The URL can be used to link to this page

Home My WebLink AboutAddendum 1 - RFP - 10145 Recreation Capital Improvement Program and Asset Management PlanAddendum # 1 RFP #10145 Recreation Capital Improvement and Asset Management Plan Page 1 of 9 ADDENDUM NO. 1 SPECIFICATIONS AND CONTRACT DOCUMENTS Description of RFP 10145: Recreation Capital Improvement and Asset Management Plan OPENING DATE: 3:00 PM (Our Clock) May 8, 2025 To all prospective bidders under the specifications and contract documents described above, the following changes/additions are hereby made and detailed in the following sections of this addendum: Exhibit 1 – Questions and Answers Please contact Dennis Ralph, Senior Buyer, at dralph@fcgov.com or 970-221-6281 with any questions regarding this addendum. RECEIPT OF THIS ADDENDUM MUST BE ACKNOWLEDGED BY A WRITTEN STATEMENT ENCLOSED WITH THE PROPOSAL STATING THAT THIS ADDENDUM HAS BEEN RECEIVED. nd Floor 970.221.6775 970.221.6707 fcgov.com/purchasing Addendum # 1 RFP #10145 Recreation Capital Improvement and Asset Management Plan Page 2 of 9 Exhibit 1 Questions and Answers 1. Can you provide a list of in-scope assets including square footage, addresses, and year of construction for each building? This information is a critical part of determining accurate scheduling and pricing information for this proposal. Please provide in excel format. Address 1801 Riverside Dr. 600 N. Sherwood Rd. 112 Willow St. 2201 S. Shields St. 2. What level of FCA detail are you looking for? (systems level, components level, etc.?) Are you looking to obtain a systems level of understanding for budgeting or have make, model, and serial number level of detail for components. o For this project, we are seeking a budget - level estimate for all assets listed in the scope of work. As part of this expectation, the vendor will assess the current equipment and determine the cost to replace each item. A digital photo and location of all assets should be included as part of the asset identification process. 3. Do you currently utilize a computerized maintenance management system (CMMS) or Work Order system? Will you require data integration into your system? o Operations Services uses TMA for facility management. We do not anticipate work order generation or data integration as part of this project. We are not seeking a proprietary software solution as part of this proposal. Addendum # 1 RFP #10145 Recreation Capital Improvement and Asset Management Plan Page 3 of 9 4. Has the City performed facilities condition assessments in the past? If so, at what level of detail, and can the City please provide us with example deliverables of the past assessment? o Yes, the City has previously completed a partial FCA, primarily focused on facilities and infrastructure equipment. Other assets included in the scope of work will be assessed for the first time as part of this project. The existing FCA may be shared in full or in part with the selected firm. 5. Considering the short period of time budgeted between question submission and the proposal deadline, would you consider a deadline extension to allow ample time for the City to compose responses and for firms to incorporate those responses into their final proposals? We anticipate that the City will need time to address questions from multiple vendors and that the resulting answers will affect our approach and fees. o The City will meet the question submission and response deadlines. Depending on the number of quality of the responses a bid extension may be granted as an effort to select a vendor that meets the needs of the City of Fort Collins and this proposal. 6. Our standard FCA includes utility connections and shut offs at the building, facility entry points, paving systems, walkways, ramps, and exterior lighting within 10’ of the building perimeter. Is this sufficient, or do your needs extend beyond that to include items like parking lots, curbing, all walkways, retaining walls, fixed benches, site lighting, etc.? o The scope of this project is limited to the interiors of buildings, outdoor pools and associated amenities, the Farm at Lee Martinez Park, Northside Aztlan Center Childcare area, and utility connections and shutoffs. 7. Task 4 on page 5 of the RFP explains the software solution must meet the City of Fort Collins’ TRB requirements. Can the City please supply these requirements so we can verify compliance? o See attachment A “SasS Cyber Vendor Questionnaire”. 8. Would the city be open to a walk through or tours ahead of the RFP submission? This allows our team to better understand the assets, goals, and provide the most economical proposal to meet the intent of the RFP. o Due to the 10 facilities included in the scope of this proposal, it is not feasible to complete the project before the deadline with all interested parties involved. 9. Is the city interested in space utilization, capacity, or other planning efforts as part of this work? Our team frequently blends this offering with an FCA to provide a clearer roadmap Addendum # 1 RFP #10145 Recreation Capital Improvement and Asset Management Plan Page 4 of 9 going forward. Pairing condition and utilization in the same effort typically reduces overall costs and produces a more actionable plan going forward. o This is outside of the scope of this project. 