The URL can be used to link to this page

Home My WebLink About09/01/1998, 3 - YEAR 2000 COMPLIANCE council °° j acEnaa Repout CITY OF SAN LUIS OBISPO FROM: Bill Statler,Director of Finance 6419 SUBJECT: YEAR 2000 COMPLIANCE CAO RECOMMENDATION ■ Review and discuss the City's efforts to ensure that our highest-priority technology systems are Year 2000 compliant. ■ Authorize the Mayor to execute an agreement with Information, Integration and Innovation & Associates in the amount of$67,400 to assist the City in developing and implementing a comprehensive Year 2000 compliance and disaster recovery plan. ■ Appropriate$67,400 to fund these consultant services as follows: General Fund, $40,400; Water Fund, $13,500; and Sewer Fund, $13,500. REPORT-IN-BRIEF There has been a lot of discussion lately about the major problems in-store for any organization that is not working hard right now to ensure that their technology systems will be Year 2000 (Y2k) compliant. The purpose of this report is review with the Council what the "Y2k"problem is, what we have done to-date to address this problem, and to recommend "next steps" to assure that our technology-driven systems will be Y2k compliant. DISCUSSION Background—What Is the Problem? Until pretty recently, computer memory was very limited — and because of this, also very expensive. To save space(and money), for many years computer programmers only used the last two digits of the year in writing date-related programs. For example, "1965" was programmed and entered as "65." In determining the length of time since an event last happened (such as a birth date and today), the "19"part of the date is assumed, so it is easy to calculate that 33 years have past from 1965 to 1998 (98 minus 65). So why is this a problem? Because when the year 2000 rolls around, computers with only "65" in them will not know what to do. A straight forward calculation should result in a negative 65 years passing since"65" (00 minus 65). At this point, it is not clear what most systems will do when they encounter a negative date number — other than it is unlikely that an accurate answer will result. (This is why testing is an integral part of most Y2k compliance plans.) Dates are used in an overwhelming number of applications in our daily lives, from computing interest earnings on savings accounts to determining retirement benefits; from telling when the J'/ Council Agenda Report—Year 2000 Compliance Page 2 next inspection is due on an elevator (and it will not run if it is past due) to determining the freshness of food products. The short answer is: this is a problem because date-related computer calculations are everywhere in our daily lives, and we can be assured that serious (and in many cases, unforeseen) consequences will result from hardware and software that cannot correctly deal with the millennium change. This date-calculation problem can be found in two places: embedded in the hardware itself in the built-in operating system (BIOS); and in application and operating system software. Additionally, the Y2k problem is potentially more than just correctly calculating dates. The Year 2000 is a leap year, and many computer programs — even if they consider themselves Y2k compliant — may not correctly account for this because of an obscure rule that only comes into play once every 400 years. City Actions To-Date We are taking this very seriously, and we have adopted and started implementing a Y2k compliance action plan. Accomplishments to-date include: ■ Replacing "mission-critical" application software as part of the information technology master plan adopted in April of 1995. ■ Forming an organization-wide "Y2k task force" with representatives from every department, and completing an initial inventory of our systems. ■ With consultant assistance, completing a formal compliance assessment(Exhibit A). The results of this assessment are discussed below. ■ As recommended in the compliance assessment, adopting a procurement policy that ensures that any new purchases are Y2k compliant (Exhibit B), and following-up with a more comprehensive inventory of our systems. ■ Identifying next steps in this process. Scope of the Problem There are three kinds of problems facing us: ■ Business process applications and systems. This is what we most commonly think of when considering technology systems. It includes software and hardware used for daily business operations, such as desktop work stations, file servers,printers, operating system software (Windows 95, Windows NT, Unix, Novell netware, DOS, IBM operating system), office automation software (Word, Excel, GroupWise, PowerPoint), geographic information systems (ArcInfo/ArcView), AutoCAD, public safety system (Spillman), finance system (BRC — soon to be Pentamation); recruitments (SIGMA), tree inventory, Council Agenda Report—Year 2000 Compliance Page 3 pavement management, fleet management, work orders, building permits and land use inventory. These include "off-the-shelf' software or package systems like Office 95 or ArcView; major systems purchased from "turnkey" vendors like our public safety and finance systems; and locally developed applications using FoxPro (or other data base software) like our land use inventory,building permit and work order systems. ■ Process and control systems. These are often hard to identify, because they use "embedded"software and hardware for facilities and equipment, such as HVAC systems, telecommunications systems (telephones, voice mail, data communications), security systems, traffic signals, process control systems at our water treatment