AG 19-227 - CI Security RETURN TO: Thomas Fichtner EXT: 2547
CITY OF FEDERAL, WAY LAW DEPARTMENT ROUTING FORM
1. ORIGINATING DEPT./DIV: Information Technology
2. ORIGINATING STAFF PERSON. Thomas Fichtner EXT: 2547 3. DATE REQ.BY: ASAP
4. TYPE OF DOCUMENT(CHECK ONE):
❑ CONTRACTOR SELECTION DOCUMENT(E.G.,RFB,RFP,RFQ)
❑ PUBLIC WORKS CONTRACT ❑ SMALL OR LIMITED PUBLIC WORKS CONTRACT
0 PROFESSIONAL SERVICE AGREEMENT ❑ MAINTENANCE AGREEMENT
❑ GOODS AND SERVICE AGREEMENT ❑ HUMAN SERVICES/CDBG
❑ REAL ESTATE DOCUMENT ❑ SECURITY DOCUMENT(E.G.BOND RELATED DOCUMENTS)
❑ ORDINANCE ❑ RESOLUTION
❑ CONTRACT AMENDMENT(AG#): ❑ INTERLOCAL
❑ OTHER
5. PROJECTNAME: Focused Security Assessment and Vulnerability Assessment
6. NAME OF CONTRACTOR: Critical Informatics Inc. dba CI Security
ADDRESS: 245 4th St,Suite 205,Bremerton,WA 98337 TELEPHONE (206)687-9100
E-MAIL: Vince.Ward @CI.Security FAX: (425)671-0928
SIGNATURE NAME: Vince Ward TITLE Director of Operations
7. EXHIBITS AND ATTACHMENTS:A SCOPE,WORK OR SERVICES A COMPENSATION ❑ INSURANCE REQUIREMENTS/CERTIFICATE ❑ ALL
OTHER REFERENCED EXHIBITS ❑ PROOF OF AUTHORITY TO SIGN ❑ REQUIRED LICENSES ❑ PRIOR CONTRACT/AMENDMENTS
8. TERM: COMMENCEMENT DATE: Upon Execution COMPLETION DATE: June 30th, 2020
9. TOTAL COMPENSATION$ 18,470.00 (INCLUDE EXPENSES AND SALES TAX,IF ANY)
(IF CALCULATED ON HOURLY LABOR CHARGE-ATTACH SCHEDULES OF EMPLOYEES TITLES AND HOLIDAY RATES)
REIMBURSABLE EXPENSE:❑YES 19NO IF YES,MAXIMUM DOLLAR AMOUNT: $
IS SALES TAX OWED ❑YES ANO IF YES,$ PAID BY:❑CONTRACTOR❑CITY
RETAINAGE: RETAINAGE AMOUNT: ❑RETAINAGE AGREEMENT(SEE CONTRACT) OR ❑RETAINAGE BOND PROVIDED
Q PURCHASING: PLEASE CHARGE TO: 502-1100-046-521-88-410
10. DOCUMENT/CONTRACT REVIEW INITIAL/DATE REVIEWED INITIAL/DATE APPROVED
❑ PROJECT MANAGER
❑ DIRECTOR
❑ RISK MANAGEMENT (IF APPLICABLE)
❑ LAW aec, IU n
11. COUNCIL APPROVAL(IF APPLICABLE) SCHEDULED COMMITTEE DATE: COMMITTEE APPROVAL DATE:
SCHEDULED COUNCIL DATE: COUNCIL APPROVAL DATE:
12. CqKTRACT SIGNATURE R01."TING
SENT TO VENDOR/CONTRAC101ti DATE SENT: DATE REC'D:
❑ ATTACH: SIGNATURE AUTHORITY, INSURANCE CERTIFICATE,LICENSES,EXHIBITS
❑ CREATE ELECTRONIC REMINDER/NOTIFICATION FOR 1 MONTH PRIOR TO EXPIRATION DATE
(Include dept.support staff if necessary and feel free to set notification more than a month in advance if council approval is needed.)
INITIAL/DATE SIGNED
X1 L.4 EPARTMENT 1 LA
,poSlGNATORY(MAYOR OR DIRECTOR) .r
CITY CLERK
ASSIGNED AG# AG
)k SIGNED C-@P 'RETURNED DATE SENT: q I
COMMENTS:
1/2018
CITY OF CITY HALL
�...,
Federal Way 33325 8th Avenue South
Federal Way,WA 98003-6325
(253) 835-7000
www cityoffederahvey.com
PROFESSIONAL SERVICES AGREEMENT
FOR
FOCUSED SECURITY ASSESSMENT AND VULNERABILITY ASSESSMENT
This Professional Services Agreement ("Agreement") is made between the City of Federal Way, a Washington municipal
corporation ("City"), and Critical Informatics Inc. dba Cl Security, a C-corporation in the state of Washington
("Contractor"). The City and Contractor (together "Parties") are located and do business at the below addresses, which
shall be valid for any notice required under this Agreement:
CRITICAL INFORMATICS INC. CITY OF FEDERAL WAY:
dba CI SECURITY:
Thomas Fichtner, IT MANAGER
Vince Ward, Director of Operations 33325 8th Avenue South
245 4th St, Suite 205 Federal Way, WA 98003-6325
Bremerton, WA 98337 (253) 835-2547 (telephone)
(206)687-9100 (telephone) (253) 835-2509 (facsimile)
(425) 671-0928 (facsimile) Thomas.Fichtner@cityoffederalway.com
Vince.Ward Security
The Parties agree as follows:
1. TERM. The term of this Agreement shall commence upon the effective date of this Agreement,which shall be the
date of mutual execution, and shall continue until the completion of the Services specified in this Agreement, but in any
event no later than June 30, 2020 ("Term"). This Agreement may be extended for additional periods of time upon the
mutual written agreement of the Parties.
2. SERVICES. The Contractor shall perform the services more specifically described in Exhibit A ("Services"),
attached hereto and incorporated by this reference, in a manner consistent with the accepted professional practices for other
similar services within the Puget Sound region in effect at the time those services are performed, performed to the City's
satisfaction, within the time period prescribed by the City and pursuant to the direction of the Mayor or his or her designee.
The Contractor warrants that it has the requisite training, skill, and experience necessary to provide the Services and is
appropriately accredited and licensed by all applicable agencies and governmental entities, including but not limited to
obtaining a City of Federal Way business registration. Services shall begin immediately upon the effective date of this
Agreement. Services shall be subject, at all times, to inspection by and approval of the City, but the making (or failure or
delay in making) such inspection or approval shall not relieve Contractor of responsibility for performance of the Services
in accordance with this Agreement, notwithstanding the City's knowledge of defective or non-complying performance, its
substantiality or the ease of its discovery.
