Loading...
HomeMy WebLinkAboutRFP - 8876 EVIDENCE MANAGEMENT SYSTEM8876 Evidence Management System Page 1 of 29 REQUEST FOR PROPOSAL 8876 EVIDENCE MANAGEMENT SYSTEM The City of Fort Collins is requesting proposals from qualified Vendors to select a stand-alone, browser-based or a hosted Property and Evidence Management System that provides improved efficiencies, accuracy, accessibility and ease of use regarding the intake, management and disposition of property and evidence. As part of the City’s commitment to Sustainable Purchasing, proposals submission via email is preferred. Proposals shall be submitted in a single Microsoft Word or PDF file under 20MB and e-mailed to: purchasing@fcgov.com. If electing to submit a hard copy proposal we require one (1) hard copy and one (1) electronic copy on a jump drive to be received at the City of Fort Collins' Purchasing Division, 215 North Mason St., 2nd floor, Fort Collins, Colorado 80524. Proposals must be received before 3:00 p.m. (our clock) on March 29, 2019 and referenced as Proposal No. 8876. If delivered, they are to be sent to 215 North Mason Street, 2nd Floor, Fort Collins, Colorado 80524. If mailed, the address is P.O. Box 580, Fort Collins, 80522-0580. Please note, additional time is required for bids mailed to the PO Box to be received at the Purchasing Office. The City encourages all Disadvantaged Business Enterprises (DBEs) to submit proposals in response to all requests for proposals. No individual or business will be discriminated against on the grounds of race, color, sex, or national origin. It is the City’s policy to create a level playing field on which DBEs can compete fairly and to ensure nondiscrimination in the award and administration of all contracts. All questions should be submitted, in writing via email, to Ed Bonnette, CPM, CPPB, Senior Buyer at ebonnette@fcgov.com, with a copy to Project Manager, Lisa Robles at LRobles@fcgov.com, no later than 5:00 PM MST (our clock) on 3/15/19. Please format your e-mail to include: RFP 8876 EVIDENCE MANAGEMENT SYSTEM in the subject line. Questions received after this deadline may not be answered. Responses to all questions submitted before the deadline will be addressed in an addendum and posted on the Rocky Mountain E-Purchasing System webpage. Rocky Mountain E-Purchasing System hosted by Bidnet A copy of the RFP may be obtained at http://www.bidnetdirect.com/colorado/city-of-fort-collins. This RFP has been posted utilizing the following Commodity Code(s): 20837 Database Software, Database Software for Microcomputers, Software, Database (Microcomputer), Microcomputer Database Software 20938 Database, Database Software for Mini/Mainframe Computers, Software, Database (Mini/Mainframe Computer), Computer Database Software, Mini/Mainframe 91829 Computer Software Consulting, Consulting Services, Computer-Software, Consulting Services Financial Services Purchasing Division 215 N. Mason St. 2nd Floor PO Box 580 Fort Collins, CO 80522 970.221.6775 970.221.6707 fcgov.com/purchasing 8876 Evidence Management System Page 2 of 29 92014 Applications Software (for Minicomputer Systems), Software, Applications (for Minicomputer Systems), Minicomputer Systems Software (Applications) 92046 Software Updating Services, Software Subscription Services, Updating Services, Software, Subscription Services, Software Public Viewing Copy: The City is a governmental entity subject to the Colorado Open Records Act, C.R.S. §§ 24-72-200.1 et seq. (“CORA”). Any proposals submitted hereunder are subject to public disclosure by the City pursuant to CORA and City ordinances. Vendors may submit one (1) additional complete proposal clearly marked “FOR PUBLIC VIEWING.” In this version of the proposal, the Vendor may redact text and/or data that it deems confidential or proprietary pursuant to CORA. Such statement does not necessarily exempt such documentation from public disclosure if required by CORA, by order of a court of appropriate jurisdiction, or other applicable law. Generally, under CORA trade secrets, confidential commercial and financial data information is not required to be disclosed by the City. Proposals may not be marked “Confidential” or ‘Proprietary’ in their entirety. All provisions of any contract resulting from this request for proposal will be public information. New Vendors: The City requires new Vendors receiving awards from the City to fill out and submit an IRS form W-9 and to register for Direct Deposit (Electronic) payment. If needed, the W-9 form and the Vendor Direct Deposit Authorization Form can be found on the City’s Purchasing website at www.fcgov.com/purchasing under Vendor Reference Documents. Please do not submit with your proposal. Sales Prohibited/Conflict of Interest: No officer, employee, or member of City Council, shall have a financial interest in the sale to the City of any real or personal property, equipment, material, supplies or services where such officer or employee exercises directly or indirectly any decision-making authority concerning such sale or any supervisory authority over the services to be rendered. This rule also applies to subcontracts with the City. Soliciting or accepting any gift, gratuity favor, entertainment, kickback or any items of monetary value from any person who has or is seeking to do business with the City of Fort Collins is prohibited. Collusive or Sham Proposals: Any proposal deemed to be collusive or a sham proposal will be rejected and reported to authorities as such. Your authorized signature of this proposal assures that such proposal is genuine and is not a collusive or sham proposal. The City of Fort Collins reserves the right to reject any and all proposals and to waive any irregularities or informalities. Utilization of Award by Other Agencies: The City of Fort Collins reserves the right to allow other state and local governmental agencies, political subdivisions, and/or school districts to utilize the resulting award under all terms and conditions specified and upon agreement by all parties. Usage by any other entity shall not have a negative impact on the City of Fort Collins in the current term or in any future terms. Sincerely, Gerry Paul Purchasing Director 8876 Evidence Management System Page 3 of 29 I. BACKGROUND & OBJECTIVE / OVERVIEW A. Objective The City of Fort Collins is requesting proposals from qualified Vendors to select a stand- alone, browser-based or a hosted Property and Evidence Management System that provides improved efficiencies, accuracy, accessibility and ease of use regarding the intake, management and disposition of property and evidence. B. Background Fort Collins Police