Schedule

1. Oct2. Oct3. Oct4. Oct5. Oct

Netwo

Inf

e of Critica

tober 4, 2tober 11, 2tober 18, 2tober 23, 2tober 31, 2

Req

ork Secur

formation

l Dates:

2019 2019 2019 2019 2019

LATE PR

quest for

rity Audit

Iss

Departm

n Techno

R P L P P

ROPOSALS

Proposal

For

t and Vul

sued by th

ment of F

ology and

RFP PublishPre-Propos

ast Day toPublish RFPProposal Su

S WILL NO

ls (“RFP

lnerabilit

he

Finance

d Service

hed on Citsal Confereo Submit QP Addenduubmission

OT BE ACC

P”)

ty Assess

s Divisio

ty website ence

Questions um n Deadline

CEPTED

ment

on

Page 1 of 58

Page 2 of 58

Pre-Proposal Conference

A pre-proposal conference will be held at Division of Information Technology & Services, 205

St. Clair, Cleveland, 44113, Rm 306, on Friday, October 11th, 2019 at 10:00 AM EST.

Interested parties may ask questions or seek clarification pertaining to this RFP and the

services desired. For security reasons, those planning to attend the pre-proposal conference

must register by email to thayes@clevelandohio.gov or 216-664-7015. When registering, it

will be necessary to provide the names of all attendees. Interested parties also have the

option of participating via teleconference. Details of the teleconference session will be sent to

all registered attendees.

Addendum to the RFP

The last day for submission of questions with regards to the RFP is Friday, October 18th, 2019, at 5:00 PM EST. An addendum to the RFP will be published on the City’s website

Wednesday, October 23rd, 2019.

Submitting Proposals

Each firm must submit two (2) complete copies of their technical proposal and fee proposal in

hard copy, a copy of the technical and fee proposal on a DVD, or Flash Drive to the

undersigned no later than 5:00 p.m. EST on Thursday, October 31st, 2019. No proposals

will be accepted after that date and time unless the City extends the deadline by a written

addendum.

The technical and fee proposals should be packaged in separate sealed envelopes, marked

appropriately on the outside and, if possible, enclosed in one package, These may be mailed

or delivered to the address below and must be clearly identified on the outside of the

envelope(s) as:

Proposal: Network Security Audit and Vulnerability Assessment

City of Cleveland

Division of Information Technology & Service

Attn: Tiearra Hayes, Project Manager

205 W. St. Clair, 4th Flr. Cleveland, OH 44113.

Page 3 of 58

The City reserves the right to reject any or all proposals or portions of them, to waive irregularities, informalities,

and technicalities, to re-issue or to proceed to obtain the service(s) desired otherwise, at any time or in any

manner considered, in the sole discretion of the City, to be in the City’s best interests. The City may modify or

amend any provision of this notice or the RFP at any time.

Page 4 of 58

Contents I. Introduction and Overview ............................................................................... 5 

II. Scope of Network Security Audit and Vulnerability Assessment Services ...... 7 

III. General Guidelines ...................................................................................... 15 

IV. Qualifications for Proposal ........................................................................... 18 

V. Proposal Content .......................................................................................... 20 

VI. Proposal Evaluation and Vendor Selection ................................................. 24 

VII. The City’s Rights and Requirements .......................................................... 28 

VIII. Agreement Process ................................................................................... 33 

IX. Terms and Conditions .................................................................................. 36 

X. Equal Opportunity Requirements .................................................................. 42 

XI. Attachments ................................................................................................. 46 

Page 5 of 58

I. IntroductionandOverview

Introduction

The City of Cleveland (City), Information Technology Services, is soliciting proposals from

qualified service providers with industry experience sufficient to perform in-depth Network

Security Audit and Vulnerability Assessment of the IT infrastructure, network, and

applications in the City of Cleveland. The firm to be employed by the contract, will

supplement the regularly employed staff of the departments under General Funds and

Enterprise Funds, which consist of Port Control and Public Utilities. Following the

specifications outlined in this document, deliverables from the assessment must include

comprehensive documentation to include any non-compliant network vulnerabilities; a risk

analysis listing the priority of each risk or vulnerability identified (i.e., high/med/low) and a

roadmap document outlining technologies and best practices that the City should focus on to

improve its security model. The result of this procurement process will be the award of one or

more contracts to one or more Consultants for the services described herein.

Background

Overview

The City of Cleveland is issuing this request for a proposal to perform a citywide Network

Security Audit and Vulnerability Assessment to identify vulnerabilities, analyze and determine

their potential impact, establish benchmarks for remediation and improvements of the City’s

operations, internal controls, and current policies and procedures. The selected vendor is

expected to perform these services in four separate network environments (Public Safety,

Utilities, Port Control, and General Fund). The IT services provided within these domains

include but are not limited to: IT operations planning and management, application services

deployment, network infrastructure, and data storage. Other services include management of

telecommunications; wired, wireless, and Wi-Fi services across all City departments and

helpdesk support services support.

Page 6 of 58

Task-Based Project Execution for Support Services

Each work activity requested by the City under this contract will be considered a task. These

tasks will vary in length from short term specific projects/initiatives to long term managed

support services that may span the length of the contract. Tasks may be either for a

consultant to execute a defined scope of work or maybe a request for resources to augment

the existing City staff.

Due to the nature of these work tasks, it is expected that the selected Consultant may need

to acquire the services of sub-consultants specializing in various disciplines to complete the

Contract Tasks. A list of possible services is included in Section II, Scope of Services.

The Consultant shall provide experienced staff to fulfill the service requirements and to

produce the required deliverables.

Activities for all tasks shall be coordinated by the Consultant with the City’s designated

Information Technology & Services Program Manager. Tasks will be released by the City as

required. The procedure for release of tasks to the Consultant is described in Section III,

General Guidelines.

Page 7 of 58

II. ScopeofNetworkSecurityAuditandVulnerabilityAssessmentServices

Scope of Services

This list of possible services is intended to provide a general overview of the work to be

performed under this contract.

The scope may include all disciplines and the work products developed by these disciplines,

whether identified or not.

1. Vulnerability Assessment, including but not limited to:

Internal Network

External Network

Wireless Network

Physical Access Controls

Remote Access/ External Partners

Social Engineering

Internet Usage

Host-Based Security

Virus Protection

Logon Security

Payment Card Industry (“PCI”) Data Security Standard (“DSS)

Compliance Assessment

Remittance Data (channels managing invoice and payment process)

Advantage Architecture

GAAP Assessment

2. Penetration Testing, including but not limited to:

Internal Network

Web Security

Inbound and Outbound Remote Access Strategy

Intrusion Detection- Varonis

Page 8 of 58

SIEM Product (Security Information Event Management)

USB Lockdown

3. Network Security Audit, including but not limited to:

Device and Platform Identification

Domain Name System (“DNS”) Security Configuration Audit

Server Security Configuration Audit

Employee Training and Social Engineering Threat Prevention Audit

Security Policies and Procedures Review

Backup Disaster and Recovery Audit

Third-Party On-Site Security Audit

Security Incident Response Contract Audit

4. Connections to External Partners

Detailed Scope of Services

Vulnerability Assessment Services

Internal Network

All internal corporate systems to include workstations, servers,

switching/routing infrastructure, virtualization, and storage infrastructure, and

other connected IT devices. Including all Demilitarized (DMZ) systems to

include flow controls from external to internal systems.

External Network

All external public-facing systems to include firewalls, load balancers, web

servers, FTP servers, and web service interface points.

Page 9 of 58

Wireless Network

All wireless systems to include internal touchpoints from all SSID, broadcast, or

hidden, as well as encryption levels.

Physical Access Controls

Determine if the current physical security is adequate by conducting physical

access assessments.

Remote Access/ External Partners

Assess remote access and security of network connections and data traffic to

and from external partners

Social Engineering

Perform social engineering procedures to verify the existence and effectiveness

of procedural controls to prevent unauthorized physical and electronic access

to the City’s IT network.

Internet Usage

Asses URL/web filtering and access restrictions

Host-Based Security

Assess the security of critical systems at the operating system and database

layers and associated identity and access management controls.

