system security plan


Jun 3, 2014 - Common Control. Not Selected. N/A a. [Assignment: organization-defined number]. < PLEASE ADDRESS THE FOLLOWING THREE AREAS (WHERE APPLIC...

13 downloads 13 Views 8MB Size

State of California

Bid 65251

5

Solicitation 65251

Pondera Fraud Detection as a Service

Bid designation: Public

State of California

6 6/3/2014 5:02 PM

p. 1

State of California

Bid 65251

5

Bid 65251 Pondera Fraud Detection as a Service Bid Number   

65251

Bid Title   

Pondera Fraud Detection as a Service

Bid Start Date

May 29, 2014 4:21:56 PM PDT

Bid End Date

Jun 10, 2014 3:00:00 PM PDT

Bid Contact   

Cory Buttler 916-654-5351 [email protected]

Standard Disclaimer     The State of California advises that prospective bidders periodically check the websites, including but not limited to Bidsync, and/or other state department links for modifications to bid documents. The State of California is not responsible for a prospective bidder's misunderstanding of the bid solicitation or nonresponsive bid due to failure to check these websites for updates or amendments to bid documents, and/or other information regarding the bid solicitations. Failure to periodically check these websites will be at the bidder's sole risk. The information published and/or responded to on these websites is public information. Confidential questions/issues/concerns should be directed to the contact on the ad.

Addendum # 1 New Documents           EDD RFP 65251 Addendum 1 No Markup.pdf EDD RFP 65251 Addendum 1 With Markup.pdf QA Summary RFP No. 65251.pdf Removed Documents    EDD RFP 65251.pdf Previous End Date   

Jun 9, 2014 3:00:00 PM PDT     

New End Date    Jun 10, 2014 3:00:00 PM PDT   

Changes were made to the following items:      Pondera Fraud Detection as a Service 

Description PLEASE NOTE: This RFP was originally posted on May 16th. Questions were received and EDD is currently in the process of finalizing answers. The original due date of the RFP lapsed and as a result it was briefly unavailable online. Once the answers have been finalized the RFP will be updated with an addendum, a Q&A summary and a new due date. We apologize for the confusion this may have caused! You are invited to submit a proposal for Pondera Fraud Detection as a Service for the EDD Investigation Division, in accordance with the attached RFP. Please see the RFP package for full details. Thank you!

Added on Jun 2, 2014: This RFP has been updated with an addendum. I have posted two PDF versions of the updated RFP, one which contains no markup of any kind, and one with tracked changes and comments in the right margin to note the significant changes that were made. I know viewing this in PDF and not Word is less than ideal, but I will need to stick with the PDF format. Sorry for any inconvenience this may cause! I've also attached an additional PDF showing a summary of the questions asked and the answers provided by EDD. There were no changes to the Appendices PDF. Thank you very much for your patience while we prepared this addendum! Added on Jun 3, 2014: A new addendum to the RFP is being posted. The "Qualify to do Business with California" requirement on page 12 has seen a minor  change, as has the list of required proposal documents beginning on page 14 (item q. was removed). Please see the markup version of Addendum 2 for complete details. Thank you!  6/3/2014 5:02 PM# 1 Addendum

p. 2

change, as has the list of required proposal documents beginning on page 14 (item q. was removed). Please see the markup version of Addendum 2 for complete details. State of California Bid 65251 Thank you!  Addendum # 1

6

6/3/2014 5:02 PM

p. 3

State of California

Bid 65251

< SYSTEM NAME > Certification and Accreditation Program

SYSTEM SECURITY PLAN < Date > < Version # >

This document contains confidential information for EDD Official Use Only. It shall not be duplicated, used, or disclosed in whole or in part without prior written permission from the Information Security Office. Rev. 20140127

6/3/2014 5:02 PM

p. 4

State of California

Bid 65251

System Security Plan

System Name: < Insert system name. >

System Security Plan Revision History Revision Number

Date of Release

Updates/Changes < Insert initial release or what updates/changes were made to this document. >

System Security Plan Completion This SSP was completed on < Insert date > by < Insert name(s) and organization(s) >

System Security Plan Review This SSP was reviewed on < Insert date > by < Insert name(s) and organization(s) >

System Security Plan Approval This SSP was approved on < Insert date > by < Insert name(s) and organization(s) >

Employment Development Department

Confidential Information – For Official Use Only

Page ii of 82 6/3/2014 5:02 PM

p. 5

State of California

Bid 65251

System Security Plan

Table of Contents System Name: .............................................................................................................................. ii System Security Plan Revision History ......................................................................................... ii System Security Plan Completion................................................................................................. ii System Security Plan Review ....................................................................................................... ii System Security Plan Approval .................................................................................................... ii Executive Summary......................................................................................................................iv SSP Summary ............................................................................................................................. iv System Security Plan Highlights .................................................................................................. iv 1

System Security Plan ............................................................................................................. 5 1.1 Information System Description and Responsible Organization ......................................... 5 1.1.1 System Categorization ................................................................................................ 5 1.1.2 System Personnel Contacts ........................................................................................ 5 1.1.3 Assignment of Security Responsibility ......................................................................... 6 1.1.4 Incident Response and Disaster Recovery .................................................................. 7 1.1.5 General System Description/Purpose .......................................................................... 7 1.1.6 Hosting Location.......................................................................................................... 8 1.1.7 System Environment ................................................................................................... 8 1.1.8 List of Minor Applications Supported ........................................................................... 8 1.1.9 Software ...................................................................................................................... 8 1.1.10 Hardware ................................................................................................................. 9 1.1.11 Devices .................................................................................................................... 9 1.1.12 System Interconnections & Information Sharing ....................................................... 9 1.1.13 Related Laws, Regulations, and Policies Affecting the System ................................ 9

2

Data Classification and Interfaces .......................................................................................10 2.1 Types of Confidential Data ................................................................................................10 2.2 Volume of Confidential Data .............................................................................................10 2.3 Sources of Data ................................................................................................................10 2.4 Data Exports .....................................................................................................................10

3

System Security Controls .....................................................................................................10 3.1 Security Control Requirements & Implementation Details .................................................10 3.1.1 Access Control (AC) ...................................................................................................11 3.1.2 Awareness and Training (AT) .....................................................................................18 3.1.3 Audit and Accountability (AU) .....................................................................................19 3.1.4 Security Assessment and Authorization (CA) .............................................................24 3.1.5 Configuration Management (CM) ...............................................................................26 3.1.6 Contingency Planning (CP) ........................................................................................30 3.1.7 Identification and Authentication (IA) ..........................................................................34 3.1.8 Incident Response (IR) ...............................................................................................37 3.1.9 Maintenance (MA) ......................................................................................................40 3.1.10 Media Protection (MP).............................................................................................42 3.1.11 Physical and Environmental Protection (PE) ...........................................................44 3.1.12 Planning (PL) ..........................................................................................................50 3.1.13 Personnel Security (PS) ..........................................................................................52 3.1.14 Risk Assessment (RA) ............................................................................................55 3.1.15 System and Services Acquisition (SA) ....................................................................56 3.1.16 System and Communications Protection (SC) .........................................................62 3.1.17 System and Information Integrity (SI) ......................................................................75

Appendix A ..................................................................................................................................82

6/3/2014 5:02 PM

p. 6

State of California

Bid 65251

System Security Plan

Executive Summary SSP Summary The < Insert system name > is currently categorized as < Insert operational status > and is a < Insert EDD branch owner> system. The referenced system has a < High, Moderate, or Low > FIPS 199 impact level. The < Insert system name > supports < Insert supported software, hardware, and devices > and provides connectivity to the < Insert environment supported >. < Insert any other desired system description. >

System Security Plan Highlights < Insert any major, unique, or significant entries. >

Employment Development Department

Confidential Information – For Official Use Only

Page iv of 82 6/3/2014 5:02 PM

p. 7

State of California

Bid 65251

: System Security Plan

1 System Security Plan The following sub-sections discuss the process used for < System Name > system security planning.

1 .1

Information System Description and Responsible Organization Table 1. General System Information

Operational Status:

Operational

System Type:

General System Support

System Owner

Under Development

Major Modification

Major Application

Minor System

< Insert EDD branch owner >

1.1.1 System Categorization Table 2. System Impact Levels Confidentiality Cumulative Impact Level FIPS 199 Categorization

High

Mod

1

Integrity

Low

High High

Mod

Availability Low

Moderate

High

Mod

Low

Low

1.1.2 System Personnel Contacts Information System Owner Official responsible for the overall procurement, development, integration, modification, or operation and maintenance of the information system. Name:

Address:

Title:

Phone Number:

Agency:

E-mail Address:

Information Owner Official with statutory or operational authority for specified information and responsibility for establishing the controls for its generation, collection, processing, dissemination, and disposal.

1

For an information system, the potential impact values assigned to the respective security objectives (confidentiality, integrity, availability) shall be the highest values (i.e., high water mark) from among those security categories that have been determined for each type of information resident on the information system.

Employment Development Department

Confidential Information – For Official Use Only

Page 5 of 82 6/3/2014 5:02 PM

p. 8

State of California

Bid 65251

: System Security Plan

Name:

Address:

Title:

Phone Number:

Agency:

E-mail Address:

Authorizing Officials Officials who authorize, issue an interim authorization, or deny authorization to operate an information system. Accepts or denies the residual risk associated with the information system. Name: Title:

Address: Phone Number:

Deputy Director, Branch

Agency:

Employment Development Department

E-mail Address:

State of California Name:

Address:

Title:

Chief Information Officer

Phone Number:

Agency:

Employment Development Department

E-mail Address:

State of California

Other Designated Contacts (Business Contact) Name:

Address:

Title:

Phone Number:

Agency:

E-mail Address:

Other Designated Contacts (Technical Contact) Name:

Address:

Title:

Phone Number:

Agency:

E-mail Address:

1.1.3 Assignment of Security Responsibility < Insert Project Name >

Employment Development Department

Confidential Information – For Official Use Only

Page 6 of 82 6/3/2014 5:02 PM

p. 9

State of California

Bid 65251

: System Security Plan Name: Title:

Address: Phone Number:

Project Security Officer

Agency:

E-mail Address:

Information Security Officer/Analyst Name:

Address:

Title:

Information Security Officer

Phone Number:

Agency:

Employment Development Department

E-mail Address:

State of California

Chief Information Security Officer Name:

Address:

Title:

Chief Information Security Officer

Phone Number:

Agency:

Employment Development Department

E-mail Address:

State of California

1.1.4 Incident Response and Disaster Recovery < Provide a high-level description of the security incident response and disaster recovery procedures that would be utilized; and key personnel to be notified in the event that security incident or disaster recovery efforts need to be initiated. >

1.1.5 General System Description/Purpose < Insert purpose and description of the system. > < Prepare a brief description (one to three paragraphs) of the function and purpose of the system. Indicate whether the system is a major application or general support system. If the system contains minor applications, describe them in this section of the plan. > < Provide the following THREE diagrams illustrating the components and interdependencies of the system. Clearly define the boundaries of the system as this will scope the SSP: • Physical • Logical • Security > The following table illustrates the categories and devices supported by the system: Table 4. Categories and Devices

Employment Development Department

Confidential Information – For Official Use Only

Page 7 of 82 6/3/2014 5:02 PM

p. 10

State of California

Bid 65251

: System Security Plan Category

Description

Managing Division(s)

Software Hardware Supporting Devices

1.1.6 Hosting Location < Insert the physical location(s) of this information system. >

1.1.7 System Environment < Provide a brief (one to three paragraphs) general description of the technical system. Include any environmental or technical factors that raise special security concerns, such as use of Personal Digital Assistants, wireless technology, etc. > The system technical environment includes < Insert synopsis of items supported. > < Insert system architecture diagram. > < Insert narrative and diagram of data flow of typical use. > < Insert and define system boundaries > < Data warehouse diagram and description, if applicable A. Data exchange 1. Data exchange diagram 2. Data exchange narrative including security measures 3. Describe use of encryption B. Narrative description of system. > < Insert physical and logical network diagram. >

1.1.8 List of Minor Applications Supported 1.1.9

Software

< Insert synopsis of table 4 and software supported. >

Employment Development Department

Confidential Information – For Official Use Only

Page 8 of 82 6/3/2014 5:02 PM

p. 11

State of California

Bid 65251

: System Security Plan

Table 5. Core Applications Software Application

Version

1.1.10 Hardware < Insert summary of hardware supported and number of users. >

1.1.11 Devices < Insert summary of devices supported, general description of technology and any processes. >

1.1.12 System Interconnections & Information Sharing < List interconnected systems and system identifiers (if appropriate), provide the system, name, organization, system type (major application or general support system), indicate if there is an IAA/MOU/MOA on file, date of agreement to interconnect, FIPS 199 category, C&A status, and the name of the authorizing official. > < Insert system name & interconnections & information sharing. >

1.1.13 Related Laws, Regulations, and Policies Affecting the System < List any laws, regulations, or policies that establish specific requirements for confidentiality, integrity, or availability of the system and information retained by, transmitted by, or processed by the system. General agency security requirements need not be listed since they mandate security for all systems. > The following provides guidance on generally applicable laws, regulations, and EDD policies relevant to the system. < Include any additional applicable laws, regulations or policies. >

Employment Development Department

Confidential Information – For Official Use Only

Page 9 of 82 6/3/2014 5:02 PM

p. 12

State of California

Bid 65251

System Security Plan

2 Data Classification and Interfaces 2.1 Types of Confidential Data < State the type and nature of the confidential data. Particular types of data trigger special security requirements/treatment, such as the use of Federal Tax Information (FTI), and data from the Department of Motor Vehicles, Social Security Administration, etc. Sufficient detail must be provided so that reviewers can determine applicable laws and policies. >

2.2 Volume of Confidential Data < The estimated initial and ongoing number of records must be stated. The volume of data impacts the overall risk levels and is a factor in assessing whether security controls are sufficient. >

2.3 Sources of Data < List and describe every source of data which will be processed or stored by the information system. This includes data entered by users, imported by system administrators, or transferred through interfaces with other applications. External data may carry specific legal or policy obligations for protecting data, for establishing agreements, and for handling data breaches. >

2.4 Data Exports < List and describe every instance where data will be transmitted outside of the system, based upon the system boundary defined in Sections 1.1.6 and 1.1.11. This includes data displayed to users on the screen or paper, data extracts by system administrators, or transferred through interfaces with other applications. These data exports may need assessment to ensure data is protected during transport, that recipients have authority to receive the data, and that recipients have appropriate contractual agreements in place. >

3 System Security Controls 3.1 Security Control Requirements & Implementation Details System control compliance, in alignment with NIST 800-53, rev. 4: Security and Privacy Controls for Federal Information Systems and Organizations, is detailed in the following format structure: SECURITY CONTROL IMPLEMENTATION STRUCTURE: NIST System Contol Name Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

a. [Assignment: organization-defined number]. < PLEASE ADDRESS THE FOLLOWING THREE AREAS (WHERE APPLICABLE) AND PROVIDE EXPLANATIONS ACCORDINGLY. >

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 10 of 82 6/3/2014 5:02 PM

p. 13

State of California

Bid 65251

System Security Plan

Security Control Implementation Details: < Insert explanation of security control implementation, include and enumerate required control enhancements > Planned Security Control: < Insert explanation of planned security controls in the event of Not Met or Partially Met > Compensating Security Control: < Insert explanation of compensating security controls for partially met or not met requirements that provide an equivalent security capability or level of protection for the information system >

Refer to NIST 800-53, Rev. 4 control catalog to determine applicable security controls and control enhancements, based on the system’s FIPS 199 system categorization (Section 1.1.1 System Categorization).

3.1.1 Access Control (AC) AC-1

Access Control Policy and Procedures

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AC-2

Account Management

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 11 of 82 6/3/2014 5:02 PM

p. 14

State of California

Bid 65251

System Security Plan

AC-3

Access Enforcement

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AC-4

Information Flow Enforcement

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AC-5

Separation of Duties

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AC-6

Least Privilege

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Employment Development Department

Not Met

Common Control

Confidential Information – For EDD Official Use Only

Page 12 of 82 6/3/2014 5:02 PM

p. 15

State of California

Bid 65251

System Security Plan

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AC-7

Unsuccessful Logon Attempts

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AC-8

System Use Notification

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AC-9

Previous Logon (Access) Notification

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control: Employment Development Department

Confidential Information – For EDD Official Use Only

Page 13 of 82 6/3/2014 5:02 PM

p. 16

State of California

Bid 65251

System Security Plan

AC-10

Concurrent Session Control

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AC-11

Session Lock

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AC-12

Session Termination

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 14 of 82 6/3/2014 5:02 PM

p. 17

State of California

Bid 65251

System Security Plan

AC-13

Supervision and Review – Access Control (Withdrawn)

AC-14

Permitted Actions without Identification or Authentication

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AC-15

Automated Marking (Withdrawn)

AC-16

Security Attributes

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AC-17

Remote Access

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 15 of 82 6/3/2014 5:02 PM

p. 18

State of California

Bid 65251

System Security Plan

AC-18

Wireless Access

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AC-19

Access Control for Mobile Devices

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AC-20

Use of External Information Systems

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AC-21

Information Sharing

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Employment Development Department

Not Met

Common Control

Confidential Information – For EDD Official Use Only

Page 16 of 82 6/3/2014 5:02 PM

p. 19

State of California

Bid 65251

System Security Plan

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AC-22

Publicly Accessible Content

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AC-23

Data Mining Protection

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AC-24

Access Control Decisions

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control: Employment Development Department

Confidential Information – For EDD Official Use Only

Page 17 of 82 6/3/2014 5:02 PM

p. 20

State of California

Bid 65251

System Security Plan

AC-25

Reference Monitor

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

3.1.2 Awareness and Training (AT) AT-1

Security Awareness and Training Policy and Procedures

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AT-2

Security Awareness Training

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 18 of 82 6/3/2014 5:02 PM

p. 21

State of California

Bid 65251

System Security Plan

AT-3

Role-Based Security Training

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AT-4

Security Training Records

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AT-5

Contacts with Security Groups and Associations (Withdrawn)

3.1.3 Audit and Accountability (AU) AU-1

Audit and Accountability Policy and Procedures

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 19 of 82 6/3/2014 5:02 PM

p. 22

State of California

Bid 65251

System Security Plan

AU-2

Audit Events

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AU-3

Content of Audit Records

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AU-4

Audit Storage Capacity

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AU-5

Response to Audit Processing Failures

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Employment Development Department

Not Met

Common Control

Confidential Information – For EDD Official Use Only

Page 20 of 82 6/3/2014 5:02 PM

p. 23

State of California

Bid 65251

System Security Plan

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AU-6

Audit Review, Analysis, and Reporting

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AU-7

Audit Reduction and Report Generation

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AU-8

Time Stamps

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control: Employment Development Department

Confidential Information – For EDD Official Use Only

Page 21 of 82 6/3/2014 5:02 PM

p. 24

State of California

Bid 65251

System Security Plan

AU-9

Protection of Audit Information

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AU-10

Non-repudiation

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AU-11

Audit Record Retention

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 22 of 82 6/3/2014 5:02 PM

p. 25

State of California

Bid 65251

System Security Plan

AU-12

Audit Generation

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AU-13

Monitoring for Information Disclosure

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AU-14

Session Audit

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AU-15

Alternate Audit Capability

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Employment Development Department

Not Met

Common Control

Confidential Information – For EDD Official Use Only

Page 23 of 82 6/3/2014 5:02 PM

p. 26

State of California

Bid 65251

System Security Plan

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

AU-16

Cross-Organizational Auditing

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

3.1.4 Security Assessment and Authorization (CA) CA-1

Security Assessment and Authorization Policies and Procedures

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

CA-2

Security Assessments

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 24 of 82 6/3/2014 5:02 PM

p. 27

State of California

Bid 65251

System Security Plan

Planned Security Control: Compensating Security Control:

CA-3

System Interconnections

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

CA-4

Security Certification (Withdrawn)

CA-5

Plan of Action and Milestones

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

CA-6

Security Authorization

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 25 of 82 6/3/2014 5:02 PM

p. 28

State of California

Bid 65251

System Security Plan

Compensating Security Control:

CA-7

Continuous Monitoring

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

CA-8

Penetration Testing

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

CA-9

Internal System Connections

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

3.1.5 Configuration Management (CM) Employment Development Department

Confidential Information – For EDD Official Use Only

Page 26 of 82 6/3/2014 5:02 PM

p. 29

State of California

Bid 65251

System Security Plan

CM-1

Configuration Management Policy and Procedures

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

CM-2

Baseline Configuration

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

CM-3

Configuration Change Control

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

CM-4

Security Impact Analysis

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Employment Development Department

Not Met

Common Control

Confidential Information – For EDD Official Use Only

Page 27 of 82 6/3/2014 5:02 PM

p. 30

State of California

Bid 65251

System Security Plan

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

CM-5

Access Restrictions for Change

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

CM-6

Configuration Settings

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

CM-7

Least Functionality

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control: Employment Development Department

Confidential Information – For EDD Official Use Only

Page 28 of 82 6/3/2014 5:02 PM

p. 31

State of California

Bid 65251

System Security Plan

CM-8

Information System Component Inventory

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

CM-9

Configuration Management Plan

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

CM-10

Software Usage Restrictions

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 29 of 82 6/3/2014 5:02 PM

p. 32

State of California

Bid 65251

System Security Plan

CM-11

User-Installed Software

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

3.1.6 Contingency Planning (CP) CP-1

Contingency Planning Policy and Procedures

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

CP-2

Contingency Plan

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 30 of 82 6/3/2014 5:02 PM

p. 33

State of California

Bid 65251

System Security Plan

CP-3

Contingency Training

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

CP-4

Contingency Plan Testing

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

CP-5

Contingency Plan Update (Withdrawn)

CP-6

Alternate Storage Site

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 31 of 82 6/3/2014 5:02 PM

p. 34

State of California

Bid 65251

System Security Plan

CP-7

Alternate Processing Site

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

CP-8

Telecommunications Services

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

CP-9

Information System Backup

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

CP-10

Information System Recovery and Reconstitution

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Employment Development Department

Not Met

Common Control

Confidential Information – For EDD Official Use Only

Page 32 of 82 6/3/2014 5:02 PM

p. 35

State of California

Bid 65251

System Security Plan

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

CP-11

Alternate Communications Protocols

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

CP-12

Safe Mode

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

CP-13

Alternate Security Mechanisms

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control: Employment Development Department

Confidential Information – For EDD Official Use Only

Page 33 of 82 6/3/2014 5:02 PM

p. 36

State of California

Bid 65251

System Security Plan

3.1.7 Identification and Authentication (IA) IA-1

Identification and Authentication Policy and Procedures

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

IA-2

Identification and Authentication (Organizational Users)

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

IA-3

Device Identification and Authentication

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 34 of 82 6/3/2014 5:02 PM

p. 37

State of California

Bid 65251

System Security Plan

IA-4

Identifier Management

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

IA-5

Authenticator Management

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

IA-6

Authenticator Feedback

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

IA-7

Cryptographic Module Authentication

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Employment Development Department

Not Met

Common Control

Confidential Information – For EDD Official Use Only

Page 35 of 82 6/3/2014 5:02 PM

p. 38

State of California

Bid 65251

System Security Plan

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

IA-8

Identification and Authentication (Non-Organizational Users)

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

IA-9

Service Identification and Authentication

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

IA-10

Adaptive Identification and Authentication

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control: Employment Development Department

Confidential Information – For EDD Official Use Only

Page 36 of 82 6/3/2014 5:02 PM

p. 39

State of California

Bid 65251

System Security Plan

IA-11

Re-authentication

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

3.1.8 Incident Response (IR) IR-1

Incident Response Policy and Procedures

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

IR-2

Incident Response Training

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 37 of 82 6/3/2014 5:02 PM

p. 40

State of California

Bid 65251

System Security Plan

IR-3

Incident Response Testing

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

IR-4

Incident Handling

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

IR-5

Incident Monitoring

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

IR-6

Incident Reporting

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Employment Development Department

Not Met

Common Control

Confidential Information – For EDD Official Use Only

Page 38 of 82 6/3/2014 5:02 PM

p. 41

State of California

Bid 65251

System Security Plan

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

IR-7

Incident Response Assistance

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

IR-8

Incident Response Plan

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

IR-9

Information Spillage Response

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control: Employment Development Department

Confidential Information – For EDD Official Use Only

Page 39 of 82 6/3/2014 5:02 PM

p. 42

State of California

Bid 65251

System Security Plan

IR-10

Integrated Information Security Analysis Team

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

3.1.9 Maintenance (MA) MA-1

System Maintenance Policy and Procedures

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

MA-2

Controlled Maintenance

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 40 of 82 6/3/2014 5:02 PM

p. 43

State of California

Bid 65251

System Security Plan

MA-3

Maintenance Tools

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

MA-4

Nonlocal Maintenance

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

MA-5

Maintenance Personnel

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

MA-6

Timely Maintenance

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Employment Development Department

Not Met

Common Control

Confidential Information – For EDD Official Use Only

Page 41 of 82 6/3/2014 5:02 PM

p. 44

State of California

Bid 65251

System Security Plan

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

3.1.10 Media Protection (MP) MP-1

Media Protection Policy and Procedures

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

MP-2

Media Access

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

MP-3

Media Marking

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 42 of 82 6/3/2014 5:02 PM

p. 45

State of California

Bid 65251

System Security Plan

Planned Security Control: Compensating Security Control:

MP-4

Media Storage

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

MP-5

Media Transport

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

MP-6

Media Sanitization

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 43 of 82 6/3/2014 5:02 PM

p. 46

State of California

Bid 65251

System Security Plan

MP-7

Media Use

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

MP-8

Media Downgrading

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

3.1.11 Physical and Environmental Protection (PE) PE-1

Physical and Environmental Protection Policy and Procedures

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 44 of 82 6/3/2014 5:02 PM

p. 47

State of California

Bid 65251

System Security Plan

PE-2

Physical Access Authorizations

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

PE-3

Physical Access Control

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

PE-4

Access Control for Transmission Medium

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

PE-5

Access Control for Output Devices

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Employment Development Department

Not Met

Common Control

Confidential Information – For EDD Official Use Only

Page 45 of 82 6/3/2014 5:02 PM

p. 48

State of California

Bid 65251

System Security Plan

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

PE-6

Monitoring Physical Access

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

PE-7

Visitor Control (Withdrawn)

PE-8

Visitor Access Records

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

PE-9

Power Equipment and Cabling

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Employment Development Department

Confidential Information – For EDD Official Use Only

Page 46 of 82 6/3/2014 5:02 PM

p. 49

State of California

Bid 65251

System Security Plan

Planned Security Control: Compensating Security Control:

PE-10

Emergency Shutoff

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

PE-11

Emergency Power

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

PE-12

Emergency Lighting

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 47 of 82 6/3/2014 5:02 PM

p. 50

State of California

Bid 65251

System Security Plan

PE-13

Fire Protection

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

PE-14

Temperature and Humidity Controls

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

PE-15

Water Damage Protection

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 48 of 82 6/3/2014 5:02 PM

p. 51

State of California

Bid 65251

System Security Plan

PE-16

Delivery and Removal

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

PE-17

Alternate Work Site

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

PE-18

Location of Information System Components

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

PE-19

Information Leakage

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Employment Development Department

Not Met

Common Control

Confidential Information – For EDD Official Use Only

Page 49 of 82 6/3/2014 5:02 PM

p. 52

State of California

Bid 65251

System Security Plan

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

PE-20

Asset Monitoring and Tracking

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

3.1.12 Planning (PL) PL-1

Security Planning Policy and Procedures

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

PL-2

System Security Plan

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 50 of 82 6/3/2014 5:02 PM

p. 53

State of California

Bid 65251

System Security Plan

Planned Security Control: Compensating Security Control:

PL-3

System Security Plan Update (Withdrawn)

PL-4

Rules of Behavior

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

PL-5

Privacy Impact Assessment (Withdrawn)

PL-6

Security-Related Activity Planning (Withdrawn)

PL-7

Security Concept of Operations

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 51 of 82 6/3/2014 5:02 PM

p. 54

State of California

Bid 65251

System Security Plan

PL-8

Information Security Architecture

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

PL-9

Central Management

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

3.1.13 Personnel Security (PS) PS-1

Personnel Security Policy and Procedures

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 52 of 82 6/3/2014 5:02 PM

p. 55

State of California

Bid 65251

System Security Plan

PS-2

Position Risk Designation

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

PS-3

Personnel Screening

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

PS-4

Personnel Termination

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

PS-5

Personnel Transfer

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Employment Development Department

Not Met

Common Control

Confidential Information – For EDD Official Use Only

Page 53 of 82 6/3/2014 5:02 PM

p. 56

State of California

Bid 65251

System Security Plan

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

PS-6

Access Agreements

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

PS-7

Third-Party Personnel Security

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

PS-8

Personnel Sanctions

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control: Employment Development Department

Confidential Information – For EDD Official Use Only

Page 54 of 82 6/3/2014 5:02 PM

p. 57

State of California

Bid 65251

System Security Plan

3.1.14 Risk Assessment (RA) RA-1

Risk Assessment Policy and Procedures

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

RA-2

Security Categorization

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

RA-3

Risk Assessment

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 55 of 82 6/3/2014 5:02 PM

p. 58

State of California

Bid 65251

System Security Plan

RA-4

Risk Assessment Update (Withdrawn)

RA-5

Vulnerability Scanning

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

RA-6

Technical Surveillance Countermeasures Survey

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

3.1.15 System and Services Acquisition (SA) SA-1

System and Services Acquisition Policy and Procedures

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 56 of 82 6/3/2014 5:02 PM

p. 59

State of California

Bid 65251

System Security Plan

SA-2

Allocation of Resources

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SA-3

System Development Life Cycle

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SA-4

Acquisition Process

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SA-5

Information System Documentation

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Employment Development Department

Not Met

Common Control

Confidential Information – For EDD Official Use Only

Page 57 of 82 6/3/2014 5:02 PM

p. 60

State of California

Bid 65251

System Security Plan

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SA-6

Software Usage Restrictions (Withdrawn)

SA-7

User Installed Software (Withdrawn)

SA-8

Security Engineering Principles

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SA-9

External Information System Services

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 58 of 82 6/3/2014 5:02 PM

p. 61

State of California

Bid 65251

System Security Plan

SA-10

Developer Configuration Management

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SA-11

Developer Security Testing and Evaluation

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SA-12

Supply Chain Protection

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SA-13

Trustworthiness

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Employment Development Department

Not Met

Common Control

Confidential Information – For EDD Official Use Only

Page 59 of 82 6/3/2014 5:02 PM

p. 62

State of California

Bid 65251

System Security Plan

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SA-14

Criticality Analysis

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SA-15

Development Process, Standards, and Tools

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SA-16

Developer-Provided Training

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control: Employment Development Department

Confidential Information – For EDD Official Use Only

Page 60 of 82 6/3/2014 5:02 PM

p. 63

State of California

Bid 65251

System Security Plan

SA-17

Developmer Security Architecture and Design

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SA-18

Tamper Resistance and Detection

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SA-19

Component Authenticity

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 61 of 82 6/3/2014 5:02 PM

p. 64

State of California

Bid 65251

System Security Plan

SA-20

Customized Development of Critical Components

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SA-21

Developer Screening

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SA-22

Unsupported System Components

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

3.1.16 System and Communications Protection (SC)

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 62 of 82 6/3/2014 5:02 PM

p. 65

State of California

Bid 65251

System Security Plan

SC-1

System and Communications Protection Policy and Procedures

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-2

Application Partitioning

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-3

Security Function Isolation

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-4

Informaton in Shared Resources

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Employment Development Department

Not Met

Common Control

Confidential Information – For EDD Official Use Only

Page 63 of 82 6/3/2014 5:02 PM

p. 66

State of California

Bid 65251

System Security Plan

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-5

Denial of Service Protection

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-6

Resource Availability

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-7

Boundary Protection

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 64 of 82 6/3/2014 5:02 PM

p. 67

State of California

Bid 65251

System Security Plan

Compensating Security Control:

SC-8

Transmission Confidentiality and Integrity

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-9

Transmission Confidentiality

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-10

Network Disconnect

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 65 of 82 6/3/2014 5:02 PM

p. 68

State of California

Bid 65251

System Security Plan

SC-11

Trusted Path

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-12

Cryptographic Key Establishment and Management

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-13

Cryptographic Protection

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-14

Public Access Protections

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Employment Development Department

Not Met

Common Control

Confidential Information – For EDD Official Use Only

Page 66 of 82 6/3/2014 5:02 PM

p. 69

State of California

Bid 65251

System Security Plan

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-15

Collaborative Computing Devices

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-16

Transmission of Security Attributes

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-17

Public Key Infrastructure Certificates

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control: Employment Development Department

Confidential Information – For EDD Official Use Only

Page 67 of 82 6/3/2014 5:02 PM

p. 70

State of California

Bid 65251

System Security Plan

SC-18

Mobile Code

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-19

Voice Over Internet Protocol

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-20

Secure Name/Address Resolution Service (Authoritative Source)

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 68 of 82 6/3/2014 5:02 PM

p. 71

State of California

Bid 65251

System Security Plan

SC-21

Secure Name/Address Resolution Service (Recursive or Caching Resolver)

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-22

Architecture and Provisioning for Name/Address Resolution Service

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-23

Session Authenticity

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-24

Fail in Known State

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Employment Development Department

Not Met

Common Control

Confidential Information – For EDD Official Use Only

Page 69 of 82 6/3/2014 5:02 PM

p. 72

State of California

Bid 65251

System Security Plan

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-25

Thin Nodes

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-26

Honeypots

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-27

Platform-Independent Applications

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control: Employment Development Department

Confidential Information – For EDD Official Use Only

Page 70 of 82 6/3/2014 5:02 PM

p. 73

State of California

Bid 65251

System Security Plan

SC-28

Protection of Information at Rest

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-29

Heterogeneity

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-30

Concealment and Misdirection

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 71 of 82 6/3/2014 5:02 PM

p. 74

State of California

Bid 65251

System Security Plan

SC-31

Covert Channel Analysis

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-32

Information System Partitioning

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-33

Transmission Preparation Integrity (Withdrawn)

SC-34

Non-Modifiable Executable Programs

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 72 of 82 6/3/2014 5:02 PM

p. 75

State of California

Bid 65251

System Security Plan

SC-35

Honeyclients

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-36

Distributed Processing and Storage

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-37

Out-of-Band Channels

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-38

Operations Security

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Employment Development Department

Not Met

Common Control

Confidential Information – For EDD Official Use Only

Page 73 of 82 6/3/2014 5:02 PM

p. 76

State of California

Bid 65251

System Security Plan

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-39

Process Isolation

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-40

Wireless Link Protection

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-41

Port and I/O Device Access

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control: Employment Development Department

Confidential Information – For EDD Official Use Only

Page 74 of 82 6/3/2014 5:02 PM

p. 77

State of California

Bid 65251

System Security Plan

SC-42

Sensor Capability and Data

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-43

Usage Restrictions

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SC-44

Detonation Chambers

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

3.1.17 System and Information Integrity (SI) Employment Development Department

Confidential Information – For EDD Official Use Only

Page 75 of 82 6/3/2014 5:02 PM

p. 78

State of California

Bid 65251

System Security Plan

SI-1

System and Information Integrity Policy and Procedures

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SI-2

Flaw Remediation

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SI-3

Malicious Code Protection

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SI-4

Information System Monitoring

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Employment Development Department

Not Met

Common Control

Confidential Information – For EDD Official Use Only

Page 76 of 82 6/3/2014 5:02 PM

p. 79

State of California

Bid 65251

System Security Plan

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SI-5

Security Alerts, Advisories, and Directives

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SI-6

Security Function Verification

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SI-7

Software, Firmware, and Information Integrity

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control: Employment Development Department

Confidential Information – For EDD Official Use Only

Page 77 of 82 6/3/2014 5:02 PM

p. 80

State of California

Bid 65251

System Security Plan

SI-8

Spam Protection

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SI-9

Information Input Restrictions

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SI-10

Information Input Validation

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 78 of 82 6/3/2014 5:02 PM

p. 81

State of California

Bid 65251

System Security Plan

SI-11

Error Handling

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SI-12

Information Handling and Retention

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SI-13

Predictable Failure Prevention

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SI-14

Non-Persistence

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Employment Development Department

Not Met

Common Control

Confidential Information – For EDD Official Use Only

Page 79 of 82 6/3/2014 5:02 PM

p. 82

State of California

Bid 65251

System Security Plan

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SI-15

Information Output Filtering

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Not Selected

N/A

Not Selected

N/A

Not Selected

N/A

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SI-16

Memory Protection

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control:

SI-17

Fail-Safe Procedures

Security Control Implementation: (To be completed by Assessor) Met

Partially Met

Not Met

Common Control

Security Control Implementation Details: Planned Security Control: Compensating Security Control: Employment Development Department

Confidential Information – For EDD Official Use Only

Page 80 of 82 6/3/2014 5:02 PM

p. 83

State of California

Bid 65251

System Security Plan

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 81 of 82 6/3/2014 5:02 PM

p. 84

State of California

Bid 65251

System Security Plan

Appendix A

Employment Development Department

Confidential Information – For EDD Official Use Only

Page 82 of 82 6/3/2014 5:02 PM

p. 85

State of California

Bid 65251

Privacy Impact Assessment

Fraud Detection Certification and Accreditation Program

PRIVACY IMPACT ASSESSMENT 3/10/2104 Version 1.1

ISO USE ONLY PTA only Review date

PII Reviewed by

PIA v. 6/3/2014 5:02 PM

FTI

ER

HIPAA

Rev. 11/19/2013

PTA and PIA Wages Claims

DMV/FTB/etc

Misc

Comments

1

p. 86

State of California

Bid 65251

Privacy Impact Assessment

Introduction The objective of the Privacy Impact Analysis (PIA) is to determine the scope, justification, and Privacy Act applicability for systems collecting, storing or processing confidential, sensitive, or personal data. Upon completion of the questionnaire please send an electronic copy to [email protected] Hard copies with signatures can be sent to the Information Security Office (ISO) located in 800 Capitol Mall, room 4008, MIC 33. If you have any questions on how to complete this questionnaire, contact the ISO at [email protected]

System Information System and Data Information EDD Program Branch 1 System/Data Owner :

Unemployment Insurance Branch, Tax Branch,

System Name:

ACES, BICC, Base Wage File, SCDB, IVR, IP Addresses, eApply4UI, EDDCOMM

2

System Type :

Major Application (e.g. Mainframe, HR Systems, ACES, BICC, etc) General Support System (e.g. enterprise system management, communications, security services, etc.) Minor System (e.g. stand-alone Access databases without confidential information or external interfaces, individual web sites supported by a common environment, etc.)

System Categorization (per FIPS 199): 4

Data Classification :

3

X

High Moderate Low

X Confidential (Information used in the administration of EDD programs, including all data associated with a person or an employing unit and all identifying information.) Sensitive (e.g. Information which could jeopardize the integrity of a system or program or compromise EDD’s ability to carry out its business functions. e.g. network configuration diagrams, database schemas, sensitive portions of operations or procedural manuals.) X Personally Identifiable Information (PII) (e.g. SSN, name, birthdate) Public (information not classified as confidential or sensitive)

1

Program Branch with statutory or operational authority for specified information and responsibility for establishing the controls for its generation, collection, processing, dissemination, and disposal. 2 OMB Circular A-130, Appendix III, defines major application as an application that requires special attention to security due to the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of the information in the application; general support system is defined as an interconnected set of information resources under the same direct management control that shares common functionality. It normally includes hardware, software, information, data, applications, communications, and people. 3 The characterization of information or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability (CIA) of such information or information system would have on organizational operations, organizational assets, or individuals. For EDD, this would generally be Moderate or Low. The potential impact values assigned to the respective security objectives are the highest values (i.e., high water mark) from among the security categories (CIA) that have been determined for each type of information resident on those information systems.

PIA v. 6/3/2014 5:02 PM

2

p. 87

State of California

Bid 65251

Privacy Impact Assessment

4

Source of Data:

User (e.g. provided by claimant or employer): __________________ Federal (e.g. IRS, DOL, etc.): _______________________________ Other State (e.g. FTB, DMV, etc): ___________________________ X Other: SCDB, EDDCOMM, eApply4UI, ACES, SDI Online, PFL, CUBS, IVR, New EE Registry, 1099 data, BICC data

Description of System:

Fraud detection service provided by contractor.

State Administrative Manual §5320.5: Classification of Information

PIA v. 6/3/2014 5:02 PM

3

p. 88

State of California

Bid 65251

Privacy Impact Assessment

B. Contact Information: Person completing this PIA Name

Steve Sheehan

Title

Manager, Investigation Division

Contact Number

916-651-9469

E-mail Address

[email protected]

Organization Unit/Office

EDD Investigation Division

Program Branch Manager for this system or application Name

Same as above

Contact Number E-mail Address Organization Unit/Office

IT Manager/Data Custodian for this system or application Name Contact Number E-mail Address Organization Unit/Office

Project Manager/Product Owner for this system or application (Only applicable if system is in development or maintained within the purview of project management). Name Contact Number E-mail Address Project Name

PIA v. 6/3/2014 5:02 PM

4

p. 89

State of California

Bid 65251

Privacy Impact Assessment

Questions Question

Yes

QUESTION 1: Will the system collect or retain personal information?

X

QUESTION 2: Does the system contain any of the following types of data as it relates to an individual?

X

Name

X

Social Security Number

X

Date and/or Place of Birth

X

Employment History

X

Claims/Benefit History

X

Health data (including height, weight, blood pressure, etc.)

X

Driver’s License numbers

X

Biometric data (fingerprints, iris scans, DNA, etc.)

No

X

Financial data (credit card numbers, bank account numbers, etc.)

X

Criminal History

X

Miscellaneous personal information (home address, email, mother’s maiden name, etc). Specify: QUESTION 3: Is any portion of a social security numbers used?

X

QUESTION 4: Are social security numbers extracted from any other source (e.g. an SSN match is made and extracted via other information provided by the claimant, employer, or provider, etc.)?

X

If all of the answers are “NO,” Do not complete the rest of this document. If any of the answers are “YES,” you must complete the rest of this document.

