The URL can be used to link to this page

Home My WebLink AboutECAT19-007 Rhize TechFIRST AMENDMENT TO AGREEMENT BETWEEN EAGLE COUNTY AIR TERMINAL CORPORATION AND RHIZE TECH THIS FIRST AMENDMENT (“First Amendment”) is effective as of _________________, by and between Rhize Tech, a Colorado limited liability company (hereinafter “Consultant” or “Contractor”) and Eagle County Air Terminal Corporation, a Colorado non-profit corporation (hereinafter “ECAT”). RECITALS WHEREAS, ECAT and Consultant entered into an agreement dated the 14th day of May, 2019, for certain Services (the “Original Agreement”); and WHEREAS, the Original Agreement contemplated that the Consultant would perform certain duties with compensation in an amount not to exceed $ 25,000; and WHEREAS, ECAT and Consultant desire by this First Amendment to expand the scope of Services and compensation as set forth in the Original Agreement, to add terms and conditions accordingly, and to extend the term of the Original Agreement. FIRST AMENDMENT NOW THEREFORE, in consideration of the foregoing and the mutual rights and obligations as set forth below, the parties agree as follows: 1. The Original Agreement shall be amended to include additional Services as described in Exhibit 1, which is attached hereto and incorporated herein by reference. 2. The compensation for the additional Services set forth in Exhibit 1 shall not exceed $72,000 or a total maximum compensation under the Original Agreement and this First Amendment of $97,000. 3. The Original Agreement shall be amended to include additional terms and conditions, as set forth in Exhibit 2, which is attached hereto and incorporated herein by reference. 4. The Term of the Original Agreement is extended to July 31, 2020. 5. Capitalized terms in this First Amendment will have the same meaning as in the Original Agreement. To the extent that the terms and provisions of the First Amendment conflict with, modify or supplement portions of the Original Agreement, the terms and provisions contained in this First Amendment shall govern and control the rights and obligations of the parties. DocuSign Envelope ID: 6CF4D5A9-1532-4F03-BA28-85B5DC86ABD7 8/6/2019 ECAT AM Scope Comp Final 5/14 6. Except as expressly altered, modified and changed in this First Amendment, all terms and provisions of the Original Agreement shall remain in full force and effect, and are hereby ratified and confirmed in all respects as of the date hereof. 7. This First Amendment shall be binding on the parties hereto, their heirs, executors, successors, and assigns. IN WITNESS WHEREOF, the parties hereto have executed this First Amendment to the Original Agreement the day and year first above written. EAGLE COUNTY AIR TERMINAL CORPORATION By: ______________________________ Jeff Shroll, Secretary CONSULTANT By: _____________________________________ Print Name:______________________________ Title: ___________________________________ DocuSign Envelope ID: 6CF4D5A9-1532-4F03-BA28-85B5DC86ABD7 CEO Terry Williams EXHIBIT 1: ADDITIONAL SERVICES General Overview ECAT is contracting with Rhize Tech (Contractor) to provide after-hours support for the network and computing environment supporting the Amadeus shared gate technology (System). This includes issues that require remote or on-site response outside of normal working hours for Eagle County IT staff (ECG IT). Contractor staff will be acting as an extension of the ECG IT team covering early morning, nights, weekends, and holidays. Additionally, the Contractor will 1) proactively monitor overall System availability and 2) perform ongoing upgrades of in scope infrastructure. Contractor will actively work with both Amadeus support and ECG IT as issues are identified, and will document any System changes appropriately. Scope Of Services Supported System Infrastructure includes two host servers, one management server, 9 network switches, one Storage Area Network (SAN), and System related backups. System Infrastructure Monitoring Scope: Devices in scope will be monitored for up/down status at a minimum. If additional information is capable of being monitored within Rhize Tech’s monitoring solution, software for automated alerting attempts shall be made to do so. ● External data circuit availability. ● Airport network (EGE) network availability. ● System infrastructure performance concerns. ● Firewalls: Basic monitoring for up-down status and alerting only. Device health issues and alerts will be resolved Virtualization Management functionality and management to allow for guest virtual machines to properly access and utilize all underlying data center