Virus Protection

Evaluate the facility used to prevent the impact of viruses. Perform a threat

assessment to identify vulnerabilities.

Logon Security

Evaluate password policies. Review current logon auditing practices. Examine

current practices and identify any potential weaknesses. Provide input on an

Page 10 of 58

action plan to deal with problems. Perform a threat assessment to identify

vulnerabilities.

PCI DSS Compliance Assessment

This service includes an assessment of the City’s cardholder data environment

for compliance with the PCI DSS, including the people, processes, and

technology that store, process, or transmit cardholder data or sensitive

authentication data.

Remittance Data- (channels managing invoice and payment process)

This service includes an assessment of the City’s invoice and payment

processing environment, including the people, processes, and technology that

store, process, or transmit invoices and billing data.

Advantage Architecture

This service includes an assessment of the City’s IT environment protection.

GAAP Assessment

This service includes an assessment of the City’s standards, conventions, and

rules accountants follow in recording and summarizing, and in the preparation

of financial statements.

Vulnerability Assessment Services Deliverables

The vendor will provide the City of Cleveland with a detailed report on the assessment

vulnerabilities discovered and recommendations.

Highlight successes and identify gaps

Identify security/privacy risks in current practices inclusive of:

Policy/Process/Procedures

Tools, Methods, Implementation

Operations

Develop detailed recommendations to close gaps, which includes:

Page 11 of 58

Recommend mitigation solutions

Estimated budget requirements range for mitigation deployment and ongoing

support

Estimated deployment timelines

Penetration Test Services

Internal Network

Perform non-volatile exploit procedures designed to determine how well

security systems can withstand up-to-date malicious exploits launched via the

internet and internal network connections.

Web Security

All wireless systems to include internal touchpoints from all SSID, broadcast, or

hidden, as well as encryption levels. Testing will attempt to compromise

networks and operating systems to identify vulnerabilities to the system.

Inbound and Outbound Remote Access Strategy

Evaluate the administration of remote access, both inbound and outbound.

Review implications, protocol, and procedures associated with the level of

access that has been granted to authorized users. Examine security issues in

remote data transfer and the extent of network access available remotely.

Perform a threat assessment to identify vulnerabilities with existing remote

access.

Intrusion Detection- Varonis Protection

Evaluate the built-in host intrusion detection (HIDS), network intrusion detection

(NIDS), as well as cloud intrusion detection for the City’s public cloud

environments.

Page 12 of 58

SIEM Product- Security Information Event Management

Evaluate real-time analysis of security alerts generated by the City’s

applications and network hardware.

USB Lockdown

Evaluate unauthorized device detection for security incidents.

Penetration Test Services Deliverables

The vendor will provide the City of Cleveland with a detailed report on testing and

attack scenarios used, test result log, and interruptions.

Network Security Audit Services

Device and Platform Identification

This service includes identifies all network assets and operating systems.

Domain Name System Security Configuration Audit

This service includes an evaluation of DNS servers for the following:

Verification, the guidelines within the DNS Security Requirements Guide

(“SRG”), and the DNS Policy Security Technical Implementation Guide (STIG)

are followed.

Evaluation of systems to ensure compliance with applicable standards and to

determine if the environment is protected against known threats and current

attack vectors

Audit of DNS vulnerabilities, including cache poisoning, DNS amplification,

Open Resolvers, etc.

Server Security Configuration Audit

This service includes an audit of server configurations against industry best practices

and applicable security standards.

Page 13 of 58

Employee Training and Social Engineering Threat Prevention Audit

This service includes an evaluation of existing training materials applicable to security

policies and procedures to ensure employees are trained and compliant with the

necessary tools to prevent non-technical attacks, which often involves deceiving

employees to break standard security procedures.

Security Policies and Procedures Audit

Audit current state of security policies and standards and benchmark against business

needs and commonly accepted industry standards to enhance the current policy set

where there are gaps to the common standards. Build new policies to match where

existing controls are in place, and to make recommendations for additional policies

that may be needed.

Backup Disaster and Recovery Audit

Evaluate documented processes and procedures for ITS Disaster

Preparedness Compliance to ensure the continuance of key business functions

in the event of a disruption.

Ascertain the existence and effectiveness of the current ITS disaster recovery

plan and its alignment with the enterprise business continuity plan, policies, and

procedures.

Evaluate ITS function’s preparedness in the event of process disruption.

Determine compliance with applicable federal laws and regulations.

Third-Party On-Site Security Audit

3rd party security audit to confirm that security and data protection controls are in

place and compliant to business needs and in alignment with acceptable industry

standards.

Security Incident Response Audit

Audit relating to the effectiveness of security incident management processes,

policies, procedures, and governance activities

Page 14 of 58

Network Security Audit Services Deliverables

The vendor will provide the City of Cleveland with a detailed report on findings.

Findings document that details and demonstrate all threats and

vulnerabilities that are identified.

A risk analysis listing of recommendations based on risk severity, probability,

cost, and scope of work. This should also include recommendations that

address policy or procedural vulnerabilities

A Security Roadmap that lists the technology recommendations for the next

3-5 years and includes a strategic direction in support of the City’s security

infrastructure.

Connections to External Partners Services

Review the City’s connection and security posture to the City’s external partners

through wide area networks, dedicated circuits, remote clients, and remote server

technologies; Assess remote access and security of network connections and data

traffic to and from external partners.

Connections to External Partners Services Deliverables

Executive Summary with overall severity findings and risk exposure

Remediation recommendations to close the vulnerabilities identified

Detailed steps (wherever/whenever applicable) to be followed while

mitigating the reported vulnerabilities

Page 15 of 58

III. GeneralGuidelines

Task Request for Proposal

When a Task is first initiated, the Program Manager for this contract shall issue a Task

Request for Proposal (TRFP) to the Consultant. The TRFP may include the following

information:

• Background of the need for the task

• Goal and objective of the task

• Task priority relative to other contract tasks

• Listing of any scheduling and coordination restrictions that will affect the task

• Listing of known governmental regulations that may need to be addressed in the task

• Determining if legislation exists, will be needed, or will not be needed to proceed with

the task

• Known problems that may restrict design or implementation which must be addressed

• Task project management responsibilities

• Any other related information not listed

• Assigned task number

• Established task deliverables

• Intermediate milestones

Task Proposal

The consultant will take the information presented in the TRFP and prepare an estimate of:

• Disciplines needed

• Staff to be provided along with resumes (if requested)

• Hours needed by each

• Schedule

• Reimbursable

• Total not-to-exceed Task Cost

The Consultant shall submit this information in the proposal form to the Program Manager.

Task Negotiation

The Program Manager will review the Task Proposal as received from the Consultant and

determine if the proposal is acceptable. If it is determined that adjustments are needed, the

Page 16 of 58

manager will negotiate with the Consultant until both parties agree on the details in the Task

Proposal. This process must be repeated until no new corrections are needed.

Task Authorization

When the Task Proposal is finalized, a formal Task Authorization Letter will be given to the

Consultant by the Program Manager.

Each authorized Task shall indicate a Total Not-To-Exceed funding cap. The Consultant shall

utilize generally accepted Project Management processes, whereby consistent biweekly

milestone meetings will provide both a dollar/percentage spent and work remaining. These

shall include documented and formalized issue log and change request processes that shall

be reviewed and approved by the City. The Consultant shall give The City at least one-month

advance notice of when it thinks a Task’s funding will be exhausted prior to completion.

Task Completion and Close-Out

All work by the Consultant shall conform to Generally Commercially Acceptable Standards.

After the Consultant has completed the activities as authorized in each task, he/she shall

submit, in hard copy, and where applicable, in electronic format (latest version of Adobe PDF,

MS Word, Visio, or MS Excel), the following items to the Program Manager:

• Collected information

• Design notes and requirements

• documentation

• All Task correspondence

• All other defined deliverables

Compensation and Invoicing Support Services

Compensation for services shall be based on hourly billing rates for the category of the

individuals assigned to each Task and approved reimbursable expenses as agreed upon

during negotiation of the Agreement. Billing rates shall remain unchanged throughout the life

of this contract.

