HomeMy WebLinkAboutRFP - 9973 Data Sharing and Consent ManagementRFP 9973 DATA SHARING AND CONSENT MANAGEMENT Page 1 of 41
REQUEST FOR PROPOSAL
RFP 9973 DATA SHARING AND CONSENT MANAGEMENT
RFP DUE: 3:00 PM MT (Mountain Time), May 22, 2024
The City of Fort Collins is requesting proposals from qualified Service Providers to provide
services supporting secure customer data sharing, including: customer verification, consent
management, editable data aggregation, automatic and recurring uploads to shared
Environmental Protection Agency (EPA) ENERGY STAR® Portfolio Manager® (ESPM) accounts,
and standardized, certified Green Button Connect automated data shares to approved third-
parties.
As part of the City’s commitment to sustainability, proposals must be submitted online through
the Rocky Mountain E-Purchasing System (RMEPS) at http://www.bidnetdirect.com/colorado/city-
of-fort-collins. Note: please ensure adequate time to submit proposals through RMEPS. Proposals
not submitted by the designated Opening Date and Time will not be accepted by RMEPS.
All questions should be submitted, in writing via email, to Dennis Ralph, Senior Buyer at
dralph@fcgov.com, with a copy to Katherine Bailey, Project Manager, at
kbailey@fcgov.com, no later than 3:00 PM MT on May 1, 2024. Please format your e-mail to
include: RFP 9973 DATA SHARING AND CONSENT MANAGEMENT in the subject line.
Questions received after this deadline may not be answered. Responses to all questions
submitted before the deadline will be addressed in an addendum and posted on the Rocky
Mountain E-Purchasing System webpage.
Rocky Mountain E-Purchasing System hosted by BidNet
A copy of the RFP may be obtained at http://www.bidnetdirect.com/colorado/city-of-fort-collins.
This RFP has been posted utilizing the following Commodity Code(s):
20832 Customer Relationship Management Software (CRM)
20880 Software, Microcomputer (Not Otherwise Classified)
20890 Utilities: Back-up, Batch File, Firewall, Menus, Operating System, Network
Operating System, Network Management, Recovery, Screen, Security, Virus
Protection, etc.
91829 Computer Software Consulting
91897 Utilities: Gas, Water, Electric Consulting
Prohibition of Unlawful Discrimination: The City of Fort Collins, in accordance with the
provisions of Title VI of the Civil Rights Act of 1964 (78 Stat. 252, 42 US.C. §§ 2000d to 2000d-
4) and the Regulations, hereby notifies all bidders that it will affirmatively ensure that any contract
entered into pursuant to this advertisement, disadvantaged business enterprises will be afforded
full and fair opportunity to submit bids in response to this invitation and will not be discriminated
against on the grounds of race, color, or national origin in consideration for an award.
The City strictly prohibits unlawful discrimination based on an individual’s gender (regardless of
gender identity or gender expression), race, color, religion, creed, national origin, ancestry, age
40 years or older, marital status, disability, sexual orientation, genetic information, or other
Financial Services
Purchasing Division
215 N. Mason St. 2nd Floor
PO Box 580
Fort Collins, CO 80522
970.221.6775
970.221.6707
fcgov.com/purchasing
RFP 9973 DATA SHARING AND CONSENT MANAGEMENT Page 2 of 41
characteristics protected by law. For the purpose of this policy “sexual orientation” means a
person’s actual or perceived orientation toward heterosexuality, homosexuality, and bisexuality.
The City also strictly prohibits unlawful harassment in the workplace, including sexual
harassment. Further, the City strictly prohibits unlawful retaliation against a person who engages
in protected activity. Protected activity includes an employee complaining that he or she has been
discriminated against in violation of the above policy or participating in an employment
discrimination proceeding.
The City requires its Service Providers to comply with the City’s policy for equal employment
opportunity and to prohibit unlawful discrimination, harassment and retaliation. This requirement
applies to all third-party Service Providers and their subcontractors/subconsultants at every tier.
Public Viewing Copy: The City is a governmental entity subject to the Colorado Open Records
Act, C.R.S. §§ 24-72-200.1 et seq. (“CORA”). Any proposals submitted hereunder are subject to
public disclosure by the City pursuant to CORA and City ordinances. Professionals may submit
one (1) additional complete proposal clearly marked “FOR PUBLIC VIEWING.” In this version of
the proposal, Professionals may redact text and/or data that it deems confidential or proprietary
pursuant to CORA. All pricing will be considered public records subject to disclosure under CORA
and as such pricing cannot be redacted from the “FOR PUBLIC VIEWING” version of the
proposal. Failure to provide a public viewing copy will be considered a waiver of any claim of
confidentiality under CORA without regard to how the applicant’s proposal or certain pages of the
proposal are marked confidential, proprietary, or similar. Such statement does not necessarily
exempt such documentation from public disclosure if required by CORA, by order of a court of
appropriate jurisdiction, or other applicable law. Generally, under CORA, trade secrets,
confidential commercial information and financial data information may not be disclosed by the
City. Proposals may not be marked “Confidential” or ‘Proprietary’ in their entirety. By responding
to this RFP, Professionals hereby waives any and all claims for damages against the City for the
City’s good faith compliance with CORA. All provisions and pricing of any contract resulting
from this request for proposal will be public information.
Service Providers Registration: The City requires new Service Providers receiving awards from
the City to submit IRS form W-9 and requires all Service Providers to accept Direct Deposit
(Electronic) payment. If needed, the W-9 form and the Vendor Direct Deposit Authorization Form
can be found on the City’s Purchasing website at www.fcgov.com/purchasing under Vendor
Reference Documents. Please do not submit these documents with your proposal, however,
if you take exception to participating in Direct Deposit (Electronic) payments please clearly note
such in your proposal as an exception. The City may waive the requirement to participate in
Direct Deposit (Electronic) payments at its sole discretion.
Sales Prohibited/Conflict of Interest: No officer, employee, or member of City Council, shall
have a financial interest in the sale to the City of any real or personal property, equipment,
material, supplies or services where such officer or employee exercises directly or indirectly any
decision-making authority concerning such sale or any supervisory authority over the services to
be rendered. This rule also applies to subcontracts with the City. Soliciting or accepting any gift,
gratuity favor, entertainment, kickback or any items of monetary value from any person who has
or is seeking to do business with the City of Fort Collins is prohibited.
Collusive or Sham Proposals: Any proposal deemed to be collusive or a sham proposal will be
rejected and reported to authorities as such. Your authorized signature of this proposal assures
that such proposal is genuine and is not a collusive or sham proposal.
RFP 9973 DATA SHARING AND CONSENT MANAGEMENT Page 3 of 41
The City of Fort Collins reserves the right to reject any and all proposals and to waive any
irregularities or informalities.
Utilization of Award by Other Agencies: The City of Fort Collins reserves the right to allow
other state and local governmental agencies, political subdivisions, and/or school districts to
utilize the resulting award under all terms and conditions specified and upon agreement by all
parties. Usage by any other entity shall not have a negative impact on the City of Fort Collins in
the current term or in any future terms.
The selected Service Provider shall be required to sign the City’s Agreement prior to commencing
services (see sample attached to this document).
Sincerely,
Gerry Paul
Purchasing Director
RFP 9973 DATA SHARING AND CONSENT MANAGEMENT Page 4 of 41
I. BACKGROUND & OBJECTIVE / OVERVIEW
A. Objective
The City of Fort Collins is requesting proposals from qualified Service Providers to provide
services supporting secure customer data sharing, including: customer verification,
consent management, editable data aggregation, automatic and recurring uploads to
shared Environmental Protection Agency (EPA) ENERGY STAR® Portfolio Manager®
(ESPM) accounts, and standardized, certified Green Button Connect automated data
shares to approved third-parties.
B. Background
Fort Collins Benchmarking Program: In 2018, the City adopted § 12-203 of the
Municipal Code requiring commercial and multifamily buildings 5,000ft2 and larger to
benchmark building energy usage through ENERGY STAR Portfolio Manager (ESPM).
This policy requires whole building aggregate electric usage to be entered into each
covered building’s ESPM account. Covered buildings are identified by unique Building
IDs.
Colorado Open Records Act (CORA): The Colorado Open Records Act (CORA)
requires that most public records be available to the public. For the purposes of sharing
Utility data, Utility account holder consent is required in the event of fewer than 4 meters
shared in aggregate.
MyData Portal: In 2019 the City began partnering with an external firm to create the
MyData portal at fcgov.com/mydata to support requirements in City Code and CORA. The
portal allows the Utility customer to control access to their data for secondary purposes
(i.e. to authorize access to multiple third parties, limit the duration of that access, maintain
a record of data releases, and rescind authorization). Through this portal, customers can
securely share data with external parties and request data to be shared with ESPM for a
limited duration or in perpetuity. Customers may use the tool to provide consent when
required by CORA. Utilities admins have the ability to approve external parties and data
shares, including editing aggregations.
Solar contractors utilize the MyData portal as registered Third Parties to access electric
usage history records for single customer accounts and also multiple accounts related to
a single building, parcel or campus. Because needs vary from one solar company to
another, data has been provided to them in multiple formats: Green Button XML, 15-
minute interval data file, and monthly On-Peak and Off-Peak period summaries. Any solar
contractor licensed for business in Fort Collins can be listed in MyData. Some contractors
are active in the Participating Solar Contractor Network and receive distinction in their
MyData directory listing.
Green Button Connect: Through the MyData portal, local contractors may request utility
data from individual customers for their efficiency, solar, or other distributed energy
projects. To assure secure data transfer, Green Button Connect is incorporated in the
MyData portal. Customers control the data access and Utilities admin approve contractors
that have access to the Green Button Connect data request service.
Existing Policies: Policies in Colorado such as the State adopted Building Performance
Standards (BPS) and a similar Performance Standard policy under consideration locally
RFP 9973 DATA SHARING AND CONSENT MANAGEMENT Page 5 of 41
will require buildings to meet performance targets by specific deadlines, improving
efficiency per local goals while providing health and safety benefits and reducing energy
burden across the community. Compliance with BPS rules requires accurate data
uploaded to ESPM accounts and may include data verification requirements. In support
of these policies, along with the existing Benchmarking ordinance, reliable and accurate
data sharing is critical.
