HomeMy WebLinkAboutRFP - 8876 EVIDENCE MANAGEMENT SYSTEM8876 Evidence Management System Page 1 of 29
REQUEST FOR PROPOSAL
8876 EVIDENCE MANAGEMENT SYSTEM
The City of Fort Collins is requesting proposals from qualified Vendors to select a stand-alone,
browser-based or a hosted Property and Evidence Management System that provides improved
efficiencies, accuracy, accessibility and ease of use regarding the intake, management and
disposition of property and evidence.
As part of the City’s commitment to Sustainable Purchasing, proposals submission via
email is preferred. Proposals shall be submitted in a single Microsoft Word or PDF file
under 20MB and e-mailed to: purchasing@fcgov.com. If electing to submit a hard copy
proposal we require one (1) hard copy and one (1) electronic copy on a jump drive to be
received at the City of Fort Collins' Purchasing Division, 215 North Mason St., 2nd floor, Fort
Collins, Colorado 80524. Proposals must be received before 3:00 p.m. (our clock) on
March 29, 2019 and referenced as Proposal No. 8876. If delivered, they are to be sent to 215
North Mason Street, 2nd Floor, Fort Collins, Colorado 80524. If mailed, the address is P.O. Box
580, Fort Collins, 80522-0580. Please note, additional time is required for bids mailed to the PO
Box to be received at the Purchasing Office.
The City encourages all Disadvantaged Business Enterprises (DBEs) to submit proposals in
response to all requests for proposals. No individual or business will be discriminated against
on the grounds of race, color, sex, or national origin. It is the City’s policy to create a level
playing field on which DBEs can compete fairly and to ensure nondiscrimination in the award
and administration of all contracts.
All questions should be submitted, in writing via email, to Ed Bonnette, CPM, CPPB, Senior
Buyer at ebonnette@fcgov.com, with a copy to Project Manager, Lisa Robles at
LRobles@fcgov.com, no later than 5:00 PM MST (our clock) on 3/15/19. Please format your
e-mail to include: RFP 8876 EVIDENCE MANAGEMENT SYSTEM in the subject line. Questions
received after this deadline may not be answered. Responses to all questions submitted before
the deadline will be addressed in an addendum and posted on the Rocky Mountain E-Purchasing
System webpage.
Rocky Mountain E-Purchasing System hosted by Bidnet
A copy of the RFP may be obtained at http://www.bidnetdirect.com/colorado/city-of-fort-collins.
This RFP has been posted utilizing the following Commodity Code(s):
20837 Database Software, Database Software for Microcomputers, Software, Database
(Microcomputer), Microcomputer Database Software
20938 Database, Database Software for Mini/Mainframe Computers, Software, Database
(Mini/Mainframe Computer), Computer Database Software, Mini/Mainframe
91829 Computer Software Consulting, Consulting Services, Computer-Software, Consulting
Services
Financial Services
Purchasing Division
215 N. Mason St. 2nd Floor
PO Box 580
Fort Collins, CO 80522
970.221.6775
970.221.6707
fcgov.com/purchasing
8876 Evidence Management System Page 2 of 29
92014 Applications Software (for Minicomputer Systems), Software, Applications (for
Minicomputer Systems), Minicomputer Systems Software (Applications)
92046 Software Updating Services, Software Subscription Services, Updating Services,
Software, Subscription Services, Software
Public Viewing Copy: The City is a governmental entity subject to the Colorado Open Records
Act, C.R.S. §§ 24-72-200.1 et seq. (“CORA”). Any proposals submitted hereunder are subject
to public disclosure by the City pursuant to CORA and City ordinances. Vendors may submit
one (1) additional complete proposal clearly marked “FOR PUBLIC VIEWING.” In this version
of the proposal, the Vendor may redact text and/or data that it deems confidential or proprietary
pursuant to CORA. Such statement does not necessarily exempt such documentation from
public disclosure if required by CORA, by order of a court of appropriate jurisdiction, or other
applicable law. Generally, under CORA trade secrets, confidential commercial and financial
data information is not required to be disclosed by the City. Proposals may not be marked
“Confidential” or ‘Proprietary’ in their entirety. All provisions of any contract resulting from
this request for proposal will be public information.
New Vendors: The City requires new Vendors receiving awards from the City to fill out and
submit an IRS form W-9 and to register for Direct Deposit (Electronic) payment. If needed, the
W-9 form and the Vendor Direct Deposit Authorization Form can be found on the City’s
Purchasing website at www.fcgov.com/purchasing under Vendor Reference Documents. Please
do not submit with your proposal.
Sales Prohibited/Conflict of Interest: No officer, employee, or member of City Council, shall
have a financial interest in the sale to the City of any real or personal property, equipment,
material, supplies or services where such officer or employee exercises directly or indirectly any
decision-making authority concerning such sale or any supervisory authority over the services to
be rendered. This rule also applies to subcontracts with the City. Soliciting or accepting any gift,
gratuity favor, entertainment, kickback or any items of monetary value from any person who has
or is seeking to do business with the City of Fort Collins is prohibited.
Collusive or Sham Proposals: Any proposal deemed to be collusive or a sham proposal will
be rejected and reported to authorities as such. Your authorized signature of this proposal
assures that such proposal is genuine and is not a collusive or sham proposal.
The City of Fort Collins reserves the right to reject any and all proposals and to waive any
irregularities or informalities.
