The URL can be used to link to this page

Home My WebLink About416522 KROLL FACTUAL DATA - CONTRACT - RFP - 7475 IDENTITY SCREENING SERVICES - UTILITIES CUSTOSERVICES AGREEMENT THIS AGREEMENT, including all exhibits, schedules and amendments thereto (collectively, the "Agreement") is made and entered into the day and year set forth below by and between THE CITY OF FORT COLLINS, COLORADO, a Municipal Corporation, hereinafter referred to as the "City" or "Client" and Kroll Factual Data, Inc., hereinafter referred to as "Service Provider". W ITNESSETH: In consideration of the mutual covenants and obligations herein expressed, it is agreed by and between the parties hereto as follows: 1. Scope of Services. The Service Provider agrees to provide services in accordance with the scope of services attached hereto as Exhibit "A", consisting of three (3) pages and incorporated herein by this reference. 2. Contract Period. This Agreement shall commence April 1, 2013, and shall continue in full force and effect until March 31, 2014, unless sooner terminated as herein provided. In addition, at the option of the City, the Agreement may be extended for additional one year periods not to exceed four (4) additional one year periods. Renewals and pricing changes shall be negotiated by and agreed to by both parties. The Denver Boulder Greeley CPIU published by the Colorado State Planning and Budget Office will be used as a guide. Written notice of renewal shall be provided to the Service Provider and mailed no later than ninety (90) days prior to contract end. 3. Delay. If either party is prevented in whole or in part from performing its obligations by unforeseeable causes beyond its reasonable control and without its fault or negligence, then the party so prevented shall be excused from whatever performance is prevented by such cause. To the extent that the performance is actually prevented, the Service Provider must provide written notice to the City of such condition within fifteen (15) days from Services Agreement RFP 7475 Identity Verification Services -Utilities Customers Page 1 of 23 ATTEST: 10"4 - l �P City Clerk CITY OF F p RT COLLINS, OLORADO a municip I rporatio By: James 9. O'N ' II, CPPO, FNIGP Director of Purchasing and Risk Management Date: % l'sIZI - OLL FACTUAL DATA, INC. ,. . COPORATE PRESIDENT OR VICE PRESIDENT Date: 6 —/0 ATTESTL2; 40;b (Corporate Seal) CORPORATE SECRETARY Services Agreement RFP 7475 Identity Verification Services -Utilities Customers Page 10 of 23 EXHIBIT "A" SCOPE OF SERVICES BACKGROUND The Fair and Accurate Credit Transactions (FACT) Act of 2003 required federal agencies, including the Federal Trade Commission, to establish guidelines for use by creditors regarding identity theft prevention. In 2007, the Federal Trade Commission published final rules (the "Red Flags Rules") requiring that creditors create and implement a program to address the detection, prevention, and mitigation of identity theft. The Red Flags Rules went into effect Dec. 31, 2010. As a creditor, City is required to prepare and implement an identity theft prevention program under the Red Flag Rules of the FACT Act (Federal Register 16 CFR 681). As part of its identity theft prevention program, City's business processes require real-time, online verification of customer identity when opening, transferring, or accessing customer accounts or information. City performed 11,686 identity verifications in 2012. DEFINITIONS "Customer:" An individual or entity that establishes an account for purposes of obtaining utility services (electric, storm -water, wastewater, water) and pays for such services on a monthly basis. "Covered account:" 1. Any account the City offers or maintains primarily for personal, family, or household purposes, that involves multiple payments or transactions; and 2. Any other account the City offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the City from identity theft. "Identity Theft:" "A fraud committed using the identifying information of another person." III. QUALIFICATIONS Service Provider must meet the following qualifications: 1. The Service Provider must have the capability to perform all specified services and have any necessary licenses, and other authorizations to perform the specified services. The Service Provider must stay current with changing local, state, and federal laws and regulations related to these services, and ensure compliance. 2. The Service Provider must have the necessary systems, software, information databases, report capabilities, support and procedures to provide the services required. The City prefers strongly that these services be provided through an on- line computer process (including, for example, electronic access to reports) with guaranteed security and confidentiality. The Service Provider must use a web service API to provide the identity verification services. 3. The Service Provider must be fully bonded, as appropriate. In addition, the Service Provider must have Professional Liability Insurance that meets or exceeds the requirements set forth in the Agreement. Services Agreement RFP 7475 Identity Verification Services -Utilities Customers Page 11 of 23 IV. SCOPE OF SERVICES Identity verification services must include the following data, to be supplied by City: • Customer Name • Date of Birth • Social Security Number (SSN) • Current and Previous Addresses • Phone Number(s) - optional 1. City Customer Service Representatives will be able to key in the Social Security Number, birth date and current/previous address(es) and receive real-time identity validation. 2. Service Provider shall implement reasonable policies and procedures to detect, prevent and mitigate the risk of data loss and breaches of confidential information by employees of Service Provider, and shall take appropriate steps to mitigate identity theft if Service Provider has a reasonable belief the acts of any employee has led to an identity theft, including but not limited to providing written notification to City within twenty-four hours of determining the reasonable probability that a theft has occurred. 