No preview available
HomeMy WebLinkAboutC23-268 Tyler Technologies2023-394498-L2K7Q1 Page 1 Quoted By:Erin Walker Quote Expiration:9/16/23 Quote Name: Eagle County, CO - Remote Server Migration Services Sales Quotation For: Eagle County 500 N. Broadway Eagle, CO 81631 Phone: +1 (970) 328-8600 Professional Services Description Extended Price Maintenance Records Management Remote Server Migration Services Total Hours 1 TOTAL $ 3,600 $ 0 DocuSign Envelope ID: 8099FDAD-71D5-4300-AEE0-37429DF5A75B 2023-394498-L2K7Q1 Page 2 Summary One Time Fees Recurring Fees Total Tyler Software $ 0 $ 0 Total Annual $ 0 $ 0 Total Tyler Services $ 3,600 $ 0 Total Third-Party Hardware, Software, Services $ 0 $ 0 Summary Total $ 3,600 $ 0 Contract Total $ 3,600 Comments Client agrees that items in this sales quotation are, upon Client's signature or approval of same, hereby added to the existing agreement ("Agreement") between the parties and subject to its terms. Additionally, payment for said items, as applicable but subject to any listed assumptions herein, shall conform to the following terms: • License fees for Tyler and third party software are invoiced upon the earlier of (i) deliver of the license key or (ii) when Tyler makes such software available for download by the Client; • Fees for hardware are invoiced upon delivery; • Fees for year one of hardware maintenance are invoiced upon delivery of the hardware; • Annual Maintenance and Support fees, SaaS fees, Hosting fees, and Subscription fees are first payable when Tyler makes the software available for download by the Client (for Maintenance) or on the first day of the month following the date this quotation was signed (for SaaS, Hosting, and Subscription), and any such fees are prorated to align with the applicable term under the Agreement, with renewals invoiced annually thereafter in accord with the Agreement. Unless otherwise indicated in the contract or amendment thereto, pricing for optional items will be held For six (6) months from the Quote date or the Effective Date of the Contract, whichever is later. Date:Customer Approval: Print Name:P.O.#: DocuSign Envelope ID: 8099FDAD-71D5-4300-AEE0-37429DF5A75B 8/14/2023 Jeff Shroll 2023-394498-L2K7Q1 Page 3 • Fees for services included in this sales quotation shall be invoiced as indicated below. o Implementation and other professional services fees shall be invoiced as delivered. o Fixed-fee Business Process Consulting services shall be invoiced 50% upon delivery of the Best Practice Recommendations, by module, and 50% upon delivery of custom desktop procedures, by module. o Fixed-fee conversions are invoiced 50% upon initial delivery of the converted data, by conversion option, and 50% upon Client acceptance to load the converted data into Live/Production environment, by conversion option. Where conversions are quoted as estimated, Tyler will invoice Client the actual services delivered on a time and materials basis. o Except as otherwise provided, other fixed price services are invoiced upon complete delivery of the service. For the avoidance of doubt, where "Project Planning Services" are provided, payment shall be invoiced upon delivery of the Implementation Planning document. Dedicated Project Management services, if any, will be invoiced monthly in arrears, beginning on the first day of the month immediately following initiation of project planning. o If Client has purchased any change management services, those services will be invoiced in accordance with the Agreement. o Notwithstanding anything to the contrary stated above, the following payment terms shall apply to services fees specifically for migrations: Tyler will invoice Client 50% of any Migration Fees listed above upon Client approval of the product suite migration schedule. The remaining 50%, by line item, will be billed upon the go-live of the applicable product suite. Tyler will invoice Client for any Project Management Fees listed above upon the go-live of the first product suite. • Expenses associated with onsite services are invoiced as incurred. • Travel Expenses will be billed as incurred according to Tyler's standard business travel policy. DocuSign Envelope ID: 8099FDAD-71D5-4300-AEE0-37429DF5A75B DocuSign Envelope ID: 8099FDAD-71D5-4300-AEE0-37429DF5A75B EAGLE COUNTY INNOVATION AND TECHNOLOGY DEPARTMENT 3RD Party Remote Access Policy Page 1 Purpose The purpose of this policy is to define standards, expectations, and restrictions for 3rd parties connecting from external hosts to Eagle County’s internal network (ECG Network) via remote access technology. Eagle County’s resources (i.e. corporate data, computer systems, networks, databases, etc.) must be protected from unauthorized use and / or malicious attack that could result in loss of information, damage to critical applications, loss of productivity, and damage to our public image. Therefore, all 3rd party remote access to ECG Network resources must adhere to this policy. Scope This policy applies to account administration and remote access of all 3rd parties, including vendors, contractors, and other agents who require remote access to Eagle County’s data and networks in order to provide their services. Supported Technology Back end remote access technology is centrally managed by Eagle County’s IT Department. In order to access underlying ECG network resources remotely, 3rd parties must be capable of implementing Eagle County’s currently supported remote technology standards. Individual departments are responsible for managing how access to individual front end PC’s using web based tools is handled. Third Party Authorization All 3rd party organizations and their representatives requiring remote access to Eagle County computing resources require authorization by the relevant Eagle County Line of Business (LOB) application owner. Policy and Appropriate Use It is the responsibility of all 3rd parties with remote access to Eagle County computing resources to ensure that due care is exercised with the management of their devices used to connect to Eagle County’s network. It is imperative that any remote access connection used to support Eagle County business systems be utilized appropriately, responsibly, and ethically. Therefore, the following rules surrounding the utilization of 3rd Part Remote Access tools must be observed: I. Third Party Responsibilities a. All remote computer equipment and devices used by 3rd parties for accessing Eagle County systems will institute reasonable security measures. At a minimum, 3rd party source devices used to access Eagle County systems should be properly secured with: i. Unique strong passwords. ii. Have current antivirus software. iii. Ensure operating systems are patched and up to date. DocuSign Envelope ID: 