networking and storage technologies such as routers switches and additional technologies that may be acquired are Included. Device health issues and alerts will be resolved. ● Virtual Hosts: Device health, critical alerts, networking management and device management included ● Virtual Guests: Guest health, critical alerts, networking management, and device management DocuSign Envelope ID: 6CF4D5A9-1532-4F03-BA28-85B5DC86ABD7 ● Route/Switch: Full management and support of switches that include system functionality, programming and network SSID management is covered. Device health issues and alerts will be resolved. ● Device management: to include capacity monitoring, storage availability. (Pools/LUN/availability groups, etc) and all aspects of device health is covered. ● Event logs for in scope devices are to be reviewed for critical alerts Event logs for in scope devices are to be reviewed for critical alerts Proactive / Maintenance. Specific examples of covered events include: ○ Proactive third-party patching for servers and supporting software (in conjunction with Amadeus and ECG IT). ○ Server Hardware issue - Calling in and replacing failed hard drives. ○ Network hardware issue - Calling in and replacing failed network equipment. ○ Troubleshooting connectivity issues for external circuits. Including calling vendor and opening support tickets. ○ Helping Amadeus 2nd level support and above as needed to address major support issues. Patching The patching process for all devices is to utilize only the most current stable release from the manufacturer that will not risk the stability of the environment. Contractor will maintain, support, and patch (quarterly) listed technologies and uphold listed SLA and will also provide testing and capacity planning. Documentation Update network documentation will be kept by the contractor to include device name, location, production IP address(es), management IP address(es) SNMP credentials and purpose for all in- scope devices. Yearly License and support contract review for cloud-managed (switch & router), virtualization environment, and storage are sufficient for the forthcoming budget year including: ● Verify available port count per device (Routers/Switches) is sufficient for foreseeable events. ● Available capacity on storage systems is sufficient for foreseeable events. ● Available compute resources on server systems are sufficient for foreseeable events. ● Recommendations completed prior to Eagle County’s annual budget season. ● Quarterly reporting (QBR) and recommendations for potential issues identified during normal network management operations. DocuSign Envelope ID: 6CF4D5A9-1532-4F03-BA28-85B5DC86ABD7 Expectations, Requirements, and Restrictions Contractor will complete any research necessary to avoid recommending the purchase of unnecessary devices by identifying areas where existing equipment may be over-allocated and better utilized elsewhere through the capacity Planning process. ECAT will then, at their own discretion opt to purchase and sufficiently license the recommended devices. All software and hardware must be properly licensed, and under an active support contract (Rhize Tech will not support end of life or unsupported hardware or software) ● Modifying permissions to network shares, granting access to devices, secured networks and other general user/staff entitlements to remain the sole responsibility of ECG IT. ● Rhize Tech will only grant themselves additional access needs in emergency situations where the IT team is unreachable after waiting 20 minutes for a response. ● Rhize Tech staff will be authorized sufficient management level access to complete their responsibilities listed in this scope of work on all devices but will adhere to the same entitlement process as general staff. ● Rhize Tech will adhere to any change management procedures as required. ● Rhize Technicians will maintain active airport security badge. Service Level Agreement (SLA) ● Priority 1 – Critical: means an existing Network or Environment down or there is a critical impact to EndUser’s business operation. Airport Authority personnel and Contractor personnel both will commit full-time resources to resolve the situation. ● Priority 2 – High: means operation of an existing Network or Environment is severely degraded or significant aspects of End User’s business operation are negatively impacted by unacceptable Network or Environment performance. Airport personnel and Rhize Tech both will commit full-time resources during Standard Business Hoursto resolve the situation. ● Priority 3 – Medium: means the operational performance