PIA v. 6/3/2014 5:02 PM

5

p. 90

State of California

Bid 65251

Privacy Impact Assessment

1

Data Collection

No. 1

Question Who are the data subjects/ to whom does the personal information pertain?

Response X Claimants

EDD Employees

X Employers

Contractors/vendors

X Other. Specify: Doctors, medical practitioners 2

Generally describe the personal data to be used in the system.

3

What is the legal or statutory authority for collecting the personal data?

Not a collection system

4

Does the system collect Social Security Numbers (SSNs) or Taxpayer Identification Numbers (TINs)?

X Yes

5

No

What is the legal or statutory authority for collecting SSNs?

Specific Authority (Statute requiring the use or collection of SSNs): ______________ General Authority (Statute requiring the Department to do something for which it USES the SSNs but does not explicitly require the use or collection of SSNs): _______________

6

What is the business need for the SSN?

Identifier

7

Can the data be retrieved by an alternate personal identifier? In other words, does the system actually retrieve data by the name of an individual or by some other unique number, symbol, or identifying attribute of the individual?

X No

Yes

8

How will the data be retrieved? In other words, what is the identifying attribute (i.e., employee number, social security number, etc.)?

SSN

9

Is the use of the data both relevant and necessary to the purpose for which the system is being designed? In other words, the data is absolutely needed and has significant and demonstrable bearing on the system’s purpose.

X Yes

10

No

Sources of the data in the system.

10.1

What data is being collected?

EDD data

10.2

From where/whom is the data being collected?

See source of data

10.3

How is the data being collected? Check all that apply.

by website

by fax

by mail

by email

by phone

in person

X Other. Specify: Provided by EDD 10.4

10.5

Will data be collected from other sources (other than that stated in 10.2)? For example, federal, state, medical provider sources or credit bureau sources.

X Yes

What federal agencies are providing data for use in the system?

N/A

No – go to question 11.

What type of data is being provided? 10.6

What state and local agencies are providing data for use in the system?

N/A

What type of data is being provided? 10.7

10.8

From what other third party sources is data being collected? What type of data is being provided?

DMV, Corrections, jails, Dunn & Bradstreet, Experian, Trans-Union, Appriss, possibly others

How will the data collected be verified for accuracy, relevance, timeliness, and completeness?

Rely on partners for accurate data, will cross check results with EDD sources

PIA v. 6/3/2014 5:02 PM

6

p. 91

State of California

Bid 65251

Privacy Impact Assessment

No. 11 11.1

Question

Response

Disclosure of the data in the system. Will the data be disclosed to other entities?

X Yes No – go to section 2, Data Use.

11.2

To whom will the data be disclosed?

Google Analytics Team

11.3

What are the legal, statutory authorities, or programmatic needs for disclosing the data?

Identify fraud patterns

11.4

How will the data be disclosed? Check all that apply.

by website

by fax

by mail

in person

by phone

by email

X Secure File Transfer (SFT) Other. Specify:

2

Data Use

No.

Question

Response

1

Individuals must be informed in writing of the purpose of the information being collected from them. How will individuals be informed of the purpose of the information being collected from them?

Administration of EDD programs

2

What is the principal purpose of the data being collected?

Claim filing/reporting payroll taxes

3

Will the data be used for any other purpose?

X Yes No – go to question 4.

3.1 4

5

6

6.1

3

What are the other purposes?

Fraud detection

Is the use of the data both relevant and necessary to the purpose for which the system is being designed? In other words, the data is absolutely needed and has significant and demonstrable bearing on the system’s purpose as required by statute.

X Yes

Will the system derive new data or create previously unavailable data about an individual through aggregation from the information collected (i.e., aggregating farm loans by zip codes in which only one farm exists.)?

X Yes

Automation of systems can lead to the consolidation of data – bringing data from multiple sources into one central location/system – and consolidation of administrative controls. When administrative controls are consolidated, they should be evaluated so that all necessary privacy controls remain in place to the degree necessary to continue to control access to and use of the data. Is data being consolidated?

X Yes

What controls are in place to protect the data and prevent unauthorized access?

Fire Host, best practices data protection methods will be used. Will be documented in Security Plan provided by vendor

No

No

Data Retention

No. 1

No

Question Is the data periodically purged from the system?

Response X Yes No – go to question 3.

PIA v. 6/3/2014 5:02 PM

7

p. 92

State of California

Bid 65251

Privacy Impact Assessment

No.

Question

1.1

How long is the data retained whether it is on paper, electronic, in the system, or in a backup? (State the retention period in years or months from a given point, e.g. 7 years from last record update, 6 months from recording event, 3 years and 4 months from end of reporting quarter, etc.)

Response Paper: _________________________ X Electronic: Determined by EDD’s rqmnts. System: ________________________ Backup: ________________________ Other: _________________________

1.2

What are the procedures for purging the data at the end of the retention period?

Auto purge

1.3

Where are these procedures documented?

Will be documented in Security Plan provided by vendor

Is the data retained in the system the minimum necessary for the proper performance of a documented agency function?

X Yes

While the data is retained in the system, what are the requirements for determining if the data is still sufficiently accurate, relevant, timely, and complete to ensure fairness in making determinations?

Vendor will ensure data is refreshed. EDD will be responsible for determining accuracy, relevancy, timeliness and completeness

2

3

4

Data Sharing

No. 1

Question Will other agencies share data or have access to data in this system (i.e., federal, state, local, other, etc.)?

1.1

How will the data be used by the other agency?

1.2

Who is responsible for assuring the other agency properly uses the data?

2

No

Is the data transmitted to another agency or an independent site?

Response Yes X No – go to question 2.

X Yes No – go to question 3.

2.1

5

Is there appropriate agreement in place to document the interconnection and ensure the PII and/or Privacy Act data is appropriately protected?

Yes. Business Association Agreement will be provided in Security Plan.

Data Access

No.

Question

Response

1

Who will have access to the data in the system (i.e., users, managers, system administrators, developers, etc.)?

Minimum number of staff to accomplish task. System administrator, implementer, business staff

2

How will user access to the data be determined?

Need to know, BI required, Security Plan has details

Are criteria, procedures, controls, and responsibilities regarding user access documented?

X Yes

2.1

2.2 3 3.1

3.2 4

Where are they documented? How will user access to the data be restricted?

Dual form security authentication, logging, keyed VPN

Are procedures in place to detect or deter browsing or unauthorized user access?

X Yes

Explain what procedures have been put in place to detect or deter browsing or unauthorized user access?

Intrusion detection, audit logging/monitoring, details in Security Plan

Does the system employ security controls to make information unusable to unauthorized individuals (i.e., encryption, strong authentication procedures, etc.)?

X Yes

PIA v. 6/3/2014 5:02 PM

No – go to question 3.

No – go to question 4.

No - go to question 5.

8

p. 93

State of California

Bid 65251

Privacy Impact Assessment

No. 4.1

6

Question Explain what security controls have been employed to make information unusable to unauthorized individuals.

Encryption, de-identifying data whenever possible, secure transfer protocol, others

Risk Management

No. 1

Response

Question Has a security risk assessment been conducted for this system?

Response Yes – go to question 2. No – go to question 4.

2

Provide link to security risk assessment documents.

3

Provide link to Plan of Action and Milestones (POA&M).

4

A security risk assessment must be conducted for this system. Contact the ISO to coordinate an assessment. Provide name and date of ISO contact.

PIA v. 6/3/2014 5:02 PM

ID will involve the vendor in security risk assessment with EDD ISO

9

p. 94

State of California

Bid 65251

Privacy Impact Assessment

Privacy Impact Assessment Authorization

I have reviewed the Privacy Impact Assessment for the (System Name).

__________________________________________________________

____________________________

Branch Deputy Director/Data Owner

Date

__________________________________________________________ Print Name

__________________________________________________________

____________________________

Privacy Program Coordinator

Date

__________________________________________________________ Print Name

PIA v. 6/3/2014 5:02 PM

10

p. 95

State of California

Bid 65251

Employment Development Department

RFP 65251

Appendix 3 – Work Authorization Form These deliverables will be produced in accordance with this Work Authorization and the provisions of Contract No. Mxxxxxx. Work Authorization Number: Purpose/Objective/Goal: Deliverable(s) Description: Schedule of Deliverable Completion: Contractor Personnel to be Assigned/Job Classification or Skill Level: State Responsibilities: Acceptance Criteria: Work Authorization Fixed Cost: Deliverable

Classification(s)

Total Hours

Hourly Rate $ $ $ Total

Total Cost $ $ $ $

Signature:

[Contractor Name and Title]

6/3/2014 5:02 PM

Date

[EDD Mgr Name and Title]

Date

p. 96

State of California

Bid 65251

Employment Development Department

RFP 65251

Appendix 4 – Formal Acceptance Form General Information Information to be provided in this section gives a specific name to the project as well as pertinent information about the personnel involved. EDD Contract Number Project Name

Date Project Criticality Rating Project Sponsor Project Manager Author

Program Branch Controlling Division Phase or major task acceptance Final product acceptance Task(s) List the task(s). Task

Planned Due Date

Actual Date

Variance

Comments Identify and describe the reason(s) for variances from the scope and/or schedule baselines.

APPROVAL SIGNATURE(S)

SIGNATURE DUE DATE _________

This is: Approved as is.

Approved with changes (Please describe the proposed/required changes below.)

Denied - Does not meet expectations (Please explain the reason for denial.)

Signature

Date Signed

Printed Name:

6/3/2014 5:02 PM

p. 97

State of California

Bid 65251

QUESTION AND ANSWER SUMMARY FOR EDD RFP # 65251 Question #1: Can the requirement for Pondera FDaaS and Pondera authorized reseller status be removed from the RFP? Answer: We will keep the requirement in place for this RFP. The money for this contract has been provided by a US Department of Labor grant as described in the Background portion of the RFP. When EDD applied for this grant money, our proposal included the plan to go with the Pondera FDaaS service, and the grant money was awarded to us specifically for this service. In choosing another solution we would be going outside the terms of the grant award, so we must limit it to Pondera FDaaS. Question #2: If there are terms and conditions or requirements in the RFP that we would like to negotiate with the Department if selected as the successful bidder, is the process described in I. E. Request to Change the RFP Requirements our only opportunity to raise those issues with the Department? Answer: Yes, this process will be the only opportunity for raising such issues. Question #3: If we include a list of exceptions to the RFP that we would like to negotiate if selected as the successful bidder, would the Department consider that a conditional proposal that must be rejected? Answer: EDD will not consider any such post-award negotiations for this RFP. Such a proposal would be considered conditional and would be rejected. Question #4: Can EDD please confirm that where Volume I is listed in the middle of page 15 is in error and should actually be Volume II? Answer: This was an error and has been corrected.

6/3/2014 5:02 PM

p. 98

State of California

Bid 65251

Question #5: “Key Staff Qualifications” is listed as Attachment F. Could EDD confirm that Attachment A should be used instead? Answer: This was an error and has been corrected. Question #6: The table lists Deliverables 1-9 as part of the mandatory requirements scored as pass/fail. However, there are only 7 deliverables listed on pages 26-32. Can EDD please clarify the correct number of deliverables? Answer: This was an error and has been corrected. Also, the deliverables have been updated so that the final regular on-going service (“Production Go-Live”) is considered Deliverable 8. See the updated RFP for details. Question #7: The mandatory qualifications listed in this section state that each team member must have experience in at least one area. Please clarify if each staff member must have this experience, or if this only applies to key staff. Answer: The requirement only applies to the project manager and the key personnel, as defined in III B. 2. c. in the updated RFP. Question #8: Can subcontractor references help to meet the reference requirement, or are 2 references required for both the contractor and subcontractor? Answer: This requirement applies for the contractor and any subcontractors. The RFP language has been updated to be a little more specific on this. Question #9: The first desirable requirement has the same number as the last mandatory requirement. Will EDD be revising the desirable requirement table to reflect a change in the numbering? Answer: This was an error and has been corrected.

6/3/2014 5:02 PM

p. 99

State of California

Bid 65251

Question #10: This section indicates that each of Contractor’s staff must complete Form 700. We are unsure whether the proposed services will make the Contractor’s staff subject to this requirement. Can the State confirm that the Form 700 will be required? If the Form 700 is required, can the State explain why it believes this requirement applies and which Disclosure Category will apply? Answer: The Form 700 will be required for all staff performing work for the resultant contract. The State/EDD determined it was in the best interest of the State to have this requirement in place, and has established the requirement in The California Code of Regulations, Title 22, Section 311-1. The disclosure categories that apply to consultants are (a) and (b), which the code defines as follows: (a) A designated employee in this category shall report all investments, business positions, and income including gifts, loans, and travel payments, from any source. (b) A designated employee in this category shall report all interests in real property. All staff performing work for the resultant contract shall report this information on a Form 700. Question #11: The RFP requires the Contractor to comply with all applicable EDD, Department of General Services, Department of Finance and Department of Technology policies. We would like to review these policies in advance of submitting our proposal to determine whether we are able to comply. Can the State provide copies of these policies or give Bidders access to these policies? Answer: I checked with my Legal Office about this question. Unfortunately, EDD does not have a comprehensive list of these policies. It will be the bidder’s responsibility to know and be familiar with all applicable laws. Question #12: Can EDD please clarify that the maximum hourly wage rate for the unanticipated deliverables should actually be the maximum hourly bill rate? Answer: The cost table has been updated and the appropriate cell now reads “(maximum hourly bill rate).”

6/3/2014 5:02 PM

p. 100

State of California

Bid 65251

Employment Development Department Request for Proposal #65251 Pondera Fraud Detection as a Service (FDaaS™) Date: May 16, 2014 You are invited to review and respond to this Request for Proposal (RFP). In submitting your RFP, you must comply with the instructions found herein. Failure to comply with any of the requirements may result in the rejection of your offer. The services required are delineated in the Statement of Work (SOW). Please read the enclosed document carefully. By submitting a proposal, your firm agrees to the terms and conditions stated in this RFP. Written questions regarding the RFP are due at 3:00PM on May 22, 2014. Responses to this RFP are due at 3:00PM on June 10, 2014. Late proposals will not be accepted. Responses to this RFP must be submitted in person or by mail to the following address: Employment Development Department Contract Services Group, MIC 62-C 722 Capitol Mall Sacramento, CA 95814 Attn: Cory Buttler RFP questions should be directed to: Cory Buttler at 916-654-5351 or [email protected]

6/3/2014 5:02 PM

p. 101

State of California

Employment Development Department

Bid 65251

RFP # 65251

Table of Contents I.

GENERAL INFORMATION ...................................................................................................4 A. Background and Purpose of the RFP ..............................................................................4 B. RFP Key Action Dates .....................................................................................................6 C. RFP Response Guidelines ..............................................................................................6 D. Questions Regarding the RFP .........................................................................................7 E. Request to Change the RFP Requirements .....................................................................7 F. Addenda ..........................................................................................................................8 G. Definitions and Terms......................................................................................................8 H. Grounds for Rejection......................................................................................................8 I. Notice of Intent to Award/Protest Procedures ..................................................................9 J. Debriefings ....................................................................................................................10 K. Disposition of Proposals ................................................................................................10 L. Inspecting or Obtaining Copies of Offers and/or Response Materials ............................ 10 M. State Contract Requirements ........................................................................................11 N. California Taxpayer and Shareholder Protection Act of 2003......................................... 11 O. Public Contract Code.....................................................................................................11 P. Performing a Commercially Useful Function ..................................................................11 Q. Conditions and Commitment .........................................................................................12 R. Payment ........................................................................................................................12 S. Qualify to do Business with California ............................................................................12 T. Declaration Forms .........................................................................................................12 U. Small Business/Microbusiness (SB/MB) and Small Business/ Nonprofit Veteran Service Agency Certification Preferences ......................................... 13 V. California Certified Small Business Subcontractor Preference ....................................... 13

II. PROPOSAL SUBMISSION REQUIREMENTS AND PROPOSAL EVALUATION SELECTION ........................................................................................................................14 A. Proposal Submission Requirements ..............................................................................14 B. Review of Proposals and Selection Criteria/Scoring ......................................................15 III. STATEMENT OF WORK ....................................................................................................19 A. Introduction ...................................................................................................................19 B. Description of Requirements, Services, and Deliverables ..............................................19 C. Responsibilities of Parties..............................................................................................34 D. Invoicing and Payment ..................................................................................................35 E. Special Terms and Conditions .......................................................................................37 F. EDD Information Security Requirements .......................................................................39 G. Protection of Confidentiality ...........................................................................................40 ATTACHMENTS: ATTACHMENT – A ATTACHMENT – B ATTACHMENT – C-1 ATTACHMENT – C-2 ATTACHMENT – C-3 ATTACHMENT – D ATTACHMENT – E ATTACHMENT – F

Key Staff Qualifications ..................................................................45 Cost Data Sheet ............................................................................46 Confidentiality Agreement ..............................................................47 Indemnity Agreement .....................................................................48 Statement of Responsibility ...........................................................49 Workers’ Compensation Certification ............................................. 50 Certification Regarding Debarment ................................................51 Payee Data Record (STD 204) ......................................................53

Page 2 of 69 6/3/2014 5:02 PM

p. 102

State of California

Employment Development Department ATTACHMENT – G ATTACHMENT – H ATTACHMENT – I ATTACHMENT – J ATTACHMENT – K ATTACHMENT – L ATTACHMENT – M APPENDICES APPENDIX – 1 APPENDIX – 2 APPENDIX – 3 APPENDIX – 4

Bid 65251

RFP # 65251

Contractor Certification Clauses (CCC 307)................................... 55 Certification Regarding Lobbying ...................................................60 Darfur Contracting Act ...................................................................63 Bidder Declaration .........................................................................65 TACPA Preference ........................................................................67 Iran Contracting Act .......................................................................68 DVBE Declaration ..........................................................................69

System Security Plan Privacy Impact Assessment Work Authorization Form Formal Acceptance Form

Page 3 of 69 6/3/2014 5:02 PM

p. 103

State of California

Employment Development Department I.

Bid 65251

RFP # 65251

GENERAL INFORMATION Suppliers are invited to respond to this Request for Proposal (RFP) to provide Pondera Fraud Detection as a Service (FDaaS™) to the Employment Development Department’s Investigation Division to identify potential fraud and abuse in the EDD Unemployment Insurance Program. A. Background and Purpose of the RFP 1. Employment Development Department Background The Employment Development Department (EDD) is tasked with the administration of the Unemployment Insurance (UI) Program, which covers employees who work in the State of California. This responsibility requires a comprehensive approach to fraud prevention to protect the taxpayers and citizens of California. In 2012, the UI program was responsible for payments in excess of $5.5 billion on over 13.7 million UI claims. To protect the integrity of the UI program, EDD embraces an approach that combines prevention, detection and deterrence measures. The California Unemployment Insurance Code (CUIC) § 317 states “The Director of Employment Development shall maintain a field investigating staff, whose function shall embrace investigation throughout the state of violations of this code, to the end that its provisions are more adequately and strictly enforced.” The EDD Investigation Division (ID) takes the lead in this effort. As with any program where large sums of money are involved, the temptation to defraud the system for personal gain is present. Individuals may claim UI benefits while working, in violation of the UI program provisions; may submit forged or fraudulent documents to claim UI benefits; may claim UI benefits while incarcerated or a full-time student; or may fraudulently use the Social Security Number (SSN) or identity of others (sometimes deceased individuals) to claim benefits. 2. Project Background The EDD uses a multi-tiered, comprehensive approach to fraud deterrence and detection. This approach involves EDD programs, EDD independent oversight entities and business partners including federal, State and local law enforcement agencies and prosecutors. Each program area has established ongoing anti-fraud activities. In addition, there are internal control reviews and audits, quality reviews to measure the accuracy and propriety of benefit payments, and information technology system reviews to detect system control deficiencies. Lastly, the ID identifies, investigates, and prosecutes fraud within EDD’s UI program. Anti-fraud activities within EDD range from up-front fraud prevention such as customer education, reviews of internal control systems, employer audits, internal systems audits and controls, fiscal monitoring activities, and ongoing or special fraud detection activities. Fraud detection activities include but are not limited to: analyzing client and employer demographic data; establishing internal checks and balances;

Page 4 of 69 6/3/2014 5:02 PM

p. 104

State of California

Employment Development Department

Bid 65251

RFP # 65251

performing electronic cross-matches; operating a fraud reporting Hot Line; and conducting criminal investigations that include computer analytics and data mining. In July 2013, the US Department of Labor Employment and Training Administration, released Unemployment Insurance Program Letter No. 24-13 notifying State Workforce Agencies of the availability of Fiscal Year (FY) 2013 funds for activities that support the prevention and detection of improper UI benefit payments, improve state performance, and address outdated information technology (IT) system infrastructures to improve UI program integrity. This Letter is a result of Executive Order 13520 signed by President Obama emphasizing the need to eliminate waste, fraud and abuse in federally administered programs while protecting access to these programs by their intended beneficiaries. The EDD ID submitted an application for federal funding to be put toward implementing a modern State-Identified Prevention strategy and toward Focus Area Funding – specific types of integrity or performance improvement strategies to implement fraud detection and prevention strategies. On September 26, 2013, the Department of Labor announced California had been selected as a grant award recipient (see this news release from the US Department of Labor for details). EDD seeks to use the grant funds to implement technology-based tools to prevent, detect, and recover improper UI payments. 3. Problems with the Current System The EDD stores claimant information on a mainframe legacy system (MFLS). This system maintains claimant information for both UI claims and Disability Insurance (DI) claims. The information consists of claimant identifying information, claimant work history, claimant wage history, and claimant payment activity, including specific actions and notes, and all benefit claim filings whether or not the claim was paid. The MFLS is also used for certain UI functions such as new claim filing, generating the legal decision for determinations, and processing overpayments. The MFLS has been augmented in the last 12 months by two additional systems created to expand claimant access and create greater efficiency in the claims process. The two new systems, while not replacing the MFLS, instead were created to augment the MFLS to provide additional services and access to both UI and DI claims. The two new systems are known as DI Online for DI benefits and the California Unemployment Benefit System (CUBS) for UI benefits. The CUBS provides staff with automation to manage the continued claims process and file additional and reopened claims. It will also be used by designated staff in other EDD branches to obtain and update claim information. Long-range plans are to incorporate all UI functions into the UI system when the budget and resources permit. Later this fall the external components of the system, UI Online and the expanded Inter-active Voice Response (IVR) system, will be made available to claimants. These new systems will allow the EDD to significantly expand the number and quality of self-service options for claimants. Once fully implemented, the project will complete the UI branch’s current modernization efforts to improve efficiencies and increase access to UI services.

Page 5 of 69 6/3/2014 5:02 PM

p. 105

State of California

Employment Development Department

Bid 65251

RFP # 65251

The MFLS is an application designed to receive and maintain claim data, but it does not have a fraud detection component. The system lacks the ability to create reports at the user level. The MFLS lacks the ability to create analysis or geo-spatial output. The recent additions (DI Online and CUBS) were designed with a capacity to detect predetermined behavior and report it to a fraud queue, which is then manually reviewed by staff. However, the systems still lack a robust ability to detect and prevent overpayments in the benefit payment programs. 4. Goals of the Pondera FDaaS™ Effort The goals of the Pondera FDaaS™ effort are to identify potential instances of fraud and/or abuse, which will be analyzed by EDD investigators, auditors and analysts. The potential instances identified must be provided in reports that will include but not be limited to the following: findings, leads, fraud indicators and aberrant payment patterns. The Contractor team that implements the Pondera FDaaS™ must be able to provide cogent explanations to the EDD team, as to why individual alerts were identified by the data analytics tool. B. RFP Key Action Dates All dates after the due date for proposals are approximate and may be changed if needed to allow EDD additional time for selection and contract execution. Event Release of RFP Last day to submit questions in writing Deadline for answers to written questions Last day to submit request to change RFP requirements Due date for proposals (must be delivered by 3:00 PM) Announcement of contract award Estimated Contractor start date

Date 5/16/14 5/22/14 6/2/14 (updated to reflect final Q&A release date) 5/23/14 6/10/14 6/17/14 7/1/14 (or upon final approval)

C. RFP Response Guidelines Suppliers responding to this RFP must be an authorized Pondera FDaaS™ reseller. Responses to this RFP must contain all data/information requested and must conform to the format described in Section II of this RFP. The required information will be used by the State’s selection team to determine and verify the respondent’s ability to perform the tasks and activities defined in the respondent’s proposal. Responses must address all of the services described in the Statement of Work (see Section III of this RFP). Services shall be provided on a deliverable basis. The Contractor’s proposal will be made a part of any agreement resulting from this RFP. The selected Contractor must enter into a Standard Agreement Std.213, hereinafter referred to as Agreement, with the EDD, which will consist of the Statement of Work (SOW), the respondent’s proposal, and all required Exhibits, Attachments, and Appendices as identified in this RFP.

Page 6 of 69 6/3/2014 5:02 PM

p. 106

State of California

Employment Development Department

Bid 65251

RFP # 65251

This Agreement shall be for a term of 17 months to begin no sooner than final approval of the STD. 213. The selected Contractor shall, at the end of one month from final approval of the Agreement, deliver to EDD, an eligibility validation analysis on individual program participants. The Contractor shall, within five (5) months from the receipt of data from the EDD, go into full production of Pondera FDaaS™, and begin delivering a weekly report. The agreement will be governed by and incorporate the State’s General Terms and Conditions, which can be viewed at http://www.documents.dgs.ca.gov/ols/GTC-610.doc. NOTE: For the purpose of this RFP, EDD has elected to waive the DVBE participation requirement and incentive. D. Questions Regarding the RFP Bidders requiring clarification of the intent or content of this RFP or on procedural matters regarding the competitive bid process may request clarification by submitting questions, in writing via an email clearly entitled "Questions Relating to EDD RFP #65251" or via the Bid Sync website, to the Procurement Official, Cory Buttler at Cory Buttler at [email protected] To ensure a response, questions must be received in writing by the scheduled date given in Section I.B. RFP Key Action Dates. Question and answer sets will be provided to all bidders without identifying the submitters. At the sole discretion of the State, questions may be paraphrased by the State for clarity. A Bidder who desires clarification or further information on the content of the RFP, but whose questions relate to the proprietary aspect of that Bidder's proposal and which, if disclosed to other bidders, would expose that bidder's proposal, may submit such questions in the same manner as above, but also marked "CONFIDENTIAL," and not later than the scheduled date specified in Section I.B. RFP Key Action Dates to ensure a response. The Bidder must explain why any questions are sensitive in nature. If the State concurs that the disclosure of the question or answer would expose the proprietary nature of the proposal, the question will be answered and both the question and answer will be kept in confidence. If the State does not concur with the proprietary aspect of the question, the question will not be answered in this manner and the Bidder will be so notified. If the bidder believes that one or more of the RFP requirements is onerous, unfair, or imposes unnecessary constraints to the bidder in proposing less costly or alternate solutions, the bidder may request a change to the RFP by submitting, in writing, the recommended change(s) and the facts substantiating this belief and reasons for making the recommended change. Such request must be submitted to the Procurement Official by the date specified in Section I.B. RFP Key Action Dates for submitting a request for change. Oral answers shall not be binding on the State. E. Request to Change the RFP Requirements The State is also interested as to a bidder's reasons for not submitting a bid; as, for example, requirements that cannot be met or unusual terms and conditions which arbitrarily raise costs. If the Bidder believes that one or more of the RFP requirements and/or contract terms is onerous, unfair, or imposes unnecessary constraints on the Bidder, the Bidder may request a change to the RFP or contract language by submitting in writing, the

Page 7 of 69 6/3/2014 5:02 PM

p. 107

State of California

Employment Development Department

Bid 65251

RFP # 65251

recommended change(s) and the facts supporting this belief and reasons for requesting the change by the date specified in Section I.B. RFP Key Action Dates. If bidders have indicated significant problems with the RFP requirements, the State will examine the stated reasons for the problems and will attempt to resolve any issues in contention, if not contrary to the State's interest, and will amend the RFP if appropriate. If the State chooses to reject or deny the request for change, the State’s decision is final; the Bidder may not protest the State’s choice to reject or deny the request for change. Hereafter, for the purposes of the instructions of this RFP, all bidders who have indicated their intent to submit a bid are called bidders until such time that the Bidder withdraws or other facts indicate that the Bidder has become nonparticipating. Should a bidder not participate in a bid step, the State reserves the right to drop them from the participating bidder list and they will not receive any further correspondence until they contact the Procurement Official to indicate that they would like further correspondence. F. Addenda The State may modify the RFP prior to the date fixed for Submission of Proposals by issuance of an addendum to all bidders who are participating in the bidding process at the time the addendum is issued, unless the amendments are such as to offer the opportunity for nonparticipating bidders or suppliers that submitted an intent to become participating, in which case the addendum will also be sent to those parties. Addenda will be numbered consecutively. G. Definitions and Terms 1. EDD has established certain requirements with respect to bids to be submitted by prospective Contractors. The use of “shall”, “must”, or “will” (except to indicate future tense) in the RFP indicates a requirement or condition from which a deviation may not be waived by EDD. 2. The words “should” or “may” in the RFP indicate desirable attributes of conditions, but are non-mandatory in nature. Deviation from, or omission of, such a desirable feature, even if material, will not in itself cause rejection of the proposal. 3. The use of the term “EDD” refers to the Employment Development Department, unless indicated otherwise. 4. The use of the terms “proposer(s)” and “bidder(s)” refers to entities responding to this RFP. H. Grounds for Rejection EDD reserves the right to waive any immaterial deviation in a proposal; however, the waiver of an immaterial deviation in a proposal shall in no way modify the document or excuse the proposer from full compliance with the proposal requirements after the bidder is awarded the contract. A proposal shall be rejected if: 1. The proposal is received at any time after the exact time and date set for receipt of proposals. 2. The proposal is not completed in ink or typewritten.

Page 8 of 69 6/3/2014 5:02 PM

p. 108

State of California

Employment Development Department

Bid 65251

RFP # 65251

3. The cover letter is unsigned. 4. The proposal does not meet the requirements of Section II. Proposal Submission Requirements and Proposal Evaluation Selection. 5. The proposal is not prepared as required in Section II. Proposal Submission Requirements and Proposal Evaluation Selection. 6. The bidder has been decertified from contracting with EDD by the Department of Fair Employment and Housing. 7. The bidder has received substantive negative contract evaluation from the State of California. 8. The proposal contains false or misleading statements or references which do not support an attribute or condition contended by the bidder, if in the opinion of EDD such statements or references were intended to erroneously mislead EDD in its evaluation of the proposal. 9. The proposal is conditional or incomplete, or contains any alterations of form or other irregularities of any kind. EDD may reject any or all proposals and may waive any immaterial deviation in a proposal. EDD’s waiver of immaterial deviations shall in no way modify the RFP document or excuse the bidder from full compliance with all requirements, if awarded the Agreement. 10. The bidder has had a contract with the State of California canceled due to failure to comply with the Drug-Free Workplace Act of 1990. 11. The bidder is not responsible (i.e., has not paid taxes; has no business license; has submitted a bid when license is subject to suspension on the date of the bid opening and/or award of the contract, or during the proposed term of the Agreement; submitted a bid without an authorized signature; falsified any information in the proposal package; or has provided poor performance on a previous contract with EDD). I.

Notice of Intent to Award/Protest Procedures 1. Contracts shall be awarded to bidders meeting the mandatory RFP requirements; and based on the evaluation criteria as outlined in Section II. Proposal Submission Requirements and Proposal Evaluation Selection. EDD reserves the right not to award a contract. 2. Upon selection of a proposed contractor, a Notice of Intent to Award will be posted for five (5) working days (starting the day after posting) at EDD, 722 Capitol Mall, Sacramento, CA 95814. Any protest must be filed during this period. 3. If a bidder chooses to protest the Notice of Intent to Award: a. Protests must be filed with EDD and the Department of General Services (DGS), Office of Legal Services (OLS), Attention Protest Coordinator, 707 Third Street, 7th Floor, Suite 7-330, West Sacramento, CA 95605 FAX: (916) 376-5088 after notice of intent to award, but before the actual award date. b. Upon receipt of a protest, DGS/OLS:

Page 9 of 69 6/3/2014 5:02 PM

p. 109

State of California

Employment Development Department

Bid 65251

RFP # 65251



Sends a protesting bidder an acknowledgment letter which includes copies of the protest statutes and regulations and informs the protestant that it must submit a full and complete statement specifying grounds of protest within five (5) calendar days.



Faxes to the awarding agency a request for information regarding the proposed contract and agency contact person. The agency should complete and return the form to DGS/OLS within 24 hours. Failure to promptly complete and return the form will delay the protest process. In addition, if the agency is aware of any reason that the protest should not go forward, this would be communicated to DGS/OLS at this time.



Reviews the protest to determine whether DGS has jurisdiction. If DGS does not have jurisdiction, DGS/OLS issues a written notice of dismissal.



Assigns a Hearing Officer to the protest if DGS has jurisdiction. The Hearing Officer determines whether the protest will be resolved by written submission or public oral hearing.

J. Debriefings Written debriefings of the evaluation results will not be provided to unsuccessful bidders. Oral debriefings may be provided at EDD’s discretion. K. Disposition of Proposals 1. All materials submitted in response to this RFP will become the property of the EDD, and as such, are subject to the Public Records Act (Government Code §6250, et seq.). EDD will disregard any language purporting to render all or portions of any proposal confidential. 2. After proposals are evaluated and the notices of intent to award have been posted, all proposals shall be available for public inspection. However, the contents of all proposals, draft RFPs, correspondence, agenda, memoranda, working papers, or any other medium which discloses any aspect of a proposer’s proposal shall be held in the strictest confidence until the award is made. EDD shall hold the content of all working papers and discussions relating to a proposal confidential indefinitely, unless the public’s interest is best served by disclosure because of pertinence to a decision, agreement, or the evaluation of a proposal. A bidder’s disclosure of this subject is a basis for rejecting a proposal and ruling the bidder ineligible to participate further in the bidding process. 3. EDD may return a proposal to a bidder upon written request after conclusion of the bid process. L. Inspecting or Obtaining Copies of Offers and/or Response Materials Persons wishing to view or inspect any response, price offer, or RFP related materials must identify the items they wish to inspect and must contact Cory Buttler at (916) 6545351 or [email protected]

Page 10 of 69 6/3/2014 5:02 PM

p. 110

State of California

Employment Development Department

Bid 65251

RFP # 65251

M. State Contract Requirements This RFP and any resulting contracts shall be subject to all requirements set forth in amended Public Contract Code (PCC) §6611 (AB 1756 amended PC 6611). DGS may perform contract negotiations relative to contracts for goods, services, and information technology and telecommunications, if it is determined to be in the State’s best interest based on meeting the criteria identified within PCC 6611. N. California Taxpayer and Shareholder Protection Act of 2003 This RFP and any resulting contract are subject to all requirements as set forth in Part 2 of Division 2 of the PCC §10286 which includes, but is not limited to, providing written submission of a declaration stating that the supplier is eligible to contract with the State of California pursuant to statutory requirements. Failure of the supplier to comply with and provide information, when requested by the awarding department within the time indicated, will cause the supplier's bid response to be considered non-responsive and their bid will be rejected. O. Public Contract Code The Contractor is advised that he/she has certain duties, obligations, and rights under the PCC §§ 10335 - 10381 and 10410 - 10412, with which the Contractor should be familiar. These PCC sections can be viewed at: http://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?lawCode=PCC&divisi on=2.&title=&part=2.&chapter=2.&article=4. http://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?lawCode=PCC&divisi on=2.&title=&part=2.&chapter=2.&article=8. P. Performing a Commercially Useful Function In accordance with Government Code §14837 and Military and Veterans Code §999 all certified Small Businesses (SB)/Micro-Businesses (MB) and Disabled Veteran Business Enterprise (DVBE) contractors, subcontractors and suppliers that bid on or participate in a state contract, regardless of whether it is a verbal or written solicitation must perform a Commercially Useful Function (CUF). A certified SB/MB or DVBE is deemed to perform a CUF if the business does all of the following: •

Is responsible for the execution of a distinct element of the work of the contract.



Carries out its obligation by actually performing, managing, or supervising the work involved.



Performs work that is normal for its business services and functions.



Is responsible, with respect to projects, inventories, materials, and supplies required for the contract, for negotiating price, determining quality and quantity, ordering, installing, if applicable, and making payments.



Is not further subcontracting a portion of the work that is greater than that expected to be subcontracted by normal industry practices.

Page 11 of 69 6/3/2014 5:02 PM

p. 111

State of California

Employment Development Department

Bid 65251

RFP # 65251

Q. Conditions and Commitment Upon submittal of a proposal, the bidder has committed to comply with the following requirements: •

General Terms and Conditions available for viewing at: http://www.documents.dgs.ca.gov/ols/GTC-610.doc



Contractor Certification Clauses effective 3/28/2007 available at: http://www.documents.dgs.ca.gov/pd/masters/EPAY/Elavon/ElavonExhibitCCertificationCCC-307.pdf

R. Payment California Revenue and Taxation Code §18646 requires state agencies to file information tax returns (IRS Form 1099) for certain types of payments made to vendors. Bidders must print and sign the form STD 204, Payee Data Record, before EDD can process payment for services. S. Qualify to do Business with California Secretary of State Certification of Status is required if your company is a Corporation, Limited Liability Company (LLC), or Limited Partnership (LP). Corporations, Limited Liability Companies (LLCs), and Limited Partnerships (LPs) must be registered with the California Secretary of State to be awarded a contract. The Secretary of State Certificate of Status must be provided to EDD by the selected proposer prior to the execution of the contract. The Secretary of State may be contacted as follows: California Secretary of State Division of Corporate Filing and Services 1500 Eleventh Street, Third Floor Sacramento, CA 95814-5701 Certification Unit: (916) 657-5251 T. Declaration Forms All bidders must complete the Bidder Declaration GSPD-05-105 and include it with the bid response. Bidders who have been certified by California as a Disabled Veteran Business Enterprise Declaration (DVBE) (or who are bidding rental equipment and have obtained the participation of subcontractors certified by California as a DVBE must also submit a completed form(s) STD. 843 Disabled Veteran Business Enterprise Declaration. All disabled veteran owners and disabled veteran managers of the DVBE(s) must sign the form(s). The completed form should be included with the bid response. At the State’s option prior to award, bidders may be required to submit additional written clarifying information. Failure to submit the requested written information as specified may be grounds for bid rejection.

Page 12 of 69 6/3/2014 5:02 PM

p. 112

State of California

Employment Development Department

Bid 65251

RFP # 65251

U. Small Business/Microbusiness (SB/MB) and Small Business/Nonprofit Veteran Service Agency (SB/NVSA) Certification Preferences A SB/MB and SB/NVSA Certification Preferences are applicable to the award of this contract. 1. Certified SB/MB and SB/NVSAs may claim preference when submitting a proposal. The preference is equal to five (5) percent of the total points awarded to the highest scored non-small business bidder. When the highest scored proposal is not submitted by a certified small business, the preference becomes applicable. Please note that the preference is used for computation purposes only in determining the successful bidder. It does not alter the amount of the resulting contract. 2. To learn more about the SB/MB and SB/NVSA Preference Programs and how your business might qualify, contact the Office of Small Business and DVBE Services at (916) 375-4940. V. California Certified Small Business Subcontractor Preference A five percent (5%) score preference is available to a non-small business claiming twenty-five percent (25%) California certified small business subcontractor participation. If claiming the non-small business subcontractor preference, the bid response must include a list of the small business(es) with which you commit to subcontract in an amount of at least twenty-five percent (25%) of the net bid price with one or more California certified small businesses. Each listed certified small business must perform a “commercially useful function” in the performance of the contract as defined in Government Code §14837(d)(4). The required list of California certified small business subcontractors must be attached to the bid response and must include the following: 1) subcontractor name; 2) address; 3) phone number; 4) a description of the work to be performed and/or products supplied; 5) and the dollar amount or percentage of the net bid price (as specified in the solicitation) per subcontractor. Bidders claiming the five percent (5%) preference must commit to subcontract at least twenty-five percent (25%) of the net bid price with one or more California certified small businesses. Completed certification applications and required support documents must be submitted to the Office of Small Business and DVBE Services no later than 5:00 p.m. on the bid due date, and the Office of Small Business and DVBE Services must be able to approve the application as submitted. Questions regarding certification should be directed to the Office of Small Business and DVBE Services at (916) 375-4940.

Page 13 of 69 6/3/2014 5:02 PM

p. 113

State of California

Employment Development Department

Bid 65251

RFP # 65251

II. PROPOSAL SUBMISSION REQUIREMENTS AND PROPOSAL EVALUATION SELECTION These instructions prescribe the proposal format to be used, documents required in the proposal package, and how the proposals will be evaluated and scored. A. Proposal Submission Requirements Proposals should be prepared and submitted in the following format to ensure accurate evaluation. Failure to demonstrate or evidence fulfillment of all mandatory requirements may result in disqualification. INCLUDING COST PROPOSAL AMOUNTS OR THE ACTUAL COST PROPOSAL IN THE VOLUME I SEALED ENVELOPE OR VOLUME I DOCUMENTS, AUTOMATICALLY DISQUALIFIES THE BIDDER. 1. Delivery of Proposal Package Volume I – Administrative and Technical Response Deliver or mail one (1) original and five (5) typed copies of the complete proposal in a sealed envelope clearly marked "RFP #65251 – Administrative/Technical Proposal” no later than 3:00PM on June 10, 2014 (regardless of the postmark) to EDD, Contract Services Group at the address listed on the cover of the RFP. Volume II – Cost Proposal Deliver or mail one (1) original and five (5) typed copies of the completed cost sheet(s) in a separately sealed envelope clearly marked "RFP #65251 – Cost Proposal” no later than 3:00PM on June 10, 2014 (regardless of the postmark) to EDD, Contract Services Group at the address listed on the cover of the RFP. PER STATE LAW, PROPOSALS CANNOT BE ACCEPTED AFTER THE PUBLISHED TIME AND DATE, AND WILL BE RETURNED UPOPENED. 2. Proposal Documents Required and Document Order Documents must be typewritten, and signed by an authorized representative of the bidder. Errors must be crossed out and initialed, with typewritten corrections adjacent to the errors. The individuals signing the bid forms must initial all corrections in ink. Volume I – Administrative and Technical Response a. Cover Letter The cover letter must include the title and number of this RFP as well as the respondent’s: • • • •

Company name, phone, fax, and address Name and email address of the contact person Small Business number (if applicable) Signature of an individual authorized to enter into contracts for the contractor.