3. TERMINATION. Either party may terminate this Agreement, with or without cause, upon providing the other
party thirty (30) days' written notice at its address set forth above. The City may terminate this Agreement immediately if
the Contractor fails to maintain required insurance policies, breaches confidentiality, or materially violates Section 12 of
this Agreement. Termination for such conduct may render the Contractor ineligible for City agreements in the future.
4. COMPENSATION.
4.1 Amount. In return for the Services, the City shall pay the Contractor an amount not to exceed a maximum
amount and according to a rate or method as delineated in Exhibit B, attached hereto and incorporated by this reference.
The Contractor agrees that any hourly or flat rate charged by it for its services contracted for herein shall remain locked at
the negotiated rate(s) for the Term. Except as otherwise provided in Exhibit B, the Contractor shall be solely responsible
for the payment of any taxes imposed by any lawful jurisdiction as a result of the performance of Services and payment
under this Agreement.
PROFESSIONAL SERVICES AGREEMENT - 1 - Rev. 3/2017
CITY OF CITY HALL
Federal
� � I 8th Avenue South
FederaWay l Way,WA 98003-6325
(253) 835-7000
www.ciryoffederahvay.com
4.2 Method of Payment. On a monthly basis, the Contractor shall submit a voucher or invoice in the form
specified by the City, including a description of what Services have been performed, the name of the personnel performing
such Services, and any hourly labor charge rate for such personnel. The Contractor shall also submit a final bill upon
completion of all Services. Payment shall be made on a monthly basis by the City only after the Services have been
performed and within thirty (30)days following receipt and approval by the appropriate City representative of the voucher
or invoice. If the Services do not meet the requirements of this Agreement, the Contractor will correct or modify the work
to comply with the Agreement. The City may withhold payment for such work until the work meets the requirements of the
Agreement.
4.3 Non-Appropriation of Funds. If sufficient funds are not appropriated or allocated for payment under this
Agreement for any future fiscal period, the City will not be obligated to make payments for Services or amounts incurred
after the end of the current fiscal period, and this Agreement will terminate upon the completion of all remaining Services
for which funds are allocated.No penalty or expense shall accrue to the City in the event this provision applies.
5. INDEMNIFICATION.
5.1 Contractor Indemnification. The Contractor agrees to release, indemnify, defend, and hold the City, its
elected officials, officers, employees, agents, representatives, insurers, attorneys, and volunteers harmless from any and all
claims, demands, actions, suits, causes of action, arbitrations, mediations, proceedings, judgments, awards, injuries,
damages, liabilities, taxes, losses, fines, fees, penalties expenses, attorney's fees, costs, and/or litigation expenses to or by
any and all persons or entities, including, without limitation, their respective agents, licensees, or representatives; arising
from, resulting from, or in connection with this Agreement or the acts, errors or omissions of the Contractor in performance
of this Agreement, except for that portion of the claims caused by the City's sole negligence. Should a court of competent
jurisdiction determine that this Agreement is subject to RCW 4.24.115, then, in the event of liability for damages arising
out of bodily injury to persons or damages to property caused by or resulting from the concurrent negligence of the
Contractor and the City, the Contractor's liability, including the duty and cost to defend, hereunder shall be only to the
extent of the Contractor's negligence. Contractor shall ensure that each sub-contractor shall agree to defend and indemnify
the City, its elected officials, officers, employees, agents, representatives, insurers, attorneys, and volunteers to the extent
and on the same terms and conditions as the Contractor pursuant to this paragraph. The City's inspection or acceptance of
any of Contractor's work when completed shall not be grounds to avoid any of these covenants of indemnification.
5.2 Industrial Insurance Act Waiver. It is specifically and expressly understood that the Contractor waives any
immunity that may be granted to it under the Washington State industrial insurance act, Title 51 RCW, solely for the
purposes of this indemnification. Contractor's indemnification shall not be limited in any way by any limitation on the
amount of damages, compensation or benefits payable to or by any third party under workers' compensation acts, disability
benefit acts or any other benefits acts or programs. The Parties acknowledge that they have mutually negotiated this
waiver.
5.3 City Indemnification. The City agrees to release, indemnify, defend and hold the Contractor, its officers,
directors, shareholders, partners, employees, agents, representatives, and sub-contractors harmless from any and all claims,
demands, actions, suits, causes of action, arbitrations, mediations, proceedings, judgments, awards, injuries, damages,
liabilities, losses, fines, fees, penalties expenses, attorney's fees, costs, and/or litigation expenses to or by any and all
persons or entities, including without limitation, their respective agents, licensees, or representatives, arising from,
resulting from or connected with this Agreement to the extent solely caused by the negligent acts, errors, or omissions of
the City.
5.4 Survival. The provisions of this Section shall survive the expiration or termination of this Agreement with
respect to any event occurring prior to such expiration or termination.
6. INSURANCE. The Contractor agrees to carry insurance for liability which may arise from or in connection with
the performance of the services or work by the Contractor, their agents, representatives, employees, or subcontractors for
the duration of the Agreement and thereafter with respect to any event occurring prior to such expiration or termination as
PROFESSIONAL SERVICES AGREEMENT -2 - Rev.3/2017
CITY OF CITY HALL
Federal Way Feder 8th Avenue South
Federal Way,WA 98003-6325
(253) 835-7000
www cityoffederalway com
follows:
6.1. Minimum Limits. The Contractor agrees to carry as a minimum, the following insurance, in such forms
and with such carriers who have a rating that is satisfactory to the City:
a. Commercial general liability insurance covering liability arising from premises, operations,
independent contractors, products-completed operations, stopgap liability, personal injury, bodily injury, death, property
damage, products liability, advertising injury, and liability assumed under an insured contract with limits no less than
$1,000,000 for each occurrence and $2,000,000 general aggregate.
b. Workers' compensation and employer's liability insurance in amounts sufficient pursuant to the
laws of the State of Washington.
C. Automobile liability insurance covering all owned, non-owned, hired, and leased vehicles with a
minimum combined single limits in the minimum amounts required to drive under Washington State law per accident for
bodily injury, including personal injury or death, and property damage.
d. Professional liability insurance with limits no less than $1,000,000 per claim and $2,000,000
policy aggregate for damages sustained by reason of or in the course of operation under this Agreement,whether occurring
by reason of acts, errors or omissions of the Contractor.
6.2. No Limit of Liability. Contractor's maintenance of insurance as required by this Agreement shall not be
construed to limit the liability of the Contractor to the coverage provided by such insurance, or otherwise limit the City's
recourse to any remedy available at law or in equity. The Contractor's insurance coverage shall be primary insurance with
respect to the City. Any insurance, self-insurance, or insurance pool coverage maintained by the City shall be excess of the
Contractor's insurance and shall not contribute with Contractor's insurance.