Service (FCPS) has over 200 sworn officers and over 120 civilian personnel serving a community of over 165,000 residents. The Evidence Unit is comprised of 6 full time Evidence Technicians and 1 Evidence Supervisor. The Evidence Unit takes in approximately 1,500 items per month and manages the ongoing storage, handling and “chain of custody” on approximately 180,184 items. Fort Collins Police Services has been utilizing an integrated Property module within the current Tiburon/Total Command/RMS system and the primary objective is to select a stand-alone, browser-based or a hosted Property and Evidence Management System to include a Digital Evidence Management system that provides improved efficiencies, accuracy, accessibility and ease of use regarding the intake, management and disposition of property and evidence. This Agency is also interested in looking for a software provider with 5+ years’ experience providing automated digital information workflow solutions for law enforcement agencies, including references from other Colorado Law Enforcement Agencies This Agency is seeking an Evidence Management and Digital Evidence Management solution to manage data including physical evidence along with digital evidence captured by electronic devices including but not limited to in-car cameras (ICCs), body- worn cameras (BWCs), interview room recording systems, surveillance recording systems, and cameras used by the Forensics Services Division (FSD) to capture crime scene photos and video. The vendor solution is required to provide this agency with the ability to access, manage and store all systems and data on site and in the cloud. City of Fort Collins Information Technology Department Provided Systems and Services: 1. High Speed Internet Connection 2. WAN connections 3. Security based on CJIS standards 4. Equipment including desktops, tablets and laptops City of Fort Collins Police Department Available Systems and Services: The Department’s preference is for an on-premise solution for physical evidence with servers, applications and data on-site. For digital evidence, the department’s preference is a cloud-based solution. 8876 Evidence Management System Page 4 of 29 Police Department On-Premise Services 1. Virtual server environment and storage 2. Disaster recovery (backups) 3. Business continuity (replication) Server / Application / Storage Options: The solution must have the ability to provide at least one copy of evidentiary video on premise and at least one copy in the cloud. II. SCOPE OF PROPOSAL A. Objective The objective of this RFP is for Fort Collins Police Services to procure a state of the art system for Property and Evidence Management that provides improved efficiencies, accuracy, accessibility and ease of use regarding the intake, management and disposition of property and evidence. Items to be included in the Vendor’s response are defined in Section III. PROPOSAL SUBMITTAL. B. Deliverables/Milestones The following deliverable milestones have been identified as examples. Vendor is to propose milestones, target dates, percent of project completion and associated milestone payment to be triggered upon successful completion as part of their proposal. 1. System installation 2. Trial Run 3. Core product training 4. Go Live 5. Project Acceptance C. Anticipated Schedule The following represents the City’s target schedule for the RFP. The City reserves the right to amend the target schedule at any time. • RFP issuance: 3/8/19 • Question deadline: 5:00 PM MST on 3/15/19 • Proposal due date: 3:00 MST (our clock) on 3/29/19 • Interviews/Demonstration (tentative): Week of 4/15/19 • Award of Contract (tentative): 5/10/19 • Completion of project: TBD D. Interviews/Demonstrations In addition to submitting a written proposal, the top-rated Vendors may be interviewed by the RFP assessment team and asked to participate in an oral presentation/demonstration to provide an overview of the company, system demonstration and to address questions. 8876 Evidence Management System Page 5 of 29 The evaluation criteria for the oral interview/demonstration will be the same as the criteria for the written evaluations and is included in Section IV. E. Travel & Expenses Contractors are to provide a list of fees for reimbursable expenses. Reasonable expenses will be reimbursable as per Fort Collins Expense guidelines. F. Subcontractors Vendors will be responsible for identifying any subcontractors in their proposal. Please note that the City will contract solely with the awarded Vendor; therefore subcontractors will be the responsibility of the Vendor. G. Proposal Format Please limit the total length of your proposal to a maximum of twenty-five (25) double sided or fifty (50) single sided 8 ½ x 11” pages (excluding cover pages, table of contents, dividers and Vendor Statement form). Font shall be a minimum of 10 Arial and margins are limited to no less than .5” for sides and top/bottom. Extended page sizes, such as 11” x 17”, count as a single page. Please, no embedded documents. Proposals that do not conform to these requirements may be rejected. H. Fees, Licenses, Permits The successful Vendor shall be responsible for obtaining any necessary licenses, fees or permits without additional expense to the City. All equipment shall be properly licensed and insured, carry the appropriate permits and be placarded as required by law. I. Laws and Regulations The Vendor agrees to comply fully with all applicable local, State of Colorado and Federal laws and regulations and municipal ordinances. J. Invoicing and Payment Invoices should be emailed to invoices@fcgov.com with a copy to the Project Manager. The cost of the work completed shall be paid to the Vendor per the Milestone Schedule following the submittal of a correct invoice by the Vendor indicating the project name, Purchase Order number, task description, hours worked, personnel/work type category, hourly rate for each employee/work type category, date of the work performed specific to the task, percentage of that work that has been completed by task, 3rd party supporting documentation with the same detail and a brief progress report. Payments will be made using the prices listed on the agreed-to Price Schedule. In the event a service is requested which is not listed on the Price Schedule, the Vendor and the City will negotiate an appropriate unit price for the service prior to the Vendor initiating such work. The City pays invoices on Net 30 terms. III. PROPOSAL SUBMITTAL For this section, Vendors are required to provide detailed written responses to the following items in the order outlined below. The responses shall be