8099FDAD-71D5-4300-AEE0-37429DF5A75B EAGLE COUNTY INNOVATION AND TECHNOLOGY DEPARTMENT 3RD Party Remote Access Policy Page 2 b. In no instance should any Eagle County 3rd party provide their individual login credentials to anyone, including their co-workers or Eagle County staff. c. Third parties are responsible for immediately advising Eagle County’s IT Department to revoke remote access privileges upon the termination of any third party staff member with Eagle County login credentials. d. Third parties are prohibited from introducing changes to Eagle County systems availability, application data, software configuration, hardware configuration, network configuration, security permissions and accounts, or underlying data without the explicit approval of the relevant Eagle County LOB application system owner and the Eagle County IT Department. e. At no time should any Eagle County 3rd party download, share, or distribute Eagle County data without the explicit authorization of the relevant Eagle County LOB application system owner. f. Any software support tools installed by a 3rd Party on the ECG Network should be documented and communicated to the Eagle County IT Department. This includes remote access software, backdoors, and any tools used for administering Eagle County system resources. All 3 rd party software installed on Eagle County systems should be legally obtained and have proper licensing g. Standard proactive business application software maintenance upgrade requirements should be coordinated and scheduled well in advance with the Eagle County IT Department. All configuration changes made to Eagle County environment should be documented and tracked. II. Line of Business Owner Responsibilities For their respective Line of Business software applications. LOB owners are responsible for the following: a. Approval of all 3rd party remote support accounts allowing access to the ECG Network. b. Approval of all 3rd party support instances to allow remote access to the ECG Network. c. Approval of all 3rd party recommended LOB software application configuration or data changes, including authorization concerning specific times / dates that changes can be applied (including potential system down time). Additional authorization is required by Eagle County IT Department prior to change implementation. d. Approval authorizing software maintenance upgrades to be applied, including authorization concerning specific times / dates that changes can be implemented (including potential system down time). Additional authorization is required by Eagle County IT Department prior to change implementation. e. LOB owners are exclusively responsible for account provisioning and scope of access privileges granted within their specific software applications. This includes both internal users as well as 3 rd party access. LOB owners are responsible for any software application data changes a 3rd party may introduce during a remote connection of any form. III. Eagle County IT Department Administrative Responsibilities DocuSign Envelope ID: 8099FDAD-71D5-4300-AEE0-37429DF5A75B EAGLE COUNTY INNOVATION AND TECHNOLOGY DEPARTMENT 3RD Party Remote Access Policy Page 3 a. Third party remote access authorization will be enforced through the establishment of: i. Separate individual login accounts and passwords for each individual 3rd party representative accessing Eagle County systems. Referenced passwords will periodically be required to be changed consistent with policy regarding internal Eagle County network accounts. ii. A multi-factor authentication mechanism will be established that all 3rd parties will be required to use in order to authenticate. iii. Temporary enablement of 3rd party remote access login account and compulsory account disablement upon conclusion of relevant support instance. iv. The use of generic accounts for accessing, troubleshooting, or implementing changes to Eagle County business systems is strictly prohibited. This includes local account access to operating systems and databases. b. Each support instance requiring 3rd party remote access will require approval of the relevant Eagle County LOB application owner. c. Appropriate controls shall be instituted to ensure that 3rd party access is limited within the ECG network to only those resources that the 3rd party is responsible for supporting. d. Third party remote access is primarily for troubleshooting purposes, with default access permissions being limited to read only privileges. Standard third party accounts should be configured in such a manner prohibiting changes to Eagle County systems availability, application data, software configuration, hardware configuration, network configuration, security permissions and accounts, or underlying data. e. Separate 3rd party login credentials shall be established for situations requiring elevated permissions. All changes require the explicit prior approval of the relevant Eagle County LOB application system owner and the Eagle County IT Department. f. Any 3rd party changes that are introduced to Eagle County’s business applications, underlying operating platform, or network must be documented following guidelines agreed upon by the Eagle County IT Department and the 3rd party. g. Database backups are required prior to executing any direct insert, update, or delete SQL statements against a production database. h. Third party remote user access and/or connection to Eagle County’s networks will be logged and monitored to record dates, times, and duration of access. i. All remote access connections must include a system time-out feature. Remote access sessions will time out and terminate after a pre-defined period of inactivity. Enforcement Failure to comply with the Remote Access Policy and Agreement may result in the suspension of remote access privileges and possible termination of 3rd party support agreement. Exceptions DocuSign Envelope ID: 8099FDAD-71D5-4300-AEE0-37429DF5A75B EAGLE COUNTY INNOVATION AND TECHNOLOGY DEPARTMENT 3RD Party Remote Access Policy Page 4 Exception to this policy will be considered on a case by case basis. All exceptions to this policy must be approved by the IT Director and maintained on file electronically for future reference. Each Exception Request should include: • Description regarding nature of the non-compliance. • Anticipated length of non-compliance (1-year maximum). • Proposed plan for managing the risk associated with non-compliance (alternative mitigating control). • Proposed future review date to evaluate progress toward compliance. • Signature of the IT Director. Revision History Version Date of Change Responsible Party Summary of Change 1.0 09/03/2015 Scott Lingle Initial Policy DocuSign Envelope ID: 8099FDAD-71D5-4300-AEE0-37429DF5A75B