Page 14 of 69 6/3/2014 5:02 PM

p. 114

State of California

Bid 65251

Employment Development Department

RFP # 65251

b. Table of Contents c. Key Staff Qualifications (Attachment A) d. Company Qualifications and References (see Section III.B.2.) e. Sample Work Products Provide no more than two (2) illustrative work samples from the proposed staff persons’ similar past projects or engagements. These may be excerpts from previous deliverables and should be no more than twenty (20) pages each. The objective should be to provide samples that illustrate performance of similar work. A brief explanation (not more than one page) explaining the rationale for selection should accompany the samples. f. g. h. i. j. k. l. m. n. o. p. q.

Statement of Work (SOW) Response (Section III.B. Workers’ Compensation Certification (Attachment D) Certification Regarding Debarment (Attachment E) Payee Data Record, STD 204 (Attachment F) Completed CCC-307, State’s Contractor Certification Clauses (Attachment G) Certification Regarding Lobbying (Attachment H) Darfur Contracting Act (Attachment I) Bidder Declaration (Attachment J) TACPA Preference, if applicable (Attachment K) Iran Contracting Act (Attachment L) DVBE Declaration, if applicable (Attachment M) Written evidence of your status as an authorized reseller of Pondera FDaaS™ (EDD may contact Pondera to verify status)

Volume II – Cost ProposalCompleted Cost Data Sheet (Attachment B) B. Review of Proposals and Selection Criteria/Scoring Award of a contract resulting from this RFP will be based on a best value method that includes cost as a substantial factor in the selection process. The Secondary RFP method will be used, under which the responsible proposer receiving the highest combined score will be awarded the contract. When assigning points, responses will be reviewed for the degree to which a response lacks information, depth or breadth, or lacks significant facts and/or details, and/or contains weaknesses, defects or deficiencies, and/or fails to illustrate a full understanding of EDD's service needs, and/or demonstrates the capacity to exceed regular service needs. Mandatory requirements are Pass/Fail and receive no points. A Fail response may disqualify the proposal from further review. Desirable requirements will be scored based on the following criteria: Desirable Requirements Rating Criteria Response (i.e., content and/or explanation offered) is inadequate or does not meet EDD’s needs/requirements or expectations. The omission(s), flaw(s), or defect(s) are significant and unacceptable. Response (i.e., content and/or explanation offered) is satisfactory and meets EDD’s needs/requirements or expectations. There are no omission(s), flaw(s), or defect(s). Response (i.e., content and/or explanation offered) exceeds

Maximum Points 0

5

10

Page 15 of 69 6/3/2014 5:02 PM

p. 115

State of California

Bid 65251

Employment Development Department

RFP # 65251

EDD’s needs/requirements or expectations. Proposer offers one or more qualities, methods, or approaches that will enable performance to exceed EDD’s expectations. Each proposal will be reviewed by the EDD review team and scored by consensus as follows: Proposal Component Administrative (Completed Required Documents) Key Staff Qualifications – Mandatory Key Staff Qualifications – Desirable Company Qualifications – Mandatory Company Qualifications – Desirable Sample Work Products – Quality and relevance of sample work products by staff being proposed Statement of Work – Mandatory (Req. 101-115) Statement of Work – Desirable (Req. 116-143) Statement of Work – Deliverables (1-9) Cost of Proposal Subtotal SBE Preference Points TACPA Preference Points Total

Maximum Points Available (Pass/Fail) (Pass/Fail) 50 (Pass/Fail) 40 10 (Pass/Fail) 280 (Pass/Fail) 380 760

1. Phase 1 Review a. RFPs submitted timely will first be reviewed for proper delivery, i.e., on time and Volume I and Volume II are in separately sealed envelopes. Improperly sealed proposals or proposals that do not have Volume I and Volume II in separately sealed envelopes will be disqualified. b. Volume I envelopes will be opened and checked for inclusion of required documents. If a response is missing required information, the proposal may be deemed not responsive and disqualified from further review. Further review or collection of missing information or data is subject to the discretion of the EDD. c. Key Staff Qualifications (Attachment A) will be scored as follows: Key Staff Qualifications – Mandatory

Pass/Fail

Minimum two (2) years of experience customizing and operating data analytics systems. Minimum one (1) year of experience with benefit fraud detection. Two (2) References Resume Key Staff Qualifications – Desirable

Maximum Score

Page 16 of 69 6/3/2014 5:02 PM

p. 116

State of California

Bid 65251

Employment Development Department

RFP # 65251

Demonstrated expertise in Unemployment Insurance fraud.

10

Demonstrated expertise in Disability Insurance fraud.

10

Demonstrated expertise in insurance fraud.

10

Demonstrated expertise in data mining.

10

Demonstrated expertise in dynamic modeling.

10 50

Total

d. Company Qualifications and References (Section III.B.2.) will be scored as follows: Company Qualifications – Mandatory

Pass/Fail

Description of Organization Services, Experience, Expertise and Activities Two (2) Company References Organizational Chart with Project Manager, and Key Personnel Maximum Score

Company Qualifications – Desirable Company has experience performing data analytics.

10

Company has experience working with benefit fraud detection in government benefit programs. Bidder allocates staff with skills and abilities needed to perform the work described in the SOW, and can describe the background, qualifications and experience of these staff. Bidder provides an organization chart showing effective lines of authority and performance accountability mechanisms. Total

10

10

10 40

e. Sample Work Products (Section II.A.2.) will be scored as follows: Sample Work Products – Mandatory

Pass/Fail

One (1) – Two (2) illustrative work samples from the proposed staff persons’ similar past projects.

f.

Sample Work Products – Desirable

Maximum Score

Samples illustrate performance of similar work to this RFP.

10

The Statement of Work (Section III.B.3.) will be scored as follows: SOW – Mandatory

Pass/Fail

Page 17 of 69 6/3/2014 5:02 PM

p. 117

State of California

Bid 65251

Employment Development Department

RFP # 65251

Requirements 101-115 Deliverables 1-8 Maximum Score

SOW – Desirable Requirements 116-143 (10 each points each maximum)

280

2. Phase 2 - Cost Evaluation After the Phase 1 evaluations have been completed for all submitted proposals, Volume II envelopes will be opened and the cost sheets will reviewed and scored as follows: A proposals’ cost score will be based on the ratio of the lowest responsive proposal divided by the Bidder’s cost, multiplied by the maximum number of cost points available (380). The lowest cost offer will be awarded the maximum cost points. Other offers will be awarded cost points based on the following calculation: Cost Points Awarded to Bidder = Lowest Cost ÷ Bidder’s Cost x Maximum Cost Points Available (points awarded will be rounded to the nearest hundredth) Example of Cost Calculation where 30 cost points are possible: Bidder Amount of Proposal

A

B

C

$223,000

$219,000

$230,000

Bidder A = $219,000 ÷ $223,000 x 30 = 29.46 Cost Points Awarded Bidder B = $219,000 ÷ $219,000 x 30 = 30 Cost Points Awarded Bidder C = $219,000 ÷ $230,000 x 30 = 28.56 Cost Points Awarded 3. Preference Points Preference points, if applicable, will be calculate and added to proposal scores as appropriate. 4. Proposal Selection and Award The proposal with the highest total points will be selected for contract award.

Page 18 of 69 6/3/2014 5:02 PM

p. 118

State of California

Bid 65251

Employment Development Department

RFP # 65251

III. Statement of Work A. Introduction This Statement of Work (SOW) lists the tasks that will be undertaken by the Contractor to create the data analytic reports and alerts that identify potential instances of fraud and/or abuse in the Unemployment Insurance (UI) program, which will be analyzed by Employment Development Department (EDD) investigators, auditors and analysts. The potential instances identified must be provided in reports that will include but not be limited to the following: findings, leads, fraud indicators and aberrant payment patterns. The Contractor team will work with EDD Investigation Division (ID) and the Information Technology Branch (ITB), as well as other stakeholders as necessary, both inside and outside of the EDD, to create the data analytic reports and alerts. The Contractor team will consist of expert level consultants who will provide analytical, technical, and project management support for the required Agreement activities. The Contractor’s team must be able to provide cogent explanations to the EDD team as to why individual alerts were identified by the data analytics tool. 1. Estimated High-level Schedule From the start date of the Agreement the Contractor will have 30 days to deliver to EDD, eligibility verification analysis on individual program participants. Approximately 150 days after the Agreement start date, the Contractor shall be in full production, and thereby deliver a weekly report of results for the subsequent 12 months of the Agreement. Key Milestones

Estimated Completion

Contract start date

7/1/2014

Kick off meeting

Within one week after start date

Demonstration of system capabilities

8/1/2014

Creation of the first weekly report

12/1/2014

Contract end date

11/30/2015

B. Description of Requirements, Services, and Deliverables 1. Key Staff Qualifications Mandatory Qualifications: At a minimum, the Project Manager and Key Personnel (see defined roles below) each must have experience in at least one area listed below; however, experience in all of the areas listed below must be addressed collectively as a team. Failure to meet these mandatory qualifications will result in the disqualification of the proposal. • •

Minimum two (2) years of experience in performing data analytics. Minimum one (1) year experience in working with benefit fraud detection in government benefit programs.

Page 19 of 69 6/3/2014 5:02 PM

p. 119

State of California

Employment Development Department

Bid 65251

RFP # 65251

Desirable Qualifications: • • • • •

Demonstrated expertise in Unemployment Insurance fraud detection Demonstrated expertise in Disability Insurance fraud detection Demonstrated expertise in employer withholding fraud Demonstrated expertise in data mining Demonstrated expertise in dynamic modeling

2. Company Qualifications and References Bidders must provide a response to the following requirements: a. Description of Organization Services, Experience, Expertise and Activities. Provide a description of the nature of the organization’s services and activities. Note when the business was established, brief history, and location. List office location(s) from which the primary work on this contract will be performed. b. Company References Provide two (2) customer references. If there will be subcontractors, two (2) customer references must be provided for each subcontractor. The reference information for the company must include the following: • • • • •

Name of customer organization. Name of the project. Company role on the project. Types of services provided. Customer point of contact – including e-mail address and phone number.

c. Personnel Organization Chart: Bidder must submit an organization chart, showing the hierarchy of key personnel working on the project. Chart must show the relationship between project manager and key personnel of the bidder’s organization and all other parties (subcontractors) to the proposal. Project Manager: Bidder must identify one (1) individual on the project team who will manage the contract work, and who will be available to EDD for a sufficient amount of time to manage the project. Include a Qualifications Sheet (See Attachment F) for this individual. Note that the form requires a minimum of two (2) references for the contractor staff person. A current resume/biography must be attached for this person. Do not exceed two (2) pages for this document. Resume entries should clearly demonstrate that the experience requirements described in the “Key Staff Qualifications” Attachment F of the RFP are met. Key Personnel: Key personnel are defined as those people who will exercise a major management and/or administrative role on behalf of the proposer. All persons identified as key personnel must be retained by the bidder throughout the term of the Agreement, including any extension of term by exercise of the option to renew. If bidder finds it impossible to retain any of the key personnel,

Page 20 of 69 6/3/2014 5:02 PM

p. 120

State of California

Employment Development Department

Bid 65251

RFP # 65251

bidder must use their best efforts to give EDD advance notice, and the substitution of new personnel must be accepted by EDD. If EDD does not accept the substitution, then EDD shall have the right to terminate this Agreement upon thirty days’ prior written notice to the bidder; provided, however, if bidder is able to provide substitute personnel that EDD finds acceptable during the thirty-day notice period, then the Agreement will not be terminated. Project Team/Resumes: Bidder must specify the key personnel on the project team who will manage/conduct the work. Bidder must also identify the role each team member will serve, title, where the individual is headquartered and the percentage of the firm’s total effort that will be provided by the individual. Include a Qualifications Sheet (See Attachment F) for each person. Current resumes/biographies must be attached for each person. Note that the form requires a minimum of two (2) references for the Contractor staff person. Do not exceed two (2) pages per person. Resume entries should clearly demonstrate that the experience requirements described in the “Key Staff Qualifications” in Attachment F of the RFP are met. 3. Response to Technical Requirements Bidders must include a description of their understanding of the technical requirements of the SOW, emphasizing understanding of EDD’s objectives and the major activities that must be performed to complete the work. Describe the methods, tools and standards that will be used to complete the tasks identified in the SOW. In preparing their response, Bidders must adhere to these general requirements: 1. Includes tabbed sections, and is well-organized, comprehensive, and technically sound; 2. Includes clear and distinctive explanations for the specific response section; and 3. Does not just provide a repeat of the SOW requirements, but demonstrates a well thought out approach to meeting the requirements of the SOW. Mandatory Requirements The Contractor shall adhere to the following mandatory requirements for the services provided under this Agreement. Bidders must indicate whether they agree with the requirement (Y) or not (N). A “N” response requires an explanation from the Bidder as to why the requirement cannot be met. The State may then change or waive the requirement for all bidders. If the requirement is not changed or waived, a “N” response may disqualify the proposal. Req. #

Mandatory Requirements

101

The Contractor will use the Pondera FDaaS™ to create weekly reports using EDD-supplied data, which include fraud alerts and potential leads, instances of aberrant payments, filings and other potential fraud indicators and deliver to the EDD in the agreed to dashboard (the requirements for which are listed out below under Deliverable 3). NOTE: The information detailed in requirements 102

Contractor Agrees (Y or N)

Page 21 of 69 6/3/2014 5:02 PM

p. 121

State of California

Employment Development Department

Req. #

Bid 65251

RFP # 65251

Mandatory Requirements

Contractor Agrees (Y or N)

through 113 must be provided as part of the weekly report to EDD. 102

The Contractor will provide alerts of potential fraud leads, instances of aberrant payment filings, and other potential fraud indicators, to user-configurable queues for follow-on investigative work from batch or real-time analysis.

103

The Contractor will detect suspicious patterns based upon analyzing claims data using advanced analytical tools, and deliver the information to the EDD in the agreed to dashboard.

104

The Contractor will link and analyze fraudulent and abusive practices using various databases, and deliver the information to the EDD in the agreed to dashboard and/or geospatial and/or mapped format.

105

The Contractor will identify outlier behavior relating to claimant filing, employer reporting/withholding activity with regard to what is “normal” behavior, and deliver the information to the EDD in the agreed to dashboard and/or geospatial and/or mapped format.

106

The Contractor will group and cluster suspicious employers or claimants who have the same outlier and/or fraudulent behavior, and deliver the information to the EDD in the agreed to dashboard.

107

The Contractor will detect aberrant and/or fraudulent behavior (predictive) over time, and deliver the information to the EDD in the agreed to dashboard.

108

The Contractor will link beneficiaries to suspicious employers/schemes, verifying identity and credentials, personal identification (e.g., SSN, driver’s license, other licenses, addresses) against available databases, and assure that the person is verifiable, and deliver results to the EDD in the agreed to dashboard.

109

The Contractor will link employers/beneficiaries based on Internet Protocol (IP) addresses, and deliver the information to the EDD in the agreed to dashboard.

110

The Contractor will link employers/beneficiaries based on listed business/residence addresses, and deliver the information to the EDD in an agreed to dashboard.

111

The Contractor will analyze large data volumes with speed and accuracy, and deliver the information to the EDD in the agreed to dashboard.

112

The Contractor will identify entities that may be related to other entities through various relationship matching criteria (e.g., address, owner, employees, familial, IP address, telephone number, etc.), and deliver the information to the EDD in the agreed to dashboard.

113

The Contractor will provide narrative explanations to the EDD team as to why any individual cases were identified by the data analytics tool and deliver to the EDD.

Page 22 of 69 6/3/2014 5:02 PM

p. 122

State of California

Employment Development Department

Bid 65251

RFP # 65251

Req. #

Mandatory Requirements

114

The Contractor will procure, install and operate all required equipment/hardware off-site (at a non-EDD facility) where the Contractor will perform the work.

115

The Contractor will utilize EDD-approved security procedures to transfer and process EDD data at all times.

116

The Pondera FDaaS™ system will be adjusted over time to improve efficiencies and accuracy by considering earlier performance.

Contractor Agrees (Y or N)

4. Desirable Requirements Bidders must indicate whether they agree with the desirable requirement by indicating (Y) or not (N). Desirable requirements are scorable. If a bidder agrees to the requirement by indicating “Y”, the bidder must provide a description of how the requirement will be met. The response will then be evaluated based on the criteria outlined in Section II.B. and scored. A “N” response is scored as 0 points. Req. #

Desirable Requirements

117

The Contractor will incorporate geo-spatial representations of fraudulent behavior and provide to EDD in a map representation using ESRI or other mapping products. Updated map representations will be provided with each weekly report.

118

The Contractor will provide State staff with the capability to utilize tools and reporting capabilities by building and running Statedeveloped models and scripts and deliver to the EDD on a weekly basis.

119

The Contractor will provide the capability to receive or capture, manage, analyze, and integrate data offline (batch) from any source, including the EDD, internet, provider/other intermediary master files, third party relationship systems (LexisNexis, etc.), regulatory compliance lists, consumer affairs (corporate reporting), tax information, and address correlations.

120

The Contractor will provide the capability to incorporate batch data into a real-time analysis capability for verification of claims applications.

121

The Contractor will re-evaluate entities after new data is loaded and provided by event-triggering or by configurable schedules (this shall occur no less often than weekly). The system will be able to determine what has changed from previous evaluations and deliver the changes to the EDD.

122

The Contractor will retain original relationships and information by instituting relationship identifiers into a composite view of possible newly-configured entities.

123

The Contractor will use full attribution to ensure that data is never

Contractor Agrees (Y or N)

Page 23 of 69 6/3/2014 5:02 PM

p. 123

State of California

Employment Development Department

Req. #

Bid 65251

RFP # 65251

Desirable Requirements

Contractor Agrees (Y or N)

lost and is always traceable back to its original source. 124

The Contractor will re-evaluate all potential entities as new data is loaded in real-time, and provide risk scoring to outcomes no less often than weekly.

125

The Contractor will link entities by configurable identity attributes, such as telephone numbers and addresses, to uncover relevant, yet non-obvious, relationships and deliver the information to the EDD in the agreed to dashboard on a weekly basis.

126

The Contractor will identify "unknown" suspects via "fuzzy" (i.e., diffuse or probabilistic logic) data matches on Names, AKAs, Physical/Mailing Addresses, Phone Numbers, SSNs and DOBs and deliver the information to the EDD in the agreed to dashboard on a weekly basis.

127

The Contractor will assemble networks of associations using individual data attributes (such as identification numbers and names), locations (address correlation), email addresses, IP addresses, businesses at the address (include multi-tenant), facility type (such as warehouses, buildings, apartment, etc.), organizations (such as church, clubs, associations, or gangs), and accounts (such as banks, checking, credit, or savings) and deliver the information to the EDD in the agreed to dashboard and/or geospatial or mapped format on a weekly basis. Consideration may include but will not be limited to: Consumer information (e.g. demographics, bureaus, utility); Phone and Email Assets (e.g. motor vehicles, watercraft, aircraft); Real Property Data (e.g. deeds, assessments, foreclosures); Licensing (e.g. drivers, professional, medical); Business and Employment Legal Information (e.g. bankruptcy filings, liens and judgments, civil court); Derogatory Information (e.g. criminal records, criminal court, sex offender).

128

The Contractor will assemble suspect or interesting relationships, even those that are hidden or disguised, and develop pointers that enable relationship diagrams to be produced for on-line viewing delivered to the EDD in the agreed to dashboard and/or geospatial or mapped format on a weekly basis.

129

The Contractor will provide analysts the capability to develop sophisticated searches against the entity correlation database to further explore each related entity and every entity or attribute that those entities are linked to.

130

The Contractor will provide link analysis (correlations) between various provided datasets. This could include employers, claimants, claim detail records, applications, forms and other datasets to be delivered to the EDD in the agreed to dashboard, geospatially or in a mapped format on a weekly basis.

131

The Contractor will have the ability to remove key attributes from link analysis to observe the impact to the linked network.

Page 24 of 69 6/3/2014 5:02 PM

p. 124

State of California

Employment Development Department

Bid 65251

RFP # 65251

Req. #

Desirable Requirements

132

The Contractor will further expand linked information from provided databases to third party databases to identify fraud schemes and outlier behavior patterns and deliver results to the EDD in the agreed to dashboard on a weekly basis.

133

The Contractor will identify criminals, lawsuits, and other legal information about linked persons involved in a business or with some relationship to entities and deliver the information to the EDD in the agreed to dashboard on a weekly basis.

134

The Contractor will incorporate public record and proprietary data sources on entities (businesses, non-profit organizations, etc.), employees, claimants and related parties and deliver pertinent results to the EDD in the agreed to dashboard on a weekly basis.

135

The Contractor will conduct matches with national licensure and sanction lists and deliver potential suspects list to the EDD in the agreed to dashboard on a weekly basis.

136

The Contractor will utilize social network analytics to link people, businesses etc., to identify high densities of suspicious behaviors between relationships and deliver to the EDD in the agreed to dashboard on a weekly basis.

137

The Contractor will collect, classify, analyze and interpret data to reveal patterns, anomalies, key variables and relationships into a set of models for further determination and delivery to the EDD in the agreed to dashboard on a weekly basis.

138

The Contractor will provide dynamic modeling and deliver to the EDD in the agreed to dashboard on a weekly basis.

139

The Contractor will forecast trends and possible fraudulent behavior and deliver the information to the EDD in the agreed to dashboard on a weekly basis.

140

The Contractor will provide dynamic visualization of all identified suspicious entities and activities and prioritize them for further investigation through scoring algorithms and deliver to the EDD in the agreed to dashboard, geospatial or mapped reporting tool on a weekly basis.

141

The Contractor will follow social network analytics to determine significant relationships between entities to identify fraud rings or collusive networks and holistically evaluate the activities of the entire network and deliver the information to the EDD in the agreed to dashboard on a weekly basis

142

The Contractor will evaluate incongruity in physical distance between claimant and employer and deliver the information to the EDD in the agreed to dashboard on a weekly basis.

143

The Contractor will evaluate incongruity in physical distance between claimant residence address and claimant mailing address and deliver the information to the EDD in the agreed to dashboard on a weekly basis.

Contractor Agrees (Y or N)

Page 25 of 69 6/3/2014 5:02 PM

p. 125

State of California

Employment Development Department

Bid 65251

RFP # 65251

5. Deliverables The Contractor shall provide the following deliverables with associated requirements for the services provided under this Agreement. Bidders must indicate whether they agree to provide the deliverable (Y) or not (N). A “N” response requires an explanation from the Bidder as to why the deliverable will not be provided. The State may then change or waive the deliverable for all bidders. If the deliverable is not changed or waived, a “N” response may disqualify the proposal. Deliverable documents will be provided in Microsoft Office 2010 format, including reports, spreadsheets, presentations, and databases. The media of delivery will be compatible with the EDD document storage devices. EDD requires the Contractor to conduct internal quality reviews for all deliverables before the deliverables are submitted to EDD. Del. #

Deliverable Description/Requirements

1.

Requirements Validation Document: Confirmation of flags, geospatial maps, prediction models, binary checks, and validations. This document shall be provided one time, prior to dashboard design.

Contractor Agrees (Y or N)

a. The Contractor will provide a written plan explaining how it intends to validate requirements necessary to deliver to the EDD the Pondera Fraud Detection as a Service (FDaaS™) solution. This is a one-time deliverable. b. The Contractor will meet with EDD staff on an “as needed” basis to determine, validate and clarify known requirements and uncover any additional desired functionality. 2.

Source Data Recommendations Document: Analysis and description of all internal and external data inputs required to run Pondera FDaaS™. This document shall be provided one time, prior to dashboard design. a. Prior to dashboard design, the Contractor will provide a written plan explaining the data source requirements necessary to deliver to the EDD the Pondera Fraud Detection as a Service (FDaaS™) solution. This is a one time deliverable. b. Prior to dashboard design, the Contractor will provide an Enterprise Architecture Model (EAM), a plan/diagram depicting, and showing the Contractor’s understanding of, the EDD computing environment including integration of employer data sets, client data sets, claims processing, and the movement of data, to facilitate this process. The Contractor should use details and visual diagrams as necessary. c. The Contractor will identify existing data sets which are not owned by the EDD or bundled with the FDaaS™ service, but could yield value to the EDD fraud detection efforts. d. The Contractor will identify data sets which are not currently collected by the EDD, but could be of value to the EDD fraud detection effort if these data sets are collected in the future.

Page 26 of 69 6/3/2014 5:02 PM

p. 126

State of California

Employment Development Department

Del. #

Bid 65251

RFP # 65251

Deliverable Description/Requirements

Contractor Agrees (Y or N)

e. The Contractor will include data sources for matching the EDD claimant data against a data source to identify incarcerated claimants. f.

The Contractor will include data sources for matching the EDD claimant data against a data source to identify deceased individuals.

g. The Contractor will include data sources for matching the EDD claimant data against a data source to identify Worker's Compensation claimants. h. The Contractor will include data sources for matching the EDD claimant data against a data source to identify 1099 Independent Contractor payments.

3.

i.

The Contractor will include data sources for matching the EDD claimant data against a data source to identify known bad or suspected bad physical addresses or mailing addresses.

j.

The Contractor will include data sources for matching the EDD claimant data against a data source to identify known bad or suspected IP addresses.

Dashboard Design and Development: Design and develop an integrated dashboard to be used by EDD staff as an interface for receiving results. The dashboard must be fully designed and accepted by EDD prior to the start of live service and weekly reporting. a. Prior to dashboard design, Contractor will provide the EDD with written documentation explaining how it will supply the EDD with an integrated "dashboard" to be used by EDD staff as an interface for receiving results of FDaaS™ fraud detection efforts. b. The dashboard will include a variety of data displays, to include maps, charts, graphs and spreadsheets. c.

The dashboard will have the capability to categorize alerts by like kind.

d. The dashboard will have the capability to prioritize potential fraud on a weighted basis. e. The dashboard will have permissions setting built in to allow the EDD to regulate users and/or views. f.

The dashboard will allow drill-down capability of alerts displayed.

g. The dashboard will allow users to jump directly to claimant and/or employer profile. h. The dashboard will allow predetermined thresholds to be adjusted as necessary to detect ever changing fraud schemes. i.

The dashboard will allow details to be displayed in maps

Page 27 of 69 6/3/2014 5:02 PM

p. 127

State of California

Employment Development Department

Del. #

Bid 65251

RFP # 65251

Deliverable Description/Requirements

Contractor Agrees (Y or N)

viewable to street level. 4.

Claimant Validation Analysis: Representative run of CA claimants through Pondera FDaaS™ models. a. The Contractor will provide a written plan for how it will validate applicant and claimant related data, including but not limited to, SSN, address, age, DOB, criminal convictions, and benefit claim history. This is a one-time deliverable. b. The Contractor will receive applicant and claimant data from the EDD in the condition that EDD receives it from the applicant/claimant (un-scrubbed and unrefined), and create a claimant profile for each claimant/applicant. c.

The Contractor will match claimant profiles against available third-data party aggregators to detect anomalies in the claimant data. These anomalies will be reported to the EDD in the dashboard format on a weekly basis.

d. The Contractor will match claimant profiles against Social Security Administration data to determine correct matches between claimant and assigned SSN owner. Contractor will report this information to EDD in the dashboard format on a weekly basis. e. The Contractor will identify additional SSNs when associated with a claimant profile. Contractor will report this information to EDD in the dashboard format on a weekly basis. f.

The Contractor will match claimant profiles against the Social Security Death Index to ensure the identity of an individual reported as deceased is not being used to apply for or receive benefits. Contractor will report this information to EDD in the dashboard format on a weekly basis.

g. The Contractor will identify claimant profiles that are found, in third-party data, to be experiencing consumer related fraud or identity theft. Contractor will report this information to EDD in the dashboard format on a weekly basis. h. The Contractor will match client profile addresses against thirdparty data addresses for disparities which may be an indicator of potential fraud. Contractor will report this information to EDD in the dashboard format on a weekly basis. i.

The Contractor will match claimant profile against self-reported consumer statements (i.e., reporting identity theft, etc.) for indicators of potential fraud. Contractor will report this information to EDD in the dashboard format on a weekly basis.

j.

The Contractor will have a process for receiving feedback from the EDD regarding the value of potential fraud indicators provided, with the intent of improving the process of fraud detection, eliminating false positives, and increasing the value

Page 28 of 69 6/3/2014 5:02 PM

p. 128

State of California

Employment Development Department

Del. #

Bid 65251

RFP # 65251

Deliverable Description/Requirements

Contractor Agrees (Y or N)

of fraud indicators. k.

Contractor will identify groups or clusters of claimants by occupation, geography, familial or other connection, telephone numbers or IP addresses used, or other connecting event. Contractor will report this information to EDD in the dashboard format on a weekly basis.

l.

The Contractor will provide mapping, link analysis or other graphic representation of associations listed in deliverable requirement #4.i. Contractor will report this information to EDD in the dashboard format on a weekly basis.

m. The Contractor will identify for claimants that apply for benefits within a specific timeframe (to be determined by the EDD and capable of being adjusted), of when wages were first reported to the EDD. Contractor will report this information to EDD in the dashboard format on a weekly basis. n. The Contractor will match addresses provided in claimant profiles to addresses gleaned from third-party data obtained by the Contractor. Contractor will report this information to EDD in the dashboard format on a weekly basis. o. The Contractor will match claimant profiles against individuals reported as incarcerated in county jails, state or federal prisons. Contractor will report this information to EDD in the dashboard format on a weekly basis. p. The Contractor will match claimant profiles against EDD supplied database of known "bad actors" (individuals involved with fraud). Contractor will report this information to EDD in the dashboard format on a weekly basis. q. The Contractor will match claimant profile against EDD supplied database of known "bad" addresses. Contractor will report this information to EDD in the dashboard format on a weekly basis. r.

The Contractor will match claimant profiles against EDD supplied database of known "bad" I.P addresses. Contractor will report this information to EDD in the dashboard format on a weekly basis.

s. The Contractor will match claimant profiles against EDD supplied database of known "bad" telephone numbers. Contractor will report this information to EDD in the dashboard format on a weekly basis. t.

The Contractor will identify instances where proximity between claimant and last reported employer is excessive. Contractor will report this information to EDD in the dashboard format on a weekly basis.

u. The Contractor will detect multiple claimants using the same physical address. Contractor will report this information to EDD in the dashboard format on a weekly basis.

Page 29 of 69 6/3/2014 5:02 PM

p. 129

State of California

Employment Development Department

Del. #

Bid 65251

RFP # 65251

Deliverable Description/Requirements

Contractor Agrees (Y or N)

v. The Contractor will detect multiple claimants using the same mailing address. Contractor will report this information to EDD in the dashboard format on a weekly basis. w. The Contractor will match claimants against independent contractor data to detect unreported income. Contractor will report this information to EDD in the dashboard format on a weekly basis. 5.

Employer Validation Analysis: Representative run of CA employers through Pondera FDaaS™ validation models. a. The Contractor will provide a written plan for how it will validate employer data, including but not limited to EDD supplied registration data, and registration with other sources commonly used to determine legitimacy of a business. This is a one-time deliverable to be provided prior to the start of weekly live service. b. The Contractor will receive employer data from the EDD in the condition that EDD receives it from the employer (un-scrubbed and unrefined), and create an employer profile. Contractor will report this information to EDD in the dashboard format on a weekly basis. c. The Contractor will match the employer profile against thirdparty business data to identify anomalies and other potentially suspicious activity in the employer supplied business profile information. Contractor will report this information to EDD in the dashboard format on a weekly basis. d. The Contractor will match employer profiles against disparate third-party data such as invalid addresses, commercial mail receiving agencies, bankruptcy records, tax liens and other similar data sources. Contractor will report this information to EDD in the dashboard format on a weekly basis. e. The Contractor will have a demonstrated process for using EDD feedback on alerts to improve or fine-tune future detection efforts. f.

The Contractor will provide indicators of fraud on a scaled system, or with a confidence code or value index, allowing the EDD to sort or triage indicators based on their potential for fraud. Contractor will report this information to EDD in the dashboard format on a weekly basis.

g. The Contractor will identify groups or clusters of employers, corporate officers, Limited Liability Companies or Sole Proprietors, by occupation, geography, familial or other connection, telephone numbers or IP addresses used, or other connecting event. Contractor will report this information to EDD in the dashboard format on a weekly basis. h. The Contractor will provide mapping, link analysis or other

Page 30 of 69 6/3/2014 5:02 PM

p. 130

State of California

Employment Development Department

Del. #

Bid 65251

RFP # 65251

Deliverable Description/Requirements

Contractor Agrees (Y or N)

graphic representation of associations listed in deliverable requirement 5.g. Contractor will report this information to EDD in the dashboard format on a weekly basis. i.

The Contractor will match employer profiles against individuals reported as incarcerated in county jails, state or federal prisons. Contractor will report this information to EDD in the dashboard format on a weekly basis.

j.

The Contractor will match employer profiles against EDD supplied database of known "bad actors" (individuals involved with fraud). Contractor will report this information to EDD in the dashboard format on a weekly basis.

k. The Contractor will match employer profiles against EDD supplied database of known "bad" addresses. Contractor will report this information to EDD in the dashboard format on a weekly basis. l.

The Contractor will match employer profiles against EDD supplied database of known "bad" IP addresses. Contractor will report this information to EDD in the dashboard format on a weekly basis.

m. The Contractor will match employer profiles against EDD supplied database of known "bad" telephone numbers. Contractor will report this information to EDD in the dashboard format on a weekly basis. n. The Contractor will identify instances where proximity between employer and claimant is excessive. Contractor will report this information to EDD in the dashboard format on a weekly basis. o. The Contractor will detect multiple employers using the same physical address. Contractor will report this information to EDD in the dashboard format on a weekly basis. p. The Contractor will detect multiple employers using the same mailing address. Contractor will report this information to EDD in the dashboard format on a weekly basis. q. The Contractor will match employer profiles against independent contractor data files to detect unreported wages. Contractor will report this information to EDD in the dashboard format on a weekly basis. r.

The Contractor will match employer profiles against business activity records to identify businesses with low or unconfirmed market activity, possibly identifying shell companies. Contractor will report this information to EDD in the dashboard format on a weekly basis.

s. The Contractor will match employer profiles against a federal debarment list identifying companies precluded from doing business with the federal government, possibly indicating fraudulent business practices. Contractor will report this information to EDD in the dashboard format on a weekly basis.

Page 31 of 69 6/3/2014 5:02 PM

p. 131

State of California

Employment Development Department

Del. #

6.

RFP # 65251

Deliverable Description/Requirements

t.

Bid 65251

Contractor Agrees (Y or N)

The Contractor will match employer profiles against indictments and criminal complaints filed in state or federal jurisdictions. Contractor will report this information to EDD in the dashboard format on a weekly basis.

Claims Analysis (Predictive Models): Production-ready binary and prediction models. a. The Contractor will provide a written plan explaining how it intend to validate employer information necessary to deliver to the EDD the Pondera FDaaS™ solution. b. The Contractor will employ predictive models to proactively identify data anomalies and potentially fraudulent activities. c. The Contractor will employ comparative models to proactively identify data anomalies and potentially fraudulent activities. d. The Contractor will employ pattern recognition models to proactively identify data anomalies and potentially fraudulent activities. e. The Contractor will map results of potential fraudulent activity. Contractor will report this information to EDD in the dashboard format on a weekly basis.

7.

Data Matching Services: Upon completion of the prior six deliverables, all of the elements of the Pondera FDaaS™ system will work in unison to perform the tasks described in the Scope of Work. Necessary testing, as determined by EDD, shall be conducted to ensure that the system functions to EDD’s satisfaction prior to the acceptance of this final deliverable and the commencement of ongoing live service with monthly payments. NOTE: See D. 2. below for information on payment withhold relating to this deliverable.

8

Production Go-Live Upon completion and EDD acceptance of the first seven deliverables, the Contractor will commence with ongoing live FDaaS™ service including weekly reports to EDD in accordance with the deliverables and requirements listed above.

6. Data Attributes The following entities and attributes represent the typical data set that is needed as an input to the FDaaS™ system. This is a broad outline of the data needs for FDaaS™ and it is desirable to receive any additional attributes that are used by a particular client within the UI space. At least three (3) years of history should be provided. The UI program has two distinct perspectives for fraud detection, the Claimant or Beneficiary side of fraud, also referred as the Benefits side, and the Employer or Page 32 of 69 6/3/2014 5:02 PM

p. 132

State of California

Employment Development Department

Bid 65251

RFP # 65251

Business side of fraud, also referred to as the Taxation side. The data requirements for both perspectives are very distinct with a small overlap where claimants employed at a business are applying for benefits and both entities are within the same jurisdiction. a. Claimant or Beneficiary Data (Benefits) Attributes of some of the Benefits data are described below. •

Claimant Profile – has personal and demographic information at the time of filing a UI claim. This includes SSN, name, address details, email, demographic information (gender, race, education, residency, profession, marital status, military, disability, dependents, etc.), and employment and income histories (if possible).



Payment Setup Profile – includes information related to bank account(s) and bank details, payment formats, tax deduction situations, other subsidies available, etc.



Claims File – has details on dates of filing and approval, details of last employment including profession, designation, employer details, salary, etc., and information around claim rejection or closed claims and re-opened claims, etc.



Claim Adjudication – payment amounts approved, various codes and statuses to track the benefit payments approval activity, running totals on how much benefits have been paid and how much remains, tax deductions, funding of the payment amount (various codes, types related to that), adjustments, employment (or termination) confirmation, etc.



Weekly Certifications – details around weekly certification by a claimant for continued UI benefits. Typical data includes how certification was filed, when it was filed, the mode of filing details around location, IP address, email address, call center, etc., along with historical certifications and claim ID.



Payment Transaction – includes data on the actual payment transaction like dates, amounts, check number or ACH transaction details, breakdown of amounts, historical data on payments, claim ID, and weekly certification ID against which the payment was issued.

For all of the above, additional attributes in a source system should be included along with any historical files where previous updated information is archived, such as prior addresses, prior claims and prior payment methods or transactions. b. Employer or Business Data (Taxation) Attributes of some of the Taxation data are described below. •

Business Registration – includes the basic business information used to register for UI tax withholdings, such as names, addresses, locations, DBA, incorporation information, industry, size, principal officers, basic financial information, first tax payments date, new business versus acquired, legal entity and subsidiaries, agents responsible for UI tax payments, communication, etc. Page 33 of 69

6/3/2014 5:02 PM

p. 133

State of California

Employment Development Department

Bid 65251

RFP # 65251



Tax Adjudication – includes industry codes, various other codes, and statuses and types used to determine the taxation rate, UI tax rate (and historical rates), estimated tax amounts, prior delinquencies, risk rating, acquisition information, etc.



Quarterly Payments – actual details around employees on whose behalf the payments were made, quarter, year, return filing date, employee start and end dates, out of state employee information, etc.

C. Responsibilities of Parties The following describes the specific responsibilities of the Contractor and EDD under this Agreement. 1. Contractor Responsibilities: a. The Contractor shall designate a person to whom all project communications may be addressed and who has the authority to act on all aspects of the contract for services. This person shall be responsible for the overall project and shall be the contact for all invoice issues and contractor staffing issues. b. The Contractor shall comply with all applicable EDD, Department of General Services, Department of Finance and Department of Technology policies and procedures, including but not limited to policies regarding Sexual Harassment Prevention, Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, IT Security, Confidentiality and Security Training, Workplace Violence Prevention, and Emergency Preparedness. In accordance with Title 22, California Code of Regulations Section 311-1, each of the Contractor’s staff performing work for this Agreement shall complete a Form 700 (see the California Fair Political Practices Commission website at www.fppc.ca.gov). Each individual’s investments, business positions, and income including gifts, loans, and travel payments, from any source, as well as all interests in real property, must be reported on the Form 700 c. Where Personal Health Information (PHI) or Personal Identification (PI) is processed or stored outside of the EDD-managed network, the solution and facilities must comply with NIST 800-53 Revision 4 standards. d. Upon mutual agreement, all meetings shall be scheduled using EDD MS Outlook. All Contractor staff shall maintain their schedules of availability on their EDD MS Outlook calendars. Meetings may be in person or via conference call. e. The Contractor will maintain Key Personnel continuity throughout the life of the project. EDD will be notified, in writing, of any changes in the Key Personnel assigned to tasks. If a Key Personnel is unable to perform his or her duties due to illness, resignation, or other factors beyond the Contractor’s control, the Contractor will make every reasonable effort to provide suitable substitute Key Personnel. The substitute Key Personnel must meet all requirements of the RFP and SOW and must be approved by EDD in writing prior to initiating work. g. The Contractor is responsible for his/her own operating expenses, overhead and clerical support.