considered technical offers of what Vendors propose to provide and shall be incorporated in the contract award as deemed 8876 Evidence Management System Page 6 of 29 appropriate by the City. A proposal that does not include all the information required may be deemed non-responsive and subject to rejection. Responses must include all the items in the order listed below. It is suggested that the Vendors include each of the City’s questions with their response immediately following the question. The City of Fort Collins shall not reimburse any firm for costs incurred in the preparation and presentation of their proposal. A. Cover Letter / Executive Summary The Executive Summary should highlight the content of the proposal and features of the program offered, including a general description of the program and any unique aspects or benefits provided by your firm. Indicate your availability to participate in the interviews/demonstrations on the proposed dates as stated in the Schedule section. B. Vendor Information 1. Describe the Vendor’s business and background 2. Number of years in the business 3. Details about ownership 4. An overview of services offered and qualifications 5. Size of the firm 6. Location(s) of offices. If multiple, please identify which will be the primary for our account. 7. Primary contact information for the company including contact name(s) and title(s), mailing address(s), phone number(s), and email address(s). Complete Section V, Vendor Statement. C. Scope of Proposal 1. Provide a detailed narrative of the services proposed if awarded the contract per the scope above. The narrative should include any options that may be beneficial for the City to consider. 2. Describe how the project would be managed and who would have primary responsibility for its timely and professional completion. 3. Describe the methods and timeline of communication your firm will use with the City’s Project Manager and other parties. 4. Complete Exhibit A Functional Requirements with your replies (Yes, No, N/A, or Future and your comments, if any) and include it with your Proposal. 5. Complete Exhibit B SaaS Cyber Vendor /Questionnaire with your response to the questions; and include it with your Proposal. 6. Identify what portion of work, if any, may be subcontracted and/or any third-party software licenses that may be required. 7. Address system functionality and ease of use across different user groups: from the initial collection, through transfers during the legal process, to final disposition; there must be efficiency of processes without duplication of efforts, while maintaining an 8876 Evidence Management System Page 7 of 29 impeccable chain of custody throughout. All system users must be able to navigate and access the system as needed and in an intuitive and streamlined manner. 8. Data conversion/Records Management System interface capabilities: describe how the proposed system provides for the extraction and conversion of existing data. 9. System implementation/optimization/maintenance/training/deployment/technical support: Describe your ability to tailor system screens, fields, features, forms, letters and labels for Fort Collins Police Services’ needs at time of installation and as needs change in the future. Describe your comprehensive and detailed training and deployment plans. Describe the degree and nature of customer service and technical support availability, responsiveness and efficacy. 10. Technology utilization, planning and cyber security: Describe your system capabilities, accessibility, security and storage capacities. Describe your system utilization of most current applicable technologies. Describe your system planning and upgradability to utilize upcoming/future technologies. Address data protection, privacy and security safeguards. D. Firm Capability Provide relevant information regarding previous experience related to this or similar Projects, to include the following: 1. Provide an Organization Chart/Proposed Project Team: An organization chart containing the names of all key personnel and sub consultants with titles and their specific task assignment for this Agreement shall be provided in this section. 2. A list of qualifications for your firm and qualifications and experience of the specific staff members proposed to perform the consulting services described above. 3. Provide examples of at least two projects where you’ve worked with your sub- consultants. List the sub-consultant firm(s) for this Agreement, their area(s) of expertise, and include all other applicable information herein requested for each sub- consultant. Identify what portion of work, if any, may be sub-contracted. 4. References (current contact name, agency, current telephone number and email address) from at least three similar projects with law enforcement agencies with similar requirements that have been completed within the past five (5) years and that have involved the staff proposed to work on this project. Provide a description of the work performed. The Vendor authorizes City to verify any and all information contained in the Vendor’s submittal from references contained herein and hereby releases all those concerned providing information as a reference from any liability in connection with any information they give. E. Assigned Personnel 1. List of Project Personnel: This list should include the identification of the contact person with primary responsibility for this Agreement, the personnel proposed for this Agreement, and any supervisory personnel, including partners and/or sub consultants, and their individual areas of responsibility. 2. A resume for each professional and technical person assigned to the Agreement, including partners and/or sub consultants, shall be submitted. The résumés shall 8876 Evidence Management System Page 8 of 29 include at least three individual references from previous assignments. Please limit resumes to one page. 3. Some functions of this project may require the use of sub-consultants. If you intend to utilize sub-consultants you must list each and provide resumes for their key personnel. If no sub-consultants will be used, please state so. 4. Describe the availability of project personnel to participate in this project in the context of the contractor firm’s other commitments. F. Cost and Work Hours In your response to this proposal, please provide the following: 1. Estimated Hours by Task: Provide estimated hours for each proposed task by job title and employee name, including the time required for meetings, conference calls, etc. 2. Cost by Task: Provide the cost of each task identified in the Scope of Proposal section. Provide a total not to exceed figure for the Scope of Proposal. Price all additional services/deliverables separately. 