and wastewater reclamation plants, vehicle fuel pumps, street lights, radio communications or telemetry systems. ■ Data exchanges with other organizations. We rely on electronic information from other agencies, and other agencies rely on electronic information from us. Examples include investments, banking, PERS, payroll deposits, wire transfers and law enforcement information. In short, we rely upon electronic data from other agencies for a number of "mission-critical" operations, and they rely upon it from us. The problem: even if our own systems are Y2k compliant, this will not mean much if others we rely upon for electronic interfaces are not Y2k compliant as well. Business process applications and systems probably pose the lowest risk to the City for two reasons: ■ Based on the 1995 information technology master plan, we have started replacing or upgrading virtually all of our "mission-critical' applications like desk top hardware and software, local and wide network systems, and public safety, finance, GIS applications. All of these efforts are underway and will be completed well before the Year 2000. ■ Replacing "non-mission critical' systems should be relatively easy and inexpensive (assuming we begin to do so on a timely basis); and the consequences of not being Year 2000 compliant will be less significant. We are much more likely to experience serious difficulties with the "process control' and "data exchange" systems since they are less visible, and in many cases,beyond our control to fix. Results of the Compliance Assessment Report and Next Steps The compliance assessment report concludes that the City is off to a good start in our Y2k planning efforts; however, a lot of work remains ahead of us in assuring that our most important applications will still be working when the clock rolls over to January 1,2000. As we suspected, our biggest challenges will be with "embedded" technology, like those used in control systems at our water treatment and reclamation plants; and with electronic links with other agencies,which are used extensively in our law enforcement and finance operations. .�3 Council Agenda Report-Year 2000 Compliance Page 4 Our next steps are: ■ Finalize a more comprehensive system inventory. While we have completed an initial inventory to get us started, we need to develop more detailed information on our technology-driven systems. From this more comprehensive inventory, we will be better able to assess our Y2k vulnerabilities, and the best solutions available to us. This major undertaking should be completed by September 1, 1998. ■ Develop awareness It is important to let our employees and the community know that we are taking this problem seriously, and are taking reasonable steps to address it. ■ Identify "critical"processes. What are the most important things for us to assure work correctly on January 1, 2000? Realistically, we probably can not make absolutely sure that every City system is Y2k compliant, so our efforts need to be focused on the areas of greatest impact. ■ Develop solutions and begin implementing them. After assessing our current systems and "critical business processes," we can begin to develop and implement the "best" solutions. ■ Test solutions. We need to ensure our"solutions"work—well before the Year 2000 rolls around. ■ Plan for Y2k failures by others. The simple fact is that we conduct a lot of our business electronically with others. And many of these agencies and organizations will not be Y2k compliant, even if we are. Because of this, we need to have contingency plans for how we will conduct business if some of our most important Y2k partners (like federal, state and county law enforcement agencies) are not Y2k compliant when the Year 2000 arrives. As reflected above, we have a number of key steps ahead of us. Our goal is to complete all of them in a timely manner so we can ensure that all "mission-critical' computers, software, special applications, data communications and control systems are fully Y2k compliant by June 1, 1999. Consultant Assistance We believe that consultant assistance will be needed for this project for three reasons: ■ Nee ping the project on track There are a number of other technology master plan projects underway at this time, including finalizing the public safety system, coordinating wide area network improvements, and installing the new financial management system. At the same time, we need to adequately maintain and support existing systems. Additionally, due to control system technology and electronic information exchanges, this will require a significant level of involvement by the operating departments. Without outside project management assistance, it is likely that day-today issues will keep us from staying on top of this"non-urgent"but very important task. Council Agenda Report—Year 2000 Compliance Page 5 ■ Providing timely technical advice and direction. We will undoubtedly encounter unforeseen difficulties in planning and implementing our Y2k compliance program. It will be valuable to have a ready source of technical advice available to us. ■ Augmenting resources. As noted above,with the number of other projects underway,we do not have the in-house resources available to manage this project. This is especially true given our difficulties in fully staffing our Information Systems technical positions. The firm of Information, Integration and Innovation & Associates assisted us in preparing the compliance assessment report. They were selected from a "short-list" of qualified Y2k consultant firms provided to us by the State of California