Utilization of Award by Other Agencies: The City of Fort Collins reserves the right to allow
other state and local governmental agencies, political subdivisions, and/or school districts to
utilize the resulting award under all terms and conditions specified and upon agreement by all
parties. Usage by any other entity shall not have a negative impact on the City of Fort Collins in
the current term or in any future terms.
Sincerely,
Gerry Paul
Purchasing Director
8876 Evidence Management System Page 3 of 29
I. BACKGROUND & OBJECTIVE / OVERVIEW
A. Objective
The City of Fort Collins is requesting proposals from qualified Vendors to select a stand-
alone, browser-based or a hosted Property and Evidence Management System that
provides improved efficiencies, accuracy, accessibility and ease of use regarding the
intake, management and disposition of property and evidence.
B. Background
Fort Collins Police Service (FCPS) has over 200 sworn officers and over 120 civilian
personnel serving a community of over 165,000 residents. The Evidence Unit is
comprised of 6 full time Evidence Technicians and 1 Evidence Supervisor. The Evidence
Unit takes in approximately 1,500 items per month and manages the ongoing storage,
handling and “chain of custody” on approximately 180,184 items.
Fort Collins Police Services has been utilizing an integrated Property module within the
current Tiburon/Total Command/RMS system and the primary objective is to select a
stand-alone, browser-based or a hosted Property and Evidence Management System to
include a Digital Evidence Management system that provides improved efficiencies,
accuracy, accessibility and ease of use regarding the intake, management and disposition
of property and evidence. This Agency is also interested in looking for a software provider
with 5+ years’ experience providing automated digital information workflow solutions for
law enforcement agencies, including references from other Colorado Law Enforcement
Agencies
This Agency is seeking an Evidence Management and Digital Evidence Management
solution to manage data including physical evidence along with digital evidence
captured by electronic devices including but not limited to in-car cameras (ICCs), body-
worn cameras (BWCs), interview room recording systems, surveillance recording
systems, and cameras used by the Forensics Services Division (FSD) to capture crime
scene photos and video.
The vendor solution is required to provide this agency with the ability to access, manage
and store all systems and data on site and in the cloud.
City of Fort Collins Information Technology Department Provided Systems and
Services:
1. High Speed Internet Connection
2. WAN connections
3. Security based on CJIS standards
4. Equipment including desktops, tablets and laptops
City of Fort Collins Police Department Available Systems and Services:
The Department’s preference is for an on-premise solution for physical evidence with
servers, applications and data on-site.
For digital evidence, the department’s preference is a cloud-based solution.
8876 Evidence Management System Page 4 of 29
Police Department On-Premise Services
1. Virtual server environment and storage
2. Disaster recovery (backups)
3. Business continuity (replication)
Server / Application / Storage Options:
The solution must have the ability to provide at least one copy of evidentiary video
on premise and at least one copy in the cloud.
II. SCOPE OF PROPOSAL
A. Objective
The objective of this RFP is for Fort Collins Police Services to procure a state of the art system
for Property and Evidence Management that provides improved efficiencies, accuracy,
accessibility and ease of use regarding the intake, management and disposition of property
and evidence. Items to be included in the Vendor’s response are defined in Section III.
PROPOSAL SUBMITTAL.
B. Deliverables/Milestones
The following deliverable milestones have been identified as examples. Vendor is to propose
milestones, target dates, percent of project completion and associated milestone payment to
be triggered upon successful completion as part of their proposal.
1. System installation
2. Trial Run
3. Core product training
4. Go Live
5. Project Acceptance
C. Anticipated Schedule
The following represents the City’s target schedule for the RFP. The City reserves the
right to amend the target schedule at any time.
• RFP issuance: 3/8/19
• Question deadline: 5:00 PM MST on 3/15/19
• Proposal due date: 3:00 MST (our clock) on 3/29/19
• Interviews/Demonstration (tentative): Week of 4/15/19
• Award of Contract (tentative): 5/10/19
• Completion of project: TBD
D. Interviews/Demonstrations
In addition to submitting a written proposal, the top-rated Vendors may be interviewed by
the RFP assessment team and asked to participate in an oral presentation/demonstration
to provide an overview of the company, system demonstration and to address questions.
8876 Evidence Management System Page 5 of 29
The evaluation criteria for the oral interview/demonstration will be the same as the criteria
for the written evaluations and is included in Section IV.
E. Travel & Expenses
Contractors are to provide a list of fees for reimbursable expenses. Reasonable expenses
will be reimbursable as per Fort Collins Expense guidelines.
F. Subcontractors
Vendors will be responsible for identifying any subcontractors in their proposal. Please
note that the City will contract solely with the awarded Vendor; therefore subcontractors
will be the responsibility of the Vendor.
G. Proposal Format
Please limit the total length of your proposal to a maximum of twenty-five (25) double sided
or fifty (50) single sided 8 ½ x 11” pages (excluding cover pages, table of contents,
dividers and Vendor Statement form). Font shall be a minimum of 10 Arial and margins
are limited to no less than .5” for sides and top/bottom. Extended page sizes, such as 11”
x 17”, count as a single page. Please, no embedded documents. Proposals that do not
conform to these requirements may be rejected.
H. Fees, Licenses, Permits
The successful Vendor shall be responsible for obtaining any necessary licenses, fees or
permits without additional expense to the City. All equipment shall be properly licensed
and insured, carry the appropriate permits and be placarded as required by law.
I. Laws and Regulations
The Vendor agrees to comply fully with all applicable local, State of Colorado and Federal
laws and regulations and municipal ordinances.
J. Invoicing and Payment
Invoices should be emailed to invoices@fcgov.com with a copy to the Project Manager.