6.3. Additional Insured, Verification. The City shall be named as additional insured on all commercial general
liability insurance policies. Concurrent with the execution of this Agreement, Contractor shall provide certificates of
insurance for all commercial general liability policies attached hereto as Exhibit C and incorporated by this reference. At
the City's request, Contractor shall furnish the City with copies of all insurance policies and with evidence of payment of
premiums or fees of such policies. If Contractor's insurance policies are "claims made," Contractor shall be required to
maintain tail coverage for a minimum period of three (3)years from the date this Agreement is terminated or upon project
completion and acceptance by the City.
6.4 Survival. The provisions of this Section shall survive the expiration or termination of this Agreement.
7. CONFIDENTIALITY. All information regarding the City obtained by Contractor in performance of this
Agreement shall be considered confidential and subject to applicable laws. Breach of confidentiality by the Contractor may
be grounds for immediate termination. All records submitted by the City to the Contractor will be safeguarded by the
Contractor. The Contractor will fully cooperate with the City in identifying, assembling, and providing records in case of
any public records request.
8. WORK PRODUCT.All originals and copies of work product, including plans, sketches, layouts, designs, design
specifications, records, files,magnetic media, or material that may be produced or modified by Contractor while
performing the Service shall belong to the City upon delivery. The Contractor shall make such data, documents, and files
available to the City and shall deliver all needed or contracted for work product upon the City's request. At the expiration
or termination of this Agreement, all originals and copies of any such work product remaining in the possession of
Contractor shall be delivered to the City. Any Intellectual Property the contractor uses to create the work product shall
remain the property of the Contractor.
9. BOOKS AND RL CORDS. The Contractor agrees to maintain books, records, and documents which sufficiently
and properly reflect all direct and indirect costs related to the performance of the Services specified in this Agreement, and
maintain such accounting procedures and practices as may be deemed necessary by the City to assure proper accounting of
all funds paid pursuant to this Agreement. These records shall be subject, at all reasonable times, to inspection, review, or
audit by the City, its authorized representative, the State Auditor, or other governmental officials authorized by law to
monitor this Agreement.
PROFESSIONAL SERVICES AGREEMENT - 3 - Rev.3/2017
CITY OF CITY HALL
33325 8th Avenue South
Federal Way Federal Way,WA 98003-6325
01 (253) 835-7000
www cityoffederahvay.com
10. INDEPENDENT CONTRACTOR The Parties intend that the Contractor shall be an independent contractor and
that the Contractor has the ability to control and direct the performance and details of its work, the City being interested
only in the results obtained under this Agreement. The City shall be neither liable nor obligated to pay Contractor sick
leave, vacation pay, or any other benefit of employment, nor to pay any social security or other tax that may arise as an
incident of this Agreement. Contractor shall take all necessary precautions and shall be responsible for the safety of its
employees, agents, and subcontractors in the performance of the Services specified in this Agreement and shall utilize all
protection necessary for that purpose. All work shall be done at Contractor's own risk, and Contractor shall be responsible
for any loss of or damage to materials, tools, or other articles used or held for use in connection with the Services. The
Contractor shall pay all income and other taxes due except as specifically provided in Section 4 of this Agreement.
Industrial or any other insurance that is purchased for the benefit of the City, regardless of whether such may provide a
secondary or incidental benefit to the Contractor, shall not be deemed to convert this Agreement to an employment
contract. If the Contractor is a sole proprietorship or if this Agreement is with an individual,the Contractor agrees to notify
the City and complete any required form if the Contractor retired under a State of Washington retirement system and
agrees to indemnify any losses the City may sustain through the Contractor's failure to do so.
11. CONFLICT OF INTEREST. It is recognized that Contractor may or will be performing professional services
during the Term for other entities or persons; however, such performance of other services shall not conflict with or
interfere with Contractor's ability to perform the Services. Contractor agrees to resolve any such conflicts of interest in
favor of the City. Contractor confirms that Contractor does not have a business interest or a close family relationship with
any City officer or employee who was, is, or will be involved in the Contractor's selection, the negotiation, drafting,
signing, administration of this Agreement, or the evaluation of the Contractor's performance.
12. EQUAL OPPORTUNITY EMPLOYER. In all services, programs, activities, hiring, and employment made
possible by or resulting from this Agreement or any subcontract, there shall be no discrimination by Contractor or its
subcontractors of any level, or any of those entities' employees, agents, subcontractors, or representatives against any
person because of sex, age (except minimum age and retirement provisions), race, color, religion, creed, national origin,
marital status, honorably discharged veteran or military status, sexual orientation including gender expression or identity,
or the presence of any disability, including sensory, mental or physical handicaps, unless based upon a bona fide
occupational qualification in relationship to hiring and employment. This requirement shall apply, but not be limited to the
following: employment, advertising, layoff or termination, rates of pay or other forms of compensation, and selection for
training, including apprenticeship. Contractor shall comply with and shall not violate any of the terms of Chapter 49.60
RCW, Title VI of the Civil Rights Act of 1964,the Americans With Disabilities Act, Section 504 of the Rehabilitation Act
of 1973, 49 CFR Parts 21, 21.5, and 26, or any other applicable federal, state, or local law or regulation regarding non-
discrimination.
13. GENERAL PROVISIONS.
13.1 Interpretation and iV odilication. This Agreement, together with any attached Exhibits, contains all of the
agreements of the Parties with respect to any matter covered or mentioned in this Agreement and no prior statements or
agreements, whether oral or written, shall be effective for any purpose. Should any language in any Exhibits to this
Agreement conflict with any language in this Agreement, the terms of this Agreement shall prevail. The respective
captions of the Sections of this Agreement are inserted for convenience of reference only and shall not be deemed to
modify or otherwise affect any of the provisions of this Agreement. Any provision of this Agreement that is declared
invalid, inoperative, null and void, or illegal shall in no way affect or invalidate any other provision hereof and such other
provisions shall remain in full force and effect. Any act done by either Party prior to the effective date of the Agreement
that is consistent with the authority of the Agreement and compliant with the terms of the Agreement, is hereby ratified as
having been performed under the Agreement. No provision of this Agreement, including this provision, may be amended,
waived, or modified except by written agreement signed by duly authorized representatives of the Parties.