Page 34 of 69 6/3/2014 5:02 PM

p. 134

State of California

Employment Development Department

Bid 65251

RFP # 65251

2. EDD Responsibilities: a. The EDD Contract Manager is the contact person to whom all contractor communications may be addressed and who has the authority to act on all aspects of the services. This person will review the Agreement and associated documents with the Contractor to ensure understanding of the responsibilities of both parties. b. EDD will supply the MFLS claims data upon the mutually agreed upon intervals. c. EDD will provide sufficient access to appropriate levels of staff, business representatives, other users, and EDD management, as appropriate to facilitate the performance of consulting tasks and creation of consulting deliverables. d. EDD will review and provide comments or approval of the draft and final documents and deliverables within five (5) business days of receipt, or other mutually agreed upon date, in order for the Contractor to perform its obligations under the Agreement. D. Invoicing and Payment 1. In consideration of services performed, EDD agrees to pay the Contractor for EDD accepted deliverables. Deliverables shall be invoiced at the fixed-cost rates detailed in accordance with Attachment B, Cost Data Sheet. A signed Formal Acceptance Form (Appendix 4) is required from the EDD SPOC before submitting an invoice. Invoices shall include the Agreement Number and shall be submitted in triplicate in arrears to: Employment Development Department Investigation Division 722 Capitol Mall, MIC 43 Sacramento, CA 95814 Attn: Steve Sheehan Invoices must include a certification statement signed by a company official, attesting to the accuracy of the invoice data. If the EDD rejects all or part of the Contractor’s work or work product, EDD shall withhold payment for the rejected work product and shall notify the contractor in writing of the reason why the work product was rejected. The Contractor shall take appropriate measures to correct the work and demonstrate to the EDD that the Contractor has successfully completed the work before payment can be made. The Contractor may not invoice EDD for any costs exceeding the maximum amount identified for each specific deliverable listed on the Cost Data Sheet Attachment B. Any excess hours to complete a deliverable shall be at no cost to EDD. 2. Payment Withhold for Deliverables 1 Through 6 In accordance with the requirements set forth in the State Contracting Manual, Section 7.33.B, the State may withhold, from the invoiced payment amount to the Contractor, an amount equal to at least ten percent (10%) of that payment. Under this Agreement, twenty five percent (25%) of the amount charged for deliverables 1 through 6 shall be withheld until EDD’s acceptance of deliverable 7. Such retained Page 35 of 69 6/3/2014 5:02 PM

p. 135

State of California

Employment Development Department

Bid 65251

RFP # 65251

amount shall be held by the State and only released to the Contractor upon the State's determination that the Contractor has satisfactorily completed all of the required services as itemized in deliverables 1 through 7. 3. Unanticipated Costs The Contractor may specify additional deliverables to meet unanticipated requirements of this SOW. Prior to commencing work on any unanticipated deliverable, the Contractor must complete a Work Authorization Form (Appendix 3) and obtain pre-approval by the EDD Contract Manager. The specified number of labor hours and the hourly wage rate for unanticipated deliverables must be based on the hourly rate specified on the Cost Data Sheet for a given job classification cannot be exceeded 4. Budget Contingency Clause It is mutually understood between the parties that this Agreement may have been written before ascertaining the availability of congressional and legislative appropriation of funds, for the mutual benefit of both parties, in order to avoid program and fiscal delays which would occur if the Agreement were executed after that determination was made. This Agreement is valid and enforceable only if (1) sufficient funds are made available by the State Budget Act of the appropriate State Fiscal Year(s) covered by this Agreement for the purposes of this program; and (2) sufficient funds are made available to the State by the United States Government or by the State of California for the Fiscal Year(s) covered by this Agreement for the purposes of this program. In addition, this Agreement is subject to any additional restrictions, limitations or conditions established by the United States Government and/or the State of California, or any statute enacted by the Congress and Legislature, which may affect the provisions, terms or funding of the Agreement in any manner. The parties mutually agree that if the Congress and/or Legislature does not appropriate sufficient funds for the program, this Agreement shall be amended to reflect any reduction in funds. The EDD has the option to terminate the Agreement under the 30-day termination clause or to amend the Agreement to reflect any reduction of funds. 5. Prompt Payment Clause Unless otherwise specified, payment will be made in accordance with Government Code §927 et. seq., as applicable. Payment shall not be due until the later of: (a) the date of acceptance of goods or performance of services; or (b) receipt of an accurate invoice.

Page 36 of 69 6/3/2014 5:02 PM

p. 136

State of California

Employment Development Department

Bid 65251

RFP # 65251

E. Special Terms and Conditions 1. Advance Work Should the Contractor begin work before receiving a copy of the approved Agreement, any work performed before approval shall be considered as having been done at the Contractor's own risk and as a volunteer. 2. Force Majeure Except for defaults of subcontractors at any tier, the Contractor shall not be liable for any excess costs if the failure to perform the Contract arises from causes beyond the control and without the fault or negligence of the Contractor. Examples of such causes include, but are not limited to: •

Acts of God or of the public enemy, and



Acts of the federal or State government in either its sovereign or contractual capacity.

If the failure to perform is caused by the default of a subcontractor at any tier, and if the cause of the default is beyond the control of both the Contractor and subcontractor, and without the fault or negligence of either, the Contractor shall not be liable for any excess costs for failure to perform. 3. Workforce Investment Act Contractor agrees to conform to nondiscrimination provisions of the Workforce Investment Act (WIA) and other federal nondiscrimination requirements as referenced in 29 CFR, Part 37. 4. Termination for Convenience This Agreement may be terminated by EDD by giving written notice to the Contractor 30 days prior to the effective date of such termination. 5. Rights in Work Product a. With the exception of all EDD’ data, of which EDD retains the exclusive right of ownership, all inventions, discoveries, intellectual property, technical communications and records originated or prepared by the Contractor pursuant to this Contract including papers, reports, charts, computer programs, and other Documentation or improvements thereto, and including the Contractor’s administrative communications and records relating to this Contract (collectively, the “Work Product”), shall be the Contractor’s exclusive property. The provisions of this sub-section a) may be revised in a Statement of Work. b. Software and other materials developed or otherwise obtained by or for the Contractor or its affiliates independently of this Contract or applicable purchase order (“Pre-Existing Materials”) do not constitute Work Product. If the Contractor creates derivative works of Pre-Existing Materials, the elements of such derivative works created pursuant to this Contract constitute Work Product, but other elements do not. Nothing in this Section will be construed to interfere with the Contractor’s or its affiliates’ ownership of Pre-Existing Materials. Page 37 of 69 6/3/2014 5:02 PM

p. 137

State of California

Employment Development Department

Bid 65251

RFP # 65251

c. The State will have Government Purpose Rights to the Work Product as Deliverable or delivered to the State hereunder. “Government Purpose Rights” are the unlimited, irrevocable, worldwide, perpetual, royalty-free, non-exclusive rights and licenses to use, modify, reproduce, perform, release, display, create derivative works from, and disclose the Work Product. “Government Purpose Rights” also include the right to release or disclose the Work Product outside the State for any State government purpose and to authorize recipients to use, modify, reproduce, perform, release, display, create derivative works from, and disclose the Work Product for any State government purpose. Such recipients of the Work Product may include, without limitation, State Contractors, California local governments, the U.S. federal government, and the State and local governments of other states. “Government Purpose Rights” do not include any rights to use, modify, reproduce, perform, release, display, create derivative works from, or disclose the Work Product for any commercial purpose. d. The ideas, concepts, know-how, or techniques relating to data processing, developed during the course of this Contract by the Contractor or jointly by the Contractor and the State may be used by either party without obligation of notice or accounting. e. This Contract shall not preclude the Contractor from developing materials outside this Contract that are competitive, irrespective of their similarity to materials which might be delivered to the State pursuant to this Contract. 6. Settlement of Disputes Any dispute concerning a question of fact arising under the term of this Agreement which is not disposed of within a reasonable period of time (ten days) by the Contractor and State employees normally responsible for the administration of this contract shall be brought to the attention of the Chief Executive Officer (or designated representative) of each organization for joint resolution. 7. Lobbying Certification The Contractor hereby assures and certifies to the lobbying restrictions set forth in 29 CFR, Part 93 (see Exhibit H). 8. Insurance Requirements Contractor agrees the insurance herein provided for shall be in effect at all times during the term of this Agreement. In the event said insurance coverage expires at any time during the term of this Agreement, Contractor agrees to provide at least 30 days prior to said expiration date, a new certificate of insurance evidencing insurance coverage as outlined below for not less than the remainder of the term of this Agreement, or for a period of not less than one year. New certificates of insurance are subject to the approval of the Department of General Services, and Contractor agrees that no work or services shall be performed prior to the giving of such approval. In the event Contractor fails to keep in effect at all times insurance coverage as herein provided, the State may, in addition to any other remedies it may have, terminate this Agreement upon the occurrence of such event. The Contractor shall provide written notice to EDD within five (5) business days of any cancellation, non-renewal, or material change that affects required insurance coverage.

Page 38 of 69 6/3/2014 5:02 PM

p. 138

State of California

Employment Development Department

Bid 65251

RFP # 65251

The Contractor shall display evidence of the following coverage on an ACORD certificate: a. General Liability Insurance - Contractor shall furnish to EDD a certificate of insurance prior to commencement of work stating there is general liability insurance in effect for the Contractor in an occurrence form with limits not less than $1,000,000 per occurrence for bodily injury and property damage combined. The certificate of insurance must include the following provision stating: The State of California, its officers, agents, employees, and servants are included as additional insured, but only with respect to work performed for EDD under this contract. The additional insured endorsement must accompany the certificate. b. Workers' Compensation and Employers Liability Insurance - Contractor shall furnish to EDD a certificate of insurance evidencing Workers’ Compensation and Employers Liability Insurance presently in effect with limits not less than $1,000,000 by an insurance carrier licensed to write Workers' Compensation insurance in California. Such certificate shall include the name of the carrier and the policy inception and expiration dates. If the Contractor is self-insured for Workers’ Compensation, a certificate must be presented evidencing Contractor is a qualified self-insurer in the State of California. 9. Intellectual Property Infringement Notwithstanding any other provision of this Agreement, Contractor is not obligated to indemnify for any claim of infringement of any patent, copyright, trademark, service mark, trade secret or other proprietary right of a third party, to the extent such claim is caused by, relates to or arises out of (a) EDD’s failure to use the Contractor’s system or services as permitted under this Agreement or (b) EDD’s configuration or use of the Contractor’s system or services in combination with other software, equipment, services, processes, elements, components or systems that are not provided by Contractor. F. EDD Information Security Requirements 1. EDD data must remain in the continental United States of America at all times. 2. For facilities or systems where EDD data is processed, transferred or stored, the Contractor shall comply with all EDD security policies and procedures, California State Administrative Manual (SAM) 5300 requirements, and applicable FIPS and NIST requirements and guidelines. 3. The solution must incorporate security controls as specified in the latest revision of NIST SP 800-53 for a system categorized as MODERATE impact. The system shall not contain law enforcement data. 4. Security controls must be documented in a System Security Plan (SSP) that is prepared in compliance with the latest revision of NIST SP 800-18 and augmented by EDD SSP required sections as illustrated in the EDD SSP template (see Appendix 1) which includes a data flow diagram, system boundaries, interfaces, volume and nature of data, location of system,. etc. Special consideration should be

Page 39 of 69 6/3/2014 5:02 PM

p. 139

State of California

Employment Development Department

Bid 65251

RFP # 65251

made in documenting access control, audit logging, system communication, and handling and destruction of data. 5. At the Contractor’s expense, the system must be accredited by an independent party approved or designated by the EDD ISO prior to being populated by EDD data. 6. No IRS, DMV, SSA, FTB, or non-EDD data will be provided without the express, written permission of the authorized official of the Agency/entity that owns the data. 7. No EDD data will be provided without the express, written permission of the Deputy Director of the branch that owns the data. 8. The EDD data shall not be provided to the Contractor without EDD ISO evaluation, validation, and acceptance of system security controls as documented in the SSP. 9. All transmission of EDD data must be encrypted utilizing only FIPS approved cryptography (FIPS 140-2). 10. All remote access to EDD data must be protected utilizing, at a minimum, two-factor authentication. 11. Security risk assessments will be conducted, documented, and evaluated throughout the life-cycle of the project; at a minimum during the design phase, prior to data transfer, and prior to implementation. 12. A Privacy Impact Assessment will be conducted and a copy will be provided to the Contractor (see Appendix 2) 13. A strategy document will be submitted that will describe how EDD data will be protected at all times (e.g., in transit, at rest, during analytics, data disposal, limiting access, etc.). 14. Only Contractor personnel who have passed a DOJ fingerprint/background check will be allowed to have access to EDD data. A conviction for embezzlement, identity theft or similar computer related crimes shall be basis for disqualifying Contractor personnel from participating. 15. Should the solution incorporate a cloud-computing component, the cloud service provider and system will also be subject to FedRAMP controls and accreditation. 16. Social Security Administration Security Guidelines The EDD maintains an agreement with the Social Security Administration (SSA) to protect all data received from SSA. As part of this agreement, it agrees to comply with a document called “Electronic Information Exchange Security Requirements, Guidelines, and Procedures for Federal, State and Local Agencies Exchanging Electronic Information with the Social Security Administration”. This document is designated “sensitive” by the SSA so is provided securely where required. 17. Department of Motor Vehicles Security Guidelines The EDD maintains an agreement with the Department of Motor Vehicles (DMV) to protect all data received from DMV. As part of this agreement, it agrees to ensure compliance with all the security provisions within a document called “DMV Electronic Access Requirements”. This document is designated “sensitive” so is provided securely where required. G. Protection of Confidentiality Federal and state confidentiality laws, regulations, and administrative policies classify all EDD information provided under this Agreement as confidential. The federal and state Page 40 of 69 6/3/2014 5:02 PM

p. 140

State of California

Employment Development Department

Bid 65251

RFP # 65251

laws prohibit disclosure of EDD’s confidential information to the public and mandate its protection against loss and against unauthorized access, use, disclosure, modification, or destruction. The Contractor must therefore, agree to the following security and confidentiality requirements: 1. Administrative Safeguards a. Adopt policies and procedures to ensure use of EDD’s confidential information solely for purposes specifically authorized under this Agreement that meets the requirements of Title 20, Code of Federal Regulations §603.10. b. Warrant by execution of this Agreement, that no person or selling agency has been employed or retained to solicit or secure this Agreement upon agreement or understanding for a commission, percentage, brokerage, or contingent fee. In the event of a breach or violation of this warranty, EDD shall have the right to annul this Agreement without liability, in addition to other remedies provided by law. c. Warrant and certify that in the performance of this Agreement you will comply with all applicable statutes, rules, and/or regulations and Agreement information security requirements, including but not limited to the following: •

Unemployment Insurance Code §1094 (Disclosure Prohibitions)



Title 20, Code of Federal Regulations §603.9 and §603.10 (Federal Unemployment Compensation Safeguards and Security Requirements)



Civil Code §1798, et seq. (Information Practices Act)



Penal Code §502 (Computer Fraud Act )



Title 5, U.S. Code §552a (Federal Privacy Act Disclosure Restrictions)



Title 42, U.S. Code §503 (Social Security Act)



Title 18, U.S. Code §1905 (Disclosure of Confidential Information)

d. Except for State Agencies, agree to indemnify the EDD against any loss, cost, damage or liability resulting from violations of these applicable statutes, rules and/or regulations and Agreement information security requirements. e. Protect EDD’s information against unauthorized access, at all times, in all forms of media. Access and use the information obtained under this Agreement only to the extent necessary to assist in the valid administrative needs of the program receiving such information and only for the purposes defined in this Agreement. f.

Keep all EDD confidential information completely confidential. Make this information available to authorized personnel on a "need-to-know" basis and only for the purposes authorized under this Agreement. “Need to know” refers to those authorized personnel who need information to perform their official duties in connection with the uses of the information authorized by this Agreement.

Page 41 of 69 6/3/2014 5:02 PM

p. 141

State of California

Employment Development Department

Bid 65251

RFP # 65251

g. Notify the EDD Information Security Office (ISO) at (916) 654-6231, immediately upon discovery, that there may have been a breach in security which has or may have resulted in compromise to the confidential information. For purposes of this section, immediately is defined within 24 hours of discovery of the breach. The notification shall be by phone and the caller shall speak directly with a person in the EDD ISO. It is not sufficient to simply leave a message. The notification must include a detailed description of the incident (such as time, date, location, and circumstances) and identifying responsible personnel (name, title and contact information). The verbal notification shall be followed with an email notification to .

2. Management Safeguards a. Acknowledge that the confidential information obtained by the Contractor under this Agreement remains the property of EDD. b. Instruct all personnel assigned to work with the information provided under this Agreement regarding the following: •

Confidential nature of the EDD information.



Requirements of this Agreement.



Sanctions specified in federal and state unemployment compensation laws and of any other relevant statutes against unauthorized disclosure of confidential information provided by EDD.

c. Require that all personnel assigned to work with the information provided by EDD complete the EDD Confidentiality Agreement (Attachment D1). d. Return the following completed documents to the EDD Contract Services Group: o

EDD Indemnity Agreement (Attachment D2): Required to be completed by the Contractor’s Chief Financial Officer or authorized Management Representative, unless the Contractor is a State Agency.

o

EDD Statement of Responsibility Information Security Certification (Attachment D3): Required to be completed by the Information Security Officer or authorized Management Representative.

e. Subject to receipt of reasonable prior written notice, permit EDD to make on-site inspections at locations where the services are being performed to ensure that the terms of this Agreement are being met. Make available to EDD staff, on request and during on-site reviews, copies of the EDD Confidentiality Agreement (Attachment D1) completed by personnel assigned to work with EDD’s confidential information and hereby made a part of this Agreement f.

Maintain a system of records sufficient to allow an audit of compliance with the requirements under subsection (d) of this part. Permit EDD to make on-site inspections to ensure that the requirements of federal and state privacy, confidentiality and unemployment compensation statutes and regulations are being met including but not limited to Social Security Act §1137(a)(5)(B). EDD will not request proprietary information or confidential information that is unrelated to the services performed by EDD.

Page 42 of 69 6/3/2014 5:02 PM

p. 142

State of California

Employment Development Department

Bid 65251

RFP # 65251

3. Usage, Duplication, and Redisclosure Safeguards a. Use EDD’s confidential information only for purposes specifically authorized under this Agreement. The information is not admissible as evidence in any action or special proceeding except as provided under Section 1094(b) of the Unemployment Insurance Code. Section 1095(u) of the Unemployment Insurance Code does not authorize the use of EDD’s confidential information by any private collection agency. b. Extraction or use of the EDD information for any purpose outside the purposes stated in this Agreement is strictly prohibited. The information obtained under this Agreement shall not be reproduced, published, sold or released in original or any other form not specifically authorized under this Agreement. c. Disclosure of any EDD information to any person or entity not specifically authorized in this Agreement is strictly prohibited. Personnel assigned to work with EDD’s confidential information shall not reveal or divulge to any person or entity any of the confidential information provided under this Agreement except as authorized or required by law. 4. Physical Safeguards a. Take precautions to ensure that only authorized personnel are given access to physical, electronic and on-line files. Store electronic and hard copy information in a place physically secure from access by unauthorized persons. Process and store information in electronic format, such as magnetic tapes or discs, in such a way that unauthorized persons cannot retrieve the information by means of computer, remote terminal or other means. b. Secure and maintain any computer systems (network, hardware and software applications) that will be used in the performance of this Agreement. This includes ensuring that all security patches, upgrades, and anti-virus updates are applied as appropriate to secure data that may be used, transmitted or stored on such systems in the performance of this Agreement c. Store all EDD confidential documents in a physically secure manner at all times to prevent unauthorized access. d. Store EDD’s confidential electronic records in a secure central computer facility. Where in-use on a shared computer system or any shared data storage system, ensure appropriate information security protections are in place. The Contractor shall ensure that appropriate security access controls, storage protections and use restrictions are in place to keep the confidential information in the strictest confidence and shall make the information available to its own personnel on a "need-to-know” basis only. e. A Cloud Computing Environment Cannot Be Used to Receive, Transmit, Store, Or Process EDD’s Confidential Data. f.

Store EDD confidential data in encrypted format when recorded on removable electronic storage media, or on mobile computing devices, such as a laptop computer.

Page 43 of 69 6/3/2014 5:02 PM

p. 143

State of California

Employment Development Department

Bid 65251

RFP # 65251

g. Maintain an audit trail and record data access of authorized users and authorization level of access granted to EDD’s data, based on job function. h. Direct all personnel permitted to use EDD’s data to avoid leaving the data displayed on their computer screens where unauthorized users may view it. Personnel should retrieve computer printouts as soon as they are generated so that the EDD data is not left unattended in printers where unauthorized personnel may access them. i.

Dispose of confidential information obtained from EDD, and any copies thereof made by the contractor, after the purpose for which the confidential information is disclosed is served. Disposal means return of the confidential information to EDD or destruction of the information utilizing an approved method of confidential destruction, which includes electronic deletion (following Department of Defense specifications) shredding, burning, certified or witnessed destruction.

Page 44 of 69 6/3/2014 5:02 PM

p. 144

State of California

Employment Development Department

Bid 65251

RFP # 65251

Attachment A. Key Staff Qualifications Complete this attachment (or a table or spreadsheet similar to it) for each of the proposed key staff. Failure to complete this attachment may be cause for rejection of the offer. Experience Qualifications

Number of Years

Name of project(s), staff role and the relevant experience on the project(s). List dates of each engagement

Reference 1 information : name, e-mail address, phone number

Mandatory: Minimum two (2) years of experience customizing and operating data analytics systems. Mandatory: At least one (1) year experience with benefit fraud detection Desirable: Demonstrated expertise in Unemployment Insurance fraud Desirable: Demonstrated expertise in Disability Insurance fraud Desirable: Demonstrated expertise in employer withholding fraud Desirable: Demonstrated expertise in data mining Desirable: Demonstrated expertise in dynamic modeling

Describe previous experience with data analytic systems. Include the following information (attach additional sheets as needed): • Client/project name • Client name, contact name, and contact telephone number • Start date and end date for each client/project • Overview of the contractor staff person’s role on the respective project • Final disposition of the services and/or products provided to the client 1

List at least two references in this column. Two references are not required for each row, instead a minimum of two references is required for each staff person.

Page 45 of 69 6/3/2014 5:02 PM

p. 145

Employment Development Department

State of California

RFP # 65251

Bid 65251

Attachment B. Cost Data Sheet For each deliverable, identify the contract staff to be assigned to that deliverable and the associated hours and costs for completing that deliverable in the table below. Deliverables are paid on a fixed-price basis. The Contractor may not invoice the State for any costs exceeding the maximum amount identified to complete a deliverable. Any excess hours to complete a deliverable shall be the expense of the Contractor. Include 500 discretionary hours for unanticipated deliverables which may be required by the State under this agreement. Respondent must list a maximum hourly wage rate that will not be exceeded for any job classification that performs unanticipated tasks. Unanticipated deliverables will be reimbursed as specified in the approved Work Authorization for unanticipated deliverables. Del. #

Deliverable

1

Requirements Validation Document

2

Source Data Recommendations Document

3

Dashboard Design and Development

4

Beneficiary Validation Analysis

5

Employer Validation Analysis

6

Claims Analysis (Predictive Models)

7

Data Matching Services

Staff Name(s)

Hourly Rate

Estimated Total Hours

Cost

25% Withhold Amount (see Section III D. 2.)

(sum of withhold amounts for deliverables # 1—6)

Staff Subtotal 8

Production Go-Live (12 months of live service with weekly reports)

12 months (monthly rate)

Unanticipated Deliverables

500 hours

(Maximum hourly bill rate)

Total Agreement Cost (Staff Subtotal + 12 months of Production Go-Live + Unanticipated Deliverables)

6/3/2014 5:02 PM

Page 46 of 69

p. 146

Employment Development Department

State of California

RFP # 65251

Bid 65251

Attachment C1. Confidentiality Agreement

6/3/2014 5:02 PM

Page 47 of 69

p. 147

Employment Development Department

State of California

RFP # 65251

Bid 65251

Attachment C2. Indemnity Agreement

6/3/2014 5:02 PM

Page 48 of 69

p. 148

Employment Development Department

State of California

RFP # 65251

Bid 65251

Attachment C3. Statement of Responsibility

6/3/2014 5:02 PM

Page 49 of 69

p. 149

Employment Development Department

State of California

RFP # 65251

Bid 65251

Attachment D WORKERS’ COMPENSATION CERTIFICATION The undersigned in submitting this document hereby certifies the following: I am aware of the provisions of section 3700 of the California Labor Code which requires every employer to be insured against liability for workers’ compensation or to undertake self-insurance in accordance with such provisions before commencing the performance of the work of this Agreement.

________________________________ ________________________________ Signature Date

________________________________ ________________________________ Name and Title (Print or Type) Street Address

________________________________ ________________________________ Firm Name City, State, Zip

6/3/2014 5:02 PM

Page 50 of 69

p. 150

Employment Development Department

State of California

RFP # 65251

Bid 65251

Page 1 of 2

Attachment E CERTIFICATION REGARDING DEBARMENT, SUSPENSION, INELIGIBILITY AND VOLUNTARY EXCLUSION LOWER TIER COVERED TRANSACTION

This certification is required by the regulations implementing Executive Order, 12549, Debarment and Suspension, 29 CFR Part 98, Section 98.510, Participants’ responsibilities. The regulations were published as Part VII of the May 26, 1988, Federal Register (Pages 19160-19211).

(BEFORE COMPLETING CERTIFICATION, READ INSTRUCTIONS WHICH ARE AN INTEGRAL PART OF THE CERTIFICATION.)

1.

The prospective recipient of Federal assistance funds certifies, by submission of this proposal, that neither it nor its principals are presently debarred, suspended, proposed for debarment, declared ineligible, or voluntarily excluded from participation in this transaction by any Federal department or agency.

2.

Where the prospective recipient of Federal assistance funds is unable to certify to any of the statements in this certification, such prospective participant shall attach an explanation to this proposal.

Name and Title of Authorized Representative

Signature

FD118 (Rev. 9/22/04) 6/3/2014 5:02 PM

Date

Page 51 of 69 p. 151

Employment Development Department

State of California

RFP # 65251

Bid 65251

Page 2 of 2

INSTRUCTIONS FOR CERTIFICATION

1.

By signing and submitting this proposal, the prospective recipient of Federal assistance funds is providing the certification as set out below.

2.

The certification in this clause is material representation of fact upon which reliance was placed when this transaction was entered into. If it is later determined that the prospective recipient of Federal assistance funds knowingly rendered an erroneous certification, in addition to other remedies available to the Federal Government, the Department of Labor (DOL) may pursue available remedies, including suspension and/or debarment.

3.

The prospective recipient of Federal assistance funds shall provide immediate written notice to the person to whom this proposal is submitted if at any time the prospective recipient of Federal assistance funds learns that its certification was erroneous when submitted or has become erroneous by reason of changed circumstances.

4.

The terms “covered transaction,” “debarred,” “suspended,” “ineligible,” “lower tier covered transaction,” “participant,” “person,” “primary covered transaction,” “principal,” “proposal,” and “voluntarily excluded,” as used in this clause, have the meanings set out in the Definitions and Coverage sections of rules and implementing Executive Order 12549. You may contact the person to whom this proposal is submitted for assistance in obtaining a copy of those regulations.

5.

The prospective recipient of Federal assistance funds agrees by submitting this proposal that, should the proposed covered transaction be entered into, it shall not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible, or voluntarily excluded from participation in this covered transaction, unless authorized by the DOL.

6.

The prospective recipient of Federal assistance funds further agrees by submitting this proposal that it will include the clause titled “Certification Regarding Debarment, Suspension, Ineligibility and Voluntary Exclusion--Lower Tier Covered Transactions, “without modification, in all lower tier covered transaction and in all solicitations for lower tier covered transactions.

7.

A participant in a covered transaction may rely upon a certification of a prospective participant in a lower tier covered transaction that it is not debarred, suspended, ineligible, or voluntarily excluded from the covered transaction, unless it knows that the certification is erroneous. A participant may decide the method and frequency by which it determines the eligibility of its principals. Each participant may but is not required to, check the List of Parties Excluded From Procurement or Nonprocurement Programs.

8.

Nothing contained in the foregoing shall be construed to require establishment of a system of records in order to render in good faith the certification required by this clause. The knowledge and information of a participant is not required to exceed that which is normally possessed by a prudent person in the ordinary course of business dealings.

9.

Except for transactions authorized under paragraph 5 of these instructions, if a participant in a covered transaction knowingly enters into a lower tier covered transaction with a person who is suspended, debarred, ineligible, or voluntary excluded from participation in this transaction, in addition to other remedies available to the Federal Government, the DOL may pursue available remedies, including suspension and/or debarment.

FD118 (Rev. 9/22/04) 6/3/2014 5:02 PM

Page 52 of 69 p. 152

State of California

Employment Development Department

RFP # 65251

Bid 65251

Attachment F STATE OF CALIFORNIA-DEPARTMENT OF FINANCE

PAYEE DATA RECORD (Required when receiving payment from the State of California in lieu of IRS W-9) STD. 204 (REV. 6-2003)

1

INSTRUCTIONS: Complete all information on this form. Sign, date, and return to the State agency (department/office) address shown at the bottom of this page. Prompt return of this fully completed form will prevent delays when processing payments. Information provided in this form will be used by State agencies to prepare Information Returns (1099). See reverse side for more Information and Privacy Statement. NOTE: Governmental entities, federal, State, and local (including school districts), are not required to submit this form.

PAYEE’S LEGAL BUSINESS NAME

2

(Type or Print)

SOLE PROPRIETOR - ENTER NAME AS SHOWN ON SSN (Last, First, M.I.) MAILING ADDRESS

BUSINESS ADDRES

CITY, STATE, ZIP CODE

CITY, STATE, ZIP CODE

ENTER FEDERAL EMPLOYER IDENTIFICATION (FEIN):

-

3 PARTNERSHIP

PAYEE ENTITY TYPE CHECK ONE BOX ONLY

E-MAIL ADDRESS

ESTATE OR TRUST

CORPORATION: MEDICAL (e.g., dentistry, psychotherapy, chiropractic, etc.) LEGAL (e.g., attorney services) EXEMPT (nonprofit)

NOTE: Payment will not be processed without an accompanying taxpayer I.D. number.

ALL OTHERS

-

INDIVIDUAL OR SOLE PROPRIETOR ENTER SOCIAL SECURITY NUMBER:

-

(SSN required by authority of California Revenue and Tax Code Section 18646)

California resident - Qualified to do business in California or maintains a permanent place of business in California.

4 PAYEE RESIDENCY STATUS

5

California nonresident (see reverse side) - Payments to nonresidents for services may be subject to State income tax withholding. No services performed in California. Copy of Franchise Tax Board waiver of State withholding attached.

I hereby certify under penalty of perjury that the information provided on this document is true and correct. Should my residency status change, I will promptly notify the State agency below. AUTHORIZED PAYEE REPRESENTATIVE’S NAME (Type or Print) SIGNATURE

TITLE

DATE

TELEPHONE ) (

Please return completed form to:

6

Department/Office: EDD Unit/Section: Contract Services Group Mailing Address: 800 Capitol Mall MIC 62-C City/State/Zip: Sacramento, CA 95814 Telephone: 916-654-7987

Fax: 916-449-1565

E-mail Address: [email protected]

STD. 204 (Rev. 6-2003) (INTRANET)

6/3/2014 5:02 PM

Page 1 of 2

Page 53 of 69

CU

p. 153

Employment Development Department

State of California

RFP # 65251

Bid 65251

STATE OF CALIFORNIA-DEPARTMENT OF FINANCE

PAYEE DATA RECORD (Required when receiving payment from the State of California in lieu of IRS W-9) STD. 204 (REV. 6-2003) (REVERSE)

Requirement to Complete Payee Data Record, STD. 204

1

A completed Payee Data Record, STD. 204, is required for payments to all non-governmental entities and will be kept on file at each State agency. Since each State agency with which you do business must have a separate STD. 204 on file, it is possible for a payee to receive this form from various State agencies. Payees who do not wish to complete the STD. 204 may elect to not do business with the State. If the payee does not complete the STD. 204 and the required payee data is not otherwise provided, payment may be reduced for federal backup withholding and nonresident State income tax withholding. Amounts reported on Information Returns (1099) are in accordance with the Internal Revenue Code and the California Revenue and Taxation Code.

2

Enter the payee’s legal business name. Sole proprietorships must also include the owner’s full name. An individual must list his/her full name. The mailing address should be the address at which the payee chooses to receive correspondence. Do not enter payment address or lock box information here.

3

Check the box that corresponds to the payee business type. Check only one box. Corporations must check the box that identifies the type of corporation. The State of California requires that all parties entering into business transactions that may lead to payment(s) from the State provide their Taxpayer Identification Number (TIN). The TIN is required by the California Revenue and Taxation Code Section 18646 to facilitate tax compliance enforcement activities and the preparation of Form 1099 and other information returns as required by the Internal Revenue Code Section 6109(a). The TIN for individuals and sole proprietorships is the Social Security Number (SSN). Only partnerships, estates, trusts, and corporations will enter their Federal Employer Identification Number (FEIN). Are you a California resident or nonresident?

4

A corporation will be defined as a “resident” if it has a permanent place of business in California or is qualified through the Secretary of State to do business in California. A partnership is considered a resident partnership if it has a permanent place of business in California. An estate is a resident if the decedent was a California resident at time of death. A trust is a resident if at least one trustee is a California resident. For individuals and sole proprietor, the term “resident” includes every individual who is in California for other than a temporary or transitory purpose and any individual domiciled in California who is absent for a temporary or transitory purpose. Generally, an individual who comes to California for a purpose that will extend over a long or indefinite period will be considered a resident. However, an individual who comes to perform a particular contract of short duration will be considered a nonresident. Payments to all nonresidents may be subject to withholding. Nonresident payees performing services in California or receiving rent, lease, or royalty payments from property (real or personal) located in California will have 7% of their total payments withheld for State income taxes. However, no withholding is required if total payments to the payee are $1,500 or less for the calendar year. For information on Nonresident Withholding, contact the Franchise Tax Board at the numbers listed below: Withholding Services and Compliance Section: 1-888-792-4900 E-mail address: [email protected] For hearing impaired with TDD, call: 1-800-822-6268 Website: www.ftb.ca.gov

5

Provide the name, title, signature, and telephone number of the individual completing this form. Provide the date the form was completed.

6

This section must be completed by the State agency requesting the STD. 204. Privacy Statement Section 7(b) of the Privacy Act of 1974 (Public Law 93-579) requires that any federal, State, or local governmental agency, which requests an individual to disclose their social security account number, shall inform that individual whether that disclosure is mandatory or voluntary, by which statutory or other authority such number is solicited, and what uses will be made of it. It is mandatory to furnish the information requested. Federal law requires that payment for which the requested information is not provided is subject to federal backup withholding and State law imposes noncompliance penalties of up to $20,000. You have the right to access records containing your personal information, such as your SSN. To exercise that right, please contact the business services unit or the accounts payable unit of the State agency(ies) with which you transact that business. All questions should be referred to the requesting State agency listed on the bottom front of this form.

STD. 204 (Rev. 6-2003) (INTRANET)

6/3/2014 5:02 PM

Page 2 of 2

Page 54 of 69

CU

p. 154

Employment Development Department

State of California

RFP # 65251

Bid 65251

Attachment G CCC-307 CERTIFICATION I, the official named below, CERTIFY UNDER PENALTY OF PERJURY that I am duly authorized to legally bind the prospective Contractor to the clause(s) listed below. This certification is made under the laws of the State of California. Contractor/Bidder Firm Name (Printed)

Federal ID Number

By (Authorized Signature) Printed Name and Title of Person Signing Date Executed

Executed in the County of

CONTRACTOR CERTIFICATION CLAUSES 1. STATEMENT OF COMPLIANCE: Contractor has, unless exempted, complied with the nondiscrimination program requirements. (Gov. Code §12990 (a-f) and CCR, Title 2, Section 8103) (Not applicable to public entities.) 2. DRUG-FREE WORKPLACE REQUIREMENTS: Contractor will comply with the requirements of the Drug-Free Workplace Act of 1990 and will provide a drug-free workplace by taking the following actions: a. Publish a statement notifying employees that unlawful manufacture, distribution, dispensation, possession or use of a controlled substance is prohibited and specifying actions to be taken against employees for violations. b. Establish a Drug-Free Awareness Program to inform employees about: 1) the dangers of drug abuse in the workplace; 2) the person's or organization's policy of maintaining a drug-free workplace; 3) any available counseling, rehabilitation and employee assistance programs; and, 4) penalties that may be imposed upon employees for drug abuse violations. c. Every employee who works on the proposed Agreement will: 1) receive a copy of the company's drug-free workplace policy statement; and, 2) agree to abide by the terms of the company's statement as a condition of employment on the Agreement. Failure to comply with these requirements may result in suspension of payments under the Agreement or termination of the Agreement or both and Contractor may be ineligible for award of any future State agreements if the department determines that any of the following has occurred: the Contractor has made false certification, or violated the

Page 55 of 69 6/3/2014 5:02 PM

p. 155

Employment Development Department

State of California

RFP # 65251

Bid 65251

certification by failing to carry out the requirements as noted above. (Gov. Code §8350 et seq.) 3. NATIONAL LABOR RELATIONS BOARD CERTIFICATION: Contractor certifies that no more than one (1) final unappealable finding of contempt of court by a Federal court has been issued against Contractor within the immediately preceding two-year period because of Contractor's failure to comply with an order of a Federal court, which orders Contractor to comply with an order of the National Labor Relations Board. (Pub. Contract Code §10296) (Not applicable to public entities.) 4. CONTRACTS FOR LEGAL SERVICES $50,000 OR MORE- PRO BONO REQUIREMENT: Contractor hereby certifies that contractor will comply with the requirements of Section 6072 of the Business and Professions Code, effective January 1, 2003. Contractor agrees to make a good faith effort to provide a minimum number of hours of pro bono legal services during each year of the contract equal to the lessor of 30 multiplied by the number of full time attorneys in the firm’s offices in the State, with the number of hours prorated on an actual day basis for any contract period of less than a full year or 10% of its contract with the State. Failure to make a good faith effort may be cause for non-renewal of a state contract for legal services, and may be taken into account when determining the award of future contracts with the State for legal services. 5. EXPATRIATE CORPORATIONS: Contractor hereby declares that it is not an expatriate corporation or subsidiary of an expatriate corporation within the meaning of Public Contract Code Section 10286 and 10286.1, and is eligible to contract with the State of California. 6. SWEATFREE CODE OF CONDUCT: a. All Contractors contracting for the procurement or laundering of apparel, garments or corresponding accessories, or the procurement of equipment, materials, or supplies, other than procurement related to a public works contract, declare under penalty of perjury that no apparel, garments or corresponding accessories, equipment, materials, or supplies furnished to the state pursuant to the contract have been laundered or produced in whole or in part by sweatshop labor, forced labor, convict labor, indentured labor under penal sanction, abusive forms of child labor or exploitation of children in sweatshop labor, or with the benefit of sweatshop labor, forced labor, convict labor, indentured labor under penal sanction, abusive forms of child labor or exploitation of children in sweatshop labor. The contractor further declares under penalty of perjury that they adhere to the Sweatfree Code of Conduct as set forth on the California Department of Industrial Relations website located at www.dir.ca.gov, and Public Contract Code Section 6108. b. The contractor agrees to cooperate fully in providing reasonable access to the contractor’s records, documents, agents or employees, or premises if reasonably required by authorized officials of the contracting agency, the Department of Industrial Relations,

Page 56 of 69 6/3/2014 5:02 PM

p. 156

Employment Development Department

State of California

RFP # 65251

Bid 65251

or the Department of Justice to determine the contractor’s compliance with the requirements under paragraph (a). 7. DOMESTIC PARTNERS: For contracts over $100,000 executed or amended after January 1, 2007, the contractor certifies that contractor is in compliance with Public Contract Code section 10295.3.

DOING BUSINESS WITH THE STATE OF CALIFORNIA The following laws apply to persons or entities doing business with the State of California. 1. CONFLICT OF INTEREST: Contractor needs to be aware of the following provisions regarding current or former state employees. If Contractor has any questions on the status of any person rendering services or involved with the Agreement, the awarding agency must be contacted immediately for clarification. Current State Employees (Pub. Contract Code §10410): 1). No officer or employee shall engage in any employment, activity or enterprise from which the officer or employee receives compensation or has a financial interest and which is sponsored or funded by any state agency, unless the employment, activity or enterprise is required as a condition of regular state employment. 2). No officer or employee shall contract on his or her own behalf as an independent contractor with any state agency to provide goods or services. Former State Employees (Pub. Contract Code §10411): 1). For the two-year period from the date he or she left state employment, no former state officer or employee may enter into a contract in which he or she engaged in any of the negotiations, transactions, planning, arrangements or any part of the decision-making process relevant to the contract while employed in any capacity by any state agency. 2). For the twelve-month period from the date he or she left state employment, no former state officer or employee may enter into a contract with any state agency if he or she was employed by that state agency in a policy-making position in the same general subject area as the proposed contract within the 12-month period prior to his or her leaving state service. If Contractor violates any provisions of above paragraphs, such action by Contractor shall render this Agreement void. (Pub. Contract Code §10420) Members of boards and commissions are exempt from this section if they do not receive payment other than payment of each meeting of the board or commission, payment for preparatory time and payment for per diem. (Pub. Contract Code §10430 (e))

Page 57 of 69 6/3/2014 5:02 PM

p. 157

Employment Development Department

State of California

RFP # 65251

Bid 65251

2. LABOR CODE/WORKERS' COMPENSATION: Contractor needs to be aware of the provisions which require every employer to be insured against liability for Worker's Compensation or to undertake self-insurance in accordance with the provisions, and Contractor affirms to comply with such provisions before commencing the performance of the work of this Agreement. (Labor Code Section 3700) 3. AMERICANS WITH DISABILITIES ACT: Contractor assures the State that it complies with the Americans with Disabilities Act (ADA) of 1990, which prohibits discrimination on the basis of disability, as well as all applicable regulations and guidelines issued pursuant to the ADA. (42 U.S.C. 12101 et seq.) 4. CONTRACTOR NAME CHANGE: An amendment is required to change the Contractor's name as listed on this Agreement. Upon receipt of legal documentation of the name change the State will process the amendment. Payment of invoices presented with a new name cannot be paid prior to approval of said amendment. 5. CORPORATE QUALIFICATIONS TO DO BUSINESS IN CALIFORNIA: a. When agreements are to be performed in the state by corporations, the contracting agencies will be verifying that the contractor is currently qualified to do business in California in order to ensure that all obligations due to the state are fulfilled. b. "Doing business" is defined in R&TC Section 23101 as actively engaging in any transaction for the purpose of financial or pecuniary gain or profit. Although there are some statutory exceptions to taxation, rarely will a corporate contractor performing within the state not be subject to the franchise tax. c. Both domestic and foreign corporations (those incorporated outside of California) must be in good standing in order to be qualified to do business in California. Agencies will determine whether a corporation is in good standing by calling the Office of the Secretary of State. 6. RESOLUTION: A county, city, district, or other local public body must provide the State with a copy of a resolution, order, motion, or ordinance of the local governing body which by law has authority to enter into an agreement, authorizing execution of the agreement. 7. AIR OR WATER POLLUTION VIOLATION: Under the State laws, the Contractor shall not be: (1) in violation of any order or resolution not subject to review promulgated by the State Air Resources Board or an air pollution control district; (2) subject to cease and desist order not subject to review issued pursuant to Section 13301 of the Water Code for violation of waste discharge requirements or discharge prohibitions; or (3) finally determined to be in violation of provisions of federal law relating to air or water pollution. 8. PAYEE DATA RECORD FORM STD. 204: This form must be completed by all contractors that are not another state agency or other governmental entity.

