Embed Size (px)
Citation preview
STATE OF MICHIGANENTERPRISE PROCUREMENTDepartment of Technology, Management, and Budget525 W. ALLEGAN ST., LANSING, MICHIGAN 48913P.O. BOX 30026 LANSING, MICHIGAN 48909
CONTRACT CHANGE NOTICE
Change Notice Number 1
to071B7700198Contract Number
$2,172,160.00
August 22, 2017 August 21, 2019
INDEPENDENT VALIDATION AND VERIFICATION
August 21, 2019
INITIAL AVAILABLE OPTIONS EXPIRATION DATE BEFORE CHANGE(S) NOTED BELOW
3 - 1 Year
PAYMENT TERMS DELIVERY TIMEFRAME
ALTERNATE PAYMENT OPTIONS EXTENDED PURCHASING
☐ P-Card ☐ Direct Voucher (DV) ☐ Other ☐ Yes ☒ NoMINIMUM DELIVERY REQUIREMENTS
DESCRIPTION OF CHANGE NOTICEOPTION LENGTH OF OPTION EXTENSION LENGTH OF EXTENSION REVISED EXP. DATE
☐ ☐ August 21, 2019
CURRENT VALUE VALUE OF CHANGE NOTICE ESTIMATED AGGREGATE CONTRACT VALUE
$0.00 $2,172,160.00
Effective 2/23/2018, the Senior Business Architect has been changed to Kate Cochran, the State Executive sponsor has been changed to David Devries, and the Contract Administrator has been changed to Marcy Sims.
Nicole Fitzpatrick
Marcy Sims
Michael Cooney
Chicago, IL 60601
CSG Government Solutions
*******0867
312-423-2107
180 N Stetson Ave.
(517) 284-7016
STATE
Pro
gra
m
Manager
Contra
ct
Adm
inistra
tor
CO
NTRACTO
R
DOS
517-636-0231
INITIAL EXPIRATION DATEINITIAL EFFECTIVE DATE
DTMB
DESCRIPTION
CONTRACT SUMMARY
NOTICE OF CONTRACT
NOTICE OF CONTRACT NO. 071B7700198 . between
THE STATE OF MICHIGAN and
CO
NT
RA
CT
OR
CSG Government Solutions
ST
AT
E
Pro
gram
M
anag
er Nicole Fitzpatrick MDOS
180 N Stetson Ave, Suite 3200 517-636-0231
Chicago, IL 60601 [email protected]
Michael Cooney
Co
ntra
ct
Adm
inis
trat
or Timothy Taylor DTMB
312-423-2107 517-284-7006
[email protected] [email protected]
0867
Contract SUMMARY
DESCRIPTION: Independent Validation and Verification
INITIAL EFFECTIVE DATE INITIAL EXPIRATION DATE
INITIAL AVAILABLE OPTIONS
EXPIRATION DATE BEFORE CHANGE(S) NOTED BELOW
8/22/2017 8/21/2019 3 - 1 year PAYMENT TERMS DELIVERY TIMEFRAME
Net 45 NA
ALTERNATE PAYMENT OPTIONS EXTENDED PURCHASING
☐ P-card ☐ Direct Voucher (DV) ☐ Other ☐ Yes ☒ No MINIMUM DELIVERY REQUIREMENTS
NA MISCELLANEOUS INFORMATION This Contract establishes an on-site Independent Validation and Verification (IV&V) team for review and audit of the Legacy Modernization Project for the State of Michigan (Contract 071B7700121) in accordance with the attached specifications, terms and conditions. The availability of FAST resources for the purpose of this Contract are stated in Contract 071B7700121 per Section C. Other Roles and Responsibilities.
ESTIMATED Contract VALUE AT TIME OF EXECUTION $2,172,160.00
STATE OF MICHIGAN ENTERPRISE PROCUREMENT Department of Technology Management and Budget 525 W. Allegan St. Lansing, Michigan 48913 P.0. Box 30026 Lansing, Michigan 48909
Revised 5/03/2016
Contract NO. 071B7700198
FOR THE CONTRACTOR: CSG Government Solutions Company Name
Authorized Agent Signature
Mike Cooney, Chief Operating Officer Authorized Agent (Print or Type)
Date
FOR THE STATE: Signature
Name & Title
Agency
Date
Revised 5/03/2016
This IT Professional Services Contract (the “Contract”) is agreed to between the State of Michigan (the “State”) and CSG Government Solutions (“Contractor”), a Illinois S-Corporation. This Contract is effective on August 22, 2017 (“Effective Date”), and unless terminated, expires on August 21, 2019 (the “Term”).
This Contract is initially for a 2 year period and may be renewed for up to three (3) additional one (1) year periods. Renewal must be by written notice from the State and will automatically extend the Term of this Contract.
The parties agree as follows:
1. Definitions. For the purposes of this Contract, the following terms have the following meanings:
“Business Day” means a day other than a Saturday, Sunday or other day on which the State is authorized or required by Law to be closed for business.
“Confidential Information” has the meaning set forth in Section 10.d.
“Contract” has the meaning set forth in the preamble.
“Contract Administrator” is the individual appointed by each party to (a) administer the terms of this Contract, and (b) approve any Change Notices under this Contract. Each party’s Contract Administrator will be identified in Section 6.
“Contractor” has the meaning set forth in the preamble.
“Contractor personnel” means all employees of Contractor or any Subcontractors involved in the performance of Services and creation of Deliverables under this Contract.
“Deliverables” means documentation, reports, and all other materials that Contractor or any Subcontractor is required to or otherwise does provide to the State under this Contract and otherwise in connection with any Services, including all items specifically identified as Deliverables in an individual Statement of Work.
“Effective Date” has the meaning set forth in the preamble.
“Financial Audit Period” has the meaning set forth in Section 24.
STATE OF MICHIGAN
IT PROFESSIONAL SERVICES
Contract TERMS
Revised 5/03/2016
“Key Personnel” means any Contractor Personnel identified as key personnel in this Contract or an individual Statement of Work.
“PHI” has the meaning set forth in Section 10.a.
“PII” has the meaning set forth in Section 10.a.
“Services” means any of the services Contractor, or any Subcontractor, is required to or otherwise does provide under this Contract, or an individual Statement of Work.
“State” has the meaning set forth in the preamble.
“State Data” has the meaning set forth in Section 10.a.
“State Review Period” has the meaning set forth in Section 12.
“Statement of Work” means the statement of work attached as Schedule A to this Contract.
“Stop Work Order” has the meaning set forth in Section 14Error! Reference source not found..
“Subcontractor” has the meaning set forth in Section 4.f.
“Transition Responsibilities” has the meaning set forth in Section 17.
“Unauthorized Removal” has the meaning set forth in Section 4.e.ii.
“Unauthorized Removal Credit” has the meaning set forth in Section 4.e.iii.
2. Statement of Work. Contractor shall provide the Services and Deliverables pursuant to the Statement of Work. The terms and conditions of this Contract will apply at all times to the Statement of Work. The State shall have the right to terminate the Statement of Work as set forth in Sections 15 and 16 of this Contract.
3. Statements of Work Requirements. Each Statement of Work will include the following: a. A detailed description of the Services to be provided by Contractor; b. A detailed description of the Deliverables to be developed or otherwise provided by
Contractor, including any required milestone dates associated with such Deliverable; c. Fees payable under the Statement of Work, the manner in which such Fees will be
calculated, the due dates for payment and any invoicing requirements, including any milestones on which any such Fees are conditioned, and such other information as the parties deem necessary; and
d. A detailed description of all state resources required to complete the Services and Deliverables set forth in the Statement of Work.
4. Performance of Services.
a. Performance Warranty. Contractor represents and warrants that its Services hereunder shall be performed by competent personnel and shall be of professional quality consistent with generally accepted industry standards for the performance of such services and shall comply in all respects with the requirements of this Contract and the specifications set forth in the applicable Statement of Work. For
Revised 5/03/2016
any breach of this warranty, the State may, at its option, either terminate a Statement of Work immediately pursuant to the termination provision herein, or require Contractor to provide replacement personnel satisfactory to the State within thirty (30) calendar days of Contractor’s receipt of notification from the State. Whether or not the departing Contractor personnel are to continue working while Contractor attempts to find replacement personnel is at the sole discretion of the State. If Contractor is notified within the first eight (8) hours of assignment that the person is unsatisfactory, Contractor will not charge the State for those hours; otherwise, the State shall pay for all actual hours worked prior to the State’s notification of a replacement request to Contractor.
b. State Standards
i. The Contractor must adhere to all existing standards as described within the comprehensive listing of the State’s existing technology standards at http://www.michigan.gov/dmb/0,4568,7-150-56355-108233--,00.html
ii. To the extent that Contractor has access to the State’s computer system, Contractor must comply with the State’s Acceptable Use Policy, see http://michigan.gov/cybersecurity/0,1607,7-217-34395_34476---,00.html. All Contractor personnel will be required, in writing, to agree to the State’s Acceptable Use Policy before accessing the State’s system. The State reserves the right to terminate Contractor’s access to the State’s system if a violation occurs.
c. Contractor Personnel
i. Contractor is solely responsible for all Contractor personnel and for the payment of their compensation, including, if applicable, withholding of income taxes, and the payment and withholding of social security and other payroll taxes, unemployment insurance, workers’ compensation insurance payments and disability benefits.
ii. Prior to any Contractor personnel performing any Services, Contractor will:
1. ensure that such Contractor personnel have the legal right to work in the United States; and
2. require such Contractor personnel to execute written agreements, in form and substance acceptable to the State, that bind such Contractor personnel to confidentiality provisions that are at least as protective of the State’s information (including all Confidential Information) as those contained in this Contract.
iii. Contractor and all Contractor Personnel will comply with all rules, regulations, and policies of the State that are communicated to Contractor in writing, including security procedures concerning systems and data and remote access, building security procedures, including the restriction of access by the State to certain areas of its premises or systems, and general health and safety practices and procedures.
iv. The State reserves the right to require the removal of any Contractor Personnel found, in the judgment of the State, to be unacceptable. The
Revised 5/03/2016
State’s request must be written with reasonable detail outlining the reasons for the removal request. Replacement personnel for the removed person must be fully qualified for the position. If the State exercises this right, and Contractor cannot immediately replace the removed personnel, the State agrees to negotiate an equitable adjustment in schedule or other terms that may be affected by the State’s required removal.
d. Background Checks. Upon request, Contractor must perform background checks on
all employees and subcontractors and its employees prior to their assignment. The scope is at the discretion of the State and documentation must be provided as requested. Contractor is responsible for all costs associated with the requested background checks. The State, in its sole discretion, may also perform background checks.
e. Contractor’s Key Personnel
i. The State has the right to recommend and approve in writing the initial assignment, as well as any proposed reassignment or replacement, of any Key Personnel. Before assigning an individual to any Key Personnel position, Contractor will notify the State of the proposed assignment, introduce the individual to the State’s Project Manager, and provide the State with a resume and any other information about the individual reasonably requested by the State. The State reserves the right to interview the individual before granting written approval. In the event the State finds a proposed individual unacceptable, the State will provide a written explanation including reasonable detail outlining the reasons for the rejection.
ii. Contractor will not remove any Key Personnel from their assigned roles on this Contract without the prior written consent of the State. The Contractor’s removal of Key Personnel without the prior written consent of the State is an unauthorized removal (“Unauthorized Removal”). An Unauthorized Removal does not include replacing Key Personnel for reasons beyond the reasonable control of Contractor, including illness, disability, leave of absence, personal emergency circumstances, resignation, or for cause termination of the Key Personnel’s employment. Any Unauthorized Removal may be considered by the State to be a material breach of this Contract, in respect of which the State may elect to terminate this Contract for cause under Section 15.
iii. It is further acknowledged that an Unauthorized Removal will interfere with the timely and proper completion of this Contract, to the loss and damage of the State, and that it would be impracticable and extremely difficult to fix the actual damage sustained by the State as a result of any Unauthorized Removal. Therefore, Contractor and the State agree that in the case of any Unauthorized Removal in respect of which the State does not elect to exercise its rights under Section 15Error! Reference source not found., Contractor will issue to the State the corresponding credits set forth below (each, an “Unauthorized Removal Credit”):
1. For the Unauthorized Removal of any Key Personnel designated in the applicable Statement of Work, the credit amount will be $20,000.00 per individual if Contractor identifies a replacement approved by the State and assigns the replacement to shadow
Revised 5/03/2016
the Key Personnel who is leaving for a period of at least 30 calendar days before the Key Personnel’s removal.
