of the State of California, with a place of business at 200 Santa Ana Blvd., suite #650, Santa Ana, ca 92701-7506, which are sometimes individually referred to as “Party”, or collectively referred to as “Parties”. RECITALS WHEREAS, the County issued a Request for Proposals (RFP) for the provision Health Care Agency (HCA) Asset Management System; and WHEREAS, the Contractor responded and represented that its proposed services shall meet or exceed the requirements and specifications of the RFP; and WHEREAS, the Contractor agrees to render all the necessary skills, knowledge, material and labor to perform the services; and WHEREAS, the County has authorized the Purchasing Agent or designee to enter into Contract with Contractor for obtaining said services; and NOW, THEREFORE, the Parties mutually agree as follows: ARTICLES GENERAL TERMS AND CONDITIONS A.
Governing Law and Venue: This Contract has been negotiated and executed in the State of California and shall be governed by and construed under the laws of the State of California. In the event of any legal action to enforce or interpret this Contract, the sole and exclusive venue shall be a court of competent jurisdiction located in Orange County, California, and the Parties hereto agree to and do hereby submit to the jurisdiction of such court, notwithstanding Code of Civil Procedure Section 394. Furthermore, the Parties specifically agree to waive any and all rights to request that an action be transferred for trial to another county.
B.
Entire Contract: This Contract, when accepted by the Contractor either in writing or by commencement of performance hereunder, contains the entire Contract between the Parties with respect to the matters herein and there are no restrictions, promises, warranties or undertakings other than those set forth herein or referred to herein. No exceptions, alternatives, substitutes or revisions are valid or binding on County unless authorized by County in writing. Electronic acceptance of any additional terms, conditions or supplemental Contracts by any County employee or agent, including but not limited to installers of software, shall not be valid or binding on County unless accepted in writing by County’s Purchasing Agent or designee, hereinafter “Purchasing Agent”.
C.
Amendments: No alteration or variation of the terms of this Contract shall be valid unless made in writing and signed by the Parties; no oral understanding or agreement not incorporated herein shall be binding on either of the Parties; and no exceptions, alternatives, substitutes or revisions are valid or binding on County unless authorized by County in writing.
County of Orange Health Care Agency
21
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 23
County of Orange
Bid 042-C004168-RT
D.
Taxes: Unless otherwise provided herein or by law, price quoted does not include California state sales or use tax.
E.
Delivery: Time of delivery of goods or services is of the essence in this Contract. County reserves the right to refuse any goods or services and to cancel all or any part of the goods not conforming to applicable specifications, drawings, samples or descriptions or services that do not conform to the prescribed Scope of Work. Acceptance of any part of the order for goods shall not bind County to accept future shipments nor deprive it of the right to return goods already accepted at Contractor’s expense. Over-shipments and under-shipments of goods shall be only as agreed to in writing by County. Delivery shall not be deemed to be complete until all goods or services have actually been received and accepted in writing by County.
F.
Acceptance/Payment: Unless otherwise agreed to in writing by County, 1) acceptance shall not be deemed complete unless in writing and until all the goods/services have actually been received, inspected, and tested to the satisfaction of County, and 2) payment shall be made in arrears after satisfactory acceptance.
G.
Warranty: Contractor expressly warrants that the goods/services covered by this Contract are 1) free of liens or encumbrances, 2) merchantable and good for the ordinary purposes for which they are used, and 3) fit for the particular purpose for which they are intended. Acceptance of this order shall constitute an agreement upon Contractor’s part to indemnify, defend and hold County and its indemnities as identified in paragraph “HH” below, and as more fully described in paragraph “HH”, harmless from liability, loss, damage and expense, including reasonable counsel fees, incurred or sustained by County by reason of the failure of the goods/services to conform to such warranties, faulty work performance, negligent or unlawful acts, and non-compliance with any applicable state or federal codes, ordinances, orders, or statutes, including the Occupational Safety and Health Act (OSHA) and the California Industrial Safety Act. Such remedies shall be in addition to any other remedies provided by law.
H.
Patent/Copyright Materials/Proprietary Infringement: Unless otherwise expressly provided in this Contract, Contractor shall be solely responsible for clearing the right to use any patented or copyrighted materials in the performance of this Contract. Contractor warrants that any software as modified through services provided hereunder will not infringe upon or violate any patent, proprietary right, or trade secret right of any third party. Contractor agrees that, in accordance with the more specific requirement contained in paragraph “HH” below, it shall indemnify, defend and hold County and County Indemnitees harmless from any and all such claims and be responsible for payment of all costs, damages, penalties and expenses related to or arising from such claim(s), including, but not limited to, attorney’s fees, costs and expenses.
I.
Assignment or Subcontracting: The terms, covenants, and conditions contained herein shall apply to and bind the heirs, successors, executors, administrators and assigns of the Parties. Furthermore, neither the performance of this Contract nor any portion thereof may be assigned or sub-contracted by Contractor without the express written consent of County. Any attempt by Contractor to assign or subcontract the performance or any portion thereof of this Contract without the express written consent of County shall be invalid and shall constitute a breach of this Contract.
J.
Non-Discrimination: In the performance of this Contract, Contractor agrees that it will comply with the requirements of Section 1735 of the California Labor Code and not engage nor permit any subcontractors to engage in discrimination in employment of persons because of the race, religious creed, color, national origin, ancestry, physical disability, mental disability, medical condition, marital status, or sex of such persons. Contractor acknowledges that a violation of this provision shall subject Contractor to all the penalties imposed for a violation of Section 1720 et seq. of the California Labor Code.
County of Orange Health Care Agency
22
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 24
County of Orange
Bid 042-C004168-RT
K.
Termination: In addition to any other remedies or rights it may have by law, County has the right to terminate this Contract without penalty immediately with cause or after thirty (30) days’ written notice without cause, unless otherwise specified. Cause shall be defined as any breach of this Contract, or any misrepresentation or fraud on the part of the Contractor. Exercise by County of its right to terminate the Contract shall relieve County of all further obligation.
L.
Consent to Breach Not Waiver: No term or provision of this Contract shall be deemed waived and no breach excused, unless such waiver or consent shall be in writing and signed by the Party claimed to have waived or consented. Any consent by any Party to, or waiver of, a breach by the other, whether express or implied, shall not constitute consent to, waiver of, or excuse for any other different or subsequent breach.
M.
Remedies Not Exclusive: The remedies for breach set forth in this Contract are cumulative as to one another and as to any other provided by law, rather than exclusive; and the expression of certain remedies in this Contract does not preclude resort by either Party to any other remedies provided by law.
N.
Independent Contractor: Contractor shall be considered an independent contractor and neither Contractor, its employees, nor anyone working under Contractor shall be considered an agent or an employee of County. Neither Contractor, its employees, nor anyone working under Contractor, shall qualify for workers’ compensation or other fringe benefits of any kind through County.
O.
Performance: Contractor shall perform all work under this Contract, taking necessary steps and precautions to perform the work to County’s satisfaction. Contractor shall be responsible for the professional quality, technical assurance, timely completion and coordination of all documentation and other goods/services furnished by the Contractor under this Contract. Contractor shall perform all work diligently, carefully, and in a good and workman-like manner; shall furnish all labor, supervision, machinery, equipment, materials, and supplies necessary therefor; shall at its sole expense obtain and maintain all permits and licenses required by public authorities, including those of County required in its governmental capacity, in connection with performance of the work; and, if permitted to subcontract, shall be fully responsible for all work performed by subcontractors.
P.
Insurance Provisions: Prior to the provision of services under this Contract, Contractor agrees to purchase all required insurance at Contractor’s expense and to deposit with the County Certificates of Insurance, including all endorsements required herein, necessary to satisfy County that the insurance provisions of this Contract have been complied with and to keep such insurance coverage and the certificates therefore on deposit with County during the entire term of this Contract. In addition, all subcontractors performing work on behalf of Contractor pursuant to this Contract shall obtain insurance subject to the same terms and conditions as set forth herein for Contractor. All self-insured retentions (SIRs) and deductibles shall be clearly stated on the Certificate of Insurance. If no SIRs or deductibles apply, indicate this on the Certificate of Insurance with a zero (0) by the appropriate line of coverage. Any self-insured retention (SIR) or deductible in an amount in excess of $25,000 ($5,000 for automobile liability), shall specifically be approved by the County Executive Office (CEO)/Office of Risk Management. If Contractor fails to maintain insurance acceptable to County for the full term of this Contract, County may terminate this Contract. Qualified Insurer The policy or policies of insurance must be issued by an insurer licensed to do business in the State of California (California Admitted Carrier) or have a minimum rating be A- (Secure A.M.
County of Orange Health Care Agency
23
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 25
County of Orange
Bid 042-C004168-RT
Best's Rating) and VIII (Financial Size Category as determined by the most current edition of the Best's Key Rating Guide/Property-Casualty/United States or ambest.com. If the insurance carrier is not a non-admitted carrier in the State of California and does not have an A.M. Best rating of A-/VIII, the County CEO/Office of Risk Management retains the right to approve or reject a carrier after a review of the company's performance and financial ratings. The policy or policies of insurance maintained by the Contractor shall provide the minimum limits and coverage as set forth below: Coverage
Minimum Limits
Commercial General Liability
$1,000,000 per occurrence $2,000,000 aggregate
Automobile Liability including coverage
$1,000,000 per occurrence for owned, non-owned and hired vehicles
Workers' Compensation
Statutory
Employers' Liability Insurance
$1,000,000 per occurrence
Professional Liability Insurance
$1,000,000 per claims made or per occurrence
Required Coverage Forms The Commercial General Liability coverage shall be written on Insurance Services Office (ISO) form CG 00 01, or a substitute form providing liability coverage at least as broad. The Business Auto Liability coverage shall be written on ISO form CA 00 01, CA 00 05, CA 0012, CA 00 20, or a substitute form providing coverage at least as broad. Required Endorsements The Commercial General Liability policy shall contain the following endorsements, which shall accompany the Certificate of Insurance: 1. An Additional Insured endorsement using ISO form CG 2010 or CG 2033 or a form at least as broad naming the County of Orange, its elected and appointed officials, officers, employees, agents as Additional Insureds. 2. A primary non-contributing endorsement evidencing that Contractor’s insurance is primary and any insurance or self-insurance maintained by the County of Orange shall be excess and non-contributing. All insurance policies required by this Contract shall waive all rights of subrogation against the County of Orange and members of the Board of Supervisors, its elected and appointed officials, officers, agents and employees when acting within the scope of their appointment or employment. The Workers’ Compensation policy shall contain a waiver of subrogation endorsement waiving all rights of subrogation against the County of Orange, and members of the Board of Supervisors, its elected and appointed officials, officers, agents and employees. Contractor shall notify County in writing within thirty (30) days of any policy cancellation and ten (10) days for non-payment of premium and provide a copy of the cancellation notice to County. Failure to provide written notice of cancellation may constitute a material breach of the Contract, upon which County may suspend or terminate this Contract. County of Orange Health Care Agency
24
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 26
County of Orange
Bid 042-C004168-RT
The Commercial General Liability policy shall contain a severability of interests clause also known as a “separation of insureds” clause (standard in the ISO CG 0001 policy). Insurance certificates should be forwarded to the agency/department address listed on the solicitation. If Contractor fails to provide the insurance certificates and endorsements within seven (7) days of notification by County Procurement Office/Purchasing or the agency/department purchasing division, award may be made to the next qualified vendor. County expressly retains the right to require Contractor to increase or decrease insurance of any of the above insurance types throughout the term of this Contract. Any increase or decrease in insurance will be as deemed by County of Orange Risk Manager as appropriate to adequately protect County. County shall notify Contractor in writing of changes in the insurance requirements. If Contractor does not deposit copies of acceptable Certificates of Insurance and endorsements with County incorporating such changes within thirty (30) days of receipt of such notice, this Contract may be in breach without further notice to Contractor, and County shall be entitled to all legal remedies. The procuring of such required policy or policies of insurance shall not be construed to limit Contractor's liability hereunder nor to fulfill the indemnification provisions and requirements of this Contract, nor act in any way to reduce the policy coverage and limits available from the insurer. Q.
Bill and Liens: Contractor shall pay promptly all indebtedness for labor, materials and equipment used in performance of the work. Contractor shall not permit any lien or charge to attach to the work or the premises, but if any does so attach, Contractor shall promptly procure its release and, in accordance with the requirements of paragraph “HH” below, indemnify, defend, and hold County harmless and be responsible for payment of all costs, damages, penalties and expenses related to or arising from or related thereto.
R.
Changes: Contractor shall make no changes in the work or perform any additional work without the County’s specific written approval.
S.
Change of Ownership: Contractor agrees that if there is a change or transfer in ownership of Contractor’s business prior to completion of this Contract, the new owners shall be required under terms of sale or other transfer to assume Contractor’s duties and obligations contained in this Contract and complete them to the satisfaction of County.
T.
Force Majeure: Contractor shall not be assessed with liquidated damages or unsatisfactory performance penalties during any delay beyond the time named for the performance of this Contract caused by any act of God, war, civil disorder, employment strike or other cause beyond its reasonable control, provided Contractor gives written notice of the cause of the delay to County within thirty six (36) hours of the start of the delay and Contractor avails itself of any available remedies.
U.
Confidentiality: Contractor agrees to maintain the confidentiality of all County and Countyrelated records and information pursuant to all statutory laws relating to privacy and confidentiality that currently exist or exist at any time during the term of this Contract. All such records and information shall be considered confidential and kept confidential by Contractor and Contractor’s staff, agents and employees.
V.
Compliance with Laws: Contractor represents and warrants that services to be provided under this Contract shall fully comply, at Contractor’s expense, with all standards, laws, statutes,
County of Orange Health Care Agency
25
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 27
County of Orange
Bid 042-C004168-RT
restrictions, ordinances, requirements, and regulations (collectively “laws”), including, but not limited to those issued by County in its governmental capacity and all other laws applicable to the services at the time services are provided to and accepted by County. Contractor acknowledges that County is relying on Contractor to ensure such compliance, and pursuant to the requirements of paragraph “HH” below, Contractor agrees that it shall defend, indemnify and hold County and County Indemnitees harmless from all liability, damages, costs and expenses arising from or related to a violation of such laws. W.
Freight (F.O.B Destination): Contractor assumes full responsibility for all transportation scheduling, packaging, handling, insurance, and other services associated with delivery of all products deemed necessary under this Contract.