3. Authorized Users. City will designate the names of employees who shall serve as the Primary Authorized Users. V. PRODUCT AND SERVICE DESCRIPTION 1. Use Limitation and Restriction a. The services shall be used only for the purpose of assisting City in its efforts to verify and validate the identity of certain applicants for utility services. The City hereby covenants not to use the services for any other purpose, including any purpose permitted under the FCRA. 2. Product Description • Name, Address, SSN, Date of Birth a. Service Provider will scan certain databases for inconsistencies in a person's history relative to his/her name, address, social security number and date of birth to help City identify potential fraudulent or misrepresented information. Service Provider's services will assist City in its efforts to determine whether each piece of identifying information has been used historically by the individual. Descriptive indicators are returned explaining discrepancies found. The results will be provided to City through a secure online web service. The click -for -data interface allows City employees to submit requests and view results in real time. Services Agreement RFP 7475 Identity Verification Services -Utilities Customers Page 12 of 23 EXHIBIT "B" FEE SCHEDULE For Prospective Utilities' Customers Service Name Fee Name, Previous Address, Date of Birth, Phone number and Social Security Number (SSN) Verification (FactuallD-Identy Verification Report) Per Verification $1.15 Services Agreement RFP 7475 Identity Verification Services -Utilities Customers Page 13 of 23 EXHIBIT "C" INSURANCE REQUIREMENTS 1. The Service Provider will provide the insurance coverage designated hereinafter and pay all costs. Before commencing work under this bid, the Service Provider shall furnish the City with certificates of insurance showing the type, amount, class of operations covered, effective dates and date of expiration of policies. In case of the breach of any provision of the Insurance Requirements, the City, at its option, may take out and maintain, at the expense of the Service Provider, such insurance as the City may deem proper and may deduct the cost of such insurance from any monies which may be due or become due the Service Provider under this Agreement. The City, its officers, agents and employees shall be named as additional insureds on the Service Provider's general liability and automobile liability insurance policies for any claims arising out of work performed under this Agreement. 2. Insurance coverages shall be as follows: A. Workers' Compensation & Employer's Liability. The Service Provider shall maintain during the life of this Agreement for all of the Service Provider's employees engaged in work performed under this agreement: Workers' Compensation insurance with statutory limits as required by Colorado law. 2. Employer's Liability insurance with limits of $100,000 per accident, $500,000 disease aggregate, and $100,000 disease each employee. B. Commercial General & Vehicle Liability. The Service Provider shall maintain during the life of this Agreement such commercial general liability and automobile liability insurance as will provide coverage for damage claims of bodily injury, accidental death, as well as for claims for property damage, which may arise directly or indirectly from the performance of work under this Agreement. Coverage for property damage shall be on a "broad form" basis. The amount of insurance for each coverage, Commercial General and Vehicle, shall not be less than $500,000 combined single limits for bodily injury and property damage. In the event any work is performed by a subcontractor, the Service Provider shall be responsible for any liability directly or indirectly arising out of the work performed under this Agreement by a subcontractor, which liability is not covered by the subcontractor's insurance. Services Agreement RFP 7475 Identity Verification Services -Utilities Customers Page 14 of 23 EXHIBIT "D " CONFIDENTIALITY IN CONNECTION WITH SERVICES provided to the City of Fort Collins (the "City") pursuant to this confidentiality agreement (the "Confidentiality Agreement"), the Service Provider hereby acknowledges that it has been informed that the City has established policies and procedures with regard to the handling of confidential information and other sensitive materials. Service Provider herein represents it also has established policies and procedures with regard to the handling of confidential information and other sensitive materials that may be shared with or provided to the City, or otherwise involved in the performance by either party of its respective duties under this Agreement. In consideration of access to certain information, data and material, each party hereby acknowledges and agrees as follows: The following materials and information and all copies thereof of whatever nature are confidential: (i) proprietary information of either party (including, without limitation, the names and addresses of customers and consumers) and information that either party does not generally make available to the public; (ii) the methods, means, personnel, equipment, and software by and with which the other party provides its products and services ; and (iii) any other information that either party reasonably designates, by notice in writing delivered to the other party, as being confidential or proprietary ("Confidential Information"). Confidential Information shall also include (a) all information that is owned by the City, or that relates to the business of the City, or that is used by the City in carrying on business, and (b) all information that is proprietary to a third party (including but not limited to customers and suppliers of the City). Neither parry shall disclose any Confidential Information to any person not having a legitimate need -to -know for purposes of performing a party's obligations under the Agreement. Further, neither party shall not use such information to obtain any economic or other benefit for itself, or any third party, except as specifically authorized by the City. The foregoing to the contrary notwithstanding, each parry understands that it shall have no obligation under this Agreement with respect to information and material that (a) becomes generally known to the public by publication or some means other than a breach of duty of this Confidentiality Agreement, or (b) is required by law, regulation or court order to be disclosed, provided that the request for such disclosure is proper and the disclosure does not exceed that which is required. In the event of any disclosure under (b) above, the disclosing parry shall furnish a copy of this Confidentiality Agreement to anyone to whom it is required to make such disclosure and shall promptly advise the other party in writing of each such disclosure. In the event that the Service Provider ceases to perform services for the City, or the City so requests for any reason, the Service Provider shall promptly return to the City any and all information described hereinabove, including all copies, notes and/or summaries (handwritten or mechanically produced) thereof, in its possession or control or as to which it otherwise has access; provided, however, retention shall be permitted