of the Network or Environmentisimpaired, although most business operations remain functional. EndUser and Rhize both are willing to commit resources during Standard Business Hours to restore service to satisfactory levels. • ● Priority 4 – Low: means information is required on Rhize product capabilities, installation, or configuration. There is little or no impact on EndUser’s business operation. EndUser and Rhize both are willing to provide resources during Standard Business Hours to provide information or assistance as requested. DocuSign Envelope ID: 6CF4D5A9-1532-4F03-BA28-85B5DC86ABD7 All priority 1, 2, and 3 issues need to be reported to both ECG IT and Amadeus by email within two hours of notification. Target Response Time: ● Priority 1 – Critical respond within 2 Business Hours ● Priority 2 - High respond within 4 Business Hours ● Priority 3 – Medium 12 Business Hours ● Priority 4 – Low 24 Business Hours Hours Covered under SLA: Weekdays 6:AM to 8:AM, and 5:PM to 11PM Weekends 6:AM to 11:PM Holidays as recognized by Eagle County Government from 6:AM to 11:PM Issue Resolution and responsibilities AIRPORT AUTHORITY The local AIRPORT AUTHORITY Support staff are responsible for handling the initial call from AIRPORT AUTHORITY’ s customers or AIRPORT AUTHORITY Operations recording the issue and escalating it to the appropriate party. Typical level 1 support issues handled by the airport staff include individual PC hardware or power issues and printer Jams and equipment failures that can be handled by replacing with spares. Price Matrix Prices are per device per month for each device type monitored. Product Description Suggested Price Discounted Amount Override Price Managed Meraki Switch $150.00 $55.00 $95.00 Monitored Palo Alto Firewall $400.00 $305.00 $95.00 Managed Virtual Host $400.00 $305.00 $95.00 Managed Virtual Guest $165.00 $70.00 $95.00 Managed End Point $165.00 $105.00 $60.00 Managed SAN $275.00 $180.00 $95.00 Managed Circuit $200.00 $105.00 $95.00 Network Printer $25.00 $25.00 $0.00 Out of Scope Items (but can be provided at T&M rates) DocuSign Envelope ID: 6CF4D5A9-1532-4F03-BA28-85B5DC86ABD7 ● Firewall changes, troubleshooting, configuration. No remediation issues of firewalls are included in management. Nor does it include VPN troubleshooting or configuration. ● Rhize Tech is not responsible for material purchases - Additional hardware needs are to be recommended by Rhize Tech as part of the Capacity Planning offering. ● All net new hardware-software will require professional services fee for Rhize Tech installation ● Virus and malware remediation ● Disaster Recovery ● Data breach/security remediation activities. ● Wireless surveys ● Phone system programming ● Call routing/phone trees or voicemail, Analog Voice Gateways ● Overhead Paging system ● DNS & DHCP management, IP Address Management and DHCP functionality) ● Active Directory management or support. ● HVAC (Heating, Ventilation, Air Conditioning) ● Power ● Issues arising from Force Majeure DocuSign Envelope ID: 6CF4D5A9-1532-4F03-BA28-85B5DC86ABD7 EXHIBIT 2: ADDITIONAL TERMS AND CONDITIONS A. Data Protection. Consultant shall not access ECAT or Eagle County Data, except (1) in response to service or technical issues; (2) for proactive service and problem resolution; (3) for the purpose of performing its obligations under the Agreement this Agreement; or (4) at ECAT’s written request. Consultant agrees to keep confidential all ECAT and Eagle County Data, and Amadeus configuration information, and agrees not to sell, assign, distribute, or disclose any such information to any other person or entity without seeking written permission from ECAT and Eagle County. For purposes of this Section A of Exhibit 2, ECAT and Eagle County Data means all information, whether in oral or written (including electronic) form, created by or in any way originating with ECAT or Eagle County and End Users, and all information that is the output of any computer processing, or other electronic manipulation, of any information that was created by or in any way originating with ECAT or Eagle County and End Users, in the course of using and configuring the Software, Equipment and Services provided under this Agreement. For purposes of this Agreement, End User means the individuals (including, but not limited to employees, authorized agents of ECAT and Eagle County; third party consultants; any governmental, accrediting or regulatory bodies lawfully requesting or requiring access to any Services; customers of ECAT or Eagle County provided services such as third-party airlines, charter carriers, non-hosted