State Policy: The State of Colorado BPS ordinance requires buildings 50,000ft2 and
larger to report energy use in ESPM and comply with efficiency targets per HB21-1286.
Approximately 200 buildings in Fort Collins are covered by the State’s BPS ordinance.
Local Policy Development: Fort Collins recognizes that policies impacting our local
buildings have impacts far beyond that building’s walls, and in 2023 partnered with
stakeholders from the local community to develop detailed BPS policy recommendations
designed to meet local climate goals, bring down energy costs, create job opportunities,
and improve equity and resilience. In 2024 the City will seek Council approval to adopt
local Building Performance Standards, which will assign efficiency targets. A building’s'
compliance status will be quantified through reporting accurate data in ESPM accounts.
II. SCOPE OF PROPOSAL
A. Scope of Work
Goals and Objectives:
The City of Fort Collins Utilities has offered the MyData portal to customers since 2020,
offering secure data sharing to third parties as well as consent management. As required
by the City’s Purchasing Policy, which limits multi-year agreements to five (5) years, the
City is initiating this RFP. The intent of this RFP is to evaluate and assess the current
capabilities of data management Service Providers and their platforms. While the
existing MyData Service Provider is eligible to participate in this RFP, the City will
consider other similar solutions that meet the following objectives:
• Provide secure and reliable data transfer to third parties, including contractors
and ESPM accounts.
• Provide meter recommendations for whole building data requests.
• Provide editable data aggregation as applicable for whole building data transfers.
• Provide customer consent management aligning with CORA requirements.
• Provide customers a user-friendly way to manage new and existing data
transfers.
• Provide Utility admin a tool to edit existing data requests and authorizations.
• Provide basic communication abilities to address customer questions associated
with the solution.
Expectations:
1. Develop internal and external facing support/portal to facilitate data transfer to third
parties.
a. Service Provider will work with City staff to inform decisions around portal
RFP 9973 DATA SHARING AND CONSENT MANAGEMENT Page 6 of 41
functionality.
2. Provide consent management feature aligning with CORA requirements.
a. Solution should require consent when applicable and provide a means for data
requestor to provide consent and to send request to account holder(s) in the
event that the requestor is not the account holder.
3. Provide secure connection to ESPM
a. This may include instructions for data requestors.
4. Provide Green Button Connect secure data transfers to approved third parties.
a. Provide a method for City staff to approve third parties.
b. Provide a method for account holders to approve data transfers.
5. Service Provider shall identify with City staff major milestones and priorities to provide
final recommendations.
6. Service Provider shall establish a feedback loop with City staff to review progress and
will develop defined recommendations for City staff review.
B. Deliverables/Milestones
The Service Provider’s role may be refined throughout the course of 2024. Projected
deliverables are likely to include:
Deliverables
1. Data Transfers
a) Applicable APIs (data connections to the Utility, ESPM, and any mutually-agreed-
upon third party contractors) must be available for internal sandbox testing by the
Utility
b) Transfer existing ongoing data shares to the new solution to minimize customer
impact
c) Include existing registered users, consent status, other
d) Provide tools for Utilities admin to verify data accuracy and a timely means of
rectifying any inaccuracies or errors
e) Provide both public-facing pages, including customer support, and an admin
interface for Utilities to manage and review authorizations and obtain reporting on
the usage of the system
1A. Benchmarking
a) Identify and format data (including suggesting meters associated with data
requests preferably mapped by unique Building ID)
b) Provide a connection and authentication system for ESPM
c) Provide a complete application-programming interface (API) that integrates with
the Engagement Platform to facilitate data exchange with ESPM.
a. The automation developed will lead the customer through the process of
connecting to the Utilities ESPM account, verify the customer's identity
RFP 9973 DATA SHARING AND CONSENT MANAGEMENT Page 7 of 41
through the use of a One-Time Passcode, provide a list of meters for the
customer, and confirm the meter list.
b. Utilities Staff will have access to the administrative dashboard and will be
able to release the data via the ESPM account to the requesting third-
party via the engagement platform. Capabilities provided by engagement
platform should include two key functions: 1. Import customer utilities data
into ESPM on a recurring monthly basis 2. Export metrics out of ESPM
once per year from Utilities master account.
d) Provide customer consent management tools for building owners/representatives
to easily provide consent or request consent from Utility account holder(s) per
CORA requirements.
1B. Contractor support
a. Provide a standardized, certified Green Button Connect that will allow Utilities to
provide fully automated Green Button XML, 15-minute interval data file, and
monthly On-Peak and Off-Peak period summary energy usage data to third
parties requesting data for their energy efficiency, solar and other distributed
energy resources projects.
b. Third Party company vs. user-specific profile management
a. All users follow a set of criteria that apply to the company.
b. Company has a primary administrator account for managing users.
c. No auto-registrations permitted, and no ‘bots’ permitted.
d. Users within the company can access the data in the platform, subject to
approval by the company administrator.
e. Users have unique logins.
f. Only 1 profile will be allowed per company and will be displayed in the
public-facing directory.
c. Directory profile
a. Distinguishes third party service providers (such as solar contractors)
from Benchmarking data requests.
b. Allow user to filter view of directory by type of service provider.
c. Company enrollment in directory: Holistic simple profile process that
includes logo upload, scope, and description as required fields.
d. Email content to customer
a. Initial share request notification from platform to customer identifies
whether contractor is active in Participating Solar Contractor Network,
including information on incentive eligibility.
b. Provides link to City website for details of solar and battery incentives.
RFP 9973 DATA SHARING AND CONSENT MANAGEMENT Page 8 of 41
2. External facing support
a) Allow the customer (contractors or building owners/representatives) to manage
authorizations and control access to his or her data for secondary purposes (i.e., to
authorize differential access to multiple third parties, limit the duration of access,
keep a record of data releases, edit authorizations, revoke authorization)
b) Allow customers to download their own data.
c) Allow customers to authorize the data request through a user-friendly online
authorization form.
d) Verifies the identity of the customer and validates their status against data from their
Utilities account.
e) Provides user support by phone and/or online to aid customers in the use of the
solution when needed.
3. Internal facing support
a. Allow for aggregation of data shares to be editable by Utilities staff.
a. Allow Utilities staff to override consent requirements.
b. Maintain a record of the data released in a searchable, sortable, filterable, and
accessible repository for every authorization granted.
a. Allow admin verification of status of requests.
c. Reporting capabilities to include but not be limited to:
a. metadata of requests by third parties,
i. customer consent given,
ii. datasets transferred,
iii. any additional direction given by the customer of record granting
access,
iv. timestamps for such metadata,
v. expiration of permissions.
b. Summary of all third parties showing count of data access over timeframe
such as annual, monthly, or user-defined
i. Ability to distinguish subtotals for third parties that are:
1. Solar providers
2. Solar providers active in the Participating Solar Contractor
Network
c. Data errors and escalations/ support tickets
i. Submitted by Utilities administrators.
ii. Submitted by data requestors/ customers.
d. Ability to sort and filter all 3rd parties registered, and to retire / archive or delete
inactive records of service providers or individual users within those organizations.
e. Ability to change the presentation order on public-facing site, with preference for
randomization & contractors active in the Participating Solar Contractor Network.
RFP 9973 DATA SHARING AND CONSENT MANAGEMENT Page 9 of 41
f. Ability to hold third party applications for the Directory in an inactive state before
publishing them to the live production environment.
Proposal Specifics
The City encourages respondents to propose alternative approaches and/or other
considerations for services required for achieving its objectives. These approaches will be
considered by the City
The proposal should include a description of the services you are offering, references or
examples from other relevant work, desired outcomes and projected costs associated with
specific tasks. The City has worked with Service Providers in both an on-call general services
agreement or on a T&M not to exceed basis for this work in the past.
Specific Responses for Evaluation should include:
Indicator Target
Secure data Transfer Experience Description of qualifications related to data
transfer work
Consent Management Expertise Description of qualifications related to consent
management work
Examples of past deliverables Related to the scope, include references as
applicable
Cost and availability to complete project in
2024
Not to Exceed cost
Project availability
The City currently provides a standardized template for ingestion of customer data exported
from its Customer Information System (CIS) and has a preference to continue to use this
standardized extract but is open to working with the selected Service Provider on a different
approach.
Optional desired capabilities
• Customer communications/updates regarding the status of their requests
• The City is open to learning about additional functionalities associated with proposed
solutions.
C. Minimum Qualifications
• Demonstrated success securely transferring aggregated building level data to Energy Star
Portfolio Manager accounts.
• Demonstrated success managing consent requirements for utility data transfer per CORA
(or other comparable privacy laws)
RFP 9973 DATA SHARING AND CONSENT MANAGEMENT Page 10 of 41
• Demonstrated success with Green Button connect data transfers to third parties.
• Demonstrated success creating internal and external facing portals to support data
sharing.
• The top awarded Service Provider will be required to complete the City’s Software as a
Service (SaaS) questionnaire and demonstrate how that meets the City’s requirement.
The SaaS questionnaire is included in ATTACHMENT A for reference.
D. Anticipated Schedule
The following represents the City’s target schedule for the RFP. The City reserves the
right to amend the target schedule at any time.
• RFP issuance: April 17, 2024
• Question deadline: 3:00 PM MT on May 1, 2024
• Final Addendum Issued: May 9, 2024
• Proposal due date: 3:00 PM MT on May 22, 2024
• Interviews (tentative): Week of June 10, 2024
• Award of Contract (tentative): Week of July 1 2024
E. Interviews
In addition to submitting a written proposal, the top-rated Service Providers may be
interviewed by the RFP assessment team and asked to participate in an oral presentation
to provide an overview of the company, approach to the project and to address questions.
The evaluation criteria for the oral interviews will be the same as the criteria for the written
evaluations and is included in Section IV.
F. Subcontractors/Subconsultants
Service Provider will be responsible for identifying any subcontractors and/or
subconsultants in their proposal. Please note that the City will contract solely with the
awarded Service Provider; therefore, subcontractors and/or subconsultants will be the
responsibility of the Service Provider.
G. Financial Qualifications (CONFIDENTIAL)
Service Providers selected as finalists may be required to submit a banking reference and
the most recent financial statement (audited preferred) including balance sheet and
income statement, as well as a statement of cash flows (the “Financial Information”).