as required by applicable law, regulation or legal process and/or in connection with routine data back-ups on Service Provider's computer systems and as required by Service Provider's document retention policies and procedures, provided that Service Provider shall continue to maintain any such retained information in confidence in accordance with this Confidentiality Agreement. Services Agreement RFP 7475 Identity Verification Services -Utilities Customers Page 15 of 23 Each party understands and agrees that a breach of the other party's obligations under this Confidentiality Agreement may be inadequate and that the non -breaching party shall, in the event of any such breach, be entitled to seek equitable relief (including without limitation preliminary and permanent injunctive relief and specific performance) in addition to all other remedies provided hereunder or available at law. Services Agreement RFP 7475 Identity Verification Services -Utilities Customers Page 16 of 23 EXHIBIT "E" SPECIAL PROVISONS Payment Terms and Pricing. If credit is granted, City agrees to pay accrued charges within 30 days of Statement/invoice date. If credit is not granted City will pay by credit card. City will be responsible for maintaining current credit card information within their Services Provider account and charges will be automatically deducted from City's credit card account. City will only use the credit card of the City, or a principal or owner of the City, and not that of a borrower or other consumer. Applicable sales tax will be added if City is located in a state that requires the collection of sales tax. Surcharges may be added for Information derived from or to be delivered to certain states. To meet the requirements of the new FACT Act Legislative Recovery Fee, effective December 1, 2004, a cost recovery charge will be assessed per person per repository on each credit report accessed through Services Provider's subscriber codes. Kroll Factual Data will impose a finance charge computed at a rate of 1.5% per month, with an annual rate of 18%, on any past -due balances and/or suspend services provided hereunder until all amounts owed have been paid in full. City will be responsible for and will pay Services Provider reasonable attorneys' fees and /or expenses incurred in the process of collecting City's unpaid obligations. Services Provider reserves the right to change prices with 30 days prior written or electronic notice. KFD's Compliance Audit Right. Services Provider may periodically audit City's compliance with the FCRA and other privacy and confidentiality laws. City hereby consents to Services Provider conducting such audits and agrees that any failure to cooperate fully in the conduct of any audit will result in immediate termination of this Agreement, though the terms of the Confidentiality Agreement shall survive such termination. City's Compliance Audit Right. City may periodically audit Service Provider's compliance with privacy and confidentiality laws as they relate to Service Provider's performance under this Agreement. Service Provider hereby consents to City conducting such audits and agrees that any failure to cooperate fully in the conduct of any audit will result in immediate termination of this Agreement, though the terms of the Confidentiality Agreement shall survive such termination. Audit Procedures. In the event a party desires to exercise its audit rights (the "Auditing Party"), the Auditing Party shall provide thirty (30) days advance written notice to the other party (the "Audited Party") of Auditing Pary's intent to audit the Audited Party, and Auditing Party shall bear all costs and expenses associated with any such audit. Prohibition Against Disclosure. Except as expressly permitted herein, neither party shall use the Confidential Information of the other party and each party shall keep the Confidential Information of the other parry secret to the degree such parry keeps secret its own confidential or proprietary information, and in any case using no less than reasonable care. Confidential Information of the disclosing party shall not be disclosed by the party who receives such information except: (i) to a party's accountants, auditors, agents, legal counsel, and parent companies; provided, however, that such parties agree to be bound by these confidentiality provisions; or (ii) as may be required by any legal process, court order, or governmental agency, in which event the party making such disclosure shall so notify the other as promptly as practicable prior to making such disclosure and shall seek confidential treatment of such information. No information that would otherwise be Confidential Information shall be subject to the restrictions on disclosure in the event and to the extent that: (i) such information is in, or Services Agreement RFP 7475 Identity Verification Services -Utilities Customers Page 17 of 23 becomes part of, the public domain otherwise than through the fault of the receiving party; (ii) such information was known to the receiving party prior to the execution of the Agreement as proven by the receiving party's written records; (iii) such information was revealed to the receiving party by a third party having no obligation to hold such information confidential; or (iv) such information is developed independently of any of the disclosing party's Confidential Information by the receiving party. Services Agreement RFP 7475 Identity Verification Services -Utilities Customers Page 18 of 23 Exhibit F Access Security Requirements The Parties acknowledge they must work together to protect the privacy and information of consumers. The following information security measures are designed to reduce unauthorized access to consumer information. Each party acknowledges that it understands and accepts its responsibility to implement these measures. Capitalized terms used herein have the meaning given in the Glossary attached hereto. The Parties reserve the right to make changes to Access Security Requirements without notification. The information provided herewith provides minimum baselines for information security. In accessing the credit reporting agency's services, the Parties agree to follow these security requirements: ur -u-� -1! 1 -1 rnv'- 1.1 Do not provide your credit reporting agency Subscriber Codes or passwords to anyone. No one from the credit reporting agency will ever contact you and request your Subscriber Code number or password. 1.2 Proprietary or third party system access software must have credit reporting agency Subscriber Codes and password(s) hidden or embedded. Account numbers and passwords should be known only by supervisory personnel. 