The cost of the work completed shall be paid to the Vendor per the Milestone Schedule
following the submittal of a correct invoice by the Vendor indicating the project name,
Purchase Order number, task description, hours worked, personnel/work type category,
hourly rate for each employee/work type category, date of the work performed specific to
the task, percentage of that work that has been completed by task, 3rd party supporting
documentation with the same detail and a brief progress report.
Payments will be made using the prices listed on the agreed-to Price Schedule. In the
event a service is requested which is not listed on the Price Schedule, the Vendor and the
City will negotiate an appropriate unit price for the service prior to the Vendor initiating
such work.
The City pays invoices on Net 30 terms.
III. PROPOSAL SUBMITTAL
For this section, Vendors are required to provide detailed written responses to the following
items in the order outlined below. The responses shall be considered technical offers of what
Vendors propose to provide and shall be incorporated in the contract award as deemed
8876 Evidence Management System Page 6 of 29
appropriate by the City. A proposal that does not include all the information required may be
deemed non-responsive and subject to rejection.
Responses must include all the items in the order listed below. It is suggested that the Vendors
include each of the City’s questions with their response immediately following the question.
The City of Fort Collins shall not reimburse any firm for costs incurred in the preparation and
presentation of their proposal.
A. Cover Letter / Executive Summary
The Executive Summary should highlight the content of the proposal and features of the
program offered, including a general description of the program and any unique aspects
or benefits provided by your firm.
Indicate your availability to participate in the interviews/demonstrations on the proposed
dates as stated in the Schedule section.
B. Vendor Information
1. Describe the Vendor’s business and background
2. Number of years in the business
3. Details about ownership
4. An overview of services offered and qualifications
5. Size of the firm
6. Location(s) of offices. If multiple, please identify which will be the primary for our
account.
7. Primary contact information for the company including contact name(s) and title(s),
mailing address(s), phone number(s), and email address(s). Complete Section V,
Vendor Statement.
C. Scope of Proposal
1. Provide a detailed narrative of the services proposed if awarded the contract per the
scope above. The narrative should include any options that may be beneficial for the
City to consider.
2. Describe how the project would be managed and who would have primary
responsibility for its timely and professional completion.
3. Describe the methods and timeline of communication your firm will use with the
City’s Project Manager and other parties.
4. Complete Exhibit A Functional Requirements with your replies (Yes, No, N/A, or
Future and your comments, if any) and include it with your Proposal.
5. Complete Exhibit B SaaS Cyber Vendor /Questionnaire with your response to the
questions; and include it with your Proposal.
6. Identify what portion of work, if any, may be subcontracted and/or any third-party
software licenses that may be required.
7. Address system functionality and ease of use across different user groups: from the
initial collection, through transfers during the legal process, to final disposition; there
must be efficiency of processes without duplication of efforts, while maintaining an
8876 Evidence Management System Page 7 of 29
impeccable chain of custody throughout. All system users must be able to navigate
and access the system as needed and in an intuitive and streamlined manner.
8. Data conversion/Records Management System interface capabilities: describe how
the proposed system provides for the extraction and conversion of existing data.
9. System implementation/optimization/maintenance/training/deployment/technical
support: Describe your ability to tailor system screens, fields, features, forms, letters
and labels for Fort Collins Police Services’ needs at time of installation and as needs
change in the future. Describe your comprehensive and detailed training and
deployment plans. Describe the degree and nature of customer service and technical
support availability, responsiveness and efficacy.
10. Technology utilization, planning and cyber security: Describe your system
capabilities, accessibility, security and storage capacities. Describe your system
utilization of most current applicable technologies. Describe your system planning
and upgradability to utilize upcoming/future technologies. Address data protection,
privacy and security safeguards.
D. Firm Capability
Provide relevant information regarding previous experience related to this or similar
Projects, to include the following:
1. Provide an Organization Chart/Proposed Project Team: An organization chart
containing the names of all key personnel and sub consultants with titles and their
specific task assignment for this Agreement shall be provided in this section.
2. A list of qualifications for your firm and qualifications and experience of the specific
staff members proposed to perform the consulting services described above.
3. Provide examples of at least two projects where you’ve worked with your sub-
consultants. List the sub-consultant firm(s) for this Agreement, their area(s) of
expertise, and include all other applicable information herein requested for each sub-
consultant. Identify what portion of work, if any, may be sub-contracted.
4. References (current contact name, agency, current telephone number and email
address) from at least three similar projects with law enforcement agencies with
similar requirements that have been completed within the past five (5) years and that
have involved the staff proposed to work on this project. Provide a description of the
work performed. The Vendor authorizes City to verify any and all information
contained in the Vendor’s submittal from references contained herein and hereby
releases all those concerned providing information as a reference from any liability in
connection with any information they give.
E. Assigned Personnel
1. List of Project Personnel: This list should include the identification of the contact
person with primary responsibility for this Agreement, the personnel proposed for this
Agreement, and any supervisory personnel, including partners and/or sub
consultants, and their individual areas of responsibility.
2. A resume for each professional and technical person assigned to the Agreement,
including partners and/or sub consultants, shall be submitted. The résumés shall
8876 Evidence Management System Page 8 of 29
include at least three individual references from previous assignments. Please limit
resumes to one page.
3. Some functions of this project may require the use of sub-consultants. If you intend
to utilize sub-consultants you must list each and provide resumes for their key
personnel. If no sub-consultants will be used, please state so.
4. Describe the availability of project personnel to participate in this project in the
context of the contractor firm’s other commitments.