H. Current standards
All work and/or materials must meet current standards in force by recognized technical
and professional societies, trade and materials supply associations, institutes and
organizations, bureaus, and testing laboratories, and national, federal, state, county, and
local laws, codes and ordinances.
I. Fees, Licenses, Permits
RFP 9973 DATA SHARING AND CONSENT MANAGEMENT Page 11 of 41
The successful Service Provider shall be responsible for obtaining any necessary
licenses, fees or permits without additional expense to the City. All vehicles and equipment
shall be properly licensed and insured, carry the appropriate permits and be placarded as
required by law.
J. Laws and Regulations
The Service Provider agrees to comply fully with all applicable local, State of Colorado
and Federal laws and regulations and municipal ordinances to include American
Disabilities Act (ADA).
K. Technology Accessibility.
The proposed solution shall comply with all applicable provisions of §§24-85-101, et
seq., C.R.S., and the Accessibility Standards for Individuals with a Disability, as
established by the State of Colorado Governor’s Office of Information Technology (OIT)
pursuant to §24-85-103 (2.5), C.R.S., including all updates and amendments to those
standards as provided by the OIT. The proposed solution shall also comply with all State
of Colorado technology standards related to technology accessibility and with Level AA
of the most current version of the Web Content Accessibility Guidelines (WCAG),
incorporated in the State of Colorado technology standards.
L. Work Orders
The awarded Service Provider will be required to sign the City’s Work Order Type
Agreement, a sample of which is attached as Section VI for reference purposes.
Individual Work assignments will be requested and agreed to utilizing the City’s Work
Order (included in the Agreement). Each Work Order must include a start and completion
date, total cost and a Scope of Work. Subsequent supporting documentation pages may
include a project schedule, deliverables, hours, cost detail supporting total cost, and
personnel details. Fees outlined in the Work Order will conform with those stated in the
Agreement.
No Work Order over $7,500 will be considered valid until signed, at a minimum, by the
Service Provider, project manager and Purchasing Department representative.
Depending on the cost and nature of the Work, additional signature authorization may be
required. Any changes to the dates, cost or scope of any Work Order must be agreed
upon in writing utilizing the City’s Change Order (included in the Agreement) and will not
be considered valid until signed, at a minimum, by the Service Provider, project manager
and Purchasing Department representative.
M. Invoicing and Payment
Invoices should be emailed monthly to invoices@fcgov.com with a copy to the Project
Manager. The cost of the work completed shall be paid to the Service Provider each month
following the submittal of a correct invoice by the Service Provider indicating the project
name, Purchase Order number, task description, hours worked, personnel/work type
category, hourly rate for each employee/work type category, date of the work performed
specific to the task, percentage of that work that has been completed by task, 3rd party
supporting documentation with the same detail and a brief progress report.
Payments will be made using the prices stated in the Work Order and Agreement. In the
event a service is requested which is not stated in the Work Order and/or Agreement, the
RFP 9973 DATA SHARING AND CONSENT MANAGEMENT Page 12 of 41
Service Provider and the City will negotiate an appropriate unit price for the service prior
to the Service Provider initiating such work.
The City pays invoices on Net 30 terms.
III. PROPOSAL SUBMITTAL
Please limit the total length of your proposal to a maximum of fifty (50) 8 ½ x 11” pages
(excluding cover pages, table of contents, dividers and Acknowledgement form). Font shall
be a minimum of 10 Arial and margins are limited to no less than .5” for sides and top/bottom.
Extended page sizes, such as 11” x 17”, count as a single page and may be used for detailed
pricing. Links to other files or websites shall not be permitted. Proposals that do not conform
to these requirements may be rejected.
Service Providers are required to provide detailed written responses to the following items in
the order outlined below. The responses shall be considered technical offers of what Service
Providers propose to provide and shall be incorporated in the contract award as deemed
appropriate by the City. A proposal that does not include all the information required may be
deemed non-responsive and subject to rejection.
Responses must include all the items in the order listed below. It is suggested that the Service
Providers include each of the City’s questions with their response.
The City of Fort Collins shall not reimburse any firm for costs incurred in the preparation and
presentation of their proposal.
A. Cover Letter / Executive Summary
The Executive Summary should highlight the content of the proposal and features of the
program offered, including a general description of the program and any unique aspects
or benefits provided by your firm.
Indicate your availability to participate in the interviews/demonstrations on the proposed
dates as stated in the Schedule section.
B. Service Provider Information
1. Describe the Service Provider’s business and background
2. Number of years in the business
3. Details about ownership
4. An overview of services offered and qualifications
5. Size of the firm
6. Location(s) of offices. If multiple, please identify which will be the primary for our
account.
7. Primary contact information for the company including contact name(s) and title(s),
mailing address(s), phone number(s), and email address(s).
C. Scope of Proposal
1. Provide a proposed schedule for project implementation and completion by December
31,2024.
RFP 9973 DATA SHARING AND CONSENT MANAGEMENT Page 13 of 41
2. Provide a detailed narrative of the services proposed if awarded the contract per the
scope above. The narrative should include any options that may be beneficial for the
City to consider.
3. Describe how the project would be managed and who would have primary
responsibility for its timely and professional completion.
4. Briefly describe the approach to execute the scope of work to include the methods and
assumptions used, and any exceptions and/or risks.
5. Describe the methods and timeline of communication your firm will use with the City’s
Project Manager and other parties.
6. Include a description of the software and other analysis tools to be used.
7. Identify what portion of work, if any, may be subcontracted or outsourced to
subconsultants. Include all applicable information herein requested for each Service
Provider.
8. Are other qualified personnel available to assist in meeting the project schedule if
required?
D. Firm Capability and Assigned Personnel
Provide relevant information regarding previous experience related to this or similar
projects, to include the following:
1. Provide an Organization Chart/Proposed Project Team: An organization chart
containing the names of all key personnel and subconsultants with titles and their
specific task assignment for this Agreement shall be provided in this section.
2. Provide resumes for each professional and technical person to be assigned to the
project, including partners, subconsultants, and subcontractors. Please limit resumes
to one page.
3. A list of qualifications for your firm and qualifications and experience of the specific
staff members proposed to perform the services described above.
4. References. Provide a minimum of three similar projects with public agencies in the
last 5 years that have involved the staff and subcontractors/subconsultants proposed
to work on this project. Include the owner’s name, title of project, beginning price,
ending price, contact name, email and phone number, subconsultants on the team
and a brief description of the work and any change orders. The Service Provider
authorizes the City to verify any and all information contained herein and hereby
releases all those concerned providing information as a reference from any liability in
connection with any information provided.
5. Provide any information that distinguishes Service Provider from its competition and
any additional information applicable to this RFP that might be valuable in assessing
Service Provider’s proposal.
E. Sustainability/TBL Methodology
In concise terms (no more than two pages), please describe your organization’s
commitment to sustainability and supporting values.
Each element of the TBL sustainability criteria will receive equal consideration in
determining the final Sustainability/TBL score.
RFP 9973 DATA SHARING AND CONSENT MANAGEMENT Page 14 of 41
1. Address how your firm strives to incorporate all three aspects (social,
environmental, and economic) of Triple Bottom Line (TBL) sustainable practices
into the workplace. Provide examples along with any metrics used to measure
success within your firm.
2. Also provide examples of how your firm has incorporated all three aspects of TBL
sustainable practices in previous similar projects on which your firm has been the
prime Service Provider.
Some examples are provided below:
a. Environmental – Experience delivering projects / programs focused
on environmental health priorities in the areas of climate resiliency,
water quality and watershed protection, regulatory performance,
management systems, air quality, renewable energy, sustainable
building and design, construction materials management, and solid
waste reduction.
b. Economic – Experience working and delivering projects with an
emphasis on strategic financial planning, job creation, business
development, asset management, various project delivery methods,
value engineering, regional partnerships, transparency, stakeholder
engagement, strategic investments, aging infrastructure,
repurposing of existing facilities, and competing financial priorities.
c. Social - Experience working and delivering projects, programs,
and/or initiatives that support Equity, Diversity, and Inclusion
throughout your firm’s workplace, including leadership, and supply
chain. Examples of this may be demonstration of working within
cultural and language gaps, development of diversity programs,
diverse project teams, equitable opportunity vendor supply chain,
and how your firm has applied an equity lens to processes such as
recruitment, hiring, purchasing, career pathways, salaries, and staff
engagement.
F. Cost and Work Hours
In your response to this proposal, please provide the following:
1. Service Providers should propose hourly rates for services including a breakdown of
various tasks where applicable.
2. Estimated Hours by Task: Provide estimated hours for each proposed task by job title
and employee name, including the time required for meetings, conference calls, etc.
3. Cost by Task: Provide the cost of each task identified in the Scope of Proposal section.
Provide a total not to exceed cost for the Scope of Proposal. Price all additional
services/deliverables separately.
4. Schedule of Rates: Provide a schedule of billing rates by category of employee and
job title to be used during the term of the Agreement. This fee schedule will be firm for
at least one (1) year from the date of the Agreement. The fee schedule will be used as
a basis for determining fees should additional services be necessary. A fee schedule
for subconsultants/subcontractors, if used, shall be included.
5. All direct costs (i.e., travel, printing, postage, etc.) specifically attributed to the project
and not included in the billing rates must be identified. Reasonable expenses may be
RFP 9973 DATA SHARING AND CONSENT MANAGEMENT Page 15 of 41
reimbursable as per the current rates found at www.gsa.gov. Service
Provider/Consultant will be required to provide original receipts to the City for all travel
expenses.
6. Include any applicable recurring annual costs for support & maintenance for 5 years.
7. If a retainer or other compensation structure would be required to accomplish the
Scope of Work and Objectives, please also make note of the preferred structure and
fees.
G. Sample Agreement
Included with this request for proposals is a sample Agreement that the City intends to
use for obtaining the services of the Service Provider. The Service Provider is required to
review this Agreement and indicate any objections to the terms of the contract. If revisions
to the contractual terms are requested, provide suggested revisions.
H. Acknowledgement
The Acknowledgement form is attached as Section V. Complete the attached form
indicating the Service Provider hereby acknowledges receipt of the City of Fort Collins
Request for Proposal and acknowledges that the Service Provider has read and agrees
to be fully bound by all of the terms, conditions and other provisions set forth in the RFP.