1.3 City must request that its Subscriber Code password be changed immediately when: any system access software is replaced by another system access software or is no longer used; • the hardware on which the software resides is upgraded, changed or disposed of 1.4 Protect credit reporting agency Subscriber Code(s) password(s), and other access codes so that only key personnel know this sensitive information. Unauthorized personnel should not have knowledge of Subscriber Code(s) and password(s) or other access codes. 1.5 City will create a separate, unique user ID for each user to enable individual authentication and accountability for access to Service Provider's infrastructure. Each user of the system access software will also have a unique logon password. 1.6 City will ensure that user IDs are not shared and that no Peer -to -Peer file sharing is enabled on any user profile. 1.7 Keep user passwords Confidential. 1.8 Develop strong passwords that are: Not easily guessable (i.e. your name or company name, repeating numbers and letters or consecutive numbers and letters) • Contain a minimum of seven (7) alpha/numeric characters for standard user accounts 1.9 Implement password protected screensavers with a maximum fifteen (15) minute timeout to protect unattended workstations. 1.10 Active logins to credit information systems must be configured with a 30 minute inactive session, timeout. 1.11 Restrict the number of key personnel of either party who have access to credit information. 1.12 Ensure that personnel who are authorized access to credit information have a business need to access such information and understand these requirements to access such Services Agreement RFP 7475 Identity Verification Services -Utilities Customers Page 19 of 23 the onset of such condition. Notwithstanding the foregoing, this Section 3 shall not excuse City's failure to make any payments required under this Agreement; rather it shall permit the delay of such payments for a reasonable period of time considering the circumstances contributing to the delay. 4. Early Termination a. Termination by City/Notice. Notwithstanding the time periods contained herein, the City may terminate this Agreement at any time without cause by providing written notice of termination to the Service Provider. Such notice shall be delivered at least fifteen (15) days prior to the termination date contained in said notice unless otherwise agreed in writing by the parties.ln the event of early termination by the City, the Service Provider shall be paid for services rendered to the date of termination, subject only to the satisfactory performance of the Service Provider's obligations under this Agreement. Such payment shall be the Service Provider's sole right and remedy for such termination. b. Termination by Service Provider. Notwithstanding the time periods contained herein, Service Provider may suspend and/or terminate the provision of Services under this Agreement at any time if the City has violated any law or regulation. 5. Contract Sum. The City shall pay the Service provider for the performance of this Contract per the attached Exhibit "B", consisting of one (1) page, and incorporated herein by this reference. 6. City Representative. The City will designate, prior to commencement of the work, its representative who shall make, within the scope of his or her authority, all necessary and proper decisions with reference to the services provided under this agreement. All requests concerning this Agreement shall be directed to the City Representative. 7. Independent Service provider. The services to be performed by Service Provider are those of an independent service provider and not of an employee of the City of Fort Collins. The City shall not be responsible for withholding any portion of Service Provider's compensation Services Agreement RFP 7475 Identity Verification Services -Utilities Customers Page 2 of 23 information are only for permissible purposes. 1.13 Ensure that no employees of either party accesses histher own credit reports or those reports of any family member(s) or friend(s) unless it is in connection with a credit transaction or for another permissible purpose. 1.14 Implement a process to terminate access rights immediately for users who access credit reporting agency credit information when those users are terminated or when they have a change in their job tasks and no longer require access to that credit information. 1.15 After normal business hours, turn off and lock all devices or systems used to obtain credit information or record searches performed under this Agreement. 1.16 Implement physical security controls to prevent unauthorized entry to either party's facility and access to systems used to obtain credit information. u: r. _ i a: 2.1 Keep operating system(s), Firewalls, Routers, servers, personal computers (laptop and desktop) and all other systems current with appropriate system patches and updates. 2.2 Configure infrastructure such as Firewalls, Routers, personal computers, and similar components to industry best security practices, including disabling unnecessary services or features, removing or changing default passwords, IN and sample files/programs, and enabling the most secure configuration features to avoid unnecessary risks. 2.3 Implement and follow current best security practices for Computer Virus detection scanning services and procedures: • Use, implement and maintain a current, commercially available Computer Virus detection/scanning product on all computers, systems and networks. • If you suspect an actual or potential virus, immediately cease accessing the system and do not resume the inquiry process until the virus has been eliminated. • On a weekly basis at a minimum, keep anti -virus software up-to-date by vigilantly checking or configuring auto updates and installing new virus definition files. 2.4 Implement and follow current best security practices for computer anti- Spyware scanning services and procedures: • Use, implement and maintain a current, commercially available computer anti- Spyware scanning product on all computers, systems and networks. • If either party suspects actual or potential Spyware, immediately cease accessing the system and do not resume the inquiry process until the problem has been resolved and eliminated. Run a secondary anti-Spyware scan upon completion of the first scan to ensure all Spyware has been removed from respective party's computers. • Keep anti-Spyware software up-to-date by vigilantly checking or configuring auto updates and installing new anti-Spyware definition files weekly, at a minimum. If either company's computers have unfiltered or unblocked access to the Internet (which prevents access to some known problematic sites), then it is recommended that anti-Spyware scans be completed more frequently than weekly. I.. 3.1 Develop and follow procedures to ensure that data is protected throughout its entire information lifecycle (from creation, transformation, use, storage and secure destruction) regardless of the media used to store the data (i.e., tape, disk, paper, etc.) Services Agreement RFP 7475 Identity Verification Services -Utilities Customers Page 20 of 23 3.2 All credit reporting agency data is classified as Confidential and must be secured to this requirement at a minimum. 