F. Cost and Work Hours
In your response to this proposal, please provide the following:
1. Estimated Hours by Task: Provide estimated hours for each proposed task by job
title and employee name, including the time required for meetings, conference calls,
etc.
2. Cost by Task: Provide the cost of each task identified in the Scope of Proposal
section. Provide a total not to exceed figure for the Scope of Proposal. Price all
additional services/deliverables separately.
3. Schedule of Rates: Provide a schedule of billing rates by category of employee and
job title to be used during the term of the Agreement. This fee schedule will be firm
for at least one (1) year from the date of the Agreement. The fee schedule will be
used as a basis for determining fees should additional services be necessary.
Include a per meeting rate in the event additional meetings are needed. A fee
schedule for sub-consultants, if used, shall be included.
4. All direct costs (i.e., travel, printing, postage, etc.) specifically attributed to the project
and not included in the billing rates must be identified. Travel expenses may be
reimbursable as per Fort Collins Expense Guidelines. Vendor will be required to
provide original receipts to the City for all travel expenses.
5. Complete Exhibit C Total Cost of Ownership Spreadsheet with Initial Costs (one-
time) plus Recurring Costs for Years 1-5. The goal is to provide an accurate picture
of cost from project initiation through Year 5.
a. Include any applicable costs for support & maintenance for 5 years.
b. Software Licensing Cost
Vendor is to provide fixed license costs for the first five (5) years in the
spreadsheet, broken down by year.
c. Initial Installation and Setup Cost
Vendor is to provide cost for initial installation and setup of the system.
d. Hosting Fees (if applicable)
Vendor is to provide any cost for hosting fees for software as a service (if this is
part of your proposed system).
e. Training Cost
Vendor is to provide an overview of proposed training plan/strategy specifying
how training is to be delivered.
8876 Evidence Management System Page 9 of 29
f. Maintenance & Support Cost
The City will require fixed maintenance fees for five (5) years following
implementation. Provide costs for maintenance and support for each year for five
years. Price increases for years beyond the initial 5 years will be capped by a
mutually -agreed upon percentage.
g. Optional Services
If other product specific services are recommended an estimate should be
provided. Potential services may include data loading and configuration of
existing data from the old system to the new one.
G. Additional Information
Provide any information that distinguishes Vendor from its competition and any additional
information applicable to this RFP that might be valuable in assessing Vendor’s proposal.
Explain any concerns Vendor may have in maintaining objectivity in recommending the
best solution. All potential conflicts of interest must be disclosed.
H. Agreement
Vendors submitting a proposal shall provide their template agreement(s) for product
licenses, implementation, support & maintenance.
IV. REVIEW AND ASSESSMENT CRITERIA
A. Proposal and Interview/Demonstration Assessment Criteria
Vendors will be evaluated on the following criteria. All criteria will be equally weighted.
These criteria will be the basis for review and assessment of the written proposals and
optional interview/demonstration session. At the discretion of the City, interviews and/or
demonstrations of the top-rated Vendors may be conducted.
1) Vendor organization, capability, and assigned personnel
2) System functionality and ease of use across different user groups:
System compliance to the City’s functional requirements stated in Exhibit A. Also,
from the initial collection, through transfers during the legal process, to final
disposition – there must be efficiency of processes without duplication of efforts,
while maintaining a robust chain of custody throughout. All system users must be
able to navigate and access the system as needed and in an intuitive and
streamlined manner.
3) Data conversion/Records Management System interface capabilities:
The extent to which the Vendor and the proposed system provides for the extraction
and conversion of existing data; avoids duplicate data from and into existing and
future records management system. The vendor’s proven success in interfacing/data
8876 Evidence Management System Page 10 of 29
extraction and conversion between evidence management system and records
management system will be considered.
4) System implementation/optimization/maintenance/training/deployment/technicial
support:
Time-line to implement and convert existing data and records. Ability to tailor system
screens, fields, features, forms, letters and labels for Fort Collins Police Services’ needs
at time of installation and as needs change in future. Comprehensive and detailed
training and deployment plans. The degree and nature of customer service and technical
support availability, responsiveness and efficacy.
5) Technology utilization, planning and cyber security:
System capabilities, accessibility, security and storage capacities of vendor hosted
servers. System utilization of most current applicable technologies. System planning
and upgradability to utilize upcoming/future technologies. Data protection and
privacy and security safeguards.
6) Pricing:
The comprehensive and detailed nature of the proposed pricing provided in Exhibit
C, along with explanations of included and optional software, hardware and services,
and the degree to which the costs provide best value and are most advantageous to
the City’s financial resources.
B. Reference Evaluation Criteria
Prior to award, the Project Manager may check references and contact information
from law enforcement agencies currently utilizing Vendor’s proposed property and
evidence management system, to verify the degree of a successful system
implementation, duration of use, and customer service/support satisfaction.
8876 Evidence Management System Page 11 of 29
V. VENDOR STATEMENT
Vendor hereby acknowledges receipt of the City of Fort Collins Request for Proposal and
acknowledges that it has read and agrees to be fully bound by all of the terms, conditions and
other provisions set forth in the RFP. Additionally, Vendor hereby makes the following
representations to City:
a. All of the statements and representations made in this proposal are true to the best of the
Vendor’s knowledge and belief.
b. Vendor commits that it is able to meet the terms provided in this proposal.
c. This proposal is a firm and binding offer, for a period of 90 days from the date hereof.
d. Vendor further agrees that the method of award is acceptable.
e. Vendor also agrees to complete an Agreement with the City of Fort Collins within 30 days
of notice of award. If contract is not completed and signed within 30 days, City reserves
the right to cancel and award to the next highest rated firm.
f. Vendor acknowledge receipt of addenda.
