Press Alt + R to read the document text or Alt + P to download or print.

No preview available

The URL can be used to link to this page

Home My WebLink AboutC04-305 Coalfire Systems, Inc.God- ~s-rD r .f CONTRACT FOR PROVISION OF SERVICES RE: PRE-DISASTER MITIGATION PLANNING THIS CONTRACT dated as of this ~~ day of September, 2004, is between the County of Eagle, State of Colorado, a body corporate and politic, by and through its Board of County Commissioners (hereinafter "County") and Coalfire Systems, Inc., a Colorado corporation with a business address of 1000 South McCaslin Blvd., Suite 120, Superior, Colorado . (hereinafter "Contractor"). WHEREAS, County is in need of a person to provide pre-disaster mitigation planning services. WHEREAS, Contractor has represented that it has the experience and knowledge in the subject matter necessary to carry out the services. WHEREAS, County wishes to hire Contractor to perform the tasks associated with the services as outlined in Contractor's proposal, attached hereto and incorporated herein by this reference. WHEREAS, County and Contractor intend by this Agreement to set forth the scope of the responsibilities of the Contractor in connection with the services and related terms and conditions to govern the relationship between County and the Contractor in connection with the services. Agreement Term. The services shall be completed by contractor on or before November 1, 2004. Contractor's Obligations. Contractor shall fulfill the obligations listed in the attached proposal. 3. Compensation and Expenses, Invoicin~Pa~ment and Offset. The County shall compensate Contractor for its services in accordance with the attached proposal. It is expressly understood and agreed that in no event will the total compensation and reimbursement to be paid hereunder exceed the sum of $_12,187.50_ for all services rendered. By contract or amendment, the County and Contractor may reallocate the budget among project tasks if the total budget amount remains unchanged. Contractor shall invoice for the project monthly based on hours worked, with payment expected within thirty (30) days of invoice, but any payment by the County may be offset by any amount the Contractor owes the County for any reason. Payment of five percent (5%) of each invoice will be withheld by the County until the Contractor's obligations are completed. In the event the Contractor incurs time and expenses in excess of the total compensation stated above, no compensation for said additional time and expenses shall be required to be paid by the County without written amendment to this contract executed by the County. 4. Countv's Exclusive Ownership of Work Product. Drawings, specifications, guidelines and other documents prepared by Contractor in connection with this contract shall be the property of the County. However, Contractor shall have the right to utilize such documents in the course of its marketing, professional presentations, and for other business purposes. Contractor assigns to County the copyrights to all work prepared, developed, or created pursuant to this contract, including the right to: 1) reproduce the work; 2) prepare derivative works; 3) distribute copies to the public; 4) perform the works publicly; and 5) to display the work publicly. Contractor shall have right to use materials produced in the course of this contract for marketing purposes and professional presentations, articles, speeches and other business purposes. 5. Eagle County's Obli atg ions. Eagle County shall administer this contract through a County Representative. Barry Smith will manage the project as the County's Representative. The services provided and products delivered by the Contractor under this contract will be subject to review by the County's Representatives, or a designee, for compliance with Contractor's obligations prior to final payment. 6. Termination Prior to Expiration of Contract Term. The County has the right to terminate this contract, with or without cause, by giving written notice to the Contractor of such termination and specifying the effective date thereof. Such notice shall be given at least ten (10) days before the effective date of such termination. In such event all finished or unfinished documents, data, studies and reports prepared by the Contractor pursuant to this contract shall become the County's property. Contractor shall be entitled to receive compensation in accordance 12. Insurance. A. In whole or in part, the Contractor shall secure and maintain for the term of its contractual relationship with the County such insurance policies, from companies licensed in the State of Colorado, as will protect itself, the County and others as specified from claims for bodily injuries, death, personal injury or property damage, which may arise out of or result from the Contractor's acts, errors or omissions. The following insurance coverage, at or above the limits indicated and including such endorse- ments as are indicated by an "X", are