13.2 Assignment annd Beneficiaries.Neither the Contractor nor the City shall have the right to transfer or assign,
in whole or in part, any or all of its obligations and rights hereunder without the prior written consent of the other Party. If
PROFESSIONAL SERVICES AGREEMENT - 4 - Rev.3/2017
CITY OF CITY HALL
!A Federal � Feder 8th Avenue South
Federal Way,WA 980o03-6325
(253) 835-7000
www cityoffederalway com
the non-assigning parry gives its consent to any assignment, the terms of this Agreement shall continue in full force and
effect and no further assignment shall be made without additional written consent. Subject to the foregoing, the rights and
obligations of the Parties shall inure to the benefit of and be binding upon their respective successors in interest, heirs and
assigns. This Agreement is made and entered into for the sole protection and benefit of the Parties hereto.No other person
or entity shall have any right of action or interest in this Agreement based on any provision set forth herein.
13.3 Compliance with Laws. The Contractor shall comply with and perform the Services in accordance with all
applicable federal, state, local, and city laws including, without limitation, all City codes, ordinances, resolutions,
regulations, rules, standards and policies, as now existing or hereafter amended, adopted, or made effective. If a violation
of the City's Ethics Resolution No. 91-54, as amended, occurs as a result of the formation or performance of this
Agreement, this Agreement may be rendered null and void, at the City's option.
13.4 Enforcement. Time is of the essence of this Agreement and each and all of its provisions in which
performance is a factor. Adherence to completion dates set forth in the description of the Services is essential to the
Contractor's performance of this Agreement. Any notices required to be given by the Parties shall be delivered at the
addresses set forth at the beginning of this Agreement. Any notices may be delivered personally to the addressee of the
notice or may be deposited in the United States mail, postage prepaid, to the address set forth above. Any notice so posted
in the United States mail shall be deemed received three (3) days after the date of mailing. Any remedies provided for
under the terms of this Agreement are not intended to be exclusive, but shall be cumulative with all other remedies
available to the City at law, in equity, or by statute. The failure of the City to insist upon strict performance of any of the
covenants and agreements contained in this Agreement, or to exercise any option conferred by this Agreement in one or
more instances shall not be construed to be a waiver or relinquishment of those covenants, agreements or options, and the
same shall be and remain in full force and effect. Failure or delay of the City to declare any breach or default immediately
upon occurrence shall not waive such breach or default. Failure of the City to declare one breach or default does not act as
a waiver of the City's right to declare another breach or default. This Agreement shall be made in, governed by, and
interpreted in accordance with the laws of the State of Washington. If the Parties are unable to settle any dispute, difference
or claim arising from this Agreement,the exclusive means of resolving that dispute, difference, or claim, shall be by filing
suit under the venue, rules, and jurisdiction of the King County Superior Court, King County, Washington, unless the
parties agree in writing to an alternative process. If the King County Superior Court does not have jurisdiction over such a
suit, then suit may be filed in any other appropriate court in King County, Washington. Each party consents to the personal
jurisdiction of the state and federal courts in King County, Washington and waives any objection that such courts are an
inconvenient forum. If either Party brings any claim or lawsuit arising from this Agreement, each Party shall pay all its
legal costs and attorney's fees and expenses incurred in defending or bringing such claim or lawsuit, including all appeals,
in addition to any other recovery or award provided by law; however, nothing in this paragraph shall be construed to limit
the Parties' rights to indemnification under Section 5 of this Agreement.
13.5 Execution. Each individual executing this Agreement on behalf of the City and Contractor represents and
warrants that such individual is duly authorized to execute and deliver this Agreement. This Agreement may be executed in
any number of counterparts, each of which shall be deemed an original and with the same effect as if all Parties hereto had
signed the same document. All such counterparts shall be construed together and shall constitute one instrument, but in
making proof hereof, it shall only be necessary to produce one such counterpart. The signature and acknowledgment pages
from such counterparts may be assembled together to form a single instrument comprised of all pages of this Agreement
and a complete set of all signature and acknowledgment pages. The date upon which the last of all of the Parties have
executed a counterpart of this Agreement shall be the"date of mutual execution"hereof.
[Signature page follows]
PROFESSIONAL SERVICES AGREEMENT - 5 - Rev.3/2017
CITY Of CITY HALL
Fede
� I �� Feder 8th Avenue South
Federal Way,WA 98003-6325
(253) 835-7000
www cityoffederalway-com
IN WITNESS, the Parties execute this Agreement below, effective the last date written below.
CITY OF FED h L WAY: ATTEST:
Jim Fe ayof S61phanie Courtney, CMC, ty Clerk
DATE: s ,C APPROVED AS TO FORM:
J. Ryan Call, City Attorney
CRITICAL INFORMATICS INC. DBA Cl SECURITY:
f
By:
Printed Name: Vince Ward
Cb
Title: Director of Opera ' ns R"
DATE: X _- uy guSuC
Q ,
XN
STATE OF WASHINGTON ) ��f� OF j�jj p,S'
COUNTY OF Fj&ff C4.1
On this day Personally appeared before me V tV1G?i W O.V , to me known to be the
(YLV, of 0 P y Dpi lows that executed the
foregoing instrument, and acknowledged the said instrument to be the free and voluntary act and
deed of said corporation, for the uses and purposes therein mentioned, and on oath stated that he/she
was authorized to execute said instrument and that the seal affixed, if any, is the corporate seal of
said corporation.
GIVEN my hand and official seal this day of NUS ►1o� , 20 A
Notary's signature . Awo�
Notary's printed name \It tot V)
Notary Public in and for the State of ashington.
My commission expires �p 1 1 U719
PROFESSIONAL SERVICES AGREEMENT -6 - Rev.3/2017
CITY OF CITY HALL
Federal Way Feder 8th Avenue South
Federal Way,WA 98003-6325
(253) $35-7000
WWW�IT 5`�7 ra;7r?Ti?1f 4'C�t�COITf
EXHIBIT A
SERVICES
1. The Contractor shall do or provide the following:
Background & Objectives (SOW 2019-014)
Purpose
This SOW describes the activities, scope and deliverables for a
c A Focused Security Assessment of the City of Federal Way's security policies and
practices across the city
A Vulnerability Assessment (VA) of selected network hosts
An Email Phishing Assessment of selected City of Federal Way email addresses
Where controls are not fully implemented within the City of Federal Way environment, Critical
Informatics will provide prioritized recommendations so that the City of Federal Way can
decre.ase information security risk and strengthen its overall security program.
Remediation of controls not fully implemented is not included herein but may be covered in a
separate SOW if requested.
Service Description and Scope
This section provides a description of services, scope of activity, and support requirements
associated with the services.
General Description
Critical Informatics will provide to the City of Federal Way these services:
A Focused Security Assessment of the City of Federal Way's security policies and
practices
A Vulnerability Assessment (VA) of selected network hosts
Focused Security Assessment
Our Focused Security Assessment approach may be summarized as a computer and network
security assessment intended to provide a point-in-time snapshot of the City of Federal Way's
security posture, coupled with a set of prioritized recommendations for increasing the security
throughout the organization.