Firm Name:
Physical Address:
Remit to Address:
Phone:
Name of Authorized Agent of Firm:
Signature of Authorized Agent:
Primary Contact for Project:
Title: Email Address:
Phone: Cell Phone:
NOTE: VENDOR STATEMENT IS TO BE SIGNED & RETURNED WITH YOUR PROPOSAL.
Exhibit A
Functional Requirements
Functional Requirements:
The following section details the functional requirements for the system solution. The
City is looking for a comprehensive and best practice solution for an Evidence
Management system which includes a Digital Evidence Management System. Respond
with “Yes”, “No” or “Future Release” in the column titled “Included” to indicate if the
feature is present in the current proposed release. A copy of this table will be available
for editing.
REQUIRED FUNCTIONALITY
Description
Included:
“Yes” “No”
“N/A or
“Future”
Alternate Proposal,
Comments
1-Physical Locations for on-site premise:
1. One Site – Police Headquarters or virtual
data room.
2-Licensing Requirements:
1. The cost includes the ability to create an
unlimited number of user accounts.
2. Ability to add temporary users/licenses in
the event of a major or catastrophic event.
3. System must include licensing for an
unlimited number of digital cameras.
4. System cannot use any hardware copy
protection such as dongles, hardware keys,
hardware tokens, or security devices at
either the server side or the client side.
3-Minimum Requirements for Number of Original Assets Supported:
1. Implementation – 10,000,000
2. Upgrade Option – 100,000,000
4-Storage Requirements:
1. Implementation: All Video – 70TB
2. Year 1: All Video 80TB, Evidentiary Video
20TB
3. Year 2: All Video 90TB, Evidentiary Video
30TB
4.
4. Year 3: All Video 100TB, Evidentiary Video
40TB
5. Year 4: All Video 110TB, Evidentiary Video
50TB
6. Year 5: All Video 120TB, Evidentiary Video
60TB
5-Storage Requirements for pricing models based on number of user accounts and type
of access: 1. Evidence, Sworn, Records – 250 accounts,
50GB per account, with acquire, view, etc.
access.
2. Administrators – 4 accounts, 50GB per
account, with Admin access. Ability to set
different levels of admin access based on
user type.
3. District Attorney (DA) and other Law
Enforcement Agencies (LEA) – 20 accounts,
50GB per account, with copy, view access.
6-Criteria for Cloud Bandwidth Requirements, Year 1 - 5:
1. Average Length of Video – 10 minutes
2. Average File Size – 150MB
3. Average Writes per year (new) – 350,000
4. Average Retrieval per year (download) –
16,000
5. Average Reads per year (views) – 62,000
6. Average Writes per year (modify, including
meta data changes) – 2,000,000
7. System must include automatic lossless
compression for rapid data transfer of all
data transferred over a wired or wireless
network connection.
7-Security Requirements:
1. Systems providing access by external
users to case files must support the
ability for the Department to secure and
log access utilizing City’s firewall and/or
access lists.
2. Transport security must automatically
encrypt and decrypt all data transferred or
transmitted over a wired or wireless network
connection utilizing a minimum of 3DES
encryption and/or AES encryption.
3. Must allow security to be set at multiple
levels within digital evidence server and in
evidence management system including but
not limited to case number, case type, or
individual file.
4. System must provide an audit trail log file
that cannot be altered that includes
tracking of the following for the digital
evidence management:
a. Users attempting to or accessing the
system or file, and from what location.
b. Actions performed (acquire, view,
modify, enhance, export, etc.).
c. Changes to access control levels.
d. All audit trail items must be securely
time stamped.
e. Audit trail log must be stored and
indexed in a searchable database.
f.
f.
Any other logs required by CJIS.
5. System must provide an audit trail that
cannot be altered for each item of physical
evidence which includes tracking the
following:
a. Updates to any chain of custody.
b. Any movement of the item within the
evidence storage areas.
c. Any inventory of the item.
d. Any time the item has been scanned.
6. System must include easily managed
administrator definable multilevel security
for access to files, information, and
evidence based on roles.
7. System must provide security method for
strictly limiting access for users to certain
folders or data within a case file, which
they have been provided access.
8. System shall be managed in a granular
permissions and security model.
9. System must have proactive system
monitoring capable of detecting and
notifying the System Administrator by email
and text message of any failure in any
component in the storage array or any
station on the network.
10. Software source code, executables, and
scripts must be digitally self-signed to
confirm the software author and to
guarantee that the code has not been
altered or corrupted since it was signed by
the cryptographic hash.
11. All digital assets must be scanned for
corrupt files or zero-bite size files using
embedded error checking upon entry into
the system.
12. Ensure software is developed and deployed
using secure coding practices and business
processes that minimize security flaws within
the software and notification will be made to
FCPS in the event changes are made that
affect these practices and processes.
13. Ensure safety and security procedures are
maintained and enforced with respect to
access and maintenance of client data.
14. All client data must be stored in a safe and
secure environment and protection from
unauthorized access, modification, theft,
misuse or damage whether the data resides
in a repository or during transmission over
the network and must be stored in the
United States.
15. Vendor must provide ability for this agency
to acquire our raw data through an export to
XLS or CSV file at any time.
16. Notification shall be made to FCPS as soon
as possible but no longer than 24 hours when
a security breach has been discovered
whether actual or attempted.
17. Protection against software failure with
backup and recovery procedures.