under their cooperative purchasing program. Based on our positive experience to-date, we requested and received a proposal from them to do the following: Task Cos • Task 1—Initiate and manage project Periodically meet with program $9,875 managers and MIS Steering Committee;provide ongoing progress reports on the status of the project; ensure that projects stay on time and within budget throughout the life of the project; assess the status of the project throughout the life cycle. • Task 2—Assist with inventory. Develop inventory instrument,train staff on 1,650 its use and evaluate results. • Task 3—Develop Y2k master plan. Prepare a plan that includes guidance 16,250 necessary for the following steps:build awareness,identify key city processes,assessment,pre-test,develop solution set, implement solution set, post-test,and plan for Year 2000 failures on the part of others. • Task 4—Analyze and prioritize business processes. Conduct an assessment 23,375 of key city processes and sub-processes, and work with the City to prioritize them. The results of this task will be used to both prioritize the Y2k efforts and help in the decision-making process for disaster recovery planning. • Task 5—Plan for disaster recovery. Since our planning efforts for Y2k 16,250 compliance are not significantly different from those required to plan for any disaster recovery effort,this is a natural evolution of the Y2k effort. With a little additional effort,we can"add value"to this project by working on both the Y2k problem as well as a plan that addresses a wide range of recovery issues for our technology-driven systems. Total $67,400 Schedule for Completing This Work As reflected in the following schedule, our goal is to complete our Y2k compliance efforts by June 1, 1999. This should provide us with adequate time to ensure that fixes are running # �_AJ Council Agenda Report—Year 2000 Compliance Page 6 appropriately, and focus our efforts on more-difficult remediation problems we were not able to fix by this date. Y2k Com Activity Target Completion licence Schedule Date • Implement ongoing awareness plan In Progress • Start critical business process identification September 7, 1998 • Complete inventory;begin analysis September 15, 1998 • Develop an overall Y2k master plan October 15, 1998 • Conduct pre-tests October 30, 1998 • Complete business process prioritization October 30, 1998 • Decide remaining remediation efforts November 15, 1998 • Council approves remediation resources; staff begins December 1, 1998 implementing remediation plan • Develop disaster recovery plan December 15, 1998 • Complete post-testing—Y2k compliance efforts June 1, 1999 "completed" • Monitor progress of the master plan Ongoing CONCURRENCES The MIS Steering Committee and the affected departments concur with this recommendation. FISCAL IMPACT ■ Master planning. No appropriations have been made for consultant services. Based on an evaluation of planning efforts, and the recognition that analyzing utility plant systems will be a major part of this plan, the following is the recommended funding for this project: Fund Percent Amount!1 General 60% 40,400 Water 20% 13,500 Sewer 20% 13,500 Total 100% $ 67,400 Adequate fiord and working capital balances are available in each of the funds to finance these new appropriations and retain minimum balances at policy levels. ■ Remediation efforts. Until we complete the master planning component of this project, it is too soon to provide a reliable cost estimate. Council Agenda Report-Year 2000 Compliance Page 7 SUMMARY Is the sky falling? No. Like most of life in the late 20th century, there are lots of things that could go wrong. Fortunately, rarely do our worst fears materialize. But this is often because we paid attention to the problem, and took reasonable actions accordingly. This is the purpose of this planning effort: to take reasonable steps in assuring that our most important systems will work effectively on January 1, 2000—and thereafter. E7IMITS A. Compliance Assessment Report B. Year 2000 Compliance Purchasing Policy ATTACffi1EENT Agreement with Information, Integration and Innovation&Associates G:Finance/Year 2000/Y2k Status Council Agenda Report Exhibitg San Luis Obispo Year 2000 Compliance Assessment Report and Recommendations from an Independent Assessment of the Inventory and Planning for Year 2000 July 19 1998 for The City of San Luis Obispo by Information, Integration, Innovation & Associates SAN Jt This document is a deliverable under Master Services Agreement The City of San Luis Obispo June 30, 1998 Year 2000 Compliance Assessment Table of Contents INTRODUCTION AND PURPOSE .......».»....._......_3 BACKGROUND ON THE YEAR 2000 PROBLEM.— CONDUCT ROBLEM.CONDUCT OF THIS REVIEW _. »......._»._.....»».....».»»».....»»»._»».4 CONCLUSIONS .».».... ....»......._....._.....»...» 5 RECOMMENDATIONS »...».»»....».......»..».............................................................._6 DEFINE ROLES AND RESPONSIBiLmES...........................................................................................................6 Year 2000 Project Coordinator(Teri Maa)...............................................................................................6 Year2000 team members............................................................................................................._...........6 ConsultingTeam...................................................................................................................................