3.3 Procedures for transmission, disclosure, storage, destruction and any other information modalities or media should address all aspects of the lifecycle of the information 3.4 Encrypt all credit reporting agency data and information when stored on any laptop computer and in the database using AES or 3DES with 128-bit key encryption at a minimum. 3.5 Only open email attachments and links from trusted sources and after verifying legitimacy. 4.1 Develop and follow a security plan to protect the Confidentiality and integrity of personal consumer information as required under the GLB Safeguard Rule. 4.2 Establish processes and procedures for responding to security violations, unusual or suspicious events and similar incidents to limit damage or unauthorized access to information assets and to permit identification and prosecution of violators. 4.3 The FACTA Disposal Rules requires that you implement appropriate measures to dispose of any sensitive information related to consumer credit reports and records that will protect against unauthorized access or use of that information. 4.4 Implement and maintain ongoing mandatory security training and awareness sessions for all staff to underscore the importance of security within your organization. 5.1 Protect Internet connections with dedicated, industry -recognized Firewalls that are configured and managed using industry best security practices. 5.2 Internal private Internet Protocol (IP) addresses must not be publicly accessible or natively routed to the Internet. Network address translation (NAT) technology should be used. 5.3 Administrative access to Firewalls and servers must be performed through a secure internal wired connection only. 5.4 Any stand-alone computers that directly access the Internet must have a desktop Firewall deployed that is installed and configured to block unnecessary/unused ports, services, and network traffic. 5.5 Encrypt Wireless access points with a minimum of WEP 128 bit encryption, WPA encryption where available. 5.6 Disable vendor default passwords, SSIDs and IP Addresses on Wireless access points and restrict authentication on the configuration of the access point. 6 6.1 Perform regular tests on information systems (port scanning, virus scanning, vulnerability scanning). 6.2 Use current best practices to protect telecommunications systems and any computer system or network device(s) used to provide Services hereunder to access credit reporting agency systems and networks. These controls should be selected and implemented to reduce the risk of infiltration, hacking, access penetration or exposure to an unauthorized third party by: Services Agreement RFP 7475 Identity Verification Services -Utilities Customers Page 21 of 23 • protecting against intrusions; • securing the computer systems and network devices; • and protecting against intrusions of operating systems or software. Record Retention: The Federal Equal Opportunities Act states that a creditor must preserve all written or recorded information connected with an application for 25 months. In keeping with the ECOA, the credit reporting agency requires that you retain the credit application and, if applicable, a purchase agreement for a period of not less than 25 months. When conducting an investigation, particularly following a breach or a consumer complaint that your company impermissibly accessed their credit report, the credit reporting agency will contact you and will request a copy of the original application signed by the consumer or, if applicable, a copy of the sales contract. "Under Section 621 (a) (2) (A) of the FCRA, any person that violates any of the provisions of the FCRA may be liable for a civil penalty of not more than $2,500 per violation." arm efinition omputer Computer Virus is a self -replicating computer program that alters the way a computer irus erates, without the knowledge of the user. A true virus replicates and executes itself. hile viruses can be destructive by destroying data, for example, some viruses are ni n or mere) annoying. Ir onfidentialery sensitive information. Disclosure could adversely impact your company. ncryption ncryption is the process of obscuring information to make it unreadable without special owled e. irewall n computer science, a Firewall is a piece of hardware and/or software which functions in networked environment to prevent unauthorized external access and some ommunications forbidden by the security policy, analogous to the function of Firewalls n building construction. The ultimate goal is to provide controlled connectivity between ones of ,iffering trust levels through the enforcement of a security policy and c nnectivity model nformation Or Data Lifecycle) is a management program that considers the value of the information ifecycle Deing stored over a period of time, the cost of its storage, its need for availability for use authorized users, and the period of time for which it must be retained. P Address 4, unique number that devices use in order to identify and communicate with each other n a computer network utilizing the Internet Protocol standard (IP). Any All participating etwork devices - including routers, computers, time -servers, printers, Internet fax achines, and some telephones - must have its own unique IP address. Just as each treat address and phone number uniquely identifies a building or telephone, an IP address can uniquely identify a specific computer or other network device on a network. t is important to keep your IP address secure as hackers can gain control of your evices and possibly launch an attack on other devices. Peer -to -Peer type of communication found in a system that uses layered protocols. Peer -to -Peer etworking is the protocol often used for reproducing and distributing music without ermission. Router Router is a computer networking device that forwards data packets across a network is routing. A Router acts as a junction between two or more networks transferring data ackets. Services Agreement RFP 7475 Identity Verification Services -Utilities Customers Page 22 of 23 pyware 