10. Does the City have plans for any field data collection for Tasks 1? Or is their potential for field verification of asset condition to cover potential data gaps? o There is potential for field verification of asset conditions with the selected contractor. The process will be determined collaboratively by the contractor and the City of Fort Collins. 11. Does the City have a preferred costing software or program for the replacement values of the City buildings in Task 2? Such as PACES vs RS Means. o We have no preference as to the software used for this task. 12. Has the City confirmed that it will be using the industry standard ISO 55000 Asset Management principles for criteria and weights prioritization/rankings in Task 3? Or is the City expecting to generate a custom-built multi-criteria decision analysis tool? o The City has completed several similar assessments in other departments, and the analysis tools used are generally custom-built multi-criteria decision analysis tools. As such, the City expects this tool to align with the terminology used in other departments—meaning a custom tool is likely the desired outcome. 13. Does the City have preferred asset management software platforms or licensing restrictions that should be considered during the evaluation of potential database/software tools for Task 4? o The City of Fort Collins has several asset management programs, and part of the work in Task 4 is for the vendor to analyze existing software options for viability based on the needs of this project. If no existing software is deemed viable, the vendor shall recommend a solution that complies with the City’s software standards as set forth by the Technology Review Board. 14. Is there an anticipated or not-to-exceed budget range the City can share for this scope of work? Addendum # 1 RFP #10145 Recreation Capital Improvement and Asset Management Plan Page 5 of 9 o Yes, there is a budget for this project. The City has chosen not to share the budget during the RFP process to obtain proposals not based on the budget but based on actual costs for each of the tasks. 15. Besides the Recreation Department and Operations Services, are there other City departments or stakeholder groups expected to provide input during the planning process (e.g., Parks, Facilities, Sustainability)? o Operations Services is the facilities management department for the City of Fort Collins. There will be limited interaction with the Parks and IT departments as part of this project. Addendum # 1 RFP #10145 Recreation Capital Improvement and Asset Management Plan Page 6 of 9 Attachment A “SasS Cyber Vendor Questionnaire”. 1. Data Ownership: The City of Fort Collins will own all rights, title and interest in its data that is related to the services provided. All data obtained by the vendor regarding the performance of these services shall become and remain the property of the City. The vendor will not share or distribute any City data to any other entity without the City's written consent. Can you comply with this? Answer: 2. Data Protection: Describe how you safeguard the confidentiality, integrity, and availability of City information, including encryption of personal data in transit and at rest, and access control. Do you have a privacy and security policy, and does the policy apply to customers’ private data including personal identifiable information? Answer: 3. Data destruction: What procedures and safeguards does the vendor have in place for sanitizing and disposing of City data according to prescribed retention schedules or following the conclusion of a project or termination of a contract to render it unrecoverable and prevent accidental and/or unauthorized access to City data? Answer: 4. Data Location: Are the data centers where City data may be stored or processed located exclusively in the United States? Do you allow your personnel or contractors to store City data on portable devices? Do your personnel and contractors access City data remotely? Answer: 5. Security Incidents or Data Breaches: Describe your data breach and incident response communication plans. Has the company experienced any security breaches? If yes, explain. Answer: 6. Breach Responsibilities: In addition to data breach communication, what additional responsibilities do you have to your customers in the event of a data breach involving private data that is in your control, or in the control of your contractors/subsidiaries, at the time of breach? Do you have cybersecurity insurance? If yes, provide an overview of the coverage. Answer: 7. Background Checks: Do you conduct criminal background checks on all staff, including subcontractors? Do you employ people convicted of any crime of dishonesty? Answer: Addendum # 1 RFP #10145 Recreation Capital Improvement and Asset Management Plan Page 7 of 9 8. Access to Security Logs and