required: Statutory Workers' Compensation: Colorado statutory minimums 2. Commercial General Liability -ISO 1998 Form or equivalent (With County named additional insured) Each Occurrence Limit $1,000,000.00 General Aggregate Limit $2,000,000.00 Products/Completed Operations Aggregate Limit $2,000,000.00 Comprehensive Form (All risks) to include (place X by applicable provisions]: X_ Premises/Operations _ Underground, Explosion & Collapse Hazard X Products/Completed Operations X Contractual Liability X Independent Contractors and Subcontractors _X_ Broad Form Property Damage _X_ Personal Injury Business Auto Coverage: Combined Single Limit Liability (each accident) $1,000,000.00 Special Coverages (check as appropriate and insert amount): _ (1) Performance Bond Labor and Material Payment Bond _ (2) Professional Errors and Omissions (3) Aircraft Liability (4) Owner's Protective _ (5) Builder's Risk _ (6) Boiler and Machinery (7) Loss of Use Insurance (8) Pollution Liability (9) Crime, including Employee Dishonesty Coverage, or Fidelity Bond B. Proof of Insurance: 1. To provide evidence of the required insurance coverage, copies of Certificates of Insurance in a form acceptable to the County shall be filed with the County through the representative identified in Paragraph 5, no later than ten (10) calendar days prior to com- mencement of operations affecting the County. Failure to file or maintain acceptable Certificates of Insurance with the County is agreed to be a material breach of any contract. These Certificates of Insurance shall contain a provision that coverage afforded under the policies will not be canceled or materially altered unless at least thirty (30) calendar days prior written notice by certified mail, return receipt requested (effective upon proper mailing), has been sent to the County (through the County"s Risk Department). (For purposes of this provision, "materially altered" shall mean a change ~!"~$.?I':~z3a>f:~'f i ~€s~2~.~.~i;s::i~ t i~'~"~€'i ~'r'?.}~.}DS~i~ assessment, based on existing authorities, policies, programs and resources, and . its ability to expand on and improve these existing tools." The Hazard Mitigation Plan should cover the following: ^ Local Hazard Mitigation Goals • Identification and Analysis of Mitigation Actions • Implementation Plans of Mitigation Actions ^ Multi-Jurisdictional Mitigation Actions A primary goal of the Hazard Mitigation Plan is to identify prioritized funding needs to accomplish the mitigation goals. Plan Maintenance A Plan Maintenance Process is required to ensure that the Mitigatiaa: Plan remains Process an active and relevant document. It should cover the foNowing: ^ Monitoring, Evaluating, and Updating the Plan • Incorporation into Existing Planning Mechanisms • Continued Public Involvement Deliverables and Presentations The primary deliverable is aPre-Disaster Mitigation Plan that both meets the FEMA requirements and helps The Counties plan and fund for future hazard mitigation projects. The PDM Plan resulting from this engagement will, at a minimum: identify hazards, establish disaster planning goals and objectives, determine mitigation activities relevant to PitWn-Eagle Counties and produce aPre-Disaster Mitigation Plan meeting the requirements of 44 CFR Part 201.6 and industry best practices. The Team will insure there is ample opportunity for review so changes can be• made by the Project Managers. We will prepare a PowerPoint based presentation of the key findings, recommendations and budget Key milestones and deliverables resulting from this planning process will include: • Delivering templates and subject matter expertise to facilitate the comprehensive, prioritized identification of hazards relevant to the Pitkin-Eagle Counties • Providing the Pitkin-Eagle Counties an asset vulnerability list, description of estimated losses and mitigation activity list for each hazard • Providing a draft copy of the PDM Plan to the Pitkin-Eagle Counties for review • RAMP Project portal for the Counties to use for maintaining the Ptan, rolling out mitigation projects, and complying with FEMA requirements. After review of the draft PDM Plan, final changes will be made and a final copy of the plan shall be provided to the Pitkin-Eagle Counties. The completed plan will meet all FEMA requirements and allow the Pitkin-Eagle Counties to complete the planning phase in accordance with the November 1, 2004 deadline set by FEMA. A successful grant application under the Hazard Mitigation Grant Program (HMGP) will provide the justification for additional funding to implement approved mitigation controls. Project Activity Overview A goal of this project is to document a comprehensive PDM Plan and remediation budget that meets the criteria of Section 322 of the Disaster Mitigation Act of 2000 published by the Federal Emergency Monitoring Agency (FEMA) and 44 CFR Part 201.6 published February 26, 2002. The plan will identify hazards; establish community goals and objectives; and identify, prioritize and budget mitigation activities that are appropriate for Pitkin-Eagle Counties. Key areas to be considered are: Conditions Affecting Pitkin-Eagle Counties' Vulnerability • The Natural Environment (geology & topography, climate, vegetation) • Buildings Infrastructure ^ Bridges ^ Networks • Land Use ~^ Codes & Regulations 1 ,J Ili ~:..