2. If Contractor fails to assign a replacement to shadow the removed Key Personnel for at least 30 calendar days, in addition to the $20,000.00 credit specified above, Contractor will credit the State $1,000 per calendar day for each day of the 30 calendar-day shadow period that the replacement Key Personnel does not shadow the removed Key Personnel, up to $30,000 maximum per individual. The total Unauthorized Removal Credits that may be assessed per Unauthorized Removal and failure to provide 30 calendar days of shadowing will not exceed $50,000.00 per individual.
iv. Contractor acknowledges and agrees that each of the Unauthorized Removal Credits assessed under Subsection iii above: (i) is a reasonable estimate of and compensation for the anticipated or actual harm to the State that may arise from the Unauthorized Removal, which would be impossible or very difficult to accurately estimate; and (ii) may, at the State’s option, be credited or set off against any Fees or other charges payable to Contractor under this Contract.
f. Subcontractors. Contractor will not, without the prior written approval of the State,
which consent may be given or withheld in the State’s sole discretion, engage any third party to perform Services (including to create any Deliverables). The State’s approval of any such third party (each approved third party, a “Subcontractor”) does not relieve Contractor of its representations, warranties or obligations under this Contract. Without limiting the foregoing, Contractor will:
i. be responsible and liable for the acts and omissions of each such Subcontractor (including such Subcontractor's employees who, to the extent providing Services or creating Deliverables, shall be deemed Contractor personnel) to the same extent as if such acts or omissions were by Contractor or its employees;
ii. name the State a third party beneficiary under Contractor’s contract with each Subcontractor with respect to the Services and Deliverables;
iii. be responsible for all fees and expenses payable to, by or on behalf of each Subcontractor in connection with this Contract, including, if applicable, withholding of income taxes, and the payment and withholding of social security and other payroll taxes, unemployment insurance, workers' compensation insurance payments and disability benefits; and
iv. prior to the provision of Services or creation of Deliverables by any Subcontractor, if requested by the State:
1. obtain from such Subcontractor confidentiality, work-for-hire and intellectual property rights assignment agreements, in form and substance acceptable by the State, giving the State rights consistent with those set forth in Section 9 and, upon request, provide the State with a fully-executed copy of each such contract; and
Revised 5/03/2016
2. with respect to all Subcontractor employees providing Services or Deliverables, comply with its obligations under subsection c above.
5. Notices. All notices and other communications required or permitted under this Contract must
be in writing and will be considered given and received: (a) when verified by written receipt if sent by courier; (b) when actually received if sent by mail without verification of receipt; or (c) when verified by automated receipt or electronic logs if sent by facsimile or email.
If to State: If to Contractor:
DTMB Procurement
Constitution Hall
525 W. Allegan St. 1st FL. NE PO box 30026
Lansing, MI 48909-7526
Email: [email protected]
Attention: Timothy Taylor
517-284-7006
180 N Stetson Ave, Suite 3200
Chicago, IL 60601
Email: [email protected]
Attention: Michael Cooney
312-423-2107
6. Contract Administrators. The Contract Administrator for each party is the only person authorized to modify any terms and conditions of this Contract and are identified below:
State: Contractor:
DTMB Procurement
Constitution Hall
525 W. Allegan St. 1st FL. NE PO box 30026
Lansing, MI 48909-7526
Email: [email protected]
Attention: Timothy Taylor
517-284-7006
180 N Stetson Ave, Suite 3200
Chicago, IL 60601
Email: [email protected]
Attention: Michael Cooney
312-423-2107
7. Insurance Requirements. Contractor must maintain the insurances identified below and is
responsible for all deductibles. All required insurance must: (a) protect the State from claims that may arise out of, are alleged to arise out of, or result from Contractor's or a subcontractor's performance; (b) be primary and non-contributing to any comparable liability insurance
Revised 5/03/2016
(including self-insurance) carried by the State; and (c) be provided by an company with an A.M. Best rating of "A" or better and a financial size of VII or better.
Insurance Type Additional Requirements
Commercial General Liability Insurance
Minimal Limits:
$1,000,000 Each Occurrence Limit
$1,000,000 Personal & Advertising Injury Limit $2,000,000 General Aggregate Limit
$2,000,000 Products/Completed Operations
Deductible Maximum:
$50,000 Each Occurrence
Contractor must have their policy endorsed to add “the State of Michigan, its departments, divisions, agencies, offices, commissions, officers, employees, and agents” as additional insureds using endorsement CG 20 10 11 85, or both CG 2010 07 04 and CG 2037 07 0.
Umbrella or Excess Liability Insurance
Minimal Limits:
$5,000,000 General Aggregate
Contractor must have their policy endorsed to add “the State of Michigan, its departments, divisions, agencies, offices, commissions, officers, employees, and agents” as additional insureds.
Automobile Liability Insurance
Minimal Limits:
$1,000,000 Per Occurrence
Workers' Compensation Insurance
Minimal Limits:
Coverage according to applicable laws governing work activities.
Waiver of subrogation, except where waiver is prohibited by law.
Privacy and Security Liability (Cyber Liability) Insurance
Revised 5/03/2016
Minimal Limits:
$1,000,000 Each Occurrence
$1,000,000 Annual Aggregate
Contractor must have their policy: (1) endorsed to add “the State of Michigan, its departments, divisions, agencies, offices, commissions, officers, employees, and agents” as additional insureds; and (2) cover information security and privacy liability, privacy notification costs, regulatory defense and penalties, and website media content liability.
Professional Liability (Errors and Omissions) Insurance
Minimal Limits:
$3,000,000 Each Occurrence
$3,000,000 Annual Aggregate
Deductible Maximum:
$50,000 Per Loss
If any of the required policies provide claim-made coverage, the Contractor must: (a) provide coverage with a retroactive date before the effective date of the contract or the beginning of Services; (b) maintain coverage and provide evidence of coverage for at least three (3) years after completion of the Services; and (c) if coverage is canceled or not renewed, and not replaced with another claims-made policy form with a retroactive date prior to the contract effective date, Contractor must purchase extended reporting coverage for a minimum of three (3) years after completion of work.
Contractor must: (a) provide insurance certificates to the Contract Administrator, containing the agreement or purchase order number, at Contract formation and within 20 calendar days of the expiration date of the applicable policies; (b) require that subcontractors maintain the required insurances contained in this Section; (c) notify the Contract Administrator within 5 Business Days if any insurance is cancelled; and (d) waive all rights against the State for damages covered by insurance. Failure to maintain the required insurance does not limit this waiver.
This Section is not intended to and is not be construed in any manner as waiving, restricting or limiting the liability of either party for any obligations under this Contract (including any provisions hereof requiring Contractor to indemnify, defend and hold harmless the State).
8. Independent Contractor. Contractor is an independent contractor and assumes all rights, obligations and liabilities set forth in this Contract. Contractor, its employees, and agents will
Revised 5/03/2016
not be considered employees of the State. No partnership or joint venture relationship is created by virtue of this Contract. Contractor, and not the State, is responsible for the payment of wages, benefits and taxes of Contractor’s employees and any subcontractors. Prior performance does not modify Contractor’s status as an independent contractor.
9. Intellectual Property Rights. Contractor hereby acknowledges that the State is and will be
the sole and exclusive owner of all right, title, and interest in the Services and Deliverables and all associated intellectual property rights, if any. Such Services and Deliverables are works made for hire as defined in Section 101 of the Copyright Act of 1976. To the extent any Services and Deliverables and related intellectual property do not qualify as works made for hire under the Copyright Act, Contractor will, and hereby does, immediately on its creation, assign, transfer and otherwise convey to the State, irrevocably and in perpetuity, throughout the universe, all right, title and interest in and to the Services and Deliverables, including all intellectual property rights therein.
10. Assignment. Contractor may not assign this Contract to any other party without the prior written approval of the State. Upon notice to Contractor, the State, in its sole discretion, may assign in whole or in part, its rights or responsibilities under this Contract to any other party.
11. Change of Control. Contractor will notify, at least 90 calendar days before the effective date, the State of a change in Contractor’s organizational structure or ownership. For purposes of this Contract, a change in control means any of the following: (a) a sale of more than 50% of Contractor’s stock; (b) a sale of substantially all of Contractor’s assets; (c) a change in a majority of Contractor’s board members; (d) consummation of a merger or consolidation of Contractor with any other entity; (e) a change in ownership through a transaction or series of transactions; (f) or the board (or the stockholders) approves a plan of complete liquidation. A change of control does not include any consolidation or merger effected exclusively to change the domicile of Contractor, or any transaction or series of transactions principally for bona fide equity financing purposes. In the event of a change of control, Contractor must require the successor to assume this Contract and all of its obligations under this Contract.
12. Acceptance. Unless otherwise provided in the applicable Statement of Work, this Section shall control acceptance of all Services and Deliverables. Services and Deliverables are subject to inspection and testing by the State within 15 Business Days of the State’s receipt of them (“State Review Period”). If the Services and Deliverables are not fully accepted by the State, the State will notify Contractor by the end of the State Review Period that either: (a) the Services or Deliverables are accepted, but noted deficiencies must be corrected; or (b) the Services or Deliverables are rejected. If the State finds material deficiencies, it may: (i) reject the Services or Deliverables without performing any further inspections; (ii) demand performance at no additional cost; or (iii) terminate the Statement of Work in accordance with Section 15, Termination for Cause.
Within 10 Business Days from the date of Contractor’s receipt of notification of acceptance with deficiencies or rejection of any Services or Deliverables, Contractor must cure, at no additional cost, the deficiency and deliver acceptable Services or Deliverables to the State. If acceptance with deficiencies or rejection of the Services or Deliverables impacts the content or delivery of other non-completed Services or Deliverables, the parties’ must determine an agreed to number of days for re-submission that minimizes the overall impact to the Contract. However, nothing herein affects, alters, or relieves Contractor of its obligations to correct deficiencies in accordance with the time response standards set forth in this Contract.
If Contractor is unable or refuses to correct the deficiency within the time response standards set forth in this Contract, the State may cancel the Statement of Work in whole or in part. The State, or a third party identified by the State, may perform the Services and recover the
Revised 5/03/2016
difference between the cost to cure and the Contract price plus an additional 10% administrative fee.
13. Terms of Payment. Invoices must conform to the requirements set forth in a Statement of Work. All undisputed amounts are payable within 45 days of the State’s receipt. Contractor may only charge for Services and Deliverables performed as specified in the Statement of Work. Invoices must include an itemized statement of all charges. The State is exempt from State sales tax for direct purchases and may be exempt from federal excise tax, if Services and Deliverables purchased under this Contract are for the State’s exclusive use. Notwithstanding the foregoing, all prices are inclusive of taxes, and Contractor is responsible for all sales, use and excise taxes, and any other similar taxes, duties and charges of any kind imposed by any federal, state, or local governmental entity on any amounts payable by the State under this Contract.