Page 58 of 69 6/3/2014 5:02 PM

p. 158

Employment Development Department

State of California

RFP # 65251

Bid 65251

S:\ADMIN\HOMEPAGE\CCC\draft CCC-307.doc

Page 59 of 69 6/3/2014 5:02 PM

p. 159

Employment Development Department

State of California

RFP # 65251

Bid 65251

Attachment H CERTIFICATION REGARDING LOBBYING CERTIFICATION FOR CONTRACTS, GRANTS, LOANS, AND COOPERATIVE AGREEMENTS The undersigned certifies, to the best of his or her knowledge and belief, that: (1) No Federal appropriated funds have been paid or will be paid, by or on behalf of the undersigned, to any person for influencing or attempting to influence an officer or employee of an agency, a Member of Congress, an officer or employee of Congress, or an employee of a Member of Congress in connection with the awarding of any Federal contract, the making of any Federal grant, the making of any Federal loan, the entering into of any cooperative agreement, and the extension, continuation, renewal, amendment, or modification of any Federal contract, grant, loan, or cooperative agreement. (2) If any funds other than Federal appropriated funds have been paid or will be paid to any person for influencing or attempting to influence an officer or employee of any agency, a Member of Congress, an officer or employee of Congress, or an employee of a member of Congress in connection with this Federal contract, grant, loan, or cooperative agreement, the undersigned shall complete and submit Standard Form-LLL, "Disclosure Form to Report Lobbying," in accordance with its instructions. (3) The undersigned shall require that the language of this certification be included in the award documents for all* subawards at all tiers (including subcontracts, subgrants and contracts under grants, loans, and cooperative agreements) and that all* subrecipients shall certify and disclose accordingly. This certification is a material representation of fact upon which reliance was placed when this transaction was made or entered into. Submission of this certification is a prerequisite for making or entering into this transaction imposed by Section 1352, Title 31, U.S. Code. Any person who fails to file the required certification shall be subject to a civil penalty of not less than $10,000 and not more than $100,000 for each such failure.

Grantee/Contractor Organization

Program/Title

Name and Title of Authorized Signatory Signature *Note:

Date In these instances, “All,” in the Final Rule is expected to be clarified to show that it applies to covered contract/grant transactions over $100,000 (per 29 CFR 93.110).

FD016 (Rev. 07/21/2010) 6/3/2014 5:02 PM

Page 60 of 69 p. 160

Employment Development Department

State of California

RFP # 65251

Bid 65251

DISCLOSURE OF LOBBYING ACTIVITIES

Complete this form to disclose lobbying activities pursuant to 31 U.S.C. 1352 (See reverse for public burden disclosure)

1. Type of Federal Action 2. Status of Federal Action 3. Report Type: a. contract a. bid/offer/application a. initial filing b. grant b. initial award b. material change For Material Change Only: c. cooperative agreement c. post-award d. loan year_____ quarter_____ e. loan guarantee date of last report ______ f. loan insurance 4. Name and Address of Reporting Entity: 5. If Reporting Entity in No. 4 is a Subawardee, Prime Subawardee Enter Name and Address of Prime: Tier ______, if known:

Congressional District, if known: 6. Federal Department/Agency:

Congressional District, if known: 7. Federal Program Name/Description:

CFDA Number, if applicable: 9. Award Amount, if known: $ 10. a. Name and Address of Lobbying Entity b. Individual Performing Services (include address (if individual, last name, first name, MI): if different from No. 10a.) (last name, first name, MI): (attach Continuation Sheet (s) SF-LLL-A, if necessary) 11. Amount of Payment (check all that apply): 13. Type of Payment (check all that apply): $ actual planned a. retainer 12. Form of Payment (check all that apply): b. one-time fee a. cash c. commission b. in-kind; specify: nature d. contingent fee value e. deferred f. other; specify:___________________ 14. Brief Description of Services Performed or to be Performed and date(s) of Service, including officer(s), employee(s) or Member(s) contacted, for Payment Indicated on Item 11: 8. Federal Action Number, if known:

(attach Continuation Sheet (s) SF-LLL-A, if necessary)

15. Continuation Sheet (s) SF-LLL-A attached: 16. Information requested through this form is authorized by Title 31 U.S.C. Section 1352. This disclosure of lobbying activities is a material representation of fact upon which reliance was placed by the tier above when this transaction was made or entered into. This disclosure is required pursuant to 31 U.S.C. 1352. This information will be reported to the Congress semiannually and will be available for public inspection. Any person who fails to file the required disclosure shall be subject to a civil penalty of not less than $10,000 and not more than $100,000 for each such failure.

Yes

No

Signature: Print Name: Title: Telephone No.:

Date:

INSTRUCTIONS FOR COMPLETION OF SF-LLL, DISCLOSURE OF LOBBYING ACTIVITIES Federal Use Only: 6/3/2014 5:02 PM

Page 61 of 69

Authorized for Local Reproduction Standard Form - LLL-A (Rev. 7-97)

p. 161

Employment Development Department

State of California

RFP # 65251

Bid 65251

This disclosure form shall be completed by the reporting entity, whether subawardee or prime Federal recipient, at the initiation or receipt of a covered Federal action, or a material change to a previous filing, pursuant to title 31 U.S.C. Section 1352. The filing of a form is required for each payment or agreement to make payment to any lobbying entity for influencing or attempting to influence an officer or employee of any agency, a Member of Congress, an officer or employee of Congress, or an employee of Congress, or an employee of a Member of Congress in connection with a covered Federal action. Use the SF-LLL-A Continuation Sheet for additional information if the space on the form is inadequate. Complete all items that apply for both the initial filing and material change report. Refer to the implementing guidance published by the Office of Management and Budget for additional information. 1.

Identify the type of covered Federal action for which lobbying activity is and/or has been secured to influence the outcome of a covered Federal action.

2.

Identify the status of the covered Federal action.

3.

Identify the appropriate classification of this report. If this is a follow-up report caused by a material change to the information previously reported, enter the year and quarter in which the change occurred. Enter the date of the last previously submitted report by this reporting entity for this covered Federal action.

4.

Enter the full name, address, city, state, and zip code of the reporting entity. Include Congressional District, if known. Check the appropriate classification of the reporting entity that designates if it is, or expects to be, a prime or subaward recipient. Identify the tier of the subawardee, e.g., the first subawardee of the prime is the 1st tier. Subawards include but are not limited to subcontracts, subgrants and contract awards under grants.

5.

If the organization filing the report in item 4 checks “Subawardee”, then enter the full name, address, city, state, and zip code of the prime Federal recipient. Include Congressional District, if known.

6.

Enter the name of the Federal agency making the award or loan commitment. Include at least one organizational level below agency name, if known. For example, Department of Transportation, United States Coast Guard.

7.

Enter the Federal program name or description for the covered Federal action (item 1). If known, enter the full Catalog of Federal Domestic Assistance (CFDA) number for grants, cooperative agreements, loans and loan commitment.

8.

Enter the most appropriate Federal identifying number available for the Federal action identified in item 1 (e.g., Request for Proposal (RFP) number, Invitation for Bid (IFB) number, grant announcement number, the contract, grant, or loan award number, the application/proposal control number assigned by the Federal agency). Include prefixes, e.g., “RFD-DE-90-001.”

9.

For a covered Federal action where there has been an award or loan commitment by the Federal agency, enter the Federal amount of the award/loan commitment for the prime entity identified in item 4 or 5.

10.

(a) (b)

Enter the full name, address, city, state, and zip code of the lobbying entity engaged by the reporting entity identified in item 4 to influence the covered Federal action. Enter the full names of the individual(s) performing services, and include full address if different from 10 (a). Enter Last Name, First Name, and Middle Initial (MI).

11.

Enter the amount of compensation paid or reasonably expected to be paid by the reporting entity (item 4) to the lobbying entity (item 10). Indicate whether the payment has been made (actual) or will be made (planned). Check all boxes that apply. If this is a material change report, enter the cumulative amount of payment made or planned to be made.

12.

Check the appropriate box(es). Check all boxes that apply. If payment is made through an in-kind contribution, specify the nature and value of the in-kind payment.

13.

Check the appropriate box(es). Check all boxes that apply. If other, specify nature.

14.

Provide a specific and detailed description of the services that the lobbyist has performed, or will be expected to perform, and the date(s) of any services rendered. Include all preparatory and related activity, not just time spent in actual contact with Federal officials. Identify the Federal official(s) or employee(s) contacted or the officer(s), employee(s), or Member(s) of Congress that were contacted.

15.

Check whether or not a SF-LLL-A Continuation Sheet(s) is attached.

16.

The certifying official shall sign and date the form, print his/her name, title, and telephone number.

Federal Use Only: 6/3/2014 5:02 PM

A

Page 62 of 69

Authorized for Local Reproduction Standard Form - LLL-A (Rev. 7-97)

p. 162

Employment Development Department

State of California

RFP # 65251

Bid 65251

Attachment I DARFUR CONTRACTING ACT

Effective January 1, 2009, procurements for Non-Information Technology (Non-IT) goods or services must address the requirements of this Act. The Act is intended to preclude State agencies generally from contracting with SCRUTINIZED companies that do business in the African nation of Sudan (of which the Darfur region is a part), for the reasons described in Public Contract Code section 10475. A SCRUTINIZED company is a company doing specified types of business in Sudan as defined in Public Contract Code section 10476. SCRUTINIZED companies are ineligible to, and cannot, bid on or submit a proposal for a contract with a State agency for Non-IT goods or services (Public Contract Code section 10477(a)). Public Contract Code section 10478 (a) requires a company that currently has (or within the previous three years has had) business activities or other operations outside of the United States to certify that it is not a SCRUTINIZED company in order to submit a bid or proposal to a State agency. A SCRUTINIZED company may still, however, submit a bid or proposal for a contract with a State agency for goods or services if the company first obtains permission from the Department of General Services (DGS) according to the criteria set forth in Public Contract Code section 10477(b). If your company, within the previous three years, had any business activities or other operations outside of the United States, you need to complete the Darfur Contracting Act Certification. This applies regardless of the procurement approach, method, or solicitation format used including, but not limited to: Formal Bids, Informal Bids, Request for Proposals, Invitation for Bids, Non-Competitive Bids, the SB/DVBE Option, and under $5,000 fair and reasonable pricing.

FDO19 (Rev. 7/28/10) Page 63 of 69 6/3/2014 5:02 PM

p. 163

State of California

Employment Development Department

RFP # 65251

Bid 65251

DARFUR CONTRACTING ACT CERTIFICATION

Public Contract Code, Sections 10475 -10481 applies to any company that currently or within the previous three years has had business activities or other operations outside of the United States. For such a company to bid on or submit a proposal for a State of California contract, the company must certify that it is either a) not a scrutinized company; or b) a scrutinized company that has been granted permission by the Department of General Services to submit a proposal. If your company has not, within the previous three years, had any business activities or other operations outside of the United States, you do not need to complete this form. OPTION #1 - CERTIFICATION If your company, within the previous three years, has had business activities or other operations outside of the United States, in order to be eligible to submit a bid or proposal, please insert your company name and Federal ID Number and complete the certification below. I, the official named below, CERTIFY UNDER PENALTY OF PERJURY that a) the prospective proposer/bidder named below is not a scrutinized company per Public Contract Code 10476; and b) I am duly authorized to legally bind the prospective proposer/bidder named below. This certification is made under the laws of the State of California. Company/Vendor Name (Printed)

Federal ID Number

By (Authorized Signature) Printed Name and Title of Person Signing Date Executed

Executed in the County and State of

OPTION #2 – WRITTEN PERMISSION FROM DGS Pursuant to Public Contract Code, Section 10477(b), the Director of the Department of General Services may permit a scrutinized company, on a case-by-case basis, to bid on or submit a proposal for a contract with a state agency for goods or services, if it is in the best interests of the state. If you are a scrutinized company that has obtained written permission from the DGS to submit a bid or proposal, complete the information below. We are a scrutinized company as defined in Public Contract Code, Section 10476, but we have received written permission from the Department of General Services to submit a bid or proposal pursuant to Public Contract Code, Section 10477(b). A copy of the written permission from DGS is included with our bid or proposal. Company/Vendor Name (Printed)

Federal ID Number

Initials of Submitter Printed Name and Title of Person Initialing

FDO19 (Rev. 7/28/10) Page 64 of 69 6/3/2014 5:02 PM

p. 164

State of California

Employment Development Department

State of California—Department of General Services, Procurement Division GSPD–05–105 (REV 08/09)

RFP # 65251

Bid 65251

Solicitation Number_____________________

Attachment J

BIDDER DECLARATION 1.

Prime bidder information (Review attached Bidder Declaration Instructions prior to completion of this form): a. Identify current California certification(s) (MB, SB, NVSA, DVBE): ____________ or None ____ (If “None”, go to Item #2) b. Will subcontractors be used for this contract? Yes ___ No ___ (If yes, indicate the distinct element of work your firm will perform in this contract e.g., list the proposed products produced by your firm, state if your firm owns the transportation vehicles that will deliver the products to the State, identify which solicited services your firm will perform, etc.). Use additional sheets, as necessary. _________________________________________________________________________________________________________________________ _________________________________________________________________________________________________________________________ c. If you are a California certified DVBE:

2.

(1) Are you a broker or agent? Yes ___ No ___ (2) If the contract includes equipment rental, does your company own at least 51% of the equipment provided in this contract (quantity and value)? Yes ___ No ___ N/A ___

If no subcontractors will be used, skip to certification below. Otherwise, list all subcontractors for this contract. (Attach additional pages if necessary):



Subcontractor Name, Contact Person, Phone Number & Fax Number

Subcontractor Address & Email Address

CA Certification (MB, SB, NVSA, DVBE or None)

Work performed or goods provided for this contract

Corresponding % of bid price

Good Standing?

51% Rental?

0%

0%

0%

Certification: By signing the bid response, I certify under penalty of perjury that the information provided is true and correct. Page 65 of 69 6/3/2014 5:02 PM

Page_____ of _____

p. 165

State of California

Employment Development Department

RFP # 65251

State of California—Department of General Services, Procurement Division GSPD–05–105 (REV 08/09) Instructions

Bid 65251

BIDDER DECLARATION Instructions All prime bidders (the firm submitting the bid) must complete the Bidder Declaration.

2. (continued) Column Labels

1.a. Identify all current certifications issued by the State of California. If the prime bidder has no California certification(s), check the line labeled “None” and proceed to Item #2. If the prime bidder possesses one or more of the following certifications, enter the applicable certification(s) on the line: • Microbusiness (MB) • Small Business (SB) • Nonprofit Veteran Service Agency (NVSA) • Disabled Veteran Business Enterprise (DVBE)



Subcontractor Name, Contact Person, Phone Number & Fax Number—List each element for all subcontractors.



Subcontractor Address & Email Address—Enter the address and if available, an Email address.



CA Certification (MB, SB, NVSA, DVBE or None)—If the subcontractor possesses a current State of California certification(s), verify on this website (www.eprocure.pd.dgs.ca.gov).



Work performed or goods provided for this contract—Identify the distinct element of work contained in the contract to be performed or the goods to be provided by each subcontractor. Certified subcontractors must provide a commercially useful function for the contract. (See paragraph 1.b above for code citations regarding the definition of commercially useful function.) If a certified subcontractor is further subcontracting a greater portion of the work or goods provided for the resulting contract than would be expected by normal industry practices, attach a separate sheet of paper explaining the situation.



Corresponding % of bid price—Enter the corresponding percentage of the total bid price for the goods and/or services to be provided by each subcontractor. Do not enter a dollar amount.



Good Standing?—Provide a response for each subcontractor listed. Enter either “Yes” or “No” to indicate that the prime bidder has verified that the subcontractor(s) is in good standing for all of the following:

1.b. Mark either “Yes” or “No” to identify whether subcontractors will be used for the contract. If the response is “No”, proceed to Item #1.c. If “Yes”, enter on the line the distinct element of work contained in the contract to be performed or the goods to be provided by the prime bidder. Do not include goods or services to be provided by subcontractors.

Bidders certified as MB, SB, NVSA, and/or DVBE must provide a commercially useful function as defined in Military and Veterans Code Section 999 for DVBEs and Government Code Section 14837(d)(4)(A) for small/ microbusinesses.



Bids must propose that certified bidders provide a commercially useful function for the resulting contract or the bid will be deemed non-responsive and rejected by the State. For questions regarding the solicitation, contact the procurement official identified in the solicitation.



Note: A subcontractor is any person, firm, corporation, or organization contracting to perform part of the prime’s contract.



1.c. This item is only to be completed by businesses certified by California as a DVBE. (1) Declare whether the prime bidder is a broker or agent by marking either “Yes” or “No”. The Military and Veterans Code Section 999.2 (b) defines “broker” or “agent” as a certified DVBE contractor or subcontractor that does not have title, possession, control, and risk of loss of materials, supplies, services, or equipment provided to an awarding department, unless one or more of the disabled veteran owners has at least 51-percent ownership of the quantity and value of the materials, supplies, services, and of each piece of equipment provided under the contract. (2) If bidding rental equipment, mark either “Yes” or “No” to identify if the prime bidder owns at least 51% of the equipment provided (quantity and value). If not bidding rental equipment, mark “N/A” for “not applicable.” 2. If no subcontractors are proposed, do not complete the table. Read the certification at the bottom of the form and complete “Page ___ of ___” on the form.



• • •

Possesses valid license(s) for any license(s) or permits required by the solicitation or by law If a corporation, the company is qualified to do business in California and designated by the State of California Secretary of State to be in good standing Possesses valid State of California certification(s) if claiming MB, SB, NVSA, and/or DVBE status

51% Rental?—This pertains to the applicability of rental equipment. Based on the following parameters, enter either “N/A” (not applicable),“Yes” or “No” for each subcontractor listed.

Enter “N/A” if the: • Subcontractor is NOT a DVBE (regardless of whether or not rental equipment is provided by the subcontractor) or • Subcontractor is NOT providing rental equipment (regardless of whether or not subcontractor is a DVBE)



Enter “Yes” if the subcontractor is a California certified DVBE providing rental equipment and the subcontractor owns at least 51% of the rental equipment (quantity and value) it will be providing for the contract.



Enter “No” if the subcontractor is a California certified DVBE providing rental equipment but the subcontractor does NOT own at least 51% of the rental equipment (quantity and value) it will be providing.

If subcontractors will be used, complete the table listing all subcontractors. If necessary, attach additional pages and complete the “Page ___ of ___” accordingly.

Read the certification at the bottom of the page and complete the “Page ___ of ___” accordingly. Page 66 of 69 6/3/2014 5:02 PM

p. 166

Employment Development Department

State of California

RFP # 65251

Bid 65251

Attachment K TACPA PREFERENCE The following preference will be granted for this procurement. Proposers wishing to take advantage of this preference will need to review the following webpage and submit the appropriate response with the bid: Target Area Contract Preference Act (TACPA) http://www.documents.dgs.ca.gov/pd/poliproc/tacpapage.pdf Proposers wishing to take advantage of this preference are required to submit the following application/forms: • • •

TACPA (STD830) Bidder’s Summary of Contract Activities and Labor Hours (DGS/PD 525) Manufacturer Summary of Contract Activities and Labor Hours (DGS/PD 526)

Page 67 of 69 6/3/2014 5:02 PM

p. 167

State of California

Employment Development Department

RFP # 65251

Bid 65251

Attachment L IRAN CONTRACTING ACT (Public Contract Code sections 2202-2208) Prior to bidding on, submitting a proposal or executing a contract or renewal for a State of California contract for goods or services of $1,000,000 or more, a vendor must either: a) certify it is not on the current list of persons engaged in investment activities in Iran created by the California Department of General Services (“DGS”) pursuant to Public Contract Code section 2203(b) and is not a financial institution extending twenty million dollars ($20,000,000) or more in credit to another person, for 45 days or more, if that other person will use the credit to provide goods or services in the energy sector in Iran and is identified on the current list of persons engaged in investment activities in Iran created by DGS; or b) demonstrate it has been exempted from the certification requirement for that solicitation or contract pursuant to Public Contract Code section 2203(c) or (d). To comply with this requirement, please insert your vendor or financial institution name and Federal ID Number (if available) and complete one of the options below. Please note: California law establishes penalties for providing false certifications, including civil penalties equal to the greater of $250,000 or twice the amount of the contract for which the false certification was made; contract termination; and three-year ineligibility to bid on contracts. (Public Contract Code section 2205.) OPTION #1 - CERTIFICATION I, the official named below, certify I am duly authorized to execute this certification on behalf of the vendor/financial institution identified below, and the vendor/financial institution identified below is not on the current list of persons engaged in investment activities in Iran created by DGS and is not a financial institution extending twenty million dollars ($20,000,000) or more in credit to another person/vendor, for 45 days or more, if that other person/vendor will use the credit to provide goods or services in the energy sector in Iran and is identified on the current list of persons engaged in investment activities in Iran created by DGS. Vendor Name/Financial Institution (Printed)

Federal ID Number (or n/a)

By (Authorized Signature) Printed Name and Title of Person Signing Date Executed

Executed in

OPTION #2 – EXEMPTION Pursuant to Public Contract Code sections 2203(c) and (d), a public entity may permit a vendor/financial institution engaged in investment activities in Iran, on a case-by-case basis, to be eligible for, or to bid on, submit a proposal for, or enters into or renews, a contract for goods and services. If you have obtained an exemption from the certification requirement under the Iran Contracting Act, please fill out the information below, and attach documentation demonstrating the exemption approval. Vendor Name/Financial Institution (Printed)

Federal ID Number (or n/a)

By (Authorized Signature) Printed Name and Title of Person Signing

Date Executed

Page 68 of 69 6/3/2014 5:02 PM

p. 168

Attachment M State of California STATE OF Employment CALIFORNIA – DEPARTMENT OF GENERAL SERVICES PROCUREMENT DIVISION Development Department

Bid 65251

RFP # 65251

DISABLED VETERAN BUSINESS ENTERPRISE DECLARATIONS STD. 843 (Rev. 5/2006)

Instructions: The disabled veteran (DV) owner(s) and DV manager(s) of the Disabled Veteran Business Enterprise (DVBE) must complete this declaration when a DVBE contractor or subcontractor will provide materials, supplies, services or equipment [Military and Veterans Code Section 999.2]. Violations are misdemeanors and punishable by imprisonment or fine and violators are liable for civil penalties. All signatures are made under penalty of perjury. SECTION 1

Name of certified DVBE:

DVBE Ref. Number:

Description (materials/supplies/services/equipment proposed): Solicitation/Contract Number:

SCPRS Ref. Number:__________________________ (FOR STATE USE ONLY) SECTION 2

APPLIES TO ALL DVBEs. Check only one box in Section 2 and provide original signatures. I (we) declare that the DVBE is not a broker or agent, as defined in Military and Veterans Code Section 999.2 (b), of materials, supplies, services or equipment listed above. Also, complete Section 3 below if renting equipment. Pursuant to Military and Veterans Code Section 999.2 (f), I (we) declare that the DVBE is a broker or agent for the principal(s) listed below or on an attached sheet(s). (Pursuant to Military and Veterans Code 999.2 (e), State funds expended for equipment rented from equipment brokers pursuant to contracts awarded under this section shall not be credited toward the 3-percent DVBE participation goal.) All DV owners and managers of the DVBE (attach additional pages with sufficient signature blocks for each person to sign):

(Printed Name of DV Owner/Manager)

(Signature of DV Owner/ Manager)

(Date Signed)

(Printed Name of DV Owner/Manager)

(Signature of DV Owner/Manager)

(Date Signed)

Firm/Principal for whom the DVBE is acting as a broker or agent: (If more than one firm, list on extra sheets.)

Firm/Principal Phone:

(Print or Type Name)

Address: SECTION 3

APPLIES TO ALL DVBEs THAT RENT EQUIPMENT AND DECLARE THE DVBE IS NOT A BROKER. Pursuant to Military and Veterans Code Section 999.2 (c), (d) and (g), I am (we are) the DV(s) with at least 51% ownership of the DVBE, or a DV manager(s) of the DVBE. The DVBE maintains certification requirements in accordance with Military and Veterans Code Section 999 et. seq. The undersigned owner(s) own(s) at least 51% of the quantity and value of each piece of equipment that will be rented for use in the contract identified above. I (we), the DV owners of the equipment, have submitted to the administering agency my (our) personal federal tax return(s) at time of certification and annually thereafter as defined in Military and Veterans Code 999.2, subsections (c) and (g). Failure by the disabled veteran equipment owner(s) to submit their personal federal tax return(s) to the administering agency as defined in Military and Veterans Code 999.2, subsections (c) and (g), will result in the DVBE being deemed an equipment broker. Disabled Veteran Owner(s) of the DVBE (attach additional pages with signature blocks for each person to sign): (Printed Name)

(Signature)

(Address of Owner)

(Telephone)

(Date Signed)

(Tax Identification Number of Owner)

Disabled Veteran Manager(s) of the DVBE (attach additional pages with sufficient signature blocks for each person to sign): (Printed Name of DV Manager)

(Signature of DV Manager)

(Date Signed)

Page 6/3/2014 5:02 PM

PRINT

CLEAR

of

Page 69 of 69 p. 169

State of California

Bid 65251

Employment Development Department Request for Proposal #65251 Pondera Fraud Detection as a Service (FDaaS™)

Comment [A1]: Trademark added throughout RFP (Pondera has trademarked the acronym “FDaaS”)

Date: May 16, 2014 You are invited to review and respond to this Request for Proposal (RFP). In submitting your RFP, you must comply with the instructions found herein. Failure to comply with any of the requirements may result in the rejection of your offer. The services required are delineated in the Statement of Work (SOW). Please read the enclosed document carefully. By submitting a proposal, your firm agrees to the terms and conditions stated in this RFP. Written questions regarding the RFP are due at 3:00PM on May 22, 2014. Responses to this RFP are due at 3:00PM on May 29June 10, 2014. Late proposals will not be accepted. Responses to this RFP must be submitted in person or by mail to the following address: Employment Development Department Contract Services Group, MIC 62-C 722 Capitol Mall Sacramento, CA 95814 Attn: Cory Buttler RFP questions should be directed to: Cory Buttler at 916-654-5351 or [email protected]

6/3/2014 5:02 PM

p. 170

State of California

Employment Development Department

Bid 65251

RFP # 65251

Table of Contents I.

GENERAL INFORMATION ...................................................................................................4 A. Background and Purpose of the RFP ..............................................................................4 B. RFP Key Action Dates .....................................................................................................6 C. RFP Response Guidelines ..............................................................................................6 D. Questions Regarding the RFP .........................................................................................7 E. Request to Change the RFP Requirements .....................................................................7 F. Addenda ..........................................................................................................................8 G. Definitions and Terms......................................................................................................8 H. Grounds for Rejection......................................................................................................8 I. Notice of Intent to Award/Protest Procedures ..................................................................9 J. Debriefings ....................................................................................................................10 K. Disposition of Proposals ................................................................................................10 L. Inspecting or Obtaining Copies of Offers and/or Response Materials ............................ 10 M. State Contract Requirements ........................................................................................11 N. California Taxpayer and Shareholder Protection Act of 2003......................................... 11 O. Public Contract Code.....................................................................................................11 P. Performing a Commercially Useful Function ..................................................................11 Q. Conditions and Commitment .........................................................................................12 R. Payment ........................................................................................................................12 S. Qualify to do Business with California ............................................................................12 T. Declaration Forms .........................................................................................................12 U. Small Business/Microbusiness (SB/MB) and Small Business/ Nonprofit Veteran Service Agency Certification Preferences ......................................... 13 V. California Certified Small Business Subcontractor Preference ....................................... 13

II. PROPOSAL SUBMISSION REQUIREMENTS AND PROPOSAL EVALUATION SELECTION ........................................................................................................................14 A. Proposal Submission Requirements ..............................................................................14 B. Review of Proposals and Selection Criteria/Scoring ......................................................15 III. STATEMENT OF WORK ....................................................................................................19 A. Introduction ...................................................................................................................19 B. Description of Requirements, Services, and Deliverables .............................................. 19 C. Responsibilities of Parties............................................................................................343 D. Invoicing and Payment ..................................................................................................35 E. Special Terms and Conditions .......................................................................................37 F. EDD Information Security Requirements .......................................................................39 G. Protection of Confidentiality ...........................................................................................40 ATTACHMENTS: ATTACHMENT – A ATTACHMENT – B ATTACHMENT – C-1 ATTACHMENT – C-2 ATTACHMENT – C-3 ATTACHMENT – D ATTACHMENT – E ATTACHMENT – F

Key Staff Qualifications ................................................................ 454 Cost Data Sheet .......................................................................... 465 Confidentiality Agreement ............................................................ 476 Indemnity Agreement ................................................................... 487 Statement of Responsibility ......................................................... 498 Workers’ Compensation Certification ......................................... 5049 Certification Regarding Debarment .............................................. 510 Payee Data Record (STD 204) .................................................... 532

Page 2 of 696

6/3/2014 5:02 PM

p. 171

State of California

Employment Development Department ATTACHMENT – G ATTACHMENT – H ATTACHMENT – I ATTACHMENT – J ATTACHMENT – K ATTACHMENT – L ATTACHMENT – M APPENDICES APPENDIX – 1 APPENDIX – 2 APPENDIX – 3 APPENDIX – 4

Bid 65251

RFP # 65251

Contractor Certification Clauses (CCC 307)................................. 554 Certification Regarding Lobbying ............................................... 6059 Darfur Contracting Act ................................................................. 632 Bidder Declaration ....................................................................... 654 TACPA Preference ...................................................................... 676 Iran Contracting Act ..................................................................... 687 DVBE Declaration ........................................................................ 698

System Security Plan Privacy Impact Assessment Work Authorization Form Formal Acceptance Form

Page 3 of 696

6/3/2014 5:02 PM

p. 172

State of California

Employment Development Department I.

Bid 65251

RFP # 65251

GENERAL INFORMATION Suppliers are invited to respond to this Request for Proposal (RFP) to provide Pondera Fraud Detection as a Service (FDaaS™) to the Employment Development Department’s Investigation Division to identify potential fraud and abuse in the EDD Unemployment Insurance Program. A. Background and Purpose of the RFP 1. Employment Development Department Background The Employment Development Department (EDD) is tasked with the administration of the Unemployment Insurance (UI) Program, which covers employees who work in the State of California. This responsibility requires a comprehensive approach to fraud prevention to protect the taxpayers and citizens of California. In 2012, the UI program was responsible for payments in excess of $5.5 billion on over 13.7 million UI claims. To protect the integrity of the UI program, EDD embraces an approach that combines prevention, detection and deterrence measures. The California Unemployment Insurance Code (CUIC) § 317 states “The Director of Employment Development shall maintain a field investigating staff, whose function shall embrace investigation throughout the state of violations of this code, to the end that its provisions are more adequately and strictly enforced.” The EDD Investigation Division (ID) takes the lead in this effort. As with any program where large sums of money are involved, the temptation to defraud the system for personal gain is present. Individuals may claim UI benefits while working, in violation of the UI program provisions; may submit forged or fraudulent documents to claim UI benefits; may claim UI benefits while incarcerated or a full-time student; or may fraudulently use the Social Security Number (SSN) or identity of others (sometimes deceased individuals) to claim benefits. 2. Project Background The EDD uses a multi-tiered, comprehensive approach to fraud deterrence and detection. This approach involves EDD programs, EDD independent oversight entities and business partners including federal, State and local law enforcement agencies and prosecutors. Each program area has established ongoing anti-fraud activities. In addition, there are internal control reviews and audits, quality reviews to measure the accuracy and propriety of benefit payments, and information technology system reviews to detect system control deficiencies. Lastly, the ID identifies, investigates, and prosecutes fraud within EDD’s UI program. Anti-fraud activities within EDD range from up-front fraud prevention such as customer education, reviews of internal control systems, employer audits, internal systems audits and controls, fiscal monitoring activities, and ongoing or special fraud detection activities. Fraud detection activities include but are not limited to: analyzing client and employer demographic data; establishing internal checks and balances;

Page 4 of 696

6/3/2014 5:02 PM

p. 173

State of California

Employment Development Department

Bid 65251

RFP # 65251

performing electronic cross-matches; operating a fraud reporting Hot Line; and conducting criminal investigations that include computer analytics and data mining. In July 2013, the US Department of Labor Employment and Training Administration, released Unemployment Insurance Program Letter No. 24-13 notifying State Workforce Agencies of the availability of Fiscal Year (FY) 2013 funds for activities that support the prevention and detection of improper UI benefit payments, improve state performance, and address outdated information technology (IT) system infrastructures to improve UI program integrity. This Letter is a result of Executive Order 13520 signed by President Obama emphasizing the need to eliminate waste, fraud and abuse in federally administered programs while protecting access to these programs by their intended beneficiaries. The EDD ID submitted an application for federal funding to be put toward implementing a modern State-Identified Prevention strategy and toward Focus Area Funding – specific types of integrity or performance improvement strategies to implement fraud detection and prevention strategies. On September 26, 2013, the Department of Labor announced California had been selected as a grant award recipient (see this news release from the US Department of Labor for details). EDD seeks to use the grant funds to implement technology-based tools to prevent, detect, and recover improper UI payments. 3. Problems with the Current System The EDD stores claimant information on a mainframe legacy system (MFLS). This system maintains claimant information for both UI claims and Disability Insurance (DI) claims. The information consists of claimant identifying information, claimant work history, claimant wage history, and claimant payment activity, including specific actions and notes, and all benefit claim filings whether or not the claim was paid. The MFLS is also used for certain UI functions such as new claim filing, generating the legal decision for determinations, and processing overpayments. The MFLS has been augmented in the last 12 months by two additional systems created to expand claimant access and create greater efficiency in the claims process. The two new systems, while not replacing the MFLS, instead were created to augment the MFLS to provide additional services and access to both UI and DI claims. The two new systems are known as DI Online for DI benefits and the California Unemployment Benefit System (CUBS) for UI benefits. The CUBS provides staff with automation to manage the continued claims process and file additional and reopened claims. It will also be used by designated staff in other EDD branches to obtain and update claim information. Long-range plans are to incorporate all UI functions into the UI system when the budget and resources permit. Later this fall the external components of the system, UI Online and the expanded Inter-active Voice Response (IVR) system, will be made available to claimants. These new systems will allow the EDD to significantly expand the number and quality of self-service options for claimants. Once fully implemented, the project will complete the UI branch’s current modernization efforts to improve efficiencies and increase access to UI services.

Page 5 of 696

6/3/2014 5:02 PM

p. 174

State of California

Employment Development Department

Bid 65251

RFP # 65251

The MFLS is an application designed to receive and maintain claim data, but it does not have a fraud detection component. The system lacks the ability to create reports at the user level. The MFLS lacks the ability to create analysis or geo-spatial output. The recent additions (DI Online and CUBS) were designed with a capacity to detect predetermined behavior and report it to a fraud queue, which is then manually reviewed by staff. However, the systems still lack a robust ability to detect and prevent overpayments in the benefit payment programs. 4. Goals of the Pondera FDaaS™ Effort The goals of the Pondera FDaaS™ effort are to identify potential instances of fraud and/or abuse, which will be analyzed by EDD investigators, auditors and analysts. The potential instances identified must be provided in reports that will include but not be limited to the following: findings, leads, fraud indicators and aberrant payment patterns. The Contractor team that implements the Pondera FDaaS™ must be able to provide cogent explanations to the EDD team, as to why individual alerts were identified by the data analytics tool. B. RFP Key Action Dates All dates after the due date for proposals are approximate and may be changed if needed to allow EDD additional time for selection and contract execution. Event Release of RFP Last day to submit questions in writing Deadline for answers to written questions

Last day to submit request to change RFP requirements Due date for proposals (must be delivered by 3:00 PM) Announcement of contract award Estimated Contractor start date

Date 5/16/14 5/22/14 5/23/146/2/14 (updated to reflect final Q&A release date) 5/23/14 5/29/146/10/14 6/5/146/17/14 7/1/14 (or upon final approval)

Comment [A2]: Dates updated

C. RFP Response Guidelines Suppliers responding to this RFP must be an authorized Pondera FDaaS™ reseller. Responses to this RFP must contain all data/information requested and must conform to the format described in Section II of this RFP. The required information will be used by the State’s selection team to determine and verify the respondent’s ability to perform the tasks and activities defined in the respondent’s proposal. Responses must address all of the services described in the Statement of Work (see Section III of this RFP). Services shall be provided on a deliverable basis. The Contractor’s proposal will be made a part of any agreement resulting from this RFP. The selected Contractor must enter into a Standard Agreement Std.213, hereinafter referred to as Agreement, with the EDD, which will consist of the Statement of Work (SOW), the respondent’s proposal, and all required Exhibits, Attachments, and Appendices as identified in this RFP. Page 6 of 696

6/3/2014 5:02 PM

p. 175

State of California

Employment Development Department

Bid 65251

RFP # 65251

This Agreement shall be for a term of 17 months to begin no sooner than final approval of the STD. 213. The selected Contractor shall, at the end of one month from final approval of the Agreement, deliver to EDD, an eligibility validation analysis on individual program participants. The Contractor shall, within five (5) months from the receipt of data from the EDD, go into full production of Pondera FDaaS™, and begin delivering a weekly report. The agreement will be governed by and incorporate the State’s General Terms and Conditions, which can be viewed at http://www.documents.dgs.ca.gov/ols/GTC-610.doc. NOTE: For the purpose of this RFP, EDD has elected to waive the DVBE participation requirement and incentive. D. Questions Regarding the RFP Bidders requiring clarification of the intent or content of this RFP or on procedural matters regarding the competitive bid process may request clarification by submitting questions, in writing via an email clearly entitled "Questions Relating to EDD RFP #65251" or via the Bid Sync website, to the Procurement Official, Cory Buttler at Cory Buttler at [email protected] To ensure a response, questions must be received in writing by the scheduled date given in Section I.B. RFP Key Action Dates. Question and answer sets will be provided to all bidders without identifying the submitters. At the sole discretion of the State, questions may be paraphrased by the State for clarity. A Bidder who desires clarification or further information on the content of the RFP, but whose questions relate to the proprietary aspect of that Bidder's proposal and which, if disclosed to other bidders, would expose that bidder's proposal, may submit such questions in the same manner as above, but also marked "CONFIDENTIAL," and not later than the scheduled date specified in Section I.B. RFP Key Action Dates to ensure a response. The Bidder must explain why any questions are sensitive in nature. If the State concurs that the disclosure of the question or answer would expose the proprietary nature of the proposal, the question will be answered and both the question and answer will be kept in confidence. If the State does not concur with the proprietary aspect of the question, the question will not be answered in this manner and the Bidder will be so notified. If the bidder believes that one or more of the RFP requirements is onerous, unfair, or imposes unnecessary constraints to the bidder in proposing less costly or alternate solutions, the bidder may request a change to the RFP by submitting, in writing, the recommended change(s) and the facts substantiating this belief and reasons for making the recommended change. Such request must be submitted to the Procurement Official by the date specified in Section I.B. RFP Key Action Dates for submitting a request for change. Oral answers shall not be binding on the State. E. Request to Change the RFP Requirements The State is also interested as to a bidder's reasons for not submitting a bid; as, for example, requirements that cannot be met or unusual terms and conditions which arbitrarily raise costs. If the Bidder believes that one or more of the RFP requirements and/or contract terms is onerous, unfair, or imposes unnecessary constraints on the Bidder, the Bidder may request a change to the RFP or contract language by submitting in writing, the

Page 7 of 696

6/3/2014 5:02 PM

p. 176

State of California

Employment Development Department

Bid 65251

RFP # 65251

recommended change(s) and the facts supporting this belief and reasons for requesting the change by the date specified in Section I.B. RFP Key Action Dates. If bidders have indicated significant problems with the RFP requirements, the State will examine the stated reasons for the problems and will attempt to resolve any issues in contention, if not contrary to the State's interest, and will amend the RFP if appropriate. If the State chooses to reject or deny the request for change, the State’s decision is final; the Bidder may not protest the State’s choice to reject or deny the request for change. Hereafter, for the purposes of the instructions of this RFP, all bidders who have indicated their intent to submit a bid are called bidders until such time that the Bidder withdraws or other facts indicate that the Bidder has become nonparticipating. Should a bidder not participate in a bid step, the State reserves the right to drop them from the participating bidder list and they will not receive any further correspondence until they contact the Procurement Official to indicate that they would like further correspondence. F. Addenda The State may modify the RFP prior to the date fixed for Submission of Proposals by issuance of an addendum to all bidders who are participating in the bidding process at the time the addendum is issued, unless the amendments are such as to offer the opportunity for nonparticipating bidders or suppliers that submitted an intent to become participating, in which case the addendum will also be sent to those parties. Addenda will be numbered consecutively. G. Definitions and Terms 1. EDD has established certain requirements with respect to bids to be submitted by prospective Contractors. The use of “shall”, “must”, or “will” (except to indicate future tense) in the RFP indicates a requirement or condition from which a deviation may not be waived by EDD. 2. The words “should” or “may” in the RFP indicate desirable attributes of conditions, but are non-mandatory in nature. Deviation from, or omission of, such a desirable feature, even if material, will not in itself cause rejection of the proposal. 3. The use of the term “EDD” refers to the Employment Development Department, unless indicated otherwise. 4. The use of the terms “proposer(s)” and “bidder(s)” refers to entities responding to this RFP. H. Grounds for Rejection EDD reserves the right to waive any immaterial deviation in a proposal; however, the waiver of an immaterial deviation in a proposal shall in no way modify the document or excuse the proposer from full compliance with the proposal requirements after the bidder is awarded the contract. A proposal shall be rejected if: 1. The proposal is received at any time after the exact time and date set for receipt of proposals. 2. The proposal is not completed in ink or typewritten.