The Consultant shall be compensated for reimbursable expenses incurred in the interest of

the work in accordance with the City Expense Reimbursement Policy.

Page 17 of 58

The Consultant shall be paid for services on a time-based method. The Consultant shall

invoice each month based on the actual hours, and approved hourly billing rates expended

for the services. The invoice shall include only the staff titles listed in the Fee Proposal.

The Consultant shall submit its invoice for progress payment to the Program Manager no

later than the close of business on the thirtieth (30th) calendar day of the month following the

month for which payment is requested. If the 30th calendar day would fall on a Saturday,

Sunday, or holiday, then the submittal shall take place on the previous working day. The

Consultant shall not submit invoices more frequently than once per month.

Invoices shall include a cover page, summary table, detailed invoice per task, summary table

of labor costs, timesheets, a summary table of reimbursable, original receipts, and other

information as deemed appropriate. Invoices shall include specific activities worked, on an

hourly and daily basis by resource.

Supporting information (receipts, timesheets, etc.) shall be attached in the appropriate

section of the invoice in alphabetical then chronological order. For example, timesheets shall

be attached alphabetically by individual name and chronologically by the individual.

Each approved task shall be specifically identified and tracked.

Invoices not submitted in the approved format may be rejected and returned to the

Consultant. This includes incomplete information and missing documentation.

Page 18 of 58

IV. QualificationsforProposal

Each proposer, regardless of the form of its business entity, must meet the following

minimum requirements. Failure to meet all requirements may be cause for rejection of a

proposal. If a proposer is a partnership or a joint venture, at least one general partner or

constituent member must meet the requirements. Each Proposer must:

• Provide evidence that it has a minimum of 5 continuous years of experience within the

last 10 years of providing the services described in this RFP

• Provide evidence that it has a minimum of 5 continuous years of experience within the

last 10 years of Security Audit and Assessment engagements/implementations with

comparable cities

• Be authorized to conduct business in the State of Ohio, County of Cuyahoga, and the

City of Cleveland

• Proposer demonstrates qualification for all applicable licenses, certificates, permits, or

other authorizations required by any governmental authority, including the City, having

jurisdiction over the operations of the successful Proposer and the proposed services.

• Submit with its proposal at least three (3) written, verifiable, references dated within

the last two years from clients for which the Proposer has rendered services

substantially similar to those sought by this RFP, and recommending Proposer for

selection for such services. (See Attachment “G” – Vendors Client References Form)

Submission of Proposal

Each proposer shall submit its proposal(s) in the number, form, manner, and by the date and

time and at the location required in Section I above.

Each proposer shall provide all the information requested in this RFP. The proposer must

organize its proposal package to address each of the elements in this RFP in the order listed

in Section VI, Proposal Content. The proposer should carefully read all instructions and

requirements and furnish all the information requested. If a proposal does not comply with all

terms, conditions, and requirements for submittal, the City may consider it unacceptable and

may reject it without further consideration

Page 19 of 58

The City wishes to promote the greatest feasible use of recycled and environmentally

sustainable products and to minimize waste in its operations. To this end, all proposals

should comply with the following guidelines: Unless necessary, hard copies should minimize

or eliminate the use of non-recyclable or non-reusable materials. Materials should be in a

format permitting easy removal and recycling of paper. A proposer should, to the extent

possible, use products consisting of or containing recycled content in its proposal including,

but not limited to, folders, binders, paper clips, diskettes, envelopes, boxes, etc. Do not

submit any or a greater number of samples, attachments, or documents not specifically

requested.

If you find discrepancies or omissions in this RFP or if the intended meaning of any part of

this RFP is unclear or in doubt, send a written request for clarification or interpretation to

Tiearra Hayes, 205 West St. Clair Avenue, 4th Floor, Cleveland, OH 44113, no later than

Friday, October 18th, 2019 at 5:00PM EST. Requests for clarification or interpretation may

be submitted via e-mail to thayes@clevelandohio.gov.

Page 20 of 58

V. ProposalContent Each proposal shall include the following parts in the order below. Please separate and

identify each part by tabs for quick reference. Each proposal should be organized to facilitate

its evaluation.

The Proposal submittal shall be no longer than 40 single-sided printed pages, excluding

appendices.

Page size shall be 8.5 x 11 inches (11x17 inch pages may be utilized for graphical

representations, but each will be counted as two pages). Font size shall be no less than 12

pt. Tabs, dividers, and appendices are excluded from the page count. The proposal shall be

submitted in 3-ring binders.

The proposal response section shall consist of the following sections:

Section 1: Cover Page and Executive Summary

The Executive Summary should provide a complete and concise summary of the proposer’s

experience and ability to meet the requirements of this RFP. It should briefly state why the

Proposer is the best candidate for the engagement. The Summary should be organized so it

can serve as a stand-alone summary apart from the remainder of the proposal.

Section 2: Profile

The Proposer will provide a profile of its organization and all other sub-consultants who will

be providing services. At a minimum, the Proposer will provide the following information:

• Principal owners of the business

• Number of years in business

• Number of years involved with services as proposed

• Total number of employees

• Latest gross sales revenue

• Latest gross income

Page 21 of 58

Section 3: Qualifications

Identify the prime and each sub-consultant firm’s qualifications for providing professional

services. Place specific emphasis on projects for government and/or utilities.

In the Qualifications section, each Proposer should state in detail its qualifications, and

experience, and how its services and/or products are unique and best suited to meet the

requirements and intent of this RFP. This should include the qualifications of sub-consultants

included in the proposal. The proposer may include as much information as needed to

differentiate its services and product(s) from other proposals. At a minimum, please include

the following:

• How Proposer meets or exceeds qualifications;

• A description of the nature of the firm’s experience in providing the service(s)

and/or product(s) sought by this RFP and state the number of persons currently

employed for such purpose;

• The total number of such engagements and the clients comparable to The City for

which the firm has provided like or similar services within the last five (5) years.

Page 22 of 58

Section 4: List of Representative Services

Provide a list of at least three similar consulting services that the proposer has completed within

the last three years.

Include a detailed description of the scope, responsibilities, services, and dollar value for each

contract listed for the proposer

Provide at least one client reference each (verified name and telephone number) of someone

closely familiar with each client and your firm's performance.

Each service description shall be presented in the format consistent with the table below.

List of Representative Projects Table

(One sheet per project)

Project title:

Project Description:

Owner’s Name:

Location of Project:

Knowledgeable Contact’s Name

Contact’s Role in the Project:

Verified Telephone Number for Contact:

Project Manager’s Name*

Key Team Member’s Names and Duties*:

Prime Consultant:

Sub consultant(s) and Percent of Total Project:

*As proposed for that project SHEET OF

Page 23 of 58

Section 5: Environmental Sustainability

Describe how the proposed serves/project/solution incorporates environmental sustainability.

Section 6: Litigation:

Disclose any current litigation(s) that the proposer or any of its subcontractors are currently

involved or has been involved over the last 5 years.

Page 24 of 58

VI. ProposalEvaluationandVendorSelection Proposals received in response to this request will be reviewed and scored by an evaluation team. The evaluation of proposals received will be carried out in three rounds and will be based on but not limited to, the evaluation team’s assessment of the criteria defined under the following evaluation rounds.

Round 1 – Procedural Compliance and Quality Assurance

Round 2 – Proposal Technical Review and Scoring

Round 3- Vendor Oral Presentation

Fees will not be considered in the technical evaluation. Proposals shall be evaluated first

on qualifications and technical merit. Once rankings are established, the fee submittals

shall be considered.

Round 1 – Procedural Compliance and Quality Assurance

Round 1 evaluation will be conducted to verify that the vendor has complied with the

submission criteria listed below. This is a pass or fails round; therefore, vendors are to

ensure that they meet ALL of the following conditions:

• Vendor’s adherence to the City’s established process for communication

• Vendor submitted a proposal to the City on or before the submission deadline

• Cover of the Vendor’s submission package contains the appropriate content

designation, and all requested components of the submission package are

included

• Adherence to City’s OEO requirements and correctly filing and submitting all

City’s Forms and Schedules

• The vendor has completed and submitted the Proposal Checklist –Attachment “D”.