The State has the right to withhold payment of any disputed amounts until the parties agree as to the validity of the disputed amount. The State will notify Contractor of any dispute within a reasonable time. Payment by the State will not constitute a waiver of any rights as to Contractor’s continuing obligations, including claims for deficiencies or substandard Services or Deliverables. Contractor’s acceptance of final payment by the State constitutes a waiver of all claims by Contractor against the State for payment under this Contract, other than those claims previously filed in writing on a timely basis and still disputed.
The State will only disburse payments under this Contract through Electronic Funds Transfer (EFT). Contractor must register with the State at http://www.michigan.gov/cpexpress to receive electronic fund transfer payments. If Contractor does not register, the State is not liable for failure to provide payment.
Without prejudice to any other right or remedy it may have, the State reserves the right to set off at any time any amount then due and owing to it by Contractor against any amount payable by the State to Contractor under this Contract.
14. Stop Work Order. The State may suspend any or all activities under at a Statement of Work
at any time. The State will provide Contractor a written stop work order detailing the suspension (a “Stop Work Order”). Contractor must comply with the Stop Work Order upon receipt. Within 90 calendar days, or any longer period agreed to by Contractor, the State will either: (a) issue a notice authorizing Contractor to resume work, or (b) terminate the Statement of Work. The State will not pay for Services or Deliverables, Contractor’s lost profits, or any additional compensation during a stop work period.
15. Termination for Cause. The State may terminate this Contract, in whole or in part (including
individuals Statements of Work), if Contractor, as determined by the State: (a) endangers the value, integrity, or security of any State location, data, or personnel; (b) becomes insolvent, petitions for bankruptcy court proceedings, or has an involuntary bankruptcy proceeding filed against it by any creditor; (c) engages in any conduct that may expose the State to liability; (d) breaches any of its material duties or obligations under this Contract or a Statement of Work; or (e) fails to cure a breach within the time stated in a notice of breach. Any reference to specific breaches being material breaches within this Contract will not be construed to mean that other breaches are not material.
If the State terminates this Contract under this Section, the State will issue a termination notice specifying whether Contractor must: (a) cease performance immediately, or (b) continue to perform for a specified period. If it is later determined that Contractor was not in breach of the
Revised 5/03/2016
Contract, the termination will be deemed to have been a Termination for Convenience, effective as of the same date, and the rights and obligations of the parties will be limited to those provided in Section 16, Termination for Convenience.
The State will only pay for amounts due to Contractor for Services and Deliverables accepted by the State on or before the date of termination, subject to the State’s right to set off any amounts owed by the Contractor for the State’s reasonable costs in terminating this Contract. The Contractor must pay all reasonable costs incurred by the State in terminating this Contract for cause, including administrative costs, attorneys’ fees, court costs, transition costs, and any costs the State incurs to procure the Services and Deliverables from other sources.
16. Termination for Convenience. The State may immediately terminate this Contract, in whole or in part (including individual Statement of Work), without penalty and for any reason, including but not limited to, appropriation or budget shortfalls. The termination notice will specify whether Contractor must: (a) cease performance of the Services immediately, or (b) continue to perform the Services in accordance with Section 17, Transition Responsibilities. If the State terminates this Contract for convenience, the State will pay all reasonable costs, as determined by the State, for State approved Transition Responsibilities.
17. Transition Responsibilities. Upon termination or expiration of this Contract for any reason, Contractor must, for a period of time specified by the State (not to exceed 90 calendar days), provide all reasonable transition assistance requested by the State, to allow for the expired or terminated portion of the Services to continue without interruption or adverse effect, and to facilitate the orderly transfer of such Services to the State or its designees. Such transition assistance may include, but is not limited to: (a) continuing to perform the Services at the established Contract rates; (b) taking all reasonable and necessary measures to transition performance of the work, including all applicable Services, training, reports and other documentation, to the State or the State’s designee; (c) taking all necessary and appropriate steps, or such other action as the State may direct, to preserve, maintain, protect, or return to the State all materials, data, property, and confidential information provided directly or indirectly to Contractor by any entity, agent, vendor, or employee of the State; (d) transferring title in and delivering to the State, at the State’s discretion, all completed or partially completed Deliverables prepared under this Contract as of the Contract termination date; and (e) preparing an accurate accounting from which the State and Contractor may reconcile all outstanding accounts (collectively, “Transition Responsibilities”). This Contract will automatically be extended through the end of the transition period.
18. General Indemnification. Contractor must defend, indemnify and hold the State, its departments, divisions, agencies, offices, commissions, officers, and employees harmless, without limitation, from and against any and all actions, claims, losses, liabilities, damages, costs, attorney fees, and expenses (including those required to establish the right to indemnification), arising out of or relating to: (a) any breach by Contractor (or any of Contractor’s employees, agents, subcontractors, or by anyone else for whose acts any of them may be liable) of any of the promises, agreements, representations, warranties, or insurance requirements contained in this Contract; (b) any infringement, misappropriation, or other violation of any intellectual property right or other right of any third party; (c) any bodily injury, death, or damage to real or tangible personal property occurring wholly or in part due to action or inaction by Contractor (or any of Contractor’s employees, agents, subcontractors, or by anyone else for whose acts any of them may be liable); and (d) any negligent, or allegedly negligent acts or omissions of Contractor (or any of Contractor’s employees, agents, subcontractors, or by anyone else for whose acts any of them may be liable).
Revised 5/03/2016
The State will notify Contractor in writing if indemnification is sought; however, failure to do so will not relieve Contractor, except to the extent that Contractor is materially prejudiced. Contractor must, to the satisfaction of the State, demonstrate its financial ability to carry out these obligations.
The State is entitled to: (i) regular updates on proceeding status; (ii) participate in the defense of the proceeding; and (iii) employ its own counsel. Contractor will not, without the State’s written consent (not to be unreasonably withheld), settle, compromise, or consent to the entry of any judgment in or otherwise seek to terminate any claim, action, or proceeding. To the extent that any State employee, official, or law may be involved or challenged, the State may, at its own expense, control the defense of that portion of the claim.
Any litigation activity on behalf of the State, or any of its subdivisions under this Section, must be coordinated with the Department of Attorney General. An attorney designated to represent the State may not do so until approved by the Michigan Attorney General and appointed as a Special Assistant Attorney General.
19. Infringement Remedies. If, in either party’s opinion, any of the Services or Deliverables supplied by Contractor or its subcontractors, or its operation, use or reproduction, is likely to become the subject of a copyright, patent, trademark, or trade secret infringement claim, Contractor must, at its expense: (a) procure for the State the right to continue using the Services or Deliverables, or if this option is not reasonably available to Contractor, (b) replace or modify the same so that it becomes non-infringing; or (c) accept its return by the State with appropriate credits to the State against Contractor’s charges and reimburse the State for any losses or costs incurred as a consequence of the State ceasing its use and returning it.
20. Limitation of Liability. THE PARTIES WILL NOT BE LIABLE, REGARDLESS OF THE FORM OF ACTION, WHETHER IN Contract, TORT, NEGLIGENCE, STRICT LIABILITY OR BY STATUTE OR OTHERWISE, FOR ANY CLAIM RELATED TO OR ARISING UNDER THIS Contract FOR CONSEQUENTIAL, INCIDENTAL, INDIRECT, OR SPECIAL DAMAGES, INCLUDING WITHOUT LIMITATION LOST PROFITS AND LOST BUSINESS OPPORTUNITIES. IN NO EVENT WILL THE STATE’S AGGREGATE LIABILITY TO ContractOR UNDER THIS Contract, REGARDLESS OF THE FORM OF ACTION, WHETHER IN Contract, TORT, NEGLIGENCE, STRICT LIABILITY OR BY STATUTE OR OTHERWISE, FOR ANY CLAIM RELATED TO OR ARISING UNDER THIS Contract, EXCEED THE MAXIMUM AMOUNT OF FEES SPECIFIED IN THE APPLICABLE STATEMENT OF WORK.
21. State Data.
a. Ownership. The State’s data (“State Data,” which will be treated by Contractor as Confidential Information) includes the State’s data collected, used, processed, stored, or generated as the result of the Services, including but not limited to (i) personally identifiable information (“PII“) collected, used, processed, stored, or generated as the result of the Services, including, without limitation, any information that identifies an individual, such as an individual’s social security number or other government-issued identification number, date of birth, address, telephone number, biometric data, mother’s maiden name, email address, credit card information, or an individual’s name in combination with any other of the elements here listed; and, (ii) personal health information (“PHI”) collected, used, processed, stored, or generated as the result of the Services, which is defined under the Health Insurance Portability and Accountability Act (HIPAA) and its related rules and regulations. State Data is and will remain the sole and exclusive property of the State and all right, title, and interest in
Revised 5/03/2016
the same is reserved by the State. This Section survives the termination of this Contract.
b. Contractor Use of State Data. Contractor is provided a limited license to State Data for the sole and exclusive purpose of providing the Services, including a license to collect, process, store, generate, and display State Data only to the extent necessary in the provision of the Services. Contractor must: (a) keep and maintain State Data in strict confidence, using such degree of care as is appropriate and consistent with its obligations as further described in this Contract and applicable law to avoid unauthorized access, use, disclosure, or loss; (b) use and disclose State Data solely and exclusively for the purpose of providing the Services, such use and disclosure being in accordance with this Contract, any applicable Statement of Work, and applicable law; and (c) not use, sell, rent, transfer, distribute, or otherwise disclose or make available State Data for Contractor’s own purposes or for the benefit of anyone other than the State without the State’s prior written consent. This Section survives the termination of this Contract.
c. Compromise of State Data. In the event of any act, error or omission, negligence, misconduct, or breach on the part of Contractor that compromises or is suspected to compromise the security, confidentiality, or integrity of State Data or the physical, technical, administrative, or organizational safeguards put in place by Contractor that relate to the protection of the security, confidentiality, or integrity of State Data, Contractor must, as applicable: (a) notify the State as soon as practicable but no later than twenty-four (24) hours of becoming aware of such occurrence; (b) cooperate with the State in investigating the occurrence, including making available all relevant records, logs, files, data reporting, and other materials required to comply with applicable law or as otherwise required by the State; (c) in the case of PII or PHI, at the State’s sole election, (i) with approval and assistance from the State, notify the affected individuals who comprise the PII or PHI as soon as practicable but no later than is required to comply with applicable law, or, in the absence of any legally required notification period, within five (5) calendar days of the occurrence; or (ii) reimburse the State for any costs in notifying the affected individuals; (d) in the case of PII, provide third-party credit and identity monitoring services to each of the affected individuals who comprise the PII for the period required to comply with applicable law, or, in the absence of any legally required monitoring services, for no less than twenty-four (24) months following the date of notification to such individuals; (e) perform or take any other actions required to comply with applicable law as a result of the occurrence; (f) pay for any costs associated with the occurrence, including but not limited to any costs incurred by the State in investigating and resolving the occurrence, including reasonable attorney’s fees associated with such investigation and resolution; (g) without limiting Contractor’s obligations of indemnification as further described in this Contract, indemnify, defend, and hold harmless the State for any and all claims, including reasonable attorneys’ fees, costs, and incidental expenses, which may be suffered by, accrued against, charged to, or recoverable from the State in connection with the occurrence; (g) be responsible for recreating lost State Data in the manner and on the schedule set by the State without charge to the State; and (h) provide to the State a detailed plan within ten (10) calendar days of the occurrence describing the measures Contractor will undertake to prevent a future occurrence. Notification to affected individuals, as described above, must comply with applicable law, be written in plain language, not be tangentially used for any solicitation purposes, and contain, at a minimum: name and contact information of Contractor’s representative; a description of the nature of the loss; a list of the types of data involved; the known or approximate date of the loss; how such loss may affect the affected individual; what steps Contractor has taken to protect the affected individual; what steps the affected individual can take to protect himself or herself; contact information for major credit card reporting agencies; and, information regarding the credit and identity monitoring services to be provided by Contractor. The State will have the option to review and approve any notification sent to affected individuals prior to its delivery. Notification to
Revised 5/03/2016
any other party, including but not limited to public media outlets, must be reviewed and approved by the State in writing prior to its dissemination. This Section survives termination or expiration of this Contract.