X.
Pricing: The Contract amount shall include full compensation for providing all services as specified herein or when applicable, in the Scope of Work attached to this Contract, and no additional compensation shall be allowed therefor, unless otherwise provided for in this Contract.
Y.
Intentionally left blank.
Z.
Terms and Conditions: Contractor acknowledges that it has read and agrees to all terms and conditions included in this Contract.
AA.
Headings: The various headings and numbers herein, the grouping of provisions of this Contract into separate clauses and paragraphs, and the organization hereof are for the purpose of convenience only and shall not limit or otherwise affect the meaning hereof.
BB.
Severability: If any term, covenant, condition or provision of this Contract is held by a court of competent jurisdiction to be invalid, void or unenforceable, the remainder of the provisions hereof shall remain in full force and effect and shall in no way be affected, impaired or invalidated thereby.
CC.
Calendar Days: Any reference to the word “day” or “days” herein shall mean calendar day or calendar days, respectively, unless otherwise expressly provided.
DD.
Attorney’s Fees: In any action or proceeding to enforce or interpret any provision of this Contract, or where any provision hereof is validly asserted as a defense, each Party shall bear its own attorney’s fees, costs and expenses.
EE.
Interpretation: This Contract has been negotiated at arm’s length and between persons sophisticated and knowledgeable in the matters dealt with in this Contract. In addition, each Party has been represented by experienced and knowledgeable independent legal counsel of its own choosing, or has knowingly declined to seek such counsel despite being encouraged and given the opportunity to do so. Each Party further acknowledges that it has not been influenced to any extent whatsoever in executing this Contract by any other Party hereto or by any person representing either or both of them. Accordingly, any rule of law (including California Civil Code Section 1654) or legal decision that would require interpretation of any ambiguities in this Contract against the Party that has drafted it is not applicable and is waived. The provisions of this Contract shall be interpreted in a reasonable manner to effect the purpose of the Parties and this Contract.
FF.
Authority: The Parties to this Contract represent and warrant that this Contract has been duly authorized and executed and constitutes the legally binding obligation, enforceable in accordance with its terms.
GG.
Employee Eligibility Verification: Contractor warrants that it fully complies with all federal and state statutes and regulations regarding the employment of aliens and others and that all its
County of Orange Health Care Agency
26
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 28
County of Orange
Bid 042-C004168-RT
employees performing work under this Contract meet the citizenship or alien status requirement set forth in federal statutes and regulations. Contractor shall obtain, from all employees performing work hereunder, all verification and other documentation of employment eligibility status required by federal or state statutes and regulations including, but not limited to, the Immigration Reform and Control Act of 1986, 8 U.S.C. §1324 et seq., as they currently exist and as they may be hereafter amended. Contractor shall retain all such documentation for all covered employees for the period prescribed by the law. Contractor shall indemnify, defend with counsel approved in writing by County, and hold harmless, County, its agents, officers, and employees from employer sanctions and any other liability which may be assessed against Contractor or County or both in connection with any alleged violation of any federal or state statutes or regulations pertaining to the eligibility for employment of any persons performing work under this Contract. HH.
Indemnification: Contractor agrees to indemnify, defend with counsel approved in writing by County, and hold County, its elected and appointed officials, officers, employees, agents and those special districts and agencies for which County’s Board of Supervisors acts as the governing Board (“County Indemnitees”) harmless from any claims, demands or liability of any kind or nature, including but not limited to personal injury or property damage, arising from or related to the services, products or other performance provided by Contractor pursuant to this Contract. If judgment is entered against Contractor and County by a court of competent jurisdiction because of the concurrent active negligence of County or County Indemnitees, Contractor and County agree that liability will be apportioned as determined by the court. Neither Party shall request a jury apportionment.
II.
Audits/Inspections: Contractor agrees to permit County’s Auditor-Controller or the AuditorController’s authorized representative (including auditors from a private auditing firm hired by County) access during normal working hours to all books, accounts, records, reports, files, financial records, supporting documentation, including payroll and accounts payable/receivable records, and other papers or property of Contractor for the purpose of auditing or inspecting any aspect of performance under this Contract. The inspection and/or audit will be confined to those matters connected with the performance of the Contract including, but not limited to, the costs of administering the Contract. County will provide reasonable notice of such an audit or inspection. County reserves the right to audit and verify Contractor’s Records before final payment is made. Contractor agrees to maintain such records for possible audit for a minimum of three (3) years after final payment, unless a longer period of records retention is stipulated under this Contract or by law. Contractor agrees to allow interviews of any employees or others who might reasonably have information related to such records. Should Contractor cease to exist as a legal entity, Contractor’s Records pertaining to this Contract shall be forwarded to the surviving entity in a merger or acquisition or, in the event of liquidation, to County’s Project Manager.
ADDITIONAL TERMS AND CONDITIONS 1.
Scope of Contract: This Contract, together with its Attachments and Exhibits attached hereto and incorporated herein by reference, specifies the contractual terms and conditions by which County will procure and receive services from Contractor. The detailed Scope of Work (SOW) is fully set forth and incorporated herein as Attachment A.
County of Orange Health Care Agency
27
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 29
County of Orange
Bid 042-C004168-RT
2.
Term of Contract: This Contract shall be in effect from August 1, 2015 through and including July 31, 2016, renewable for four (4) additional one-year periods upon agreement of both Parties. The County does not have to give reason if it decides not to renew. Contract shall be in effect for the time periods specified, unless this Contract is earlier terminated by the Parties in accordance with Articles 5, 6, and 7.
3.
Precedence: The Contract documents consist of this Contract, and its Attachments and Exhibits. In the event of a conflict between the Contract documents, the order of precedence shall be the provisions of the main body of this Contract, i.e., those provisions set forth in the recitals and articles of this Contract, the Attachments and then the Exhibits.
4.
Pricing Structure: The Contractor agrees that no price/fee increases shall be passed along to the County during the term of this Contract. Contractor may discount said prices anytime during the term of the Contract.
5.
Fiscal Appropriations – Subject to: This Contract is subject to and contingent upon applicable budgetary appropriations being approved by the County of Orange Board of Supervisors for each fiscal year during the term of this Contract. If such appropriations are not approved, the Contract will be terminated without penalty to County.
6.
Contingency of Funds: Contractor acknowledges that funding or portions of funding for this Contract may also be contingent upon the receipt of funds from, and/or appropriation of funds by, the State of California to County. If such funding and/or appropriations are not forthcoming, or are otherwise limited, County may immediately terminate or modify this Contract without penalty.
7.
Termination A. Termination – Default: If Contractor is in default of any of its obligations under this Contract and has not commenced cure within ten (10) days after receipt of a written notice of default from County and cured such default within the time specified in the notice, County shall immediately be entitled to either commence resolution in accordance with this paragraph or to terminate this Contract by giving written notice to take effect immediately. Default shall include failure to carry out any of the requirements of this Contract, including, but not limited to persistently disregarding laws and or ordinances, not proceeding with the work as agreed to herein, or otherwise substantially violating any provision of this Contract. Upon termination of the Contract with Contractor, County may begin negotiations with a third-Party contractor to provide services as specified in this Contract. The right of either Party to terminate this Contract hereunder shall not be affected in any way by its waiver of or failure to take action with response to any previous default. B. Termination – Orderly: After receipt of a termination notice from County, Contractor shall submit to County a termination claim, if applicable. Such claim shall be submitted promptly, but in no event later than sixty (60) days from the effective date of the termination, unless one or more extensions in writing are granted by County upon written request of Contractor. Upon termination County agrees to pay Contractor for all services performed prior to termination which meet the requirements of the Contract, provided, however, that such compensation plus previously paid compensation shall not exceed the total compensation set forth in the Contract. Upon termination or other expiration of this Contract, each Party shall promptly return to the other Party all papers, materials, and other properties of the other held by each for purposes of execution of the Contract. In addition, each Party will assist the other Party in orderly termination of this Contract and the transfer of all aspects, tangible and intangible, as may be necessary for the orderly, non-disruptive business continuation of each Party.
County of Orange Health Care Agency
28
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 30
County of Orange
Bid 042-C004168-RT
8.
County Project Manager: County shall appoint a Project Manager to act as liaison with Contractor during the term of this Contract. County’s Project Manager shall coordinate the activities of County staff assigned to work with the Contractor.
9.
Contractor Project Manager: Contractor shall appoint a Project Manager to direct the Contractor’s efforts in fulfilling Contractor’s obligations under this Contract. The Project Manager shall be subject to approval by County and shall not be changed without the written consent of County’s Project Manager. Contractor’s Project Manager shall be assigned to this project for the duration of this Contract and shall diligently pursue all work and services to meet the project time lines. County’s Project Manager shall have the right to require the removal and replacement of the Contractor’s Project Manager or any other Contractor’s staff providing services to County under this Contract. County’s Project Manager shall notify Contractor in writing of such action. Contractor shall accomplish the removal within three (3) business days after written notice by County’s Project Manager. County’s Project Manager shall review and approve the appointment of the replacement for Contractor’s Project Manager. County is not required to provide any additional information, reason or rationale in the event it elects to request the removal of Contractor’s Project Manager providing services to County under this Contract.
10.
Breach of Contract: The failure of Contractor to comply with any of the provisions, covenants or conditions of this Contract shall be a material breach of this Contract. In such event the County may, and in addition to any other remedies available at law, in equity, or otherwise specified in this Contract: a. Afford Contractor written notice of the breach and ten (10) calendar days or such shorter time that may be specified in this Contract within which to cure the breach; b. Discontinue payment to Contractor for and during the period in which the Contractor is in breach; and c.
11.
Offset against any monies billed by Contractor but yet unpaid by the County those monies disallowed pursuant to the above.
County of Orange Child Support Enforcement (Exhibit 1): In order to comply with the child support enforcement requirements of the County of Orange, within ten (10) days of notification of selection of award of Contract but prior to official award of Contract, the selected Contractor agrees to furnish to the contract administrator, the Purchasing Agent, or the agency/department deputy purchasing agent: a. In the case of an individual contractor, his/her name, date of birth, social security number, and residence address; b. In the case of a contractor doing business in a form other than as an individual, the name, date of birth, social security number, and residence address of each individual who owns an interest of ten (10) percent or more in the contracting entity; c.
A certification that the contractor has fully complied with all applicable federal and state reporting requirements regarding its employees; and
c.
A certification that the contractor has fully complied with all lawfully served Wage and Earnings Assignment Orders and Notices of Assignment and will continue to so comply.
Failure of the Contractor to timely submit the data and/or certifications required may result in the Contract being awarded to another contractor. In the event a Contract has been issued, failure of Contractor to comply with all federal, state, and local reporting requirements for child support enforcement or to comply with all lawfully served Wage and Earnings Assignment Orders and
County of Orange Health Care Agency
29
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 31
County of Orange
Bid 042-C004168-RT
Notices of Assignment shall constitute a material breach of the Contract. Failure to cure such breach within sixty (60) calendar days of notice from County shall constitute grounds for termination of the Contract. 12.
Conflict of Interest: Contractor shall exercise reasonable care and diligence to prevent any actions or conditions that could result in a conflict with the best interests of County. This obligation shall apply to Contractor; Contractor’s employees, agents, and relatives; sub-tier contractors; and third parties associated with accomplishing work and services hereunder. Contractor’s efforts shall include, but not be limited to establishing precautions to prevent its employees or agents from making, receiving, providing or offering gifts, entertainment, payments, loans or other considerations which could be deemed to appear to influence individuals to act contrary to the best interests of County. The County of Orange Board of Supervisors’ policy prohibits its public employees from engaging in activities involving conflicts of interest. The Contractor shall not, during the period of this Contract, employ any County employee for any purpose.
13.
Conflict with Existing Law: Contractor and County agree that if any provision of this Contract is found to be illegal or unenforceable, such term or provision shall be deemed stricken and the remainder of the Contract shall remain in full force and effect. Either Party having knowledge of such term or provision shall promptly inform the other of the presumed non-applicability of such provision. Should the offending provision go to the heart of the Contract, the Contract shall be terminated in a manner commensurate with the interests of both Parties to the maximum extent reasonable.
14.
Contractor Bankruptcy/Insolvency: If Contractor should be adjudged bankrupt or should have a general assignment for the benefit of its creditors or if a receiver should be appointed on account of Contractor’s insolvency, County may terminate this Contract.
15.
Disputes – Contract: Parties shall deal in good faith and attempt to resolve potential disputes informally. If the dispute concerning a question of fact arising under the terms of this Contract is not disposed of in a reasonable period of time by Contractor and County‘s Project Manager, such matter shall be brought to the attention of the Purchasing Agent by way of the following process: a. Contractor shall submit to the agency/department assigned buyer a written demand for a final decision regarding the disposition of any dispute between the Parties arising under, related to, or involving this Contract, unless County, on its own initiative, has already rendered such a final decision. b. Contractor’s written demand shall be fully supported by factual information, and, if such demand involves a cost adjustment to the Contract, Contractor shall include with the demand a written statement signed by a senior official indicating that the demand is made in good faith, that the supporting data are accurate and complete, and that the amount requested accurately reflects the Contract adjustment for which Contractor believes County is liable. Pending the final resolution of any dispute arising under, related to, or involving this Contract, Contractor agrees to diligently proceed with the performance of this Contract, including the provision of services. Contractor’s failure to diligently proceed shall be considered a material breach of this Contract. Any final decision of County shall be expressly identified as such, shall be in writing, and shall be signed by the Purchasing Agent. If County fails to render a decision within ninety (90) days after receipt of Contractor’s demand, it shall be deemed a final decision adverse to Contractor’s contentions. County’s final decision shall be conclusive and binding regarding the dispute unless Contractor commences action in a court of competent jurisdiction to contest such decision within
County of Orange Health Care Agency
30
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 32
County of Orange
Bid 042-C004168-RT
ninety (90) days following the date of County’s final decision or one (1) year following the accrual of the cause of action, whichever is later. 16.