~`/"~i ~ri'<Z ~Se J ('P"~'-~iSc~S$"t" ~~~~#:f~1~:100 ~~;It ~=i"+(~€~Sc~~ ^ Planned development ^ Population Demographics -location of vulnerable populations • • Pitkin-Eagle Counties' Hazards (with maps and graphics as appropriate) ^ Presidential Disaster Declaratiorrs ^ Hazard Ranking and Methodolocy ^ Mitigation Capacity • Pitkin-Eagle Counties' Mitigation Planning • What each department does • Planning mechanisms and priority-setting processes • Recent mitigation-related accomplishments • Inter-departmental Mitigation Planning • Inter jurisdictional and Public/Prrvate Partnership Mitigation Partnerships • Current and Planned Mitigation t ~ ojects • Other Organizations ^ Public Schools • Emergency Operations/Direct Services Project Methodology To address Pitkin-Eagle Counties' goals the IPG Team has developed a phased project methodology. Our methodology utilizes arisk-based approach to plan development that includes research of the federal guidelines and a thorough analysis of the existing resources. The IPG Team PDM Planning methodology is structured in phases described below: PHASE 1: PROTECT CHARTER Obiectives• • Establish project team • Introduce Pitkin-Eagle Counties and IPG Team • Establish roles and responsibilities • Establish timetable and milestones • Identify required resources Activities: In this phase, we will coordinate the IPG Team and County project stakeholders, verify our information technology (IT) infrastructure for secure. project communications, and attend a contract kick off meeting with the Pitkin-Eagle Counties. At this initial meeting we will introduce our team, present our project plan and seek approval for project initiation. In coordination with the appropriate Pitkin-Eagle Counties' resources, we will also begin developing a contact list for surveys, interviews and other information collection activities. PHASE 2: ASSESS PITICIN-EAGLE COUNTIES Deliverables• • Gap Analysis between FEMA requirements and your current program • Inventory and collection of relevant documentation and information • Interview notes taken for closing gaps • Documentation of community involvement • Formal document that highlights each Counties background information, as required by FEMA Activities: Initially, we will revalidate our methodology and approach based upon guidance received at the Project Charter/kick off meeting. We will then review all relevant: • Federal and Pitkin-Eagle Counties guidelines for Risk Mitigation, Emergency Preparedness and Critical Infrastructure Protection • Emergency plans within Pitkin-Eagle Counties and stakeholders, including certain non-county organizations that impact the plan. • Asset and infrastructure identification and characterization • Means for community involvement, to include public notice, limited RAMP Portal access and public involvement in facilitated sessions Based on our meeting with Pitkin-Eagle Counties on Monday, May 10, 2004, we understand county staff has been surveyed for similar programs. The IPG Team is sensitive to your staff workloads and E:'I°~~..[...~iS?s~t" i'iB~:i~l€.~i"1 idi~i; ~t°~°~~~'~.~.~`~ "over-surveying". Therefore, we will take a low impact approach for Phase 2 and Phase 3. Key steps in this phase include: • Review current documentation and prior survey information • Develop a Gap Analysis between FEMA requirements and your current documentation ^ Interview staff to close gaps and create a profile of the P'stkin-Eagle Counties ^ Conduct a (maximum) 2 hour public awareness and involvement session, if one has not been done in prior projects. This can be done as a single event, or part of another periodic community outreach event the Counties already have in place. It is a FEMA requirement. If Community involvement in similar activities has already taken place; we will adapt that documentation to the FEMA requirements. • , Document background information of critical infrastructi=re and hazards using templates and expert guidance. PHASE 3: ASSESS HAZARDS Deliverables: ^ Gap analysis between current documentation and what is required by FEMA ^ Listing of validated hazards, with potential for impact • Document previous occurrences and probability of future events ^ Overview of current mitigation plans and their impact on above hazards • A Composite Hazard Map that meets FEMA and best practice guidelines Activities: Similar to Phase 2 above, we will take a low impact approach to minimize unnecessary or repetitive processes for County staff involvement. We will leverage the work done for other similar projects and query staff on the gaps only. Key steps in this phase include: • Review current documentation of all-hazards • Identify, validate