22. Non-Disclosure of Confidential Information. The parties acknowledge that each party may be exposed to or acquire communication or data of the other party that is confidential, privileged communication not intended to be disclosed to third parties. The provisions of this Section survive the termination of this Contract.
d. Meaning of Confidential Information. For the purposes of this Contract, the term “Confidential Information” means all information and documentation of a party that: (a) has been marked “confidential” or with words of similar meaning, at the time of disclosure by such party; (b) if disclosed orally or not marked “confidential” or with words of similar meaning, was subsequently summarized in writing by the disclosing party and marked “confidential” or with words of similar meaning; and, (c) should reasonably be recognized as confidential information of the disclosing party. The term “Confidential Information” does not include any information or documentation that was or is: (a) subject to disclosure under the Michigan Freedom of Information Act (FOIA) by the receiving party; (b) already in the possession of the receiving party without an obligation of confidentiality; (c) developed independently by the receiving party, as demonstrated by the receiving party, without violating the disclosing party’s proprietary rights; (d) obtained from a source other than the disclosing party without an obligation of confidentiality; or, (e) publicly available when received, or thereafter became publicly available (other than through any unauthorized disclosure by, through, or on behalf of, the receiving party). For purposes of this Contract, in all cases and for all matters, State Data is deemed to be Confidential Information.
e. Obligation of Confidentiality. The parties agree to hold all Confidential Information in strict confidence and not to copy, reproduce, sell, transfer, or otherwise dispose of, give or disclose such Confidential Information to third parties other than employees, agents, or subcontractors of a party who have a need to know in connection with this Contract or to use such Confidential Information for any purposes whatsoever other than the performance of this Contract. The parties agree to advise and require their respective employees, agents, and subcontractors of their obligations to keep all Confidential Information confidential. Disclosure to a subcontractor is permissible where: (a) use of a subcontractor is authorized under this Contract; (b) the disclosure is necessary or otherwise naturally occurs in connection with work that is within the subcontractor's responsibilities; and (c) Contractor obligates the subcontractor in a written contract to maintain the State's Confidential Information in confidence. At the State's request, any employee of Contractor or any subcontractor may be required to execute a separate agreement to be bound by the provisions of this Section.
f. Cooperation to Prevent Disclosure of Confidential Information. Each party must use its best efforts to assist the other party in identifying and preventing any unauthorized use or disclosure of any Confidential Information. Without limiting the foregoing, each party must advise the other party immediately in the event either party learns or has reason to believe that any person who has had access to Confidential Information has violated or intends to violate the terms of this Contract and each party will cooperate with the other party in seeking injunctive or other equitable relief against any such person.
g. Remedies for Breach of Obligation of Confidentiality. Each party acknowledges that breach of its obligation of confidentiality may give rise to irreparable injury to the other party, which damage may be inadequately compensable in the form of monetary damages. Accordingly, a party may seek and obtain injunctive relief against the breach or threatened breach of the foregoing undertakings, in addition to any other legal remedies which may be available, to include, in the case of the State, at the sole
Revised 5/03/2016
election of the State, the immediate termination, without liability to the State, of this Contract or any Statement of Work corresponding to the breach or threatened breach.
h. Surrender of Confidential Information upon Termination. Upon termination of this Contract or a Statement of Work, in whole or in part, each party must, within 5 calendar days from the date of termination, return to the other party any and all Confidential Information received from the other party, or created or received by a party on behalf of the other party, which are in such party’s possession, custody, or control. Should Contractor or the State determine that the return of any Confidential Information is not feasible, such party must destroy the Confidential Information and must certify the same in writing within 5 calendar days from the date of termination to the other party.
23. Data Privacy and Information Security. Without limiting Contractor’s obligation of confidentiality as further described, Contractor is responsible for establishing and maintaining a data privacy and information security program, including physical, technical, administrative, and organizational safeguards, that is designed to: (a) ensure the security and confidentiality of State Data; (b) protect against any anticipated threats or hazards to the security or integrity of State Data; (c) protect against unauthorized disclosure, access to, or use of State Data; (d) ensure the proper disposal of State Data; and (e) ensure that all employees, agents, and subcontractors of Contractor, if any, comply with all of the foregoing. In no case will the safeguards of Contractor’s data privacy and information security program be less stringent than the safeguards used by the State, and Contractor must at all times comply with all applicable State IT policies and standards, which are available to Contractor upon request.
24. Records Maintenance, Inspection, Examination, and Audit. The State or its designee may audit Contractor to verify compliance with this Contract. Contractor must retain, and provide to the State or its designee and the auditor general upon request, all financial and accounting records related to the Contract through the term of the Contract and for 4 years after the latter of termination, expiration, or final payment under this Contract or any extension (“Financial Audit Period”). If an audit, litigation, or other action involving the records is initiated before the end of the Financial Audit Period, Contractor must retain the records until all issues are resolved.
Within 10 calendar days of providing notice, the State and its authorized representatives or designees have the right to enter and inspect Contractor's premises or any other places where Services are being performed, and examine, copy, and audit all records related to this Contract. Contractor must cooperate and provide reasonable assistance. If any financial errors are revealed, the amount in error must be reflected as a credit or debit on subsequent invoices until the amount is paid or refunded. Any remaining balance at the end of the Contract must be paid or refunded within 45 calendar days.
This Section applies to Contractor, any parent, affiliate, or subsidiary organization of Contractor, and any subcontractor that performs Services in connection with this Contract.
25. Warranties and Representations. Contractor represents and warrants to the State that: (a) It will perform all Services in a professional and workmanlike manner in accordance with best industry standards and practices for similar services, using personnel with the requisite skill, experience and qualifications, and will devote adequate resources to meet its obligations under the applicable Statement of Work; (b) the Services and Deliverables provided by Contractor will not infringe the patent, trademark, copyright, trade secret, or other proprietary rights of any third party; (c) it has the full right, power, and authority to enter into this Contract, to grant the rights granted under this Contract, and to perform its contractual obligations; and (d) all information furnished and representations made in connection with the award of this Contract
Revised 5/03/2016
is true, accurate, and complete, and contains no false statements or omits any fact that would make the information misleading. A breach of this Section is considered a material breach of this Contract, which entitles the State to terminate this Contract under Section 15, Termination for Cause.
26. Conflicts and Ethics. Contractor will uphold high ethical standards and is prohibited from: (a) holding or acquiring an interest that would conflict with this Contract; (b) doing anything that creates an appearance of impropriety with respect to the award or performance of the Contract; (c) attempting to influence or appearing to influence any State employee by the direct or indirect offer of anything of value; or (d) paying or agreeing to pay any person, other than employees and consultants working for Contractor, any consideration contingent upon the award of the Contract. Contractor must immediately notify the State of any violation or potential violation of these standards. This Section applies to Contractor, any parent, affiliate, or subsidiary organization of Contractor, and any subcontractor that performs Services in connection with this Contract.
27. Compliance with Laws. Contractor must comply with all federal, state and local laws, rules and regulations.
28. Nondiscrimination. Under the Elliott-Larsen Civil Rights Act, 1976 PA 453, MCL 37.2101, et
seq., and the Persons with Disabilities Civil Rights Act, 1976 PA 220, MCL 37.1101, et seq., Contractor and its subcontractors agree not to discriminate against an employee or applicant for employment with respect to hire, tenure, terms, conditions, or privileges of employment, or a matter directly or indirectly related to employment, because of race, color, religion, national origin, age, sex, height, weight, marital status, or mental or physical disability. Breach of this covenant is a material breach of this Contract.
29. Unfair Labor Practice. Under MCL 423.324, the State may void any Contract with a Contractor or subcontractor who appears on the Unfair Labor Practice register compiled under MCL 423.322.
30. Governing Law. This Contract is governed, construed, and enforced in accordance with Michigan law, excluding choice-of-law principles, and all claims relating to or arising out of this Contract are governed by Michigan law, excluding choice-of-law principles. Any dispute arising from this Contract must be resolved in Michigan Court of Claims. Contractor consents to venue in Ingham County, and waives any objections, such as lack of personal jurisdiction or forum non conveniens. Contractor must appoint agents in Michigan to receive service of process.
31. Non-Exclusivity. Nothing contained in this Contract is intended nor will be construed as
creating any requirements contract with Contractor. This Contract does not restrict the State or its agencies from acquiring similar, equal, or like Services from other sources.
32. Force Majeure. Neither party will be in breach of this Contract because of any failure arising from any disaster or acts of god that are beyond their control and without their fault or negligence. Each party will use commercially reasonable efforts to resume performance. Contractor will not be relieved of a breach or delay caused by its subcontractors. If immediate performance is necessary to ensure public health and safety, the State may immediately contract with a third party.
33. Dispute Resolution. The parties will endeavor to resolve any Contract dispute in accordance
with this provision. The dispute will be referred to the parties' respective Contract Administrators or Project Managers. Such referral must include a description of the issues and all supporting documentation. The parties must submit the dispute to a senior executive if unable to resolve the dispute within 15 Business Days. The parties will continue performing
Revised 5/03/2016
while a dispute is being resolved, unless the dispute precludes performance. A dispute involving payment does not preclude performance.
Litigation to resolve the dispute will not be instituted until after the dispute has been elevated to the parties’ senior executive and either concludes that resolution is unlikely, or fails to respond within 15 Business Days. The parties are not prohibited from instituting formal proceedings: (a) to avoid the expiration of statute of limitations period; (b) to preserve a superior position with respect to creditors; or (c) where a party makes a determination that a temporary restraining order or other injunctive relief is the only adequate remedy. This Section does not limit the State’s right to terminate the Contract.
34. Media Releases. News releases (including promotional literature and commercial
advertisements) pertaining to the Contract or project to which it relates must not be made without prior written State approval, and then only in accordance with the explicit written instructions of the State.
35. Severability. If any part of this Contract is held invalid or unenforceable, by any court of competent jurisdiction, that part will be deemed deleted from this Contract and the severed part will be replaced by agreed upon language that achieves the same or similar objectives. The remaining Contract will continue in full force and effect.
36. Waiver. Failure to enforce any provision of this Contract will not constitute a waiver.
37. Survival. The provisions of this Contract that impose continuing obligations, including
warranties and representations, termination, transition, insurance coverage, indemnification, and confidentiality, will survive the expiration or termination of this Contract.
38. Entire Agreement. This Contract, including Statements of Work, constitutes the sole and entire agreement of the parties to this Contract with respect to the subject matter contained herein, and supersedes all prior and contemporaneous understandings and agreements, both written and oral, with respect to such subject matter. In the event of any conflict between the terms of this Contract and those of any Statement of Work or other document, the following order of precedence governs: (a) first, this Contract; and (b) second, an individual Statement of Work as of the Effective Date of that Statement of Work. NO TERMS ON ContractOR’S INVOICES, WEBSITE, BROWSE-WRAP, SHRINK-WRAP, CLICK-WRAP OR OTHER NON-NEGOTIATED TERMS AND CONDITIONS PROVIDED WITH ANY OF THE SERVICES, OR DOCUMENTATION HEREUNDER WILL CONSTITUTE A PART OR AMENDMENT OF THIS Contract OR IS BINDING ON THE STATE FOR ANY PURPOSE. ALL SUCH OTHER TERMS AND CONDITIONS HAVE NO FORCE AND EFFECT AND ARE DEEMED REJECTED BY THE STATE, EVEN IF ACCESS TO OR USE OF SUCH SERVICE OR DOCUMENTATION REQUIRES AFFIRMATIVE ACCEPTANCE OF SUCH TERMS AND CONDITIONS.