Notices: Any and all notices, requests, demands, and other communications contemplated, called for, permitted, or required to be given hereunder shall be in writing, except through the course of the Parties' routine exchange of information and cooperation during the term of the work and services, and shall be deemed to have been duly given (a) upon actual in-person delivery, if delivery is by direct hand; or (b) upon delivery agreed to as the actual day of receipt or no greater than five (5) calendar days after being mailed (the date of mailing shall count as the first day), whichever occurs first by United States certified or registered mail, return receipt requested, postage prepaid, addressed to the appropriate Party at the following address or such other address as the Parties hereto may designate by written notice from time to time in the manner aforesaid: For Contractor:
Name: Address: Attn: Phone: Fax: E-mail:
For County:
Name:
Attn: Title: Phone: Fax: E-mail:
County of Orange Health Care Agency/Purchasing 200 W. Santa Ana Blvd., Suite #650 Santa Ana, CA 92701 Roland Tabangin Deputy Purchasing Agent 714-834-3151 714-834-2657
[email protected]
Name:
County of Orange
Address:
CC:
Address: Attn: Title: Phone: Fax: E-mail:
County Project Manager
17.
Contractor’s Records: Contractor shall provide services and other relevant documents necessary to complete the services and fulfill the requirements as set forth in Attachment A, SOW. Contractor shall keep true and accurate accounts, records, books and data which shall correctly reflect the business transacted by Contractor in accordance with generally accepted accounting principles. These records shall be stored in Orange County for a period of three (3) years after final payment is received from County. Storage of records in another county will require written approval from the assigned buyer.
18.
News / Information Release: Contractor agrees that it will not issue any news releases or upload County logos or other information onto any website in connection with either the award of
County of Orange Health Care Agency
31
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 33
County of Orange
Bid 042-C004168-RT
this Contract or any subsequent amendment of or effort under this Contract without first obtaining review and written approval from County through County’s Project Manager. All press releases, including graphic display information to be published in newspapers, magazines, etc., are to be administered only by County unless otherwise agreed to by both Parties. 19.
California Public Records Act: Contractor and County agree and acknowledge that all information and documents related to the award and performance of this Contract are subject to disclosure pursuant to the California Public Records Act, California Government Code Section 6250 et seq.
20.
Validity: The invalidity in whole or in part of any article or provision of this Contract shall not void or affect validity of any other article or provision of this Contract.
21.
Gratuities: Contractor warrants that no gratuities, in the form of entertainment, gifts or otherwise, were offered or given by Contractor or any agent or representative of Contractor to any officer or employee of County with a view toward securing the Contract or securing favorable treatment with respect to any determinations concerning the performance of the Contract. For breach or violation of this warranty, County shall have the right to terminate the Contract, either in whole or in part, and any loss or damage sustained by County in procuring on the open market any goods or services which Contractor agreed to supply shall be borne and paid for by Contractor. The rights and remedies of County provided in the clause shall not be exclusive and are in addition to any other rights and remedies provided by law or under the Contract.
22.
Amendments – Changes/Extra Work: Contractor shall make no changes to this Contract without County’s written consent. In the event that there are new or unforeseen requirements, County with Contractor’s concurrence has the discretion to request official changes at any time without changing the intent of this Contract. If County-initiated changes or changes in laws or government regulations affect price, Contractor’s ability to deliver services, or the project schedule, Contractor shall give County written notice no later than seven (7) calendar days from the date the law or regulation went into effect or the date the change was proposed by County and Contractor was notified of the change. Such changes shall be agreed to in writing and incorporated into a Contract amendment. Said amendment shall be issued by the County-assigned buyer, shall require the mutual consent of all Parties, and may be subject to approval by the County Board of Supervisors. Nothing herein shall prohibit Contractor from proceeding with the work as set forth in this Contract.
23.
Software – Right to Copy or Modify: Any software product provided by Contractor in machinereadable format may be copied, in whole or in part, in printed or machine-readable format for use by County with the designated CPU to perform one-time benchmark tests, for archival or emergency restart purposes, to replace a worn copy, to understand the contents of such machine-readable material, or to modify the software product as provided below, provided, however that no more than County- and Contractor-agreed to number of copies will be in existence under this Contract at any one time without the prior written consent from Contractor. Such consent shall not be unreasonably withheld by Contractor. The original and any copies of the software product, in whole or in part, which are made hereunder shall be the property of Contractor. County agrees to keep any such copies and the original at a Contractor and County mutually designated County location, except that County may transport or transmit a copy of the original of any software product to another County location for backup use when required by CPU malfunction, provided the copy or the original is destroyed or returned to the designated location when the malfunction is corrected.
County of Orange Health Care Agency
32
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 34
County of Orange
Bid 042-C004168-RT
County may modify any non-personal computer software product in machine–readable format for its own use and merge it into other program material. Any portion of the software product included in any merged program material shall be used only on the designated CPUs and shall be subject to the terms and conditions of this Contract. 24.
EDD Independent Contractor Reporting Requirements: Effective January 1, 2001, the County of Orange is required to file federal Form 1099-Misc for services received from a “service provider” to whom County pays $600 or more or with whom County enters into a contract for $600 or more within a single calendar year. The purpose of this reporting requirement is to increase child support collection by helping to locate parents who are delinquent in their child support obligations. The term “service provider” is defined in California Unemployment Insurance Code Section 1088.8, subparagraph B.2 as “an individual who is not an employee of the service recipient for California purposes and who received compensation or executes a contract for services performed for that service recipient within or without the state.” The term is further defined by the California Employment Development Department to refer specifically to independent contractors. An independent contractor is defined as “an individual who is not an employee of the ... government entity for California purposes and who receives compensation or executes a contract for services performed for that ... government entity either in or outside of California.” The reporting requirement does not apply to corporations, general partnerships, limited liability partnerships, and limited liability companies. Additional information on this reporting requirement can be found at the California Employment Development Department web site located at www.edd.ca.gov/txicr.htm.
25.
Debarment: Contractor shall certify that neither contractor nor its principles are presently debarred, proposed for debarment, declared ineligible or voluntarily excluded from participation in the transaction by any federal department or agency. Where Contractor as the recipient of federal funds, is unable to certify to any of the statements in the certification, Contractor must include an explanation with their bid/proposal. Debarment, pending debarment, declared ineligibility or voluntary exclusion from participation by any federal department or agency may result in the bid/proposal being deemed non-responsible.
26.
Lobbying: On best information and belief, Contractor certifies no federal appropriated funds have been paid or will be paid by, or on behalf of, Contractor to any person for influencing or attempting to influence an officer or employee of Congress; or an employee of a member of Congress in connection with the awarding of any federal contract, continuation, renewal, amendment, or modification of any federal contract, grant, loan, or cooperative agreement.
27.
Contractor Personnel-Drug Free Workplace: Contractor hereby certifies compliance with Government Code Section 8355 in matters relating to providing a drug-free workplace. Contractor will: 1.
Publish a statement notifying employees that unlawful manufacture, distribution, dispensation, possession, or use of a controlled substance is prohibited and specifying actions to be taken against employees for violations, as required by Government Code Section 8355(a).
2.
Establish a drug-free awareness program as required by Government Code Section 8355(b) to inform employees about all of the following: a.
The dangers of drug abuse in the workplace;
County of Orange Health Care Agency
33
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 35
County of Orange
3.
Bid 042-C004168-RT
b.
The organization’s policy of maintaining a drug-free workplace;
c.
Any available counseling, rehabilitation and employee assistance programs; and
d.
Penalties that may be imposed upon employees for drug abuse violations.
Provide as required by Government Code Section 8355(c) that every employee who works under this Contract: a.
Will receive a copy of the company’s drug-free policy statement; and
b.
Will agree to abide by the terms of the company’s statement as a condition of employment under this Contract.
Failure to comply with these requirements may result in suspension of payments under the Contract or termination of the Contract or both, and the Contractor may be ineligible for award of any future County contracts if the County determines that any of the following has occurred:
28.
1.
Contractor has made false certification, or
2.
Contractor violates the certification by failing to carry out the requirements as noted above.
Software – Protection: County agrees that all material appropriately marked or identified as proprietary, whether oral or written, and furnished hereunder are provided for County’s exclusive use for the purposes of this Contract only and will be held in confidence. All proprietary data shall remain the property of Contractor. County agrees to take all reasonable steps to ensure that such data are not disclosed to others without prior written consent of Contractor. County will ensure, prior to disposing of any media, that any licensed materials contained thereon have been erased or otherwise destroyed. County agrees that it will take appropriate action by instruction, agreement or otherwise with its employees or other persons permitted access to licensed programs and/or optional materials to satisfy its obligations under this Contract with respect to use, copying, modification and protection and security of licensed programs and optional materials.
29.
Software – Maintenance: The correction of any residual errors in any software products which may be discovered by Contractor or by County will be considered maintenance. Such maintenance will be performed by Contractor without additional charge for the duration of this Contract. Suspected errors discovered by County in the software products will be handled by the following procedure: 1. A listing of the output and a copy of the evidential input data in machine-readable format will be submitted to Contractor along with a completed copy of the appropriate Contractor information form and, if appropriate, a listing of the contents of the memory of the CPU at the time the error was noted. 2. Errors in the software product as verified by Contractor will be corrected by providing a new copy of said software product or a new copy of the affected portions in machine-readable format. Contractor will be available to assist County in isolating and correcting error conditions caused by County’s particular hardware or operating system at rates specified in this Contract. If Contractor is called upon by the state to correct an error caused by County’s negligence, modification by the County, County-supplied data, or machine or operator failure or due to any other cause not
County of Orange Health Care Agency
34
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 36
County of Orange
Bid 042-C004168-RT
inherent in the original software products, Contractor reserves the right to charge County for such service on a time and material basis at rates in accordance with the Contract. 30.
Software License: Contractor hereby grants to the County of Orange and County accepts from Contractor, subject to the terms and conditions of this Contract, a non-exclusive, non-transferable license to use the software products list in this Contract, hereinafter referred to as “software products.” The license granted above authorizes County to use the software products in machinereadable form on a single computer system, designated in writing by County to Contractor, provided that if the designated CPU is inoperative due to malfunction, license herein granted shall be temporarily extended to authorize County to use the software products in machine-readable form on any other County CPU until the designated CPU is returned to operation. By prior written notice to Contractor, County may re-designate the CPU in which the software products are to be used and must do so if the re-designation is permanent. When encryption/CPU ID authorization codes are required to operate the software products, the Contractor will provide all codes to County with shipment of the software. In the case of an inoperative CPU, as defined above, Contractor will provide a temporary encryption/CPU ID authorization code to County for use on a temporarily authorized CPU until the designated CPU is returned to operation. When changes in designated CPUs occur, Contractor will issue to County within twenty four (24) hours of notification a temporary encryption/ID authorization code for use on the newly designated CPU until such time a permanent code is assigned.
31.
Software Installation: The installation date for the software products shall be established in accordance with the provisions below: 1.
If County elects to install the software products, County will have thirty (30) days from the date of receipt of the software products to initially install and evaluate the software. The date of expiration of this period shall hereafter be known as the “installation date.” Contractor shall be responsible for providing criteria and test data necessary to check out the software products.
2.
If installation by Contractor is required by County, Contractor will have up to thirty (30) days from the effective date of this Contract to provide initial installation and evaluation of the software products on County’s designated CPU. Contractor will issue written notice of the fact that the software products are operational, and the date of said notice shall be known as the “installation date.” It will be at Contractor’s discretion to determine the criteria and tests necessary to allow Contractor to issue a notice to the effect that the system is operational.
County agrees to provide such access to its computer system as may be required by Contractor to properly install and test the software products. County further agrees to provide, at no cost to Contractor, systems and production support as may be required by Contractor during installation. If installation by Contractor is required by County, Contractor will provide such installation on County’s equipment at the rates specified in this Contract. 32.
Software – Acceptance Testing: Acceptance testing may be required as specified for all Contractor-supplied software as specified and listed in the Contract or order, including all software initially installed. Included in this clause are improved versions, including new releases, of this software, any such software which has been modified by Contractor to satisfy County requirements, and any substitute software provided by Contractor in lieu thereof, unless the Contract or order provides otherwise. The purpose of the acceptance test is to ensure that the software operates in substantial accord with Contractor’s technical specifications and meets County’s performance specifications.
County of Orange Health Care Agency
35
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 37
County of Orange
33.
Bid 042-C004168-RT
Software – Documentation: Contractor agrees to provide to County the County-designated number of all manuals and other associated printed materials and updated versions thereof, which are necessary or useful to County in its use of the equipment or software provided hereunder. County will designate the number of copies for production use and the number of copies for disaster recovery purposes and will provide this information to Contractor. If additional copies of such documentation are required, Contractor will provide such manuals at the request of County. The requesting agency/department shall be billed for the manuals and any associated costs thereto by invoice. Contractor agrees to provide such additional manuals at prices not in excess of charges made by Contractor to its best customers for similar publications. Contractor further agrees that County may reproduce such manuals for its own use in maintaining the equipment or software provided hereunder. County agrees to include Contractor’s copyright notice on any such documentation reproduced in accordance with copyright instructions to be provided by Contractor.
34.
Software – Future Releases: If improvement, upgraded, or enhancement versions of any software product under this Contract are developed by Contractor and are made available to other licensees, they will be made available to County at County’s option, provided such versions are operable on the same computer hardware configuration. The charge for such upgrading to the later version of the software will be the difference between the price established by Contractor for the later version and the price specified herein or the then prevailing prices of the currently installed version.
35.