The Focused Security Assessment will focus on City of Federal Way's Enterprise environment
and the security management practices supporting that environment.
PROFESSIONAL SERVICES AGREEMENT - 7 - Rev. 3/2017
[rry of CITY HALL
Federal Way Feder 8th Avenue South
Federal Way,WA 98003-6325
(253)835-7000
www cityoffedprah,my com
The assessment methodology is based on standards of practice drawn from multiple sources
that include the National Institute of Standards and Technology (NIST) Cyber Security
Framework, and possibly the Payment Card Industry Data Security Standard (PCI), and the
Health Insurance Portability and Accountability Act (HIPAA).
Vulnerability Assessment
Critical Informatics will provide an internal Vulnerability Assessment against assets on
corporate networks or hosted on cloud services. The technical assessment will be based
around vulnerability assessment of up to 400 hosts, including internal hosts – both on-premise
or on cloud infrastructure services – and internet-facing publicly accessible IP addresses.
An internal Vulnerability Assessment simulates what an attacker with corporate network
access could use to gain access to systems. An external Vulnerability Assessment simulates
what an attacker with Internet access could use to gain access to systems. The following
describes the approach and methodology for delivery of a Vulnerability Assessment for this
engagement:
The Vulnerability Assessment objectives for this engagement are:
Against a provided target IP space or DNS name range
Map out accessible resources
Identify vulnerabilities
Identify which of those vulnerabilities are exploitable with published tools and
techniques
Scope of Activity
The scope outlined below depicts the scope of activity associated with this engagement.
Table 1: SOW Scope Statement
ScopeActivity or Focus Delivery — .._._..
Focused Security Up to twelve (12) interviews across the City of Federal
Assessment
Way's departments and working groups
I
r Internal Vulnerability
I Perform Vulnerability Scanning on the City of Federal
Assessment
Way's internal network. I
® Scanning - Up to 400 hosts
E Manual verification - 50 hosts
Hosted Environment – Yes ❑ No ® Mixed ❑
PROFESSIONAL SERVICES AGREEMENT - 8 - Rev.3/2017
clry OF CITY HALL
Fe d e ra 1 Way Feder 8th Avenue South
Federal Way,WA 98003-6325
(253) 835-7000
www cityaflederaiway com
External Vulnerability U Perform Vulnerability Scanning on the City of Federal
Assessment
Way's external network.
Discovery — Up to 100 Public IP addresses
Scanning — 25 Public IP addresses or Web addresses
selected by the City
w Manual verification - 25 hosts
t Hosted Environment — Yes ❑ No ❑ Mixed
I
L -_
Report A report of the findings and analyses of the Focused Security
Assessment, and Internal and External vulnerability scanning. A
prioritized list of remediation recommendations
Management A presentation to the City of Federal Way's staff and
Presentation
management of the findings and prioritized remediation
recommendations, with the opportunity for question and answers
and open discussion.
------ ---..--.—
Location(s)ofWork z� Critical Informatics will perform the services at the
Performance
following geographic locations:
The City of Federal Way's Offices (Federal Way, WA)
Critical Informatics Facilities (Remote)
i
Coordination, Planning, & Project Initiation
Critical Informatics will assign a Lead Consultant to be the primary point of contact for all
project work. The Lead Consultant will coordinate, plan, manage, and report all project
activities and findings to the City of Federal Way's designated Project Sponsor and/or Project
Manager.
Critical Informatics will provide project management for all aspects of this project, including
tracking and resolution of project related issues, progress tracking, project reporting, and
communication.
A key component of Critical Informatics' project management approach is timely reporting of
project progress and findings. This enables a proactive approach to addressing security risks
discovered during the course of the project and ensures that all project stakeholders are
completely informed at all times. To support this, Critical Informatics will conduct a weekly
status report teleconference with the City of Federal Way's project team. Follow-up
discussions and deliverables will occur on a case-by-case basis to ensure clear and timely
communication of all issues.
PROFESSIONAL SERVICES AGREEMENT - 9 - Rev.3/2017
clry OF CITY HALL
4 33325
Federal Way Feder 8th Avenue South
Federal Way,WA 98003-6325
(253) 835-7000
www cityoffederaiway.com
City of Federal Way Resource Requirements
Achieving the City of Federal Way's objectives will require active participation from both the
Critical Informatics Project Lead Consultant as well as the City of Federal Way's own
personnel. To ensure the timely and successful completion of this project, the City of Federal
Way should expect at least the following resource time commitments from its own personnel:
A Project Sponsor should be assigned to provide resolution of issues, escalation of issues,
clarification of requirements, sign-off deliverables, and access to resources as required by the
project team. This role will require only a 2-3 hour per week of commitment to the project.
Additionally, the following activities and estimated time allocations will be performed as part
of the project in which the City of Federal Way-identified staff will participate:
Kick-off meeting: 1 hour
Focused Security Assessment Interviews - Up to 2 hours each
1)roject IIII ifi tion Meeting
Critical Informatics recognizes the value of communication and ongoing collaboration with our
customers. As such, we include a project initiation meeting (kick-off meeting) with all our
engagements. During the meeting, Critical Informatics will address the following topics:
- Introduce key people at the City of Federal Way and Critical Informatics
Exchange contact information (for regular reporting and emergencies)
Review communication, notification, and issue escalation procedures
Discuss other specific City of Federal Way requests and rules of engagement
Critical Informatics will discuss the nature and time requirements for specific deliverable types
that might be requested by the City of Federal Way during the project, the designated
recipient, and the method which Critical Informatics will forward those deliverables.
Focused Security Assessment
Critical Informatics will then create and conduct up to 12 (12) focused information-gathering
facilitation sessions across three (3) days at the City of Federal Way's offices. The sessions
will articulate the required controls, while adding context from the current threat landscape
that is relevant to the City of Federal Way. Each of the presentations will focus on the areas
that are germane to the audience. For example:
The groups that will be interviewed include:
Network
IT/Desktop Support
Information Security, Compliance and Data Protection
PROFESSIONAL SERVICES AGREEMENT _ 10 - Rev.3/2017
CITU OF CITY HALL
33325 8th Avenue South
Federal Way Federal Way,WA 98003-6325
(253) 835-7000
www.cityoffederahvey.com
■ Telecom
Wireless Networking
c. Applications
■ Database
72 Development
v Management
Finance
■ Legal
■ HR
=. Physical Facilities
The sessions will address the control standards as components that are relevant to each of the
audiences (with some overlap), and conduct the delivery of information, as well as its
solicitation. As the requirements are presented, a conversational narrative will be used to
interview the audience as to how effectively each requirement is being currently met. This
conversation will include ideas on how gaps in compliance may be met using open-source,
managed services, and other methods that fit municipal organization's networks with respect
to cost and management requirements.