RFP 9973 DATA SHARING AND CONSENT MANAGEMENT Page 16 of 41
IV. REVIEW AND ASSESSMENT CRITERIA
A. Proposal and Interview Criteria
Service Providers will be evaluated on the following criteria. This set of criteria will be the
basis for review and assessment of the written proposals and optional interview session.
At the discretion of the City, interviews of the top-rated Service Providers may be
conducted.
The rating scale shall be from 1 to 10, a rating of 1 doesn’t meet minimum requirements,
a rating of 5 means the category fulfills the minimum requirements, and 10 exceeds
minimum requirements in that category.
WEIGHTING
FACTOR CATEGORY STANDARD QUESTIONS
3.0 Scope of Proposal
Does the proposal address all elements of the
RFP? Does the proposal show an
understanding of the project objectives,
methodology to be used and results/outcomes
required by the project? Are there any
exceptions to the specifications, Scope of Work,
or agreement? Can the work be completed in
the necessary time? Can the target start and
completion dates be met? Are other qualified
personnel available to assist in meeting the
project schedule if required?
3.0 Firm Capability &
Assigned Personnel
Does the firm have the resources, financial
strength, capacity and support capabilities
required to successfully complete the project on-
time and in-budget? Has the firm successfully
demonstrated and completed previous projects
of this type and scope? Do the persons who will
be working on the project have the necessary
skills and qualifications? Are sufficient people of
the requisite skills and qualifications assigned to
the project?
1.0 Sustainability/TBL
Methodology
Does the firm demonstrate a commitment to
Sustainability and incorporate Triple Bottom Line
methodology in both their Scope of Work for the
project, and their day-to-day business operating
processes and procedures?
Does the firm demonstrate a commitment to all
three aspects (social, environmental, and
economic) of the Triple Bottom Line (TBL)
methodology of sustainability for this project and
in their company value system as evidenced by
their day-to-day business operating processes,
practices and procedures?
RFP 9973 DATA SHARING AND CONSENT MANAGEMENT Page 17 of 41
3.0 Cost & Work Hours
Does the proposal included detailed cost break-
down for each cost element as applicable and
are the line-item costs competitive? Do the
proposed cost and work hours compare
favorably with the Project Manager's estimate?
Are the work hours presented reasonable for the
effort required by each project task or phase?
RFP 9973 DATA SHARING AND CONSENT MANAGEMENT Page 18 of 41
V. ACKNOWLEDGEMENT
Service Provider hereby acknowledges receipt of the City of Fort Collins Request for Proposal
and acknowledges that it has read and agrees to be fully bound by all of the terms, conditions
and other provisions set forth in the RFP 9973 DATA SHARING AND CONSENT
MANAGEMENT and sample Agreement except as otherwise noted. Additionally, Service
Provider hereby makes the following representations to City:
a. All of the statements and representations made in this proposal are true to the best of the
Service Provider’s knowledge and belief.
b. Service Provider commits that it is able to meet the terms provided in this proposal.
c. This proposal is a firm and binding offer, for a period of 90 days from the date hereof.
d. Service Provider further agrees that the method of award is acceptable.
e. Service Provider also agrees to complete the proposed Agreement with the City of Fort
Collins within 10 days of notice of award. If contract is not completed and signed within
10 days, City reserves the right to cancel and award to the next highest rated firm.
f. Service Provider acknowledges receipt of addenda.
g. Service Provider acknowledges no conflict of interest.
h. Service Provider acknowledges that the City is a governmental entity subject to the
Colorado Open Records Act, C.R.S. §§ 24-72-200.1 et seq. (“CORA”). Any proposals
submitted hereunder are subject to public disclosure by the City pursuant to CORA and
City ordinances. Professionals may submit one (1) additional complete proposal clearly
marked “FOR PUBLIC VIEWING.” In this version of the proposal, Professionals may
redact text and/or data that it deems confidential or proprietary pursuant to CORA. All
pricing will be considered public records subject to disclosure under CORA and as such
pricing cannot be redacted from the “FOR PUBLIC VIEWING” version of the proposal.
Failure to provide a public viewing copy will be considered a waiver of any claim of
confidentiality under CORA without regard to how the applicant’s proposal or certain
pages of the proposal are marked confidential, proprietary, or similar. Such statement
does not necessarily exempt such documentation from public disclosure if required by
CORA, by order of a court of appropriate jurisdiction, or other applicable law. Generally,
under CORA, trade secrets, confidential commercial information and financial data
information may not be disclosed by the City. Proposals may not be marked “Confidential”
or ‘Proprietary’ in their entirety. By responding to this RFP, Professionals hereby waives
any and all claims for damages against the City for the City’s good faith compliance with
CORA. All provisions and pricing of any contract resulting from this request for
proposal will be public information.
Legal Firm Name:
Physical Address:
Remit to Address:
Phone:
Name of Authorized Agent of Firm:
Signature of Authorized Agent:
RFP 9973 DATA SHARING AND CONSENT MANAGEMENT Page 19 of 41
Primary Contact for Project:
Title: Email Address:
Phone: Cell Phone:
NOTE: ACKNOWLEDGMENT IS TO BE SIGNED & RETURNED WITH YOUR PROPOSAL.
RFP 9973 DATA SHARING AND CONSENT MANAGEMENT Page 20 of 41
ATTACHMENT A
SaaS Cyber Vendor Questionnaire
1. Data Ownership: The City of Fort Collins will own all rights, title and interest in its data
that is related to the services provided. All data obtained by the vendor regarding the
performance of these services shall become and remain the property of the City. The
vendor will not share or distribute any City data to any other entity without the City's
written consent. Can you comply with this?
Answer:
2. Data Protection: Describe how you safeguard the confidentiality, integrity, and
availability of City information, including encryption of personal data in transit and at rest,
and access control. Do you have a privacy and security policy, and does the policy apply
to customers’ private data including personal identifiable information?
Answer:
3. Data destruction: What procedures and safeguards does the vendor have in place for
sanitizing and disposing of City data according to prescribed retention schedules or
following the conclusion of a project or termination of a contract to render it
unrecoverable and prevent accidental and/or unauthorized access to City data?
Answer:
4. Data Location: Are the data centers where City data may be stored or processed
located exclusively in the United States? Do you allow your personnel or contractors to
store City data on portable devices? Do your personnel and contractors access City data
remotely?
Answer:
5. Security Incidents or Data Breaches: Describe your data breach and incident
response communication plans. Has the company experienced any security breaches? If
yes, explain.
Answer:
6. Breach Responsibilities: In addition to data breach communication, what additional
responsibilities do you have to your customers in the event of a data breach involving
private data that is in your control, or in the control of your contractors/subsidiaries, at
the time of breach? Do you have cybersecurity insurance? If yes, provide an overview of
the coverage.
Answer:
7. Background Checks: Do you conduct criminal background checks on all staff, including
subcontractors? Do you employ people convicted of any crime of dishonesty?
Answer:
RFP 9973 DATA SHARING AND CONSENT MANAGEMENT Page 21 of 41
8. Access to Security Logs and Reports: The vendor shall provide reports to the City
in a format specified in the SLA agreed to by the vendor and the City. Reports shall
include latency statistics, user access, user access IP address, user access history and
security logs for all City files related to this contract. Can you comply with this?
Answer:
9. Risk Assessments and Audits: Do you conduct periodic risk assessments to identify
cybersecurity threats, vulnerabilities, and potential business consequences? Do you
have regular independent assessments of your cybersecurity processes? Do you
perform independent audits of your data center? How often? What level of audit is
performed (e.g., SOC2)? Would you be willing to share redacted versions of your most
recent risk assessment and audit report with the City?
Answer:
10. Change Control and Advance Notice: How do you communicate upgrades (e.g., major
upgrades, minor upgrades, system changes) that may impact service availability and
performance to your customers?
Answer:
11. Upgrades: Are technology systems (e.g., servers, network devices, operating systems,
applications, malware definitions) regularly updated/patched? Do you have any systems
in production that are past end of life or that can no longer be patched?
Answer:
12. Non-disclosure and Separation of Duties: Describe how you enforce separation of job
duties and limit staff knowledge of City data to that which is necessary to perform job
duties.
Answer:
13. Import and Export of Data: Describe the data import and export processes from the
customer’s perspective.
Answer:
14. Subcontractor Disclosure: Identify all your strategic business partners related to
services provided under this arrangement, including but not limited to all subcontractors
or other entities or individuals who may be a party to a joint venture or similar agreement
with the you, and who shall be involved in any application development and/or
operations.
Answer:
15. Right to Remove Individuals: The City shall have the right at any time to require that
the vendor remove from interaction with the City any vendor representative who the City
believes is detrimental to its working relationship with the vendor. Can you comply with
this?
Answer:
RFP 9973 DATA SHARING AND CONSENT MANAGEMENT Page 22 of 41
16. Encryption of Data at Rest: Can you ensure hard drive encryption consistent with
validated cryptography standards as referenced in FIPS 140-2, Security Requirements
for Cryptographic Modules for all personal data?
Answer:
17. Internet-Facing Security: We may use BitSight (like a credit report for cyber security) to
assess your internet-facing security. Do you subscribe to BitSight or a similar service,
and if so, are you willing to provide a sanitized report?
Answer:
18. Service Interruption: In the event of an interruption of your service, what is your
process for notifying customer operations of the circumstances of the interruption or
outage and the expected recovery time?
Answer:
19. Backup and Recovery: What is your backup & recovery SLA? What are the actual
results/metrics vs. the SLA for the last 12 months? Is your backup data encrypted and, if
so, to what standard?
Answer:
20. Authentication: Do you have an internal password policy? Do you have complexity or
length requirements for passwords? Can employees/contractors remotely connect to
your production systems? (i.e., VPN. Is multi-factor authentication available? Do you
require MFA for administration of your service (local or remote)? Do you support
SSO/SAML ADFS for customer access?
Answer:
21. Cyber Insurance: Does your firm carry cyber insurance? If so, what are your insurance
levels?