Compliance with County Information Technology Policies and Procedures: Policies and Procedures Contractor, its subcontractors, Contractor personnel, and all other agents and representatives of Contractor, will at all times comply with and abide by all Information Technology (IT) policies and procedures of County that are provided or made available to Contractor that reasonably pertain to Contractor (and of which Contractor has been provided with advance notice) in connection with Contractor’s performance under this Contract. Contractor shall cooperate with County in ensuring Contractor’s compliance with the IT policies and procedures described in this Contract and as adopted by County from time-to-time, and any material violations or disregard of such IT policies or procedures shall, in addition to all other available rights and remedies of County, be cause for termination of this Contract. In addition to the foregoing, Contractor shall comply with the following: Security and Policies All performance under this Contract shall be in accordance with County’s security requirements, policies, and procedures as set forth above and as modified, supplemented, or replaced by County from time to time, in its sole discretion, by providing Contractor with a written copy of such revised requirements, policies, or procedures reasonably in advance of the date that they are to be implemented and effective (collectively, the “Security Policies”). Contractor shall at all times use industry best practices and methods with regard to the prevention, detection, and elimination, by all appropriate means, of fraud, abuse, and other inappropriate or unauthorized access to County systems accessed in the performance of services in this Contract. Information Access County may require all Contractor personnel performing services under this Contract to execute a confidentiality and non-disclosure agreement and concerning access protection and data security in the form provided by County. County shall authorize, and Contractor shall issue, any necessary
County of Orange Health Care Agency
36
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 38
County of Orange
Bid 042-C004168-RT
information-access mechanisms, including access IDs and passwords, and in no event shall Contractor permit any such mechanisms to be shared or used by other than the individual Contractor personnel to whom issued. Contractor shall provide each Contractor Person with only such level of access as is required for such individual to perform his or her assigned tasks and functions. All County systems, and all data and software contained therein, including County data, County hardware and County software, used or accessed by Contractor: (a) shall be used and accessed by such Contractor solely and exclusively in the performance of their assigned duties in connection with, and in furtherance of, the performance of Contractor’s obligations hereunder; and (b) shall not be used or accessed except as expressly permitted hereunder, or commercially exploited in any manner whatsoever, by Contractor, at any time. Enhanced Security Procedures County may, in its discretion, designate certain areas, facilities, or systems as requiring a higher level of security and access control. County shall notify Contractor in writing reasonably in advance of any such designation becoming effective. Any such notice shall set forth in reasonable detail the enhanced security or access-control procedures, measures, or requirements that Contractor shall be required to implement and enforce, as well as the date on which such procedures and measures shall take effect. Contractor shall fully comply with and abide by all such enhanced security and access measures and procedures as of such date. Breach of Security Any breach or violation by Contractor of any of the foregoing shall be deemed a material breach of a material obligation of Contractor under this Contract and may be deemed an incurable and material breach of a material obligation of Contractor under this Contract resulting in termination. Conduct on County Premises Contractor shall, at all times, comply with and abide by all reasonable policies and procedures of County (or that may be established thereby, from time to time) that pertain to conduct on County’s premises, possession or distribution of contraband, or the access to, and security of, the Party’s real property or facilities, to the extent that Contractor has been provided with a copy of each such policy or procedure. Contractor shall exercise due care and diligence to prevent any injury to persons or damage to property while on the other Party’s premises. The operation of vehicles by either Party’s personnel on the other Party’s property shall conform to posted and other applicable regulations and safe-driving practices. Vehicular accidents occurring on a Party’s property and involving either Party’s personnel shall be reported promptly to the appropriate Party’s personnel. Each Party covenants that at all times during the Term, it, and its employees, agents, and subcontractors shall comply with, and take no action that results in the other Party being in violation of, any applicable federal, state, and local laws, ordinances, regulations, and rules. Each Party’s personnel shall clearly identify themselves as the appropriate Party’s personnel and not as employees of the other Party. When on the other Party’s premises, each Party’s personnel shall wear and clearly display identification badges or tags, as approved by the other Party. Security Audits Each Contract year, County may perform or have performed security reviews and testing based on an IT infrastructure review plan. Such testing shall ensure all pertinent County security standards as well as any customer agency requirements, such as federal tax requirements or HIPAA. (SIGNATURE PAGE FOLLOWS)
County of Orange Health Care Agency
37
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 39
County of Orange
Bid 042-C004168-RT
MODEL CONTRACT SIGNATURE PAGE
IN WITNESS WHEREOF, the parties hereto have executed this Contract on the dates shown opposite their respective signatures below. (SIGNATURES NOT REQUIRED AT THIS TIME) *Contractor’s name: ____________________________________________________________________________________ Print Name Title ____________________________________________________________________________________ Signature Date ____________________________________________________________________________________ Print Name Title ____________________________________________________________________________________ Signature Date
*If the Contractor is a corporation, two signatures are required: one signature by the Chairman of the Board, President, or any Vice President; and one signature by the Secretary, any Assistant Secretary, Chief Financial Officer or any Assistant Treasurer. If signed by one authorized individual only, a copy of the corporate resolution or by-laws whereby the board of directors has empowered said authorized individual to act on its behalf by his or her signature alone is required.
************************************************************************************************************************ County of Orange, a political subdivision of the State of California Print Name
Title
____________________________________________________________________________________ Signature Date *************************************************************************************************************
APPROVED AS TO FORM Office of the County Counsel County of Orange, California
____________________________________________________________________________ County Counsel Deputy
County of Orange Health Care Agency
Date
38
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 40
County of Orange
Bid 042-C004168-RT
CONTRACT NO. TBD ATTACHMENT A SCOPE OF WORK
BACKGROUND The Health Care Agency Purchasing Department (HCAPD) maintains an inventory of fixed assets and controlled equipment to ensure all items are identified, monitored, and controlled. The HCA Agency Director is ultimately responsible for all capital assets and controlled equipment within HCA, and has designated a Property Officer within HCAPD to control such assets. Currently there are 10,605 assets listed in the current system. The activities of asset inventory is assigned to two staff within the purchasing department and assisted by offsite staff as needed for periodic and standard inventory cycles.
SCOPE OF PROJECT FUNCTIONAL REQUIREMENTS FOR THE PROPOSED SYSTEM
Be installed onsite or cloud/hosted Be easily configurable and intuitive Be scalable to add/remove/change/delete users, locations, and assets Provide ability for multiple simultaneous users Meet all HCA security standards Be compatible with the HCA technical infrastructure (If installed on premise) Be role based and easily managed by the end user with administrative rights Integrated with a barcode methodology Barcode scanner will have the ability to capture data offline while out at remote sites The barcode scanner must have the capacity to download at the minimum, data for 30,000+ assets to include each asset’s inventory ID, department number, barcode tag, asset location code, model, manufacture, serial number, description, acquisition date, ownership, and last inventory date Hand held portable computing device must have the capability to be upgraded to the latest 802.11x wireless environment (This may be a future goal of the agency) Barcode has the ability to upload data to the system by being connected to a PC The system must allow the inventory taker to correct, through the handheld portable computing device, at a minimum the following equipment data elements: building location, room number, barcode tag, model, manufacturer, serial number, and description The ability to print barcode labels through a dedicated barcode printer The asset system must include the ability to add an asset using the scanner/ handheld portable computing device; this includes data entry of the following information: department name, barcode tag, manufacturer, model, serial number, description, location code, acquisition date, purchase order number, and acquired cost The asset system must include the ability to identify fixed assets listed for a room in the primary fixed assets database loaded into the portable computing device that were not located in the room during the scanning event; and to indicate the current disposition of each such asset; allowing change to the disposition if necessary When asset is scanned, the system must have the ability to display in an easily readable format ; ownership, department name, model, manufacture, serial number, description, last date inventoried, custodian, and last known location Capable of importing data from multiple external datasets and compatibility with industrypreferred standard data formats (CSV, TXT, and XML)
County of Orange Health Care Agency
39
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 41
County of Orange
Bid 042-C004168-RT
Ability to auto-generate sequential tag numbers for Controlled and NCNC Assets Ability to create Asset (Capital) tag numbers manually Ability to receive alerts within the system as well as send alerts via E-mail Ability to customize alerts based on the workflow and roles Ability to create different asset identification tags based on the various asset types Have the ability for Asset Check-in & Check-Out, the ability to track loaner equipment Have the ability to archive assets that have been retired
DATA FIELDS REQUIRED WITHIN THE SYSTEM. 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30.
Asset Type/Category Asset Description Asset Make/Manufacturer Asset Model Asset Part No Asset Manager/Custodian Find Asset Asset Tag Number – 5 digits Building Number Room Number Building Address Asset Control Officer by Building Number PO # RQL # Serial Number Asset Cost - Ability to select a price range for the system that correlates with the Asset types (capital, controlled, NCNC Asset) Acquired Date/Purchase Date Search/Find Accounting Code Funding Source Status Checked Out To / When Checked In By / When Comments/Notes section Status User/Employee Name Employee ID Program Name Warranty Info Print
REPORTING
Ability to report on various assets showing demographics, ownership, serial numbers, asset #, item, value and type Ability to easily create custom reports as needed Ability to have on-demand reports, (Reports that can be saved and run again as needed) Report all movement of a particular asset Customizable dashboards that show all available data
County of Orange Health Care Agency
40
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 42
County of Orange
Bid 042-C004168-RT
INITIAL HARDWARE REQUIRED (To be purchased by HCA under the direction of the proposed vendor)
Four (4) barcode scanners Two (2) barcode printer (Network enabled)
A. TECHNOLOGY REQUIREMENTS If installed on premise, the proposed Orange County AIS must be able to operate within the existing HCA IT environment including the Local Area Network, hardware, and software infrastructure, so that the AIS does not require its own separate technical environment. It must be capable of interoperation and interface with other HCA and county systems as well as with standard office software, as outlined below. Conformity and Support: The proposed system must fully conform with and support the following HCA IT Infrastructure and environment requirements. HCA has standardized its use of virtualization technology, whenever possible, for all new systems. Server environment:
An industry-standard server operating system running on virtual hardware. x86_64 compatible processor from Intel or AMD. Operating system (Windows): Microsoft Windows 2008 R2 or newer. Operating system (Linux): Red Hat Enterprise Linux or CentOS. Network adapter running at 1GB Full-Duplex [minimum requirement]. SAN-attached storage (optional) using fibre cards from QLogic running at 8Gb [minimum requirement]. HP is the server hardware vendor of HCA/IT. VMWare vSphere 5.x is the preferred virtualization software of HCA/IT. Citrix Xenapp 6.x is the preferred application delivery software of HCA/IT.
Operating Environment:
Full support of standard networking technologies: DNS, DHCP, NTP, WINS, TCP/IP. All communications must be encrypted in-transit through the use of standard security protocols: SSH, sFTP, SCP, HTTPs. At-rest encryption methods must comply with industry-best practice as designated by NIST. SQL 2012 (Preferred) -compliant relational or post-relational database management software: Microsoft SQL, Oracle, MySQL. Web services hosted by Microsoft IIS, Apache, or Tomcat.
Mobility Requirements: Application will be designed in a way that is device agnostic, i.e., application performance will be identical whether the end user is connecting from a desktop versus a tablet or mobile device. All menus and forms will scale to display appropriately on any device, regardless of screen resolution, aspect ratio, or orientation.
County of Orange Health Care Agency
41
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 43
County of Orange
Bid 042-C004168-RT
Alternatively, application may provide alternate interfaces or points of entry depending on the end user’s device, e.g., a mobile app for tablets and mobile phones versus a full featured application for workstations and laptops. If offline access is required, application will accommodate devices with limited space by downloading the minimum amount of data needed to function without an active connection to the server. All forms and menus will be designed for optimal performance over slower or unreliable connections, e.g., VPN, satellite or burst wireless connections, Wi-Fi, or a tethered internet connection. Whenever possible, application will offload large workloads to the server to accommodate devices with low-power or slower processors, e.g., tablets or mobile phones. Forms and menus will be designed with touch interaction as the primary expected input method through the use of drop-down lists, on/off switches, and context-specific fields. If required for functional use, application will support native functions of the client device, including but not limited to: on-screen keyboards, voice dictation, predictive text and suggested words, front and rear cameras, and GPS location services.
Client environment:
x86_64 compatible processor from Intel or AMD. Microsoft Windows 7 and newer. Internet Explorer 10 and newer. Microsoft Office 2010 and newer. McAfee Virus Scan Enterprise. McAfee Disk Encryption. Network adapter running at 1GB Full-Duplex [minimum requirement). iOS (See Mobility Requirements)
Single Sign on Requirements
Solution must support federated single sign-on (SSO) using Active Directory Federation Services 2.0 and above which uses SAML Assertion. ADFS claims can be used for roles-based authentication within the application. If not supported, describe how different levels of access to the application are controlled. USER ACCESS. Ability to comply with SAML 2.x, a standards-based single-sign on authentication method, in which the software/site in question allows System to authenticate a user and accepts System's assertion of authorization via SAML. At login, System will be the identity provider and will determine whether the user has authenticated properly using their local credentials. If the user authenticates correctly, System will redirect the user's browser and pass a SAML assertion to the system/site in question, which the system/site will consume in order to grant access. USE OF IDENTIFIER. The system/site shall not require its own internal username and password for users, nor shall it rely solely on a user's inclusion in System's Active Directory, but shall use the appropriate unique identifier as identified by System
County of Orange Health Care Agency
42
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 44
County of Orange
Bid 042-C004168-RT
B. SUPPORT AND TRAINING REQUIREMENTS Contractor Support Plan The Contractor shall be responsible for maintaining and supporting all installed application software, initially under a one (1) year warranty beginning after full acceptance of the AIS upon implementation. Further support will be provided under ongoing software license renewals. Such Contractor support shall be based on a twenty-four (24) hour a day; seven (7) days a week operation of the AIS shall delineate a list of possible services incorporating both HCA site and Contractor site staffing and the costs associated with those services. There will be pre-established Service Level Agreements for measuring the effectiveness of the delivery of the services. The Contractor support plan will be jointly developed by HCA and the Contractor prior to the initiation of the Contractor support. The cost of such support will be borne by the Contractor unless the problems can be shown to be attributable to the hardware, network, operating system or other system components whose operation and maintenance is the responsibility of HCA. Levels will be established in the following areas: A. B. C. D. E. F. G. H. I.
System Availability System Performance System Utilization Incident Management Bar Scanner operation and synchronization Reporting Data Integrity Security Change Management
Support Tiers HCA will be the initial line of contact for system users through the Administrators group. The HCA Service Desk will then diagnose and resolve and escalate problems which clearly relate to HCA areas of responsibility. Problems which cannot be resolved by HCA will be referred to the AIS Contractor. Support for the AIS will be structured in Three (3) tiers. HCA is responsible for Tier zero (0), one (1) and two (2); the AIS Contractor is responsible for Tier three (3) support and services. Definitions of these support tiers are provided in the table below: Tier HCA Admin Users Level 0
HCA Service Desk Level 1
County of Orange Health Care Agency
Responsibilities An “Admin” will be selected with good overall working knowledge of computers and the AIS. These persons will assist local AIS users with general computer and application problems and will be able to generally distinguish between hardware, operating system, network and application errors. If level zero (0) is unable to resolve the problem, it will be referred to the Level one (1) Service Desk.
Functioning as secondary line of support during normal working hours; resolving service tickets involving system access problems, passwords, system downtime and errors.
43
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 45
County of Orange
Tier
Bid 042-C004168-RT
Responsibilities
Provide user assistance in use of the AIS and any related third party software.
• Refer as needed any clearly identified problems to HCA IT (Tier 2) or the AIS Contractor (Tier 3).