Revised 5/03/2016
Schedule A-Statement of Work (SOW)
1.000 Project Identification
1.001 Project Request
The purpose of this Contract is to establish an on-site Independent Validation and Verification (IV&V) team for review and audit of the Legacy Modernization Project for the State of Michigan. This work will commence immediately upon execution. Execution of the contract is when the final signature has been obtained.
1.002 Background
In order to better prepare for meeting current and future business demands, MDOS recognized more than a decade ago that a re-engineering of business processes and the accompanying business application support systems was in order.
To that end, the State issued a Contract for the replacement of the legacy driver and vehicle systems, and has entered into a contract with Fast Enterprises, the chosen DDI vendor using Contract #071B7700121 found here http://www.michigan.gov/documents/micontractconnect/7700121_559552_7.pdf.
1.100 Scope of Work and Deliverables
1.101 In Scope
The Contractor shall supply the staff necessary to review and provide Independent Verification and Validation (IV&V) of the Legacy Modernization project. The IV&V Team will report to the State (Department of Technology, Management and Budget (DTMB) and Michigan Department of State (MDOS).
Objectives for the IV&V Team and this Contract include:
1. Read, understand, and demonstrate capability of effectively monitoring the deliverables as outlined in the Legacy Modernization Contract #071B7700121.
2. Provide onsite staff and services for the duration of the IV&V Contract. 3. Provide monitoring of project progress as it relates to the Legacy Modernization
Contract #071B7700121
The State has issued a Legacy Modernization Project Contract #071B7700121 to replace the existing MDOS Legacy systems. This project requires minimal slippage of schedule dates. In order to meet an aggressive schedule and minimize risk to the State, it is important to perform thorough business and technical planning and analysis prior to project initiation and to establish project controls that closely monitors progress and allows for quick identification and resolution of issues post initiation.
Revised 5/03/2016
1.102 Out Of Scope
1. Final decision on technical solution. 2. Delivery of detailed business requirements. 3. Creation of Business Process Descriptions and Visio Work Flows.
1.200 IV&V Tasks and Deliverables
1.201 IV&V Project Management Plan
Within 10 days of the start of the contract, selected vendor must provide to the State of Michigan a Project Plan Document covering the items listed below:
An IV&V project management plan, encompassing their activities, deliverable status reports and recommendations for: - Narrative description of all IV&V deliverables, including expected format, content, and
organization, to be developed and delivered during IV&V reviews. - Schedule including tasks, activities, deliverables, and milestones, showing the
schedule’s critical path - Communication Plan that identifies communication methods for the Awarded
Contractor - Agenda items for Executive Steering Committee updates – (Include proposed format) - Sample Performance Metrics, and process for obtaining such metrics - Deliverables Review process - Tools and Processes for ensuring adequate knowledge transfer for State Staff. - Awarded Contractor staff roles and responsibilities - Methodology for conducting IV&V reviews Processes Tools Sample metrics
- Awarded Contractor equipment and facility needs.
- The Contractor’s project organizational structure with names and titles of personnel assigned to the project. This must be in agreement with staffing of accepted proposal.
Contractor Response
A. Contractor will utilize a Five Level IV&V Event Management model to focus on proactive and predictive IV&V emphasizes risk management via early identification, allowing for risk analysis, planning, and management as illustrated below:
Revised 5/03/2016
B. Contractor will conform to appropriate IV&V life cycle process industry standards and best practices, including: Project Management Institute (PMI®); Institute of Electrical and Electronics Engineers (IEEE®); International Organization for Standardization® (ISO®); National Institute of Standards Technology (NIST®); and CSG REALize℠, a proprietary library of knowledge, methods, and tools built from real-
world experience and industry research.
C. Contractor deploys proprietary TeamCSG℠ tools on a SharePoint®, cloud-based collaboration platform that is supported by an internal technology organization, using a secure project site, dedicated specifically for the MDOS Legacy Modernization project.
1. TeamCSG℠ Risk Assessments provides a range of powerful capabilities and features for a thorough and consistent IV&V effort. It assures a complete identification of project risks, utilizing baseline risk assessment checklists containing more than 300 potential risks across 22 standard risk categories. The table below identifies the standard risk categories.
2. TeamCSG℠ Risk Assessment Model is used to focus prioritization and assessment of the impact of risks to the overall project health. The model provides a risk level assessment indicator for each checklist item
TeamCSG℠ Risk Assessments Standard Risk Categories
1. Business Mission and Goals
2. Data Management
3. Design Specification and Management
4. Development Environment
5. Leadership and Governance
6. Operating Environment
7. Operational Readiness and Support
8. Operations
9. Organizational Change Management
10. Planning Oversight
11. Platform Components
12. Project Management Planning
13. Project Management Processes
14. Project Parameters
15. Project Resources
16. Quality Management
17. Requirements Management
18. Security
19. Software Development
20. System and Acceptance Testing
21. Training
22. User Involvement
Revised 5/03/2016
For each item, the risk assessment model includes the following:
a. Risk Item – the title assigned to the risk.
b. Reporting Levels including Risk Domain, the Standard Category (the assigned risk category selected from the table shown above) and the Standard Sub-Category.
c. Question – a description of the risk, provided in question format to assist the reviewer with targeting the information needed to assess each risk item.
d. Status – status assigned to each risk.
e. Low, Medium, or High Risk Indicator – a description of the checklist item if a low, medium, or high risk is identified depending on the information gathered during the review.
f. Industry Standard – The applicable standard(s) which associate with this item.
3. TeamCSG℠ Risk Assessment Tracking/Reporting provides the ability to capture risks, observations, and recommendations identified as a result of the team’s IV&V assessment efforts.
4. TeamCSG℠ Risk Assessment Tracking/ Reporting enables the IV&V team to report on all project risks, observations, and risk response recommendations.
Real-time IV&V reports including:
a. The Project Performance Matrix Dashboard provides both at-a-glance and detailed insight into the risk status and trends of all MDOS Legacy Modernization project components as monitored by the CSG IV&V team.
b. The Risk Tracking Dashboard reports statistics on the implementation of risk response recommendations. The SG IV&V team categorizes and weighs risks based on potential impact and other factors.
c. Risk Trending by Category reports the progress of effective risk mitigation. It determines progress across reporting periods to report evolving risk trends over the course of the project.
d. Risk History reports detail on the progression of each risk item from one assessment to the next.
e. Observations and Recommendations provides detailed descriptions of IV&V review tasks, observations, recommendations, and a risk rating for each specific item, grouped by category.
5. TeamCSG℠ Artifact Reviews facilitates review and tracking of FAST work products.
6. TeamCSG℠ Project Site is a cloud-based, production-level platform providing 24/7 communication, collaboration, and management capability throughout the company and allows our geographically dispersed work force to be productive at all times.
D. Contractor will provide a final IV&V Project Management Plan including the following components:
IV&V Project Management Plan Components
Overview Project Summary: Provides an overview of the project for context as well as the key elements of IV&V activities.
Objectives: Defines the purpose and objectives of the activities for the project.
Revised 5/03/2016
IV&V Project Management Plan Components
Success Criteria: Describes how the end result of the IV&V Project will be measured as successful, and what terms and conditions for success have been contracted and approved.
Project Scope Scope Statement: Describes the IV&V activities for the MDOS Legacy Modernization Project included in the scope (i.e., major tasks and subtasks) in an outline format. This also includes performance metrics, such as:
Overall risk level from one reporting period to another
Number, percentage, and trend of IV&V identified risks with selected risk response strategy (i.e., mitigate, avoid, transfer, or accept)
Number of risks rated low (green), medium (yellow), or high (red) by response strategy
Number of open items by risk response strategy and risk category
Number of open risk items by weighted risk level and category
Out‐of‐Scope: Defines areas (e.g., phases, deliverables, tasks, etc.) that are specifically not included in the scope of the project.
Project Assumptions and Constraints
Assumptions: Identifies the project assumptions associated with the project and within which the project approach has been established.
Constraints: Identifies the constraints associated with the project and within which the project approach has been established.
Governance Provides a governance chart depicting the project governance structure required for the project.
Project Organization
Project Team: Provides a project team organization chart and identifies the CSG team members assigned to specific project roles.
Stakeholders: Identifies the organizational groups (and corresponding stakeholders) for the project at a high level and the individuals assigned to specific project roles.
Communication Management
Describes CSG’s approach to open communication to help ensure all interested parties are aware of project activities and progress:
Communication Modes: Defines the types of communication needed during the project, including confirming distribution lists, document formats, meeting schedules, and other types of communication standards.
Project Team Directory and Resources: Provides the Project Team Directory and Communication Matrix.
Document Management: Describes the project file naming conventions that will be used.
Key Decisions: Describes activities for tracking key decisions throughout the duration of the project.
Project Work Plan Presents an overview of the project and identifies the detailed planning, including the work breakdown structure, milestones, deliverables, schedule and critical path.
CSG applies disciplined project planning to develop and maintain the IV&V Work Plan using Microsoft® Project. CSG’s Work Plan serves as the basis for communication about the IV&V project’s progress.
Revised 5/03/2016
IV&V Project Management Plan Components
Schedule Management
Ensures CSG maintains the baselined IV&V Work Plan to control the IV&V work. This includes:
IV&V Work Plan Maintenance: Work Plan maintenance is an on‐going activity that tracks the work performed, the timeframes for when the work has been or will be completed, and progress against the work and timeframes. To effectively track project progress, the IV&V Work Plan is kept current and reflects all work that needs to be performed. In general, as CSG approaches the start of a new IV&V review cycle, the CSG Team Manager re‐evaluates the upcoming work and tasks needed with the project team to ensure resources are allocated and work estimates are still valid.
IV&V Work Plan Control: Monthly IV&V Work Plan reviews ensure the Work Plan is being reviewed, discussed, and analyzed for project variances on a regular basis, so any potential drift from the project baseline is quickly identified, any impacts of IV&V Work Plan variances are determined, and variance resolution options are discussed.
IV&V Work Plan Adjustment Techniques: If the project falls behind schedule, there are a number of techniques that may be used to bring the IV&V Work Plan back on track. The IV&V Team identifies the need for adjustments in response to known and unknown schedule influences.
Project Tracking: Updating and maintaining the IV&V Work Plan provides the most up‐to‐date IV&V Project status and feeds into key project metrics. Tracking project progress through using the IV&V Work Plan facilitates transparency to work performed and risks to IV&V Project work or deliverables. This process helps the IV&V team quickly and proactively implement corrective actions to address schedule slippages and make necessary adjustments to stay on schedule.
Quality Management
Defines quality planning, quality assurance, quality control, and deliverable development and review processes:
Quality Planning involves the following:
Creating a Quality Management Plan, including defining the deliverable development and review process and informing and training staff on its contents, standards, and processes
Including tasks and time in the IV&V Work Plan for defining the parameters of project processes and deliverables, developing Deliverable Expectations Documents, identifying the resources to perform the quality activities, and performing internal quality reviews
Defining deliverable acceptance criteria to ensure pre‐established minimum standards or requirements are identified and met before each deliverable is complete
Developing the tools that support quality, including deliverable review checklists and Deliverable Comment Logs
Quality Assurance communicates how the project incorporates quality processes and tools into its activities, such as:
Developing Deliverable Expectations Documents
Establishing and training on project processes
Customizing checklists
Performing internal peer reviews
Soliciting external reviews
Conducting deliverable walkthroughs
Quality Control defines the activities employed within the project to control quality as a deliverable is under development, such as:
Revised 5/03/2016
IV&V Project Management Plan Components
Customizing and using Deliverable Review and Acceptance Checklists
Documenting reviews in a Deliverable Comment Log for tracking and responding to feedback and needed revisions
Deliverable Development and Review describes the deliverable review and acceptance process, including the following:
Set Expectations: Prior to completing a deliverable, the IV&V team develops and submits a Deliverable Expectations Document that outlines the deliverable and provides some preliminary draft content. The team then reviews it with the State to gain up‐front agreement on the format, presentation, and expected content.