Answer:
22. CAIQ Questionnaire: Lack of security control transparency is a leading inhibitor to the
adoption of cloud services. As part of the City of Fort Collin’s Information Security
program we are requesting that all our Cloud Service Providers complete and
submit the Cloud Security Alliance (CSA) CONSENSUS ASSESSMENTS
INITIATIVE QUESTIONNAIRE (CAIQ). This will enable Utilities to have greater
confidence that the information is being appropriately protected, and that processes are
in place for appropriate action to be taken where any areas of concern emerge.
The City will request that the Vendor of Choice complete the CAIQ to assess the
maturity of policies, systems and controls that are in place related to services you
provide. The questionnaire is available here or www.cloudsecurityalliance.org. The
question set was developed by CSA in partnership with industry groups to provide an
agreed question set that can be used across the supply chain and is focused on
providing industry-accepted ways to document what security controls exist in IaaS,
PaaS, and SaaS offerings, providing greater security control transparency. Describe
Vendor familiarity with the CAIQ questionnaire.
Answer:
Official Purchasing Document
Last updated 2/2024
Professional Services Agreement – Work Order Type
RFP/BID [# and Title] Page 23 of 41
VI. SAMPLE AGREEMENT (FOR REFERENCE ONLY – DO NOT SIGN )
MASTER PROFESSIONAL SERVICES AGREEMENT
WORK ORDER TYPE
THIS MASTER PROFESSIONAL SERVICES AGREEMENT (AGREEMENT) made and
entered into the day and year set forth in Section 4 below by and between the CITY OF FORT
COLLINS, COLORADO, a Colorado Municipal Corporation (CITY) and , a(n) [enter state]
[business type] (PROFESSIONAL).
WITNESSETH:
In consideration of the mutual covenants and obligations herein expressed, it is agreed by
and between the parties hereto as follows:
1. Scope of Service. The PROFESSIONAL agrees to provide Services in accordance with
any project Work Orders for , issued by the CITY. A blank sample of a Work Order
is attached hereto as Exhibit A, consisting of [# of Pages] and incorporated herein. A
general Scope of Services is attached hereto as Exhibit B, consisting of [# of Pages] and
incorporated herein. The CITY reserves the right to independently solicit any project
rather than issuing a Work Order to the PROFESSIONAL for the same pursuant to this
AGREEMENT. Irrespective of references to certain named third parties within this
AGREEMENT or any Work Order, the PROFESSIONAL shall be solely responsible for
performance of all duties hereunder. The term Service as used in this AGREEMENT shall
include the Services and deliverables contained in any Work Order issued by the CITY.
The CITY may, at any time during the term of a particular Work Order and without
invalidating the Work Order, make changes to the scope of the particular Service.
Changes shall be agreed upon in writing by the parties by Change Order, a sample of
which is attached hereto as Exhibit C, consisting of [# of Pages] and incorporated herein.
2. Work Order Schedule. The Services to be performed pursuant to this AGREEMENT shall
be performed as specified on each Work Order. Time is of the essence. Any change in
schedule must be agreed upon in writing by the parties hereto via a Change Order.
3. Changes. The CITY may, at any time during the term of the AGREEMENT, make changes
to the AGREEMENT. Such changes shall be agreed upon in writing by the parties.
4. Agreement Period. This AGREEMENT shall commence , 20 (the Effective
Date) and shall continue in full force and effect until , 20 , unless sooner
terminated as herein provided. In addition, at the option of the CITY, the AGREEMENT
may be extended for additional one (1) year periods not to exceed four (4) additional one-
year periods. Renewals and pricing changes shall be negotiated by and agreed to by both
parties only at the time of renewal. [Any price changes shall not exceed percent
( %) per annual renewal]. Written notice of renewal shall be provided to the
PROFESSIONAL no later than thirty (30) days before AGREEMENT end.
Official Purchasing Document
Last updated 2/2024
Professional Services Agreement – Work Order Type
RFP/BID [# and Title] Page 24 of 41
5. Compensation. In consideration of the Services to be performed pursuant to this
AGREEMENT, the CITY agrees to pay the PROFESSIONAL [choose one] as designated
in Exhibit D, consisting of [# of Pages], attached and incorporated herein. At the election
of the CITY, each Work Order may contain a maximum fee, which shall be negotiated by
the parties hereto for each Work Order. Partial payments based upon the
PROFESSIONAL’s billings and itemized statements are permissible as defined in the
applicable Work Order. The amounts of any partial payments shall be based upon the
PROFESSIONAL’s City-verified progress in completing the Service(s) to be performed
pursuant to the Work Order and upon approval of the PROFESSIONAL’s direct
reimbursable expenses. Payment shall be made following acceptance of the Services by
the CITY.
Itemized invoices shall be emailed to invoices@fcgov.com with a copy to the Project
Manager. The cost of the Services completed shall be paid to the PROFESSIONAL
following the submittal of a correct itemized invoice by the PROFESSIONAL. The CITY is
exempt from sales and use tax. The CITY’s Certificate of Exemption license number is
09804502. A copy of the license is available upon written request.
The CITY pays undisputed invoices on Net 30 days from the date of the invoice submittal
to the CITY or, for disputed invoices, Net 30 days from the date of CITY Project Manager’s
approval.
6. Early Termination by City. Notwithstanding the time periods contained herein, the CITY
may terminate this AGREEMENT at any time without cause or penalty by providing at
least ten (10) calendar days written notice of termination to the PROFESSIONAL.
In the event of early termination by the CITY, the PROFESSIONAL shall be paid for
Services rendered up to the date of termination, subject to the satisfactory performance
of the PROFESSIONAL's obligations under this AGREEMENT. PROFESSIONAL shall
submit a final invoice within ten (10) calendar days of the effective date of termination.
Payment shall be the PROFESSIONAL's sole right and remedy for termination.
7. Notices. All notices provided under this AGREEMENT shall be effective immediately
when emailed or three (3) business days from the date of the notice when mailed to the
following addresses:
PROFESSIONAL: CITY: Copy to:
Attn:
Email Address
City of Fort Collins
Attn:
PO Box 580
Fort Collins, CO 80522
Email Address
City of Fort Collins
Attn: Purchasing Dept.
PO Box 580
Fort Collins, CO 80522
purchasing@fcgov.com
All notices under this AGREEMENT shall be written.
8. Design and Service Standards. The PROFESSIONAL warrants and shall be responsible
for the professional quality, technical accuracy, accessibility requirements under ADA and
Official Purchasing Document
Last updated 2/2024
Professional Services Agreement – Work Order Type
RFP/BID [# and Title] Page 25 of 41
Public Accommodations and Technology Accessibility sections below, timely completion
and the coordination of all Services rendered by the PROFESSIONAL, and the Project
Instruments as defined in Section 11 below. The PROFESSIONAL shall, without additional
compensation, promptly remedy and correct any errors, omissions, or other deficiencies
from such standards.
9. Indemnification. The PROFESSIONAL shall indemnify, defend, and hold harmless the
CITY and its officers and employees, to the maximum extent permitted under Colorado
law, against and from any and all actions, suits, claims, demands, or liability of any
character whatsoever claimed by the PROFESSIONAL or third parties against the CITY
arising out of or related to this AGREEMENT (not limited to contract, tort, intellectual
property, accessibility, or otherwise). This obligation extends to reimbursement of the
CITY's costs and reasonable attorney’s fees.
10. Insurance. The PROFESSIONAL shall maintain insurance in accordance with Exhibit
[choose one], consisting of [# of Pages], attached hereto and incorporated herein.
11. Appropriation. To the extent this AGREEMENT, or any provision in it, requires payment
of any nature in fiscal years subsequent to the current fiscal year and constitutes a multiple
fiscal year debt or financial obligation of the CITY, it shall be subject to annual
appropriation by the Fort Collins City Council as required in Article V, Section 8(b) of the
City Charter, City Code Section 8-186, and Article X, Section 20 of the Colorado
Constitution. The CITY shall have no obligation to continue this AGREEMENT in any fiscal
year for which there are no pledged cash reserves or supporting appropriations pledged
irrevocably for purposes of payment obligations herein. Non-appropriation by the CITY
shall not be construed as a breach of this AGREEMENT.
12. Project Instruments and License.
a. Upon execution of this AGREEMENT, the PROFESSIONAL grants to the CITY an
irrevocable, unlimited and royalty free license to use any and all sketches, drawings,
as-builts, specifications, designs, blueprints, data files, calculations, studies, analysis,
renderings, models, plans, reports, and other Work Order deliverables (Project
Instruments), in any form whatsoever and in any medium expressed, for purposes of
constructing, using, maintaining, altering and adding to the project, provided that the
CITY substantially performs its obligations under the AGREEMENT. The license
granted hereunder permits the CITY and third parties reasonably authorized by the
CITY to reproduce applicable portions of the Project Instruments for use in performing
the Services or construction for the project. In addition, the license granted hereunder
shall permit the CITY and third parties reasonably authorized by the CITY to reproduce
and utilize the Project Instruments for similar projects, provided however, in such event
the PROFESSIONAL shall not be held responsible for the design to the extent the
CITY deviates from the Project Instruments. This license shall survive termination of
the AGREEMENT by default or otherwise.
b. Upon payment under each applicable Work Order, Project Instruments rendered by
Official Purchasing Document
Last updated 2/2024
Professional Services Agreement – Work Order Type
RFP/BID [# and Title] Page 26 of 41
the PROFESSIONAL shall become the CITY’s property. The PROFESSIONAL shall
provide the CITY with the Project Instruments in electronic format in a mutually agreed
upon file type.
13. CITY Project Manager. The CITY’s Project Manager will be shown on the specific Work
Order and shall make, within the scope of the Project Manager’s authority, all necessary
and proper decisions with reference to the Services requested under the applicable Work
Order. All requests for contract interpretation, change order and other clarification or
instruction shall be directed to the CITY Project Manager.
14. Project Status Report. A project status report is required to accompany all invoices and
shall be submitted to the CITY Project Manager. The progress status report shall contain
a written report of the status of the Services with respect to the Scope of Services, project
schedule, previous invoices, outstanding balance, percent billed and other material
information. Failure to provide any required report may, at the option of the CITY, suspend
the processing of any payment request.