HCA after hours support will facilitate communications between Contractor and end user in the event an issue arises after hours.
HCA Software Support
• Troubleshoot all hardware and network problems.
Level 2
• Troubleshoot all database integrity and performance problems •
Responsible for restore from backup, routine maintenance, software updates and enhancements • Resolve operational problems such as scheduling and production. • Maintain all required third party software licenses.
Coordinate problem resolution between all third-party contractors - not related to the AIS refer as needed any identified problems to AIS Contractor (Tier3).
Contractor Support
• Provide "24 X 7” support to diagnose and resolve application errors.
Level 3
• Resolve problems with the AIS including all core functionality, Interfaces and other middleware proposed by the Contractor. • Resolve problems with any third party software which has been imbedded or integrated with the AIS.
The Contractor shall be responsible for establishing the operations and maintenance procedures for the AIS. The Contractor shall provide the necessary documentation and procedures to support HCPD operations of the AIS on a twenty-four (24) hours a day, seven (7) days a week basis. The Contractor shall perform the following:
Maintain the AIS program code to provide the functionality defined in project analysis and design documents;
Distribute any software upgrades or version replacements to which HCA is entitled under the software license along with updated user and operational documentation and assist in its installation in the test environment and migration to production;
Maintain comprehensive change control procedures to control software versions and releases. All changes to be implemented at HCA are at the discretion of the HCA CAB;
Develop procedures for software distribution
Correct any errors in functionality which are reported by HCA within a reasonable period, depending upon the severity of the error.
County of Orange Health Care Agency
44
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 46
County of Orange
Bid 042-C004168-RT
Support Severity Levels Utilize a Severity Index for categorizing and prioritizing application errors. The severity of errors will be based on the following criteria: Severity 1 - Application errors that cause problems which:
Problems in completing 10% or more of business transactions Problems having an immediate adverse impact to business Disruption in service to ten (10) or more users due to software failure
Severity 2 - Application errors that cause problems which:
Have major operational impact, even if workarounds or bypasses are available Problems in completing 3-10% or more of business transactions Problems having an adverse impact to business within twenty-four (24) hours Disruption in service to five (5) – nine (9) clients due to software failure For a Severity 1 problem, the contractor must acknowledge receipt of the problem report within one (1) hour, must be working on the problem within four (4) hours of initial report, and must fix the problem within twenty-four (24) hours of initial report. Periodic status reports are required during this period. For a Severity 2 problem, the contractor must acknowledge receipt of the problem report within one (1) hour, must be working on the problem by the next working day, and must have the problem corrected on a schedule to be negotiated with HCA. Periodic status reports are required during this period. Establish and maintain a source code escrow so that HCA will have access to program source code in the event of bankruptcy, dissolution, merger or other situation which may impact the Contractor's ability or willingness to support the AIS Provide a means for HCA IT to report AIS problems via email, telephone, or online submission. Ensure that responses are made to HCA IT, within specified time periods, acknowledging receipt of the problem report and identifying when direct contact can be made with the Contractorassigned support staff person. Establish policies and procedures for prioritizing and responding to HCA requests for support including: Criteria for diagnosing reported problems and determining root cause(s) of the problem. Use of Severity Index criteria for assessing the impact of reported problems. Procedures determining responsibility for problem resolution. Defining response time for various categories of problems. Documenting the response and subsequent actions. Procedures for escalating disagreements with HCA regarding cause of the problem and responsible party. Procedures for working cooperatively with HCA staff to promptly resolve problems. Tracking all problem reports. Correct any application software errors through remote or on-site service by Contractor personnel or otherwise qualified subcontractors according to the response times Update and distribute user and operational documentation to reflect any software corrections.
Training Requirements The County will approve the contractor’s training plan if it varies from the proposed plan below. Initially, staff members will require “classroom led” hands on training; Admin users will provide training to staff on an as needed basis after full implementation. In addition to the training requirements identified in this RFP, it is expected that the selected Contractor shall provide training for all the future County of Orange Health Care Agency
45
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 47
County of Orange
Bid 042-C004168-RT
functionality provided by the AIS, including third party contractors provided by the contractor or the county. The training shall be broken down into four (4) major groups: End User, Service Desk, Administrator and Software Support - See the responsibility matrix above for training requirements for Super User, Service Desk and Software Support groups. Specifics of the End User training are as follows: A. End Users End Users are the largest group in need of training. They are further broken down into more specific groups based upon their job function, logon group, and access rights. B. Service Desk Training and Field Technician training These staff should be trained to at least the Super User level of instruction and be able to accurately triage and record issues for escalation to higher levels of support. This staff should be able to identify issues within the system as well and troubleshoot is issues with bar code printers and scanners Service Desk staff will also need rights create and maintain user maintenance. C. Administrator Administrator staff will be trained in the support of the front end and backend architecture such as database and server administration. D. Software Support Software Support staff will be trained at the level of both super user and service desk staff in addition to some selected aspects of the administrative level training. Software support staff must be able to recognize core issues, versus issues that can be cured with a work around. Software Support will be charged with testing of new releases and updates. E. User Application Specific Training With the implementation of a new system, it becomes necessary for all potential users to be trained on the use of that application. Their level of training shall correspond to the access rights granted to the group that the user is part of. F. Ad Hoc Report Training When a new system is chosen it shall have the ability to do Ad Hoc reporting. Many of the reports that the staff may need shall be incorporated into the application and made available simply by selecting them. Since the new AIS application will have a built in report generator, only certain staff members will have access to use the Ad Hoc reporting tools. For these users, it will be necessary to provide training in the use of the Ad Hoc report generator.
County of Orange Health Care Agency
46
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 48
County of Orange
Bid 042-C004168-RT
Application/Server Documentation The HCA IT System Administrator will be provided with the following Application/Server documentation:
How to report and trouble shoot server related hang-ups and problems
How to verify if the user has lost a connection to the server/application
How to add and delete user ID's
How to assign rights and privileges
How to set up, clear, and trouble shoot print queues
How to assign and reset a user password
How to set-up a standard desktop or connection
How to maintain all system interfaces and peripherals
Application User Documentation Super Users will need the following application documentation:
How to enter data into the application, find data already entered, and generate reports appropriate to their group rights
How to verify if a user has lost a connection to the application
How to check print queues
Perform standard and advanced searches and to generate reports appropriate to their group rights
Troubleshoot lost connections to the application/server
How to check print queues
Advanced reporting features
Interface troubleshooting
Delete duplicate records
Troubleshoot locked records
Find lost records/cases
In addition to the documentation requirements identified in this RFP, it is expected that the selected AIS Contractor shall provide documentation for all the functionality provided by the AIS, including third party applications that may be needed for implementation. C. IMPLEMENTATION TASKS The following describes each of the Implementation Tasks: Project Management The Contractor and HCA shall be responsible for establishing an organization to manage and deliver the services defined in this Scope of Work. After being awarded the Contract, the
County of Orange Health Care Agency
47
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 49
County of Orange
Bid 042-C004168-RT
Contractor shall provide a project organization chart describing the project charter which will be in place for the duration of this contract. The Contractor shall designate a Contractor Project Manager who will have the authority to commit the Contractor resources necessary to satisfy all contractual requirements. The Contractor shall develop monthly written project status reports summarizing key activities, reviewing the work plan for adherence and deviation from schedule, and identifying any issues and issue resolutions for the preceding reporting period. The monthly project status reports shall be presented by the Contractor's Project Manager to the County's Project Manager at monthly project management meetings. This report will be the basis for advising HCA on project progress and to identify issues with which HCA will be made aware and work with the Contractor to resolve. The reporting frequency can increase during times where additional communication is needed or required. A proactive approach to risk assessment and management is essential to maximize the probability of success. The Contractor shall utilize a comprehensive methodology for ongoing project risk management which addresses such issues as technical risk, resource issues, scheduling problems, and HCA readiness. The Contractor shall define escalation procedures to address extended and unresolved problems to the County Project Manager. Notification and emergency procedures shall be established in the event of system failure. The escalation procedures shall require approval of the County Project Manager. The escalation procedures shall include, but not be limited to the following:
Conditions warranting additional resources in resolving a problem/issue Time durations between escalating to next level of support A diagram depicting the various levels of response The names, titles, and phone numbers of the Contractor personnel responsible for response at the various levels of support
D. HCA Design & Implementation Work Plan Develop Joint Contractor Plan The Contractor shall ensure the development of a consolidated project plan after being awarded the contract, which identifies all Contractor and HCA tasks and responsibilities. The approved project plan will be the basis for all project activities. It can be amended with HCA approval as needs may dictate. The Contractor shall provide, for county's approval, the project plan prior to initiating any tasks. The Contractor shall maintain an up-to-date version of the work plan using Microsoft Project or other software as approved by HCA. All changes to deliverable time frames, which will impact the major milestones, must be approved at least two (2) weeks prior to the milestone, in writing, by the HCA Project Manager. All approved changes shall be reflected in the work plan and the Contractor shall highlight and explain any major changes to an earlier approved version. The Contractor shall identify all relevant assumptions which were made in the development of the project plan. All assumptions upon which the estimates have been calculated must be clearly documented, including assumptions made for development software tools, use of any third party software, HCA resources providing assistance. Conduct Joint Application Designs to Confirm Requirements Starting with RFP system requirements, the Contractor shall lead and conduct Joint Application Design (JAD) or similar facilitated requirements and analysis design sessions with HCA staff and County of Orange Health Care Agency
48
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 50
County of Orange
Bid 042-C004168-RT
other stakeholders which may be identified by HCA. The purpose of these JADs is to confine and update HCA view of HCAPD functional requirements, features and capabilities, technology requirements and interface requirements, and to provide the Contractor an opportunity to perfect its understanding of HCA environment and programs. The JADs shall also document high level workflow within HCAPD to identify potential changes in HCAPD workflow design or in HCA workflow, policies and procedures. The Contractor shall document the updated AIS, interface and other requirements. The Contractor shall document the results of its JAD sessions using a structured analysis and design methodology as approved by HCA IT. The resulting document will be presented in a walkthrough and must be approved by HCA. HCA Acquisition of Hardware and Software (On Premise Solution Only) The Contractor shall identify all servers, workstations, operating systems, other software, database management systems, and data network lines and other hardware required to develop, test and operate the AIS. HCA IT requires separate environments for development, testing, and training. The Contractor shall also identify required quantities of required hardware, software and equipment and estimate costs for these items. HCA IT will be responsible for purchasing all equipment from approved County of Orange Contractors. Acquiring and installing all components other than the AIS within a time period mutually agreed upon with the Contractor. HCA Installation of Hardware and Software (On Premise Solution Only) Once received, HCA IT will configure, install, and test all hardware and software. Once all hardware and software has been successfully installed, the Contractor will be notified. Development, Testing & Training Environments The Contractor shall develop separate development, testing, and training environments for the AIS development for use by the Contractor. HCAPD staff will also have access to these environments for monitoring Contractor work, validating test results, and other reasons as needed. Network Test (On Premise Solution Only) With HCA assistance, the Contractor shall test the integrity and responsiveness of the HCA network and their capacity to support the AIS. The test must include application response time testing, application feature testing, regression testing, throughput, configuration sizing, network reliability, and bottleneck identification. Any network-related problems identified must be discussed and resolved in conjunction with HCA IT. User Acceptance Testing The Contractor shall conduct a User Acceptance Test to ensure that HCA users are able to successfully use the AIS and that all modified workflows, policies and procedures are consistent with the AIS. The Contractor shall develop test scripts and data for this test, review the results and recommend initial system acceptance. HCA users will assist in the actual test and will be responsible for final approval of user acceptance test recommendations. System Tuning (On Premise Solution Only) County of Orange Health Care Agency
49
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 51
County of Orange
Bid 042-C004168-RT
With the assistance of HCA IT, the Contractor shall tune the applications software, database, and network to optimize system efficiency and response times to required response times and cycles.
E. OCHCA Application Configuration Guidelines & Requirements This document provides a high-level overview of the Vendor/Provider guidelines and requirements set forth by the County of Orange Health Care Agency (OCHCA). This form is intended to provide Application Service Providers (ASP) with an understanding of OCHCA’s expectations in relation to an application’s functionality. Before being considered for deployment into OCHCA’s network environment, the proposed application/system will be reviewed by our information security department to ensure that all risks related to the software and its implementation are documented and then acknowledged by the applicable department(s). Please be aware that not all of the sections listed below may be applicable to your specific application, but we require that all potential Providers complete a questionnaire to document the application’s functionality or lack thereof in relation to our guidelines and requirements. Occasionally, Application Service Providers will gain access to OCHCA’s data during various phases of the application’s life cycle including the initial setup phase, application maintenance, or providing remote support services. All County data will be considered confidential unless otherwise designated in writing. Furthermore, the Provider may not use or disclose OCHCA’s data other than as permitted or required by contract or law. The Application service Provider will also be required to agree to use appropriate safeguards to prevent the unauthorized use or disclosure of OCHCA’s data during those times which that data is stored or transported by said Provider. If the county’s data is temporarily in the possession of the Provider during any phase of the application’s life cycle, the Provider must agree to return or securely destroy all of that data at the end of the Provider’s usage as it is related to an application setup, upgrade, export, decommission, etc. unless otherwise permitted by contract or law. Finally, there are strict requirements in relation to the handling of OCHCA’s data both within and outside our network. Providers are required to comply with all legal and regulatory requirements as they relate to the County’s systems and data. These include, but are not limited to, the Health Insurance Portability and Accountability Act (HIPAA), SB1386 compliance, Payment Card Industry (PCI) Data Security Standards, and Sarbanes-Oxley (SOX). In the event that OCHCA’s data will be stored by the Application Service Provider beyond an initial setup phase, the Provider may be required to meet further Provider Security Requirements as dictated by the County’s Provider IT Security Policy. General Requirements
Contractor will agree to comply with all applicable laws governing the confidentiality of client information for Media-Cal clients served by the Contractor, or subcontractor, under this agreement. Applicable laws include, but are not limited to, 42 U.S.C. Section 1396a(a)7, 42 CFR Section 431.300, 45 CFR Sections 160, 162, and 164, Welfare and Institutions Code, Section 14100.2 and 22 California Code of Regulations, Section 51009. The application must run on an operating system that is consistently and currently supported by the operating systems vendor. Applications under maintenance are expected to always be current in regards to the operating system. OCHCA will apply patches to both the operating system and subsystems as releases are available from the operating system vendor and or any third party vendors. The application is expected to perform in this environment and the application provider is required to keep their software current in order to operate in this environment. Should the patches cause an issue with
County of Orange Health Care Agency
50
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 52
County of Orange
Bid 042-C004168-RT
the application, the vendor is expected to immediately work on the issue, and provide application fixes to ensure it will operate effectively in the patched environment. Provider will provide updates to address any applicable security vulnerabilities found in the application OCHCA utilizes a variety of proactive monitoring tools to ascertain the health and performance of the application server, network connectivity, power etc. The application must function accordingly while the monitoring tools are actively running. All application services must run as a true service and not require a user to be logged into the application. OCHCA will provide an account with the appropriate security level to logon as a service OCHCA will provide an account with the appropriate administrative rights to administer the application. The account password is expected to periodically expire, as per OCHCA policies and procedures. In order for the application to run on OCHCA server and network resources, the application must not require the users to have administrative rights on the server or subsystems.