Reports: The vendor shall provide reports to the City in a format specified in the SLA agreed to by the vendor and the City. Reports shall include latency statistics, user access, user access IP address, user access history and security logs for all City files related to this contract. Can you comply with this? Answer: 9. Risk Assessments and Audits: Do you conduct periodic risk assessments to identify cybersecurity threats, vulnerabilities, and potential business consequences? Do you have regular independent assessments of your cybersecurity processes? Do you perform independent audits of your data center? How often? What level of audit is performed (e.g., SOC2)? Would you be willing to share redacted versions of your most recent risk assessment and audit report with the City? Answer: 10. Change Control and Advance Notice: How do you communicate upgrades (e.g., major upgrades, minor upgrades, system changes) that may impact service availability and performance to your customers? Answer: 11. Upgrades: Are technology systems (e.g., servers, network devices, operating systems, applications, malware definitions) regularly updated/patched? Do you have any systems in production that are past end of life or that can no longer be patched? Answer: 12. Non-disclosure and Separation of Duties: Describe how you enforce separation of job duties and limit staff knowledge of City data to that which is necessary to perform job duties. Answer: 13. Import and Export of Data: Describe the data import and export processes from the customer’s perspective. Answer: 14. Subcontractor Disclosure: Identify all your strategic business partners related to services provided under this arrangement, including but not limited to all subcontractors or other entities or individuals who may be a party to a joint venture or similar agreement with the you, and who shall be involved in any application development and/or operations. Answer: 15. Right to Remove Individuals: The City shall have the right at any time to require that the vendor remove from interaction with the City any vendor representative who the City believes is detrimental to its working relationship with the vendor. Can you comply with this? Answer: Addendum # 1 RFP #10145 Recreation Capital Improvement and Asset Management Plan Page 8 of 9 16. Encryption of Data at Rest: Can you ensure hard drive encryption consistent with validated cryptography standards as referenced in FIPS 140-2, Security Requirements for Cryptographic Modules for all personal data? Answer: 17. Internet-Facing Security: We may use BitSight (like a credit report for cyber security) to assess your internet-facing security. Do you subscribe to BitSight or a similar service, and if so, are you willing to provide a sanitized report? Answer: 18. Service Interruption: In the event of an interruption of your service, what is your process for notifying customer operations of the circumstances of the interruption or outage and the expected recovery time? Answer: 19. Backup and Recovery: What is your backup & recovery SLA? What are the actual results/metrics vs. the SLA for the last 12 months? Is your backup data encrypted and, if so, to what standard? Answer: 20. Authentication: Do you have an internal password policy? Do you have complexity or length requirements for passwords? Can employees/contractors remotely connect to your production systems? (i.e., VPN. Is multi-factor authentication available? Do you require MFA for administration of your service (local or remote)? Do you support SSO/SAML ADFS for customer access? Answer: 21. Cyber Insurance: Does your firm carry cyber insurance? If so, what are your insurance levels? Answer: 22. CAIQ Questionnaire: Lack of security control transparency is a leading inhibitor to the adoption of cloud services. As part of the City of Fort Collin’s Information Security program we are requesting that all our Cloud Service Providers complete and submit the Cloud Security Alliance (CSA) CONSENSUS ASSESSMENTS INITIATIVE QUESTIONNAIRE (CAIQ). This will enable Utilities to have greater confidence that the information is being appropriately protected, and that processes are in place for appropriate action to be taken where any areas of concern emerge. The City will request that the Vendor of Choice complete the CAIQ to assess the maturity of policies, systems and controls that are in place related to services you provide. The questionnaire is available here or www.cloudsecurityalliance.org. The question set was Addendum # 1 RFP #10145 Recreation Capital Improvement and Asset Management Plan Page 9 of 9 developed by CSA in partnership with industry groups to provide an agreed question set that can be used across the supply chain and is focused on providing industry-accepted ways to document what security controls exist in IaaS, PaaS, and SaaS offerings, providing greater security control transparency. Describe Vendor familiarity with the CAIQ questionnaire. Answer: 23. Additional Information: Please provide any additional information related to the solution/technology which should be considered.