and rank hazards • Describe potential hazard locations and their extent • Describe previous occurrences • Describe probability of future hazard events • Identify current mitigation projects/programs/plans ^ Identify gaps to best practices • Assess risk.to community critical infrastructure PHASE 4: MITIGATION STRATEGY Deliverabies• ^ A Mitigation Strategy Document that highlights each hazard considered, to include: o Alternative strategies considered o Details of the evaluation o Reasoning for selecting the preferred strategy Activities- With the Pitkin-Eagle County team, we will facilitate a discussion on alternative mitigation strategies for each considered hazard. Some of these hazards may be addressed in pending projects, or in the development of other EO plans. In these circumstances, we will adapt that documentation and evaluation process to this application. The facilitated discussion will address only those hazards the Counties do not feel have been adequately addressed, or for those which future FEMA funding wilt be sought. The IPG Team wilt prepare a draft Mitigation Strategy document for your review and finalize it based on your feedback. PHASE 5: MITIGATION BUDGET Deliverabies• • A Prioritized Mitigation Budget aligned to the strategy above. o It will include a cost comparison of alternatives. For some costs, a more qualitative (high/medium/low) estimate wilt be given o The document will align the budget to alternative funding sources Activities~ During the facilitated discussions on the Mitigation Strategy, The IPG Team will also gather budget estimates for alternative strategies. We will confirm these budgets as reasonable base on industry ~; _ ~; . and best practice standards, though they will be approximations. The Prioritized Mitigation Budget document will follow a format whereby each considered hazard will reflect the costs of all alternatives. Each will also reflect potential alternative funding sources. PHASE 6: PDI~ PLAN DOCUMENTATION Deliverables• ^ Drafts of the PDM Plan for review. Key sections include: o The Pitkin-Eagle County planning process -how it was prepared, who was involved, how was the public involved o The results of the review of existing plans, studies, reports, and technica° information o Identified hazards o Mitigation strategies o Mitigation budget estimates o Plan adoption documentation o Plan Maintenance program Activities: Documents are revised as they are being worked by each team member based upon the research and analysis of federal procedures and statutes and information obtained from Pitkin-Eagle Counties' agencies and stakeholders. This is an iterative process. Early drafts will be regularly provided to the Pitkin-Eagle Counties for review and comments. Our subject matter experts pertorm a key function by applying their skills, knowledge and abilities to every aspect of the documents we are tasked to revise. We will ensure that formatting is consistent across the final document and its supporting appendices. Qualified editors will thoroughly review each document. PHASE 7: REVIEW AND APPROVAL Deliverables• • A Final PDM Plan for FEMA Approval Activities: The draft document wilt be reviewed by Pitkin-Eagle Counties, select stakeholders and IPG Team subject matter experts to ensure that the plan meets or exceeds FEMA requirements. The final draft will be created following consultation and input. The Final PDM Plan needs to be approved by the Counties governing bodies before submission to FEMA. The IPG Team supports this as needed. PHASE 8: PLAN MAINTENANCE PROGRAM Deliverables• ^ RMAP Portal Hosting and Maintenance Activities: Although FEMA will do a formal review of the Pitkin-Eagle PDM Pian in five years, they expect you to have a continual maintenance program in place. The RAMP Portal, described elsewhere in this proposal, is used by the IPG Team and Pitkin-Eagle team to manage this project. It is an ideal and vital component for the Counties to continue to maintain and enhance the Plan. The IPG Team will host the RAMP Portal until November 2, 2005, after which the counties may renew the hosting arrangement. ~; , .. 1 C'~)~,~rl~'°t35~j'" t~~il~.~~~r~l„l~l~ ~~&t'I 'I"d~~{'3~i~~ Services, Fees and Estimated Time-Line The IPG Team will begin work under this Request for Proposal on a mutually agreeable timeframe sufficient to meet the Counties' deadline and planning requirements Activity Fees , ,, ^' :.~' ~~,.~ ~4; ~ ~ S` ar 1 - ; ;.r $ 2,250.0 Project kickoff event to align teams, establish timeframes and : i;r .. r °:! review project phases ~ .Y (.j ~ + - _ __ _. "r _.._._ ~. _ ~4.." Deploy RAMP Project Portal x z. 5 i+ 4 ~, y , ~ „ ~~F ,~ ;;.