carriers and other flight operations at the Airport; and any external users collaborating with County) authorized by ECAT or Eagle County to access and use the Software, Equipment and the Services provided by Consultant under this Agreement. B. Third Party Remote Access. Consultant agrees to comply with ECAT’s policy for third party remote access to ECAT and Eagle County computing resources. Specifically, Consultant shall ensure that due care is exercised with the management of its devices used to connect to ECAT’s or Eagle County’s network. It is imperative that any remote access connection used to support ECAT’s systems be utilized appropriately, responsibly, and ethically. Therefore, Consultant agrees to observe the following rules surrounding the utilization of third party remote access tools: (1) All remote computer equipment and devices used by Consultant for accessing ECAT or Eagle County systems will institute reasonable security measures. At a minimum, Consultant’s source devices used to access ECAT or Eagle County systems should be properly secured with unique strong passwords; current antivirus software; and up to date operating systems; (2) In no instance shall Consultant’ s employees or subconsultants provide their individual login credentials to anyone, including their co-workers or Eagle County staff; (3) Consultant is responsible for immediately advising Eagle County’s IT Department to revoke remote access privileges upon the termination of any employee or subconsultant with Eagle County login credentials. At no time shall Consultant download, share, or distribute ECAT or Eagle County data without the explicit authorization of the relevant ECAT or Eagle County LOB application system owner; (4) Any software support tools installed by Consultant on Eagle County’s network should be documented and communicated to the Eagle County IT Department. This includes remote access software, backdoors, and any tools used for administering Eagle County system resources. All third party software installed on ECAT or Eagle County systems should be legally obtained and have proper licensing; (5) Standard proactive business application software maintenance upgrade requirements should be coordinated and scheduled well in advance with the Eagle County IT Department. All configuration changes made to ECAT or Eagle County systems or environment should be documented and tracked. DocuSign Envelope ID: 6CF4D5A9-1532-4F03-BA28-85B5DC86ABD7 C. Data Breach. Consultant will respond to, contain and remediate security incidents, using commercially reasonable efforts, on a 24 hours a day, 7 day a week basis. Consultant shall notify ECAT of security incidents within twenty-four (24) hours of becoming aware of an actual incident involving ECAT or Eagle County Data. An “incident” is a breach of data protection, confidentiality, data integrity or a security compromise of a network or server resulting in the unauthorized access, use, transfer or acquisition of ECAT or Eagle County Data. Consultant shall inform ECAT about incident response activities in reasonable intervals until the incident is resolved, which may include documenting and keeping ECAT reasonably informed of all investigative and recovery efforts related to any such incidents, including discovery, investigation and containment, recovery, use of data and experience for gap identification and process improvement, mitigation plans, and cooperation with law enforcement, if legally permissible, as reasonably appropriate. q. Breach Responsibilities. Unless otherwise stipulated, if a data breach is a direct result of Consultant’ s breach of its contractual obligation in Section XYZ to prevent the unauthorized release of ECAT or Eagle County Data ( a “ Data Breach”), Consultant shall bear the reasonable and documented costs associated with (1) the investigation and resolution of the Data Breach; ( 2) ECAT’s notifications to individuals, regulators or others as may be required by applicable state law; (3) a credit monitoring service as may be required by applicable state ( or federal) law; (4) a website or a toll-free number and call center for affected individuals as may be required by applicable state law; and ( 5) all corrective actions based on root cause. In the case of a breach originating from ECAT or Eagle County, Consultant will provide reasonable assistance to ECAT or Eagle County for identification and resolution, but ECAT or Eagle County will have sole responsibility for any remediation actions, costs and expenses necessary as a result of the Data Breach. DocuSign Envelope ID: 6CF4D5A9-1532-4F03-BA28-85B5DC86ABD7