15. Independent Contractor. The Services to be performed by the PROFESSIONAL are those
of an independent contractor and not of an employee of the City of Fort Collins. The CITY
shall not be responsible for withholding any portion of the PROFESSIONAL's
compensation hereunder for the payment of FICA, Workers' Compensation,
unemployment insurance, other taxes or benefits or for any other purpose.
16. Personal Services. It is understood that the CITY enters into this AGREEMENT based on
the special abilities of the PROFESSIONAL and that this AGREEMENT shall be
considered as an AGREEMENT for personal services. Accordingly, the PROFESSIONAL
shall neither assign any responsibilities nor delegate any duties arising under this
AGREEMENT without the prior written consent of the CITY.
17. Subcontractors/Subconsultants. The PROFESSIONAL may not subcontract any of the
Service(s) set forth in any Work Order without the prior written consent of the CITY, which
shall not be unreasonably withheld. If any of the Services is subcontracted hereunder,
with the consent of the CITY, then the following provisions shall apply: (a) the
subcontractor/subconsultant must be a reputable, qualified firm with an established record
of successful performance in its respective trade performing identical or substantially
similar Services, (b) the subcontractor/subconsultant will be required to comply with all
applicable terms of this AGREEMENT, (c) the subcontract will not create any contractual
relationship between any subcontractor/subconsultant and the CITY, nor will it obligate
the CITY to pay or see to the payment of any subcontractor/subconsultant, and (d) the
Services of the subcontractor/subconsultant will be subject to inspection by the CITY to
the same extent as the Service(s) of the PROFESSIONAL.
The PROFESSIONAL shall require all subcontractor/subconsultants performing
Service(s) hereunder to maintain insurance coverage naming the CITY as an additional
insured under this AGREEMENT, Exhibit [choose one], consisting of [# of Pages],
attached and incorporated herein. The PROFESSIONAL shall maintain a copy of each
Official Purchasing Document
Last updated 2/2024
Professional Services Agreement – Work Order Type
RFP/BID [# and Title] Page 27 of 41
subcontractor’s/subconsultant’s certificate evidencing the required insurance. Upon
request, the PROFESSIONAL shall promptly provide the CITY with a copy of the
certificate(s).
18. Acceptance Not Waiver. The CITY's approval of Project Instruments furnished hereunder
shall not in any way relieve the PROFESSIONAL of responsibility for the quality or
technical accuracy of the Services. The CITY's approval or acceptance of, or payment
for, any of the Services shall not be construed to operate as a waiver of any rights or
benefits provided to the CITY under this AGREEMENT.
19. Default. Each and every term and condition hereof shall be deemed to be a material
element of this AGREEMENT. In the event either party should fail to or refuse to perform
according to the terms of this AGREEMENT, that party may be declared in default upon
notice.
20. Remedies. In the event a party has been declared in default, that defaulting party shall
be allowed a period of ten (10) calendar days from the date of notice within which to cure
said default. In the event the default remains uncorrected, the party declaring default may
elect to (a) terminate the AGREEMENT and seek damages; (b) treat the AGREEMENT
as continuing and require specific performance; or (c) avail themselves of any other
remedy at law or equity. In event of a dispute regarding this AGREEMENT, each party
shall bear its own attorney fees and costs.
21. Entire Agreement; Binding Effect; Authority to Execute. This AGREEMENT, along with all
Exhibits and other documents incorporated herein, shall constitute the entire
AGREEMENT of the parties regarding this transaction and the matter recited herein. This
AGREEMENT and all Work Orders pursuant to this AGREEMENT supersede any prior
agreements, promises, or understandings as to the matter recited herein. The
AGREEMENT shall be binding upon the parties, their officers, employees, agents and
assigns and shall inure to the benefit of the respective survivors, heirs, personal
representatives, successors and assigns of said parties. Covenants or representations
not contained in this AGREEMENT shall not be binding on the parties. In the event of a
conflict between terms of the AGREEMENT and any exhibit or attachment, the terms of
the AGREEMENT shall prevail. Each person executing this AGREEMENT affirms that
they have the necessary authority to sign on behalf of their respective party and to bind
that party to the terms of this AGREEMENT.
22. Law/Severability. The laws of the State of Colorado and the City of Fort Collins Charter
and Municipal Code shall govern the construction, interpretation, execution and
enforcement of this AGREEMENT—without regard to choice of law or conflict of law
principles. The Parties further agree that Larimer County District Court is the proper venue
for all disputes. If the CITY subsequently agrees in writing that the matter may be heard
in federal court, venue will be in U.S. District Court for the District of Colorado. In the
event any provision of this AGREEMENT shall be held invalid or unenforceable by any
court of competent jurisdiction, that holding shall not invalidate or render unenforceable
Official Purchasing Document
Last updated 2/2024
Professional Services Agreement – Work Order Type
RFP/BID [# and Title] Page 28 of 41
any other provision of this AGREEMENT.
23. Use by Other Agencies. The CITY reserves the right to allow other state and local
governmental agencies, political subdivisions, and/or school districts (collectively Agency)
to use the CITY’s award determination to the PROFESSIONAL. Use by any other entity
shall not have a negative impact on the CITY in the current term or in any future terms.
Nothing herein shall be deemed to authorize or empower the Agency to act as an agent
for the CITY in connection with the exercise of any rights hereunder, and neither party
shall have any right or authority to assume or create any obligation or responsibility on
behalf of the other. The other Agency shall be solely responsible for any debts, liabilities,
damages, claims or expenses incurred in connection with any agreement established
solely between the Agency and the PROFESSIONAL. The CITY’s concurrence hereunder
is subject to the PROFESSIONAL’s commitment that this authorization shall not have a
negative impact on the Services to be completed for the CITY.
24. Prohibition Against Unlawful Discrimination. The PROFESSIONAL acknowledges that the
CITY, in accordance with the provisions of Title VI of the Civil Rights Act of 1964 (78 Stat.
252, 42 US.C. §§ 2000d to 2000d-4); Section §§24-34-401, et seq., C.R.S., and any
associated State or Federal laws and regulations, strictly prohibits unlawful discrimination
based on an individual’s gender (regardless of gender identity or gender expression), race,
color, religion, creed, national origin, ancestry, age forty (40) years or older, marital status,
disability, sexual orientation, genetic information, or other characteristics protected by law.
Pursuant to CITY policy, sexual orientation means a person’s actual or perceived
orientation toward heterosexuality, homosexuality, and bisexuality. The CITY also strictly
prohibits unlawful harassment in the workplace, including sexual harassment. Further, the
CITY strictly prohibits unlawful retaliation against a person who engages in protected
activity. Protected activity includes an employee complaining that the employee has been
discriminated against in violation of the above policy or participating in an employment
discrimination proceeding.
The PROFESSIONAL shall comply with the CITY’s policy for equal employment
opportunity and to prohibit unlawful discrimination, harassment and retaliation. This
requirement applies to all third-party subcontractors/subconsultants at every tier.
25. ADA and Public Accommodations. In performing the Service(s) required hereunder, the
PROFESSIONAL agrees to meet all the requirements of the Americans with Disabilities
Act of 1990, §§24-85-101, et seq., C.R.S., and all applicable rules and regulations (ADA),
and all applicable Colorado public accommodation laws, which are imposed directly on
the PROFESSIONAL or which would be imposed on the CITY as a public entity.
26. Technology Accessibility. The PROFESSIONAL represents that the Project Instruments
hereunder, shall fully comply with all applicable provisions of §§24-85-101, et seq., C.R.S.,
and the Accessibility Standards for Individuals with a Disability, as established by the State
of Colorado Governor’s Office of Information Technology (OIT) pursuant to §24-85-103
(2.5), C.R.S., including all updates and amendments to those standards as provided by
Official Purchasing Document
Last updated 2/2024
Professional Services Agreement – Work Order Type
RFP/BID [# and Title] Page 29 of 41
the OIT. The PROFESSIONAL shall also comply with all State of Colorado technology
standards related to technology accessibility and with Level AA of the most current version
of the Web Content Accessibility Guidelines (WCAG), incorporated in the State of
Colorado technology standards.
To confirm that the Project Instruments meet these standards, the PROFESSIONAL may
be required to demonstrate compliance. The PROFESSIONAL shall indemnify, save, and
hold harmless the CITY against any and all costs, expenses, claims, damages, liability,
court awards and other amounts (including attorneys’ fees and related costs) incurred by
the CITY in relation to the PROFESSIONAL’s failure to comply with §§24-85-101, et seq.,
C.R.S., or the Accessibility Standards for Individuals with a Disability as established by
OIT pursuant to §24-85-103 (2.5), C.R.S.
The CITY may require the PROFESSIONAL’s compliance to the State’s Accessibility
Standards to be determined by a third party selected by the CITY to attest to the Project
Instruments and software compliance with §§24-85-101, et seq., C.R.S., and the
Accessibility Standards for Individuals with a Disability as established by OIT pursuant to
§24-85-103 (2.5), C.R.S.
27. Data Privacy. PROFESSIONAL will comply with all applicable data privacy regulations
and laws, specifically including Colorado’s Privacy Act § 6-1-1301 et. seq. (the Privacy
Act). PROFESSIONAL shall ensure that each person processing any personal data
connected to the Services is subject to a duty of confidentiality with respect to the data. If
applicable, PROFESSIONAL shall require that any subcontractors meet the obligations of
PROFESSIONAL with respect to any personal data connected to this AGREEMENT and
corresponding Work Orders. The Parties agree that upon termination of the Services that
PROFESSIONAL shall, at the CITY’s choice, delete or return all personal data to the CITY
unless retention of the personal data is required by law. PROFESSIONAL shall make
available to the CITY all information necessary to demonstrate compliance with the
obligations of the Privacy Act. PROFESSIONAL shall allow for, and contribute to,
reasonable audits and inspections by the CITY or the CITY’s designated auditor.
28. Governmental Immunity Act. No term or condition of this AGREEMENT shall be construed
or interpreted as a waiver, express or implied, of any of the notices, requirements,
immunities, rights, benefits, protections, limitations of liability, and other provisions of the
Colorado Governmental Immunity Act, C.R.S. § 24-10-101 et seq. and under any other
applicable law.
29. Colorado Open Records Act. The PROFESSIONAL acknowledges the CITY is a
governmental entity subject to the Colorado Open Records Act, C.R.S. § 24-72-200, et
seq. (CORA), and documents in the CITY’s possession may be considered public records
subject to disclosure under CORA.