18. The software must be CJIS compliant.
19. System should allow for single sign-on
capabilities.
8-System Requirements:
1. A complete Evidence Management System
including software, barcode/RFID/other
storage tracking hardware, supplies and
services including installation,
customization/optimization to Agency
specifications/needs, training, remote access
and on-site system support as required.
2. Recovery Time Objective (RTO) is less than
or equal to one hour.
3. Recovery Point Objective (RPO) is less than
or equal to 15 minutes.
4. The system solution must be compliant
with current existing statutes, standards,
and guidelines, of the Rules of Evidence.
5. Solution must be capable of easily
increasing storage capacity and must not
require additional purchase of software
licenses.
6. System must be fully compatible with:
a. Windows 7 32-bit, 64-bit
b. Windows 10 64-bit
o All subsequent updates to
Windows 10 builds (ie. Version
1803, 1809, etc.)
c. Internet Explorer 11
d. Google Chrome
7. Agency prefers but is not limited to a browser-
based client.
8. Agency prefers ability to use the current
barcodes on evidence currently in FCPS
custody so that existing items will not need to
be re-barcoded.
9. System shall support standard file types
and RAW formats for digital photographs,
in addition to audio and video files, and
documents.
10. The system must work easily and efficiently
and be capable of supporting 10,000,000,
upgradeable to 100,000,000, original assets
with copies stored simultaneously in multiple
locations.
11. All assets, data, and database(s) must be
stored in non-proprietary industry standard
formats.
12. System must support “verbose” log
tracking for the purpose of both local and
remote system diagnostics.
13. Digital media uploaded to the system will
be stored in a non-proprietary format and
will be easily accessible without the need
to convert the format.
9-Server-Client System Requirements:
1. Virtual Servers must work in a VMWare
environment, or any other virtual
environment the Agency chooses.
2. Server-Client System must include active
hardware monitoring and reporting and
provide alerting by email and text message
of availability, performance, utilization, audit
trail log events, and hardware failures.
3. It is a requirement for the vendor to supply a
server solution that has complete restore of
server functions and data from a backup
server or servers with no loss of
functionality.
4. All servers, data, assets, information,
evidence, processed evidence, database
files, and audit trail log files must be stored
and replicated in separate locations.
10-Cloud-Based System Requirements:
1. Individual assets and the database must
meet CJIS requirements for encryption of
CJI data in transit and at rest.
2. Vendor must agree to cooperate with
Agency’s vendor of choice if Agency
chooses to contract for an alternate DEMS
solution if/when solution selected in
response to this RFP no longer meets
requirements.
3. Vendor must provide a cost-effective
method for transferring all data from cloud to
Agency, without penalty; transferred data
must include all meta-data and retention
classification.
11-Functional Requirements:
Digital Evidence:
1. System shall allow users to upload files to a
central location for storage and case
management in an easy and expedited
manner.
2. System must have the capability for
acquiring, processing, authenticating,
storing, and playback of digital images,
digital audio, and digital video in
common formats.
3. Must be able to upload data from
multiple formats to include, but not
limited to, SD cards, hard drive, disks,
etc.
4. System must maintain/store original
copy of evidentiary files and any
manipulation must be of a working copy
only.
5. System must support the ability for users to
search for assets and evidence online by
case number, user ID, location, crime type,
date, notes, or any other designated
database field or combination of multiple
fields.
12-Physical and Digital Evidence:
1. Must meet industry standards for chain of
custody related to all entries, movements and
disposal of items.
2. Consistent barcode/RFID/or other inventory
storage tracking technology in
property/evidence module to facilitate
tracking, inventory and other data entry
retrieval.
3. Interface should be user friendly, allowing for
easy and efficient entry of evidence
information into the database.
4. System must have capability for an electronic
signature capture.
5. Use of wireless PDA scanner/reader with
data entry, signature capture capabilities and
sufficient memory to accommodate data
collection on crime scenes, off-site property
storage locations, labs, and for inventories
and audits.
6. Use of workstations, smartphones, IPads or
Tablets connecting through a secure tunnel
such as a VPN or private cellular network.
7. Ability to associate/link multiple case numbers
to digital evidence or physical evidence.
8. Use of dynamic barcodes (does not require
user to pull up multiple screens and enter a
particular
field to have a bar code pull up an item –
should be able to scan a barcode and the
item will populate on the screen).
9. This system will need to provide robust
tracking for large inventories and the ability to
pick up the process later when the inventory
cannot be completed on the same day.
10. System should allow for straight forward and
uncomplicated mass movement of items,
such as changing locations and documenting
destructions.
11. System should also allow the user to add
notes to the items in bulk or individually.
12. System should have capability to flag items or
note special instructions in a journal entry
style.
13. System should have the capability to identify
items for case review as defined by retention
policy.
14. Officer entry module should have an intuitive,
easy to use, format for property & evidence
intake and barcode printing at the agency,
remote locations or via mobile printing.
15. System should have routing or workflow
capabilities.
16. System should have capability to allow non-
evidence personnel to route requests to the
evidence unit (two-way routing).
17. System must have the ability to create a
container, listing the individual items stored
inside the container and the ability to move a
full container without the need to rescan each
item.
18. System must have the ability for users to
generate and create various reports related to
property/evidence either system generated or
through Crystal Reports without additional
cost.
19. Ability to sort results of queries and create
output reports from said queries.
20. System must have the ability to create and
generate user configurable forms and letters
that can be completed and forwarded
electronically, attached to a case file in RMS,
or printed as needed.