~,~ n,~. . _ $ 4,500. Review cun'ent documentaiton and prior survey information Develop Gap Analysis between FEMA requirements and your current documentation Interview staff to dose gaps and create profile Document critical infrastructure Identify, validate and rank hazards and describe bcations Describe previous occurrences and probability of future hazard events Identify current mitigation projects Identify gaps with best practices and assess risk to infrastrudure Develop Cost Comparison of aRemative strategies _ ___. Align budget requin~nents to funding sources ~^_~T ~ ,^ J ~^". ~_, Final report and collaboration on final documentation Meet with The County stakeholders to align and communicate findings. $ Host the RAMP Portal to streambne plan maintenance. Hosting for 1 year is induded. Antidpated cost thereafter is $15(Nmth $ 18, ~~ ~ n.s r-~~~'s~~~tr ~dli~:i~~~:ic~l~ ;~~~-~t~~ ~i'~t~~i The RAMP Portal The IPG team has a combined public service experience of 75+ years. The team has the depth of resources required to address and mitigate unexpected contingencies. The project wi{I be managed through the RAMP© portal, and example of which is illustrated in the following future: FIh~~ 1 Ri~ Haar 3tic~a~aiiZ _ . T~De co qtr ~w~eys aJ~Fter tae, The Risk Analysis and Mitigation Portal (RAMP©) Coalfire has developed a portal that incorporates tools to streamline the project and ensure that all stakeholders are kept current with project progress, issues and resolution. RAMPp combined with on- site visits optimize our total staff hours to deliver high value by eliminating management and data collection overhead once done by hand. RAMPp not only delivers rapid assessment results and remediation planning, but it also becomes an important element of an on-going planning and mitigation activities. The portal is Internet-enabled, and all Pitkin- Eagle Counties' project stakeholders have role-based, secure access to the portal to monitor project progress, review draft deliverables, communicate to the project team and contribute to project: activities. Pre-developed modules, include: • Risk management survey tools based on KIST 800-30 Survey for compliance to Pitkin-Eagle Counties and Federal regulations, inducting technical, physical and administrative control metrics Gap identification and analysis based on survey findings • Tools providing guidance for accelerated Business Continuity Planning review and program update Tools guiding Change Management processes improvement • Remediation planning tools, inducting tools and templates providing capital expenditures and operating expenses budget impact for targeted levels of remediation • Executive and engineering level reporting based on assessment outcome, including charts and graphs indicating levels of compliance i~r~~i~~~r ~~I~i~~i~i~a ~~~~ ~`r°~~~a~~;~~ • Project management portal for coordination of all project activities and communications integrated with Microsoft Project tools • Compliance verification and validation platform for on-going program adjustment and improvement Issue Tracking and Reporting The IPG Team manages issue resolution based on the notion of ownership. Through ownership and tracking, issues are not ignored. ,Project issues will be posted on the I2AMP© portal and may be viewed by all authorized Pitkin-Eagle Counties and IPG Team members and other project stakeholders. Issues will be assigned to appropriate team members and tracked to resolution on the portal. Experience and Staff Bio's The IPG Team has a clear understanding of the goats and objectives of the project and significant experience identifying hazards, risks and vulnerabilities and prioritizing mitigation based on probability, severity of impact and available financial resources. We understand that our evaluation and subsequent development of aPre-Disaster Mitigation Plan will include Pitkin-Eagle Counties and some municipalities therein, and our role will be to: ^ Leverage the Counties' existing resources, finandal and otherwise, and guide the development of the Plan ^ Identify and organize technical experts, mitigation stakeholders (including the Pitkin-Eagle Counties Offices of Emergency Services) and the public to participate in the risk mitigation planning process. • Recognize hazards and estimate potential hazard losses to Pitkin-Eagle Counties' assets and infrastructure. ^ Develop a mitigation plan that prioritizes hazard risks and outlines means to avoid or minimize the undesirable results of those risks. ^ Outline a mitigation plan implementation strategy and a plan monitoring/updating strategy. Develop a mitigation budget based on the findings. The IPG Team is experienced in emergency response and preparedness planning. The Team's methodology, outlined below, meets federal guidance and Industry best practices, and desa-ibes the cost-effective approach to effective, comprehensive Pre-Disaster Mitigation planning. This approach is aligned to the Robert T. Stafford Disaster Relief and Emergency Assistance Act, and results in deliverables that meet FEMA grant requirements. The IPG Team has a 'best-in-class' knowledge of the Pre-Disaster Mitigation Planning process and the issues facing t~itkin-Eagle Counties. The capabilities of the IPG Team are supported by our Risk Analysis and Mitigation Portal (RAMP©), which is designed to insure that the required activities