(City will verify all documentation supplied by the vendor, including all forms).

25 of 58

Failure by the vendor to comply with the instructions provided or to submit a complete

proposal may render a proposal not qualified for the award, except that the City reserves

the right to waive minor irregularities. The City may also, solely at its discretion, choose

to notify a vendor of deficiencies in its response to the RFP and allow for remediation of

such deficiencies. Proposals that meet the submission criteria may progress to Round 2.

Round 2 – Proposal Technical Review and Scoring (Passing Score - 75%)

This round of evaluation will be based on the following criteria:

a. Vendor Qualifications and Experience-

i. Attachment “H" Vendor Experience Checklist will be evaluated during

Round 2

b. Project Approach and Proposed Solution;

c. Cost-Effectiveness and Value;

e. Acceptance of the Terms of the Contract

A firm’s involvement in any current litigation with the City of Cleveland may be taken into

account during proposal evaluation.

The ratings are not intended or to be interpreted as a reflection of a proposer’s

professional abilities. Instead, they reflect the City’s best attempt to quantify each

proposer’s ability to provide the services sought by the City and to meet the specific

requirements of this RFP.

Round 3- Vendor Oral Presentation (Passing Score -75%)

Vendors that scored a minimum of 75% from Round 2 evaluation may be invited to

conduct an oral presentation for the City of Cleveland. Presentations, not to exceed two

hours, will be scheduled by the PMO with each of the finalists within a reasonable

timeframe.

For the purpose of this presentation, vendors may be required to respond to specific

questions, scenarios, and use cases related to the RFP objectives. The presentation

Page 26 of 58

format, scripts, and questions will be provided to the vendor prior to the presentation date.

The evaluation panel may ask questions related to the vendor's proposal, prior

submissions, or presentation during the session.

Fee Proposal Evaluation and Finalist Selection

The evaluation team will review the fee proposals from all vendors that scored 75% and

above from the Round 3 evaluation. The selection of one or more finalists is at the discretion

of the City and will not be based solely on the cost proposal. The City will select the vendor

or vendors considered to be the “Most Advantageous,” and “Best Value” to the City, and

extend an invitation to enter into a contract.

Disqualification of a Proposer/Proposal:

The City does not intend by this RFP to prohibit or discourage submission of a proposal that

is based upon a Proposer’s trade experience in relation to the nature or scope of work,

services, or product(s) described in this RFP or to prescribe the manner in which its services

are to be performed or rendered.

The City will not be obligated to accept, however insignificant, deviations from the work or

services sought by this RFP, including terms inconsistent with or substantially varying from

the services or the financial and operational requirements of the RFP, as determined solely

by the City. The City reserves the right to reject any proposal that does not furnish or is

unresponsive to the information required or requested herein. The City reserves the right to

reject any proposal or to waive or to accept any deviation from this RFP or in any step of the

proposal submission or evaluation process to approve the award of the contract considered

in the City’s best interest, as determined in the City’s sole discretion.

Although the City prefers that each Proposer submits only one proposal including all

alternatives to the proposal that the Proposer desire the City to consider, it will accept

proposals from different business entities or combinations having one or more members in

interest in common with another Proposer, the City may reject one or more proposals if it has

reason to believe that Proposers have colluded to conceal the interest of one or more parties

27 of 58

in a proposal, and will not consider a future proposal from a participant in the collusion. In

addition, the City will not accept a proposal form or approve a contract to any Proposer that is

in default as surety or otherwise upon an obligation to the City or has failed to perform

faithfully any previous agreement with the City or is currently in default under any agreement

with the City.

The City reserves the right to reject any or all proposals. Failure by a Proposer to respond

thoroughly and completely to all information and document requests in this RFP may result in

rejection of its proposal. Further, the City reserves the right to independently investigate the

financial status, qualifications, experience, and performance history of a Proposer.

The City reserves the right to cancel the approval or authorization of a contract award, with or

without cause, at any time before its execution of a contract.

Page 28 of 58

VII. TheCity’sRightsandRequirements

The Director, at his/her sole discretion, may require any proposer to augment or supplement

its proposal or to meet with the City’s designated representatives for interview or presentation

to further describe the proposer’s qualifications and capabilities. The requested information,

interview, meeting, or presentation shall be submitted or conducted, as appropriate, at a time

and place the Director specifies.

The City reserves the right, at its sole discretion, to reject any proposal that is incomplete or

unresponsive to the requests or requirements of this RFP. The City reserves the right to

reject any or all proposals and to waive and accept any informality or discrepancy in the

proposal or the process as may be in the City’s best interest.

Proposal as a Public Record

Under the laws of the State of Ohio, all parts of a proposal, other than trade secret or

proprietary information and the fee proposal, may be considered a public record which, if

properly requested, the City must make available to the requester for inspection and copying.

Therefore, to protect trade secret or proprietary information, the proposer should mark each

page - but only that page - of its proposal that contains that information. The City will notify

the proposer if such information in its proposal is requested, but cannot, however, guarantee

the confidentiality of any proprietary or otherwise sensitive information in or with the proposal.

Blanket marking of the entire proposal as “proprietary” or “trade secret” will not protect an

entire proposal and is not acceptable.

Cleveland Area Business Code

Requirements During performance of this Agreement, Contractor shall comply with all

applicable requirements of the Cleveland Area Business Code, Chapter 187 of the Codified

Ordinances of Cleveland, Ohio, 1976 (“C.O.”), and any Regulations promulgated under the

Code, which Code and Regulations are incorporated into and made part of this RFP by this

Page 29 of 58

reference as fully as if rewritten in it or attached. Specifically, compliance under any resulting

agreement shall include, but not be limited to, the Contractors:

Compliance with its proposal representations regarding CSB, MBE, and/or FBE

participation in the performance of the Agreement;

Compliance and cooperation with Project Monitors, whether from the Mayor’s Office

of Equal Opportunity (the “OEO”) or the contracting department;

Accurate, complete, and on-time submission of all reports, forms, and documents

including, but not limited to, employment reports, certified payrolls, monitoring forms,

and other information the Director of the OEO may require, whether in printed or

electronic form, to ascertain and verify Contractor’s compliance; and

Attendance at and participation in all required project meetings, including OEO

compliance meetings, and progress meetings called by the contracting department

director(s) at key intervals during the performance of the contract services.

Failure to Comply When determining the contractor’s future eligibility for a City contract,

the City shall consider a contractor’s failure to comply with the representations of its

proposal and the requirements under the Code as a failure to faithfully perform a contract.

a. Under the Cleveland Area Business Code, the City of Cleveland is firmly committed

to assisting Minority Business Enterprises (MBEs), Female Business Enterprises

(FBEs), and Cleveland- area small businesses (CSBs) by providing and enhancing

economic opportunities to participate in City contracts. The successful proposer for

a contract will be a firm that shares that commitment. Accordingly, a proposer is

strongly encouraged to utilize the services of qualified MBE/FBE/CSB sub-

consultants that are certified by the Mayor’s Office of Equal Opportunity (the “OEO”)

in its proposal.

b. The standard subcontracting goal for professional services contracts is 10%

Cleveland Area Small Business (“CSB”) subcontractor participation. Please review

the attached Office of Equal Opportunity documents to ascertain the goal for the

Page 30 of 58

proposed contract. Proposers are required to make a good-faith effort to subcontract

portions of the work to certified Minority Business Enterprise (“MBE”), Female

Business Enterprise (“FBE”), and CSB firms, consistent with the subcontracting

goal(s) applicable to this RFP.

.

c. To document its good-faith effort to utilize certified MBE, FBE, and CSB sub-

consultants, each proposer must complete Schedules 1 through 4 found in the

Cleveland Area Business Code - Notice to Bidders and Schedules.

These schedules identify the proposer’s proposed use of MBE, FBE, and CSB sub-

consultants on the project, which evidences the proposer’s good-faith effort to obtain

the participation of certified sub-consultants. The proposer shall submit the

completed forms with its proposal, and they will be forwarded to the City’s Office of

Equal Opportunity for evaluation. Failure to submit complete schedules may result

in the rejection of a proposal

Proposers may obtain a listing of firms certified by the OEO as CSBs, MBEs, and

FBEs by checking the City’s website at http://www.city.cleveland.oh.us. On the home

page, select the “Office of Equal Opportunity” from the drop-down menu of City

departments. On the Office of Equal Opportunity page, you will find a selection in the

left-hand column for “CSB/MBE/FBE Registry.”