•.....6 BUILDAN AWARENESS PLAN...........................................................................................................................6 ADOPT A NEW PROCUREMENT POLICY............................................................................................................7 IDENTIFY CRITICAL.CITY PROCESSES AND OBTAIN CONCURRENCE................................................................7 CONDUCT A COMPREHENSIVE INVENTORY......................................................................................................7 DEVELOP A YEAR 2000 TASK PLAN.............._...............................................................................................8 ADOPT A STATE OF PURPOSE FOR THE YEAR 2000 PROJECT....................................................._....................9 BEOPPORTUNISTIC........................................................................................................................................10 DEVELOP A DETAILED DISASTER RECOVERY PLAN.......................................................................................10 AREASWE CAN ASSIST.................................................................................................................................10 Page 2 of 11 The City of San Luis Obispo June 30, 1998 Year 2000 Compliance Assessment raa':"=sa-:::s�•-•yam-,�-�i='��•. zs•"�.:x...�'�`4.t'... �::'�,-'-.8.a'�ee�:>::.. ::r �y�:�:='- .. •�^:•_ �...�.-_.._._�........- .r�.:ra ri��' wm �'z:F°-t.- .`ti�•x- '3c.:xx:_��ni• In an RFP published in May 1998,the City of San Luis Obispo requested consultant assistance in two areas: • Keeping the city on track with their Year 2000 Compliance Project • Thorough and timely advice on the scope of the problem and identifying realistic alternatives. I'was selected to provide this consultative service, commencing with a visit to San Luis Obispo on June 8-9. packroand=an the Y.ear20:00:ProtiTem 'J�� 4 '�The Year 2000 problem results from an overriding computer programming principle originating in the late 50s and 60s;namely, memory was expensive and all data was stored so as to minimize the use of computer memory. There was a well-documented and financially justifiable basis for this principle. As a result,programmers stored date information in a format like MMDDYY or YYMMDD. In either case, the year was shortened by dropping the first two digits. If the year was stored alone, it was stored as YY. Computer programming logic expected a two digit year. Leap years were calculated by dividing the two digit year by 4. If the result were a whole number,then the year was a leap year. This concept of storing dates also applied to the design and manufacture of computer chips and a wide variety of electronic equipment, such as gauges,pumps, meters, etc. Computers were built with internal clocks imbedded in their BIOS which operated on the logic of a two-digit year. The year was advanced by adding one to the two-digit year. There are three specific problems which result and which are collectively referred to as the Year 2000 problem: • Internal clocks in computers and other electronic circuitry cannot transition from 99 (1999) to 00 (2000). They will either stop operating, incorrectly calculate the transition to 1900, or revert to a default date, such as the date of manufacture(e.g. June 1, 1996). • The next problem occurs for systems which can correctly transition to 00. When computer program logic calls for a date check, such as subtracting 90 (1990) from the current year, and the current year is(2000 - reflected as a 00), the result will not be 10,which is the correct response. Rather it will.often be( -90). It is calculated as follows: 00-90=90. There are other similarly incorrect calculations, all producing unpredictable impacts on program processing. This has enormous implications across all areas of our computer dependent society. • The Leap Year Problem is the last of the problems caused by the year 2000. As indicated earlier,programmers determined a leap year by dividing the two Page 3 of 11. The City of San Luis Obispo June 30, 1998 Year 2000 Compliance Assessment digit year by 4. If the result were a whole number,they would include February 29th in the program logic. When you divide 00 by 4,you get 0 which- is hichis not a whole number, so virtually all programs will assume the year 2000 is not a leap year.Unfortunately,the year 2000 is a leap year because it complies with another,more obscure rule, the essence of which is that any year divisible by 400 is a leap year. Hence 1900 was not a leap year, 2100 will not be a leap year,but 2000 is a leap year. Imagine the consequence if a payroll system does not record employee hours on February 29d,resulting in your employees losing a day of wages. In sum, the Year 2000 problem is actually three separate problems,even though it is not always clear.For example, a manufacturer who certifies a piece of electronic equipment as Year 2000 compatible may not be including certification of the•leap year problem. "'P.:> r`--•-c- r-.r :,_. 