Critical Informatics will review the results of the interviews and develop a report described in
the Deliverables section below. A draft of the deliverable will be provided to the client lead
stakeholder for approval prior to delivery in the de-brief sessions listed below.
See Appendix: a Interview Guide for details of people, questions and times required to obtain
the information requested.
Focused Security Assessment Methodology
Step 1- Information Gathering
Critical Informatics will collect all relevant information from document reviews and staff
interviews, and review and verify gathered data. This project will include a combination of
onsite and remote work. During this time, Critical Informatics focuses on information
gathering to gain a better understanding of the information security program, policy and
procedural implementation, and the environment including:
Identification of the organizational structure and essential stakeholders in security
management activities
The information risk environment
Governance, policy management, acceptable risk tolerance
- Information security planning activities
PROFESSIONAL SERVICES AGREEMENT - 11 - Rev.3/2017
CITY OF CITY HALL
Federal
Way Feder 8th Avenue South
Federal Way,WA 98003-6325
(253)835-7000
www.cityolfederaiway com
Additional functional components of the security program and the key practices
supporting the security program components
Operational risk and compliance activities
Critical issues confronting the City of Federal Way including but not limited to:
Data sharing agreements with other agencies
Contracts with other agencies and service providers that impact the security of PH and
other sensitive and critical data such as offsite back-up providers
Prior information security-related assessments
The general technical architecture
The City of Federal Way may consider focusing on the following elements:
Security training needs for staff
Encryption - especially on mobile devices
Limit information being passed (especially student or health data)
Strengthen passwords with apps, VoIP, voicemail PINS
Monitoring and incident response
Specific vulnerabilities
Physical security
As stated, Critical Informatics will derive most of the information necessary to assess the
environment and supporting key practices through documentation reviews, such as policies,
procedures, and plans related to information security, and interviews and subsequent
discussions with knowledgeable staff responsible for various aspects of information security
management including:
Executive Management
Key business unit leaders
Information Security staff
Staff focused on Privacy
-- CIO/IT Management/Administrators/Developers
Staff focused on Business Continuity and Disaster Recovery
Support Functions (HR, Legal, Finance, Facilities)
_ Others, as applicable
PROFESSIONAL SERVICES AGREEMENT - 12 - Rev. 3/2017
CITY OF CITY HALL
,4% Federal Way Feder 8th Avenue South
Federal Way,WA 98003-6325
(253) 835-7000
www.ci4v federaIway_com
Step 2—Review and Analysis
During remote work activities, Critical Informatics professionals will analyze the information
gleaned from documents provided by the City of Federal Way and our interviews with various
staff. The objective is to identify critical issues and develop the prioritized recommendations
for improvement. Critical Informatics will assess the current environment and security
management practices against Standards of Good Practice (SOGP) such HIPAA/HITECH,
Financial Services Roundtable (FSR) Banking IT Security forum, FFIEC IT Examination Handbook
Info Base - Audit and the National Institute of Standards and Technology (NIST) Cyber Security
Framework.
Critical Informatics will provide prioritized recommendations, based upon risk, so that the City
of Federal Way can meet the compliance objectives and strengthen its overall security
program.
Step 3- Reporting
Using the results from Steps 1 & 2, Critical Informatics will develop prioritized
recommendations to improve the City of Federal Way's information security program. The
recommendations to improve the environment will be based on SOGP, business requirements,
internal security-related requirements, and practices used by industry peers. As part of this
activity, Critical Informatics will ensure that our recommendations and supporting rationale
are clearly understood and appropriate for the City of Federal Way's environment. Critical
Informatics will present any documentation detailing our findings and recommendations in
draft form so that the City of Federal Way has an opportunity to review, comment, correct,
and approve the format and content prior to finalizing the deliverable documentation. This
iterative process helps to ensure that the City of Federal Way can make informed, incremental
decisions regarding specific courses of action throughout this review.
Vulnerability Assessment
The following describes the approach and methodology for delivery of an internal vulnerability
assessment:
Internal VA Objectives
Internal: From inside the City of Federal Way networks
o Against a provided target IP space or DNS name range provided by City of
Federal Way
o Map out accessible resources
0 Identify vulnerabilities and weaknesses
o Verify vulnerabilities and weaknesses are not false positives
PROFESSIONAL SERVICES AGREEMENT - 13 - Rev. 3/2017
CITY OF CITY HALL
,.,
Federal Way Feder 8th Avenue south
Federal Way,WA 98003-6325
(253) 835-7000
www cityotlederalway com
o Identify which of those vulnerabilities and weaknesses are exploitable
External: An external Vulnerability Assessment simulates what an attacker with
Internet access could use to gain access to systems
o Against internal assets or assets hosted in cloud environments (unless
contractually prohibited by the provider)
o Against a provided target IP space or DNS name range provided by City of
Federal Way
o Map out accessible resources
o Identify vulnerabilities and weaknesses
o Verify vulnerabilities and weaknesses are not false positives
o Identify which of those vulnerabilities and weaknesses are exploitable
Targeted scanning of up to 400 IP addresses on the internal corporate network, as well
as 25 externally published or internet-facing hosts, IP addresses, web addresses, or
cloud or hosted infrastructure addresses.
Approach and Methodology
Project Management, Coordination, and Planning
Critical Informatics will assign a consultant to be the primary point of contact for all project
work. The consultant will coordinate, plan, manage, and report all project activities and
findings to City of Federal Way-designated Project Sponsor and/or Project Manager.
Critical Informatics will provide project management for all aspects of this project, including
tracking and resolution of project related issues, progress tracking, project reporting, and
communication.
A key component of Critical Informatics' project management approach is timely reporting of
project progress and findings. This enables a proactive approach to addressing security risks
discovered during the course of the project and ensures that all project stakeholders are
completely informed at all times.
City of Federal Way Resource Requirements
Achieving the City of Federal Way's objectives will require active participation from both the
Critical Informatics Project Associate as well as City of Federal Way's own personnel. To
ensure the timely and successful completion of this project, City of Federal Way should expect
at least the following resource time commitments:
A Project Sponsor should be assigned to provide resolution of issues, escalation of
issues, clarification of requirements, sign-off of deliverables, and access to resources as
required by the project team.
PROFESSIONAL SERVICES AGREEMENT - 14 - Rev.3/2017
CITY OF CITY HALL
Federal
edaral Jay 33325 8th Avenue South
Federal Way,WA 98003-6325
(253) 835-7000
www cityoffederahuay com
u Additionally, the following activities and estimated time allocations will be performed
as part of the project in which City-identified staff will participate:
VA: Up to 4 hours (including testing windows)
Vulnerability Assessment Approach and Methodology
This section presents Critical Informatics' approach to providing Vulnerability Assessment
Services.