3. Schedule of Rates: Provide a schedule of billing rates by category of employee and job title to be used during the term of the Agreement. This fee schedule will be firm for at least one (1) year from the date of the Agreement. The fee schedule will be used as a basis for determining fees should additional services be necessary. Include a per meeting rate in the event additional meetings are needed. A fee schedule for sub-consultants, if used, shall be included. 4. All direct costs (i.e., travel, printing, postage, etc.) specifically attributed to the project and not included in the billing rates must be identified. Travel expenses may be reimbursable as per Fort Collins Expense Guidelines. Vendor will be required to provide original receipts to the City for all travel expenses. 5. Complete Exhibit C Total Cost of Ownership Spreadsheet with Initial Costs (one- time) plus Recurring Costs for Years 1-5. The goal is to provide an accurate picture of cost from project initiation through Year 5. a. Include any applicable costs for support & maintenance for 5 years. b. Software Licensing Cost Vendor is to provide fixed license costs for the first five (5) years in the spreadsheet, broken down by year. c. Initial Installation and Setup Cost Vendor is to provide cost for initial installation and setup of the system. d. Hosting Fees (if applicable) Vendor is to provide any cost for hosting fees for software as a service (if this is part of your proposed system). e. Training Cost Vendor is to provide an overview of proposed training plan/strategy specifying how training is to be delivered. 8876 Evidence Management System Page 9 of 29 f. Maintenance & Support Cost The City will require fixed maintenance fees for five (5) years following implementation. Provide costs for maintenance and support for each year for five years. Price increases for years beyond the initial 5 years will be capped by a mutually -agreed upon percentage. g. Optional Services If other product specific services are recommended an estimate should be provided. Potential services may include data loading and configuration of existing data from the old system to the new one. G. Additional Information Provide any information that distinguishes Vendor from its competition and any additional information applicable to this RFP that might be valuable in assessing Vendor’s proposal. Explain any concerns Vendor may have in maintaining objectivity in recommending the best solution. All potential conflicts of interest must be disclosed. H. Agreement Vendors submitting a proposal shall provide their template agreement(s) for product licenses, implementation, support & maintenance. IV. REVIEW AND ASSESSMENT CRITERIA A. Proposal and Interview/Demonstration Assessment Criteria Vendors will be evaluated on the following criteria. All criteria will be equally weighted. These criteria will be the basis for review and assessment of the written proposals and optional interview/demonstration session. At the discretion of the City, interviews and/or demonstrations of the top-rated Vendors may be conducted. 1) Vendor organization, capability, and assigned personnel 2) System functionality and ease of use across different user groups: System compliance to the City’s functional requirements stated in Exhibit A. Also, from the initial collection, through transfers during the legal process, to final disposition – there must be efficiency of processes without duplication of efforts, while maintaining a robust chain of custody throughout. All system users must be able to navigate and access the system as needed and in an intuitive and streamlined manner. 3) Data conversion/Records Management System interface capabilities: The extent to which the Vendor and the proposed system provides for the extraction and conversion of existing data; avoids duplicate data from and into existing and future records management system. The vendor’s proven success in interfacing/data 8876 Evidence Management System Page 10 of 29 extraction and conversion between evidence management system and records management system will be considered. 4) System implementation/optimization/maintenance/training/deployment/technicial support: Time-line to implement and convert existing data and records. Ability to tailor system screens, fields, features, forms, letters and labels for Fort Collins Police Services’ needs at time of installation and as needs change in future. Comprehensive and detailed training and deployment plans. The degree and nature of customer service and technical support availability, responsiveness and efficacy. 5) Technology utilization, planning and cyber security: System capabilities, accessibility, security and storage capacities of vendor hosted servers. System utilization of most current applicable technologies. System planning and upgradability to utilize upcoming/future technologies. Data protection and privacy and security safeguards. 6) Pricing: The comprehensive and detailed nature of the proposed pricing provided in Exhibit C, along with explanations of included and optional software, hardware and services, and the degree to which the costs provide best value and are most advantageous to the City’s financial resources. B. Reference Evaluation Criteria Prior to award, the Project Manager may check references and contact information from law enforcement agencies currently utilizing Vendor’s proposed property and evidence management system, to verify the degree of a successful system implementation, duration of use, and customer service/support satisfaction. 