Proposers are responsible for obtaining the most current list and for contacting

potential CSB/MBE/FBE sub-consultants. The City assumes no responsibility for

matching prime consultants with qualified, certified MBE, FBE, and/or CSB sub-

consultants.

The City Office of Equal Opportunity will monitor the participation of MBE, FBE,

and/or CSB sub-consultants throughout the duration of the engagement or project.

The successful proposer, as the contractor, will be responsible for providing the

OEO with all the information necessary to facilitate this monitoring.

Page 31 of 58

The Cleveland Area Business Code, any Regulations promulgated under the Code,

and the OEO Notice to Bidders & Schedules are, by this reference, incorporated in

and made part of this solicitation and any resulting contract as fully as if written in it

or attached.

d. The successful proposer, as the contractor, will be required to comply with all

terms, conditions, and requirements imposed on a “contractor” in the following Equal

Opportunity Clause, Section 187.22(b) of the Cleveland Codified

Ordinances, and shall make the Clause part of every subcontractor agreement

entered into for services or goods and binding on all persons and firms with which

the proposer may deal, as follows: No Contractor shall discriminate against any

employee or applicant for employment because of race, religion, color, sex, sexual

orientation, national origin, age, disability, ethnic group or Vietnam-era or disabled

veteran status. Contractors shall take affirmative action to ensure that applicants are

employed and that employees are treated during employment without regard to race,

religion, color, sex, sexual orientation, national origin, age, disability, ethnic group, or

Vietnam-era or disabled veteran status. As used in this chapter, “treated” means

and includes without limitation the following: recruited whether by advertising or

other means; compensated, whether in the form of rates of pay or other forms of

compensation; selected for training, including apprenticeship, promoted, upgraded,

demoted, transferred, laid off and terminated. Contractors shall post in conspicuous

places available to employees and applicants for employment, notices to be

provided by the hiring representative of contractors setting forth the provisions of this

nondiscrimination clause.

Term of Proposal’s Effectiveness

By submission of a proposal, the proposer agrees that its proposal will remain

effective and eligible for acceptance by the City until the earlier of the execution of a

final contract or 180 calendar days after the proposal submission deadline (the

“Proposal Expiration Date”).

Page 32 of 58

  Execution of a Contract

The successful proposer shall, within ten (10) business days after receipt of a

contract prepared by the City Director of Law, exclusive of Saturdays, Sundays and

holidays, execute and return the contract to the City together with evidence of proper

insurance and intent to conform to all requirements of the contract. Attached hereto

or which are a part hereof and all applicable federal, state, and local laws and

ordinances prior to or at the time of execution of the contract.

  Short-listing

The City reserves the right to select a limited number (a “shortlist”) of proposers to

make an oral presentation of their qualifications, proposed services, and capabilities.

The City will notify the proposers selected for oral presentations in writing.

  Proposer’s Familiarity with RFP; Responsibility for Proposal

By submission of a proposal, the proposer acknowledges that it is aware of and

understands all requirements, provisions, and conditions in and of this RFP and that

its failure to become familiar with all the requirements, provisions, conditions, and

information either in this RFP or disseminated either at a pre-proposal conference or

by addendum issued prior to the proposal submission deadline, and all

circumstances and conditions affecting performance of the services to be rendered

by the successful proposer will not relieve it from responsibility for all parts of its

Proposal and, if selected for contract, its complete performance of the contract in

compliance with its terms. Proposer acknowledges that the City has no responsibility

for any conclusions or interpretations made by proposers on the basis of the

information made available by the City. The City does not guarantee the accuracy of

any information provided, and the proposer expressly waives any right to a claim

against the City arising from or based upon any incorrect, inaccurate, or incomplete

information or information not otherwise conforming to represented or actual

conditions.

Page 33 of 58

Interpretation

The City is not responsible for any explanation, clarification, interpretation,

representation, or approval made concerning this RFP or a Proposal or given in any

manner, except by written addendum. The City will mail, e-mail, or otherwise deliver

one copy of each addendum issued, if any, to each individual or firm that requested

and received an RFP. Any addendum is a part of and incorporated in this RFP as

fully as if originally written herein.

Required City Forms

Proposer shall complete, execute, and return with its fee proposal, the following documents; they can also be found on-line on the City of Cleveland website. City of Cleveland OEO Forms

• The Office of Equal Opportunity Notice to Bidders and Schedules; • Federal Form W-9 including Taxpayer Identification Number;

• Non-Competitive Bid Contract Statement for Calendar Year 2019

• Northern Ireland Fair Employment Practices Disclosure

  VIII. AgreementProcess

The Vendor whose proposal is found to be the “Most Advantageous” to the City will be

selected and offered the opportunity to agree with the City. The scope, terms, and

conditions of that Agreement shall be in conformance with the terms, conditions, and

specifications described in this RFP, and the proposal submitted by the Vendor shall

become part of the Agreement with the City.

The selected Vendor must be prepared to begin contract negotiations immediately upon

notification of selection. If the Vendor is not able to begin contract negotiations, the City

may disqualify the Vendor. The City reserves the right to negotiate the contract to include

any portion or portions of the proposal.

Page 34 of 58

The City shall not be responsible for any vendor costs incurred in relation to the

preparation of the proposal, travel to any meetings, or any other Vendor costs associated

with proposal preparation.

The City of Cleveland’s Law Department will prepare the contract. Vendor responses

must identify a designated contact, authorized to negotiate the final terms and conditions

with the Law Department. It should be noted that the Law Department uses the City of

Cleveland to prepared contract forms and not standard vendor contract forms.

Construction of Agreement

A. The validity, interpretation, construction, and performance of this Agreement shall be

in accordance with the laws of the State of Ohio.

B. This Agreement and the agreement between the City of Cleveland sets forth the entire

understanding of the parties and supersedes any and all prior agreements,

arrangements, and understandings, oral or written, of any nature whatsoever between

the parties regarding the subject matter hereof. The waiver of any breach of any term

of this Agreement does not waive any subsequent breach of that or any other term of

this Agreement.

C. No modifications or amendments to this Agreement will be valid unless in writing and

signed by each of the parties hereto.

D. All terms and words used in this Agreement, regardless of the number and gender in

which they are used, shall be deemed and construed to include any other number,

singular or plural, and any other gender, masculine or feminine or neuter, as the

context or sense of this Agreement or any paragraph or clause herein may require, the

same as if such words have been fully and properly written in the number and gender.

E. The consultant agrees that no representation or warranties of any type shall be

binding upon the City unless expressly authorized in writing herein.

Page 35 of 58

F. The headings of sections and paragraphs to the extent used herein are used for

reference only, and in no way define, limit or describe the scope or intent of any

provisions hereof.

G. This Agreement may be executed in any number of counterparts, each of which when

so executed and delivered shall be deemed original, but such counterparts together

shall constitute one and the same instrument.

H. The following documents attached hereto are hereby incorporated with and made a

part of this Agreement:

1. Attachment “A,” Equal Opportunity Clause.

2. Attachment “B” Definitions.

3. Attachment “C” Forms.

4. Attachment “D” Proposal Checklist

5. Attachment “E” Fee Proposal

6. Attachment “F” Vendor Background Info

7. Attachment “G” Vendor Client References

8. Attachment “H” Vendor Experience Checklist

Page 36 of 58

  IX. TermsandConditions

The following terms and conditions, substantially in the form contained herein, shall be

included in the agreement between the City and the successful respondent. Please carefully

review these terms and conditions. No specific response to this section is required.

Term

The term of this Agreement shall begin on the effective date of this Agreement and, unless

canceled in accordance with the terms of the Agreement, shall terminate upon completion of

and approval by the City of all work to be performed.

Cancellation

This agreement may be canceled by the City at any time upon written notice to the

Consultant.