3pyware refers to a broad category of malicious software designed to intercept or take artial control of a computer's operation without the consent of that machine's owner or ser. In simpler terms, spyware is a type of program that watches what users do with heir computer and then sends that information over the internet. SSID art of the Wi-Fi Wireless LAN, a service set identifier (SSID) is a code that identifies ach packet as part of that network. Wireless devices that communicate with each other hare the same SSID. Subscriber Your seven digit credit reporting agency account number. WEP Wired Equivalent Privacy) A part of the wireless networking standard intended to Encryption rovide secure communication. The longer the key used, the stronger the encryption Fill be. Older PA i-Fi Protected Access) A part of the wireless networking standard that provides tronger uthentication and more secure communications. Replaces WEP. Uses dynamic key ncryption verses static as in WEP(key is constantly changing and thus more difficult to Services Agreement RFP 7475 Identity Verification Services -Utilities Customers Page 23 of 23 A� o® CERTIFICATE OF LIABILITY INSURANCE DATE(MM1VDDMYY) On31rzD13 THIS CERTIFICATE IS ISSUED AS A MATTER OF INFORMATION ONLY AND CONFERS NO RIGHTS UPON THE CERTIFICATE HOLDER. THIS CERTIFICATE DOES NOT AFFIRMATIVELY OR NEGATIVELY AMEND, EXTEND OR ALTER THE COVERAGE AFFORDED BY THE POLICIES BELOW. THIS CERTIFICATE OF INSURANCE DOES NOT CONSTITUTE A CONTRACT BETWEEN THE ISSUING INSURER(S), AUTHORIZED REPRESENTATIVE OR PRODUCER, AND THE CERTIFICATE HOLDER. IMPORTANT: If the certificate holder is an ADDITIONAL INSURED, the policy(ies) must be endorsed. If SUBROGATION IS WAIVED, subject to the terms and conditions of the policy, certain policies may require an endorsement. A statement on this certificate does not confer rights to the certificate holder in lieu of such endomement(s). PRODUCER CONTACT NAME' MARSH USA INC. PHONE FAc SUITE400 No: E-MAIL ADDRESS: 1255 23RD STREET, N.W. WASHINGTON, DC 20037 INSURERS AFFORDING COVERAGE NAIC If INSURER A: Liberty Mutual Fire Ins Co 23035 999584-KROLl.-13-14 INSURED INSURER B: Liberty Insurance Corporation 42404 Kroll Factual Data INSURER C : N/A NIA 5200 Halms PeakOr INSURER D: Loveland, CO 80538 INSURER E : INSURER F : COVERAGES CERTIFICATE NUMBER: CLE-003821193-07 REVISION NUMBER:? THIS IS TO CERTIFY THAT THE POLICIES OF INSURANCE LISTED BELOW HAVE BEEN ISSUED TO THE INSURED NAMED ABOVE FOR THE POLICY PERIOD INDICATED. NOTWITHSTANDING ANY REQUIREMENT, TERM OR CONDITION OF ANY CONTRACT OR OTHER DOCUMENT WITH RESPECT TO WHICH THIS CERTIFICATE MAY BE ISSUED OR MAY PERTAIN, THE INSURANCE AFFORDED BY THE POLICIES DESCRIBED HEREIN IS SUBJECT TO ALL THE TERMS, EXCLUSIONS AND CONDITIONS OF SUCH POLICIES. LIMITS SHOWN MAY HAVE BEEN REDUCED BY PAID CLAIMS. INSft LTR TYPE OF INSURANCE ADDL SUER POLICY NUMBER POLICY EFF MMIDDWW POLICY EXP IY MMIDDYYY LIMITS A GENERAL LIABILITY X COMMERCIAL GENERAL LIABILITY CLAIMS -MADE M OCCUR TB2611259903023 06/01/2013 001/2014 EACH OCCURRENCE $ 1,000,000 DAMA ETO RENTED PREMISES En ouuuuvrcf $ 100,000 MED EXP (Any one person) $ 5,000 PERSONAL &ADV INJURY $ GENERAL AGGREGATE $ 2,000,000 GEN'L AGGREGATE X I POLICY LIMIT APPLIES PER: PRO- LOC PRODUCTS - COMPIOP AGG $ 2,000,000 $ B AUTOMOBILE LIABILITY ANY AUTO ALL OWNED SCHEDULED A AUTOS UTOS NON -OWNED AUTOS AUTOS AS7611259903013 06/01/2013 06/01/2014 COMBINED SINGLE LIMIT Ea accidem g 1,000,000 X1HIRED BODILY INJURY(Perperson) $ BODILY INJURY (Per accitlmp $ PROPERTY DAMAGE Per awdenl S 8 UMBRELLA LIAR EXCESS LIAR OCCU CLAIMRS-MADE EACHOCCURRENCE $ AGGREGATE $ DED RETENTIONS $ B 0 WORKERS COMPENSATION AND EMPLOYERSLIABILITYOF, ANY PROPRIETORIPARTNERIEXECUTIVE YIN OFFICER/MEMBER EXCLUDED? � Mandatory in NH) If es, describe under DESCRIPTION OF OPERATIONS below NIA WA761 D259903043(AOS) WC7611259903033(WI) 06101/2013 06/01/2013 ON112014 06/01/2014 X 1 VCSTATU- CTHLIM- BL. EACH ACCIDENT g 1,000,000 E. L. DISEASE EA EMPLOYE $ 1,000,000 E.L DISEASE -POLICY LIMIT $ 1,000,000 DESCRIPTION OF OPERATIONS I LOCATIONS / VEHICLES (Arisen ACORD 101, Additional Remarks Schedule, if more space is required) The City of Fort Collins is included as an Additional Insured as required by written contract, but limited to the operations of the insured under said contract, with respect to both the Commercial General Liability and Automobile Liability policies. The City of Fort Collins Attn: Citys Director of Purchasing & Risk Management PO Box 580 Fort Collins, CO 80522 SHOULD ANY OF THE ABOVE DESCRIBED POLICIES BE CANCELLED BEFORE THE EXPIRATION DATE THEREOF, NOTICE WILL BE DELIVERED IN ACCORDANCE WITH THE POLICY PROVISIONS. AUTHORIZED REPRESENTATIVE of Marsh USA Inc. Manashi Mukherjee CcJ 19B8-2010 ACORD CORPORATION All ,hri ACORD 25 (2010105) The ACORD name and logo are registered marks of ACORD r A6" o® CERTIFICATE OF PROPERTY INSURANCE 06122013 DA E(MM/2013 YY) THIS CERTIFICATE IS ISSUED AS A MATTER OF INFORMATION ONLY AND CONFERS NO RIGHTS UPON THE CERTIFICATE HOLDER. THIS CERTIFICATE DOES NOT AFFIRMATIVELY OR NEGATIVELY AMEND, EXTEND OR ALTER THE COVERAGE AFFORDED BY THE POLICIES BELOW. THIS CERTIFICATE OF INSURANCE DOES NOT CONSTITUTE A CONTRACT BETWEEN THE ISSUING INSURER(S), AUTHORIZED REPRESENTATIVE OR PRODUCER, AND THE CERTIFICATE HOLDER. If this certificate is being prepared for a party who has an insurable interest In the property, do not use this form. Use ACORD 27 or ACORD 28. PRODUCER MARSH USA INC. SUITE 400 STREET, N.W. CONTACT NAME: PHONE FAX EXII.AC No: EMAIL WAS WASHINGING70N, DC 20037 ADDRESS: PRODUCER CUSTOMER to. 999584-Alteg-1114 INSURERS AFFORDING COVERAGE NAIC k INSURED Kroll Factual Data INSURER A: Affiliated FM Insurance Company 10014 5200 Hahns Peak Or INSURER B : INSURER C : Loveland, CO 80538 INSURER D : INSURER E : INSURER F : COVERAGES CERTIFICATE NUMBER: CLE:003821189.01 REVISION NUMBER: 2 LOCATION OF PREMISES I DESCRIPTION OF PROPERTY (Attach ACORD 101, Additional Remarks Schedule, if more space Is required) THIS IS TO CERTIFY THAT THE POLICIES OF INSURANCE LISTED BELOW HAVE BEEN ISSUED TO THE INSURED NAMED ABOVE FOR THE POLICY PERIOD INDICATED. NOTWITHSTANDING ANY REQUIREMENT, TERM OR CONDITION OF ANY CONTRACT OR OTHER DOCUMENT WITH RESPECT TO WHICH THIS CERTIFICATE MAY BE ISSUED OR MAY PERTAIN, THE INSURANCE AFFORDED BY THE POLICIES DESCRIBED HEREIN IS SUBJECT TO ALL THE TERMS, EXCLUSIONS AND CONDITIONS OF SUCH POLICIES. LIMITS SHOWN MAY HAVE BEEN REDUCED BY PAID CLAIMS. INSR LTR TYPE OF INSURANCE POLICY NUMBER POLICY EFFECTIVE DATE(MMYDDYVYYY) POLICY EXPIRATION DATE(MMIDD/YYYY) COVERED PROPERTY LIMITS A X PROPERTY OF LOSS DEDUCTIBLES W9630 061012013 06/0112014 BUILDING