Encryption
Application/system is required to use encryption to protect sensitive data at rest wherever technically possible (e.g. SQL TDE Encryption) All data transmissions must be encrypted using a FIPS 140-2 certified algorithm, such as Advanced Encryption Standard (AES), with a 128bit key or higher. Encryption can be end to end at the network level. This requirement pertains to any regulated data in motion such as website access and file transfers. All encryption methods used for data storage and transmission will need to be defined by the application provider.
Network Communication
Provider will provide documentation related to the configuration of the application including methods of secure implementation and port requirements.
Access Management
Application/system controls access should control access to and within the system at multiple levels (e.g. per user, per user role, per area, per section of the chart) through a consistent mechanism of identification and authentication of all users in accordance with the ‘Role Based Access Control’ (RBAC) standard. Application/system will support measures to define, attach, modify and remove access rights for all classes of users. Application/system will support measures to enable and restrict access to the whole and/or sections of the technology solution in accordance with prevailing consent and access rules. Provider will work toward meeting the evolving standards for authentication as they become available. Application will have the ability to create unique user accounts and passwords. The application will provide functionality to automatically disable or lock accounts after 60 days of inactivity.
Password Management
Application will support password management measures including but not limited to password expiration, account lockout and complex passwords.
County of Orange Health Care Agency
51
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 53
County of Orange
Bid 042-C004168-RT
Application will support session timeouts or automatic logoff after 20 minutes of inactivity.
Passwords expiration will be set to 90 days and the system will prevent the use of the previous 4 passwords.
Accounts will be locked after five unsuccessful login attempts.
The password must be at least 8 characters in length and a combination of letters, numbers, and special characters with at least 3 of the four following categories.
Uppercase letters (A through Z) Lowercase letters (a through z) Numeric digits (0 through 9) Special Characters (! @ # $ % ^ & etc.)
Audit Capabilities Audit and logging capabilities will permit HCA to identify, and possibly reverse, unauthorized or unintended changes to application resulting from error or misconduct.
Application will support the identification of the nature of each access and/or modification through the use of logging.
Application will employ audit capabilities to sufficiently track details that can establish accountability for each step or task taken in the clinical or operational processes. All audit logs will be protected from alteration. Access to logs must be limited to authorized users. The application must employ basic query tools and reports to easily search logs. HCA requires that all transactions need to be available for reporting and auditing for a least two years from the time the record was initiated. Auditing functionality must include the following:
Record who did what to which object, when and on which system Successful/unsuccessful log-in and log-out of users Add, modify and delete actions on data/files/objects Read/view actions on data classified as restricted/confidential Changes to user accounts or privileges (creation, modification, deletion) Switching to another users access or privileges after logging in (if applicable) Changes of time/date of the system clock Detection of hardware and software errors Changes to log files
Protection from Malicious Code
Provider will utilize antivirus/antispyware software on servers and monitor to prevent malicious code which may lead to a compromise of OCHCA’s data.
Remote Support Functionality
Application or Provider will be able to audit remote support activities to an individual employee. Provider will conform to OCHCA Vendor Remote Access Policy.
County of Orange Health Care Agency
52
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 54
County of Orange
Bid 042-C004168-RT
HCA Data Usage
All HCA data accessed by or in possession of the Contractor/Provider is to remain confidential and may not be used or disclosed to anyone unless permitted or required by contract or law. All HCA data accessed by or in possession of the Contractor/Provider will employ appropriate safeguards to prevent the unauthorized use or disclosure during both transmission and storage. All HCA data in possession of the Contractor/Provider will be returned or securely destroyed at the end of the Provider’s usage as it is related to an application setup, upgrade, export, decommission, etc. unless otherwise dictated by contract or law.
Cloud Vendors Application Service Providers hosting OCHCA data will meet the following additional requirements and are required to comply and provide deliverables outlined in attachment Cloud Vendor Security Requirements:
Intrusion Prevention. All systems that are accessible via the internet must actively use a third party network based intrusion detection solution. Patch Management. All workstations, laptops, and other systems that access, process and/or store OCHCA data must have security patches installed. The Application Service Provider must utilize a documented patch management process which determines installation timeframe based on risk assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 days of vendor release.
Deliverables Contractor will submit HCA Application Service Provider Questionnaire F. Cloud Vendor Security Requirements The contracting vendor assumes the responsibility for protecting the County’s assets and maintaining their integrity, confidentiality, and availability. Vendors shall be required to have formal, published IT security policies that address how they manage and maintain the internal security posture of their own infrastructures. The vendor shall also clearly demonstrate that additional security features are in place to protect systems and data in the unique environment of the service provider model: namely, security issues associated with storing County-owned data on a remote server that is not under direct County control and the necessity of transferring this data over an untrusted network. Provide all security policies and procedures to the County for review and approval upon the County’s request and, at a minimum provide said policies and procedures yearly for County’s review and approval. All documentation shall be provided in electronic format for the County’s review. These policies shall include, but not be limited to, the following:
IT Staff Usage Agreement. All vendor employees performing services for the County shall sign and agree to an IT usage agreement as part of an overall security training and awareness program. At a minimum, vendor employees shall sign a statement of understanding regarding Internet dangers, IT security, and IT ethics and best practices. IT Security Policies and Procedures. The vendor shall provide its IT security policies and procedures for review by the County. IT Operations Security Policy. The vendor shall provide for review by County its written standards for operational security for any facilities where County data, staff or systems shall exist.
County of Orange Health Care Agency
53
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 55
County of Orange
Bid 042-C004168-RT
These documents shall include, but not be limited to, physical security, network security, logical security, systems/platform security, wireless access, remote access, and data protections. Data Management Security Policy. The vendor shall provide its policy for the safeguarding and management of all data provided by the County or accessed as part of system integration testing and maintenance. This policy shall, at a minimum, cover check-in, check-out, copy control, audit logs and separation of duties. Security Incident Notification and Management Process. The vendor shall provide a detailed document that outlines the contact names and order and escalation of events that will occur in the case of a security breach concerning County staff, data, or systems. This document shall be updated immediately upon any change. The vendor shall be held liable to the time-tables and protections outlined in the document.
County of Orange Health Care Agency
54
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 56
County of Orange
Bid 042-C004168-RT
In addition to developing, maintaining, and enforcing the above named policies, the vendor shall:
Comply with all legal and regulatory requirements as they relate to the County’s systems and data. These include, but are not limited to, the Health Insurance Portability and Accountability Act (HIPAA), SB1386 compliance, Payment Card Industry (PCI) Data Security Standards, and Sarbanes-Oxley (SOX).
Bear the cost of compliance for changed security policies and procedures, unless such change is either unique to the County or customarily paid for by the vendor’s other customers. Comply with reasonable requests by the County for audits of security measures, including those related to ID and password administration. Comply with reasonable requests by the County for onsite physical inspections of the location from which the vendor provides services. Provide the County with any annual audit summaries and certifications, including but not limited to ISO or SOX audits. Designate a single point of contact to facilitate all IT security activities related to services provided to the County. Such contact shall be available on a 7/24/365 basis.
Business Continuity / Disaster Recovery Plans Third party vendors are required to have a viable risk management strategy that is formally documented in a Business Continuity Plan (BCP) and/or a Disaster Recovery Plan (DRP). This BCP/DRP plan(s) shall identify recovery strategies within the application service areas, outline specific recovery methods and goals, and provide the maximum time required to restore service Backup and Restores The vendor is to provide their Backup and Restore Policy and Procedure which includes their backup data security strategy. These procedures shall allow for protection of encryption keys (if applicable) as well as a document media destruction strategy including media management tasks (i.e., offsite vaulting and librarian duties). Staff Verification For any employee a vendor contemplates using to provide services for the County, the vendor shall use its standard employment criteria as used for similar services provided to other customers in evaluating the suitability of that employee. At a minimum, subject to the requirements of applicable law, such criteria shall include the information as outlined below for each employee:
Relevant Skills, Licenses, Certifications, Registrations. Each service employee must possess the educational background, work experience, skills, applicable professional licenses, and related professional certifications commensurate with their position. The County may, at any time and at its sole discretion, request that the vendor demonstrate compliance with this requirement as applicable to the nature of the services to be offered by the vendor’s employee. The County may, at its sole discretion, also request the vendor’s certification that the vendor employee has undergone a chemical/drug screening, with negative results, prior to granting access to County facilities. Background Checks. In accordance with applicable law, the vendor shall, at the County’s request, obtain as a condition of employment a background investigation on any vendor employee selected to work for the County. The security and background investigation shall include criminal record checks, including records of any conviction in the U.S. or other
County of Orange Health Care Agency
55
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 57
County of Orange
Bid 042-C004168-RT
relevant jurisdiction where the employee resides. Costs for background investigations will be borne by the vendor. At a minimum, subject to the requirements of applicable law, the vendor shall: 1. Ensure that all vendor service employees performing applicable services or supporting the vendor’s duties and obligations under a County agreement: (i) have not been convicted of any crime involving violence, fraud, theft, dishonesty or breach of trust under any laws; and (ii) have not been on any list published and maintained by the Government of the United States of America of persons or entities with whom any United States person or entity is prohibited from conducting business. 2. Follow such verification procedures as may be reasonably specified by the County from time to time. If either the vendor or the County becomes aware that any vendor employee has been convicted of a crime involving violence, fraud, theft, dishonesty or breach of trust, or has been included on any such list of persons or entities convicted of such crimes, then the vendor shall promptly remove the employee from providing services to the County and prohibit that employee from entering any facilities at which services are provided. 3. Annually certify to the County that, to the best of its knowledge, none of the service employees have been convicted of any felony involving fraud, theft, dishonesty or a breach of trust under any laws. G. IT Physical Security and Access Control The vendor shall establish processes and procedures that are, at a minimum, consistent with best practices. Vendor employees are expected to:
Comply with facility access procedures, including sign-in/sign-out requirements and use of assigned ID badges Scan ID badges at any secure door and/or entrance and exit gates, including any door or gate that may already be open Refrain from using recordable media in conjunction with County-owned equipment Comply with sign-in/sign-out requirements for materials and/or equipment Adhere to a facility’s established emergency, safety and evacuation procedures Report any unsafe conditions to the facility’s Department Safety Representative (DSR) Report any access violations or security threats to the facility’s Local Security Administrator (LSA)
H. IT Security Compliance and Training: The vendor shall ensure that all vendor employees comply with security policies and procedures and shall take all reasonable measures to reduce the opportunity for unauthorized access, transmission, modification or misuse of the County’s data by vendor employees. The vendor shall ensure that all vendor employees are trained on security measures and practices. The vendor will assume the cost to provide training. At a minimum, the vendor is expected to:
Ensure that a formal disciplinary process is defined and followed for vendor employees who violate established security policies and procedures. Proactively manage and administer access rights to any equipment, software and systems used to provide services to the County.
County of Orange Health Care Agency
56
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 58
County of Orange
Bid 042-C004168-RT
Define, maintain and monitor access controls, ranging from physical access to logical security access, including a monthly review of vendor employees’ access to systems used to provide services to the County.
The vendor shall monitor facilities, systems and equipment to protect against unauthorized access. At a minimum, the vendor is expected to:
Monitor access to systems; investigate apparent security violations; and notify the County of suspected violations, including routine reporting on hacking attempts, penetrations and responses. Maintain data access control and auditing software and provide adequate logging, monitoring, and investigation of unusual or suspicious activity. Initiate immediate corrective actions to minimize and prevent the reoccurrence of attempted or actual security violations. Document details related to attempted or actual security violations and provide documentation to the County. Provide necessary documentation and evidence to the County in connection with any legal action or investigation. Ensure that all equipment used to provide services to the County is protected by antivirus software with the latest patches installed
Data Privacy: Encryption shall be used to protect data whenever technically possible. Security Testing: The vendor shall perform a series of steps to verify the security of applications to be defined. The vendor is expected to:
Look for vulnerabilities at various layers of the target environment. In the lowest layer, the vendor’s testing team will look for flaws in the target network environment, including any routers and firewalls designed to control access to the web server and related target components. The team will attempt to determine whether such filters provide adequate protection at the network layer of the target hosts that the team can reach across the Internet.
Look for flaws in the Internet-accessible hosts associated with the target infrastructure, including the web server. This host-based component of the test will analyze which network-accessible services are available on the target hosts across the Internet, including the web server process. The testing team will look for incorrect configuration, unpatched or enabled services, and other related problems on the target hosts.
Use a combination of tools, utilities and methodologies to review the various points of potential security failure.