Page 8 of 696

6/3/2014 5:02 PM

p. 177

State of California

Employment Development Department

Bid 65251

RFP # 65251

3. The cover letter is unsigned. 4. The proposal does not meet the requirements of Section II. Proposal Submission Requirements and Proposal Evaluation Selection. 5. The proposal is not prepared as required in Section II. Proposal Submission Requirements and Proposal Evaluation Selection. 6. The bidder has been decertified from contracting with EDD by the Department of Fair Employment and Housing. 7. The bidder has received substantive negative contract evaluation from the State of California. 8. The proposal contains false or misleading statements or references which do not support an attribute or condition contended by the bidder, if in the opinion of EDD such statements or references were intended to erroneously mislead EDD in its evaluation of the proposal. 9. The proposal is conditional or incomplete, or contains any alterations of form or other irregularities of any kind. EDD may reject any or all proposals and may waive any immaterial deviation in a proposal. EDD’s waiver of immaterial deviations shall in no way modify the RFP document or excuse the bidder from full compliance with all requirements, if awarded the Agreement. 10. The bidder has had a contract with the State of California canceled due to failure to comply with the Drug-Free Workplace Act of 1990. 11. The bidder is not responsible (i.e., has not paid taxes; has no business license; has submitted a bid when license is subject to suspension on the date of the bid opening and/or award of the contract, or during the proposed term of the Agreement; submitted a bid without an authorized signature; falsified any information in the proposal package; or has provided poor performance on a previous contract with EDD). I.

Notice of Intent to Award/Protest Procedures 1. Contracts shall be awarded to bidders meeting the mandatory RFP requirements; and based on the evaluation criteria as outlined in Section II. Proposal Submission Requirements and Proposal Evaluation Selection. EDD reserves the right not to award a contract. 2. Upon selection of a proposed contractor, a Notice of Intent to Award will be posted for five (5) working days (starting the day after posting) at EDD, 722 Capitol Mall, Sacramento, CA 95814. Any protest must be filed during this period. 3. If a bidder chooses to protest the Notice of Intent to Award: a. Protests must be filed with EDD and the Department of General Services (DGS), Office of Legal Services (OLS), Attention Protest Coordinator, 707 Third Street, 7th Floor, Suite 7-330, West Sacramento, CA 95605 FAX: (916) 376-5088 after notice of intent to award, but before the actual award date. b. Upon receipt of a protest, DGS/OLS:

Page 9 of 696

6/3/2014 5:02 PM

p. 178

State of California

Employment Development Department

Bid 65251

RFP # 65251



Sends a protesting bidder an acknowledgment letter which includes copies of the protest statutes and regulations and informs the protestant that it must submit a full and complete statement specifying grounds of protest within five (5) calendar days.



Faxes to the awarding agency a request for information regarding the proposed contract and agency contact person. The agency should complete and return the form to DGS/OLS within 24 hours. Failure to promptly complete and return the form will delay the protest process. In addition, if the agency is aware of any reason that the protest should not go forward, this would be communicated to DGS/OLS at this time.



Reviews the protest to determine whether DGS has jurisdiction. If DGS does not have jurisdiction, DGS/OLS issues a written notice of dismissal.



Assigns a Hearing Officer to the protest if DGS has jurisdiction. The Hearing Officer determines whether the protest will be resolved by written submission or public oral hearing.

J. Debriefings Written debriefings of the evaluation results will not be provided to unsuccessful bidders. Oral debriefings may be provided at EDD’s discretion. K. Disposition of Proposals 1. All materials submitted in response to this RFP will become the property of the EDD, and as such, are subject to the Public Records Act (Government Code §6250, et seq.). EDD will disregard any language purporting to render all or portions of any proposal confidential. 2. After proposals are evaluated and the notices of intent to award have been posted, all proposals shall be available for public inspection. However, the contents of all proposals, draft RFPs, correspondence, agenda, memoranda, working papers, or any other medium which discloses any aspect of a proposer’s proposal shall be held in the strictest confidence until the award is made. EDD shall hold the content of all working papers and discussions relating to a proposal confidential indefinitely, unless the public’s interest is best served by disclosure because of pertinence to a decision, agreement, or the evaluation of a proposal. A bidder’s disclosure of this subject is a basis for rejecting a proposal and ruling the bidder ineligible to participate further in the bidding process. 3. EDD may return a proposal to a bidder upon written request after conclusion of the bid process. L. Inspecting or Obtaining Copies of Offers and/or Response Materials Persons wishing to view or inspect any response, price offer, or RFP related materials must identify the items they wish to inspect and must contact Cory Buttler at (916) 6545351 or [email protected]

Page 10 of 696

6/3/2014 5:02 PM

p. 179

State of California

Employment Development Department

Bid 65251

RFP # 65251

M. State Contract Requirements This RFP and any resulting contracts shall be subject to all requirements set forth in amended Public Contract Code (PCC) §6611 (AB 1756 amended PC 6611). DGS may perform contract negotiations relative to contracts for goods, services, and information technology and telecommunications, if it is determined to be in the State’s best interest based on meeting the criteria identified within PCC 6611. N. California Taxpayer and Shareholder Protection Act of 2003 This RFP and any resulting contract are subject to all requirements as set forth in Part 2 of Division 2 of the PCC §10286 which includes, but is not limited to, providing written submission of a declaration stating that the supplier is eligible to contract with the State of California pursuant to statutory requirements. Failure of the supplier to comply with and provide information, when requested by the awarding department within the time indicated, will cause the supplier's bid response to be considered non-responsive and their bid will be rejected. O. Public Contract Code The Contractor is advised that he/she has certain duties, obligations, and rights under the PCC §§ 10335 - 10381 and 10410 - 10412, with which the Contractor should be familiar. These PCC sections can be viewed at: http://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?lawCode=PCC&divisi on=2.&title=&part=2.&chapter=2.&article=4. http://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?lawCode=PCC&divisi on=2.&title=&part=2.&chapter=2.&article=8. P. Performing a Commercially Useful Function In accordance with Government Code §14837 and Military and Veterans Code §999 all certified Small Businesses (SB)/Micro-Businesses (MB) and Disabled Veteran Business Enterprise (DVBE) contractors, subcontractors and suppliers that bid on or participate in a state contract, regardless of whether it is a verbal or written solicitation must perform a Commercially Useful Function (CUF). A certified SB/MB or DVBE is deemed to perform a CUF if the business does all of the following: •

Is responsible for the execution of a distinct element of the work of the contract.



Carries out its obligation by actually performing, managing, or supervising the work involved.



Performs work that is normal for its business services and functions.



Is responsible, with respect to projects, inventories, materials, and supplies required for the contract, for negotiating price, determining quality and quantity, ordering, installing, if applicable, and making payments.



Is not further subcontracting a portion of the work that is greater than that expected to be subcontracted by normal industry practices.

Page 11 of 696

6/3/2014 5:02 PM

p. 180

State of California

Employment Development Department

Bid 65251

RFP # 65251

Q. Conditions and Commitment Upon submittal of a proposal, the bidder has committed to comply with the following requirements: •

General Terms and Conditions available for viewing at: http://www.documents.dgs.ca.gov/ols/GTC-610.doc



Contractor Certification Clauses effective 3/28/2007 available at: http://www.documents.dgs.ca.gov/pd/masters/EPAY/Elavon/ElavonExhibitCCertificationCCC-307.pdf

R. Payment California Revenue and Taxation Code §18646 requires state agencies to file information tax returns (IRS Form 1099) for certain types of payments made to vendors. Bidders must print and sign the form STD 204, Payee Data Record, before EDD can process payment for services. S. Qualify to do Business with California Secretary of State Certification of Status is required if your company is a Corporation, Limited Liability Company (LLC), or Limited Partnership (LP). Corporations, Limited Liability Companies (LLCs), and Limited Partnerships (LPs) must be registered with the California Secretary of State to be awarded a contract. The Secretary of State Certificate of Status must be included with the proposalprovided to EDD by the selected proposer prior to the execution of the contract. The Secretary of State may be contacted as follows:

Comment [A3]: Change to requirement

California Secretary of State Division of Corporate Filing and Services 1500 Eleventh Street, Third Floor Sacramento, CA 95814-5701 Certification Unit: (916) 657-5251 T. Declaration Forms All bidders must complete the Bidder Declaration GSPD-05-105 and include it with the bid response. Bidders who have been certified by California as a Disabled Veteran Business Enterprise Declaration (DVBE) (or who are bidding rental equipment and have obtained the participation of subcontractors certified by California as a DVBE must also submit a completed form(s) STD. 843 Disabled Veteran Business Enterprise Declaration. All disabled veteran owners and disabled veteran managers of the DVBE(s) must sign the form(s). The completed form should be included with the bid response. At the State’s option prior to award, bidders may be required to submit additional written clarifying information. Failure to submit the requested written information as specified may be grounds for bid rejection.

Page 12 of 696

6/3/2014 5:02 PM

p. 181

State of California

Employment Development Department

Bid 65251

RFP # 65251

U. Small Business/Microbusiness (SB/MB) and Small Business/Nonprofit Veteran Service Agency (SB/NVSA) Certification Preferences A SB/MB and SB/NVSA Certification Preferences are applicable to the award of this contract. 1. Certified SB/MB and SB/NVSAs may claim preference when submitting a proposal. The preference is equal to five (5) percent of the total points awarded to the highest scored non-small business bidder. When the highest scored proposal is not submitted by a certified small business, the preference becomes applicable. Please note that the preference is used for computation purposes only in determining the successful bidder. It does not alter the amount of the resulting contract. 2. To learn more about the SB/MB and SB/NVSA Preference Programs and how your business might qualify, contact the Office of Small Business and DVBE Services at (916) 375-4940. V. California Certified Small Business Subcontractor Preference A five percent (5%) score preference is available to a non-small business claiming twenty-five percent (25%) California certified small business subcontractor participation. If claiming the non-small business subcontractor preference, the bid response must include a list of the small business(es) with which you commit to subcontract in an amount of at least twenty-five percent (25%) of the net bid price with one or more California certified small businesses. Each listed certified small business must perform a “commercially useful function” in the performance of the contract as defined in Government Code §14837(d)(4). The required list of California certified small business subcontractors must be attached to the bid response and must include the following: 1) subcontractor name; 2) address; 3) phone number; 4) a description of the work to be performed and/or products supplied; 5) and the dollar amount or percentage of the net bid price (as specified in the solicitation) per subcontractor. Bidders claiming the five percent (5%) preference must commit to subcontract at least twenty-five percent (25%) of the net bid price with one or more California certified small businesses. Completed certification applications and required support documents must be submitted to the Office of Small Business and DVBE Services no later than 5:00 p.m. on the bid due date, and the Office of Small Business and DVBE Services must be able to approve the application as submitted. Questions regarding certification should be directed to the Office of Small Business and DVBE Services at (916) 375-4940.

Page 13 of 696

6/3/2014 5:02 PM

p. 182

State of California

Employment Development Department

Bid 65251

RFP # 65251

II. PROPOSAL SUBMISSION REQUIREMENTS AND PROPOSAL EVALUATION SELECTION These instructions prescribe the proposal format to be used, documents required in the proposal package, and how the proposals will be evaluated and scored. A. Proposal Submission Requirements Proposals should be prepared and submitted in the following format to ensure accurate evaluation. Failure to demonstrate or evidence fulfillment of all mandatory requirements may result in disqualification. INCLUDING COST PROPOSAL AMOUNTS OR THE ACTUAL COST PROPOSAL IN THE VOLUME I SEALED ENVELOPE OR VOLUME I DOCUMENTS, AUTOMATICALLY DISQUALIFIES THE BIDDER. 1. Delivery of Proposal Package Volume I – Administrative and Technical Response Deliver or mail one (1) original and five (5) typed copies of the complete proposal in a sealed envelope clearly marked "RFP #65251 – Administrative/Technical Proposal” no later than 3:00PM on May 29June 10, 2014 (regardless of the postmark) to EDD, Contract Services Group at the address listed on the cover of the RFP.

Comment [A4]: Date updated

Volume II – Cost Proposal Deliver or mail one (1) original and five (5) typed copies of the completed cost sheet(s) in a separately sealed envelope clearly marked "RFP #65251 – Cost Proposal” no later than 3:00PM on May 29June 10, 2014 (regardless of the postmark) to EDD, Contract Services Group at the address listed on the cover of the RFP.

Comment [A5]: Date updated

PER STATE LAW, PROPOSALS CANNOT BE ACCEPTED AFTER THE PUBLISHED TIME AND DATE, AND WILL BE RETURNED UPOPENED. 2. Proposal Documents Required and Document Order Documents must be typewritten, and signed by an authorized representative of the bidder. Errors must be crossed out and initialed, with typewritten corrections adjacent to the errors. The individuals signing the bid forms must initial all corrections in ink. Volume I – Administrative and Technical Response a. Cover Letter The cover letter must include the title and number of this RFP as well as the respondent’s: • • •

Company name, phone, fax, and address Name and email address of the contact person Small Business number (if applicable)

Page 14 of 696

6/3/2014 5:02 PM

p. 183

State of California

Bid 65251

Employment Development Department •

RFP # 65251

Signature of an individual authorized to enter into contracts for the contractor.

b. Table of Contents c. Key Staff Qualifications (Attachment A) d. Company Qualifications and References (see Section III.B.2.) e. Sample Work Products Provide no more than two (2) illustrative work samples from the proposed staff persons’ similar past projects or engagements. These may be excerpts from previous deliverables and should be no more than twenty (20) pages each. The objective should be to provide samples that illustrate performance of similar work. A brief explanation (not more than one page) explaining the rationale for selection should accompany the samples. f. g. h. i. j. k. l. m. n. o. p. q.

Statement of Work (SOW) Response (Section III.B. Workers’ Compensation Certification (Attachment D) Certification Regarding Debarment (Attachment E) Payee Data Record, STD 204 (Attachment F) Completed CCC-307, State’s Contractor Certification Clauses (Attachment G) Certification Regarding Lobbying (Attachment H) Darfur Contracting Act (Attachment I) Bidder Declaration (Attachment J) TACPA Preference, if applicable (Attachment K) Iran Contracting Act (Attachment L) DVBE Declaration, if applicable (Attachment M) Proof that your company is currently registered with the California Secretary of State’s Office r.q. Written evidence of your status as an authorized reseller of Pondera FDaaS™ (EDD may contact Pondera to verify status)

Comment [A6]: Requirement for proposal removed (proof must still be provided by the selected proposer prior to the execution of the contract)

Volume II – Cost Proposal Administrative and Technical Response

Comment [A7]: Correction

Completed Cost Data Sheet (Attachment B) B. Review of Proposals and Selection Criteria/Scoring Award of a contract resulting from this RFP will be based on a best value method that includes cost as a substantial factor in the selection process. The Secondary RFP method will be used, under which the responsible proposer receiving the highest combined score will be awarded the contract. When assigning points, responses will be reviewed for the degree to which a response lacks information, depth or breadth, or lacks significant facts and/or details, and/or contains weaknesses, defects or deficiencies, and/or fails to illustrate a full understanding of EDD's service needs, and/or demonstrates the capacity to exceed regular service needs. Mandatory requirements are Pass/Fail and receive no points. A Fail response may disqualify the proposal from further review. Desirable requirements will be scored based on the following criteria: Desirable Requirements Rating Criteria Response (i.e., content and/or explanation offered) is inadequate or does not meet EDD’s needs/requirements or expectations. The omission(s), flaw(s), or defect(s) are

Maximum Points 0

Page 15 of 696

6/3/2014 5:02 PM

p. 184

State of California

Bid 65251

Employment Development Department

RFP # 65251

significant and unacceptable. Response (i.e., content and/or explanation offered) is satisfactory and meets EDD’s needs/requirements or expectations. There are no omission(s), flaw(s), or defect(s). Response (i.e., content and/or explanation offered) exceeds EDD’s needs/requirements or expectations. Proposer offers one or more qualities, methods, or approaches that will enable performance to exceed EDD’s expectations.

5

10

Each proposal will be reviewed by the EDD review team and scored by consensus as follows: Proposal Component Administrative (Completed Required Documents) Key Staff Qualifications – Mandatory Key Staff Qualifications – Desirable Company Qualifications – Mandatory Company Qualifications – Desirable Sample Work Products – Quality and relevance of sample work products by staff being proposed Statement of Work – Mandatory (Req. 101-115) Statement of Work – Desirable (Req. 116-143) Statement of Work – Deliverables (1-9) Cost of Proposal Subtotal SBE Preference Points TACPA Preference Points Total

Maximum Points Available (Pass/Fail) (Pass/Fail) 50 (Pass/Fail) 40 10 (Pass/Fail) 280 (Pass/Fail) 380 760

1. Phase 1 Review a. RFPs submitted timely will first be reviewed for proper delivery, i.e., on time and Volume I and Volume II are in separately sealed envelopes. Improperly sealed proposals or proposals that do not have Volume I and Volume II in separately sealed envelopes will be disqualified. b. Volume I envelopes will be opened and checked for inclusion of required documents. If a response is missing required information, the proposal may be deemed not responsive and disqualified from further review. Further review or collection of missing information or data is subject to the discretion of the EDD. Comment [A8]: Correction

c. Key Staff Qualifications (Attachment FA) will be scored as follows: Key Staff Qualifications – Mandatory

Pass/Fail

Minimum two (2) years of experience customizing and operating data analytics systems. Minimum one (1) year of experience with benefit fraud detection.

Page 16 of 696

6/3/2014 5:02 PM

p. 185

State of California

Bid 65251

Employment Development Department

RFP # 65251

Two (2) References Resume Maximum Score

Key Staff Qualifications – Desirable Demonstrated expertise in Unemployment Insurance fraud.

10

Demonstrated expertise in Disability Insurance fraud.

10

Demonstrated expertise in Disability Iinsurance fraud.

10

Demonstrated expertise in data mining.

10

Demonstrated expertise in dynamic modeling.

10

Comment [A9]: Correction – deleted duplicate language

50

Total

d. Company Qualifications and References (Section III.B.2.) will be scored as follows: Company Qualifications – Mandatory

Pass/Fail

Description of Organization Services, Experience, Expertise and Activities Two (2) Company References Organizational Chart with Project Manager, and Key Personnel Maximum Score

Company Qualifications – Desirable Company has experience performing data analytics.

10

Company has experience working with benefit fraud detection in government benefit programs. Bidder allocates staff with skills and abilities needed to perform the work described in the SOW, and can describe the background, qualifications and experience of these staff. Bidder provides an organization chart showing effective lines of authority and performance accountability mechanisms. Total

10

10

10 40

e. Sample Work Products (Section II.A.2.) will be scored as follows: Sample Work Products – Mandatory

Pass/Fail

One (1) – Two (2) illustrative work samples from the proposed staff persons’ similar past projects. Sample Work Products – Desirable

Maximum Score

Page 17 of 696

6/3/2014 5:02 PM

p. 186

State of California

Bid 65251

Employment Development Department

RFP # 65251

Samples illustrate performance of similar work to this RFP. f.

10

The Statement of Work (Section III.B.3.) will be scored as follows: SOW – Mandatory

Pass/Fail

Requirements 101-115 Deliverables 1-8 Maximum Score

SOW – Desirable Requirements 116-143 (10 each points each maximum)

Comment [A10]: We made “Production Go Live” Deliverable 8 (see III. B. 5. Deliverables)

280

2. Phase 2 - Cost Evaluation After the Phase 1 evaluations have been completed for all submitted proposals, Volume II envelopes will be opened and the cost sheets will reviewed and scored as follows: A proposals’ cost score will be based on the ratio of the lowest responsive proposal divided by the Bidder’s cost, multiplied by the maximum number of cost points available (380). The lowest cost offer will be awarded the maximum cost points. Other offers will be awarded cost points based on the following calculation: Cost Points Awarded to Bidder = Lowest Cost ÷ Bidder’s Cost x Maximum Cost Points Available (points awarded will be rounded to the nearest hundredth) Example of Cost Calculation where 30 cost points are possible: Bidder Amount of Proposal

A

B

C

$223,000

$219,000

$230,000

Bidder A = $219,000 ÷ $223,000 x 30 = 29.46 Cost Points Awarded Bidder B = $219,000 ÷ $219,000 x 30 = 30 Cost Points Awarded Bidder C = $219,000 ÷ $230,000 x 30 = 28.56 Cost Points Awarded 3. Preference Points Preference points, if applicable, will be calculate and added to proposal scores as appropriate. 4. Proposal Selection and Award The proposal with the highest total points will be selected for contract award.

Page 18 of 696

6/3/2014 5:02 PM

p. 187

State of California

Bid 65251

Employment Development Department

RFP # 65251

III. Statement of Work A. Introduction This Statement of Work (SOW) lists the tasks that will be undertaken by the Contractor to create the data analytic reports and alerts that identify potential instances of fraud and/or abuse in the Unemployment Insurance (UI) program, which will be analyzed by Employment Development Department (EDD) investigators, auditors and analysts. The potential instances identified must be provided in reports that will include but not be limited to the following: findings, leads, fraud indicators and aberrant payment patterns. The Contractor team will work with EDD Investigation Division (ID) and the Information Technology Branch (ITB), as well as other stakeholders as necessary, both inside and outside of the EDD, to create the data analytic reports and alerts. The Contractor team will consist of expert level consultants who will provide analytical, technical, and project management support for the required Agreement activities. The Contractor’s team must be able to provide cogent explanations to the EDD team as to why individual alerts were identified by the data analytics tool. 1. Estimated High-level Schedule From the start date of the Agreement the Contractor will have 30 days to deliver to EDD, eligibility verification analysis on individual program participants. Approximately 150 days after the Agreement start date, the Contractor shall be in full production, and thereby deliver a weekly report of results for the subsequent 12 months of the Agreement. Key Milestones

Estimated Completion

Contract start date

7/1/2014

Kick off meeting

Within one week after start date

Demonstration of system capabilities

8/1/2014

Creation of the first weekly report

12/1/2014

Contract end date

11/30/2015

B. Description of Requirements, Services, and Deliverables 1. Key Staff Qualifications Mandatory Qualifications: At a minimum, each team member the Project Manager and Key Personnel (see defined roles below) each must have experience in at least one area listed below; however, experience in all of the areas listed below must be addressed collectively as a team. Failure to meet these mandatory qualifications will result in the disqualification of the proposal. • •

Comment [A11]: Updated language

Minimum two (2) years of experience in performing data analytics. Minimum one (1) year experience in working with benefit fraud detection in government benefit programs.

Page 19 of 696

6/3/2014 5:02 PM

p. 188

State of California

Employment Development Department

Bid 65251

RFP # 65251

Page 20 of 696

6/3/2014 5:02 PM

p. 189

State of California

Employment Development Department

Bid 65251

RFP # 65251

Desirable Qualifications: • • • • •

Demonstrated expertise in Unemployment Insurance fraud detection Demonstrated expertise in Disability Insurance fraud detection Demonstrated expertise in employer withholding fraud Demonstrated expertise in data mining Demonstrated expertise in dynamic modeling

2. Company Qualifications and References Bidders must provide a response to the following requirements: a. Description of Organization Services, Experience, Expertise and Activities. Provide a description of the nature of the organization’s services and activities. Note when the business was established, brief history, and location. List office location(s) from which the primary work on this contract will be performed. b. Company References Provide two (2) customer references. If there will be subcontractors, two (2) customer references must be provided for each subcontractor. The reference information for the company must include the following: • • • • •

Comment [A12]: New language for clarification

Name of customer organization. Name of the project. Company role on the project. Types of services provided. Customer point of contact – including e-mail address and phone number.

c. Personnel Organization Chart: Bidder must submit an organization chart, showing the hierarchy of key personnel working on the project. Chart must show the relationship between project manager and key personnel of the bidder’s organization and all other parties (subcontractors) to the proposal. Project Manager: Bidder must identify one (1) individual on the project team who will manage the contract work, and who will be available to EDD for a sufficient amount of time to manage the project. Include a Qualifications Sheet (See Attachment F) for this individual. Note that the form requires a minimum of two (2) references for the contractor staff person. A current resume/biography must be attached for this person. Do not exceed two (2) pages for this document. Resume entries should clearly demonstrate that the experience requirements described in the “Key Staff Qualifications” Attachment F of the RFP are met. Key Personnel: Key personnel are defined as those people who will exercise a major management and/or administrative role on behalf of the proposer. All persons identified as key personnel must be retained by the bidder throughout the term of the Agreement, including any extension of term by exercise of the option to renew. If bidder finds it impossible to retain any of the key personnel,

Comment [A13]: Language moved up from “Project Team/Resumes” below

Page 21 of 696

6/3/2014 5:02 PM

p. 190

State of California

Employment Development Department

Bid 65251

RFP # 65251

bidder must use their best efforts to give EDD advance notice, and the substitution of new personnel must be accepted by EDD. If EDD does not accept the substitution, then EDD shall have the right to terminate this Agreement upon thirty days’ prior written notice to the bidder; provided, however, if bidder is able to provide substitute personnel that EDD finds acceptable during the thirty-day notice period, then the Agreement will not be terminated. Furthermore, if EDD does not accept the substitution, then EDD shall have the right to immediately terminate this Agreement. Project Team/Resumes: Bidder must specify the key personnel on the project team who will manage/conduct the work. Bidder must also identify the role each team member will serve, title, where the individual is headquartered and the percentage of the firm’s total effort that will be provided by the individual. Key personnel are defined as those people who will exercise a major management and/or administrative role on behalf of the proposer.

Comment [A14]: Updated language

Comment [A15]: Moved up to “Key Personnel”

Include a Qualifications Sheet (See Attachment F) for each person. Current resumes/biographies must be attached for each person. Note that the form requires a minimum of two (2) references for the Contractor staff person. Do not exceed two (2) pages per person. Resume entries should clearly demonstrate that the experience requirements described in the “Key Staff Qualifications” in Attachment F of the RFP are met. 3. Response to Technical Requirements Bidders must include a description of their understanding of the technical requirements of the SOW, emphasizing understanding of EDD’s objectives and the major activities that must be performed to complete the work. Describe the methods, tools and standards that will be used to complete the tasks identified in the SOW. In preparing their response, Bidders must adhere to these general requirements: 1. Includes tabbed sections, and is well-organized, comprehensive, and technically sound; 2. Includes clear and distinctive explanations for the specific response section; and 3. Does not just provide a repeat of the SOW requirements, but demonstrates a well thought out approach to meeting the requirements of the SOW. Mandatory Requirements The Contractor shall adhere to the following mandatory requirements for the services provided under this Agreement. Bidders must indicate whether they agree with the requirement (Y) or not (N). A “N” response requires an explanation from the Bidder as to why the requirement cannot be met. The State may then change or waive the requirement for all bidders. If the requirement is not changed or waived, a “N” response may disqualify the proposal. Req. #

Mandatory Requirements

101

The Contractor will use the Pondera FDaaS™ to create weekly

Contractor Agrees (Y or N)

Page 22 of 696

6/3/2014 5:02 PM

p. 191

State of California

Employment Development Department

Req. #

Bid 65251

RFP # 65251

Mandatory Requirements

Contractor Agrees (Y or N)

reports using EDD-supplied data, which include fraud alerts and potential leads, instances of aberrant payments, filings and other potential fraud indicators and deliver to the EDD in the agreed to dashboard (the requirements for which are listed out below under Deliverable 3). NOTE: The information detailed in requirements 102 through 113 must be provided as part of the weekly report to EDD. 102

The Contractor will provide alerts of potential fraud leads, instances of aberrant payment filings, and other potential fraud indicators, to user-configurable queues for follow-on investigative work from batch or real-time analysis.

103

The Contractor will detect suspicious patterns based upon analyzing claims data using advanced analytical tools, and deliver the information to the EDD in the agreed to dashboard.

104

The Contractor will link and analyze fraudulent and abusive practices using various databases, and deliver the information to the EDD in the agreed to dashboard and/or geospatial and/or mapped format.

105

The Contractor will identify outlier behavior relating to claimant filing, employer reporting/withholding activity with regard to what is “normal” behavior, and deliver the information to the EDD in the agreed to dashboard and/or geospatial and/or mapped format.

106

The Contractor will group and cluster suspicious employers or claimants who have the same outlier and/or fraudulent behavior, and deliver the information to the EDD in the agreed to dashboard.

107

The Contractor will detect aberrant and/or fraudulent behavior (predictive) over time, and deliver the information to the EDD in the agreed to dashboard.

108

The Contractor will link beneficiaries to suspicious employers/schemes, verifying identity and credentials, personal identification (e.g., SSN, driver’s license, other licenses, addresses) against available databases, and assure that the person is verifiable, and deliver results to the EDD in the agreed to dashboard.

109

The Contractor will link employers/beneficiaries based on Internet Protocol (IP) addresses, and deliver the information to the EDD in the agreed to dashboard.

110

The Contractor will link employers/beneficiaries based on listed business/residence addresses, and deliver the information to the EDD in an agreed to dashboard.

111

The Contractor will analyze large data volumes with speed and accuracy, and deliver the information to the EDD in the agreed to dashboard.

112

The Contractor will identify entities that may be related to other entities through various relationship matching criteria (e.g., address, owner, employees, familial, IP address, telephone number, etc.), and deliver the information to the EDD in the agreed to dashboard.

Page 23 of 696

6/3/2014 5:02 PM

p. 192

State of California

Employment Development Department

RFP # 65251

Req. #

Mandatory Requirements

113

The Contractor will provide narrative explanations to the EDD team as to why any individual cases were identified by the data analytics tool and deliver to the EDD.

114

The Contractor will procure, install and operate all required equipment/hardware off-site (at a non-EDD facility) where the Contractor will perform the work.

115

The Contractor will utilize EDD-approved security procedures to transfer and process EDD data at all times.

116

Bid 65251

Contractor Agrees (Y or N)

Comment [A16]: Updated language.

The Pondera FDaaS™ system will be adjusted over time to improve efficiencies and accuracy by considering earlier performance. Comment [A17]: Correction to numbering

34. Desirable Requirements Bidders must indicate whether they agree with the desirable requirement by indicating (Y) or not (N). Desirable requirements are scorable. If a bidder agrees to the requirement by indicating “Y”, the bidder must provide a description of how the requirement will be met. The response will then be evaluated based on the criteria outlined in Section II.B. and scored. A “N” response is scored as 0 points. Req. #

Desirable Requirements

1176

The Contractor will incorporate geo-spatial representations of fraudulent behavior and provide to EDD in a map representation using ESRI or other mapping products. Updated map representations will be provided with each weekly report.

1187

The Contractor will provide State staff with the capability to utilize tools and reporting capabilities by building and running Statedeveloped models and scripts and deliver to the EDD on a weekly basis.

1198

The Contractor will provide the capability to receive or capture, manage, analyze, and integrate data offline (batch) from any source, including the EDD, internet, provider/other intermediary master files, third party relationship systems (LexisNexis, etc.), regulatory compliance lists, consumer affairs (corporate reporting), tax information, and address correlations.

12019

The Contractor will provide the capability to incorporate batch data into a real-time analysis capability for verification of claims applications.

1210

The Contractor will re-evaluate entities after new data is loaded and provided by event-triggering or by configurable schedules (this shall occur no less often than weekly). The system will be able to determine what has changed from previous evaluations and deliver the changes to the EDD.

1221

The Contractor will retain original relationships and information by instituting relationship identifiers into a composite view of possible

Contractor Agrees (Y or N) Comment [A18]: Correction to numbering

Page 24 of 696

6/3/2014 5:02 PM

p. 193

State of California

Employment Development Department

Req. #

Bid 65251

RFP # 65251

Desirable Requirements

Contractor Agrees (Y or N)

newly-configured entities. 1232

The Contractor will use full attribution to ensure that data is never lost and is always traceable back to its original source.

1243

The Contractor will re-evaluate all potential entities as new data is loaded in real-time, and provide risk scoring to outcomes no less often than weekly.

1254

The Contractor will link entities by configurable identity attributes, such as telephone numbers and addresses, to uncover relevant, yet non-obvious, relationships and deliver the information to the EDD in the agreed to dashboard on a weekly basis.

1265

The Contractor will identify "unknown" suspects via "fuzzy" (i.e., diffuse or probabilistic logic) data matches on Names, AKAs, Physical/Mailing Addresses, Phone Numbers, SSNs and DOBs and deliver the information to the EDD in the agreed to dashboard on a weekly basis.

1276

The Contractor will assemble networks of associations using individual data attributes (such as identification numbers and names), locations (address correlation), email addresses, IP addresses, businesses at the address (include multi-tenant), facility type (such as warehouses, buildings, apartment, etc.), organizations (such as church, clubs, associations, or gangs), and accounts (such as banks, checking, credit, or savings) and deliver the information to the EDD in the agreed to dashboard and/or geospatial or mapped format on a weekly basis. Consideration may include but will not be limited to: Consumer information (e.g. demographics, bureaus, utility); Phone and Email Assets (e.g. motor vehicles, watercraft, aircraft); Real Property Data (e.g. deeds, assessments, foreclosures); Licensing (e.g. drivers, professional, medical); Business and Employment Legal Information (e.g. bankruptcy filings, liens and judgments, civil court); Derogatory Information (e.g. criminal records, criminal court, sex offender).

1287

The Contractor will assemble suspect or interesting relationships, even those that are hidden or disguised, and develop pointers that enable relationship diagrams to be produced for on-line viewing delivered to the EDD in the agreed to dashboard and/or geospatial or mapped format on a weekly basis.

1298

The Contractor will provide analysts the capability to develop sophisticated searches against the entity correlation database to further explore each related entity and every entity or attribute that those entities are linked to.

13029

The Contractor will provide link analysis (correlations) between various provided datasets. This could include employers, claimants, claim detail records, applications, forms and other datasets to be delivered to the EDD in the agreed to dashboard, geospatially or in a mapped format on a weekly basis.

Page 25 of 696

6/3/2014 5:02 PM

p. 194

State of California

Employment Development Department

Bid 65251

RFP # 65251

Req. #

Desirable Requirements

1310

The Contractor will have the ability to remove key attributes from link analysis to observe the impact to the linked network.

1321

The Contractor will further expand linked information from provided databases to third party databases to identify fraud schemes and outlier behavior patterns and deliver results to the EDD in the agreed to dashboard on a weekly basis.

1332

The Contractor will identify criminals, lawsuits, and other legal information about linked persons involved in a business or with some relationship to entities and deliver the information to the EDD in the agreed to dashboard on a weekly basis.

1343

The Contractor will incorporate public record and proprietary data sources on entities (businesses, non-profit organizations, etc.), employees, claimants and related parties and deliver pertinent results to the EDD in the agreed to dashboard on a weekly basis.

1354

The Contractor will conduct matches with national licensure and sanction lists and deliver potential suspects list to the EDD in the agreed to dashboard on a weekly basis.

1365

The Contractor will utilize social network analytics to link people, businesses etc., to identify high densities of suspicious behaviors between relationships and deliver to the EDD in the agreed to dashboard on a weekly basis.

1376

The Contractor will collect, classify, analyze and interpret data to reveal patterns, anomalies, key variables and relationships into a set of models for further determination and delivery to the EDD in the agreed to dashboard on a weekly basis.

1387

The Contractor will provide dynamic modeling and deliver to the EDD in the agreed to dashboard on a weekly basis.

1398

The Contractor will forecast trends and possible fraudulent behavior and deliver the information to the EDD in the agreed to dashboard on a weekly basis.

14039

The Contractor will provide dynamic visualization of all identified suspicious entities and activities and prioritize them for further investigation through scoring algorithms and deliver to the EDD in the agreed to dashboard, geospatial or mapped reporting tool on a weekly basis.

1410

The Contractor will follow social network analytics to determine significant relationships between entities to identify fraud rings or collusive networks and holistically evaluate the activities of the entire network and deliver the information to the EDD in the agreed to dashboard on a weekly basis

1421

The Contractor will evaluate incongruity in physical distance between claimant and employer and deliver the information to the EDD in the agreed to dashboard on a weekly basis.

1432

The Contractor will evaluate incongruity in physical distance between claimant residence address and claimant mailing

Contractor Agrees (Y or N)

Page 26 of 696

6/3/2014 5:02 PM

p. 195

State of California

Employment Development Department

Req. #

Bid 65251

RFP # 65251

Desirable Requirements

Contractor Agrees (Y or N)

address and deliver the information to the EDD in the agreed to dashboard on a weekly basis.

45. Deliverables The Contractor shall provide the following deliverables with associated requirements for the services provided under this Agreement. Bidders must indicate whether they agree to provide the deliverable (Y) or not (N). A “N” response requires an explanation from the Bidder as to why the deliverable will not be provided. The State may then change or waive the deliverable for all bidders. If the deliverable is not changed or waived, a “N” response may disqualify the proposal. Deliverable documents will be provided in Microsoft Office 2010 format, including reports, spreadsheets, presentations, and databases. The media of delivery will be compatible with the EDD document storage devices. EDD requires the Contractor to conduct internal quality reviews for all deliverables before the deliverables are submitted to EDD. Del. #

Deliverable Description/Requirements

1.

Requirements Validation Document: Confirmation of flags, geospatial maps, prediction models, binary checks, and validations. This document shall be provided one time, prior to dashboard design.

Contractor Agrees (Y or N)

a. The Contractor will provide a written plan explaining how it intends to validate requirements necessary to deliver to the EDD the Pondera Fraud Detection as a Service (FDaaS™) solution. This is a one-time deliverable. b. The Contractor will meet with EDD staff on an “as needed” basis to determine, validate and clarify known requirements and uncover any additional desired functionality. 2.

Source Data Recommendations Document: Analysis and description of all internal and external data inputs required to run Pondera FDaaS™. This document shall be provided one time, prior to dashboard design. a. Prior to dashboard design, the Contractor will provide a written plan explaining the data source requirements necessary to deliver to the EDD the Pondera Fraud Detection as a Service (FDaaS™) solution. This is a one time deliverable. b. Prior to dashboard design, the Contractor will provide an Enterprise Architecture Model (EAM), a plan/diagram depicting, and showing the Contractor’s understanding of, the EDD computing environment including integration of employer data sets, client data sets, claims processing, and the movement of data, to facilitate this process. The Contractor should use

Page 27 of 696

6/3/2014 5:02 PM

p. 196

State of California

Employment Development Department

Del. #

Bid 65251

RFP # 65251

Deliverable Description/Requirements

Contractor Agrees (Y or N)

details and visual diagrams as necessary. c. The Contractor will identify existing data sets which are not owned by the EDD or bundled with the FDaaS™ service, but could yield value to the EDD fraud detection efforts. d. The Contractor will identify data sets which are not currently collected by the EDD, but could be of value to the EDD fraud detection effort if these data sets are collected in the future. e. The Contractor will include data sources for matching the EDD claimant data against a data source to identify incarcerated claimants. f.

The Contractor will include data sources for matching the EDD claimant data against a data source to identify deceased individuals.

g. The Contractor will include data sources for matching the EDD claimant data against a data source to identify Worker's Compensation claimants. h. The Contractor will include data sources for matching the EDD claimant data against a data source to identify 1099 Independent Contractor payments.

3.

i.

The Contractor will include data sources for matching the EDD claimant data against a data source to identify known bad or suspected bad physical addresses or mailing addresses.

j.

The Contractor will include data sources for matching the EDD claimant data against a data source to identify known bad or suspected IP addresses.

Dashboard Design and Development: Design and develop an integrated dashboard to be used by EDD staff as an interface for receiving results. The dashboard must be fully designed and accepted by EDD prior to the start of live service and weekly reporting. a. Prior to dashboard design, Contractor will provide the EDD with written documentation explaining how it will supply the EDD with an integrated "dashboard" to be used by EDD staff as an interface for receiving results of FDaaS™ fraud detection efforts. b. The dashboard will include a variety of data displays, to include maps, charts, graphs and spreadsheets. c.

The dashboard will have the capability to categorize alerts by like kind.

d. The dashboard will have the capability to prioritize potential fraud on a weighted basis. e. The dashboard will have permissions setting built in to allow the EDD to regulate users and/or views.

Page 28 of 696

6/3/2014 5:02 PM

p. 197

State of California

Employment Development Department

Del. #

Bid 65251

RFP # 65251

Deliverable Description/Requirements

f.

Contractor Agrees (Y or N)

The dashboard will allow drill-down capability of alerts displayed.

g. The dashboard will allow users to jump directly to claimant and/or employer profile. h. The dashboard will allow predetermined thresholds to be adjusted as necessary to detect ever changing fraud schemes. i. 4.

The dashboard will allow details to be displayed in maps viewable to street level.

Claimant Validation Analysis: Representative run of CA claimants through Pondera FDaaS™ models. a. The Contractor will provide a written plan for how it will validate applicant and claimant related data, including but not limited to, SSN, address, age, DOB, criminal convictions, and benefit claim history. This is a one-time deliverable. b. The Contractor will receive applicant and claimant data from the EDD in the condition that EDD receives it from the applicant/claimant (un-scrubbed and unrefined), and create a claimant profile for each claimant/applicant. c.

The Contractor will match claimant profiles against available third-data party aggregators to detect anomalies in the claimant data. These anomalies will be reported to the EDD in the dashboard format on a weekly basis.

d. The Contractor will match claimant profiles against Social Security Administration data to determine correct matches between claimant and assigned SSN owner. Contractor will report this information to EDD in the dashboard format on a weekly basis. e. The Contractor will identify additional SSNs when associated with a claimant profile. Contractor will report this information to EDD in the dashboard format on a weekly basis. f.

The Contractor will match claimant profiles against the Social Security Death Index to ensure the identity of an individual reported as deceased is not being used to apply for or receive benefits. Contractor will report this information to EDD in the dashboard format on a weekly basis.

g. The Contractor will identify claimant profiles that are found, in third-party data, to be experiencing consumer related fraud or identity theft. Contractor will report this information to EDD in the dashboard format on a weekly basis. h. The Contractor will match client profile addresses against thirdparty data addresses for disparities which may be an indicator of potential fraud. Contractor will report this information to EDD in the dashboard format on a weekly basis.