Deliver Interim Work Products: The IV&V team develops a deliverable draft, conducting one or more internal reviews of the document following the quality management process for creating a quality project deliverable. To efficiently build agreement on deliverable content that is complex, works‐in‐progress are periodically provided to the State for review and feedback to support our “no surprises” approach.
Submit Final Deliverable: When the IV&V team has completed the deliverable, it is submitted to the State for review and approval. For more complex deliverables a review session is held to walk through the document, highlighting key points and eliciting feedback. The State reviews the deliverable and documents comments and requested changes to the facts using a Deliverable Comment Log.
Review and Approve: The IV&V team addresses the comments and requested changes to the facts noted in the Deliverable Comment Log and responds with their resolution.
Gain Final Sign‐Off: Once all changes in the Deliverable Comment Log are accepted, the State provides final acceptance of the deliverable.
Resource Management
Personnel Assignment: Describes the internal procedures to effectively manage our IV&V project staffing. CSG’s Project Performance Group works closely with the CSG Team Manager to meet the staffing needs of the project. In addition, the CSG Team Manager, Single Point of Contact, and PPG conduct regular meetings to address staffing needs.
Performance and Skill Set Expectations: Describes how performance and skill set expectations are determined and communicated to IV&V team members at the onset of each assignment. As CSG consultants, IV&V team members receive ongoing performance feedback and are encouraged and supported in their efforts to continually improve and expand their skill sets.
Onboarding Process: Ensures each project team member receives a project orientation prior to starting on the project. CSG’s project orientation covers topics such as project structure, project policies regarding client information, use of equipment, work environment, and system access.
Continuity: Identifies CSG’s commitment to maintaining the continuity of staff on projects and identifies staff members that are available and committed through the planned schedule.
Set Expectations
Deliver Interim Work Products
SubmitFinal
Deliverable
Review and Approve
Gain Formal Signoff
Gain Up‐FrontAgreement
Confirm Approach Early,Show Progress
Proceed toReview
Review, Clarify,Revise, Resubmit
Deliverable
Signature ConfirmsFinal Acceptance
Figure 1 ‐ Deliverable Acceptance Process
Revised 5/03/2016
IV&V Project Management Plan Components
Issue Management Issue Identification and Analysis: Describes the key activities associated with identifying and analyzing issues.
Issue Resolution Plan: Describes the key activities associated with reviewing and resolving the issue.
Issue Monitoring and Escalation: Describes the key activities associated with monitoring and escalating identified issues.
Issue Management Tools: Describes tools used for tracking issues throughout the duration of the project.
Risk Management Risk Identification and Analysis: Describes the key activities associated with identifying and analyzing risks.
Risk Response Strategies and Plan: Describes the key activities associated with reviewing the risk, identifying the risk response strategy, and developing a plan to respond to the risk.
Risk Monitoring and Escalation: Describes the key activities associated with monitoring and escalating identified risks.
Risk Management Tool: Describes tools for tracking risks throughout the duration of the project.
Change Management
Change control types:
Integrated Change Control – occurs when changes to the project result in changes to the work plan. The CSG Team Manager coordinates these changes with the IV&V Work Plan and ensures appropriate approvals are received.
Scope Change Control – occurs whenever a change to the project scope is requested. These types of changes may not necessitate a change in the work plan; however, the modifications to the scope of a review or activity are documented in the IV&V Work Plan.
Change Request Identification, Analysis, and Implementation: Summarizes the change request process.
Change Management Tool: Describes tools for tracking change requests throughout the duration of the project.
Change Request Approval Form: Provides a sample form to be used for change request signoff.
Equipment and Logistics
This section describes CSG’s equipment and logistics needs for the project
1.202 Onsite Evaluation
The Awarded Contractor will provide independent evaluation in conjunction with the Legacy Modernization project methodology to ensure that the project is being conducted in accordance with the Legacy Modernization Contract #071B7700121. Selected IV&V Contractor will review and make recommendations on both State and Contractor management of the Legacy Modernization Project, as well as the technical aspects of the Legacy Modernization Project.
Revised 5/03/2016
The Awarded Contractor will participate on-site in executive steering committee meetings and provide an ongoing report on different aspects of the projects as detailed in this Contract. Executive status updates should include IV&V findings that relate to project schedule, update deliverables, milestones, timeline and budget status, and a summary of the Legacy Modernization project’s performance relative to quality concerns, contract compliance, findings and recommendations from the last IV&V review. The IV&V Team will also prepare any ad hoc reports requested by the Executive Committee or Sponsors.
The Awarded Contractor will be embedded with the Legacy Modernization project team to assess the project. These efforts will include, but not be limited to:
Interviews with project team members
Participation in team and Executive Steering Committee meetings
Independent assessment of the project progress on an ongoing basis
Review of documentation, deliverables and other key artifacts
Contractor Response
A. Contractor will complete IV&V Evaluation and Assessment utilizing customized IV&V checklists and including the following activities: 1. Interview MDOS Legacy Modernization Project management, project team members, and
FAST staff
2. Observe project meetings, work sessions, or deliverable walkthroughs and activities to understand the processes, procedures, controls and tools used in the program and project environments
3. Review and analyze project documentation for adherence to the FAST contract and accepted, contractually-defined industry standards
4. Assess status towards previous IV&V observations/findings to determine progress and assess continued level of risk to the project
1.203 Areas of Focus
Specific areas of focus for the Awarded Contractor will include but not be limited to:
1.203.1 Project Management The assessment of the project management and control task includes examination of the organization, plans, procedures, and processes used to manage implementation of the hardware and software components and configuration management of the Legacy Modernization Project as outlined in the Contract #071B7700121.
Review and provide ongoing evaluations of Project Organization and Governance Structure including lines of reporting and responsibilities
Review and provide ongoing evaluations to assess that the project is adhering to the escalation strategy detailed in the Governance structure documentation
Review and provide ongoing evaluations to determine if project artifacts contain necessary details
Revised 5/03/2016
Review and provide ongoing evaluation to assess if the project schedule is realistic and achievable
Review and provide ongoing assessment on whether the control and tracking processes are efficient.
Review and provide ongoing assessment on whether communication flows appropriately and timely to all stakeholders.
Assess organizational readiness related to: o Employee involvement o Employee acceptance of the new system and technology o Employee stakeholders’ readiness and preparation for the change o Employee training supporting new business and technical functions
Analyze and provide recommendations regarding project staffing/resources levels and skillset
Contractor Response
A. Contractor will address each of the following project management and control areas: 1. Project Sponsorship and Governance: minimize change from the core product and
wherever possible, adapt agency processes and approaches to the COTS core capabilities rather than build custom solutions. FAST presents these decisions to the state at a fast pace and the state needs to respond quickly in order to maintain appropriate forward progress.
a. IV&V verifies strong project sponsorship and governance is in place to make key decisions on adapting to change vs. holding fast to MDOS specific requirements
2. Project Management Planning & Project Personnel: FAST Implementation Methodology (FIM) results in fewer, shorter plans with less detail, and relies on experienced project personnel to understand all of the nuances of FIM and execute well.
a. IV&V verifies that the FAST PM and team leads understand the FIM and its philosophy
b. IV&V verifies that the client has key management plans and does not rely on FAST to manage the state
3. Change Management: FIM, like most agile-like methodologies, expects change to occur during the design and development process, and encourages changes during the process rather than locking requirements down and discouraging change.
a. IV&V verifies that change is appropriately embraced by the project team, but is also documented in an appropriate way so that downstream traceability and contract problems are avoided
4. Organizational Change Management: As requirements are built out into definition statements, process changes and statute clarifications will be identified.
a. IV&V verifies that process changes are documented and effectively communicated to operations staff during training
b. IV&V verifies that applicable policies and procedure manuals are updated with process changes, policy revisions, and statute clarifications
5. Configuration Management: FAST uses a tool called the Fast Code Repository (FCR) to manage many aspects of the project, including configuration management and project work tasks and schedules (see the next bullet, Project Estimating and Scheduling).
a. IV&V verifies appropriate usage of FCR features based on previous knowledge and experience with the tool and its capabilities
Revised 5/03/2016
6. Project Estimating and Scheduling: FAST primarily makes use of FCR to plan and manage work tasks and schedules.
a. Contractor will effectively access and conduct reviews and assessments of project schedules and project plans through the Project Workbench and Content Manager.
1.203.2 Process Quality Management The assessment of the Process Quality Management serves to inform the State of the thoroughness and effectiveness of the project’s standards and process controls. The IV&V Team will evaluate the existence of such standards that the conformance to standards is monitored, and a process for improvement is in place and effective. These assessments will be reported to the SOM Executive Steering Committee
Monitor project performance metrics of the Legacy Modernization project in accordance with Contract #071B7700121 throughout the System Development Life Cycle (SDLC). - Provide independent project progress status updates monthly to the State and for
Executive Steering committee status
- Status updates will include review and assessment of the following:
Risk management Issue Management Change Management Communication Management Security Capacity planning Performance Testing Data Conversion Configuration Management Other areas of interest as requested by the Executive Steering Committee
Reports should review potential impacts of the items listed as well as review of any related mitigation or contingency plans associated with these items. Reviews should focus on whether such plans are complete and accurate.
Contractor Response
A. For each of the following quality management areas, we summarize CSG’s insights into FAST’s product and approach, and its effect on our IV&V approach.
1. Risk and Issue Tracking: FAST’s approach to issues is to deal with them immediately when they arise and seek to convene all parties necessary to address the risk or issue thus reducing the necessity of tracking issues over a longer period of time.
a. IV&V monitors risk and issue tracking to assure appropriate tracking is in place for risks and issues that fall outside the ability for immediate resolution.
2. Deliverable Acceptance Criteria: FAST prefers to take a very lean approach to deliverables
Revised 5/03/2016
a. IV&V focuses on assessing the status of deliverable acceptance criteria in place for FAST’s deliverables, and that it satisfies any state requirements that may go beyond the level of documentation normally provided by FAST
3. Change Management: Change is ongoing and expected throughout the design and development process, and decisions need to be made ongoing to keep momentum.
a. IV&V focuses on tracking changes so that there are no surprises downstream in the system development life cycle
1.203.3 Requirements Management. The IV&V Team will review the existing requirements management process, evaluate for efficiencies and assess the processes in place to track the requirements being implemented into the new system.
Review and assess that there is an establishment of an effective structure for the requirements to be associated with a specific hardware or software function or subsystem.
Review and report gaps in the traceability of system requirements against design, code, all phases of testing, and training.
Contractor Response
A. Contractor will provide requirements management assessments for the project, as indicated as follows:
1. Requirements Management: The entire requirements management process is typically controlled by FAST with all management and traceability performed within the FCR tool. There is some risk that requirements management can be reduced to a minimal state where base configuration changes and state specific code are the basic elements tracked.
a. IV&V assures that expectations are set for all RFP requirements to be loaded into FCR and tracked ongoing throughout configuration and development activities, through testing and deployment
2. Requirements Traceability: FAST makes use of FCR to manage requirements, project documents, and traceability. “Definitions” are the primary design artifact produced by FAST. They are similar to use cases and can be related to requirements.
a. IV&V assures that expectations are in place for traceability reporting to occur at regular intervals and that proper change management for requirements is enforced in FCR.
1.203.4 Technical Environment. The IV&V Team will review all environments to determine the viability of the proposed solution. The IV&V Team will identify any gaps in the development process for new releases and verifies and validates the documented, as well as the actual, environment for proper hardware configuration, proper development software versions, compatibility, and completeness. A review and evaluation of the environment-related software for proper versioning, upgrade availability, and compatibility is done to ensure the proper environment configuration is controlled and maintained.