This review will include but not be limited to:
The web application (i.e., the software that interacts with users at their web browsers; typically custom-crafted code created by the web development team) The web server application (the underlying software that sends and receives information via HTTP and HTTPS, typically off-the-shelf software such as Microsoft’s IIS or the open-source Apache software)
County of Orange Health Care Agency
57
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 59
County of Orange
Bid 042-C004168-RT
Any separate backend application servers that process information from the web application The backend database systems that house information associated with the web application. Infrastructure diagrams illustrating best practices and security weaknesses Configuration host review of settings and patch versions, etc. Full code review Identification of well-known web server, code engine, and database vulnerabilities Identification of any server and application administration flaws and an exploitation attempt of same Analysis of user interface, normal application behavior, and overall application architecture for potential security vulnerabilities Analysis of data communications between the application and databases or other backend systems Manual analyses of all input facilities for unexpected behavior such as SQL injection, arbitrary command execution, and unauthorized data access Analyses of user and group account authentication and authorization controls to determine if they can be bypassed Identification of information leakage across application boundaries, including the capability to enumerate other users’ data and “show code” weaknesses that reveal internal application logic Identification of areas where error handling is insufficient or reveals too much sensitive information Identification of opportunities to write to the host file system or execute uploaded files Identification of product sample files, application debugging information, developer accounts or other legacy functionality that allows inappropriate access Determination as to whether or not fraudulent transactions or access can be performed Attempts to view unauthorized data, especially data that should be confidential Examination of client-side cached files, temporary files, and other information that can yield sensitive information or be altered and re-submitted Analysis of encoded and encrypted tokens, such as cookies, for weakness or the ability to be reverse engineered
J. Deliverables The following items are to be provided by the vendor.
Vendor risk acceptance / compliance statement Business Continuity Plan Summary (as related to service provided) SAS-70 Type II audit results (if applicable) Security Waiver form (if needed) Security Contact Identification (24x7x365) Vendor URL for its security policies Vendor URL for its incident management process Vendor access management policy (user IDs,, passwords, administrative controls, etc.) Vendor security test plan, test schedule and results Vendor access control and log management plan
Deliverables and Documents As vendors may be granted access to County proprietary information, IT staff, and systems; the County has outlined various deliverables and documents in relation to County data security that the vendor must provide to the County within thirty (30) days of the start of any contract. The County shall County of Orange Health Care Agency
58
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 60
County of Orange
Bid 042-C004168-RT
review these deliverables and documents prior to final contract approval and the provision of actual access to the resources or transfer of any information related to the vendor Deliverables and Documents to be provided by the vendor: a.
Staff Related Items
Pre-Employment Screening Policy/Procedure Background Checking Procedure Ongoing Employment Status Validation Process Staff Roster and Duties
b. Security Related Items c.
IT Security Staff Usage Policy IT Security Policies and Procedures IT Operations Security Policy Data Management Security Policy Document & Intellectual Property Management Polices Security Incident Notification and Management Process
IT Systems-Related Items
Business Continuity Plan as it relates to vendor systems and County data
Policies related to data, tapes, and resources that will be removed from County facilities Appendices Security The Software provider will provide the required documentation for security compliance, as listed in:
Security Deliverables Provider Questionnaire
County of Orange Health Care Agency
59
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 61
County of Orange
Bid 042-C004168-RT
ATTACHMENT B COMPENSATION AND INVOICING I.
COMPENSATION This is a fixed price Contract not to exceed the amount $TBD for the term of the Contract between the County and Contractor. The Contractor agrees to accept the specified compensation as full remuneration for performing all services and furnishing all staffing and materials called for; for any reasonably foreseen difficulties under the responsibility of the Contractor which may arise or be encountered in the execution of the services until their acceptance; for risks connected with the services; and for performance by the Contractor of all of its duties and obligations hereunder. The fixed price shall include the fee and all expenses related to the performance of work and services required to meet the tasks and deliverables in the SOW, set forth more fully in Attachment A.
II.
PAYMENT TERMS Invoices are to be submitted in arrears to the address listed below. Payment of invoices will be net thirty (30) days after the receipt of an acceptable invoice submitted in accordance with the terms set forth herein. The invoice must be verified and approved by the County's Project Manager and is subject to routine processing requirements of the County. Invoices will not be paid if goods/services have not been appropriately delivered as determined by County Project Manager. Billing shall cover only those services not previously invoiced. The Contractor shall reimburse the County for any monies paid to the Contractor for goods and/or services not provided or when goods and/or services do not meet the Contract requirements. Payment made by the County shall not preclude the right of the County from thereafter disputing any items or services involved or billed under this Contract and shall not be construed as acceptance of any part of the services.
III.
PAYMENT (ELECTRONIC FUNDS TRANSFER) - INVOICING INSTRUCTIONS The County offers contractors the option of receiving payment directly to their bank account via an Electronic Fund Transfer (EFT) process in lieu of a check payment. Payment made via EFT will also receive an Electronic Remittance Advice with the payment details via e-mail. An e-mail address will need to be provided to the County via an EFT Authorization Form. To request a form, please contact the agency/department representative listed in the Contract. 1. Invoices and all supporting documentation shall be submitted to County’s Project Manager as follows: County of Orange HCA/ Accounts Payable PO Box 689 Santa Ana, CA 92702 2
The Contractor shall provide a two-part invoice on the Contractor’s letterhead for goods delivered and/or services rendered. In the case of goods, the Contractor shall leave an invoice with each delivery. Each invoice shall have a number and shall include the following information: a.
Contractor’s Name and Address
County of Orange Health Care Agency
60
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 62
County of Orange
b. c. d. e. f. g. h. i. j. k.
Bid 042-C004168-RT
Contractor’s Remittance Address, if different from a, above Contractor’s Tax Identification Number(TIN) or Employer’s Identification Number (EIN) Name of County Agency Delivery/Service Address Master Agreement Number Description of Services; Sales Tax, if applicable Freight/Delivery Charges, if applicable Date(s) of Performance of Service Amount of Payment Requested
The responsibility for providing acceptable invoice(s) to the County for payment rests with the Contractor. Incomplete or incorrect invoices are not acceptable and will be returned.
County of Orange Health Care Agency
61
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 63
County of Orange
Bid 042-C004168-RT
ATTACHMENT C COST SUMMARY/PRICING
Offerors are to quote their most competitive fees and submit as Part 3 of their proposal. The quoted prices shall include all labor, materials, equipment, insurance coverage, permits, licenses, preparation of all faxed and mailed/delivered reports, and all other fees to provide the services specified herein.
County of Orange Health Care Agency
62
RFP 042-C004168-RT
Asset Management System
3/3/2015 5:23 PM
p. 64
County of Orange
Bid 042-C004168-RT
EXHIBIT 1 SECURITY DELIVERIES (Complete this form and submit as Part 3 of your proposal)
PLEASE COMPLETE ALL THE QUESTIONS BELOW AND SUPPLY THE FOLLOWING INFORMATION.
• Associated Document (Please provide documentation in an attachment) OR provide a URL in the ""Link"" column if the document is online • Page # ( References as to where in the documentation the deliverable is found) Deliverable Business Continuity Plan Summary (as related to service provided)
Associated Document
Link
Page #
County Use Only Met / Not Met
SAS-70 Type II audit results (if applicable) Security Waiver form (if needed) Security Contact Identification (24x7x365) Vendor URL for its security policies Vendor URL for its incident management process ISO SOX compliance certificate (if applicable) Vendor access management policy (user IDs,, passwords, administrative controls, etc.) Vendor security test plan, test schedule and results Vendor access control and log management plan Staff Related Deliverables Pre-Employment Screening Policy/Procedure Background Checking Procedure Ongoing Employment Status Validation Process Staff Roster and Duties
County of Orange Health Care Agency
63
RFP 042-C004168-RT
Health Care Agency Asset Management System
3/3/2015 5:23 PM
p. 65
County of Orange
Bid 042-C004168-RT
Security Related Deliverables IT Security Staff Usage Policy IT Security Policies and Procedures IT Operations Security Policy Data Management Security Policy Security Incident Notification and Management Process IT Systems Related Deliverables Business Continuity Plan as it relates to vendor systems and county data Policies related to data, tapes, and resources that will be removed from County facilities
County of Orange Health Care Agency
64
RFP 042-C004168-RT
Health Care Agency Asset Management System
3/3/2015 5:23 PM
p. 66
County of Orange
Bid 042-C004168-RT
EXHIBIT 2 (Complete and submit as Part 3 of your proposal)
County of Orange Health Care Agency Vendor Security Requirements
Application Service Provider Questionnaire
08/2013
County of Orange Health Care Agency
65
RFP 042-C004168-RT
Health Care Agency Asset Management System
3/3/2015 5:23 PM
p. 67
County of Orange
Bid 042-C004168-RT
TABLE OF CONTENTS
1.0 - Overview ............................................................................................................................................. 67
2.0 - Vendor Instructions ............................................................................................................................. 67 2.1 - Example ................................................................................................................................. 67
3.0 - Questionnaire ...................................................................................................................................... 67 3.1 - Vendor Contact Information ................................................................................................... 67 3.2.1 - Encryption .............................................................................................................. 68 3.2.3 - Access Management ............................................................................................. 72 3.2.4 - Password/User Management ................................................................................ 73 3.2.5 - Audit Capabilities ................................................................................................... 76 3.2.6 - Other Capabilities .................................................................................................. 79 3.3 - Support Functionality ............................................................................................................. 80 3.3.1 - Security of Remote Support ................................................................................... 80 3.3.2 - Protection from Malicious Code ............................................................................. 82 3.3.3 - Configuration Mgmt & Change Control .................................................................. 83 3.4.1 - Service Level Agreements ..................................................................................... 84 3.4.2 - Third Party Application Testing .............................................................................. 85 3.4.3 - Other ...................................................................................................................... 86 4.0 – Appendix ............................................................................................................................... 88
County of Orange Health Care Agency
66
RFP 042-C004168-RT
Health Care Agency Asset Management System
3/3/2015 5:23 PM
p. 68
County of Orange
Bid 042-C004168-RT
1.0 - OVERVIEW The County of Orange Health Care Agency (OCHCA) requires that all vendors whose product falls within the realm of information technology meet a minimum set of functional and technical security requirements. As such, the Information Security Department has prepared a questionnaire that will help the IT staff more thoroughly understand the security ramifications related to the potential implementation of a vendor’s product. As part of the vendor approval process, the vendor must demonstrate compliance with the OCHCA’s Vendor Security Requirements by responding in writing to the statements or questions listed in section three unless otherwise specified within the question. By responding to those statements or questions below, the Information Security department will be able to expedite the security approval process. Failure to respond to all statements and questions may result in your disqualification. 2.0 - VENDOR INSTRUCTIONS
The OCHCA Information Security Department is looking for detailed, technical responses to the following statements and/or questions. The vendors should include any supporting documents including but not limited to security whitepapers, technical documents, security policies and/or procedures that you may have that will assist us in understanding your information security profile. 2.1 - Example Insufficient Response: “Our product uses encryption.” Acceptable Response: “All communications between the clients and server are protected by through 128-Bit SSL encryption on TCP port 7443.” Each applicable section will include a reference section. If the question or statement relates to information referenced within your supporting documents, please provide the document name and page number within the associated reference section. 3.0 - QUESTIONNAIRE 3.1 - Vendor Contact Information Application Name:
Version:
Release Date:
Application Supports the following business functions:
Vendor Representative Contact
Name:
County of Orange Health Care Agency
Title:
67
Department:
RFP 042-C004168-RT
Health Care Agency Asset Management System
3/3/2015 5:23 PM
p. 69
County of Orange
Information
Contracting Agency/ Department Contact Information
Bid 042-C004168-RT
Company Name:
Telephone Number:
E-mail:
Support Number:
Support E-mail:
Website URL:
Department:
Telephone:
Agency Contact:
E-Mail:
Additional Information:
3.2 - Application Functionality 1) Briefly describe your application’s function and indicate how the software functions (i.e. Client/Server, Web Based, etc.)
Reference Information
3.2.1 - Encryption 2) Does this application employ data encryption? If no, continue to question 6. If yes, describe whether it is network-based encryption, storage-based encryption, or both.
County of Orange Health Care Agency
68
Yes No
N/A
RFP 042-C004168-RT
Health Care Agency Asset Management System
3/3/2015 5:23 PM
p. 70
County of Orange
Bid 042-C004168-RT
Reference Information
3) Does the application encrypt data before sending it over the Internet or an open network? If yes, indicate the type of encryption.
Yes No
N/A
Yes No
N/A
Yes No
N/A
Reference Information
4) Does the application encrypt data before storing on removable media such as backup tapes, CDs, DVDs, etc, or devices such as laptops, tablets, or computer workstation hard disk drives? If yes, indicate the encryption used.
Reference Information
5) Is password transmission and storage encrypted and un-viewable even to the system administrators? If yes, indicate the encryption used.
County of Orange Health Care Agency
69
RFP 042-C004168-RT
Health Care Agency Asset Management System
3/3/2015 5:23 PM
p. 71
County of Orange
Bid 042-C004168-RT
Reference Information
3.2.2 - Network Communication 6) Is this application web-based or does this application include a web interface? If no, continue to question 11. If yes, include the types of secure connections that are supported.
Yes No
N/A
Yes No
N/A
Yes No
N/A
Reference Information
7) Is this application’s web interface appropriate to deploy as Internetfacing? If no, please explain.
Reference Information
8) Are there security safeguards that are inherent in the application to protect against network vulnerabilities such as, but not limited to, SQL Injection, Cross Site Scripting, Website Defacement or Hijacking, installation of Trojan horses/spyware, etc.? If yes, please explain. County of Orange Health Care Agency
70
RFP 042-C004168-RT
Health Care Agency Asset Management System
3/3/2015 5:23 PM
p. 72
County of Orange
Bid 042-C004168-RT
Reference Information
9) If this application is behind our perimeter firewall, are there protocols and IP ports need to be opened? If yes, please explain.
Yes No
N/A
Yes No
N/A
Reference Information
10) Should this application be protected by an application proxy? If so, please explain in detail.
Reference Information
11) Please describe this application’s network setup. For example, indicate whether the application requires multiple servers (e.g. SQL and a Web Server) Please include information like which network services/ communication that would be required (i.e. DNS, SMTP, etc.)
County of Orange Health Care Agency
71
N/A
RFP 042-C004168-RT
Health Care Agency Asset Management System
3/3/2015 5:23 PM
p. 73
County of Orange
Bid 042-C004168-RT
Reference Information
3.2.3 - Access Management 12) Is the user authenticated to the application? If yes, briefly describe how the user is authenticated to the system. If no or not applicable, please continue to 24.
Yes No
N/A
Yes No
N/A
Yes No
N/A
Reference Information
13) Does the application support integration with enterprise identity management systems? If yes, indicate the compatible systems (such as Directory Services, LDAP, Kerberos, etc.)
Reference Information
14) Is the application compatible with alternative authentication mechanisms (e.g. certificates, token, biometric, etc.?)
County of Orange Health Care Agency
72
RFP 042-C004168-RT
Health Care Agency Asset Management System
3/3/2015 5:23 PM
p. 74
County of Orange
Bid 042-C004168-RT
Reference Information
15) Can access be defined based on the user’s job role (Role-based Access Controls)? If yes, can application generate the list of users by job role?