Independent Contractor

The consultant and the City agree that the Consultant is an independent contractor and not

an employee of the City and further agrees that the Consultant shall be considered as such

for all purposes. As such Consultants shall retain sole financial responsibility for all taxes

due to federal, state, or local governments or agencies on account of themselves, their

employees, representatives, or agents.

Equal Opportunity, MBE/FBE

The Consultant shall comply with all terms, conditions, and requirements imposed on a

“Contractor” in the Equal Opportunity Clause, Section 187.22(b) of the Cleveland Codified

Ordinances, (Attachment F) and shall make the Clause part of every subcontractor

agreement entered into for services or goods and binding on all persons and firms with which

the proposer may deal, as follows: No Contractor shall discriminate against any employee or

applicant for employment because of race, religion, color, sex, sexual orientation, national

origin, age, disability, ethnic group or Vietnam-era or disabled veteran status. Contractors

shall take affirmative action to ensure that applicants are employed and that employees are

Page 37 of 58

treated during employment without regard to race, religion, color, sex, sexual orientation,

national origin, age, disability, ethnic group, or Vietnam-era or disabled veteran status. As

used in this chapter, “treated” means and includes without limitation the following: recruited

whether by advertising or other means; compensated, whether in the form of rates of pay or

other forms of compensation; selected for training, including apprenticeship, promoted,

upgraded, demoted, transferred, laid off and terminated. Contractors shall post in

conspicuous places available to employees and applicants for employment, notices to be

provided by the hiring representative of Contractors setting forth the provisions of this

nondiscrimination clause.

A copy of this Clause shall be made a part of every subcontractor agreement entered into for

goods or services, and shall be binding on all persons, firms, and corporations with whom the

Contractor may deal.

Within 60 calendar days after entering into a contract, the successful Proposer, as

Contractor, shall file a written affirmative action program with the OEO containing standards

and procedures and representations assuring that the Contractor affords all qualified

employees and applicants for employment equal opportunities in the Contractor’s

recruitment, selection, and advancement processes. The forms can be found at City of

Cleveland OEO Forms

Cleveland Area Business Code

During the performance of this contract, Consultant shall comply with any and all applicable

requirements of the Cleveland Area Business Code, Chapter 187 and 187a. of the Codified

Ordinances of Cleveland, Ohio, 1976 (“C.O.”), and any Regulations promulgated under the

Code, which Code and Regulations are incorporated into and made part of this RFP by this

reference as fully as if rewritten in it or attached. There is no subcontractor participation goal

for this contract.

Page 38 of 58

Subcontracts and Assignments

Consultant shall not subcontract, nor shall any subcontractor commence performance of any

part of the work or services included in this Agreement without the prior written consent of the

City. Subcontracting, if permitted, shall not relieve the Consultant of any of its obligations

under this Agreement.

Consultant shall be and remain solely responsible to the City for the acts or faults of any such

subcontractor and such subcontractor's officers, agents, and employees, each of whom shall

for this purpose, be deemed to be an agent or employee of Consultant to the extent of its

subcontract. Consultant and any subcontractor shall jointly and severally agree that the City

of Cleveland is not obligated to pay or to be liable for the payment of any sums due to any

subcontractor.

Assignment

Consultant shall not assign any interest in this Agreement, and shall not transfer any interest

in the same, whether by assignment or notation, without the prior written consent of the City.

Confidentiality

In rendering the Services to be performed pursuant to this Agreement, Consultant agrees to

treat and maintain confidential information and data as the City’s confidential property and

from the date hereof, and agrees not to divulge it to any third party at any time or use it for

Consultant’s personal benefit or otherwise, except as such use or disclosure may be required

in connection with the performance of the Services or maybe consented to, in writing by the

City.

Compliance with Laws and Policies

This Agreement is subject to, and Consultant shall comply with, all statutes, ordinances,

regulations, and rules of the Federal government, the State of Ohio, the County of Cuyahoga,

and the City of Cleveland.

Page 39 of 58

Indemnification and Insurance

Consultant shall indemnify and hold harmless the City and its respective officers, agents and

employees from and against all losses, damages, expenses, suits or claims, liabilities and

costs, including reasonable attorney's fees, that may be based upon any negligent error or

omission by Consultant or any injury to persons or property arising out of any error, omission

or negligent act of Consultant or its sub-consultant. Consultant shall, at its own expense,

defend the City in all litigation, pay all attorney's fees, damages, court costs and other

expenses arising out of such litigation or claims incurred in connection therewith and shall, at

its own expense, pay all claims and related expenses and satisfy and cause to be discharged

such judgments as may be obtained against the City, or any of its officers, agents or

employees, arising out of such litigation. Such indemnification shall survive the termination

of this Agreement.

State Industrial Compensation

Consultant shall be required at all times during the term of this Agreement, if required by law,

to subscribe to and comply with the Workers' Compensation Laws of the State of Ohio and

pay such premiums as may be required thereunder and to save the City harmless from any

and all liability from or under said act. Consultant shall also furnish, if applicable, upon the

request of the City, a copy of the official certificate or receipt showing the payments referred

to herein.

Social Security Act

Consultant shall be and remain an independent contractor with respect to all services

performed hereunder and agrees to and does hereby accept full and exclusive liability for the

payment of any and all contributions or taxes for social security, unemployment benefits,

pensions and annuities now or hereafter imposed under any state or federal laws which are

measured by the wages, salaries or other remuneration paid to persons employed by

Consultant on work performed under the terms of this Agreement and further agrees to obey

all lawful rules and regulations and to meet all lawful requirements which are now or

hereafter may be issued or promulgated under said respective laws by any duly authorized

Page 40 of 58

state or federal officials and said Consultant also agrees to indemnify and save harmless the

City of Cleveland from any such contributions or taxes or liability therefore.

Interest of Consultant

Consultant covenants that it has no interest and shall not acquire any interest, direct or

indirect, which would conflict in any manner or degree with the performance of services

required to be performed under this Agreement. Consultant further covenants that no person

has any such interest shall be employed in the performance of this Agreement.

Defaults and Remedies

A. Consultant shall be in default of this Agreement upon the happening of any of the

following events:

1. Consultant fails to observe or perform any of the covenants or agreements to

be observed or performed by it hereunder, and such failure continues for a

period of five (5) days after written notice thereof is given to the Consultant by

the City.

2. The filing, execution or occurrence of: (I) a petition or other proceeding by, or a

finding against, Consultant for its dissolution, reorganization or liquidation; (ii) a

petition in bankruptcy by Consultant; (iii) an adjudication of Consultant as

bankrupt or insolvent; (iv) an assignment or petition for assignment for the

benefit of creditors.

3. Consultant abandons or discontinues its operations for the City except when

such abandonment or discontinuance is caused by fire, earthquake, war, strike,

or other calamities beyond its control.

B. Upon the happening of any one or more of the events as set forth in Paragraph A of

this Article, or upon any other default or breach of this Agreement, the Finance

Page 41 of 58

Director may, at her option, exercise concurrently or successively any one or more of

the following rights and remedies:

1. Enjoin any breach or threatened breach by Consultant of any covenants,

agreements, terms provisions or conditions hereof.

2. Sue for the performance of any obligation, promise, or agreement devolving

upon Consultant for performance or for damages for the nonperformance

thereof, all without terminating this Agreement.

3. Terminate this Agreement.

C. All rights and remedies granted to the City herein and any other rights and remedies

that the City may have at law and in equity are hereby declared to be cumulative and

not exclusive and the fact that the City may have exercised any remedy without

terminating this Agreement shall not impair the City's rights thereafter to terminate or

to exercise any other remedy herein granted or to which it may be otherwise entitled.