Technical Environments Review of new and existing system hardware configurations to determine if the performance meets the existing and proposed system requirements of all
Revised 5/03/2016
the environments. This evaluation includes infrastructure end user computing and peripheral devices. Examples include but are not limited to the following:
- Local Area Network/Wide Area Network (LAN/WAN) architecture, connections and bandwidth
- CPUs and other processors - Memory - Storage Devices - Printers - End of Life (EOL) server and infrastructure components - Communication controllers - Telecommunications systems - Security implementation - Virus alerts and issues - Power stability - Network support - Contractor support - Scalability
1.203.5 Software Development and Application Design: The IV&V Team will focus on the alignment of the key areas of the software development process. The system development processes and techniques for each release cycle must be well defined and documented so the process can be followed and measured. When applicable, coding standards must be adhered to in a manner allowing for the development of efficient, workable code that satisfies all of the system and interface requirements. The IV&V Team will evaluate the technical architecture to verify the design is workable, efficient, and satisfies all system and interface requirements and to verify that the design process adhered to project design standards documented in Legacy Modernization Contract #071B7700121.
Review project development and Application Design including but not limited to the following key areas for software development and application design: - Coding Standards and Practices - Configuration Management - Application Code Maintainability - Application Security and code vulnerability - Technical architecture design - Detailed Design - Integration and Interfaces - Code Control (escrow) - Vulnerability check - Dependency check - System performance metrics - Usability Standards
Contractor Response
A. Contractor will provide software development and application design environment assessments for the project, as indicated below: 1. High-Level Design: FAST generally considers high-level design to be primarily
encompassed in their base COTS implementation with minor alterations based on customer specific needs.
a. IV&V pays special attention to areas where there may be some notable variance between state requirements and the COTS core implementation.
Revised 5/03/2016
2. Detailed Design: FAST takes customer requirements and their COTS approach as input to produce Definitions, which are similar to use cases and describe basic system functionality, alternate flows, and business rules. Since these are the only design artifacts, demonstrations of functionality to the MDOS subject matter experts (SMEs) are a critical part of the design process.
a. IV&V verifies that the FIM approach is effective in designing and implementing the functionality MDOS requires.
b. IV&V verifies that state SMEs are active participants in functionality demonstrations.
3. Code: The coding phase begins with the Definition document, and involves primarily configuration of the FAST COTS product without the need for coding. However, some state specific coding is necessary to implement any particular nuances for Michigan, and this is not at all rare. Once coding is complete, it is quickly demonstrated to subject matter experts for feedback and ultimate approval. CSG is very familiar with FAST coding standards and has performed code reviews on several FAST projects.
a. IV&V verifies that any custom code that does occur is subject to reviews against FAST coding standards.
4. Unit Test: Basic unit testing is an iterative activity performed during the code/demonstration/ refinement phases of the design/development process.
a. IV&V verifies that the FIM approach is effective for unit testing custom code.
b. IV&V verifies that state SMEs are active participants in iterative unit testing.
1.203.6 Testing. The IV&V Team is expected to review the test plans for completeness. The IV&V Team will review and make necessary recommendations to ensure testing at all levels is not diminished or compromised, all necessary test scenarios and testing requirements are in place, a detailed defect management plan is in place and the entrance and exit criteria is well defined for successful outcome of the test phase.
Review and provide an assessment of the quality of Unit, System, Integration and User Acceptance Testing
Review and provide an assessment of test plans for completeness, do ability, etc. for all cycles of testing including; Integration, System, Performance and Acceptance Testing
Review and provide an assessment that test plans encompasses test cases for all the necessary scenarios, for all phases of testing.
Review and provide an assessment that the defects tracking metrics mechanisms are in place in the test plans and there is solid reporting of actual test cases status
Review and provide an assessment that testing and defect tracking is progressing as per the overall Legacy Modernization Project plan and testing schedule.
Review and provide an assessment of performance testing to ensure response times meet the contractual obligations and are developed and tested per normal industry standards.
Contractor Response
Revised 5/03/2016
A. Contractor will perform a detailed review of system and acceptance testing activities to assure a full understanding of the status of and expectation for the solution design, test scripts, data requirements, defect management, and regression testing to help the project team avoid later delays and risks. This approach effects IV&V reviews for the following common test phases in the following ways:
1. Basic System Testing: This is a joint effort between FAST and MDOS, with MDOS actively participating in incremental system demonstrations as configuration progresses.
a. IV&V assures appropriate participation of MDOS SMEs and key staff.
2. System (Integration) Testing: This testing is performed by MDOS staff who have not participated as SMEs on the project. It assures typical transactions can flow through the system through all aspects, including basic interface testing.
a. IV&V assures test scenarios are adequately developed and reviewed before the start of system testing.
b. IV&V assures appropriate participation from key MDOS staff during system testing to confirm results.
3. End-to-End Testing: This test phase can be thought of as user acceptance testing (UAT). FAST and MDOS conduct components of this testing, with MDOS testing production-equivalent transactions, FAST conducting security, penetration, and capacity testing, and MDOS and FAST jointly testing interfaces with each interface partner.
a. IV&V assures that test case development corresponds to the appropriate level of testing, given the role of UAT.
b. IV&V verifies that production is simulated as realistically as possible.
1.203.7 Data Management The IV&V Team will review the data conversion and migration plan and ensure that all risks identified appropriately along with plan to address the risks due to data conversion and ensure that all potential security risks are remediated.
Provide review and assessment of the Database Design. The Database Design Assessment will also include a review of the data model. The data model review is designed to uncover common problems such as: - Inconsistent naming and definitional standards/conventions
- Inconsistent or incorrect normalization
- Lack of referential integrity enforcement
- Proper data modeling
Review Database and data model to ensure that database performance, capacity, and hardware requirements are being considered - Physical Limitations Analysis – Identify the physical limitations of the Database.
Review the maximum number of records, maximum record length, etc., and compare them to designated values.
- Determine how database growth is being monitored and review plans for data archival.
- Index vs. Storage Analysis – Analyze the use of multiple indexes compared to the use the volume of stored data to determine if the proposed approach meets the requirements for data retrieval performance and size constraints.
Revised 5/03/2016
Security Analysis
- Review database architecture for common security threats including: User account privileges appropriate Unnecessary default accounts disabled and default passwords changed Rules for minimum password length being enforced The framework enforces the use of bind variables that prevent SQL injection
attacks The database security and structure meets the requirements to maintain PCI compliance
Backup and Recovery - Review backup and recovery procedures to ensure that backups can be fully restored
to a development or test environment.
Data Conversion - Review and provide an assessment of the data conversion processes and
procedures - Determine risks related to the data conversion - Assess the ability of completion of data conversion timely - Determine risks associated with data cleansing routines and associated issues for
non-completion of cleansing routines.
Contractor Response
A. Contractor approach, points of reference and focus items for this area are listed below:
1. Database Design: Although FastDS-VS® is a COTS product, database design and modeling is still important, due to the ability to model extensions to the core product.
a. Contractor will provide sufficient verification of the approach to accommodate custom data needs for MDOS.
2. Data Conversion: FAST takes a pragmatic approach to data cleansing and conversion that utilizes core business objects for data import so that all normal validations and business rules are enforced.
a. IV&V verifies that data cleanup/cleansing activities are considered early and involve appropriate MDOS subject matter expertise.
b. IV&V verifies these best practices are adhered to and emphasizes measuring data conversion performance, which can suffer under this approach.
1.203.8 Production Maintenance Oversight. The IV&V Team will review the System Maintenance and Support Plan to verify that all program goals and performance standards are being achieved. They will evaluate the maintenance readiness, transition plan created by Fast Enterprises, and readiness with maintenance team members. The processes and activities associated with disaster recovery and business continuity are reviewed in full and assessed for their completeness. The impact to equipment and business processes, the backup alternatives available to the State, and the timeliness with which a planned recovery effort can be implemented are all evaluated.
Assess and recommend improvements, as needed, to assure appropriate training is planned and carried out.
Evaluate whether adequate knowledge transfer is taking place for State staff to eventually take over and manage the new system
Provide recommendations to ensure adequate transfer of skills is taking place.
Revised 5/03/2016
Contractor Response
A. Contractor will assess the desired levels of support participation and monitor that appropriate knowledge transfer, training, and turnover planning is put into place to accommodate those desires.
1.204 IV&V Status Reports
The IV&V Contractor will prepare and submit Status Reports to the State using the approved format. The reports will detail the IV&V Team’s accomplishments, critical concerns, team’s issues and risks. The Status Reports will also include a general overview of the IV&V project status based on the items listed in section 1.200 and its subsets. Each individual report will additionally cover status updates listed on the specific areas of focus listed below.
Monthly Status Report to be delivered to the Executive Steering Committee Liaisons by the end the month will include:
- A preview of key verification and validation activities aligned to Legacy Modernization project schedule for the next reporting period.
- A listing and current status of all open IV&V action items.
- Overview of progress or resolutions to any IV&V action items or issues since the last report.
Bimonthly Status Reports to be delivered prior to the Executive Steering Committee Meeting and include:
- All relative components of the monthly status report defined above
- All risks and issues identified during the reporting time frame.
- Pre- assessment and recommendations on the following activities and depending on project stage/lifecycle::
o Project management/oversight o Quality management o Requirement management o Technical environment o Software design and development o Testing o Data conversion/management o Production Oversight
Bi-annual Status Report
- Assessment of and recommendations related to all activities to include components of the monthly and bimonthly status reports
- Recommendations regarding identified risks related to organizational readiness
- An assessment and recommendations related to the project team up to and including the Executive Steering Committee focused on but not limited to (and depending on the stage/phase of the project)::
o Gaps between performance and responsibilities or delivery
Revised 5/03/2016
o Gaps between skills and roles o Cohesiveness o Effectiveness o Empowerment/Governance o Organizational readiness o Testing oversight o System Performance o Configuration Management o Data Migration/Conversion Assessments o Quality Oversight o Requirements Management o Software Development o Production Readiness
Contractor Response
A. Each status report type has some common information, and some specific areas of special focus. The following describes the Contractor approach to producing the IV&V status report deliverables: 1. Monthly IV&V Status Report: This report is focused on IV&V team activities and status
as it relates to our ongoing assessment activities. Preliminary observations and recommendations under consideration for the next Bimonthly Status Report are also included.
2. Bimonthly Status Reports: This report formally documents current IV&V observations and recommendations gathered leading up to the current reporting period, and updates to any previously identified observations and recommendations.
3. Bi-annual Status Reports: This report is similar to the Bimonthly, but expands the scope to review a broader period of time as the basis of comparison for progress and risk level trends, and addresses some longer term concerns and areas of focus.
1.300 Roles and Responsibilities
1.301 Contractor Key Personnel
The Contractor will provide sufficient qualified staffing to satisfy the deliverables of this Statement of Work.
The Awarded Contractor will provide, and update when changed, an organizational chart indicating lines of authority for personnel involved in performance of this Contract and relationships of this staff to other programs or functions of the firm. This chart must also show lines of authority to the next senior level of management and indicate who within the firm will have prime responsibility and final authority for the work.
All Key Personnel may be subject to the State’s interview and approval process. Any key personnel substitution must have the prior approval of the State. The State reserves the right to require a change in the any IV&V personnel if the assigned personnel is not, in the opinion of the State, adequately serving the needs of the State.
Revised 5/03/2016
The Contractor cannot combine these Key Personnel roles; each role must be filled by a specific resource. Key Staff may be assigned to other tasks not performed by a Key Role, as required
The State has identified the following as key personnel for this project.
Team Manager
Awarded Contractor shall provide a full-time, on-site IV&V Team Manager
Senior Systems Architect
Awarded Contractor shall provide an on-site Systems Architect who will be responsible for providing technical expertise throughout the lifecycle of the project. This includes all tasks and deliverables previously identified.