are scheduled, assigned and completed on schedule. The IPG Team wilt draw from a pool of subject matter expertise and will provide proven information security knowledge coupled with technical capability, local support, and competitive pricing resulting in the best overall value to Pitkin-Eagle Counties. The team we have assembled for this task is experienced in alt facets of risk management and emergency response and is well schooled in research, analysis and documentation of such issues. Our time-tested approach is to employ a core technical writing team supported by subject matter experts. This process provides the most cost effective method to produce a quality result for Pitkin-Eagle Counties. Our subject matter experts work in their respective fields on a day-today basis, and have successfully completed similar projects for other jurisdictions. IPG Team has a team of 25 professionals to draw on for this project. This depth of talent gives us the flexibility to overcome unforeseen arcumstances (e.g. sickness, injury) and complete the project on- time and on-budget. Same of the expertise we can bring to the project is listed as follows: ;` l ~.''f ~J€1=~ ': t ~v -':CJs'- `3 ter-l~i~a~i~r ~~~~~i~a:icar~ ~~r~ :~i"~~a~~( Plannin ,Direction & Control SMc Counter-terrorism SME Law Enforcement SME Medical, Decontamination (SME) Professional En ineer SME Certified Emer en Mana ers CEM Cyber Security SME Public Affairs SME Chemical t HAZMAT SME Public Health SME RELEVANT TEAM EXPERIENCE The IPG team consists of law enforcement, legal, emergency response, engineering and information technology specialists with processes and methodologies specifically adapted to emerging state and national guidance and best practices. The IPG team has applied its proven methodologies and ~`~_ rocesses to roduce successful resuh, for en a ements sucn as nose m me ro~~or+~~~ ~a~~~. .- . s- The North Central Region is a collection of 10 counties organized to meet emergency planning guidance defined by the State of Colorado and the Department of Homeland Security. The IPG Colorado North Central Region Team Team members were awarded a contract to develop a regional emergency preparedness plan with a focus on response to weapons of mass destruction incidents. Provided design input under contract to the CDC Center for Disease Control and for the Specimen Tracking and Reporting Prevention System (STARS) for bioterrorism preparedness and res onse. Conducted an emergency preparedness assessment focused on bioterrorism response State of Iowa readiness conforming to the Health Alert Network and the National Electronic Disease Surveillance S stem NEDSS . Conducted surveys and data analysis preparing the State of Florida to conform to the Center for State of Florida Disease Control and Prevention's technical s ecifications for bioterrorism res onse. Provided detailed assessment and planning Colorado Department of Public activities to help the CDPHE comply with Health and Environment (CDPHE) requirements emerging under the Homeland Securi De artment directives. Develop planning guidance Co meet Disaster American Water Works Preparedness, Recovery and Response Association Research Foundation requirements for the national water utility sector. Contributing author to the after-action report submitted to Congres describing lessons learned U.S. Postal Service and remediation guidance in response to the 2001 anthrax attack. State-wide IT Security Assessment, to include State of Oklahoma compliance to federal FISMA/GISRA and HIPAA corn liance. Project Team The IPG Team offers the following unique values to Pitkin-Eagle Counties: ^ Project Responsibility and Accountability. The IPG Team will maintain total responsibility and accountability to Pitkin-Eagle Counties for the execution of the project under the terms of the contract. Mr. John Mencer, Senior Member of the Infrastructure Protection Group will be the primary executive sponsor and contact for Pitkin-Eagle Counties officials. Mr. Kennet Westby of Coalfire has full authority and responsibility to manage and execute the Information security assessment during implementation • Project Organization Structure. The IPG ? eam organization is structured to allow flexibility and efficiency in ensuring the availability of the subject matter and project execution resources when required while maintaining core functions with clearly defined lines of authority, roles, and responsibilities. John Mencer, Senior Member, The Infrastructure Protection Group, LLC (Project Co- Manager) John Mencer was a Special Agent of the Federal Bureau of Investigation (FBI) from July, 1978 until his retirement in May, 2002. During his career, he served in Newark, NJ, at FBI Headquarters in Washington, DC and in the Denver Division. He has management and investigative expertise in many areas, induding Computer Crimes, Critical Infrastructure Protection, Tercorism, Foreign Counterintelligence, White Collar Crime and Privacy Law. During his assignment to the