Page 42 of 58

  X. EqualOpportunityRequirements

During performance of this Agreement, Contractor shall comply with all applicable

requirements of the Cleveland Area Business Code, Chapter 187 of the Codified Ordinances

of Cleveland, Ohio, 1976 (“C.O.”), and any Regulations promulgated under the Code, which

Code and Regulations are incorporated into and made part of this RFP by this reference as

fully as if rewritten in it or attached. Specifically, compliance under any resulting agreement

shall include, but not be limited to, the Contractors:

• Compliance with its proposal representations regarding CSB, MBE, and/or FBE

participation in the performance of the Agreement;

• Compliance and cooperation with Project Monitors, whether from the Mayor’s Office of

Equal Opportunity (the “OEO”) or the contracting department;

• Accurate, complete, and on-time submission of all reports, forms, and documents

including, but not limited to, employment reports, certified payrolls, monitoring forms,

and other information the Director of the OEO may require, whether in printed or

electronic form, to ascertain and verify Contractor’s compliance; and

• Attendance at and participation in all required project meetings, including OEO

compliance meetings, and progress meetings called by the contracting department

director(s) at key intervals during performance of the contract services (e.g., 25%

completion, 50% completion, 75% completion).

Page 43 of 58

Failure to Comply- When determining the contractor’s future eligibility for a City contract,

the City shall consider a contractor’s failure to comply with the representations of its

proposal and the requirements under the Code as a failure to faithfully perform a contract.

� Under the Cleveland Area Business Code, the City of Cleveland is firmly committed to

assisting Minority Business Enterprises (MBEs), Female Business Enterprises (FBEs),

and Cleveland- area small businesses (CSBs) by providing and enhancing economic

opportunities to participate in City contracts. The successful proposer for a contract will

be a firm that shares that commitment. Accordingly, a proposer is strongly encouraged to

utilize the services of qualified MBE/FBE/CSB sub-consultants that are certified by the

Mayor’s Office of Equal Opportunity (the “OEO”) in its proposal.

• The standard subcontracting goal for professional services contracts is 10% Cleveland

Area Small Business (“CSB”) subcontractor participation. Please review the attached

Office of Equal Opportunity documents to ascertain the goal for the proposed contract.

Proposers are required to make a good-faith effort to subcontract portions of the work

to certified Minority Business Enterprise (“MBE”), Female Business Enterprise (“FBE”),

and CSB firms, consistent with the subcontracting goal(s) applicable to this RFP.

.

• To document its good-faith effort to utilize certified MBE, FBE, and CSB sub-

consultants, each proposer must complete Schedules 1 through 4 found in the

Cleveland Area Business Code - Notice to Bidders and Schedules. These schedules

identify the Proposer’s proposed use of MBE, FBE, and CSB sub-consultants on the

project, which evidences the proposer’s good-faith effort to obtain the participation of

certified sub-consultants. The Proposer shall submit the completed forms with its

proposal, and they will be forwarded to the City’s Office of Equal Opportunity for

evaluation. Failure to submit complete schedules may result in the rejection of a

proposal

• Proposers may obtain a listing of firms certified by the OEO as CSBs, MBEs, and

FBEs by checking the City’s website at proposers are responsible for obtaining the

Page 44 of 58

most current list and for contacting potential CSB/MBE/FBE sub-consultants. The City

assumes no responsibility for matching prime consultants with qualified, certified MBE,

FBE, and/or CSB sub-consultants.

• The City Office of Equal Opportunity will monitor the participation of MBE, FBE, and/or

CSB sub-consultants throughout the duration of the engagement or project. The

successful proposer, as the contractor, will be responsible for providing the OEO with

all the information necessary to facilitate this monitoring.

• The Cleveland Area Business Code, any Regulations promulgated under the Code,

and the OEO Notice to Bidders & Schedules are, by this reference, incorporated in

and made part of this solicitation and any resulting contract as fully as if written in it or

attached.

• The successful proposer, as contractor, will be required to comply with all terms,

conditions, and requirements imposed on a “contractor” in the following Equal

Opportunity Clause, Section 187.22(b) of the Cleveland Codified Ordinances, and

shall make the Clause part of every subcontractor agreement entered into for services

or goods and binding on all persons and firms with which the proposer may deal, as

follows: No Contractor shall discriminate against any employee or applicant for

employment because of race, religion, color, sex, sexual orientation, national origin,

age, disability, ethnic group or Vietnam-era or disabled veteran status. Contractors

shall take affirmative action to ensure that applicants are employed and that

employees are treated during employment without regard to race, religion, color, sex,

sexual orientation, national origin, age, disability, ethnic group, or Vietnam-era or

disabled veteran status. As used in this chapter, “treated” means and includes without

limitation the following: recruited whether by advertising or other means;

compensated, whether in the form of rates of pay or other forms of compensation;

selected for training, including apprenticeship, promoted, upgraded, demoted,

transferred, laid off and terminated. Contractors shall post in conspicuous places

available to employees and applicants for employment, notices to be provided by the

Page 45 of 58

hiring representative of contractors setting forth the provisions of this

nondiscrimination clause.

• Within 60 calendar days after entering into a contract, the successful Proposer, as

Contractor, shall file a written affirmative action program with the OEO containing

standards and procedures and representations assuring that the Contractor affords all

qualified employees and applicants for employment equal opportunities in the

Contractor’s recruitment, selection, and advancement processes.

Page 46 of 58

XI. Attachments

Attachment “A”

EQUAL OPPORTUNITY CLAUSE

(Section 187.22(b) C.O.)

Each Contract also shall contain the following equal opportunity clause:

“During the performance of this contract, the contractor agrees as follows:

(1) The contractor shall not discriminate against any employee or applicant for

employment because of race, religion, color, sex, sexual orientation, national origin,

age, disability, ethnic group, or Vietnam-era or disabled veteran status. The

contractor shall take affirmative action to ensure that applicants are employed and that

employees are treated during employment without regard to race, religion, color, sex,

sexual orientation, national origin, age, disability, ethnic group, or Vietnam-era or

disabled veteran status. As used in this chapter, "treated" means and includes without

limitation the following: recruited, whether by advertising or other means;

compensated, whether in the form of rates of pay or other forms of compensation;

selected for training, including apprenticeship, promoted, upgraded, demoted,

downgraded, transferred, laid off and terminated. The contractor agrees to and shall

post in conspicuous places, available to employees and applicants for employment,

notices to be provided by the hiring representatives of the contractor setting forth the

provisions of this nondiscrimination clause.

(2) The contractor will, in all solicitations or advertisements for employees placed by or on

behalf of the contractor, state that the contractor is an equal opportunity employer.

Page 47 of 58

(3) The contractor shall send to each labor union or representative of workers with which

he has a collective bargaining agreement or other contracts, or understanding, a

notice advising the labor union or worker's representative of the contractor's

commitments under the equal opportunity clause, and shall post copies of the notice in

conspicuous places available to employees and applicants for employment.

(4) It is the policy of the City that local businesses, minority-owned businesses, and

female-owned businesses shall have every practicable opportunity to participate in the

performance of contracts awarded by the City subject to the applicable provisions of

the Cleveland Area Business Code.

(5) The contractor shall permit access by the Director or his or her designated

representative to any relevant and pertinent reports and documents to verify

compliance with the Cleveland Area Business Code, and with the Regulations. All

such materials provided to the Director or designee by the contractor shall be

considered confidential.

(6) The contractor will not obstruct or hinder the Director or designee in the fulfillment of

the duties and responsibilities imposed by the Cleveland Area Business Code.

(7) The contractor agrees that each subcontract will include this Equal Opportunity

Clause, and the contractor will notify each subcontractor, material supplier, and

supplier that the subcontractor must agree to comply with and be subject to all

applicable provisions of the Cleveland Area Business Code. The contractor shall take

any appropriate action with respect to any subcontractor as a means of enforcing the

provisions of the Code.”

Page 48 of 58

Attachment “B”

Definitions per A-87:

1. "Approval or authorization of the awarding or cognizant Federal agency" means

documentation evidencing consent prior to incurring a specific cost. If such costs are

specifically identified in a Federal award document, approval of the document

constitutes approval of the costs. If the costs are covered by a State/local-wide cost

allocation plan or an indirect cost proposal, approval of the plan constitutes the

approval.

2. "Award" means grants, cost-reimbursement contracts, and other agreements

between a State, local, and Indian tribal government and the Federal Government.

3. "Awarding agency" means (a) with respect to a grant, cooperative agreement, or

cost-reimbursement contract, the Federal agency, and (b) with respect to a sub-

award, the party that awarded the sub-award.