4cr''-'Yc:3vc`<iec Co�fi�ct 0f th1s review , San Luis Obispo provided a copy of the initial inventory conducted by the Year 2000 Task Force and additional information to permit preliminary analysis by the consulting team. Dr. Michael Cox and Mr. Arthur Mulligan conducted an on-site visit on June 8-9 in order to meet with and brief the task force on the Year 2000 problem and then to subsequently conduct interviews with each department and division representative. In addition,planning and coordination was conducted with Ms. Teri Maa,the project coordinator and Information Systems Manager for the city. The interviews were informal discussion sessions. They served a number of useful purposes, depending upon the specific nature of a department's use of electronic equipment, computers, and software applications: • They provided additional information for Dr. Cox and Mr. Mulligan as to the nature of department computer support and equipment issues. • They were an opportunity for the consultants to explain further details of the Year 2000 problem as they might pertain to a specific department. • They provided the department representatives with a greater appreciation of the impact of Year 2000 problems in their specific areas. • They served as an opportunity to encourage department representatives to consider worst case scenarios, and to begin to think about alternatives to keep mission critical activities going (disaster recovery). Page 4 of 11 The City of San Luis Obispo June 30, 1998 Year 2000 Compliance Assessment Interviews were conducted with the following persons representing the following departments and divisions: Department Name Administration Barbara Ehrber Attorney Sharon Woodward City Clerk/City Council Bonnie Gawf Community Development Mary Kopecky Finance Bernie Ries Vi Sheldon Teri Maa Fire Tom Zeulner Parks and Recreation Linda Fitzgerald Personnel Karen Jenny Police John Sterbonic Public Works Al Cablay Utilities John Moss,Wayne Hetland, Bob Hamilton In addition,Dr. Cox and Mr. Mulligan met with Bonny McKee to discuss details of the various special purpose applications she has written for a number of the departments and the expected Year 2000 problems. Conclusions r x San Luis Obispo is off to a good start with its Year 2000 planning. Awareness and Assessment are the first critical steps. Forming an inter-department team is a must. Virtually everyone with whom we spoke recognized the importance of this problem, although not necessarily fully appreciating the potential for damage that Year 2000 non- compliance can inflict. As department representatives became more aware of the nature of the problem and of the considerable effort required on the part of all concerned,a number expressed concerns about the amount of work and about roles and responsibilities. In addition, Y2K compliance is usually a full-time effort for project managers in most institutions, depending on their size. For that reason we have some initial concern about the staffing support for Ms. Maa given the already heavy workload of the IS section. Page 5 of 11 The City of San Luis Obispo June 30, 1998 Year 2000 Compliance Assessment Rerommend WERSnsW,� =- � �� IFE Define Roles and Responsibilities In our briefing and subsequent discussions with departmental members of the Year 2000 Task force, it was clear that they had a significant concern regarding roles and responsibilities, some voicing that they were unprepared for the degree of effort and the long-term nature of this project.This was not said in a negative spirit,but rather a reflection of a newer understanding of the nature of this effort. The following suggested roles and responsibilities are offered to assist in resolving this issue. In the interest of continuity of effort,the departments should recognize that task force members need to be committed until project completion. Year 2000 Project Coordinator(Teri Maa) • Coordinate all activities with regard to Year 2000 assessment and remediation • Sponsor an awareness program with the city government and with the citizenry • Ensure city leadership is regularly briefed on the status of the project and any specific issues • Monitor and direct consultative support • Respond to team concerns Year 2000 team members • Complete or ensure completion of Year 2000 tasks within their department • Support the awareness program • Identify issues and concerns to the project coordinator • Conduct the detailed inventory of possible Y2K issues for their respective department • Monitor and help ensure compliance and remediation efforts Consulting Team • Be available to provide advice and assistance in the performance of Year 2000 tasks as requested • Perform other tasks at the request of the Project Coordinator Build an Awareness Plan In any Year 2000 effort,the first steps involve awareness,procurement policy, and assessment. San Luis Obispo has galvanized the resources to begin the Year 2000 process. The next immediate step is to build an awareness plan, encompassing not only city governance,but also all city employees and the citizenry. Page 6 of 11 The City of San Luis Obispo June 30, 1998 Year 2000 Compliance Assessment The purpose of the Awareness Plan should be stated succinctly.For example: The purpose of the San Luis Obispo Year 2000 Awareness is: • To keep all city staff sufficiently informed of the city's Year 2000 remediation efforts that they are confident we are on target and that they know enough to exercise initiative in problem identification and solution. • To inform the citizenry sufficiently so that they are confident that the city will be either unaffected by Year 2000 concerns or has planned appropriately to maintain essential city services should any disruption occur. • To respond to any inquiries from citizens, businesses, business partners, and other state and federal agencies with accurate and current information regarding the city's Year 2000 planning. Routine briefings for city leadership and periodic published status updates for the city staff are elements in such a plan. In addition, a plan to keep the citizens informed using print,radio, and local TV, as well as pre-formulated letters prepared to respond to inquiries from citizens and