Senior Business Architect
Awarded Contractor shall provide an on-site Business Architect who will be responsible for providing technical expertise throughout the lifecycle of the project. This includes all tasks and deliverables previously identified.
Single Point of Contact
The Awarded Contractor will identify a Single Point of Contact (SPOC). The duties of the SPOC shall include, but not be limited to:
a. Supporting the management of the Contract b. Facilitating dispute resolution c. Advising the State of performance under the Terms and Conditions of the Contract
The State reserves the right to require a change in the SPOC, at any point in time, if the assigned SPOC is not, in the opinion of the State, adequately serving the needs of the State.
Contractor Response
A. The CSG team consists of a Core IV&V team onsite in Lansing embedded with the MDOS Legacy Modernization Project team, to provide ongoing IV&V monitoring and assessments. The Core IV&V team will be supplemented with targeted Subject Matter Experts in addition to strong executive support through Project Advisor and other corporate resources.
1. Core IV&V Team a. The Core IV&V team consists of
1. Single Point of Contact, (10% - 20%) 2. Full-time Team Manager, (100%) 3. Senior Systems Architect, (50% - 100%) and a 4. Senior Business Architect. (100%)
The staffing strategy for the IV&V project is designed to have this core team be the onsite “independent eyes and ears” for the project. Contractor will maintain a continuous presence while also remaining truly independent to objectively assess the project.
Revised 5/03/2016
2. Additional Subject Matter Experts a. Additional Subject Matter Experts support the IV&V effort throughout its duration.
The MDOS Legacy Modernization Project is an extremely complex project in a highly visible environment. While the Core IV&V team is staffed across the full project life cycle, there will be times where specific expertise is needed to assess targeted aspects of the project. SMEs provide the specific expertise needed to support the Core IV&V team.
3. Organization Chart
4. IV&V Team Roles and Responsibilities The following table specifies the name, position descriptions, titles, and areas of responsibility of the IV&V personnel who will work on the IV&V for MDOS Legacy Modernization Project.
Revised 5/03/2016
Name and Role Responsibilities
Colleen May Single Point of Contact
(10% ‐ 20%)
Serves as liaison between CSG and MDOS and DTMB for any contractual matters to assure the project is running smoothly and our team is meeting all expectations
Provides oversight and subject matter expertise to our project team as they complete all project activities
Supports the CSG Team Manager regarding quality, staffing, or other issues that need to be addressed or escalated
Lisa Newell Team Manager
(100%)
Provides day‐to‐day oversight and project management expertise
Coordinates all IV&V activities and assures that the CSG IV&V team meets all client expectations
Responsible for the completion of all deliverables, including IV&V Project Management Plan, Monthly Status Reports, Bi‐monthly Status Reports, Bi‐annual Status Report and ad hoc reports
Collaborates with the MDOS and DTMB Project Liaisons and team members
Brad Tait Senior Systems Architect
(50% ‐ 100%)
Provides technical expertise in support of the CSG IV&V team’s activities
Supports the Team Manager in conducting IV&V activities and producing all required deliverables assuring the CSG IV&V team meets all objectives and client expectations
Responsible for the completion of all deliverables, including IV&V Project Management Plan, Monthly IV&V Status Reports, Bi‐monthly Status Reports, Bi‐annual Status Report and ad hoc reports
William Riippi Senior Business Architect
(100%)
Provides business expertise in support of the CSG IV&V team’s activities
Supports the Team Manager in conducting IV&V activities and producing all required deliverables assuring the CSG IV&V team meets all objectives and client expectations
Responsible for the completion of all deliverables, including IV&V Project Management Plan, Monthly IV&V Status Reports, Bi‐monthly Status Reports, Bi‐annual Status Report and ad hoc reports
Subject Matter Expert Pool
Tim Saar, FAST Architecture SME
Shannon Barnes, Motor Vehicle SME
Michael Brown, Project Management/Governance SME
Digby Morrow, Security SME
Provides additional subject matter expertise to the CSG IV&V team
Assists with the completion of IV&V deliverables tasks, including assessment and evaluation in the areas of focus
Executive Support
Patti Garofalo Project Advisor
Provides executive support and subject matter expertise to the CSG IV&V team, MDOS, and DTMB throughout the project
Revised 5/03/2016
1.302 Work Requirements
1. Location of Work The work is to be performed, completed, and managed at the following locations: Secretary of State Building, 7064 Crowner Dr., Lansing, MI. or other State of Michigan office buildings in the Greater Lansing area.
2. Hours of Operation:
a. Normal State working hours are 8:00 a.m. to 5:00 p.m. EST, Monday through Friday, with work performed as necessary after those hours to meet project deadlines. No overtime will be authorized or paid.
b. The State is not obligated to provide State management of assigned work outside of normal State working hours. The State reserves the right to modify the work hours in the best interest of the project.
c. Contractor shall observe the same standard holidays as State employees. The State does not compensate for holiday pay.
3. Additional Security and Background Check Requirements:
The IV&V Contractor will be requested to present certifications evidencing satisfactory Michigan State Police Background checks ICHAT or equivalent out of state background checks and drug tests for all staff identified for assignment to this project.
Contractor personnel will be required to complete and submit an RI-8 Fingerprint Card for the National Crime Information Center (NCIC) Finger Prints, if required by project.
Awarded Contractor will pay for all costs associated with ensuring their staff meets all requirements.
1.303 State Staff, Roles, and Responsibilities
The State shall provide the following resources for the Contractor’s use on this project:
Work space Access to printer, copiers and fax machine
State Executive Sponsors
The State Executive Sponsors for the Legacy Modernization Project will be:
Mike Senyko
Michigan Department of State
Revised 5/03/2016
Brom Stibitz
Department of Technology, Management and Budget
The State project team will consist of Subject Matter Experts (SME’s), project support, a DTMB project manager, an MDOS project manager, and both MDOS and DTMB Program Managers as outlined in the Project Organization Structure document.
State Project Liaisons- (DTMB and MDOS)
The state will provide Project Liaisons who will be responsible for ensuring that the IV & V project manager has access to appropriate staff, information, and any other items required for the Contractor to meet the terms of their Contract. It will also be the liaison’s role to ensure coordination and cooperation between the development vendor and the IV & V staff.
The State’s Project Liaison will provide the following services:
Review project plan, status, and issues Resolve deviations from project plan Provide acceptance sign-off Provide State facilities, as needed Coordinate the State resources necessary for the project Facilitate timely availability of State resources Facilitate coordination between various external Contractors Escalate outstanding/high priority issues Conduct regular and ongoing review of the project to confirm that it
meets original objectives and requirements Document and archive all important project decisions Arrange, schedule and facilitate State staff attendance at all project meetings.
Name Agency/Division Title
Nathan Buckwalter DTMB General Manager for MDOS
Rose Jarois MDOS Director Department Services Administration
DTMB will provide a Contract Administrator whose duties shall include, but not be limited to, supporting the management of the Contract.
Revised 5/03/2016
Name Agency/Division Title
Timothy Taylor DTMB, Procurement Category Analyst/Contract Administrator
1.400 Project Initiation
1.401 Orientation Meeting
The Awarded Contractor will be required to attend an orientation meeting to discuss the content and procedures of the Contract. The meeting shall be held in Lansing, Michigan, at a date and time mutually acceptable to the State and the Contractor. The State shall bear no cost for the time and travel of the Contractor for attendance at the meeting.
1.500 Acceptance
1.501 Criteria
Upon completion of a deliverable, the IV&V Contractor will present the deliverable to the Program Managers for review and recommendation for acceptance/rejection. The Program Managers will have 10 business days to review and recommend acceptance or rejection of the deliverable. If the deliverable is recommended for rejection, the Program Managers will meet with the IV&V Contractor and Executive Steering Committee or its designees and present the reasons why the deliverable was recommended for rejection. Deliverables are not considered complete until formally accepted and approved in writing by the Executive Committee or its designees:
1.502 Document Deliverables
1. Documents are dated and in electronic format. 2. Documents are reviewed and updated throughout the development
process to assure requirements are delivered in the final product. 3. Draft documents are submitted for review by the State Project Liaisons prior to final
acceptance of deliverables. Draft documents are not accepted as final deliverables. 4. The documents will be reviewed and accepted in accordance with the
requirements of the Contract and Appendices.
1.503 Final Acceptance
Final acceptance is expressly conditioned upon completion of all deliverables, completion of all tasks in the IV&V project plan as approved, completion of all applicable reviews and/or testing procedures, delivery of services, and the certification by the State that the Contractor has met the defined requirements. Final acceptance of any component or deliverable will be formally executed in writing by the State of Michigan and the Contractor after all issues identified have been resolved.
Revised 5/03/2016
1.600 Compensation and Payment
1.601 Method of Payment
The Contract is a fixed-price, not to exceed deliverables based contract. The pricing is all-inclusive.
Awarded Contractor will be compensated in accordance with Schedule B Pricing. Invoices shall be received no more than fifteen (15) calendar days from the end of the month in which the work occurred. See Schedule B for Pricing.
All invoices for services should reflect actual milestones completed by payment date and document the work performed. Incorrect or incomplete invoices will be returned to Contractor for correction and reissue. The Contractor must submit its bill and documentation to the Bill To Address set forth in Section 1.603 below, at the end of the month in which the service was provided. Incorrect or incomplete invoices will be returned to Contractor for correction and reissue. Invoices must be approved by Project Manager or designee prior to payment.
1.602 Future Statements of Work and Issuance of Purchase Orders
Unless otherwise agreed by the parties, each Statement of Work will include: - Background - Project Objective - Scope of Work - Deliverables - Acceptance Criteria - Project Control and Reports - Specific Department Standards - Payment Schedule - Project Contacts - Agency Responsibilities and Assumptions - Location of Where the Work is to be performed - Expected Contractor Work Hours and Conditions
The parties agree that the Services/Deliverables to be rendered by Contractor pursuant to this Contract (and any future amendments of it) will be defined and described in detail in Statements of Work or Purchase Orders (PO) executed under this Contract. Contractor shall not be obliged or authorized to commence any work to implement a Statement of Work until authorized via a PO issued against this Contract. Contractor shall perform in accordance with this Contract, including the Statements of Work/Purchase Orders executed under it.
1.603 Invoicing
Contractor will submit properly itemized invoices to
DTMB – Financial Services Accounts Payable
P.O. Box 30026 Lansing, MI 48909 or
Revised 5/03/2016
Invoices must provide the following:
Contract number;
Purchase Order number;
Contractor name, address, phone number, and Federal Tax Identification Number;
List each fee item separately;
Include sufficient detail for each line item to enable the State to satisfy its accounting and charge-back requirements
Incorrect or incomplete invoices will be returned to Contractor for correction and reissue.
1.604 Travel
The State requires all Contractor staff to perform the majority of their work for the Legacy Modernization Project on-site at the MDOS project office. Travel is not billable and travel time to and from the project work site is exclusive of the project work hours. Travel costs and time will not be covered or reimbursed; all travel is at the expense of the Contractor.
1.605 Holdback
The State shall have the right to hold back an amount equal to 10% all amounts invoiced by the Awarded Contractor. The amounts held back shall be released to the Contractor after the State granted the final acceptance.
Revised 5/03/2016
Schedule B - Pricing
Deliverable Payment Schedule Deliverable Payment Invoice % Vendor Pricing Year 1 % of First Year Payment
IV&V Plan 10% $113,536 Monthly Reports/Bimonthly Reports
40% (10% billed quarterly) $454,144
Bi Annual Reports 1 & 2 25% Each $567,680 Yr 1 Total $1,135,360 Year 2 % of Second Year Payment
Monthly Reports/Bimonthly Reports
60 % (15% billed quarterly)
$622,080
Bi Annual Reports 1 & 2 20% Each $414,720 Yr 2 Total $1,036,800
Total Cost $2,172,160