Denver Division, he supervised a White Collar Crimes Squad, the multi-agency Metro Gang Task Force and he founded and organized the division's first Cyber Crimes Squad. The squad's mission inGuded primary responsibility for critical infrastructure protection, computer intrusion and Cyber-terrorism investigations, Intemet fraud, intellectual property rights crimes and computer forensic examinations. Mr. Mencer also founded the Denver Chapter of InfraGard and co-founded the Colorado Regional Computer Forensic Laboratory. He is a member of the Board of Advisors of the Rocky Mountain Center for Homeland Defense at Denver University. Mr. Mencer has a ]uris Doctor degree and a Masters of Science in Fnnancial Planning. He is admitted to the bars of the states of New Jersey and Pennsylvania. His Top Secret clearance level has been reinstated by the FBI. Kennet Westby, CISSP, CISM, Coalfire Systems, Inc. (Project Co-Manager) Kennet is a founding partner with Coalfire and is a Senior Security Strategist. Mr. Westby brings 15 years of IT security, architectural design, application development, e-business project management and EAI experience to the team. He was previously the Chief Operating Officer for a global managed application hosting company with secure data centers located in Europe, Asia and the US where he provided both technical and operations leadership. Over the last two years Mr. Westby has lead numerous risk based compliance assessments across multiple industries for government, public and private clients. Compliance and Regulatory initiatives Mr. Westby has lead include HIPAA, GLBA, SEVIS, Sarbanes Oxley, Ail Risk Hazard Mitigation and USA PATRIOT Act. Kennet was selected as one of the nation's top 100 CIO's by CIO magazine. He is considered an industry leader in "e-business" and has presented as a Keynote speaker at some of the largest industry forums including Intemet World and Comdex. Kennet founded and operated as COO/CIO; the world's largest pharmacy e-business network and portal. He has worked with Microsoft on numerous key projects including the Security Auditing Framework for Microsoft partners. Kennet has worked as a consultant and project manager on Healthcare, Financial, ISP, ASP and EAI initiatives for numerous fortune 1000 companies. Mr. Westby holds a Bachelors of Arts from Seattle Pacific University where he majored in Business Administration and is a Certified Information Systems Security Specialist (CISSP} and Certified Information Security Manager (CISM). r0-~ISB~i" i@('€~in3~:lt~I"1 f~ic~i'I ~'i"O~}C~S~~ 7eff Baer, Network and Systems Engineer, CISSP, MCSE, CCNA, NSCA, Coalfire Systems, Inc. Mr. Baer is a Senior Security Systems and Technical Assessment Engineer for Coalfire Systems, He started his career as the lead Network and Systems Engineer for a regional ISP in Oklahoma. He designed and deployed ISP services used by commercial accounts in Arkansas, Kansas, Oklahoma and Texas. Mr. Baer subsequently joined Nupremis, Inc, a global Application Service Provider (ASP) to design and deploy secure enterprise storage and applications through highly redundant data centers located Hungary, Germany, England, the U.S. and The Philippines. Mr. Baer is the Director of Security Engineering at Coalfire Systems, Inc. He leads a team of engineers in performing security assessment, network and systems architectural assessment, vulnerability analysis and remediation support for the healthc:a_ re, financial services, and government sectors. He recently supported a company through,a forensic investigation for a Congressional hearing following a cyber attack on a national financial services company. He holds numerous industry certifications for Network, Systems and Security Engineering from Compaq, Cisco, NetScreen, NetIQ and others. He attended the University of Oklahoma. Rick Dakin, Senior Security Strategist, Coalfire Systems, Inc. Mr. Dakin is a recognized industry leader in Information Technology Security assessment strategies, including risk assessment and policy development for the healthcare industry. He has designed and deployed risk management plans for agencies and regulated commercial concerns throughout the nation. Mr. Dakin presents regularly to national audiences interested in administrative and technical solutions meet emerging regulatory requirements for information security and privacy imposed by HIPAA, GLBA and the U.S. Patriot Act II legislation. Prior to founding Coalfire, Mr. Dakin was the Chief Operating Officer for a global Application Service Provider (ASP) hosting company with clients, such as EFTC, Inc. (now Suntron), that required secure, reliable access to enterprise applications. Mr. Dakin lead a team of professionals that designed and deployed four (4) enterprise-class, secure data centers in Boulder, Colorado, New York Gty, London and Budapest. He was also a key member of the design team that architected a broadband wireless ISP in Manila, BroadbandPhilipines.com, and the IP network, hosting facility and