businesses. The Awareness Plan does not have to be elaborate; it should be comprehensive and flexible. Adopt a New Procurement Policy As a matter of policy for every department, do not purchase anything without a solid certification of Year 2000 compliance from the manufacturer. Any exception should require careful justification and high level approval. Put in place checks to ensure everyone understands this policy. Identify Critical City Processes and Obtain Concurrence Conduct an assessment of key city processes and sub-processes, and then arrange them in a priority sequence. This will be documented and presented to city leadership for concurrence. Once approved, it becomes the basis for all subsequent prioritizing of the Year 2000 effort. If an item of equipment supports a top priority city process, such as providing drinking water, and if its failure would severely limit or disrupt deliver of that process,than its remediation is a high priority effort. Further,the degree of testing or certification acceptable for this item may be more demanding than for equipment that supports a lower priority process. Such a document can also be useful in future litigation because it demonstrates a reasonable and prudent effort on the part of the city to discharge its responsibilities. Conduct a comprehensive Inventory The goal at this step is to make a detailed pass through all equipment,computers, and software which in any way may include computer code logic or circuitry which records or processes date information which may be affected by one the Year 2000 problems. In this pass, seek coverage at the 90-95%level of completeness and comprehensiveness. It's better to invest the time up front to identify as much as possible the information needed for the inventory. Page 7 of 11 3-�y The City of San Luis Obispo Jame 30, 1998 Year 2000 Compliance Assessment Below is the suggested information to be captured for each system as appropriate: • Software item/piece of equipment • location • manufacturer/vendor • manufacturelvendor address • manufacturer/vendor phone number • manufacturer/vendor POC if known • date of purchase • version number • department • division • Y2K concern • mitigation strategy • warrantee/guarantee on file • documentation on file • Y2K certification on file • priority level to correct • impact on mission if it malfunctions • Interfacing systems • Provides information electronically • Receives information electronically • Provides and receives information electronically • Impact if there is a failure at the source • Known status of Year 2000 compliance of external system • Measure of criticality if transfer of information is delayed or disrupted • Comments Develop a Year 2000 Task Plan Below is a table with the primary tasks or steps in Year 2000 planning.The plan is not entirely serial in fashion,that is, it not necessary that step 1 be complete before step 2 is started. The plan must also be flexible; additional tasks will be added as necessary. Completed steps may be re-addressed. Page 8 of 11 The City of San Luis Obispo June 30, 1998 Year 2000 Compliance Assessment Step Comments 1. Awareness San Luis Obispo has already launched awareness activities. Developing a detailed plan and executing it immediately is now needed. 2. Identify key city This requires participation from all departments of city processes government.; Obtaining concurrence and prioritizing these processes is usually the most difficult part of this step. 3. Assessment Assessment primarily involves the inventory. It also includes identification of all interface systems,that is, systems which send electronic information to the city or to whom the city sends information. 4. Develop solution This involves software solutions,possibly replacing set equipment, and obtaining manufacturer certification. Particular attention must be paid to interfacing systems in this step and all subsequent steps. 5. Pre-test Record behavior without remediation. Establish a baseline. ff Determine the extent of actual problems. 6. Implement solution There may be several steps in each solution step; for set example,to obtain manufacturer certification, you may start with a form letter signed by the Project Manager, then a letter signed by the Mayor, and finally a phone call from the City Attorney. These steps would form the solution set for manufacturer certification. 7. Post-test 'testing in this sense is broad and includes all those actions necessary to assess full compliance. 8. Plan for Year 2000 In this step, you consider all the support and interfacing failures on the part systems on which the key processes the city rely. You of others assume they may not achieve full compliance and evaluate the possible impact of impaired or disrupted service for a time after January 1,2000. You might, for example, evaluate the likelihood that delivery of chlorine for the water treatment plant would be disrupted for a period of time,probably not too long, following the tum of the century. Depending upon the results of the evaluation,you may decide to pre-stock a month's worth. This step is an ideal time to complete or update the disaster recovery plan for the city. Adopt a State of Purpose for the Year 2000 Project As with the Awareness Plan Statement of Purpose,we begin with the final objective in mind. A sample statement of purpose for the Year 2000 project might be as follows: Page 9 of 11 t The City of San Luis Obispo June 30, 1998 Year 2000 Compliance Assessment r ose of the San Luis Obispo Year 2000project is:sure that all computers, software, and special applications arefully Year 2000 