30. Delay. Time is of the essence. Subject to Force Majeure in Section 31 of this AGREEMENT,
if the PROFESSIONAL is temporarily delayed in whole or in part from performing its
obligations, then the PROFESSIONAL shall provide written notice to the CITY within two
Official Purchasing Document
Last updated 2/2024
Professional Services Agreement – Work Order Type
RFP/BID [# and Title] Page 30 of 41
(2) business days defining the nature of the delay. Provision of written notice under this
Section shall not operate as a waiver of any rights or benefits provided to the CITY under
this AGREEMENT.
31. Force Majeure. No party hereto shall be considered in default in the performance of an
obligation hereunder to the extent that performance of such obligation is delayed,
hindered, or prevented by force majeure. Force majeure shall be any cause beyond the
control of the party that could not reasonably have been foreseen and guarded
against. Force majeure includes, but is not limited to, acts of God, fires, riots, pandemics,
incendiarism, interference by civil or military authorities, compliance with regulations or
orders of military authorities, and acts of war (declared or undeclared), provided the cause
could not have been reasonably foreseen and guarded against by the affected
party. Force majeure shall not include increases in labor, commodity, utility, material,
supply, fuel, or energy costs, or compliance with regulations or orders of civil authorities.
To the extent that the performance is actually prevented, the PROFESSIONAL must
provide notice to the CITY of such condition within ten (10) days from the onset of the
condition.
32. Special Provisions. Special provisions or conditions relating to the Service(s) to be
performed pursuant to this AGREEMENT are set forth in Exhibit [choose one] -
Confidentiality, consisting of [# of Pages], attached hereto and incorporated herein by this
reference.
33. Order of Precedence. In the event of a conflict or inconsistency within this AGREEMENT,
the conflict or inconsistency shall be resolved by giving preference to the documents in
the following order of priority:
(a) The body of this AGREEMENT (and any written amendment),
(b) Exhibits to this AGREEMENT,
(c) Work Order(s) (and any applicable Change Order), and
(d) the Purchase Order document.
34. Prohibited Terms. Nothing in any Exhibit, Work Order, or other attachment shall be
construed as a waiver of any provision above. Any terms included in any Exhibit, Work
Order, or other attachment that requires the CITY to indemnify or hold PROFESSIONAL
harmless; requires the CITY to agree to binding arbitration; limits PROFESSIONAL’s
liability; or that conflicts with statute, City Charter or City Code in any way, shall be void.
[Signature Page Follows]
Official Purchasing Document
Last updated 2/2024
Professional Services Agreement – Work Order Type
RFP/BID [# and Title] Page 31 of 41
THE CITY OF FORT COLLINS, COLORADO
By:
Gerry Paul
Purchasing Director
Date:
ATTEST:
APPROVED AS TO FORM:
PROFESSIONAL'S NAME
By:
Printed:
Title:
Date:
Official Purchasing Document
Last updated 2/2024
Professional Services Agreement – Work Order Type
RFP/BID [# and Title] Page 32 of 41
EXHIBIT A
WORK ORDER FORM
PURSUANT TO A MASTER AGREEMENT BETWEEN
THE CITY OF FORT COLLINS
AND
PROFESSIONAL'S NAME
WORK ORDER NUMBER:
PROJECT TITLE:
ORIGINAL BID/RFP NUMBER & NAME:
MASTER AGREEMENT EFFECTIVE DATE: Original Contract Date
WORK ORDER COMMENCEMENT DATE:
WORK ORDER COMPLETION DATE:
MAXIMUM FEE: (time and reimbursable direct costs):
PROJECT DESCRIPTION/SCOPE OF SERVICES:
PROFESSIONAL agrees to perform the Service(s) identified above and on the attached forms in
accordance with the terms and conditions contained herein and in the Master Agreement between
the parties. In the event of a conflict between or ambiguity in the terms of the Master Agreement
and this Work Order (including the attached forms) the Master Agreement shall control.
The attached forms consisting of ( ) page(s) are hereby accepted and incorporated
herein, by this reference, and Notice to Proceed is hereby given after all parties have signed this
document.
PROFESSIONAL: Date:
Name, Title
ACCEPTANCE: Date:
Name, Project Manager
REVIEWED: Date:
Name, Buyer or Senior Buyer
ACCEPTANCE: Date:
Gerry Paul, Purchasing Director
(if greater than $60,000)
Official Purchasing Document
Last updated 2/2024
Professional Services Agreement – Work Order Type
RFP/BID [# and Title] Page 33 of 41
EXHIBIT B
GENERAL SCOPE OF WORK
Official Purchasing Document
Last updated 2/2024
Professional Services Agreement – Work Order Type
RFP/BID [# and Title] Page 34 of 41
EXHIBIT C
CHANGE ORDER
NO.
PROJECT TITLE:
PROFESSIONAL: Company Name
WORK ORDER NUMBER:
PO NUMBER:
DESCRIPTION:
1. Reason for Change: Why is the change required?
2. Description of Change: Provide details of the changes to the Work
3. Change in Work Order Price:
4. Change in Work Order Time:
ORIGINAL WORK ORDER PRICE $ .00
TOTAL APPROVED CHANGE ORDER .00
TOTAL PENDING CHANGE ORDER .00
TOTAL THIS CHANGE ORDER .00
TOTAL % OF THIS CHANGE ORDER %
TOTAL C.O.% OF ORIGINAL WORK ORDER %
ADJUSTED WORK ORDER COST $ .00
PROFESSIONAL: Date:
Name, Title
ACCEPTANCE: Date:
Name, Project Manager
REVIEWED: Date:
Name, Buyer or Senior Buyer
ACCEPTANCE: Date:
Gerry Paul, Purchasing Director (if greater than $60,000)
Official Purchasing Document
Last updated 2/2024
Professional Services Agreement – Work Order Type
RFP/BID [# and Title] Page 35 of 41
EXHIBIT D
BID SCHEDULE/COMPENSATION
The following pricing shall remain fixed for the initial term of this AGREEMENT. Any applicable
price adjustments may only be negotiated and agreed to in writing at the time of renewal.
Official Purchasing Document
Last updated 2/2024
Professional Services Agreement – Work Order Type
RFP/BID [# and Title] Page 36 of 41
EXHIBIT [CHOOSE ONE]
INSURANCE REQUIREMENTS
Local Agency shall obtain and maintain, and ensure that each Subcontractor shall obtain and
maintain, insurance as specified in this section at all times during the term of this AGREEMENT.
All insurance policies required by this AGREEMENT that are not provided through self-insurance
shall be issued by insurance companies with an AM Best rating of A-VIII or better.
A. Local Agency Insurance. Local Agency is a "public entity" within the meaning of the Colorado
Governmental Immunity Act, §24-10- 101, et seq., C.R.S. (the “GIA”) and shall maintain at all
times during the term of this AGREEMENT such liability insurance, by commercial policy or
self-insurance, as is necessary to meet its liabilities under the GIA.
B. Subcontractor Requirements. Local Agency shall ensure that each Subcontractor that is a
public entity within the meaning of the GIA, maintains at all times during the terms of this
AGREEMENT, such liability insurance, by commercial policy or self-insurance, as is
necessary to meet the Subcontractor’s obligations under the GIA. Local Agency shall ensure
that each Subcontractor that is not a public entity within the meaning of the GIA, maintains at
all times during the terms of this AGREEMENT all of the following insurance policies:
i. Workers’ Compensation Workers’ compensation insurance as required by state statute,
and employers’ liability insurance covering all Local Agency or Subcontractor employees
acting within the course and scope of their employment.
ii. General Liability Commercial general liability insurance written on an Insurance Services
Office occurrence form, covering premises operations, fire damage, independent
contractors, products and completed operations, blanket contractual liability, personal
injury, and advertising liability with minimum limits as follows:
a. $1,000,000 each occurrence;
b. $1,000,000 general aggregate; c. $1,000,000 products and completed operations
aggregate; and d. $50,000 any 1 fire.
iii. Automobile Liability. Automobile liability insurance covering any auto (including owned,
hired and non-owned autos) with a minimum limit of $1,000,000 each accident combined
single limit.
iv. Protected Information Liability insurance covering all loss of State Confidential Information,
such as PII, PHI, PCI, Tax Information, and CJI, and claims based on alleged violations
of privacy rights through improper use or disclosure of protected information with minimum
limits as follows:
a. $1,000,000 each occurrence; and
b. $2,000,000 general aggregate.
v. Professional Liability Insurance. Professional liability insurance covering any damages
caused by an error, omission or any negligent act with minimum limits as follows:
a. $1,000,000 each occurrence; and
b. $1,000,000 general aggregate.
Official Purchasing Document
Last updated 2/2024
Professional Services Agreement – Work Order Type
RFP/BID [# and Title] Page 37 of 41
vi. Crime Insurance. Crime insurance including employee dishonesty coverage with minimum
limits as follows:
a. $1,000,000 each occurrence; and
b. $1,000,000 general aggregate.
vii. Cyber/Network Security and Privacy Liability insurance covering all civil, regulatory and
statutory damages, contractual damages, data breach management exposure, and any
loss of State Confidential Information, such as PII, PHI, PCI, Tax Information, and CJI,
and claims based on alleged violations of breach, violation or infringement of right to
privacy rights through improper use or disclosure of protect consumer data protection law,
confidentiality or other legal protection for personal information, as well as State
Confidential Information with minimum limits as follows: OLA #: 331003221 Routing #: 24-
HA4-XC-00244
a. $1,000,000 each occurrence; and b. $2,000,000 general aggregate.
C. Additional Insured. The State shall be named as additional insured on all commercial general
liability policies (leases and construction contracts require additional insured coverage for
completed operations) required of Local Agency and Subcontractors. In the event of
cancellation of any commercial general liability policy, the carrier shall provide at least 10 days
prior written notice to CDOT.
D. Primacy of Coverage. Coverage required of Local Agency and each Subcontractor shall be
primary over any insurance or self-insurance program carried by Local Agency or the State.