21. Ability to start the chain of custody process
when the officer places the item in the
temporary locker. The officer should be able
to print one label which contains all item
information as well as barcode at time of log
in.
22. Complete inventory report to include 1) Items
scanned correctly 2) Items not scanned 3)
Items scanned in a wrong location 4) And the
ability to attach notes to the incorrect files
without manipulation of the data. Also, track
that the item was part of the inventory in the
item history file with the notes if any were
attached for that item.
23. Ability to search multiple fields at the same
time, including wild cards.
24. Ability to save frequently used searches for
future use
25. Ability to attach documentation related to
items of evidence, such as emails, written
correspondence, photocopies of IDs, etc. but
not be considered an item of evidence.
13-Digital Media Input or Acquire Requirements:
1. Input devices include various photo and
video capture devices in use by the
Department and by area businesses.
System shall provide the ability to acquire
digital data directly from capture devices
such as digital cameras and shall acquire
data from the following managed systems.
In-Car Camera System
1. System must have the ability to acquire and
store non-evidentiary and evidentiary video
files stored in agency’s in-car camera
system.
2. Acquired video must include meta data
and audit trail log files.
3. System shall automatically add case
number and categorize video for retention
purposes by utilizing .csv file provided by
Department.
Interview Room System –
1. DEMS shall automatically acquire
evidentiary video files copied from
existing servers to network file shares
for the purpose of providing access to
the new DEMS system.
2. Acquired video file will be provided to
vendor by Department with the case
number.
14-Digital Evidence Process Requirements:
1. System must have the ability to
automatically assign an existing
case number for each case.
2. System must provide automated case
building as data is acquired from
various systems and devices.
3. System must automatically assign a
retention date to each file or case for
review.
4. System must provide searchable fields
including case number, offense type,
user ID, victim or offender name,
location, GPS coordinates, and others.
5. System may link from within
Department’s RMS case file to provide
access to DEMS case file.
15-Evidence Record Process Requirements
1. System will assure that any asset that it
acquired can be viewed from within
DEMS.
2. System will have mobile, web-based
management, and desktop
management programs available.
3. System must provide multiple options
for searching fields, including wildcards
and the ability to search across multiple
fields simultaneously.
4. System must allow for Agency to
customize as needed to meet agency
needs and to integrate similar
names/titles and information as the
RMS system.
5. Agency Administrator(s) should have
the capability to customize the screen
displays.
6. System should have the ability to set up
automated reminders/tickler system for
annual audits, inventories, or any
processes, with the ability to assign
these reminders/ticklers to a group or
individual user.
7. Automated processes for tracking and
reconciliation of money booked as
evidence.
16-Output Requirements:
Video/Photo Viewing –
1. System will assure that any asset that it
acquired can be viewed from within
DEMS.
2. System must support the ability for
users to view assets and evidence
online as thumbnails or full-size
images.
Sharing Case Files –
1. System must support ability to share
read only case files with external users
such as the DA’s Office and City
Attorney’s Office via a web-based client.
2. Sharing with external users must be
secure and linked to user identity, and
activity included in audit trail log file.
3. System must provide the ability to set an
expiration date on access to externally
shared case files.
Video Copies –
1. System must support copying videos
and if required their proprietary players
to external storage device (DVD, flash
drive, hard drive, etc.).
2. System should provide extraction
or redaction capabilities of all video
files.
Photo Prints –
1. System must support printing photos to
existing high quality networked photo
printer system.
2. System must support user defined
variable multi-format printing layouts,
proof sheets, and thumbnails on various
print size media.
3. System must include the capability for
photos to be printed with case number
and associated data describing the
photo or a proof sheet with all the photos
from an event.
4. System must support automatic
printing of a copyright statement on
every page for images printed.
5. System must support automatic printing
of page numbers on every page for
images, proof sheets, or thumbnails
printed.
17-Software Integration Requirements:
1. System must have the capability to
directly interface with software already
in use at the Agency.
2. Vendor must support data migration
from the current RMS system if the
agency chooses.
a. Total Command Records
Management Solution
(RMS).
b. Total Command Computer-Aided
Dispatch (CAD).
c. In-Car Camera Video Solution.
d. Interview Rooms.
e. Axon Body Worn Cameras
(BWC).
18-Software Services:
1. Any customizations made to the system
by the vendor must be supported in new
versions of the product.
2. Vendor must be capable of providing
integration services when Department
acquires new technology.
19-System Installation and Support Requirements:
Installation Services –
1. Vendor shall provide installation
and startup services, and 30-day
testing services.
2. Vendor shall provide complete
printable online documentation for the
DEMS system installation instructions,
system administration and
maintenance, and technical reference
and user manuals.
3. Vendor shall provide network diagrams
indicating transport and workflows.
Technical Support –
1. Vendor shall provide technical support
24/7/365 for all system software
products for the System Administrator
at no charge for the duration of the
technical support service contract.
2. Support requests escalated as critical
or high priority by the Agency such as
full system outage require response
time of less than one hour by a live
person with engineering skills
24/7/365.
3. Less critical support requests shall be
responded to within four hours during
business hours.
4. Less critical support requests placed
after normal business hours shall be
responded to within four hours on the
first regular business day following
notification.
5. Vendor will provide system warranty,
annual software support contract, and
system upgrades.
Upgrades / Fixes –
1. Functional fixes to the system software
shall be provided as they are released
at no extra cost.
2. Supporting documentation reflecting
modifications is required and shall
include software matrix.
3. Software service packs should be
available for download from vendor’s
website and should include any newly
developed features.