liant by June 1, 1999. sure that all equipment, gauges, meters,pumps, traffic signals, radio and other unication equipment, etc. arefully Year 2000 compliant by June 1, 1999. sure that all persons and activities affected by the San Luis Obispo Year 2000 t are keptfully informed as to planning andprogress. sure that adequate planning andpreparation occurs to ensure sufficient ation of key city processes and services should the city by affected by Year 2000 s either within its own assets, or by Year 2000 failure or disruption on the part upplier or other city, county, state, or federal agency. Be Opportunistic Throughout the Year 2000 effort,we encourage openness to opportunities that will arise to improve business processes, equipment, and software,provided such efforts will not cause a significant distraction from the main purpose. Develop a Detailed Disaster Recovery Plan San Luis Obispo has begun disaster planning,but it is not complete, and a Year 2000 effort is an ideal opportunity to kill two birds with one stone. The tasks and planning are related, and such a plan is really a necessary final step in any Year 2000 effort. An element of recovery planning is to identify systems with no backup and staff persons who by their peculiar expertise become indispensable. Such persons are often invaluable, but it is unwise for an organization to continue to rely on them without developing at least some backup options. Areas We Can Assist As your consultants there are several areas in which we have expertise and can provide both advice and actual development assistance. These include the following: • Assistance with the detailed inventory. While we recognize that using our personnel for actual physical inventory may be cost ineffective,we can provide guidance and advice on the most efficient approaches to completing the inventory. • Business process analysis and prioritization. This task is best accomplished through facilitation from outside consultants and we have accomplished it at a number of previous locations. Results of this task can then be used to both prioritize the Y2K efforts and help in the decision process for disaster recovery planning. • Y2K Planning and Compliance. Our consultants have detailed knowledge of the next steps for the plan and will be available to assist in ensuring compliance efforts. Page 10 of 11 The City of San Luis Obispo June 30, 1998 Year 2000 Compliance Assessment • Disaster Recovery Planning. This plan is a natural evolution of the Y2K effort in that the two can work hand-in hand and result in some efficiencies if approached simultaneously. We have previously assisted organizations in developing comprehensive-disaster recovery plans. • Database and Other IT Standards. During our initial visit we noted that several different database programs and other software applications had proliferated throughout the organization. While this is not unusual,to achieve economy of scale and ensure a consistent development environment,it is important to develop certain IT standards. While we applaud your efforts in standardizing word processing software we suggest that establishing similar standards in your database and application environments may be warranted. Page 11 of 11 �� Exhibit. �iiiiu��i►Illllllllllll��i � I city of san tins osispo Purchasing Year 2000 Compliant Goods and Services POLICY The City will take reasonable steps to ensure that new purchases of goods and services are Year 2000 (Y2k)compliant. Because of imbedded technology,this includes all purchases of supplies, equipment, services and construction projects, as well as computer hardware and software. IMPLEMENTATION GUIDELINES The specific steps and investment of staff resources that departments take in implementing this policy should be in proportion to the cost—and consequence of error—of the purchase. Over-the-Counter Purchases (Less than$5,000) For technology purchases under $5,000 for"non-mission critical" applications, self-certification by the vendor(which will often be noted on the face of the product) is sufficient documentation of Y2k compliance. If this is not available, staff should check the vendor's web site for Y2k documentation. In the event this is not successful,departments have two options: ■ Follow-up with the vendor for written documentation of Y2k compliance (see recommended warranty language below). ■ Select another vendor who can adequately document Y2k compliance. Open Market Purchases($5,000 to $15,000) All purchases between$5,000 and $15,000 (which require competitive bidding and issuance of a purchase order or written agreement) as well as "mission critical" purchases of lesser amounts, should include the following language in the IFB/RFP,purchase order or contract: The Contractor warrants that the goods or services provided to the City, including those provided through subcontractors, are "Year 2000 compliant. " For the purpose of this contract, "Year 2000 compliant" means that goods or services provided to the City will continue to fully function, fault free, before, at and after the Year 2000, without interruption or human intervention; and if applicable, any data outside of the date range 1990-1999, including leap years, will be correctly processed in any level of computer hardware or software, including, but not limited to, microcode, firmware, application programs, files and data bases. This warranty supersedes all warranty disclaimers or limitations, and all limitations on liability, otherwise provided by the Contractor. 