PERSONALPROPERTY BUSINESS INCOME EXTRA EXPENSE RENTAL VALUE BLANKET BUILDING BLANKET PERS PROP BLANKET BLDG&PP $ CAUSES $ BASIC BUILDING X S 1,000,000 BROAD It CONTENTS00,000S 100,000 X SPECIAL It EARTHQUAKE $ WIND $ FLOOD X $ 328,919,674 8 8 INLAND MARINE OF LOSS NAMED PERILS TYPE OF POLICY $ CAUSES POLICY NUMBER $ CRIME TYPE OF POLICY 3 $ BOILER S MACHINERY EQUIPMENT BREAKDOWN $ $ 3 SPECIAL CONDITIONS I OTHER COVERAGES (Attach ACORD 101,Additional Remarks Schetlule, if more space is required) The City of Fort Collins Attn: City's Director of Purchasing & Risk Management PO Box 580 Fort Collins, CO 80522 SHOULD ANY OF THE ABOVE DESCRIBED POLICIES BE CANCELLED BEFORE THE EXPIRATION DATE THEREOF, NOTICE WILL BE DELIVERED IN ACCORDANCE WITH THE POLICY PROVISIONS. AUTHORIZED REPRESENTATIVE of Marsh USA Inc. Manashi Mukherjee ©1995-2009 ACORD CORPORATION. All rights reserved. ACORD 24 (2009109) The ACORD name and logo are registered marks of ACORD hereunder for the payment of FICA, Workmen's Compensation or other taxes or benefits or for any other purpose. 8. Personal Services. It is understood that the City enters into the Agreement based on the special abilities of the Service Provider and that this Agreement shall be considered as an agreement for personal services. Accordingly, the Service Provider shall neither assign any responsibilities nor delegate any duties arising under the Agreement without the prior written consent of the City. 9. Acceptance Not Waiver. The City's approval or acceptance of, or payment for any of the services shall not be construed to operate as a waiver of any rights or benefits provided to the City under this Agreement or cause of action arising out of performance of this Agreement. 10. Warranties/Limitation on Liability/Representation and Warranties. a. WARRANTIES. SERVICE PROVIDER WARRANTS THAT IT SHALL USE COMMERCIALLY REASONABLE EFFORTS AND CARE TO OBTAIN AND ASSEMBLE THE REQUESTED INFORMATION FROM RELIABLE SOURCES, AND ACCURATELY TRANSMIT SUCH INFORMATION TO CITY IN A SECURE FORMAT ACCORDING TO ACCEPTED STANDARDS OF WORK IN THE INDUSTRY; HOWEVER SERVICE PROVIDER DOES NOT GUARANTEE THE ACCURACY OF ANY THIRD -PARTY INFORMATION IT REPORTS. CITY ASSUMES SOLE RESPONSIBILITY FOR DETERMINING THE SUITABILITY FOR ITS USE OF THE INFORMATION AND SERVICES PROVIDED UNDER THIS AGREEMENT. INFORMATION OR ANY OTHER PRODUCTS OR SERVICES PROVIDED BY SERVICE PROVIDER HEREUNDER ARE PROVIDED "AS IS" FROM THIRD PARTY SOURCES WITHOUT ANY EXPRESS OR IMPLIED WARRANTY OF ANY KIND INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON - INFRINGEMENT AND IMPLIED WARRANTIES ARISING FROM COURSE OF DEALING OR COURSE OF PERFORMANCE. Services Agreement RFP 7475 Identity Verification Services -Utilities Customers Page 3 of 23 b. LIMITATION ON LIABILITY. SERVICE PROVIDER'S MAXIMUM LIABILITY UNDER THIS AGREEMENT SHALL NOT EXCEED IN THE AGREGATE THE TOTAL AMOUNT PAID BY CITY TO SERVICE PROVIDER UNDER THIS AGREEMENT FOR THE TWELVE (12) MONTHS PRECEDING THE DATE OF THE LOSS OR DAMAGE. IN NO EVENT SHALL EITHER PARTY, OR ITS DIRECTORS, EMPLOYEES, OWNERS, AFFILIATES, AGENTS OR REPRESENTATIVES, BE LIABLE TO THE OTHER PARTY HEREUNDER FOR ANY LOST PROFITS OR OTHER CONSEQUENTIAL OR INCIDENTAL DAMAGES, INDIRECT, SPECIAL OR OTHER SIMILAR DAMAGES, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER FOR EXEMPLARY OR PUNITIVE DAMAGES. THE LIMITATIONS OF LIABILITY SET FORTH IN THIS SECTION SHALL SURVIVE AND APPLY NOTWITHSTANDING THE FAILURE OF ANY LIMITED OR EXCLUSIVE REMEDY FOR BREACH OF WARRANTY SET FORTH IN THIS AGREEMENT. c. Client's Representations and Warranties. City represents, warrants, certifies, acknowledges and covenants to Service Provider at all times during the Term of this Agreement: (i) it will comply with all applicable laws and regulations in connection with its procurement and use of services and reports provided pursuant to this Agreement; (ii) it shall promptly notify Service Provider if City believes it has failed to fulfill any obligation in this Agreement, including, without limitation, those obligations related to confidentiality, consumer privacy, data protection, and compliance with laws; (iii) it shall identify, authorize and monitor all Service Provider account users and their respective access privileges, and promptly notify Service Provider of Services Agreement RFP 7475 Identity Verification Services -Utilities Customers Page 4 of 23 any changes of account users and/or if any account identification numbers or passwords become invalid, inactive or compromised in any manner; (iv) except as otherwise set forth in this Agreement, City shall not, directly or indirectly, sell, transfer, disclose the contents of or distribute the services or any reports, in whole or in part, to any third -party (other than to the applicable applicant or in conjunction with a disclosure required pursuant to law, regulation or legal process); (v) it shall use services and reports solely as an end -user, for a single, one-time use; (vi) it shall not use the services and/or reports in connection with any eligibility determination of the consumer for credit, employment, insurance or any other purpose in connection with which a consumer report may be used under the Fair Credit Reporting Act, 15 U.S.C. § 1681, et seq. ("FCRA") (vii) it shall comply with the access security requirements set forth in "Exhibit F" d. Service Provider's Representations and Warranties. Services Provider represents, warrants, acknowledges and covenants to City at all times during the Term of this Agreement: (i) it will comply with all applicable laws and regulations in connection with its provision of services and reports provided pursuant to this Agreement; (ii) it shall promptly notify City if Service Provider believes it has failed to fulfill any obligation in this Agreement, including, without limitation, those obligations related to confidentiality, consumer privacy, data protection, and compliance with laws; (iii) it shall comply with the access security requirements set forth in "Exhibit F Services Agreement RFP 7475 Identity Verification Services -Utilities Customers Page 5 of 23 11. Default. Each and every term and condition hereof shall be deemed to be a material element of this Agreement. In the event either party should fail or refuse to perform according to the terms of this agreement, such party may be declared in default thereof. 