8876 Evidence Management System Page 11 of 29 V. VENDOR STATEMENT Vendor hereby acknowledges receipt of the City of Fort Collins Request for Proposal and acknowledges that it has read and agrees to be fully bound by all of the terms, conditions and other provisions set forth in the RFP. Additionally, Vendor hereby makes the following representations to City: a. All of the statements and representations made in this proposal are true to the best of the Vendor’s knowledge and belief. b. Vendor commits that it is able to meet the terms provided in this proposal. c. This proposal is a firm and binding offer, for a period of 90 days from the date hereof. d. Vendor further agrees that the method of award is acceptable. e. Vendor also agrees to complete an Agreement with the City of Fort Collins within 30 days of notice of award. If contract is not completed and signed within 30 days, City reserves the right to cancel and award to the next highest rated firm. f. Vendor acknowledge receipt of addenda. Firm Name: Physical Address: Remit to Address: Phone: Name of Authorized Agent of Firm: Signature of Authorized Agent: Primary Contact for Project: Title: Email Address: Phone: Cell Phone: NOTE: VENDOR STATEMENT IS TO BE SIGNED & RETURNED WITH YOUR PROPOSAL. Exhibit A Functional Requirements Functional Requirements: The following section details the functional requirements for the system solution. The City is looking for a comprehensive and best practice solution for an Evidence Management system which includes a Digital Evidence Management System. Respond with “Yes”, “No” or “Future Release” in the column titled “Included” to indicate if the feature is present in the current proposed release. A copy of this table will be available for editing. REQUIRED FUNCTIONALITY Description Included: “Yes” “No” “N/A or “Future” Alternate Proposal, Comments 1-Physical Locations for on-site premise: 1. One Site – Police Headquarters or virtual data room. 2-Licensing Requirements: 1. The cost includes the ability to create an unlimited number of user accounts. 2. Ability to add temporary users/licenses in the event of a major or catastrophic event. 3. System must include licensing for an unlimited number of digital cameras. 4. System cannot use any hardware copy protection such as dongles, hardware keys, hardware tokens, or security devices at either the server side or the client side. 3-Minimum Requirements for Number of Original Assets Supported: 1. Implementation – 10,000,000 2. Upgrade Option – 100,000,000 4-Storage Requirements: 1. Implementation: All Video – 70TB 2. Year 1: All Video 80TB, Evidentiary Video 20TB 3. Year 2: All Video 90TB, Evidentiary Video 30TB 4. 4. Year 3: All Video 100TB, Evidentiary Video 40TB 5. Year 4: All Video 110TB, Evidentiary Video 50TB 6. Year 5: All Video 120TB, Evidentiary Video 60TB 5-Storage Requirements for pricing models based on number of user accounts and type of access: 1. Evidence, Sworn, Records – 250 accounts, 50GB per account, with acquire, view, etc. access. 2. Administrators – 4 accounts, 50GB per account, with Admin access. Ability to set different levels of admin access based on user type. 3. District Attorney (DA) and other Law Enforcement Agencies (LEA) – 20 accounts, 50GB per account, with copy, view access. 6-Criteria for Cloud Bandwidth Requirements, Year 1 - 5: 1. Average Length of Video – 10 minutes 2. Average File Size – 150MB 3. Average Writes per year (new) – 350,000 4. Average Retrieval per year (download) – 16,000 5. Average Reads per year (views) – 62,000 6. Average Writes per year (modify, including meta data changes) – 2,000,000 7. System must include automatic lossless compression for rapid data transfer of all data transferred over a wired or wireless network connection. 7-Security Requirements: 1. Systems providing access by external users to case files must support the ability for the Department to secure and log access utilizing City’s firewall and/or access lists. 2. Transport security must automatically encrypt and decrypt all data transferred or transmitted over a wired or wireless network connection utilizing a minimum of 3DES encryption and/or AES encryption. 3. Must allow security to be set at multiple levels within digital evidence server and in evidence management system including but not limited to case number, case type, or individual file. 4. System must provide an audit trail log file that cannot be altered that includes tracking of the following for the digital evidence management: a. Users attempting to or accessing the system or file, and from what location. b. Actions performed (acquire, view, modify, enhance, export, etc.). c. Changes to access control levels. d. All audit trail items must be securely time stamped. e. Audit trail log must be stored and indexed in a searchable database. f. f. Any other logs required by CJIS. 5. System must provide an audit trail that cannot be altered for each item of physical evidence which includes tracking the following: a. Updates to any chain of custody. b. Any movement of the item within the evidence storage areas. c. Any inventory of the item. d. Any time the item has been scanned. 6. System must include easily managed administrator definable multilevel security for access to files, information, and evidence based on roles. 7. System must provide security method for strictly limiting access for users to certain folders or data within a case file, which they have been provided access. 8. System shall be managed in a granular permissions and security model. 9. System must have proactive system monitoring capable of detecting and notifying the System Administrator by email and text message of any failure in any component in the storage array or any station on the network. 10. Software source code, executables, and scripts must be digitally self-signed to confirm the software author and to guarantee that the code has not been altered or corrupted since it was signed by the cryptographic hash. 11. All digital assets must be scanned for corrupt files or zero-bite size files using embedded error checking upon entry into the system. 12. Ensure software is developed and deployed using secure coding practices and business processes that minimize security flaws within the software and notification will be made to FCPS in the event changes are made that affect these practices and processes. 13. Ensure safety and security procedures are maintained and enforced with respect to access and maintenance of client data. 14. All client data must be stored in a safe and secure environment and protection from unauthorized access, modification, theft, misuse or damage whether the data resides in a repository or during transmission over the network and must be stored in the United States. 15. Vendor must provide ability for this agency to acquire our raw data through an export to XLS or CSV file at any time. 16. Notification shall be made to FCPS as soon as possible but no longer than 24 hours when a security breach has been discovered whether actual or attempted. 17. Protection against software failure with backup and recovery procedures. 18. The software must be CJIS compliant. 19. System should allow for single sign-on capabilities. 8-System Requirements: 1. A complete Evidence Management System including software, barcode/RFID/other storage tracking hardware, supplies and services including installation, customization/optimization to Agency specifications/needs, training, remote access and on-site system support as required. 2. Recovery Time Objective (RTO) is less than or equal to one hour. 3. Recovery Point Objective (RPO) is less than or equal to 15 minutes. 