Page 29 of 696

6/3/2014 5:02 PM

p. 198

State of California

Employment Development Department

Del. #

Bid 65251

RFP # 65251

Deliverable Description/Requirements

i.

The Contractor will match claimant profile against self-reported consumer statements (i.e., reporting identity theft, etc.) for indicators of potential fraud. Contractor will report this information to EDD in the dashboard format on a weekly basis.

j.

The Contractor will have a process for receiving feedback from the EDD regarding the value of potential fraud indicators provided, with the intent of improving the process of fraud detection, eliminating false positives, and increasing the value of fraud indicators.

k.

Contractor will identify groups or clusters of claimants by occupation, geography, familial or other connection, telephone numbers or IP addresses used, or other connecting event. Contractor will report this information to EDD in the dashboard format on a weekly basis.

l.

The Contractor will provide mapping, link analysis or other graphic representation of associations listed in deliverable requirement #4.i. Contractor will report this information to EDD in the dashboard format on a weekly basis.

Contractor Agrees (Y or N)

m. The Contractor will identify for claimants that apply for benefits within a specific timeframe (to be determined by the EDD and capable of being adjusted), of when wages were first reported to the EDD. Contractor will report this information to EDD in the dashboard format on a weekly basis. n. The Contractor will match addresses provided in claimant profiles to addresses gleaned from third-party data obtained by the Contractor. Contractor will report this information to EDD in the dashboard format on a weekly basis. o. The Contractor will match claimant profiles against individuals reported as incarcerated in county jails, state or federal prisons. Contractor will report this information to EDD in the dashboard format on a weekly basis. p. The Contractor will match claimant profiles against EDD supplied database of known "bad actors" (individuals involved with fraud). Contractor will report this information to EDD in the dashboard format on a weekly basis. q. The Contractor will match claimant profile against EDD supplied database of known "bad" addresses. Contractor will report this information to EDD in the dashboard format on a weekly basis. r.

The Contractor will match claimant profiles against EDD supplied database of known "bad" I.P addresses. Contractor will report this information to EDD in the dashboard format on a weekly basis.

s. The Contractor will match claimant profiles against EDD supplied database of known "bad" telephone numbers. Contractor will report this information to EDD in the dashboard format on a weekly basis.

Page 30 of 696

6/3/2014 5:02 PM

p. 199

State of California

Employment Development Department

Del. #

Bid 65251

RFP # 65251

Deliverable Description/Requirements

t.

Contractor Agrees (Y or N)

The Contractor will identify instances where proximity between claimant and last reported employer is excessive. Contractor will report this information to EDD in the dashboard format on a weekly basis.

u. The Contractor will detect multiple claimants using the same physical address. Contractor will report this information to EDD in the dashboard format on a weekly basis. v. The Contractor will detect multiple claimants using the same mailing address. Contractor will report this information to EDD in the dashboard format on a weekly basis. w. The Contractor will match claimants against independent contractor data to detect unreported income. Contractor will report this information to EDD in the dashboard format on a weekly basis. 5.

Employer Validation Analysis: Representative run of CA employers through Pondera FDaaS™ validation models. a. The Contractor will provide a written plan for how it will validate employer data, including but not limited to EDD supplied registration data, and registration with other sources commonly used to determine legitimacy of a business. This is a one-time deliverable to be provided prior to the start of weekly live service. b. The Contractor will receive employer data from the EDD in the condition that EDD receives it from the employer (un-scrubbed and unrefined), and create an employer profile. Contractor will report this information to EDD in the dashboard format on a weekly basis. c. The Contractor will match the employer profile against thirdparty business data to identify anomalies and other potentially suspicious activity in the employer supplied business profile information. Contractor will report this information to EDD in the dashboard format on a weekly basis. d. The Contractor will match employer profiles against disparate third-party data such as invalid addresses, commercial mail receiving agencies, bankruptcy records, tax liens and other similar data sources. Contractor will report this information to EDD in the dashboard format on a weekly basis. e. The Contractor will have a demonstrated process for using EDD feedback on alerts to improve or fine-tune future detection efforts. f.

The Contractor will provide indicators of fraud on a scaled system, or with a confidence code or value index, allowing the EDD to sort or triage indicators based on their potential for fraud. Contractor will report this information to EDD in the dashboard format on a weekly basis.

Page 31 of 696

6/3/2014 5:02 PM

p. 200

State of California

Employment Development Department

Del. #

Bid 65251

RFP # 65251

Deliverable Description/Requirements

Contractor Agrees (Y or N)

g. The Contractor will identify groups or clusters of employers, corporate officers, Limited Liability Companies or Sole Proprietors, by occupation, geography, familial or other connection, telephone numbers or IP addresses used, or other connecting event. Contractor will report this information to EDD in the dashboard format on a weekly basis. h. The Contractor will provide mapping, link analysis or other graphic representation of associations listed in deliverable requirement 5.g. Contractor will report this information to EDD in the dashboard format on a weekly basis. i.

The Contractor will match employer profiles against individuals reported as incarcerated in county jails, state or federal prisons. Contractor will report this information to EDD in the dashboard format on a weekly basis.

j.

The Contractor will match employer profiles against EDD supplied database of known "bad actors" (individuals involved with fraud). Contractor will report this information to EDD in the dashboard format on a weekly basis.

k. The Contractor will match employer profiles against EDD supplied database of known "bad" addresses. Contractor will report this information to EDD in the dashboard format on a weekly basis. l.

The Contractor will match employer profiles against EDD supplied database of known "bad" IP addresses. Contractor will report this information to EDD in the dashboard format on a weekly basis.

m. The Contractor will match employer profiles against EDD supplied database of known "bad" telephone numbers. Contractor will report this information to EDD in the dashboard format on a weekly basis. n. The Contractor will identify instances where proximity between employer and claimant is excessive. Contractor will report this information to EDD in the dashboard format on a weekly basis. o. The Contractor will detect multiple employers using the same physical address. Contractor will report this information to EDD in the dashboard format on a weekly basis. p. The Contractor will detect multiple employers using the same mailing address. Contractor will report this information to EDD in the dashboard format on a weekly basis. q. The Contractor will match employer profiles against independent contractor data files to detect unreported wages. Contractor will report this information to EDD in the dashboard format on a weekly basis. r.

The Contractor will match employer profiles against business activity records to identify businesses with low or unconfirmed market activity, possibly identifying shell companies. Contractor

Page 32 of 696

6/3/2014 5:02 PM

p. 201

State of California

Employment Development Department

Del. #

Bid 65251

RFP # 65251

Deliverable Description/Requirements

Contractor Agrees (Y or N)

will report this information to EDD in the dashboard format on a weekly basis. s. The Contractor will match employer profiles against a federal debarment list identifying companies precluded from doing business with the federal government, possibly indicating fraudulent business practices. Contractor will report this information to EDD in the dashboard format on a weekly basis. t.

6.

The Contractor will match employer profiles against indictments and criminal complaints filed in state or federal jurisdictions. Contractor will report this information to EDD in the dashboard format on a weekly basis.

Claims Analysis (Predictive Models): Production-ready binary and prediction models. a. The Contractor will provide a written plan explaining how it intend to validate employer information necessary to deliver to the EDD the Pondera FDaaS™ solution. b. The Contractor will employ predictive models to proactively identify data anomalies and potentially fraudulent activities. c. The Contractor will employ comparative models to proactively identify data anomalies and potentially fraudulent activities. d. The Contractor will employ pattern recognition models to proactively identify data anomalies and potentially fraudulent activities. e. The Contractor will map results of potential fraudulent activity. Contractor will report this information to EDD in the dashboard format on a weekly basis.

7.

Data Matching Services/Production Go-Live: Once EDD has accepted all documents described in the previous deliverables, as well as the working finalized dashboard, Upon completion of the prior six deliverables, all of the elements of the Pondera FDaaS™ system will work in unison to perform the tasks described in the Scope of Work. A testNecessary testing, as determined by EDD, shall be conducted to ensure that the system functions to EDD’s satisfaction prior to the acceptance of this final deliverable and the commencement of ongoing live service with monthly payments. NOTE: See D. 2. below for information on payment withhold relating to this deliverable.upon final EDD authorization the Contractor will commence with productionready data matching services with weekly reports as previously described.

8

Production Go-Live Upon completion and EDD acceptance of the first seven deliverables, the Contractor will commence with ongoing live FDaaS™ service including weekly reports to EDD in accordance with the deliverables and requirements listed

Comment [A19]: Updated

Page 33 of 696

6/3/2014 5:02 PM

p. 202

State of California

Employment Development Department

Del. #

Bid 65251

RFP # 65251

Deliverable Description/Requirements

Contractor Agrees (Y or N) Comment [A20]: Updated

above.

56. Data Attributes The following entities and attributes represent the typical data set that is needed as an input to the FDaaS™ system. This is a broad outline of the data needs for FDaaS™ and it is desirable to receive any additional attributes that are used by a particular client within the UI space. At least three (3) years of history should be provided. The UI program has two distinct perspectives for fraud detection, the Claimant or Beneficiary side of fraud, also referred as the Benefits side, and the Employer or Business side of fraud, also referred to as the Taxation side. The data requirements for both perspectives are very distinct with a small overlap where claimants employed at a business are applying for benefits and both entities are within the same jurisdiction. a. Claimant or Beneficiary Data (Benefits) Attributes of some of the Benefits data are described below. •

Claimant Profile – has personal and demographic information at the time of filing a UI claim. This includes SSN, name, address details, email, demographic information (gender, race, education, residency, profession, marital status, military, disability, dependents, etc.), and employment and income histories (if possible).



Payment Setup Profile – includes information related to bank account(s) and bank details, payment formats, tax deduction situations, other subsidies available, etc.



Claims File – has details on dates of filing and approval, details of last employment including profession, designation, employer details, salary, etc., and information around claim rejection or closed claims and re-opened claims, etc.



Claim Adjudication – payment amounts approved, various codes and statuses to track the benefit payments approval activity, running totals on how much benefits have been paid and how much remains, tax deductions, funding of the payment amount (various codes, types related to that), adjustments, employment (or termination) confirmation, etc.



Weekly Certifications – details around weekly certification by a claimant for continued UI benefits. Typical data includes how certification was filed, when it was filed, the mode of filing details around location, IP address, email address, call center, etc., along with historical certifications and claim ID.



Payment Transaction – includes data on the actual payment transaction like dates, amounts, check number or ACH transaction details, breakdown of Page 34 of 696

6/3/2014 5:02 PM

p. 203

State of California

Employment Development Department

Bid 65251

RFP # 65251

amounts, historical data on payments, claim ID, and weekly certification ID against which the payment was issued. For all of the above, additional attributes in a source system should be included along with any historical files where previous updated information is archived, such as prior addresses, prior claims and prior payment methods or transactions. b. Employer or Business Data (Taxation) Attributes of some of the Taxation data are described below. •

Business Registration – includes the basic business information used to register for UI tax withholdings, such as names, addresses, locations, DBA, incorporation information, industry, size, principal officers, basic financial information, first tax payments date, new business versus acquired, legal entity and subsidiaries, agents responsible for UI tax payments, communication, etc.



Tax Adjudication – includes industry codes, various other codes, and statuses and types used to determine the taxation rate, UI tax rate (and historical rates), estimated tax amounts, prior delinquencies, risk rating, acquisition information, etc.



Quarterly Payments – actual details around employees on whose behalf the payments were made, quarter, year, return filing date, employee start and end dates, out of state employee information, etc.

C. Responsibilities of Parties The following describes the specific responsibilities of the Contractor and EDD under this Agreement.

1. Contractor Responsibilities: a. The Contractor shall designate a person to whom all project communications may be addressed and who has the authority to act on all aspects of the contract for services. This person shall be responsible for the overall project and shall be the contact for all invoice issues and contractor staffing issues. b. The Contractor shall comply with all applicable EDD, Department of General Services, Department of Finance and Department of Technology policies and procedures, including but not limited to policies regarding Sexual Harassment Prevention, Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, IT Security, Confidentiality and Security Training, Workplace Violence Prevention, and Emergency Preparedness. In accordance with Title 22, California Code of Regulations Section 311-1, Eeach of the Contractor’s staff performing work for this Agreement shall complete a Form 700 (see the California Fair Political Practices Commission website at www.fppc.ca.gov ). Each individual’s investments, business positions, and income including gifts, loans, and travel payments, from any source, as well as all interests in real property, must be reported on the Form 700

Comment [A21]: New language, clarification of requirement

Page 35 of 696

6/3/2014 5:02 PM

p. 204

State of California

Employment Development Department

Bid 65251

RFP # 65251

c. Where Personal Health Information (PHI) or Personal Identification (PI) is processed or stored outside of the EDD-managed network, the solution and facilities must comply with NIST 800-53 Revision 4 standards. d. Upon mutual agreement, all meetings shall be scheduled using EDD MS Outlook. All Contractor staff shall maintain their schedules of availability on their EDD MS Outlook calendars. Meetings may be in person or via conference call. e. The Contractor will maintain Key Personnel continuity throughout the life of the project. EDD will be notified, in writing, of any changes in the Key Personnel assigned to tasks. If a Key Personnel is unable to perform his or her duties due to illness, resignation, or other factors beyond the Contractor’s control, the Contractor will make every reasonable effort to provide suitable substitute Key Personnel. The substitute Key Personnel must meet all requirements of the RFP and SOW and must be approved by EDD in writing prior to initiating work.The Contractor will maintain staff continuity throughout the life of the project. EDD will be notified, in writing, of any changes in the personnel assigned to tasks. If a contractor employee is unable to perform his or her duties due to illness, resignation, or other factors beyond the Contractor’s control, the Contractor will make every reasonable effort to provide suitable substitute personnel. The substitute personnel must meet all requirements of the RFP and SOW and must be approved by EDD in writing prior to initiating work.

Comment [A22]: Requirement updated

g. The Contractor is responsible for his/her own operating expenses, overhead and clerical support.

2. EDD Responsibilities: a. The EDD Contract Manager is the contact person to whom all contractor communications may be addressed and who has the authority to act on all aspects of the services. This person will review the Agreement and associated documents with the Contractor to ensure understanding of the responsibilities of both parties. b. EDD will supply the MFLS claims data upon the mutually agreed upon intervals. c. EDD will provide sufficient access to appropriate levels of staff, business representatives, other users, and EDD management, as appropriate to facilitate the performance of consulting tasks and creation of consulting deliverables. d. EDD will review and provide comments or approval of the draft and final documents and deliverables within five (5) business days of receipt, or other mutually agreed upon date, in order for the Contractor to perform its obligations under the Agreement.

D. Invoicing and Payment 1. In consideration of services performed, EDD agrees to pay the Contractor for EDD accepted deliverables. Deliverables shall be invoiced at the fixed-cost rates detailed

Page 36 of 696

6/3/2014 5:02 PM

p. 205

State of California

Employment Development Department

Bid 65251

RFP # 65251

in accordance with Attachment B, Cost Data Sheet. A signed Formal Acceptance Form (Appendix 4) is required from the EDD SPOC before submitting an invoice. Invoices shall include the Agreement Number and shall be submitted in triplicate in arrears to: Employment Development Department Investigation Division 722 Capitol Mall, MIC 43 Sacramento, CA 95814 Attn: Steve Sheehan Invoices must include a certification statement signed by a company official, attesting to the accuracy of the invoice data. If the EDD rejects all or part of the Contractor’s work or work product, EDD shall withhold payment for the rejected work product and shall notify the contractor in writing of the reason why the work product was rejected. The Contractor shall take appropriate measures to correct the work and demonstrate to the EDD that the Contractor has successfully completed the work before payment can be made. The Contractor may not invoice EDD for any costs exceeding the maximum amount identified for each specific deliverable listed on the Cost Data Sheet Attachment B. Any excess hours to complete a deliverable shall be at no cost to EDD. 2. Payment Withhold for Deliverables 1 Through 6 In accordance with the requirements set forth in the State Contracting Manual, Section 7.33.B, the State may withhold, from the invoiced payment amount to the Contractor, an amount equal to at least ten percent (10%) of that payment. Under this Agreement, twenty five percent (25%) of the amount charged for deliverables 1 through 6 shall be withheld until EDD’s acceptance of deliverable 7. Such retained amount shall be held by the State and only released to the Contractor upon the State's determination that the Contractor has satisfactorily completed all of the required services as itemized in deliverables 1 through 7.

Comment [A23]: New language/requirement

23. Unanticipated Costs The Contractor may specify additional deliverables to meet unanticipated requirements of this SOW. Prior to commencing work on any unanticipated deliverable, the Contractor must complete a Work Authorization Form (Appendix 3) and obtain pre-approval by the EDD Contract Manager. The specified number of labor hours and the hourly wage rate for unanticipated deliverables must be based on the hourly rate specified on the Cost Data Sheet for a given job classification cannot be exceeded 34. Budget Contingency Clause It is mutually understood between the parties that this Agreement may have been written before ascertaining the availability of congressional and legislative appropriation of funds, for the mutual benefit of both parties, in order to avoid program and fiscal delays which would occur if the Agreement were executed after that determination was made.

Page 37 of 696

6/3/2014 5:02 PM

p. 206

State of California

Employment Development Department

Bid 65251

RFP # 65251

This Agreement is valid and enforceable only if (1) sufficient funds are made available by the State Budget Act of the appropriate State Fiscal Year(s) covered by this Agreement for the purposes of this program; and (2) sufficient funds are made available to the State by the United States Government or by the State of California for the Fiscal Year(s) covered by this Agreement for the purposes of this program. In addition, this Agreement is subject to any additional restrictions, limitations or conditions established by the United States Government and/or the State of California, or any statute enacted by the Congress and Legislature, which may affect the provisions, terms or funding of the Agreement in any manner. The parties mutually agree that if the Congress and/or Legislature does not appropriate sufficient funds for the program, this Agreement shall be amended to reflect any reduction in funds. The EDD has the option to terminate the Agreement under the 30-day termination clause or to amend the Agreement to reflect any reduction of funds. 45. Prompt Payment Clause Unless otherwise specified, payment will be made in accordance with Government Code §927 et. seq., as applicable. Payment shall not be due until the later of: (a) the date of acceptance of goods or performance of services; or (b) receipt of an accurate invoice.

Page 38 of 696

6/3/2014 5:02 PM

p. 207

State of California

Employment Development Department

Bid 65251

RFP # 65251

E. Special Terms and Conditions 1. Advance Work Should the Contractor begin work before receiving a copy of the approved Agreement, any work performed before approval shall be considered as having been done at the Contractor's own risk and as a volunteer. 2. Force Majeure Except for defaults of subcontractors at any tier, the Contractor shall not be liable for any excess costs if the failure to perform the Contract arises from causes beyond the control and without the fault or negligence of the Contractor. Examples of such causes include, but are not limited to: •

Acts of God or of the public enemy, and



Acts of the federal or State government in either its sovereign or contractual capacity.

If the failure to perform is caused by the default of a subcontractor at any tier, and if the cause of the default is beyond the control of both the Contractor and subcontractor, and without the fault or negligence of either, the Contractor shall not be liable for any excess costs for failure to perform. 3. Workforce Investment Act Contractor agrees to conform to nondiscrimination provisions of the Workforce Investment Act (WIA) and other federal nondiscrimination requirements as referenced in 29 CFR, Part 37. 4. Termination for Convenience This Agreement may be terminated by EDD by giving written notice to the Contractor 30 days prior to the effective date of such termination. 5. Rights in Work Product a. With the exception of all EDD’ data, of which EDD retains the exclusive right of ownership, all inventions, discoveries, intellectual property, technical communications and records originated or prepared by the Contractor pursuant to this Contract including papers, reports, charts, computer programs, and other Documentation or improvements thereto, and including the Contractor’s administrative communications and records relating to this Contract (collectively, the “Work Product”), shall be the Contractor’s exclusive property. The provisions of this sub-section a) may be revised in a Statement of Work. b. Software and other materials developed or otherwise obtained by or for the Contractor or its affiliates independently of this Contract or applicable purchase order (“Pre-Existing Materials”) do not constitute Work Product. If the Contractor creates derivative works of Pre-Existing Materials, the elements of such derivative works created pursuant to this Contract constitute Work Product, but other elements do not. Nothing in this Section will be construed to interfere with the Contractor’s or its affiliates’ ownership of Pre-Existing Materials. Page 39 of 696

6/3/2014 5:02 PM

p. 208

State of California

Employment Development Department

Bid 65251

RFP # 65251

c. The State will have Government Purpose Rights to the Work Product as Deliverable or delivered to the State hereunder. “Government Purpose Rights” are the unlimited, irrevocable, worldwide, perpetual, royalty-free, non-exclusive rights and licenses to use, modify, reproduce, perform, release, display, create derivative works from, and disclose the Work Product. “Government Purpose Rights” also include the right to release or disclose the Work Product outside the State for any State government purpose and to authorize recipients to use, modify, reproduce, perform, release, display, create derivative works from, and disclose the Work Product for any State government purpose. Such recipients of the Work Product may include, without limitation, State Contractors, California local governments, the U.S. federal government, and the State and local governments of other states. “Government Purpose Rights” do not include any rights to use, modify, reproduce, perform, release, display, create derivative works from, or disclose the Work Product for any commercial purpose. d. The ideas, concepts, know-how, or techniques relating to data processing, developed during the course of this Contract by the Contractor or jointly by the Contractor and the State may be used by either party without obligation of notice or accounting. e. This Contract shall not preclude the Contractor from developing materials outside this Contract that are competitive, irrespective of their similarity to materials which might be delivered to the State pursuant to this Contract. 6. Settlement of Disputes Any dispute concerning a question of fact arising under the term of this Agreement which is not disposed of within a reasonable period of time (ten days) by the Contractor and State employees normally responsible for the administration of this contract shall be brought to the attention of the Chief Executive Officer (or designated representative) of each organization for joint resolution. 7. Lobbying Certification The Contractor hereby assures and certifies to the lobbying restrictions set forth in 29 CFR, Part 93 (see Exhibit H). 8. Insurance Requirements Contractor agrees the insurance herein provided for shall be in effect at all times during the term of this Agreement. In the event said insurance coverage expires at any time during the term of this Agreement, Contractor agrees to provide at least 30 days prior to said expiration date, a new certificate of insurance evidencing insurance coverage as outlined below for not less than the remainder of the term of this Agreement, or for a period of not less than one year. New certificates of insurance are subject to the approval of the Department of General Services, and Contractor agrees that no work or services shall be performed prior to the giving of such approval. In the event Contractor fails to keep in effect at all times insurance coverage as herein provided, the State may, in addition to any other remedies it may have, terminate this Agreement upon the occurrence of such event. The Contractor shall provide written notice to EDD within five (5) business days of any cancellation, non-renewal, or material change that affects required insurance coverage.

Page 40 of 696

6/3/2014 5:02 PM

p. 209

State of California

Employment Development Department

Bid 65251

RFP # 65251

The Contractor shall display evidence of the following coverage on an ACORD certificate: a. General Liability Insurance - Contractor shall furnish to EDD a certificate of insurance prior to commencement of work stating there is general liability insurance in effect for the Contractor in an occurrence form with limits not less than $1,000,000 per occurrence for bodily injury and property damage combined. The certificate of insurance must include the following provision stating: The State of California, its officers, agents, employees, and servants are included as additional insured, but only with respect to work performed for EDD under this contract. The additional insured endorsement must accompany the certificate. b. Workers' Compensation and Employers Liability Insurance - Contractor shall furnish to EDD a certificate of insurance evidencing Workers’ Compensation and Employers Liability Insurance presently in effect with limits not less than $1,000,000 by an insurance carrier licensed to write Workers' Compensation insurance in California. Such certificate shall include the name of the carrier and the policy inception and expiration dates. If the Contractor is self-insured for Workers’ Compensation, a certificate must be presented evidencing Contractor is a qualified self-insurer in the State of California. 9. Intellectual Property Infringement Notwithstanding any other provision of this Agreement, Contractor is not obligated to indemnify for any claim of infringement of any patent, copyright, trademark, service mark, trade secret or other proprietary right of a third party, to the extent such claim is caused by, relates to or arises out of (a) EDD’s failure to use the Contractor’s system or services as permitted under this Agreement or (b) EDD’s configuration or use of the Contractor’s system or services in combination with other software, equipment, services, processes, elements, components or systems that are not provided by Contractor.

Comment [A24]: New language

F. EDD Information Security Requirements 1. EDD data must remain in the continental United States of America at all times. 2. For facilities or systems where EDD data is processed, transferred or stored, the Contractor shall comply with all EDD security policies and procedures, California State Administrative Manual (SAM) 5300 requirements, and applicable FIPS and NIST requirements and guidelines. The Contractor shall comply with all EDD security policies and procedures, California State Administrative Manual (SAM) 5300 requirements, and applicable FIPS and NIST requirements and guidelines. 3. The solution must incorporate security controls as specified in the latest revision of NIST SP 800-53 for a system categorized as MODERATE impact. The system shall not contain law enforcement data. 4. Security controls must be documented in a System Security Plan (SSP) that is prepared in compliance with the latest revision of NIST SP 800-18 and augmented by EDD SSP required sections as illustrated in the EDD SSP template (see Appendix 1) which includes a data flow diagram, system boundaries, interfaces,

Comment [A25]: Updated language.

Page 41 of 696

6/3/2014 5:02 PM

p. 210

State of California

Employment Development Department

Bid 65251

RFP # 65251

volume and nature of data, location of system,. etc. Special consideration should be made in documenting access control, audit logging, system communication, and handling and destruction of data. 5. At the Contractor’s expense, the system must be accredited by an independent party approved or designated by the EDD ISO prior to being populated by EDD data. 6. No IRS, DMV, SSA, FTB, or non-EDD data will be provided without the express, written permission of the authorized official of the Agency/entity that owns the data. 7. No EDD data will be provided without the express, written permission of the Deputy Director of the branch that owns the data. 8. The EDD data shall not be provided to the Contractor without EDD ISO evaluation, validation, and acceptance of system security controls as documented in the SSP. 9. All transmission of EDD data must be encrypted utilizing only FIPS approved cryptography (FIPS 140-2). 10. All remote access to EDD data must be protected utilizing, at a minimum, two-factor authentication. 11. Security risk assessments will be conducted, documented, and evaluated throughout the life-cycle of the project; at a minimum during the design phase, prior to data transfer, and prior to implementation. 12. A Privacy Impact Assessment will be conducted and a copy will be provided to the Contractor (see Appendix 2) 13. A strategy document will be submitted that will describe how EDD data will be protected at all times (e.g., in transit, at rest, during analytics, data disposal, limiting access, etc.). 14. Only Contractor personnel who have passed a DOJ fingerprint/background check will be allowed to have access to EDD data. A conviction for embezzlement, identity theft or similar computer related crimes shall be basis for disqualifying Contractor personnel from participating. 15. Should the solution incorporate a cloud-computing component, the cloud service provider and system will also be subject to FedRAMP controls and accreditation. 16. Social Security Administration Security Guidelines The EDD maintains an agreement with the Social Security Administration (SSA) to protect all data received from SSA. As part of this agreement, it agrees to comply with a document called “Electronic Information Exchange Security Requirements, Guidelines, and Procedures for Federal, State and Local Agencies Exchanging Electronic Information with the Social Security Administration”. This document is designated “sensitive” by the SSA so is provided securely where required. 17. Department of Motor Vehicles Security Guidelines The EDD maintains an agreement with the Department of Motor Vehicles (DMV) to protect all data received from DMV. As part of this agreement, it agrees to ensure compliance with all the security provisions within a document called “DMV Electronic Access Requirements”. This document is designated “sensitive” so is provided securely where required. G. Protection of Confidentiality

Page 42 of 696

6/3/2014 5:02 PM

p. 211

State of California

Employment Development Department

Bid 65251

RFP # 65251

Federal and state confidentiality laws, regulations, and administrative policies classify all EDD information provided under this Agreement as confidential. The federal and state laws prohibit disclosure of EDD’s confidential information to the public and mandate its protection against loss and against unauthorized access, use, disclosure, modification, or destruction. The Contractor must therefore, agree to the following security and confidentiality requirements: 1. Administrative Safeguards a. Adopt policies and procedures to ensure use of EDD’s confidential information solely for purposes specifically authorized under this Agreement that meets the requirements of Title 20, Code of Federal Regulations §603.10. b. Warrant by execution of this Agreement, that no person or selling agency has been employed or retained to solicit or secure this Agreement upon agreement or understanding for a commission, percentage, brokerage, or contingent fee. In the event of a breach or violation of this warranty, EDD shall have the right to annul this Agreement without liability, in addition to other remedies provided by law. c. Warrant and certify that in the performance of this Agreement you will comply with all applicable statutes, rules, and/or regulations and Agreement information security requirements, including but not limited to the following: •

Unemployment Insurance Code §1094 (Disclosure Prohibitions)



Title 20, Code of Federal Regulations §603.9 and §603.10 (Federal Unemployment Compensation Safeguards and Security Requirements)



Civil Code §1798, et seq. (Information Practices Act)



Penal Code §502 (Computer Fraud Act )



Title 5, U.S. Code §552a (Federal Privacy Act Disclosure Restrictions)



Title 42, U.S. Code §503 (Social Security Act)



Title 18, U.S. Code §1905 (Disclosure of Confidential Information)

d. Except for State Agencies, agree to indemnify the EDD against any loss, cost, damage or liability resulting from violations of these applicable statutes, rules and/or regulations and Agreement information security requirements. e. Protect EDD’s information against unauthorized access, at all times, in all forms of media. Access and use the information obtained under this Agreement only to the extent necessary to assist in the valid administrative needs of the program receiving such information and only for the purposes defined in this Agreement. f.

Keep all EDD confidential information completely confidential. Make this information available to authorized personnel on a "need-to-know" basis and only for the purposes authorized under this Agreement. “Need to know” refers to

Page 43 of 696

6/3/2014 5:02 PM

p. 212

State of California

Employment Development Department

Bid 65251

RFP # 65251

those authorized personnel who need information to perform their official duties in connection with the uses of the information authorized by this Agreement. g. Notify the EDD Information Security Office (ISO) at (916) 654-6231, immediately upon discovery, that there may have been a breach in security which has or may have resulted in compromise to the confidential information. For purposes of this section, immediately is defined within 24 hours of discovery of the breach. The notification shall be by phone and the caller shall speak directly with a person in the EDD ISO. It is not sufficient to simply leave a message. The notification must include a detailed description of the incident (such as time, date, location, and circumstances) and identifying responsible personnel (name, title and contact information). The verbal notification shall be followed with an email notification to .

2. Management Safeguards a. Acknowledge that the confidential information obtained by the CotnractorContractor under this Agreement remains the property of EDD.

Comment [A26]: Correction

b. Instruct all personnel assigned to work with the information provided under this Agreement regarding the following: •

Confidential nature of the EDD information.



Requirements of this Agreement.



Sanctions specified in federal and state unemployment compensation laws and of any other relevant statutes against unauthorized disclosure of confidential information provided by EDD.

c. Require that all personnel assigned to work with the information provided by EDD complete the EDD Confidentiality Agreement (Attachment D1). d. Return the following completed documents to the EDD Contract Services Group: o

EDD Indemnity Agreement (Attachment D2): Required to be completed by the Contractor’s Chief Financial Officer or authorized Management Representative, unless the Contractor is a State Agency.

o

EDD Statement of Responsibility Information Security Certification (Attachment D3): Required to be completed by the Information Security Officer or authorized Management Representative.

e. Subject to receipt of reasonable prior written notice, permit EDD to make on-site inspections at locations where the services are being performed to ensure that the terms of this Agreement are being met. Permit EDD to make on-site inspections to ensure that the terms of this Agreement are being met. Make available to EDD staff, on request and during on-site reviews, copies of the EDD Confidentiality Agreement (Attachment D1) completed by personnel assigned to work with EDD’s confidential information and hereby made a part of this Agreement f.

Comment [A27]: Update to requirement

Maintain a system of records sufficient to allow an audit of compliance with the requirements under subsection (d) of this part. Permit EDD to make on-site inspections to ensure that the requirements of federal and state privacy, Page 44 of 696

6/3/2014 5:02 PM

p. 213

State of California

Employment Development Department

Bid 65251

RFP # 65251

confidentiality and unemployment compensation statutes and regulations are being met including but not limited to Social Security Act §1137(a)(5)(B). EDD will not request proprietary information or confidential information that is unrelated to the services performed by EDD.

Comment [A28]: New language

3. Usage, Duplication, and Redisclosure Safeguards a. Use EDD’s confidential information only for purposes specifically authorized under this Agreement. The information is not admissible as evidence in any action or special proceeding except as provided under Section 1094(b) of the Unemployment Insurance Code. Section 1095(u) of the Unemployment Insurance Code does not authorize the use of EDD’s confidential information by any private collection agency. b. Extraction or use of the EDD information for any purpose outside the purposes stated in this Agreement is strictly prohibited. The information obtained under this Agreement shall not be reproduced, published, sold or released in original or any other form not specifically authorized under this Agreement. c. Disclosure of any EDD information to any person or entity not specifically authorized in this Agreement is strictly prohibited. Personnel assigned to work with EDD’s confidential information shall not reveal or divulge to any person or entity any of the confidential information provided under this Agreement except as authorized or required by law. 4. Physical Safeguards a. Take precautions to ensure that only authorized personnel are given access to physical, electronic and on-line files. Store electronic and hard copy information in a place physically secure from access by unauthorized persons. Process and store information in electronic format, such as magnetic tapes or discs, in such a way that unauthorized persons cannot retrieve the information by means of computer, remote terminal or other means. b. Secure and maintain any computer systems (network, hardware and software applications) that will be used in the performance of this Agreement. This includes ensuring that all security patches, upgrades, and anti-virus updates are applied as appropriate to secure data that may be used, transmitted or stored on such systems in the performance of this Agreement c. Store all EDD confidential documents in a physically secure manner at all times to prevent unauthorized access. d. Store EDD’s confidential electronic records in a secure central computer facility. Where in-use on a shared computer system or any shared data storage system, ensure appropriate information security protections are in place. The Contractor shall ensure that appropriate security access controls, storage protections and use restrictions are in place to keep the confidential information in the strictest confidence and shall make the information available to its own personnel on a "need-to-know” basis only. e. A Cloud Computing Environment Cannot Be Used to Receive, Transmit, Store, Or Process EDD’s Confidential Data. Page 45 of 696

6/3/2014 5:02 PM

p. 214

State of California

Employment Development Department f.

Bid 65251

RFP # 65251

Store EDD confidential data in encrypted format when recorded on removable electronic storage media, or on mobile computing devices, such as a laptop computer.

g. Maintain an audit trail and record data access of authorized users and authorization level of access granted to EDD’s data, based on job function. h. Direct all personnel permitted to use EDD’s data to avoid leaving the data displayed on their computer screens where unauthorized users may view it. Personnel should retrieve computer printouts as soon as they are generated so that the EDD data is not left unattended in printers where unauthorized personnel may access them. i.

Dispose of confidential information obtained from EDD, and any copies thereof made by the contractor, after the purpose for which the confidential information is disclosed is served. Disposal means return of the confidential information to EDD or destruction of the information utilizing an approved method of confidential destruction, which includes electronic deletion (following Department of Defense specifications) shredding, burning, certified or witnessed destruction.

Page 46 of 696

6/3/2014 5:02 PM

p. 215

State of California

Employment Development Department

Bid 65251

RFP # 65251

Attachment A. Key Staff Qualifications Complete this attachment (or a table or spreadsheet similar to it) for each of the proposed key staff. Failure to complete this attachment may be cause for rejection of the offer. Experience Qualifications

Number of Years

Name of project(s), staff role and the relevant experience on the project(s). List dates of each engagement

Reference 1 information : name, e-mail address, phone number

Mandatory: Minimum two (2) years of experience customizing and operating data analytics systems. Mandatory: At least one (1) year experience with benefit fraud detection Desirable: Demonstrated expertise in Unemployment Insurance fraud Desirable: Demonstrated expertise in Disability Insurance fraud Desirable: Demonstrated expertise in employer withholding fraud Desirable: Demonstrated expertise in data mining Desirable: Demonstrated expertise in dynamic modeling

Describe previous experience with data analytic systems. Include the following information (attach additional sheets as needed): • Client/project name • Client name, contact name, and contact telephone number • Start date and end date for each client/project • Overview of the contractor staff person’s role on the respective project • Final disposition of the services and/or products provided to the client 1

List at least two references in this column. Two references are not required for each row, instead a minimum of two references is required for each staff person.

Page 47 of 696

6/3/2014 5:02 PM

p. 216

State of California

Bid 65251

Employment Development Department

RFP # 65251

Attachment B. Cost Data Sheet For each deliverable, identify the contract staff to be assigned to that deliverable and the associated hours and costs for completing that deliverable in the table below. Deliverables are paid on a fixed-price basis. The Contractor may not invoice the State for any costs exceeding the maximum amount identified to complete a deliverable. Any excess hours to complete a deliverable shall be the expense of the Contractor. Include 500 discretionary hours for unanticipated deliverables which may be required by the State under this agreement. Respondent must list a maximum hourly wage rate that will not be exceeded for any job classification that performs unanticipated tasks. Unanticipated deliverables will be reimbursed as specified in the approved Work Authorization for unanticipated deliverables. Del. #

Deliverable

Staff Name(s)

1

Requirements Validation Document

2

Source Data Recommendations Document

3

Dashboard Design and Development

4

Beneficiary Validation Analysis

5

Employer Validation Analysis

6

Claims Analysis (Predictive Models)

Hourly Rate

Estimated Total Hours

Cost

Staff Subtotal 7

Data Matching Services/Production Go-Live (12 months of live service with weekly reports)

12 months (monthly rate)

Unanticipated Deliverables

500 hours

Total Agreement Cost (Staff Subtotal + 12 months of Data Matching Services/Production Go-Live + Unanticipated Deliverables) Del. #

Deliverable

1

Requirements Validation Document

2

Source Data Recommendations Document

3

Dashboard Design and Development

Staff Name(s)

Hourly Rate

Estimated Total Hours

Cost

25% Withhold Amount (see Section III D. 2.) Comment [A29]: Cost table reformatted

Page 48 of 696

6/3/2014 5:02 PM

p. 217

State of California

Employment Development Department

4

Beneficiary Validation Analysis

5

Employer Validation Analysis

6

Claims Analysis (Predictive Models)

7

Data Matching Services

Bid 65251

RFP # 65251

(sum of withhold amounts for deliverables # 1—6)

Staff Subtotal 88

Production Go-Live (12 months of live service with weekly reports)

12 months (monthly rate)

Unanticipated Deliverables

500 hours

(Maximum hourly bill rate)

Unanticipated Deliverables

500 hours

Total Agreement Cost (Staff Subtotal + 12 months of Production Go-Live + Unanticipated Deliverables)

Page 49 of 696

6/3/2014 5:02 PM

p. 218

State of California

Employment Development Department

Bid 65251

RFP # 65251

Attachment C1. Confidentiality Agreement

Page 50 of 696

6/3/2014 5:02 PM

p. 219

State of California

Employment Development Department

Bid 65251

RFP # 65251

Attachment C2. Indemnity Agreement

Page 51 of 696

6/3/2014 5:02 PM

p. 220

State of California

Employment Development Department

Bid 65251

RFP # 65251

Attachment C3. Statement of Responsibility

Page 52 of 696

6/3/2014 5:02 PM

p. 221

State of California

Employment Development Department

Bid 65251

RFP # 65251

Attachment D WORKERS’ COMPENSATION CERTIFICATION The undersigned in submitting this document hereby certifies the following: I am aware of the provisions of section 3700 of the California Labor Code which requires every employer to be insured against liability for workers’ compensation or to undertake self-insurance in accordance with such provisions before commencing the performance of the work of this Agreement.

________________________________ ________________________________ Signature Date

________________________________ ________________________________ Name and Title (Print or Type) Street Address

________________________________ ________________________________ Firm Name City, State, Zip

Page 53 of 696

6/3/2014 5:02 PM

p. 222

Employment Development Department

State of California

RFP # 65251

Bid 65251

Page 1 of 2

Attachment E CERTIFICATION REGARDING DEBARMENT, SUSPENSION, INELIGIBILITY AND VOLUNTARY EXCLUSION LOWER TIER COVERED TRANSACTION

This certification is required by the regulations implementing Executive Order, 12549, Debarment and Suspension, 29 CFR Part 98, Section 98.510, Participants’ responsibilities. The regulations were published as Part VII of the May 26, 1988, Federal Register (Pages 19160-19211).

(BEFORE COMPLETING CERTIFICATION, READ INSTRUCTIONS WHICH ARE AN INTEGRAL PART OF THE CERTIFICATION.)

1.

The prospective recipient of Federal assistance funds certifies, by submission of this proposal, that neither it nor its principals are presently debarred, suspended, proposed for debarment, declared ineligible, or voluntarily excluded from participation in this transaction by any Federal department or agency.

2.

Where the prospective recipient of Federal assistance funds is unable to certify to any of the statements in this certification, such prospective participant shall attach an explanation to this proposal.

Name and Title of Authorized Representative

Signature

FD118 (Rev. 9/22/04) 6/3/2014 5:02 PM

Date

Page 51 of 69 p. 223

Employment Development Department

State of California

RFP # 65251

Bid 65251

Page 2 of 2

INSTRUCTIONS FOR CERTIFICATION

1.

By signing and submitting this proposal, the prospective recipient of Federal assistance funds is providing the certification as set out below.

2.

The certification in this clause is material representation of fact upon which reliance was placed when this transaction was entered into. If it is later determined that the prospective recipient of Federal assistance funds knowingly rendered an erroneous certification, in addition to other remedies available to the Federal Government, the Department of Labor (DOL) may pursue available remedies, including suspension and/or debarment.

3.

The prospective recipient of Federal assistance funds shall provide immediate written notice to the person to whom this proposal is submitted if at any time the prospective recipient of Federal assistance funds learns that its certification was erroneous when submitted or has become erroneous by reason of changed circumstances.

4.

The terms “covered transaction,” “debarred,” “suspended,” “ineligible,” “lower tier covered transaction,” “participant,” “person,” “primary covered transaction,” “principal,” “proposal,” and “voluntarily excluded,” as used in this clause, have the meanings set out in the Definitions and Coverage sections of rules and implementing Executive Order 12549. You may contact the person to whom this proposal is submitted for assistance in obtaining a copy of those regulations.