20-Training Requirements:
1. Vendor must supply printable online
instructions in the form of manuals or
PowerPoint presentations that provide
detailed descriptions of every aspect of
the system administration and set up of
hardware and software including every
option available.
2. Vendor must supply an online
training program for users and
System Administrators covering the
complete workflow involving
acquisition, enhancement, and
output of all assets.
3. Vendor shall provide ongoing online
training for the duration of maintenance
and support agreement(s).
Exhibit B
SaaS Cyber Vendor Questionnaire
1. Data Ownership: The City of Fort Collins will own all right, title and interest in its data
that is related to the services provided. All data obtained by the vendor in the
performance of this services shall become and remain the property of the City. The
vendor will not share or distribute any City data to any other entity without the express
written consent of the City. Can you comply with this?
2. Data Protection: Describe how you safeguard the confidentiality, integrity and
availability of City information, including encryption of personal data in transit and at rest,
and access control. Do you have a privacy and security policy, and does the policy apply
to customers’ private data including personal identifiable information?
3. Data destruction: What procedures and safeguards does the vendor have in place for
sanitizing and disposing of City data according to prescribed retention schedules or
following the conclusion of a project or termination of a contract to render it
unrecoverable and prevent accidental and/or unauthorized access to City data?
4. Data Location: Are the data centers where City data may be stored or processed
located exclusively in the United States? Do you allow your personnel or contractors to
store City data on portable devices? Do your personnel and contractors access City data
remotely?
5. Security Incidents or Data Breaches: Describe your data breach and incident
response communication plans. Has the company experienced any security breaches? If
yes, explain.
6. Breach Responsibilities: In addition to data breach communication, what additional
responsibilities do you have to your customers in the event of a data breach involving
private data that is in your control, or in the control of your contractors/subsidiaries, at
the time of breach? Do you have cybersecurity insurance? If yes, provide an overview of
the coverage.
7. Background Checks: Do you conduct criminal background checks on all staff, including
subcontractors? Do you employ people convicted of any crime of dishonesty?
8. Access to Security Logs and Reports: The vendor shall provide reports to the City in
a format as specified in the SLA agreed to by both the vendor and the City. Reports shall
include latency statistics, user access, user access IP address, user access history and
security logs for all City files related to this contract. Can you comply with this?
9. Risk Assessments and Audits: Do you conduct periodic risk assessments to identify
cybersecurity threats, vulnerabilities, and potential business consequences? Do you
have regular independent assessments of your cybersecurity processes? Do you
perform independent audits of your data center? How often? What level of audit is
performed (e.g., SOC2)? Would you be willing to share redacted versions of your most
recent risk assessment and audit report with the City?
10. Change Control and Advance Notice: How do you communicate upgrades (e.g., major
upgrades, minor upgrades, system changes) that may impact service availability and
performance to your customers?
11. Upgrades: Are technology systems (e.g., servers, network devices, operating systems,
applications, malware definitions) regularly updated/patched? Do you have any systems
in production that are past end of life or that can no longer be patched?
12. Non-disclosure and Separation of Duties: Describe how you enforce separation of job
duties and limit staff knowledge of City data to that which is necessary to perform job
duties.
13. Import and Export of Data: Describe the data import and export processes from the
customer’s perspective.
14. Subcontractor Disclosure: Identify all your strategic business partners related to
services provided under this arrangement, including but not limited to all subcontractors
or other entities or individuals who may be a party to a joint venture or similar agreement
with the you, and who shall be involved in any application development and/or
operations.
15. Right to Remove Individuals: The City shall have the right at any time to require that
the vendor remove from interaction with City any vendor representative who the City
believes is detrimental to its working relationship with the vendor. Can you comply with
this?
16. Encryption of Data at Rest: Can you ensure hard drive encryption consistent with
validated cryptography standards as referenced in FIPS 140-2, Security Requirements
for Cryptographic Modules for all personal data?
17. Internet-Facing Security: We may use BitSight (like a credit report for cyber security) to
assess your internet-facing security. Do you subscribe to BitSight or a similar service,
and if so are you willing to provide a sanitized report?
18. Service Interruption: In the event of an interruption of your service, what is your
process for notifying customer operations of the circumstances of the interruption or
outage and the expected recovery time?
19. Backup and Recovery: What is your backup & recovery SLA? What are the actual
results/metrics vs. the SLA for the last 12 months? Is your backup data encrypted and, if
so, to what standard?
20. Authentication: Do you have an internal password policy? Do you have complexity or
length requirements for passwords? Do employees/contractors have ability to remotely
connect to your production systems? (i.e. VPN. Is multi-factor authentication available?
Do you require MFA for administration of your service (local or remote)? Do you support
SSO/SAML ADFS for customer access?
21. Cyber Insurance: Does your firm carry cyber insurance? If so, what are your insurance
levels?
Exhibit C
Total Cost of Ownership Spreadsheet
Total Cost of Ownership
Vendor X Yr1 Yr2 Yr3 Yr4 Yr5
Cost ITEM Summary 2019 2020 2021 2022 2023
One time Costs
Ongoing costs
Total One Time Costs
$0.00
$0.00
$0.00
$0.00
$0.00
Total On Going Costs
$0.00
$0.00
$0.00
$0.00
$0.00
TOTAL
$0.00
$0.00
$0.00
$0.00
$0.00
Include spreadsheet of all costs for implementation, licensing, training, maintenance & support,
etc. with your proposal so that we can see all one-time and recurring costs for your solution for
Years 1-5.