12. Remedies. In the event a party has been declared in default, such defaulting party shall be allowed a period of ten (10) days within which to cure said default. In the event the default remains uncorrected, the party declaring default may elect to (a) terminate the Agreement and seek damages; (b) treat the Agreement as continuing and require specific performance; or (c) avail himself of any other remedy at law or equity. If the non -defaulting party commences legal or equitable actions against the defaulting party, the defaulting party shall be liable to the non -defaulting party for the non -defaulting party's reasonable attorney fees and costs incurred because of the default. 13. Binding Effect. This writing, together with the Exhibits hereto, constitutes the entire agreement between the parties and shall be binding upon said parties, their officers, employees, agents and assigns and shall inure to the benefit of the respective survivors, heirs, personal representatives, successors and assigns of said parties. 14. Indemnity/Insurance. a. The Service Provider agrees to indemnify and save harmless the City, its officers, agents and employees against and from any and all actions, suits, claims, demands or liability of any character whatsoever brought or asserted for injuries to or death of any person or persons, or damages to property arising out of, result from or occurring in connection with the performance of any service hereunder. b. The Service Provider shall take commercially reasonable precautions in performing the work hereunder to prevent injury to persons and property. Services Agreement RFP 7475 Identity Verification Services -Utilities Customers Page 6 of 23 C. Without limiting any of the Service Provider's obligations hereunder, the Service Provider shall provide and maintain insurance coverage naming the City as an additional insured under this Agreement of the type and with the limits specified within Exhibit "C", consisting of one (1) page, attached hereto and incorporated herein by this reference. The Service Provider before commencing services hereunder, shall deliver to the City's Director of Purchasing and Risk Management, P. O. Box 580 Fort Collins, Colorado 80522 one copy of a certificate evidencing the insurance coverage required from an insurance company acceptable to the City. 15. Entire Agreement. This Agreement, along with all Exhibits and other documents incorporated herein, shall constitute the entire Agreement of the parties. Covenants or representations not contained in this Agreement shall not be binding on the parties. 16. Law/Severability. The laws of the State of Colorado shall govern the construction interpretation, execution and enforcement of this Agreement. In the event any provision of this Agreement shall be held invalid or unenforceable by any court of competent jurisdiction, such holding shall not invalidate or render unenforceable any other provision of this Agreement. 17. Prohibition Against Employing Illegal Aliens. Pursuant to Section 8-17.5-101, C.R.S., et. seq., Service Provider represents and agrees that: a. As of the date of this Agreement: 1. Service Provider does not knowingly employ or contract with an illegal alien who will perform work under this Agreement; and 2. Service Provider will participate in either the a -Verify program created in Public Law 208, 104th Congress, as amended, and expanded in Public Law 156, 108th Congress, as amended, administered by the United States Department of Homeland Security (the "e-Verify Program") or the Department Program (the "Department Program"), an employment verification program established pursuant to Section 8-17.5-102(5)(c) C.R.S. in order to confirm the employment eligibility of all newly hired employees to perform work under this Agreement. Services Agreement RFP 7475 Identity Verification Services -Utilities Customers Page 7 of 23 b. Service Provider shall not knowingly employ or contract with an illegal alien to perform work under this Agreement or knowingly enter into a contract with a subcontractor that knowingly employs or contracts with an illegal alien to perform work under this Agreement. C. Service Provider is prohibited from using the e-Verify Program or Department Program procedures to undertake pre -employment screening of job applicants while this Agreement is being performed. d. If Service Provider obtains actual knowledge that a subcontractor performing work under this Agreement knowingly employs or contracts with an illegal alien, Service Provider shall: Notify such subcontractor and the City within three days that Service Provider has actual knowledge that the subcontractor is employing or contracting with an illegal alien; and 2. Terminate the subcontract with the subcontractor if within three days of receiving the notice required pursuant to this section the subcontractor does not cease employing or contracting with the illegal alien; except that Service Provider shall not terminate the contract with the subcontractor if during such three days the subcontractor provides information to establish that the subcontractor has not knowingly employed or contracted with an illegal alien. e. Service Provider shall comply with any reasonable request by the Colorado Department of Labor and Employment (the "Department") made in the course of an investigation that the Department undertakes or is undertaking pursuant to the authority established in Subsection 8-17.5-102 (5), C.R.S. If Service Provider violates any provision of this Agreement pertaining to the duties imposed by Subsection 8-17.5-102, C.R.S. the City may terminate this Agreement. If Services Agreement RFP 7475 Identity Verification Services -Utilities Customers Page 8 of 23 this Agreement is so terminated, Service Provider shall be liable for actual and consequential damages to the City arising out of Service Provider's violation of Subsection 8-17.5-102, C.R.S. g. The City will notify the Office of the Secretary of State if Service Provider violates this provision of this Agreement and the City terminates the Agreement for such breach. 18. Special Provisions. Special provisions or conditions relating to the services to be performed pursuant to this Agreement are set forth in Exhibit "D", Confidentiality,; and Exhibit "E", Special Provisions, both attached hereto and incorporated herein by this reference. 19. Notices. All notices provided under this Agreement shall be effective when mailed, postage prepaid and sent to the following addresses: City of Fort Collins Attn: Purchasing PO Box 580 Fort Collins, CO 80522 Copy to: City of Fort Collins Attn: Lori Clements PO Box 580 Fort Collins, CO 80522 Kroll Factual Data, Inc. Attn: Greg Plunkett 5200 Hahns Peak Dr. Loveland, CO 80538 Copy to: Kroll Factual Data, Inc. Attn: Legal Dept. 5200 Hahns Peak Dr. Loveland, CO 80538 [Remainder of page intentionally left blank. Signatures appear on following page] Services Agreement RFP 7475 Identity Verification Services -Utilities Customers Page 9 of 23