Pretesting
Testin,q Phase
Kick-Off Meeting IF
Rules of Engagement Vulnerability Scanning Report
Project Testing Window Manual Verification
Communications during testing Written Report of Findings&
Recommendations
Information Gathering
Review Architecture,funtionality
provided
Figure 1: Vulnerability Assessment Workflow
!; Y
VA Kickoff Meeting
Critical Informatics recognizes the value of communication and ongoing collaboration with our
customers. As such, we include a project initiation meeting (kick-off meeting) with all of our
engagements. Critical Informatics recognizes the value of communication and ongoing
collaboration with our customers. During the meeting, Critical Informatics will address the
following topics:
-I Introduce key people at City of Federal Way and Critical Informatics
Exchange contact information (for regular reporting and emergencies)
Review communication, notification, and issue escalation procedures
_ Discuss other specific City requests and rules of engagement
Provide detailed description of application architecture and functionality
Critical Informatics will discuss the nature and time requirements for specific
deliverable types that might be requested by City of Federal Way during the project,
the designated recipient, and the manner in which Critical Informatics will forward
those deliverables
PROFESSIONAL SERVICES AGREEMENT - 15 - Rev.3/2017
CITY OF CITY HALL
��I 8th Avenue South
WayFederal Way,WA 98003-6325
(253) 835-7000
www oWffederaAvDy-com
Vulnerability Assessment Methodology
Critical Informatics will provide an internal Vulnerability Assessment against the City of
Federal Way assets on corporate networks or hosted on cloud infrastructure. The technical
assessment will be based around vulnerability assessment of up to 400 hosts from an internal
access standpoint or over the Internet for assets hosted on cloud services.
An internal Vulnerability Assessment simulates what an attacker with corporate network
access could use to gain access to systems. An external Vulnerability Assessment (for Azure
assets) simulates what an attacker with Internet access could use to gain access to systems.
The following describes the approach and methodology for delivery of a Vulnerability
Assessment for this engagement:
- Vulnerability Assessment Objectives
Against a provided target IP space or DNS name range
Map out accessible resources
Identify vulnerabilities
Identify which of those vulnerabilities are exploitable with published tools and
techniques
PROFESSIONAL SERVICES AGREEMENT - 16 - Rev.3/2017
ciTv of CITY HALL
Fe d e ra I Way 33325 8th Avenue South
Federal Way,WA 98003-6325
(253) 835-7000
www cityoffederalway.com
Vulnerability
Testing
Depth Vulnerability Testing
Verification lManual =1 Analysis&
Reporting
Information Execution of scans Verification of Analysis of risks&
provided by the using automated scan results, business impact.
Testing client or derived tools. additional Development of
Activity from public discovery,& deliverables.
domain searches. Enumeration of elimination of
hosts,services, false positives.
applications,&
vulnerabilities.
Figure 2: Vulnerability Assessment Process
Intelligence Gathering
The objective of this first phase is to gain as much knowledge as possible about the target
environment through a combination of non-intrusive and somewhat intrusive activities.
Equipped with the results of these Intelligence Gathering activities, the team determines its
execution plans for the subsequent phases.
- Project Based Information Gathering
Public-domain Information Gathering
Network Mapping
Vulnerability Scanning
The objective of this phase is to identify hosts, services and vulnerabilities in the target
environment using a suite of customized tools. Critical Informatics performs two distinct steps
during this phase: Host & Service Identification and Vulnerability Identification.
Host & Service Identification
711 Vulnerability Identification
PROFESSIONAL SERVICES AGREEMENT - 17 - Rev.3/2017
CITY OF CITY HALL
Federal Way Feder 8th Avenue South
Federal Way,WA 98003-6325
(253) 835-7000
www cityoffederaMoy com
Manual Verification
During this phase, Critical Informatics manually confirms the results from the automated tools.
This activity serves to filter the data to improve the accuracy and relevance of our technical
findings report as it eliminates false positives yielded by the tools.
While the scans effectively identify a large portion of the vulnerabilities present, Critical
Informatics also executes manual testing to identify certain complex, emerging, or obscure
vulnerabilities. This phase does not generally include exploitation of the identified
vulnerabilities to penetrate systems. However, 'inadvertent' exploitation may occur when the
vulnerability, by its very nature, is exploited in the process of identifying its presence or when
exploitation will identify additional and/or dependent vulnerabilities.
The activities Critical Informatics performs during this phase offer significant value over the
sole use of automated tools. Often, vulnerabilities identified using automated tools only are
later determined to be false positives with the use of these advanced techniques.
Furthermore, such techniques allow Critical Informatics to identify previously undetected
vulnerabilities as they can detect counter-security and attack techniques that obscure
vulnerabilities from automated tools. For example, a common application running on a non-
standard port may exhibit vulnerabilities not discovered by an automated scanner, but
detectable using manual testing methods.
At the conclusion of this phase, Critical Informatics will enumerate and validate vulnerabilities
discovered through both automated and manual means. Within the final deliverable report,
Critical Informatics will note any particular vulnerability whose presence could neither be
validated nor eliminated.
Analysis and Reporting
During the Analysis and Reporting phase, Critical Informatics analyzes the information
gathered and documents the findings. Critical Informatics then assigns a rating to each risk
identified, based on standards of good practice and Critical Informatics' extensive practical
assessment experience.
"Risk" is defined as the intersection between Likelihood and Impact. Vulnerabilities are to be
given risk scores and sorted in priority order (highest to lowest). Each security vulnerability
finding must contain at least the following elements:
Vulnerability name and description of vulnerability
Risk rating (Likelihood and Impact) with summary of reasoning
Remediation recommendations
Specifically, Critical Informatics categorizes the risk each finding poses to your enterprise as
"Critical", "High," "Medium," or "Low."
PROFESSIONAL SERVICES AGREEMENT - 18 - Rev.3/2017
CITY OF CITY HALL
,4! Federal 33325 8th Avenue South
Way Federal Way,WA 98003-6325
(253) 835-7000
www cityoffederalway com
Schedule
Period of Performance
The City of Federal Way requests the following project duration with individual project
requests being made by the City of Federal Way throughout the life of the project. Critical
Informatics will make every reasonable attempt to meet the dates requested. The City of
Federal Way understands and agrees that changes in critical factors (such as those listed
below in Project Change Control, or a delay in signature of this document) may impact Critical
Informatics' ability to meet certain dates.
Project Start D. of Effective Date
Project Completionof .