4. The system solution must be compliant with current existing statutes, standards, and guidelines, of the Rules of Evidence. 5. Solution must be capable of easily increasing storage capacity and must not require additional purchase of software licenses. 6. System must be fully compatible with: a. Windows 7 32-bit, 64-bit b. Windows 10 64-bit o All subsequent updates to Windows 10 builds (ie. Version 1803, 1809, etc.) c. Internet Explorer 11 d. Google Chrome 7. Agency prefers but is not limited to a browser- based client. 8. Agency prefers ability to use the current barcodes on evidence currently in FCPS custody so that existing items will not need to be re-barcoded. 9. System shall support standard file types and RAW formats for digital photographs, in addition to audio and video files, and documents. 10. The system must work easily and efficiently and be capable of supporting 10,000,000, upgradeable to 100,000,000, original assets with copies stored simultaneously in multiple locations. 11. All assets, data, and database(s) must be stored in non-proprietary industry standard formats. 12. System must support “verbose” log tracking for the purpose of both local and remote system diagnostics. 13. Digital media uploaded to the system will be stored in a non-proprietary format and will be easily accessible without the need to convert the format. 9-Server-Client System Requirements: 1. Virtual Servers must work in a VMWare environment, or any other virtual environment the Agency chooses. 2. Server-Client System must include active hardware monitoring and reporting and provide alerting by email and text message of availability, performance, utilization, audit trail log events, and hardware failures. 3. It is a requirement for the vendor to supply a server solution that has complete restore of server functions and data from a backup server or servers with no loss of functionality. 4. All servers, data, assets, information, evidence, processed evidence, database files, and audit trail log files must be stored and replicated in separate locations. 10-Cloud-Based System Requirements: 1. Individual assets and the database must meet CJIS requirements for encryption of CJI data in transit and at rest. 2. Vendor must agree to cooperate with Agency’s vendor of choice if Agency chooses to contract for an alternate DEMS solution if/when solution selected in response to this RFP no longer meets requirements. 3. Vendor must provide a cost-effective method for transferring all data from cloud to Agency, without penalty; transferred data must include all meta-data and retention classification. 11-Functional Requirements: Digital Evidence: 1. System shall allow users to upload files to a central location for storage and case management in an easy and expedited manner. 2. System must have the capability for acquiring, processing, authenticating, storing, and playback of digital images, digital audio, and digital video in common formats. 3. Must be able to upload data from multiple formats to include, but not limited to, SD cards, hard drive, disks, etc. 4. System must maintain/store original copy of evidentiary files and any manipulation must be of a working copy only. 5. System must support the ability for users to search for assets and evidence online by case number, user ID, location, crime type, date, notes, or any other designated database field or combination of multiple fields. 12-Physical and Digital Evidence: 1. Must meet industry standards for chain of custody related to all entries, movements and disposal of items. 2. Consistent barcode/RFID/or other inventory storage tracking technology in property/evidence module to facilitate tracking, inventory and other data entry retrieval. 3. Interface should be user friendly, allowing for easy and efficient entry of evidence information into the database. 4. System must have capability for an electronic signature capture. 5. Use of wireless PDA scanner/reader with data entry, signature capture capabilities and sufficient memory to accommodate data collection on crime scenes, off-site property storage locations, labs, and for inventories and audits. 6. Use of workstations, smartphones, IPads or Tablets connecting through a secure tunnel such as a VPN or private cellular network. 7. Ability to associate/link multiple case numbers to digital evidence or physical evidence. 8. Use of dynamic barcodes (does not require user to pull up multiple screens and enter a particular field to have a bar code pull up an item – should be able to scan a barcode and the item will populate on the screen). 9. This system will need to provide robust tracking for large inventories and the ability to pick up the process later when the inventory cannot be completed on the same day. 10. System should allow for straight forward and uncomplicated mass movement of items, such as changing locations and documenting destructions. 11. System should also allow the user to add notes to the items in bulk or individually. 12. System should have capability to flag items or note special instructions in a journal entry style. 13. System should have the capability to identify items for case review as defined by retention policy. 14. Officer entry module should have an intuitive, easy to use, format for property & evidence intake and barcode printing at the agency, remote locations or via mobile printing. 15. System should have routing or workflow capabilities. 16. System should have capability to allow non- evidence personnel to route requests to the evidence unit (two-way routing). 17. System must have the ability to create a container, listing the individual items stored inside the container and the ability to move a full container without the need to rescan each item. 18. System must have the ability for users to generate and create various reports related to property/evidence either system generated or through Crystal Reports without additional cost. 19. Ability to sort results of queries and create output reports from said queries. 20. System must have the ability to create and generate user configurable forms and letters that can be completed and forwarded electronically, attached to a case file in RMS, or printed as needed. 21. Ability to start the chain of custody process when the officer places the item in the temporary locker. The officer should be able to print one label which contains all item information as well as barcode at time of log in. 22. Complete inventory report to include 1) Items scanned correctly 2) Items not scanned 3) Items scanned in a wrong location 4) And the ability to attach notes to the incorrect files without manipulation of the data. Also, track that the item was part of the inventory in the item history file with the notes if any were attached for that item. 23. Ability to search multiple fields at the same time, including wild cards. 