security program for largest Spanish cable telephony operator in Spain, Ono. To prepare for the rapid selection, design, deployment of mission critical data centers throughout the world, Mr. Dakin worked closely with Cisco, Compaq and Microsoft to develop the first truly reliable three tier web hosting architecture which Compaq later named DISA. This revolutionary platform, designed by Mr. Dakin and his team in 1995, provided the architecture foundation for web hosting at Qwest. This highly reliable platform was later adopted by US West as the web-based Y2K inventory management platform Mr. Dakin and his technical team developed for the 14 states served by US West. Mr. Dakin holds an engineering degree from the U.S. Military Academy West Point and an MBA from the University of Oklahoma. Timothy R. Gablehouse, 7D Tim Gablehouse practices environmental law primarily in the areas risk management, emergency management, emergency response, business continuity and accident prevention. These activities have been extended into public service where he has been appointed by the Governor as a member of the Colorado Emergency Planning Commission, also the Chair of the Local Emergency Planning Committee - Citizen Corp Council for Jefferson County, Chair of the Hazardous Materials Training Advisory Committee, and facilitator of the DO] Equipment Grant Review Committee. Mr. Gablehouse is actively involved in administration and enforcement of emergency planning, response and community right-to- know programs. He serves as a member of the Federal Advisory Committee for EPA on Accident Prevention and was a participant in EPA's Presidential Review Stakeholders Conference on EPCRA. He is also a member of the Board of Directors of the Denver InfraGard Chapter, a national organization affiliated with the Federal Bureau of Investigation which has the primary mission of protecting the nation's critical infrastructures. Mr. Gablehouse received the 1994 Colorado Emergency Management Association President's award and the inaugural State of Colorado's Leonard Boulas Haz Mat Award in 1999. Internationally, Mr. Gablehouse was recently a speaker at the OECD Workshop on Chemical Emergency Preparedness and ,! I c~; .~r4 (c:IPG Pace !? Response, cosponsored by the Government of Finland and UN/ECE held at Lappeenranta, Finland, and the Workshop on Communication Related to Chemical Releases Caused by Deliberate Acts, cosponsored by OECD, NATO, OPCW, REMPEC/IMO, UNECE, UNEP and WHO held at Rome. He was also a speaker at the Regional Southern African Workshop on APELL, sponsored by UNEP and held at the University of Natal in Durban, South Africa. Representative projects include astate-wide hazardous materials capacity and risk assessment study for Colorado, an implementation guidance and video on risk management planning used through EPA Region 8, and Chair of the Expert Peer Review Committee for the EPA/OS!iA Joint Chemical Accident Investigation Report regarding a major chemical accident at Napp Technologies, Inc., Lodi, New Jersey. Mr. Gablehouse is a frequent speaker at local, state, national and international conferences on erpergency planning and response. He has )uris Doctor and MBA degree ~ from the University of Denver, and an undergraduate degree in Environmental Biology from thc, University of Colorado. .. ~;~r~ } OFFICE OFTHE COUNTY ATTORNEY (970)328-8685 FAX: (970) 328-8699 www.eaglecounty.us f~GL~ COUNTY September 10, 2004 Ken Ballard Coalfire Systems, Inc. 1000 S. McCaslin Blvd., Suite 120 Superior, Colorado 80027 Re: Eagle County Pre-Disaster Mitigation Planning Dear Ken: Barry Smith is back in town and I was able to finalize the above-referenced agreement. Because of the delay, I changed the dates on the first page. I also eliminated the reference to the Project Budget and Schedule in paragraph 3 as this must have been a left over from the Pitkin Agreement. I simply referenced compensation in accordance with the Contractor's attached proposal. I am scheduling this on the Board of County Commissioner agenda as soon as possible. Please again execute the enclosed agreements and return to me at your earliest convenience. I will have a fully executed copy returned to you upon Commissioner signature. Thanks for your patience and efforts to date. Sincerel ~r-'-'-"- ~. ~.~ Bryan Treu Assistant County Attorney Eagle County Building, 500 Broadway. ; ~~. Box 850, Eagle, Colorado 8 1 63 1-0850 iii OFFICE OFTHE COUNTY ATTORNEY (970) 328-8685 FAX: (970)328-8699 www.eaglecounty.us ~r~GL~ COUNTY September 27, 2004 Ken Ballard Coalfire Systems, Inc. 1000 S. McCaslin Blvd., Suite 120 Superior, CO 80027 Dear Ken: ~~~- X05-~~ Enclosed for your records is an original Agreement between Eagle County and Coalfire Systems, Inc. regarding pre-disaster mitigation planning. Please do not hesitate to contact me if you have any questions. Very truly yours, Bryan Treu Assistant County Attorney BRT:pn Enclosures Eagle County Building, 500 Broadway, P.U. Box 850, Eagle, Colorado 8163 I -0850