E. Cancellation. All commercial insurance policies shall include provisions preventing
cancellation or non-renewal, except for cancellation based on non-payment of premiums,
without at least 30 days prior notice to Local Agency and Local Agency shall forward such
notice to the State in accordance with §16 within 7 days of Local Agency’s receipt of such
notice.
F. Subrogation. Waiver All commercial insurance policies secured or maintained by Local
Agency or its Subcontractors in relation to this AGREEMENT shall include clauses stating that
each carrier shall waive all rights of recovery under subrogation or otherwise against Local
Agency or the State, its agencies, institutions, organizations, officers, agents, employees, and
volunteers.
G. Certificates. For each commercial insurance plan provided by Local Agency under this
Agreement, Local Agency shall provide to the State certificates evidencing Local Agency’s
insurance coverage required in this Agreement within seven (7) Business Days following the
Effective Date. Local Agency shall provide to the State certificates evidencing Subcontractor
insurance coverage required under this Agreement within seven (7) Business Days following
the Effective Date, except that, if Local Agency’s subcontract is not in effect as of the Effective
Date, Local Agency shall provide to the State certificates showing Subcontractor insurance
coverage required under this Agreement within seven (7) Business Days following Local
Agency’s execution of the subcontract. No later than 15 days before the expiration date of
Local Agency’s or any Subcontractor’s coverage, Local Agency shall deliver to the State
certificates of insurance evidencing renewals of coverage. At any other time during the term
of this Agreement, upon request by the State, Local Agency shall, within seven (7) Business
Days following the request by the State, supply to the State evidence satisfactory to the State
of compliance with the provisions of this §12.
Official Purchasing Document
Last updated 2/2024
Professional Services Agreement – Work Order Type
RFP/BID [# and Title] Page 38 of 41
EXHIBIT [CHOOSE ONE]
CONFIDENTIALITY
IN CONNECTION WITH THE SERVICES to be provided by PROFESSIONAL under this
AGREEMENT, the parties agree to comply with reasonable policies and procedures with regard
to the exchange and handling of confidential information and other sensitive materials between
the parties, as set forth below.
1. Definitions.
For purposes of this AGREEMENT, the party who owns the referenced information and is
disclosing same shall be referenced as the “Disclosing Party.” The party receiving the
Disclosing Party’s information shall be referenced as the “Receiving Party.”
2. Confidential Information.
Confidential Information controlled by this AGREEMENT refers to information that is not public
and/or is proprietary, including but not limited to location information, network security system,
business plans, formulae, processes, intellectual property, trade secrets, designs,
photographs, plans, drawings, schematics, methods, specifications, samples, reports,
mechanical and electronic design drawings, customer lists, financial information, studies,
findings, inventions, ideas, CITY customer identifiable information (including account,
address, billing, consumption, contact, and other customer data), utility metering data, service
billing records, customer equipment information.
To the extent practical, Confidential Information shall be marked “Confidential” or
“Proprietary.” Nevertheless, PROFESSIONAL shall treat as Confidential Information all
customer identifiable information in any form, whether or not bearing a mark of confidentiality
or otherwise requested by the CITY, including but not limited to the non-exclusive list of
Confidential Information above. In the case of disclosure in non-documentary form of non-
customer identifiable information, made orally or by visual inspection, the Disclosing Party
shall have the right, or, if requested by the Receiving Party, the obligation to confirm in writing
the fact and general nature of each disclosure within a reasonable time after it is made in
order that it is treated as Confidential Information. Any information disclosed to the other party
before the execution of this AGREEMENT and related to the services for which
PROFESSIONAL has been engaged shall be considered in the same manner and be subject
to the same treatment as the information disclosed after the execution of this AGREEMENT
with regard to protecting it as Confidential Information.
3. Use of Confidential Information.
Receiving Party hereby agrees that it shall use the Confidential Information solely for the
purpose of performing its obligations under this AGREEMENT and not in any way detrimental
to Disclosing Party. Receiving Party agrees to use the same degree of care Receiving Party
uses with respect to its own proprietary or confidential information, which in any event shall
result in a reasonable standard of care to prevent unauthorized use or disclosure of the
Confidential Information. Except as otherwise provided herein, Receiving Party shall keep
confidential and not disclose the Confidential Information. The CITY and PROFESSIONAL
shall cause each of their directors, officers, employees, agents, representatives, and
subcontractors to become familiar with, and abide by, the terms of this Exhibit, which shall
survive this AGREEMENT as an on-going obligation of the Parties.
PROFESSIONAL shall not use such information to obtain any economic or other benefit for
itself, or any third party, other than in the performance of obligations under this AGREEMENT.
Official Purchasing Document
Last updated 2/2024
Professional Services Agreement – Work Order Type
RFP/BID [# and Title] Page 39 of 41
4. Exclusions from Definition.
The term “Confidential Information” as used herein does not include any data or information
which is already known to the Receiving Party or which before being divulged by the
Disclosing Party: (a) was generally known to the public through no wrongful act of the
Receiving Party; (b) has been rightfully received by the Receiving Party from a third party
without restriction on disclosure and without, to the knowledge of the Receiving Party, a
breach of an obligation of confidentiality; (c) has been approved for release by a written
authorization by the other party hereto; or (d) has been disclosed pursuant to a requirement
of a governmental agency or by operation of law, subject to Paragraph 5 below.
5. Required Disclosure.
Notwithstanding Paragraph 4(d) above, if the Receiving Party receives a request (by
interrogatories, requests for information or documents, subpoena, civil investigative demand
or similar process, or by federal, state, or local law, including without limitation, the Colorado
Open Records Act) to disclose any Confidential Information, the Parties agree the Receiving
Party will provide the Disclosing Party with immediate notice of such request, so the Disclosing
Party may seek an appropriate protective order before disclosure or waive the Receiving
Party’s compliance with this Exhibit.
The Receiving Party shall furnish a copy of this Exhibit with any disclosure.
Notwithstanding this Paragraph 5, Receiving Party shall not disclose Confidential Information
to any person, directly or indirectly, nor use it in any way, except as required by law or
authorized in writing by Disclosing Party.
6. Red Flags Rules.
If applicable, PROFESSIONAL must implement reasonable policies and procedures to detect,
prevent and mitigate the risk of identity theft in compliance with the Identity Theft Red Flags
Rules found at 16 Code of Federal Regulations part 681. Further, PROFESSIONAL must
take appropriate steps to mitigate identity theft if it occurs with any of the CITY’s covered
information and must notify the CITY in writing within twenty-four (24) hours of discovery of
any breaches of security or Red Flags to the CITY.
7. Data Protection and Data Security.
PROFESSIONAL shall have in place information security safeguards designed to conform to
or exceed industry best practices regarding the protection of the confidentiality, integrity and
availability of Confidential Information and shall have written agreements requiring any
subcontractor to meet those standards. These information security safeguards (the
“Information Security Program”) shall be materially consistent with, or more stringent than, the
safeguards described in this Exhibit.
(a) PROFESSIONAL’s information security safeguards shall address the following elements:
• Data Storage, Backups and Disposal
• Logical Access Control (e.g., Role-Based)
• Information Classification and Handling
• Secure Data Transfer (SFTP and Data Transfer Specification)
• Secure Web Communications
Official Purchasing Document
Last updated 2/2024
Professional Services Agreement – Work Order Type
RFP/BID [# and Title] Page 40 of 41
• Network and Security Monitoring
• Application Development Security
• Application Security Controls and Procedures (User Authentication, Security
Controls, and Security Procedures, Policies and Logging)
• Incident Response
• Vulnerability Assessments
• Hosted Services
• Personnel Security
(b) Subcontractors. PROFESSIONAL may use subcontractors, though such activity shall not
release or absolve PROFESSIONAL from the obligation to satisfy all conditions of this
AGREEMENT, including the data security measures described in this Exhibit, and to
require a substantially similar level of data security, appropriate to the types of services
provided and Confidential Information received, for any subcontractor PROFESSIONAL
may use. Accordingly, any release of data, confidential information, or failure to protect
information under this AGREEMENT by a subcontractor or affiliated party shall be
attributed to PROFESSIONAL and may be considered to be a material breach of this
AGREEMENT.
8. Information Storage. Confidential Information is not to be stored on any local workstation,
laptop, or media such as CD/DVD, USB drives, external hard drives or other similar portable
devices unless the PROFESSIONAL can ensure security for the Confidential Information so
stored. Workstations or laptops to be used in the Services will be required to have personal
firewalls on each, as well as have current, active anti-virus definitions.
9. Continuing Obligation. The agreement not to disclose Confidential Information as set forth in
this Exhibit shall apply during the term of the Services and or AGREEMENT and at any time
thereafter unless specifically authorized by the CITY in writing.
10. Termination Remedy. If PROFESSIONAL breaches any of the terms of this Exhibit, in the
CITY’s sole discretion, the CITY may immediately terminate this AGREEMENT and withdraw
PROFESSIONAL’s right to access Confidential Information.
11. Return of Information. Notwithstanding any other provision of this AGREEMENT to provide
Project Instruments and work product, all material, i.e., various physical forms of media in
which Confidential Information is stored, including but not limited to writings, drawings, tapes,
diskettes, prototypes or products, shall remain the sole property of the Disclosing Party and,
upon request, shall be promptly returned, together with all copies thereof to the Disclosing
Party. Upon return of such materials, all digital and electronic data shall also be deleted in a
non-restorable way by which it is no longer available to the Receiving Party. Upon Disclosing
Party’s request, written verification of the deletion (including date of deletion) is to be provided
to the Disclosing Party within ten (10) days after completion of engagement, whether it be via
termination, completion or otherwise.
12. Injunctive Relief. PROFESSIONAL Receiving Party acknowledges that the Disclosing Party
may, based upon the representations made in this AGREEMENT, disclose security
information that is critical to the continued success of the Discloser’s business. Accordingly,
Receiving Party agrees that the Disclosing Party does not have an adequate remedy at law
Official Purchasing Document
Last updated 2/2024
Professional Services Agreement – Work Order Type
RFP/BID [# and Title] Page 41 of 41
for breach of this AGREEMENT and therefore, the Disclosing Party shall be entitled, as a non-
exclusive remedy, and in addition to an action for damages, to seek and obtain an injunction
or decree of specific performance or any other remedy, from a court of competent jurisdiction
to enjoin or remedy any violation of this AGREEMENT.