5.

The prospective recipient of Federal assistance funds agrees by submitting this proposal that, should the proposed covered transaction be entered into, it shall not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible, or voluntarily excluded from participation in this covered transaction, unless authorized by the DOL.

6.

The prospective recipient of Federal assistance funds further agrees by submitting this proposal that it will include the clause titled “Certification Regarding Debarment, Suspension, Ineligibility and Voluntary Exclusion--Lower Tier Covered Transactions, “without modification, in all lower tier covered transaction and in all solicitations for lower tier covered transactions.

7.

A participant in a covered transaction may rely upon a certification of a prospective participant in a lower tier covered transaction that it is not debarred, suspended, ineligible, or voluntarily excluded from the covered transaction, unless it knows that the certification is erroneous. A participant may decide the method and frequency by which it determines the eligibility of its principals. Each participant may but is not required to, check the List of Parties Excluded From Procurement or Nonprocurement Programs.

8.

Nothing contained in the foregoing shall be construed to require establishment of a system of records in order to render in good faith the certification required by this clause. The knowledge and information of a participant is not required to exceed that which is normally possessed by a prudent person in the ordinary course of business dealings.

9.

Except for transactions authorized under paragraph 5 of these instructions, if a participant in a covered transaction knowingly enters into a lower tier covered transaction with a person who is suspended, debarred, ineligible, or voluntary excluded from participation in this transaction, in addition to other remedies available to the Federal Government, the DOL may pursue available remedies, including suspension and/or debarment.

FD118 (Rev. 9/22/04) 6/3/2014 5:02 PM

Page 52 of 69 p. 224

State of California

Employment Development Department

RFP # 65251

Bid 65251

Attachment F STATE OF CALIFORNIA-DEPARTMENT OF FINANCE

PAYEE DATA RECORD (Required when receiving payment from the State of California in lieu of IRS W-9) STD. 204 (REV. 6-2003)

1

INSTRUCTIONS: Complete all information on this form. Sign, date, and return to the State agency (department/office) address shown at the bottom of this page. Prompt return of this fully completed form will prevent delays when processing payments. Information provided in this form will be used by State agencies to prepare Information Returns (1099). See reverse side for more Information and Privacy Statement. NOTE: Governmental entities, federal, State, and local (including school districts), are not required to submit this form.

PAYEE’S LEGAL BUSINESS NAME

2

(Type or Print)

SOLE PROPRIETOR - ENTER NAME AS SHOWN ON SSN (Last, First, M.I.) MAILING ADDRESS

BUSINESS ADDRES

CITY, STATE, ZIP CODE

CITY, STATE, ZIP CODE

ENTER FEDERAL EMPLOYER IDENTIFICATION (FEIN):

-

3 PARTNERSHIP

PAYEE ENTITY TYPE CHECK ONE BOX ONLY

E-MAIL ADDRESS

ESTATE OR TRUST

CORPORATION: MEDICAL (e.g., dentistry, psychotherapy, chiropractic, etc.) LEGAL (e.g., attorney services) EXEMPT (nonprofit)

NOTE: Payment will not be processed without an accompanying taxpayer I.D. number.

ALL OTHERS

-

INDIVIDUAL OR SOLE PROPRIETOR ENTER SOCIAL SECURITY NUMBER:

-

(SSN required by authority of California Revenue and Tax Code Section 18646)

California resident - Qualified to do business in California or maintains a permanent place of business in California.

4 PAYEE RESIDENCY STATUS

5

California nonresident (see reverse side) - Payments to nonresidents for services may be subject to State income tax withholding. No services performed in California. Copy of Franchise Tax Board waiver of State withholding attached.

I hereby certify under penalty of perjury that the information provided on this document is true and correct. Should my residency status change, I will promptly notify the State agency below. AUTHORIZED PAYEE REPRESENTATIVE’S NAME (Type or Print) SIGNATURE

TITLE

DATE

TELEPHONE ) (

Please return completed form to:

6

Department/Office: EDD Unit/Section: Contract Services Group Mailing Address: 800 Capitol Mall MIC 62-C City/State/Zip: Sacramento, CA 95814 Telephone: 916-654-7987

Fax: 916-449-1565

E-mail Address: [email protected]

STD. 204 (Rev. 6-2003) (INTRANET)

6/3/2014 5:02 PM

Page 1 of 2

Page 53 of 69

CU

p. 225

Employment Development Department

State of California

RFP # 65251

Bid 65251

STATE OF CALIFORNIA-DEPARTMENT OF FINANCE

PAYEE DATA RECORD (Required when receiving payment from the State of California in lieu of IRS W-9) STD. 204 (REV. 6-2003) (REVERSE)

Requirement to Complete Payee Data Record, STD. 204

1

A completed Payee Data Record, STD. 204, is required for payments to all non-governmental entities and will be kept on file at each State agency. Since each State agency with which you do business must have a separate STD. 204 on file, it is possible for a payee to receive this form from various State agencies. Payees who do not wish to complete the STD. 204 may elect to not do business with the State. If the payee does not complete the STD. 204 and the required payee data is not otherwise provided, payment may be reduced for federal backup withholding and nonresident State income tax withholding. Amounts reported on Information Returns (1099) are in accordance with the Internal Revenue Code and the California Revenue and Taxation Code.

2

Enter the payee’s legal business name. Sole proprietorships must also include the owner’s full name. An individual must list his/her full name. The mailing address should be the address at which the payee chooses to receive correspondence. Do not enter payment address or lock box information here.

3

Check the box that corresponds to the payee business type. Check only one box. Corporations must check the box that identifies the type of corporation. The State of California requires that all parties entering into business transactions that may lead to payment(s) from the State provide their Taxpayer Identification Number (TIN). The TIN is required by the California Revenue and Taxation Code Section 18646 to facilitate tax compliance enforcement activities and the preparation of Form 1099 and other information returns as required by the Internal Revenue Code Section 6109(a). The TIN for individuals and sole proprietorships is the Social Security Number (SSN). Only partnerships, estates, trusts, and corporations will enter their Federal Employer Identification Number (FEIN). Are you a California resident or nonresident?

4

A corporation will be defined as a “resident” if it has a permanent place of business in California or is qualified through the Secretary of State to do business in California. A partnership is considered a resident partnership if it has a permanent place of business in California. An estate is a resident if the decedent was a California resident at time of death. A trust is a resident if at least one trustee is a California resident. For individuals and sole proprietor, the term “resident” includes every individual who is in California for other than a temporary or transitory purpose and any individual domiciled in California who is absent for a temporary or transitory purpose. Generally, an individual who comes to California for a purpose that will extend over a long or indefinite period will be considered a resident. However, an individual who comes to perform a particular contract of short duration will be considered a nonresident. Payments to all nonresidents may be subject to withholding. Nonresident payees performing services in California or receiving rent, lease, or royalty payments from property (real or personal) located in California will have 7% of their total payments withheld for State income taxes. However, no withholding is required if total payments to the payee are $1,500 or less for the calendar year. For information on Nonresident Withholding, contact the Franchise Tax Board at the numbers listed below: Withholding Services and Compliance Section: 1-888-792-4900 E-mail address: [email protected] For hearing impaired with TDD, call: 1-800-822-6268 Website: www.ftb.ca.gov

5

Provide the name, title, signature, and telephone number of the individual completing this form. Provide the date the form was completed.

6

This section must be completed by the State agency requesting the STD. 204. Privacy Statement Section 7(b) of the Privacy Act of 1974 (Public Law 93-579) requires that any federal, State, or local governmental agency, which requests an individual to disclose their social security account number, shall inform that individual whether that disclosure is mandatory or voluntary, by which statutory or other authority such number is solicited, and what uses will be made of it. It is mandatory to furnish the information requested. Federal law requires that payment for which the requested information is not provided is subject to federal backup withholding and State law imposes noncompliance penalties of up to $20,000. You have the right to access records containing your personal information, such as your SSN. To exercise that right, please contact the business services unit or the accounts payable unit of the State agency(ies) with which you transact that business. All questions should be referred to the requesting State agency listed on the bottom front of this form.

STD. 204 (Rev. 6-2003) (INTRANET)

6/3/2014 5:02 PM

Page 2 of 2

Page 54 of 69

CU

p. 226

Employment Development Department

State of California

RFP # 65251

Bid 65251

Attachment G CCC-307 CERTIFICATION I, the official named below, CERTIFY UNDER PENALTY OF PERJURY that I am duly authorized to legally bind the prospective Contractor to the clause(s) listed below. This certification is made under the laws of the State of California. Contractor/Bidder Firm Name (Printed)

Federal ID Number

By (Authorized Signature) Printed Name and Title of Person Signing Date Executed

Executed in the County of

CONTRACTOR CERTIFICATION CLAUSES 1. STATEMENT OF COMPLIANCE: Contractor has, unless exempted, complied with the nondiscrimination program requirements. (Gov. Code §12990 (a-f) and CCR, Title 2, Section 8103) (Not applicable to public entities.) 2. DRUG-FREE WORKPLACE REQUIREMENTS: Contractor will comply with the requirements of the Drug-Free Workplace Act of 1990 and will provide a drug-free workplace by taking the following actions: a. Publish a statement notifying employees that unlawful manufacture, distribution, dispensation, possession or use of a controlled substance is prohibited and specifying actions to be taken against employees for violations. b. Establish a Drug-Free Awareness Program to inform employees about: 1) the dangers of drug abuse in the workplace; 2) the person's or organization's policy of maintaining a drug-free workplace; 3) any available counseling, rehabilitation and employee assistance programs; and, 4) penalties that may be imposed upon employees for drug abuse violations. c. Every employee who works on the proposed Agreement will: 1) receive a copy of the company's drug-free workplace policy statement; and, 2) agree to abide by the terms of the company's statement as a condition of employment on the Agreement. Failure to comply with these requirements may result in suspension of payments under the Agreement or termination of the Agreement or both and Contractor may be ineligible for award of any future State agreements if the department determines that any of the following has occurred: the Contractor has made false certification, or violated the

Page 55 of 69 6/3/2014 5:02 PM

p. 227

Employment Development Department

State of California

RFP # 65251

Bid 65251

certification by failing to carry out the requirements as noted above. (Gov. Code §8350 et seq.) 3. NATIONAL LABOR RELATIONS BOARD CERTIFICATION: Contractor certifies that no more than one (1) final unappealable finding of contempt of court by a Federal court has been issued against Contractor within the immediately preceding two-year period because of Contractor's failure to comply with an order of a Federal court, which orders Contractor to comply with an order of the National Labor Relations Board. (Pub. Contract Code §10296) (Not applicable to public entities.) 4. CONTRACTS FOR LEGAL SERVICES $50,000 OR MORE- PRO BONO REQUIREMENT: Contractor hereby certifies that contractor will comply with the requirements of Section 6072 of the Business and Professions Code, effective January 1, 2003. Contractor agrees to make a good faith effort to provide a minimum number of hours of pro bono legal services during each year of the contract equal to the lessor of 30 multiplied by the number of full time attorneys in the firm’s offices in the State, with the number of hours prorated on an actual day basis for any contract period of less than a full year or 10% of its contract with the State. Failure to make a good faith effort may be cause for non-renewal of a state contract for legal services, and may be taken into account when determining the award of future contracts with the State for legal services. 5. EXPATRIATE CORPORATIONS: Contractor hereby declares that it is not an expatriate corporation or subsidiary of an expatriate corporation within the meaning of Public Contract Code Section 10286 and 10286.1, and is eligible to contract with the State of California. 6. SWEATFREE CODE OF CONDUCT: a. All Contractors contracting for the procurement or laundering of apparel, garments or corresponding accessories, or the procurement of equipment, materials, or supplies, other than procurement related to a public works contract, declare under penalty of perjury that no apparel, garments or corresponding accessories, equipment, materials, or supplies furnished to the state pursuant to the contract have been laundered or produced in whole or in part by sweatshop labor, forced labor, convict labor, indentured labor under penal sanction, abusive forms of child labor or exploitation of children in sweatshop labor, or with the benefit of sweatshop labor, forced labor, convict labor, indentured labor under penal sanction, abusive forms of child labor or exploitation of children in sweatshop labor. The contractor further declares under penalty of perjury that they adhere to the Sweatfree Code of Conduct as set forth on the California Department of Industrial Relations website located at www.dir.ca.gov, and Public Contract Code Section 6108. b. The contractor agrees to cooperate fully in providing reasonable access to the contractor’s records, documents, agents or employees, or premises if reasonably required by authorized officials of the contracting agency, the Department of Industrial Relations,

Page 56 of 69 6/3/2014 5:02 PM

p. 228

Employment Development Department

State of California

RFP # 65251

Bid 65251

or the Department of Justice to determine the contractor’s compliance with the requirements under paragraph (a). 7. DOMESTIC PARTNERS: For contracts over $100,000 executed or amended after January 1, 2007, the contractor certifies that contractor is in compliance with Public Contract Code section 10295.3.

DOING BUSINESS WITH THE STATE OF CALIFORNIA The following laws apply to persons or entities doing business with the State of California. 1. CONFLICT OF INTEREST: Contractor needs to be aware of the following provisions regarding current or former state employees. If Contractor has any questions on the status of any person rendering services or involved with the Agreement, the awarding agency must be contacted immediately for clarification. Current State Employees (Pub. Contract Code §10410): 1). No officer or employee shall engage in any employment, activity or enterprise from which the officer or employee receives compensation or has a financial interest and which is sponsored or funded by any state agency, unless the employment, activity or enterprise is required as a condition of regular state employment. 2). No officer or employee shall contract on his or her own behalf as an independent contractor with any state agency to provide goods or services. Former State Employees (Pub. Contract Code §10411): 1). For the two-year period from the date he or she left state employment, no former state officer or employee may enter into a contract in which he or she engaged in any of the negotiations, transactions, planning, arrangements or any part of the decision-making process relevant to the contract while employed in any capacity by any state agency. 2). For the twelve-month period from the date he or she left state employment, no former state officer or employee may enter into a contract with any state agency if he or she was employed by that state agency in a policy-making position in the same general subject area as the proposed contract within the 12-month period prior to his or her leaving state service. If Contractor violates any provisions of above paragraphs, such action by Contractor shall render this Agreement void. (Pub. Contract Code §10420) Members of boards and commissions are exempt from this section if they do not receive payment other than payment of each meeting of the board or commission, payment for preparatory time and payment for per diem. (Pub. Contract Code §10430 (e))

Page 57 of 69 6/3/2014 5:02 PM

p. 229

Employment Development Department

State of California

RFP # 65251

Bid 65251

2. LABOR CODE/WORKERS' COMPENSATION: Contractor needs to be aware of the provisions which require every employer to be insured against liability for Worker's Compensation or to undertake self-insurance in accordance with the provisions, and Contractor affirms to comply with such provisions before commencing the performance of the work of this Agreement. (Labor Code Section 3700) 3. AMERICANS WITH DISABILITIES ACT: Contractor assures the State that it complies with the Americans with Disabilities Act (ADA) of 1990, which prohibits discrimination on the basis of disability, as well as all applicable regulations and guidelines issued pursuant to the ADA. (42 U.S.C. 12101 et seq.) 4. CONTRACTOR NAME CHANGE: An amendment is required to change the Contractor's name as listed on this Agreement. Upon receipt of legal documentation of the name change the State will process the amendment. Payment of invoices presented with a new name cannot be paid prior to approval of said amendment. 5. CORPORATE QUALIFICATIONS TO DO BUSINESS IN CALIFORNIA: a. When agreements are to be performed in the state by corporations, the contracting agencies will be verifying that the contractor is currently qualified to do business in California in order to ensure that all obligations due to the state are fulfilled. b. "Doing business" is defined in R&TC Section 23101 as actively engaging in any transaction for the purpose of financial or pecuniary gain or profit. Although there are some statutory exceptions to taxation, rarely will a corporate contractor performing within the state not be subject to the franchise tax. c. Both domestic and foreign corporations (those incorporated outside of California) must be in good standing in order to be qualified to do business in California. Agencies will determine whether a corporation is in good standing by calling the Office of the Secretary of State. 6. RESOLUTION: A county, city, district, or other local public body must provide the State with a copy of a resolution, order, motion, or ordinance of the local governing body which by law has authority to enter into an agreement, authorizing execution of the agreement. 7. AIR OR WATER POLLUTION VIOLATION: Under the State laws, the Contractor shall not be: (1) in violation of any order or resolution not subject to review promulgated by the State Air Resources Board or an air pollution control district; (2) subject to cease and desist order not subject to review issued pursuant to Section 13301 of the Water Code for violation of waste discharge requirements or discharge prohibitions; or (3) finally determined to be in violation of provisions of federal law relating to air or water pollution. 8. PAYEE DATA RECORD FORM STD. 204: This form must be completed by all contractors that are not another state agency or other governmental entity.

Page 58 of 69 6/3/2014 5:02 PM

p. 230

Employment Development Department

State of California

RFP # 65251

Bid 65251

S:\ADMIN\HOMEPAGE\CCC\draft CCC-307.doc

Page 59 of 69 6/3/2014 5:02 PM

p. 231

Employment Development Department

State of California

RFP # 65251

Bid 65251

Attachment H CERTIFICATION REGARDING LOBBYING CERTIFICATION FOR CONTRACTS, GRANTS, LOANS, AND COOPERATIVE AGREEMENTS The undersigned certifies, to the best of his or her knowledge and belief, that: (1) No Federal appropriated funds have been paid or will be paid, by or on behalf of the undersigned, to any person for influencing or attempting to influence an officer or employee of an agency, a Member of Congress, an officer or employee of Congress, or an employee of a Member of Congress in connection with the awarding of any Federal contract, the making of any Federal grant, the making of any Federal loan, the entering into of any cooperative agreement, and the extension, continuation, renewal, amendment, or modification of any Federal contract, grant, loan, or cooperative agreement. (2) If any funds other than Federal appropriated funds have been paid or will be paid to any person for influencing or attempting to influence an officer or employee of any agency, a Member of Congress, an officer or employee of Congress, or an employee of a member of Congress in connection with this Federal contract, grant, loan, or cooperative agreement, the undersigned shall complete and submit Standard Form-LLL, "Disclosure Form to Report Lobbying," in accordance with its instructions. (3) The undersigned shall require that the language of this certification be included in the award documents for all* subawards at all tiers (including subcontracts, subgrants and contracts under grants, loans, and cooperative agreements) and that all* subrecipients shall certify and disclose accordingly. This certification is a material representation of fact upon which reliance was placed when this transaction was made or entered into. Submission of this certification is a prerequisite for making or entering into this transaction imposed by Section 1352, Title 31, U.S. Code. Any person who fails to file the required certification shall be subject to a civil penalty of not less than $10,000 and not more than $100,000 for each such failure.

Grantee/Contractor Organization

Program/Title

Name and Title of Authorized Signatory Signature *Note:

Date In these instances, “All,” in the Final Rule is expected to be clarified to show that it applies to covered contract/grant transactions over $100,000 (per 29 CFR 93.110).

FD016 (Rev. 07/21/2010) 6/3/2014 5:02 PM

Page 60 of 69 p. 232

Employment Development Department

State of California

RFP # 65251

Bid 65251

DISCLOSURE OF LOBBYING ACTIVITIES

Complete this form to disclose lobbying activities pursuant to 31 U.S.C. 1352 (See reverse for public burden disclosure)

1. Type of Federal Action 2. Status of Federal Action 3. Report Type: a. contract a. bid/offer/application a. initial filing b. grant b. initial award b. material change For Material Change Only: c. cooperative agreement c. post-award d. loan year_____ quarter_____ e. loan guarantee date of last report ______ f. loan insurance 4. Name and Address of Reporting Entity: 5. If Reporting Entity in No. 4 is a Subawardee, Prime Subawardee Enter Name and Address of Prime: Tier ______, if known:

Congressional District, if known: 6. Federal Department/Agency:

Congressional District, if known: 7. Federal Program Name/Description:

CFDA Number, if applicable: 9. Award Amount, if known: $ 10. a. Name and Address of Lobbying Entity b. Individual Performing Services (include address (if individual, last name, first name, MI): if different from No. 10a.) (last name, first name, MI): (attach Continuation Sheet (s) SF-LLL-A, if necessary) 11. Amount of Payment (check all that apply): 13. Type of Payment (check all that apply): $ actual planned a. retainer 12. Form of Payment (check all that apply): b. one-time fee a. cash c. commission b. in-kind; specify: nature d. contingent fee value e. deferred f. other; specify:___________________ 14. Brief Description of Services Performed or to be Performed and date(s) of Service, including officer(s), employee(s) or Member(s) contacted, for Payment Indicated on Item 11: 8. Federal Action Number, if known:

(attach Continuation Sheet (s) SF-LLL-A, if necessary)

15. Continuation Sheet (s) SF-LLL-A attached: 16. Information requested through this form is authorized by Title 31 U.S.C. Section 1352. This disclosure of lobbying activities is a material representation of fact upon which reliance was placed by the tier above when this transaction was made or entered into. This disclosure is required pursuant to 31 U.S.C. 1352. This information will be reported to the Congress semiannually and will be available for public inspection. Any person who fails to file the required disclosure shall be subject to a civil penalty of not less than $10,000 and not more than $100,000 for each such failure.

Yes

No

Signature: Print Name: Title: Telephone No.:

Date:

INSTRUCTIONS FOR COMPLETION OF SF-LLL, DISCLOSURE OF LOBBYING ACTIVITIES Federal Use Only: 6/3/2014 5:02 PM

Page 61 of 69

Authorized for Local Reproduction Standard Form - LLL-A (Rev. 7-97)

p. 233

Employment Development Department

State of California

RFP # 65251

Bid 65251

This disclosure form shall be completed by the reporting entity, whether subawardee or prime Federal recipient, at the initiation or receipt of a covered Federal action, or a material change to a previous filing, pursuant to title 31 U.S.C. Section 1352. The filing of a form is required for each payment or agreement to make payment to any lobbying entity for influencing or attempting to influence an officer or employee of any agency, a Member of Congress, an officer or employee of Congress, or an employee of Congress, or an employee of a Member of Congress in connection with a covered Federal action. Use the SF-LLL-A Continuation Sheet for additional information if the space on the form is inadequate. Complete all items that apply for both the initial filing and material change report. Refer to the implementing guidance published by the Office of Management and Budget for additional information. 1.

Identify the type of covered Federal action for which lobbying activity is and/or has been secured to influence the outcome of a covered Federal action.

2.

Identify the status of the covered Federal action.

3.

Identify the appropriate classification of this report. If this is a follow-up report caused by a material change to the information previously reported, enter the year and quarter in which the change occurred. Enter the date of the last previously submitted report by this reporting entity for this covered Federal action.

4.

Enter the full name, address, city, state, and zip code of the reporting entity. Include Congressional District, if known. Check the appropriate classification of the reporting entity that designates if it is, or expects to be, a prime or subaward recipient. Identify the tier of the subawardee, e.g., the first subawardee of the prime is the 1st tier. Subawards include but are not limited to subcontracts, subgrants and contract awards under grants.

5.

If the organization filing the report in item 4 checks “Subawardee”, then enter the full name, address, city, state, and zip code of the prime Federal recipient. Include Congressional District, if known.

6.

Enter the name of the Federal agency making the award or loan commitment. Include at least one organizational level below agency name, if known. For example, Department of Transportation, United States Coast Guard.

7.

Enter the Federal program name or description for the covered Federal action (item 1). If known, enter the full Catalog of Federal Domestic Assistance (CFDA) number for grants, cooperative agreements, loans and loan commitment.

8.

Enter the most appropriate Federal identifying number available for the Federal action identified in item 1 (e.g., Request for Proposal (RFP) number, Invitation for Bid (IFB) number, grant announcement number, the contract, grant, or loan award number, the application/proposal control number assigned by the Federal agency). Include prefixes, e.g., “RFD-DE-90-001.”

9.

For a covered Federal action where there has been an award or loan commitment by the Federal agency, enter the Federal amount of the award/loan commitment for the prime entity identified in item 4 or 5.

10.

(a) (b)

Enter the full name, address, city, state, and zip code of the lobbying entity engaged by the reporting entity identified in item 4 to influence the covered Federal action. Enter the full names of the individual(s) performing services, and include full address if different from 10 (a). Enter Last Name, First Name, and Middle Initial (MI).

11.

Enter the amount of compensation paid or reasonably expected to be paid by the reporting entity (item 4) to the lobbying entity (item 10). Indicate whether the payment has been made (actual) or will be made (planned). Check all boxes that apply. If this is a material change report, enter the cumulative amount of payment made or planned to be made.

12.

Check the appropriate box(es). Check all boxes that apply. If payment is made through an in-kind contribution, specify the nature and value of the in-kind payment.

13.

Check the appropriate box(es). Check all boxes that apply. If other, specify nature.

14.

Provide a specific and detailed description of the services that the lobbyist has performed, or will be expected to perform, and the date(s) of any services rendered. Include all preparatory and related activity, not just time spent in actual contact with Federal officials. Identify the Federal official(s) or employee(s) contacted or the officer(s), employee(s), or Member(s) of Congress that were contacted.

15.

Check whether or not a SF-LLL-A Continuation Sheet(s) is attached.

16.

The certifying official shall sign and date the form, print his/her name, title, and telephone number.

Federal Use Only: 6/3/2014 5:02 PM

A

Page 62 of 69

Authorized for Local Reproduction Standard Form - LLL-A (Rev. 7-97)

p. 234

Employment Development Department

State of California

RFP # 65251

Bid 65251

Attachment I DARFUR CONTRACTING ACT

Effective January 1, 2009, procurements for Non-Information Technology (Non-IT) goods or services must address the requirements of this Act. The Act is intended to preclude State agencies generally from contracting with SCRUTINIZED companies that do business in the African nation of Sudan (of which the Darfur region is a part), for the reasons described in Public Contract Code section 10475. A SCRUTINIZED company is a company doing specified types of business in Sudan as defined in Public Contract Code section 10476. SCRUTINIZED companies are ineligible to, and cannot, bid on or submit a proposal for a contract with a State agency for Non-IT goods or services (Public Contract Code section 10477(a)). Public Contract Code section 10478 (a) requires a company that currently has (or within the previous three years has had) business activities or other operations outside of the United States to certify that it is not a SCRUTINIZED company in order to submit a bid or proposal to a State agency. A SCRUTINIZED company may still, however, submit a bid or proposal for a contract with a State agency for goods or services if the company first obtains permission from the Department of General Services (DGS) according to the criteria set forth in Public Contract Code section 10477(b). If your company, within the previous three years, had any business activities or other operations outside of the United States, you need to complete the Darfur Contracting Act Certification. This applies regardless of the procurement approach, method, or solicitation format used including, but not limited to: Formal Bids, Informal Bids, Request for Proposals, Invitation for Bids, Non-Competitive Bids, the SB/DVBE Option, and under $5,000 fair and reasonable pricing.

FDO19 (Rev. 7/28/10) Page 63 of 69 6/3/2014 5:02 PM

p. 235

State of California

Employment Development Department

RFP # 65251

Bid 65251

DARFUR CONTRACTING ACT CERTIFICATION

Public Contract Code, Sections 10475 -10481 applies to any company that currently or within the previous three years has had business activities or other operations outside of the United States. For such a company to bid on or submit a proposal for a State of California contract, the company must certify that it is either a) not a scrutinized company; or b) a scrutinized company that has been granted permission by the Department of General Services to submit a proposal. If your company has not, within the previous three years, had any business activities or other operations outside of the United States, you do not need to complete this form. OPTION #1 - CERTIFICATION If your company, within the previous three years, has had business activities or other operations outside of the United States, in order to be eligible to submit a bid or proposal, please insert your company name and Federal ID Number and complete the certification below. I, the official named below, CERTIFY UNDER PENALTY OF PERJURY that a) the prospective proposer/bidder named below is not a scrutinized company per Public Contract Code 10476; and b) I am duly authorized to legally bind the prospective proposer/bidder named below. This certification is made under the laws of the State of California. Company/Vendor Name (Printed)

Federal ID Number

By (Authorized Signature) Printed Name and Title of Person Signing Date Executed

Executed in the County and State of

OPTION #2 – WRITTEN PERMISSION FROM DGS Pursuant to Public Contract Code, Section 10477(b), the Director of the Department of General Services may permit a scrutinized company, on a case-by-case basis, to bid on or submit a proposal for a contract with a state agency for goods or services, if it is in the best interests of the state. If you are a scrutinized company that has obtained written permission from the DGS to submit a bid or proposal, complete the information below. We are a scrutinized company as defined in Public Contract Code, Section 10476, but we have received written permission from the Department of General Services to submit a bid or proposal pursuant to Public Contract Code, Section 10477(b). A copy of the written permission from DGS is included with our bid or proposal. Company/Vendor Name (Printed)

Federal ID Number

Initials of Submitter Printed Name and Title of Person Initialing

FDO19 (Rev. 7/28/10) Page 64 of 69 6/3/2014 5:02 PM

p. 236

State of California

Employment Development Department

State of California—Department of General Services, Procurement Division GSPD–05–105 (REV 08/09)

RFP # 65251

Bid 65251

Solicitation Number_____________________

Attachment J

BIDDER DECLARATION 1.

Prime bidder information (Review attached Bidder Declaration Instructions prior to completion of this form): a. Identify current California certification(s) (MB, SB, NVSA, DVBE): ____________ or None ____ (If “None”, go to Item #2) b. Will subcontractors be used for this contract? Yes ___ No ___ (If yes, indicate the distinct element of work your firm will perform in this contract e.g., list the proposed products produced by your firm, state if your firm owns the transportation vehicles that will deliver the products to the State, identify which solicited services your firm will perform, etc.). Use additional sheets, as necessary. _________________________________________________________________________________________________________________________ _________________________________________________________________________________________________________________________ c. If you are a California certified DVBE:

2.

(1) Are you a broker or agent? Yes ___ No ___ (2) If the contract includes equipment rental, does your company own at least 51% of the equipment provided in this contract (quantity and value)? Yes ___ No ___ N/A ___

If no subcontractors will be used, skip to certification below. Otherwise, list all subcontractors for this contract. (Attach additional pages if necessary):



Subcontractor Name, Contact Person, Phone Number & Fax Number

Subcontractor Address & Email Address

CA Certification (MB, SB, NVSA, DVBE or None)

Work performed or goods provided for this contract

Corresponding % of bid price

Good Standing?

51% Rental?

0%

0%

0%

Certification: By signing the bid response, I certify under penalty of perjury that the information provided is true and correct. Page 65 of 69 6/3/2014 5:02 PM

Page_____ of _____

p. 237

State of California

Employment Development Department

RFP # 65251

State of California—Department of General Services, Procurement Division GSPD–05–105 (REV 08/09) Instructions

Bid 65251

BIDDER DECLARATION Instructions All prime bidders (the firm submitting the bid) must complete the Bidder Declaration.

2. (continued) Column Labels

1.a. Identify all current certifications issued by the State of California. If the prime bidder has no California certification(s), check the line labeled “None” and proceed to Item #2. If the prime bidder possesses one or more of the following certifications, enter the applicable certification(s) on the line: • Microbusiness (MB) • Small Business (SB) • Nonprofit Veteran Service Agency (NVSA) • Disabled Veteran Business Enterprise (DVBE)



Subcontractor Name, Contact Person, Phone Number & Fax Number—List each element for all subcontractors.



Subcontractor Address & Email Address—Enter the address and if available, an Email address.



CA Certification (MB, SB, NVSA, DVBE or None)—If the subcontractor possesses a current State of California certification(s), verify on this website (www.eprocure.pd.dgs.ca.gov).



Work performed or goods provided for this contract—Identify the distinct element of work contained in the contract to be performed or the goods to be provided by each subcontractor. Certified subcontractors must provide a commercially useful function for the contract. (See paragraph 1.b above for code citations regarding the definition of commercially useful function.) If a certified subcontractor is further subcontracting a greater portion of the work or goods provided for the resulting contract than would be expected by normal industry practices, attach a separate sheet of paper explaining the situation.



Corresponding % of bid price—Enter the corresponding percentage of the total bid price for the goods and/or services to be provided by each subcontractor. Do not enter a dollar amount.



Good Standing?—Provide a response for each subcontractor listed. Enter either “Yes” or “No” to indicate that the prime bidder has verified that the subcontractor(s) is in good standing for all of the following:

1.b. Mark either “Yes” or “No” to identify whether subcontractors will be used for the contract. If the response is “No”, proceed to Item #1.c. If “Yes”, enter on the line the distinct element of work contained in the contract to be performed or the goods to be provided by the prime bidder. Do not include goods or services to be provided by subcontractors.

Bidders certified as MB, SB, NVSA, and/or DVBE must provide a commercially useful function as defined in Military and Veterans Code Section 999 for DVBEs and Government Code Section 14837(d)(4)(A) for small/ microbusinesses.



Bids must propose that certified bidders provide a commercially useful function for the resulting contract or the bid will be deemed non-responsive and rejected by the State. For questions regarding the solicitation, contact the procurement official identified in the solicitation.



Note: A subcontractor is any person, firm, corporation, or organization contracting to perform part of the prime’s contract.



1.c. This item is only to be completed by businesses certified by California as a DVBE. (1) Declare whether the prime bidder is a broker or agent by marking either “Yes” or “No”. The Military and Veterans Code Section 999.2 (b) defines “broker” or “agent” as a certified DVBE contractor or subcontractor that does not have title, possession, control, and risk of loss of materials, supplies, services, or equipment provided to an awarding department, unless one or more of the disabled veteran owners has at least 51-percent ownership of the quantity and value of the materials, supplies, services, and of each piece of equipment provided under the contract. (2) If bidding rental equipment, mark either “Yes” or “No” to identify if the prime bidder owns at least 51% of the equipment provided (quantity and value). If not bidding rental equipment, mark “N/A” for “not applicable.” 2. If no subcontractors are proposed, do not complete the table. Read the certification at the bottom of the form and complete “Page ___ of ___” on the form.



• • •

Possesses valid license(s) for any license(s) or permits required by the solicitation or by law If a corporation, the company is qualified to do business in California and designated by the State of California Secretary of State to be in good standing Possesses valid State of California certification(s) if claiming MB, SB, NVSA, and/or DVBE status

51% Rental?—This pertains to the applicability of rental equipment. Based on the following parameters, enter either “N/A” (not applicable),“Yes” or “No” for each subcontractor listed.

Enter “N/A” if the: • Subcontractor is NOT a DVBE (regardless of whether or not rental equipment is provided by the subcontractor) or • Subcontractor is NOT providing rental equipment (regardless of whether or not subcontractor is a DVBE)



Enter “Yes” if the subcontractor is a California certified DVBE providing rental equipment and the subcontractor owns at least 51% of the rental equipment (quantity and value) it will be providing for the contract.



Enter “No” if the subcontractor is a California certified DVBE providing rental equipment but the subcontractor does NOT own at least 51% of the rental equipment (quantity and value) it will be providing.

If subcontractors will be used, complete the table listing all subcontractors. If necessary, attach additional pages and complete the “Page ___ of ___” accordingly.

Read the certification at the bottom of the page and complete the “Page ___ of ___” accordingly. Page 66 of 69 6/3/2014 5:02 PM

p. 238

Employment Development Department

State of California

RFP # 65251

Bid 65251

Attachment K TACPA PREFERENCE The following preference will be granted for this procurement. Proposers wishing to take advantage of this preference will need to review the following webpage and submit the appropriate response with the bid: Target Area Contract Preference Act (TACPA) http://www.documents.dgs.ca.gov/pd/poliproc/tacpapage.pdf Proposers wishing to take advantage of this preference are required to submit the following application/forms: • • •

TACPA (STD830) Bidder’s Summary of Contract Activities and Labor Hours (DGS/PD 525) Manufacturer Summary of Contract Activities and Labor Hours (DGS/PD 526)

Page 67 of 69 6/3/2014 5:02 PM

p. 239

State of California

Employment Development Department

RFP # 65251

Bid 65251

Attachment L IRAN CONTRACTING ACT (Public Contract Code sections 2202-2208) Prior to bidding on, submitting a proposal or executing a contract or renewal for a State of California contract for goods or services of $1,000,000 or more, a vendor must either: a) certify it is not on the current list of persons engaged in investment activities in Iran created by the California Department of General Services (“DGS”) pursuant to Public Contract Code section 2203(b) and is not a financial institution extending twenty million dollars ($20,000,000) or more in credit to another person, for 45 days or more, if that other person will use the credit to provide goods or services in the energy sector in Iran and is identified on the current list of persons engaged in investment activities in Iran created by DGS; or b) demonstrate it has been exempted from the certification requirement for that solicitation or contract pursuant to Public Contract Code section 2203(c) or (d). To comply with this requirement, please insert your vendor or financial institution name and Federal ID Number (if available) and complete one of the options below. Please note: California law establishes penalties for providing false certifications, including civil penalties equal to the greater of $250,000 or twice the amount of the contract for which the false certification was made; contract termination; and three-year ineligibility to bid on contracts. (Public Contract Code section 2205.) OPTION #1 - CERTIFICATION I, the official named below, certify I am duly authorized to execute this certification on behalf of the vendor/financial institution identified below, and the vendor/financial institution identified below is not on the current list of persons engaged in investment activities in Iran created by DGS and is not a financial institution extending twenty million dollars ($20,000,000) or more in credit to another person/vendor, for 45 days or more, if that other person/vendor will use the credit to provide goods or services in the energy sector in Iran and is identified on the current list of persons engaged in investment activities in Iran created by DGS. Vendor Name/Financial Institution (Printed)

Federal ID Number (or n/a)

By (Authorized Signature) Printed Name and Title of Person Signing Date Executed

Executed in

OPTION #2 – EXEMPTION Pursuant to Public Contract Code sections 2203(c) and (d), a public entity may permit a vendor/financial institution engaged in investment activities in Iran, on a case-by-case basis, to be eligible for, or to bid on, submit a proposal for, or enters into or renews, a contract for goods and services. If you have obtained an exemption from the certification requirement under the Iran Contracting Act, please fill out the information below, and attach documentation demonstrating the exemption approval. Vendor Name/Financial Institution (Printed)

Federal ID Number (or n/a)

By (Authorized Signature) Printed Name and Title of Person Signing

Date Executed

Page 68 of 69 6/3/2014 5:02 PM

p. 240

Attachment M State of California STATE OF Employment CALIFORNIA – DEPARTMENT OF GENERAL SERVICES PROCUREMENT DIVISION Development Department

Bid 65251

RFP # 65251

DISABLED VETERAN BUSINESS ENTERPRISE DECLARATIONS STD. 843 (Rev. 5/2006)

Instructions: The disabled veteran (DV) owner(s) and DV manager(s) of the Disabled Veteran Business Enterprise (DVBE) must complete this declaration when a DVBE contractor or subcontractor will provide materials, supplies, services or equipment [Military and Veterans Code Section 999.2]. Violations are misdemeanors and punishable by imprisonment or fine and violators are liable for civil penalties. All signatures are made under penalty of perjury. SECTION 1

Name of certified DVBE:

DVBE Ref. Number:

Description (materials/supplies/services/equipment proposed): Solicitation/Contract Number:

SCPRS Ref. Number:__________________________ (FOR STATE USE ONLY) SECTION 2

APPLIES TO ALL DVBEs. Check only one box in Section 2 and provide original signatures. I (we) declare that the DVBE is not a broker or agent, as defined in Military and Veterans Code Section 999.2 (b), of materials, supplies, services or equipment listed above. Also, complete Section 3 below if renting equipment. Pursuant to Military and Veterans Code Section 999.2 (f), I (we) declare that the DVBE is a broker or agent for the principal(s) listed below or on an attached sheet(s). (Pursuant to Military and Veterans Code 999.2 (e), State funds expended for equipment rented from equipment brokers pursuant to contracts awarded under this section shall not be credited toward the 3-percent DVBE participation goal.) All DV owners and managers of the DVBE (attach additional pages with sufficient signature blocks for each person to sign):

(Printed Name of DV Owner/Manager)

(Signature of DV Owner/ Manager)

(Date Signed)

(Printed Name of DV Owner/Manager)

(Signature of DV Owner/Manager)

(Date Signed)

Firm/Principal for whom the DVBE is acting as a broker or agent: (If more than one firm, list on extra sheets.)

Firm/Principal Phone:

(Print or Type Name)

Address: SECTION 3

APPLIES TO ALL DVBEs THAT RENT EQUIPMENT AND DECLARE THE DVBE IS NOT A BROKER. Pursuant to Military and Veterans Code Section 999.2 (c), (d) and (g), I am (we are) the DV(s) with at least 51% ownership of the DVBE, or a DV manager(s) of the DVBE. The DVBE maintains certification requirements in accordance with Military and Veterans Code Section 999 et. seq. The undersigned owner(s) own(s) at least 51% of the quantity and value of each piece of equipment that will be rented for use in the contract identified above. I (we), the DV owners of the equipment, have submitted to the administering agency my (our) personal federal tax return(s) at time of certification and annually thereafter as defined in Military and Veterans Code 999.2, subsections (c) and (g). Failure by the disabled veteran equipment owner(s) to submit their personal federal tax return(s) to the administering agency as defined in Military and Veterans Code 999.2, subsections (c) and (g), will result in the DVBE being deemed an equipment broker. Disabled Veteran Owner(s) of the DVBE (attach additional pages with signature blocks for each person to sign): (Printed Name)

(Signature)

(Address of Owner)

(Telephone)

(Date Signed)

(Tax Identification Number of Owner)

Disabled Veteran Manager(s) of the DVBE (attach additional pages with sufficient signature blocks for each person to sign): (Printed Name of DV Manager)

(Signature of DV Manager)

(Date Signed)

Page 6/3/2014 5:02 PM

PRINT

CLEAR

of

Page 69 of 69 p. 241

State of California

Question and Answers for Bid #65251 - Pondera Fraud Detection as a Service

Bid 65251

5

OVERALL BID QUESTIONS There are no questions associated with this bid.   If you would like to submit a question,  please click on the "Create New Question" button below.

6 6/3/2014 5:02 PM

p. 242