No preview available
Contract 2018-79Vendor Agreement Between Clermont Police Department And Traffic and Criminal Software (TraCS) I. BACKGROUND The FBI Criminal Justice Information Services (hereinafter referred to as "CIIS") Security Policy Version 5.6 mandates all agencies connected to the FBI CIIS systems adhere to regulation set forth within the Security Policy. Part of the Security Policy outlines directives dealing with personnel security. Included within the term "personnel" are all individuals who are utilized by criminal justice agencies to implement, deploy, and/or maintain the computers and/or networks of the criminal justice agency which have access to unencypted CJI including those individuals with only physical or logical access to devices that store, process, or transmit unencrypted CII. These individuals include city/county IT personnel, and private vendors. The subject of non -criminal Justice governmental personnel and private vendors is addressed in Sections S.1.1.4 of the CAS Security Policy and in the Security Addendum, which can be found in Appendix H. These sections include information on documentation which should be maintained In order to remain in compliance with the Security Polity. II. PURPOSE This Management Control Agreement establishes procedures and policies that will guide the parties to comply and adhere to the 015 Security Policy pertaining to non -governmental personnel and private vendors. MCA TraCS-CPD Revision Date: 07/30/2018 Page 1 of 4 WITNESSETH WHEREAS. the Clermont Police Department, hereafter referred to as CPD, is a recognized Criminal Justice Agency, and Traffic and Criminal Software (TraCS), is a Non -Criminal Justice Governmental Entity providing information technology (IT) support services for the CPD; WHEREAS. the CPD presently has executed a Criminal Justice User Agreement with the Florida Department of Law Enforcement, hereafter referred to as FDLE, for the benefit of access to the Florida Criminal Justice Network (CINet), The National Crime Information Center (NCIC) and the Florida Crime Information Center (FCIC); WHEREAS. the Federal Bureau of Investigations, hereafter referred to as FBI, Criminal Justice Security Policy requires an agreement to document security requirements for outsourcing criminal justice functions by criminal justice agencies to non -criminal justice entitles; WHEREAS. TraCS agrees to provide information technology development and support to the CPD, including providing maintaining IT equipment (for the purpose of hosting a Records Management System (RMS) for use of TraCS by Florida Criminal Justice Agencies and developing and maintaining software that may or may not be used for accessing indirectly and/or transmitting FBI and/or FDLE criminal justice information. Hereafter referred to as RMS software; NOW THEREFORE, the parties agree as follows: 1. TraCS agrees to abide by the terms and conditions of the Criminal Justice User Agreement executed into between the FDLE and the CPD. 2. TraCS agrees to abide by the requirements of the FBI CIIS Security Policy (Attached as Exhibit 1). 3. CPD retains Security Control, as defined in he FBI CAS Security Policy, of the data and equipment. 4. All TraCS staff who are authorized to maintain/support NCIC/FCIC/CINET information technology components (this includes servers, routers, switches and/or any other components used to store, process, or transmit NCIC/FCIC/CINET data) on behalf of the CPD are required to undergo a fingerprint -based record check under the PCDP ORI, and Level 4 Security Awareness Training, prior to being granted access to the aforementioned components. If TraCS terminates a member of the Information Technology Team, the CPD will be notified and all rights and privileges for that individual will be immediately revoked. TraCS will update and keep current a list of individuals with access and provide that to the CPD any time a change occurs. MCA TraCS-CPD Revision Date: 07/30/2018 Page 2 of 4 5. TraCS agrees to monitor their network at all times for any security related incidences or intrusions. If found, TraCS will notify the CPD immediately and work to contain the breach and limit the loss of data or system integrity. 6. The term of this agreement shall commence on the date the agreement is signed by both parties. 7. Either party may terminate the agreement upon thirty (30) days written notice, or either party may terminate the agreement immediately if agreed upon by both parties; except that the CPD may terminate this agreement immediately and without notice upon finding that there has been a violation to the terms of the agreement or of the FBI CIIS Security Policy. a. The CPD agrees that the TraCS software is offered without warranty or representations and the RMS is provided 'AS W. TraCS software correction and modification are Provided 'AS AVAILABLE'. 9. The CPD agrees that the use of the TraCS software is at the sole risk of the CPD 10. CPD and TraCS agree that, in exclusion of statutory violation, neither party shall have liability to the other for damages or losses resulting from the use of the TraCS software. il. TraCS agrees that no parties other than recognized Criminal Justice Agencies and their employees shall be granted access to the CPD servers, either directly or indirectly. Prior to granting such access, each recognized Criminal Justice Agency will be required to sign a separate Interagency Information Exchange Agreement with the CPD outlining all responsibilities associated with said access. 12. The CPD agrees to grant access to use the TraCS software to other Florida Criminal Justice Agencies once an interagency Information Exchange Agreement, is signed by the Department Head of both entities. 13. The CPD shall have formal written guidelines defining the processes associated with implementation of this Agreement. 14. The CPD agrees to allow TraCS staff who are authorized to maintain/support RMS/CJNet information technology components to attend the Criminal Justice Information Systems Network conferences as employees of the CPD. is. The CPD agrees that the Florida State University Research Foundation will retain ownership of the TraCS software developed under this agreement, including the right to modify, re -use, and r"Istribute any software developed under this agreement even after this agreement has been terminated. 16. This agreement constitutes the entire agreement of the parties and may not be modified or amended without written agreement executed by both parties. MCA TraCS-CPD Revision Date: 07/30/2018 Page 3 of 4 17. The Florida State University shall sign a Data Center Hosting agreement on behalf of the Tracs Project. IN WITNESS HEREOF, the parties hereto have caused this agreement to be executed by the proper officers and officials. Clermont Police Department: Date Pursuant to the DIS Securn, Pdicy, it arsenal that with respect to adminittntion of that dobbin of computer syscemz and network infraumcture'mtafaang directly or indirectly w0 the state network (Ni looted within the ID for the interstate routines of cnmmal hoWN/criminal luiuceinform iton, the CPO shall h..O the authorit, As managed Wntrol, to set, maintain, and enforce: 1, Priorities: US Wrorhies ragardinathe..a., use and main[emnre of 015 IT epmpment usetl for nishiponmg and or.., 015 data - 3, standards fur the rearcUon, supervisuin,and termination of personnel access to Criminal Justice Information(Clp. Policy governing operation of justice systems, computers, access devices, omits, M1pbs, router, firawalh, and any other components, including encryption, in., comprise and suppon a teleommunka tins network and ¢heal criminal lump systems to include but not IImRM to criminal history record/criminal lush¢ information, insohr as the equipment is used to process or hansom criminal justice systems information guannteemg the priority, integrity, and availabiley of service needed M the criminal IusUce community. 3. Nestoction of unauthorized personnel from access or use of equipment accessing the state network. It a funny, uMerstmd that "...management cannot of the criminal Induce Wnclum iemams solely with the CPD.-As Per section 5.1.1.4 of the UIs setma, POIsW. This agreement covers the oserall supervmn of all CPD W arems, a hisica0ons, ac, ipment, systems do,nd pro gremmid and opeam, maybeurbassshol, withq¢I.Wisu menrionsed n nAn, am mvm¢nan[eof anyCPD system tp mtlutl¢GCICantl NCtC Prryrams that maybe zubsepcendvde9gnepand/or Impl¢memed within thaxne CPD. MCA TraCS-CPD Revision Date: 07/30/2018 Page 4 of 4