24. Ability to save frequently used searches for future use 25. Ability to attach documentation related to items of evidence, such as emails, written correspondence, photocopies of IDs, etc. but not be considered an item of evidence. 13-Digital Media Input or Acquire Requirements: 1. Input devices include various photo and video capture devices in use by the Department and by area businesses. System shall provide the ability to acquire digital data directly from capture devices such as digital cameras and shall acquire data from the following managed systems. In-Car Camera System 1. System must have the ability to acquire and store non-evidentiary and evidentiary video files stored in agency’s in-car camera system. 2. Acquired video must include meta data and audit trail log files. 3. System shall automatically add case number and categorize video for retention purposes by utilizing .csv file provided by Department. Interview Room System – 1. DEMS shall automatically acquire evidentiary video files copied from existing servers to network file shares for the purpose of providing access to the new DEMS system. 2. Acquired video file will be provided to vendor by Department with the case number. 14-Digital Evidence Process Requirements: 1. System must have the ability to automatically assign an existing case number for each case. 2. System must provide automated case building as data is acquired from various systems and devices. 3. System must automatically assign a retention date to each file or case for review. 4. System must provide searchable fields including case number, offense type, user ID, victim or offender name, location, GPS coordinates, and others. 5. System may link from within Department’s RMS case file to provide access to DEMS case file. 15-Evidence Record Process Requirements 1. System will assure that any asset that it acquired can be viewed from within DEMS. 2. System will have mobile, web-based management, and desktop management programs available. 3. System must provide multiple options for searching fields, including wildcards and the ability to search across multiple fields simultaneously. 4. System must allow for Agency to customize as needed to meet agency needs and to integrate similar names/titles and information as the RMS system. 5. Agency Administrator(s) should have the capability to customize the screen displays. 6. System should have the ability to set up automated reminders/tickler system for annual audits, inventories, or any processes, with the ability to assign these reminders/ticklers to a group or individual user. 7. Automated processes for tracking and reconciliation of money booked as evidence. 16-Output Requirements: Video/Photo Viewing – 1. System will assure that any asset that it acquired can be viewed from within DEMS. 2. System must support the ability for users to view assets and evidence online as thumbnails or full-size images. Sharing Case Files – 1. System must support ability to share read only case files with external users such as the DA’s Office and City Attorney’s Office via a web-based client. 2. Sharing with external users must be secure and linked to user identity, and activity included in audit trail log file. 3. System must provide the ability to set an expiration date on access to externally shared case files. Video Copies – 1. System must support copying videos and if required their proprietary players to external storage device (DVD, flash drive, hard drive, etc.). 2. System should provide extraction or redaction capabilities of all video files. Photo Prints – 1. System must support printing photos to existing high quality networked photo printer system. 2. System must support user defined variable multi-format printing layouts, proof sheets, and thumbnails on various print size media. 3. System must include the capability for photos to be printed with case number and associated data describing the photo or a proof sheet with all the photos from an event. 4. System must support automatic printing of a copyright statement on every page for images printed. 5. System must support automatic printing of page numbers on every page for images, proof sheets, or thumbnails printed. 17-Software Integration Requirements: 1. System must have the capability to directly interface with software already in use at the Agency. 2. Vendor must support data migration from the current RMS system if the agency chooses. a. Total Command Records Management Solution (RMS). b. Total Command Computer-Aided Dispatch (CAD). c. In-Car Camera Video Solution. d. Interview Rooms. e. Axon Body Worn Cameras (BWC). 18-Software Services: 1. Any customizations made to the system by the vendor must be supported in new versions of the product. 2. Vendor must be capable of providing integration services when Department acquires new technology. 19-System Installation and Support Requirements: Installation Services – 1. Vendor shall provide installation and startup services, and 30-day testing services. 2. Vendor shall provide complete printable online documentation for the DEMS system installation instructions, system administration and maintenance, and technical reference and user manuals. 3. Vendor shall provide network diagrams indicating transport and workflows. Technical Support – 1. Vendor shall provide technical support 24/7/365 for all system software products for the System Administrator at no charge for the duration of the technical support service contract. 2. Support requests escalated as critical or high priority by the Agency such as full system outage require response time of less than one hour by a live person with engineering skills 24/7/365. 3. Less critical support requests shall be responded to within four hours during business hours. 4. Less critical support requests placed after normal business hours shall be responded to within four hours on the first regular business day following notification. 5. Vendor will provide system warranty, annual software support contract, and system upgrades. Upgrades / Fixes – 1. Functional fixes to the system software shall be provided as they are released at no extra cost. 2. Supporting documentation reflecting modifications is required and shall include software matrix. 3. Software service packs should be available for download from vendor’s website and should include any newly developed features. 