Project Change Control
Critical Informatics has made every attempt to accurately estimate time required to
successfully complete the project. The City of Federal Way acknowledges and agrees that if
impediments, complications, or the City of Federal Way requested changes in scope arise,
these factors are out of the control of Critical Informatics, and the length of the project and
associated price could be impacted.
Examples of valid impediments, complications, and changes in scope consist of (but are not
limited to):
The City of Federal Way initiated delay where Customer is not prepared to allow Critical
Informatics to begin work on the agreed upon start date thus resulting in additional
cost to Critical Informatics for resources that have been sent to The City of Federal
Way's site but cannot begin the Services
The City of Federal Way provided information necessary for timely delivery by Critical
Informatics is not accurate
Delays or problems associated with third party telecommunication equipment
(This includes, but is not limited to, cabling, servers, routers, hubs, and switches
managed or installed by third parties.)
Malfunctioning hardware
Inability to access equipment or personnel that are required to complete the project
Conflicts or incompatibilities associated with the installation of hardware or software
installed by Critical Informatics
The City of Federal Way increases the scope of services requiring additional labor,
hardware, software, materials, travel, lodging, meals, or other direct costs
PROFESSIONAL SERVICES AGREEMENT - 19 - Rev. 3/2017
clry of CITY HALL
Fe d e ra l Way 33325 8th Avenue South
Federal Way,WA 98003-6325
(253) 835-7000
www.otyoffederatmy.com
If any change(s) from impediments, complications, or the City of Federal Way changes in the
scope of services cause an increase or decrease in the price or level of effort of the SOW, or
the time required for the performance of any part of the work to be accomplished hereunder,
whether or not such work is specifically identified in the written change, then the price,
delivery schedules and other affected provision(s), if any, as applicable, shall be equitably
adjusted and this SOW shall be modified in writing by the mutual agreement of the parties in
accordance with this Section.
Service Deliverables
Description
Critical Informatics will provide the following deliverables as part of this project:
Table 2: Deliverable Description
-- --
Focused Security A report describing the activities performed, the findings and
Assessment Report risk identified along with a set of prioritized recommendations
and next steps to mitigate the risks and increase the security
I? posture of the City of Federal Way
Vulnerability A report describing the scan performed, the findings and risks
I, Assessment Report identified along with a set of prioritized recommendations and
next steps to remediate the findings and increase the security
posture of the City of Federal Way
Management A Microsoft PowerPoint presentation oriented towards
Presentation management that provides an overview of assessment activities
conducted and major findings noted with an emphasis on high-
risk or systemic deficiencies. Critical Informatics will deliver this
presentation onsite.
Acceptance of Deliverables
The City of Federal Way has five (5) business days to inspect and acknowledge full delivery of
the Services to be provided by Critical Informatics hereunder upon completion and delivery of
the Services by Critical Informatics. The City of Federal Way will indicate such
acknowledgement by signing Critical Informatics' Project Completion Form, a sample of which
is attached as Appendix A.
If the City of Federal Way believes that Critical Informatics has not fully delivered the Services
to be provided hereunder and refuses to sign the Project Completion Form on that basis, the
City of Federal Way shall identify in reasonable detail the specific Services or deliverables
which the City of Federal Way believes were not delivered, with specific reference to the
PROFESSIONAL SERVICES AGREEMENT - 20 - Rev.3/2017
CITY of CITY HALL
Federal 4 33325 8th Avenue South
°�,�"' Federal Way,WA 98003-6325
-- (253) 835-7000
www.cityoffederahvay..com
corresponding sections of this SOW, via written notice to Critical Informatics within such five
(5) business day period.
Following Critical Informatics' receipt of any such notification, the parties shall cooperate in
good faith to promptly address and resolve any remaining Service delivery requirements.
Upon Critical Informatics' delivery of the remaining Services, if any, the City of Federal Way
right to inspect and acknowledge full delivery shall be as stated above. If the City of Federal
Way fails to provide such acknowledgement or notice within the five (5) business days of
receiving final deliverables, the City of Federal Way agrees that the Services shall be deemed
fully delivered to the City of Federal Way, even if the City of Federal Way has not signed the
Critical Informatics Project Completion Form.
Assumptions
Critical Informatics used the following assumptions during development of this SOW. Any
changes to these assumptions may affect the price and schedule commitments.
The City of Federal Way will provide Critical Informatics access to the business,
customer, and technical information, and facilities necessary to execute the solution
The City of Federal Way will provide Critical Informatics on-site and off-site access to
documents necessary for this assessment
The City of Federal Way will ensure that appropriate personnel are available to meet
with Critical Informatics, as necessary
Layer-3 devices will allow the protocols needed to discover and identify network
services.
Critical Informatics will have approved access to vendors, for the purpose of obtaining
device configurations, network diagrams, and details on monitoring or other processes
that are performed on behalf of the Client. If required, Client will assist with obtaining
this access.
During this engagement, any vulnerabilities, sensitive data, or configuration data found
will not be disclosed except to specified client staff.
Critical Informatics will not be obligated to extend engagements when delays result
from the City of Federal Way's inability to meet stated prerequisites prior to an
engagement, nor when delays result from the City of Federal Way personnel not being
available to provide required support
During this effort, Critical Informatics will not be responsible for negotiations with
hardware, software, or other vendors, or any other contractual relationship between
the City of Federal Way and third parties
Critical Informatics, at the request of the City of Federal Way, will provide input to the
City of Federal Way regarding optimal product or vendor selection?
PROFESSIONAL SERVICES AGREEMENT - 21 - Rev. 3/2017
clYr OF CITY HALL
Fedy ra l Way Feder 8th Avenue South
LG7 Federal Way,WA 98003-6325
(253)835-7000
www cityoffederahvay.com
Critical Informatics will perform the work between 8:30am and 5:00pm (local time).
After-hour and weekend work (when required), must be explicitly identified below or as
otherwise agreed to in writing by the parties:
After-hours required? Yes ❑ No
Weekend hours required? Yes ❑ No 0
The City of Federal Way
Location of onsite services? 33825 8th Ave. South,
Federal Way, WA 98003
PROFESSIONAL SERVICES AGREEMENT - 22 - Rev.3/2017
CITY OF CITY HALL
l33325 8th Avenue South
FederaWay Federal Way,WA 98003-6325
(253) 835-7000
www cityoffederalway.corn
EXHIBIT B
COMPENSATION
1. Total Compensation: In return for the Services, the City shall pay the Contractor an
amount not to exceed Eighteen Thousand Four Hundred Seventy and 00/100 Dollars
($18,470.00).
2. The foregoing amounts will be billed and payable upon completion of services.
3. Travel and Expense Reimbursement are not included for this project.
PROFESSIONAL SERVICES AGREEMENT - 23 - Rev.3/2017