4. "Central service cost allocation plan" means the documentation identifying,

accumulating, and allocating or developing billing rates based on the allowable costs

of services provided by a governmental unit on a centralized basis to its departments

and agencies. The costs of these services may be allocated or billed to users.

5. "Claim" means a written demand or written assertion by the governmental unit or

grantor seeking, as a matter of right, the payment of money in a sum certain, the

adjustment or interpretation of award terms, or other relief arising under or relating to

the award. A voucher, invoice, or other routine requests for payment that is not a

dispute when submitted is not a claim. Appeals, such as those filed by a

governmental unit in response to questioned audit costs, are not considered claims

until a final management decision is made by the Federal awarding agency.

Page 49 of 58

6. "Cognizant agency" means the Federal agency responsible for reviewing,

negotiating, and approving cost allocation plans or indirect cost proposals developed

under this Circular on behalf of all Federal agencies. OMB publishes a listing of

cognizant agencies.

7. "Common Rule" means the "Uniform Administrative Requirements for Grants and

Cooperative Agreements to State and Local Governments. Final Rule" originally

issued at 53 FR 8034-8103 (March 11, 1988). Other common rules will be referred to

by their specific titles.

8. "Contract" means a mutually binding legal relationship obligating the seller to furnish

the supplies or services (including construction) and the buyer to pay for them. It

includes all types of commitments that obligate the government to an expenditure of

appropriated funds and that, except as otherwise authorized, are in writing. In

addition to bilateral instruments, contracts include (but are not limited to): awards

and notices of awards, job orders or task orders issued under basic ordering

agreements, letter contracts, purchase orders, under which the contract becomes

effective by written acceptance or performance, and, bilateral contract modifications.

9. "Cost" means an amount as determined on cash, accrual, or other bases acceptable

to the Federal awarding or cognizant agency.

10. "Governmental unit" means the entire State, local, or federally-recognized Indian

tribal government, including any component thereof.

11. "Grantee department or agency" means the component of a State, local, or federally-

recognized Indian tribal government which is responsible for the performance or

administration of all or some part of a Federal award.

Page 50 of 58

12. "Indirect cost rate proposal" means the documentation prepared by a governmental

unit or component thereof to substantiate its request for the establishment of an

indirect cost rate as described in Attachment E of the OMB Circular A-87. Indirect

costs are those: (a) incurred for a common or joint purpose benefiting more than one

cost objective, and (b) not readily assignable to the cost objectives specifically

benefited, without effort disproportionate to the results achieved. The term "indirect

costs," as used herein, applies to costs of this type originating in the grantee

department, as well as those incurred by other departments in supplying goods,

services, and facilities. To facilitate equitable distribution of indirect expenses to the

cost objectives served, it may be necessary to establish a number of pools of indirect

costs within a governmental unit department or in other agencies providing services

to a governmental unit department. Indirect cost pools should be distributed to

benefited cost objectives on bases that will produce an equitable result in

consideration of relative benefits derived.

13. "Local government" means a county, municipality, city, town, township, local public

authority, school district, special district, intrastate district, council of governments

(whether or not incorporated as a non-profit corporation under state law), any other

regional or interstate government entity, or any agency or instrumentality of a local

government.

14. "Public assistance cost allocation plan" means a narrative description of the

procedures that will be used in identifying, measuring, and allocating all

administrative costs to all of the programs administered or supervised by State

public assistance agencies as described in Attachment D of this Circular.

15. "State" means any of the several States of the United States, the District of

Columbia, the Commonwealth of Puerto Rico, any territory or possession of the

United States, or any agency or instrumentality of a State exclusive of local

governments.

Page 51 of 58

OBM Circular A-87

Attachment “C”, Forms

• Office of Equal Opportunity (OEO Forms) Click the link below to access all forms

referenced in Attachment C.

City of Cleveland OEO Forms

Schedule 1:

Schedule 2:

Schedule 3:

Schedule 4:

Project Contact Information Form

Schedule of Subcontractor Participation

Statement of Intent to Perform as a Subcontract

CSB/MBE/FBE Subcontractor Unavailability/

Impracticality Certification

• Federal Form W-9 including Taxpayer Identification Number;

• Non-Competitive Bid Contract Statement for 2019

• Northern Ireland Fair Labor Practices Affidavit

Page 52 of 58

Attachment “D,” Proposal Checklist

Include this proposal checklist with your submission to ensure that you have completed all required portions of the proposal. Incomplete submissions may be disqualified.

PROPOSAL CHECKLIST

(Complete and Include with Proposal Submission)

Item Description Form Included?

(Y/N)

Management Letter Vendor to provide

Vendor Background Information See Attachment F

Vendor Client Reference Form See attachment G

Fee Proposal Template See Attachment E

Vendor Experience Checklist See Attachment H

Schedule 1 Project Contact Information

Form See Attachment C – OEO Form

Schedule 2 Schedule of Subcontractor

Participation See Attachment C – OEO Form

Schedule 3 Statement of Intent to Perform as a Subcontractor See Attachment C – OEO Form

Schedule 4 CSB/MBE/FBE Subcontractor

Unavailability/Impracticality Certification See Attachment C – OEO Form

Northern Ireland Fair Employment

Practices Disclosure See Attachment C

Non-Competitive Bid Contract Statement for 2019

See Attachment C

W-9 Request for Federal Taxpayer

Identification See Attachment C

Completed Proposal Checklist Attachment D (This Form)

Page 53 of 58

Attachment “E” Fee Proposal

SUPPORT/SERVICE CATEGORY

BILLING RATE (HR) COMMENTS

Project Manager

Network Security Auditor

Network Security Engineer

Cyber Security Engineer

System Security Engineer

Information Security Analyst

Data Security Analyst

Page 54 of 58

Other Resources Required

Attachment “F” – Vendor Background Information

Information Requested Vendor

Response,

Comments or

Explanation OVERVIEW

1 Vendor Name

2 Address

3 Telephone Number

4 Contact Person

5 E-Mail Address

6 Parent Company (If Applicable)

7 Address

8 Telephone Number

9 Provide information about any local branch offices or support centers that might serve an account in Cleveland, OH, including the number of employee and type of services provided

10 Provide the name of each principal

11 Provide the year the company was established and any former firm names

12 Provide the type of company (public or private)

13 Provide the financial statements and annual report for the past 3 years

Not required unless shortlisted

14 Provide the state and type of incorporation

15 Provide information on related services offered by the company

PERSONNEL

16 Provide the total number of FTEs in the company

Page 56 of 58

17 Provide average years of experience of professional staff

18 Estimated number of resources that would be dedicated to the City for the duration of the support contract

IT CONSULTING SERVICES SUPPORT HISTORY

19 Number of year experience the company has been in staffing support

20 Number of Public Sector/Municipal clients (specify clients)

21 Number of clients in the Greater Cleveland area (specify clients)

PENDING LITIGATION

22 Number of Pending Litigations that the company has had in the past five years. Please attach a separate document with the details of each situation (client name, date and description/cause)

23 Number of situations where the company has been subject to liquidated damages in the past five years. Please attach a separate document with the details of each situation (client name, imposed amount, imposed date, collected amount, date collected, description/cause)

Page 57 of 58

Attachment “G” – Vendor Client References (include references from three

projects/clients)

VENDOR CLIENT REFERENCE

Information Requested Vendor Response, Comments or

Explanation

Proposing Vendor Name

Reference Company/Organization Name

Reference Address

Reference Contact Name

Contact’s Position

Contact’s Telephone Number

Type of Company/Organization (Industry)

Number of Employees

Services Performed

Sub-contractors used

Identify any vendor staff that worked on this reference company's project that is proposed for City

Original Cost Estimates

Actual Final Costs

Comments

Attachment “H” – Vendor Experience Checklist (include multiple pages if required)

VENDOR EXPERIENCE CHECKLIST

(Complete and Include with Proposal Submission)

Service Description Category Experience

(Y/N)

Years of Experience

Include a detailed description of similar project/ services provided

within the last (5) five years (reference List of Representative

Projects Table p. 21)

Vulnerability Assessment

Penetration Testing

Network Security Audit

Connections to External Partners