20-Training Requirements: 1. Vendor must supply printable online instructions in the form of manuals or PowerPoint presentations that provide detailed descriptions of every aspect of the system administration and set up of hardware and software including every option available. 2. Vendor must supply an online training program for users and System Administrators covering the complete workflow involving acquisition, enhancement, and output of all assets. 3. Vendor shall provide ongoing online training for the duration of maintenance and support agreement(s). Exhibit B SaaS Cyber Vendor Questionnaire 1. Data Ownership: The City of Fort Collins will own all right, title and interest in its data that is related to the services provided. All data obtained by the vendor in the performance of this services shall become and remain the property of the City. The vendor will not share or distribute any City data to any other entity without the express written consent of the City. Can you comply with this? 2. Data Protection: Describe how you safeguard the confidentiality, integrity and availability of City information, including encryption of personal data in transit and at rest, and access control. Do you have a privacy and security policy, and does the policy apply to customers’ private data including personal identifiable information? 3. Data destruction: What procedures and safeguards does the vendor have in place for sanitizing and disposing of City data according to prescribed retention schedules or following the conclusion of a project or termination of a contract to render it unrecoverable and prevent accidental and/or unauthorized access to City data? 4. Data Location: Are the data centers where City data may be stored or processed located exclusively in the United States? Do you allow your personnel or contractors to store City data on portable devices? Do your personnel and contractors access City data remotely? 5. Security Incidents or Data Breaches: Describe your data breach and incident response communication plans. Has the company experienced any security breaches? If yes, explain. 6. Breach Responsibilities: In addition to data breach communication, what additional responsibilities do you have to your customers in the event of a data breach involving private data that is in your control, or in the control of your contractors/subsidiaries, at the time of breach? Do you have cybersecurity insurance? If yes, provide an overview of the coverage. 7. Background Checks: Do you conduct criminal background checks on all staff, including subcontractors? Do you employ people convicted of any crime of dishonesty? 8. Access to Security Logs and Reports: The vendor shall provide reports to the City in a format as specified in the SLA agreed to by both the vendor and the City. Reports shall include latency statistics, user access, user access IP address, user access history and security logs for all City files related to this contract. Can you comply with this? 9. Risk Assessments and Audits: Do you conduct periodic risk assessments to identify cybersecurity threats, vulnerabilities, and potential business consequences? Do you have regular independent assessments of your cybersecurity processes? Do you perform independent audits of your data center? How often? What level of audit is performed (e.g., SOC2)? Would you be willing to share redacted versions of your most recent risk assessment and audit report with the City? 10. Change Control and Advance Notice: How do you communicate upgrades (e.g., major upgrades, minor upgrades, system changes) that may impact service availability and performance to your customers? 11. Upgrades: Are technology systems (e.g., servers, network devices, operating systems, applications, malware definitions) regularly updated/patched? Do you have any systems in production that are past end of life or that can no longer be patched? 12. Non-disclosure and Separation of Duties: Describe how you enforce separation of job duties and limit staff knowledge of City data to that which is necessary to perform job duties. 13. Import and Export of Data: Describe the data import and export processes from the customer’s perspective. 14. Subcontractor Disclosure: Identify all your strategic business partners related to services provided under this arrangement, including but not limited to all subcontractors or other entities or individuals who may be a party to a joint venture or similar agreement with the you, and who shall be involved in any application development and/or operations. 15. Right to Remove Individuals: The City shall have the right at any time to require that the vendor remove from interaction with City any vendor representative who the City believes is detrimental to its working relationship with the vendor. Can you comply with this? 16. Encryption of Data at Rest: Can you ensure hard drive encryption consistent with validated cryptography standards as referenced in FIPS 140-2, Security Requirements for Cryptographic Modules for all personal data? 17. Internet-Facing Security: We may use BitSight (like a credit report for cyber security) to assess your internet-facing security. Do you subscribe to BitSight or a similar service, and if so are you willing to provide a sanitized report? 18. Service Interruption: In the event of an interruption of your service, what is your process for notifying customer operations of the circumstances of the interruption or outage and the expected recovery time? 19. Backup and Recovery: What is your backup & recovery SLA? What are the actual results/metrics vs. the SLA for the last 12 months? Is your backup data encrypted and, if so, to what standard? 20. Authentication: Do you have an internal password policy? Do you have complexity or length requirements for passwords? Do employees/contractors have ability to remotely connect to your production systems? (i.e. VPN. Is multi-factor authentication available? Do you require MFA for administration of your service (local or remote)? Do you support SSO/SAML ADFS for customer access? 21. Cyber Insurance: Does your firm carry cyber insurance? If so, what are your insurance levels? Exhibit C Total Cost of Ownership Spreadsheet Total Cost of Ownership Vendor X Yr1 Yr2 Yr3 Yr4 Yr5 Cost ITEM Summary 2019 2020 2021 2022 2023 One time Costs Ongoing costs Total One Time Costs $0.00 $0.00 $0.00 $0.00 $0.00 Total On Going Costs $0.00 $0.00 $0.00 $0.00 $0.00 TOTAL $0.00 $0.00 $0.00 $0.00 $0.00 Include spreadsheet of all costs for implementation, licensing, training, maintenance & support, etc. with your proposal so that we can see all one-time and recurring costs for your solution for Years 1-5.