Yes No
N/A
Yes No
N/A
Yes No
N/A
Reference Information
3.2.4 - Password/User Management 16) Does the application have the option to force new users to change their password upon first login?
Reference Information
17) Can the user change their password at any time?
County of Orange Health Care Agency
73
RFP 042-C004168-RT
Health Care Agency Asset Management System
3/3/2015 5:23 PM
p. 75
County of Orange
Bid 042-C004168-RT
Reference Information
18) Can the system administrator enforce password policy and/or complexity such as minimum length, numbers and alphabet requirements, and upper and lower case letters, etc.?
Yes No
N/A
Yes No
N/A
Yes No
N/A
Reference Information
19) Can the application force password expiration and prevent users from reusing a password?
Reference Information
20) Can the application be set to automatically lock a user’s account after a predetermined number of consecutive unsuccessful logon attempts?
County of Orange Health Care Agency
74
RFP 042-C004168-RT
Health Care Agency Asset Management System
3/3/2015 5:23 PM
p. 76
County of Orange
Bid 042-C004168-RT
Reference Information
21) Does the application prohibit users from logging into the application on more than one workstation at the same time with the same user ID?
Yes No
N/A
Yes No
N/A
Yes No
N/A
Reference Information
22) Can the application be set to automatically log a user off the application after a predefined period of inactivity?
Reference Information
23) Can the application support the removal of user’s access privileges without requiring the deletion of the user account?
County of Orange Health Care Agency
75
RFP 042-C004168-RT
Health Care Agency Asset Management System
3/3/2015 5:23 PM
p. 77
County of Orange
Bid 042-C004168-RT
Reference Information
24) Are there default vendor test logins and/or system administrator passwords in the product? If yes, please provide details.
Yes No
N/A
Yes No
N/A
Yes No
N/A
Reference Information
3.2.5 - Audit Capabilities 25) Does this application have the ability to generate audit logs? If no, continue to 33.
Reference Information
26) Does this application capture user access activity such as successful logon, logoff, and unsuccessfully logon attempts? If yes, list the data elements contained in the audit log.
County of Orange Health Care Agency
76
RFP 042-C004168-RT
Health Care Agency Asset Management System
3/3/2015 5:23 PM
p. 78
County of Orange
Bid 042-C004168-RT
Reference Information
27) Does this application capture data entries, changes, and deletions? If yes, list the data elements contained in the audit log.
Yes No
N/A
Yes No
N/A
Yes No
N/A
Reference Information
28) Does the application time stamp for audit log entries synchronize with other applications and systems using NTP/SNTP?
Reference Information
29) Can the audit log “data” be exported from the application for further processing (e.g. storage, analysis)?
County of Orange Health Care Agency
77
RFP 042-C004168-RT
Health Care Agency Asset Management System
3/3/2015 5:23 PM
p. 79
County of Orange
Bid 042-C004168-RT
Reference Information
30) Are the audit log files protected from unauthorized alteration? If yes, please describe the protections.
Yes No
N/A
Yes No
N/A
Yes No
N/A
Reference Information
31) Does the application allow a system administrator to set the inclusion or exclusion of audited events based on organizational policy and operating requirements or limits?
Reference Information
32) Can the application continue normal operation even when the security audit capability is non-functional? (For example, if the audit log reaches capacity, the application should continue to operate and should suspend logging, start a new log, or begin overwriting the existing log)
County of Orange Health Care Agency
78
RFP 042-C004168-RT
Health Care Agency Asset Management System
3/3/2015 5:23 PM
p. 80
County of Orange
Bid 042-C004168-RT
Reference Information
3.2.6 - Other Capabilities 33) Does the application maintain a journal of transactions or snapshots of data between backup intervals?
Yes No
N/A
Yes No
N/A
Yes No
N/A
Reference Information
34) Can the system administrator reconfigure to nonstandard port assignments other than the list of registered ports published by IANA?
Reference Information
35) Does the application have the ability to run a backup concurrently with the operation of the application?
County of Orange Health Care Agency
79
RFP 042-C004168-RT
Health Care Agency Asset Management System
3/3/2015 5:23 PM
p. 81
County of Orange
Bid 042-C004168-RT
Reference Information
36) Does the application include documentation that explains error messages to users and system administrators and the actions that are required?
Yes No
N/A
Reference Information
3.3 - Support Functionality 37) Briefly describe how this application is supported (i.e. onsite support, remote access, support, phone support, e-mail support, etc.)
Reference Information
3.3.1 - Security of Remote Support 38) Does your company utilize remote connection methods for technical support? (i.e. Dial-up, secure web tunneling, VPN client, Business-toBusiness VPN using IPSec, etc) If yes, please explain.
County of Orange Health Care Agency
80
Yes No
N/A
RFP 042-C004168-RT
Health Care Agency Asset Management System
3/3/2015 5:23 PM
p. 82
County of Orange
Bid 042-C004168-RT
Reference Information
39) Is remote access a functionality that is built into the application itself? If yes, please describe the security related with the remote access.
Yes No
N/A
Yes No
N/A
Yes No
N/A
Yes No
N/A
Reference Information
40) If requested, can the application associate remote support activities with an individual employee of the vendor?
Reference Information
41) If applicable, do vendor support personnel have specific roles and accesses that control access to ePHI within the application?
Reference Information
42) Does the application audit remote support connection attempts and remote support actions such as application or configuration modifications? County of Orange Health Care Agency
81
RFP 042-C004168-RT
Health Care Agency Asset Management System
3/3/2015 5:23 PM
p. 83
County of Orange
Bid 042-C004168-RT
Reference Information
43) Does the application require remote access by the vendor for maintenance?
Yes No
N/A
Yes No
N/A
Yes No
N/A
Reference Information
3.3.2 - Protection from Malicious Code 44) Is the application compatible with commercial off the shelf (COTS) virus scanning software products for removal and prevention from malicious code? If no, indicate what additional security controls are included with the application/system used to mitigate the risks associated with malicious code.
Reference Information
45) Does the application’s client software operate without requiring the user to have local administrator level rights in order to run the application?
County of Orange Health Care Agency
82
RFP 042-C004168-RT
Health Care Agency Asset Management System
3/3/2015 5:23 PM
p. 84
County of Orange
Bid 042-C004168-RT
Reference Information
3.3.3 - Configuration Mgmt & Change Control 46) Are updates to the application software and/or the operating system controlled by a mutual agreement between the support vendor and the application owner?
Yes No
N/A
Yes No
N/A
Reference Information
47) Can the operating system hosting the application (server or client) be updated by the user without voiding the application warranty or support agreement? If no, please explain if operating systems changes, updates, and patches will be provided by the vendor.
Reference Information
48) Describe how updates to the application are typically handled and how the application is certified to perform as intended with updates to the operating system and other helper applications (such as service packs and hot fixes and how the customer is notified)
County of Orange Health Care Agency
83
RFP 042-C004168-RT
Health Care Agency Asset Management System
3/3/2015 5:23 PM
p. 85
County of Orange
Bid 042-C004168-RT
Reference Information
49) Is OCHCA responsible for installing operating system or application security updates? If no, describe how you typically install updates for your system/application and whether remote access would be required.
Yes No
N/A
Yes No
N/A
Reference Information
3.4 - Vendor Info 3.4.1 - Service Level Agreements 50) Does your application come with a Service Level Agreement (SLA)? If yes, please describe any guaranteed response times associated with the SLA.
County of Orange Health Care Agency
84
RFP 042-C004168-RT
Health Care Agency Asset Management System
3/3/2015 5:23 PM
p. 86
County of Orange
Bid 042-C004168-RT
Reference Information
3.4.2 - Third Party Application Testing 51) Does your application undergo third-party application security testing? If so please describe the testing process and the frequency at which the testing is done.
Yes No
N/A
Yes No
N/A
Reference Information
52) Has the application been tested to be fully functional residing on its associated operating system/middleware platform configured with a recognized security configuration benchmark? If yes, please indicate the benchmark.
Reference Information
County of Orange Health Care Agency
85
RFP 042-C004168-RT
Health Care Agency Asset Management System
3/3/2015 5:23 PM
p. 87
County of Orange
3.4.3 - Other 53) Can you provide references to other customers who have purchased your application/system?
Bid 042-C004168-RT
Yes No
N/A
Yes No
N/A
Yes No
N/A
Reference Information
54) Will your company be accessing OCHCA’s data during any time within the software’s life cycle? If Yes, please explain. If No, continue to the end of this questionnaire.
Reference Information
55) Are there safeguards in place to protect OCHCA’s data during those times that the data is accessed, possessed, or transported by you? If yes, please explain in detail.
County of Orange Health Care Agency
86
RFP 042-C004168-RT
Health Care Agency Asset Management System
3/3/2015 5:23 PM
p. 88
County of Orange
Bid 042-C004168-RT
Reference Information
56) Do you, the provider, understand and agree that all OCHCA data accessed by or in the possession of the provider is to remain confidential and may not be used or disclosed to anyone unless permitted or required by contract or law?
Yes No
N/A
Yes No
N/A
Reference Information
57) Do you, the provider, understand and agree that all OCHCA data temporarily in your possession will be returned or securely destroyed at the end of the Provider’s usage (e.g. application setup or upgrades, data exportation, decommissioning the application, etc.) unless permitted or required by contract or law?
County of Orange Health Care Agency
87
RFP 042-C004168-RT
Health Care Agency Asset Management System
3/3/2015 5:23 PM
p. 89
County of Orange
Bid 042-C004168-RT
Reference Information
4.0 – Appendix Authentication - The process of determining that an entity (someone or something) is the one claimed to be. Authorization - The process of granting rights or access to systems, applications, or networks. Authorization determines who is trusted for a given purpose. ePHI – Electronic Protected Health Information – Any information which is created or received, that relates to the past, present, or future physical or mental health or condition of an individual or can be used to identify an individual that is transmitted or stored on electronic media. (Note: ePHI must be safeguarded to protect it from unauthorized disclosure) IANA – (Internet Assigned Numbers Authority, www.iana.org) The Internet body that was responsible for managing Internet addresses, domain names and protocol parameters. It has been superseded by ICANN (Internet Corporation for Assigned Names and Numbers), which was formed in 1998. IANA was chartered by the Internet Society (ISOC) and Federal Network Council (FNC) and has been located at and operated by the Information Sciences Institute at the University of Southern California NTP/SNTP - (Network Time Protocol) A TCP/IP protocol used to synchronize the real-time clock in computers, network devices and other electronic equipment that is time sensitive.
County of Orange Health Care Agency
88
RFP 042-C004168-RT
Health Care Agency Asset Management System
3/3/2015 5:23 PM
p. 90
County of Orange
Bid 042-C004168-RT
EXHIBIT 1 COUNTY OF ORANGE CHILD SUPPORT ENFORCEMENT CERTIFICATION REQUIREMENTS (NOT REQUIRED AT THIS TIME) In order to enhance the child support collection efforts of the County of Orange Family Support Enforcement, all Contractors are required to provide the following information as listed on the attached form:
If the Contractor is an individual contractor: Name, date of birth, social security number, and residence address.
If Contractor is doing business in a form other than as an individual: Name, date of birth, social security number, and residence address of each individual who owns an interest of ten (10) percent or more in the contracting entity.
In addition, all Contractors must provide:
A certification that the Contractor has fully complied with all applicable federal and state reporting requirements regarding its employees, and
A certification that the Contractor has fully complied with all lawfully served Wage and Earnings Assignment Orders and Notices of Assignment and will continue to so comply.
In order to comply with child support enforcement requirements of the County of Orange, within thirty (30) days of award of Contract, the Contractor agrees to furnish the required contractor data and certifications to the Deputy Purchasing Agent. Failure of the Contractor to timely submit the data and/or certifications required above or to comply with all federal and state reporting requirements for child support enforcement or to comply with all lawfully served Wage and Earnings Assignment Orders and Notices of Assignment shall constitute a material breach of the contract. Failure to cure such breach within sixty (60) calendar days of notice from the County shall constitute grounds for termination of the Contract.
County of Orange Health Care Agency
89
RFP 042-C004168-RT
Health Care Agency Asset Management System
3/3/2015 5:23 PM
p. 91
County of Orange
Bid 042-C004168-RT
EXHIBIT 1 (cont.) COUNTY OF ORANGE CHILD SUPPORT ENFORCEMENT CERTIFICATION REQUIREMENTS A. In the case of an individual contractor, his/her name, date of birth, social security number, and residence address: Name: ________________________________________ DOB: _________________________________________ Social Security No.: ______________________________ Residence Address: ______________________________ B. In the case of a contractor doing business in a form other than as an individual, the name, date of birth, social security number, and residence address of each individual who owns an interest of 10 percent or more in the contracting entity: Name: ________________________________________ DOB: _________________________________________ Social Security No.: ______________________________ Residence Address: ______________________________
Name: ________________________________________ DOB: _________________________________________ Social Security No.: ______________________________ Residence Address: ______________________________
(Additional sheets may be used if necessary)
County of Orange Health Care Agency
90
RFP 042-C004168-RT
Health Care Agency Asset Management System
3/3/2015 5:23 PM
p. 92
County of Orange
Bid 042-C004168-RT
EXHIBIT 1 (cont.) COUNTY OF ORANGE CHILD SUPPORT ENFORCEMENT CERTIFICATION REQUIREMENTS
“I certify that TBD is in full compliance with all applicable federal and state reporting requirements regarding its employees and with all lawfully served Wage and Earnings Assignment Orders and Notices of Assignments and will continue to be in compliance throughout the term of Contract ___TBD_______ with the County of Orange. I understand that failure to comply shall constitute a material breach of the Contract and that failure to cure such breach within sixty (60) calendar days of notice from County shall constitute grounds for termination of the Contract.”
Signature*
Name (Please Print)
Title
Date
Company Name
Contract Number
Signature*
Name (Please Print)
Title
Date
Company Name
Contract Number *Two signatures required if a corporation.
County of Orange Health Care Agency
91
RFP 042-C004168-RT
Health Care Agency Asset Management System
3/3/2015 5:23 PM
p. 93
County of Orange
Question and Answers for Bid #042-C004168-RT - ASSET MANAGEMENT SYSTEM
Bid 042-C004168-RT
5
Overall Bid Questions There are no questions associated with this bid. Question Deadline: Mar 10, 2015 4:00:00 PM PDT
6 3/3/2015 5:23 PM
p. 94