302-1 1q Purchasing Year 2000 Compliant Goods and Services Except in unusual circumstances as approved by the MIS Steering Committee and the City Attorney, no purchases should be made from any vendor in this cost range (or for any mission- critical purchase)who is unwilling to agree with this condition. Formal Contracts Purchases (More than$15,000) ■ IFB/RFP standard terms and conditions. The warranty language above will be included in the City's standard IFB/RFP terms and conditions. Additionally, all vendors will be required to include with their proposal a description of their Y2k compliance strategy, or state why this is not relevant to the purchase. The City's standard IFB/RFP terms and conditions and proposal submission form will be modified to include these changes. ■ Other agreements. In the event that the City's IFB/RFP process was not used in awarding a formal contract, the warranty language above and documentation of the vendor's Y2k compliance strategy should be incorporated in the agreement. ■ Exceptions. As noted above, MIS Steering Committee and City Attorney approval is required for any deviations from this requirement. Approved by the MIS Steering Committee on July 23,1998 G:FinancdMIs Policia/Purchasing Year 2000 Compliant Goods and Services 302-2 AGREEMENT THIS AGREEMENT is trade and entered into in the City of San Luis Obispo on this day of by and between the CITY OF SAN LUIS OBISPO, a municipal corporation,hereinafter referred to as City,and Information,Integration and Innovation&Associates,Incorporated, hereinafter referred to as Consultant WITNESSETH: WHEREAS, the City wants to contract with a qualified firm to assist it developing and implementing a comprehensive Year 2000 compliance and disaster recovery plan,and WHEREAS,Consultant is qualified to perform this type of service and has submitted a proposal to do so which has been accepted by City. NOW THEREFORE, in consideration of their mutual promises, obligations, and covenants hereinafter contained,the parties hereto agree as follows: I. TERM. The term of this Agreement shall be from the date of this Agreement is made and entered,as first written above,until acceptance or completion of said services. 2. CITY'S OBLIGATIONS. For providing services as specified in this Agreement, City will pay and Consultant shall receive therefor compensation in a total sum not to exceed$67,400. 4. CONSULTANT'S OBLIGATIONS. For and in consideration of the payments and agreements hereinbefore mentioned to be made and performed by City, Consultant agrees with City to provide services as set forth in Exhibit I attached hereto and incorporated into this Agreement. Consultant finther agrees to the contract performance terms as set forth in Exhibit 2 attached hereto and incorporated into this Agreement 5. AMENDMENTS. Any amendment,modification,or variation from the terms of this Agreement shall be in writing and shall be effective only upon approval by the City Admhiis=tive Officer of the City. 6. COMPLETE AGREEMENT. This written Agreement, including all writings specifically incorporated herein by reference, shall constitute the complete agreement between the parties hereto. No oral agreement,understanding, or representation not reduced to writing and specifically incorporated herein shall be of any force or effect,nor shall any such oral agreement,understanding,or representation be binding upon the parties hereto. 3�� Agreement Page 2 7. NOTICE. All written notices to the parties hereto shall be sent by United States mail, postage prepaid by registered or certified mail addressed as follows: City City Clerk City of San Luis Obispo 990 Palm Street San Luis Obispo,CA 93401 Consultant Michael J.Cox,President Information,Integration and Innovation&Associates 1005 Twelfth Street,Suite J Sacramento,CA 95814 8. AUTHORITY TO MCUTE AGREEMENT. Both City and Consultant do covenant that each individual executing this agreement on bebalf of each party is a person duly authorized and empowered to execute Agreements for such party. IN WITNESS WHEREOF,the parties hereto have caused this instrument to be executed the day and year fast above written. ATTEST: CITY OF SAN LUIS OBISPO,A Municipal Corporation By: Cit Clerk Mayor APPROVED AS TO FORM: CONSULTANT By: City Attorney Exhibit A- Response to Request for Proposal to the City of San Luis Obispo for Year 2000 Assistance from INFORMATION INTEGRATION INNOVATION & ASSOCIATES INC. 100512th St., Suite J. Sacramento CA 95814 3�� Information Integration Innovation and Associates Inc. August 3, 1998 City of San Luis Obispo Attention: Teri Maa 900 Palm Street San Luis Obispo, CA 93401 SUBJECT: Y2K Additional Tasks Dear Ms. Maa, The following submittal is the updated response to our proposal from the firm of Information Integration Innovation&Associates,V. In our meeting on July 23, 1998,we identified a number of areas we could assist you and the City in your future Y2K efforts. This proposal outlines the resources required to support the various initiatives. The President of the firm who is authorized to bind the proposer contractually is signing this letter. Sincerely, Michael J. Cox,Ph.D. President,I3 2 Information Integration Innovation and Associates Inc. Table of Contents SECTION I. EXECUTIVE SUIVIII�ARY...».....»».....»»»».....»............»».........»».............».....».............4 PURPOSE..........................................................................................................................................................4 CATEGORIESOF REQUIREMENTS......................................................................................................................4 SECTION 2-EXPERIENCE AND KNOWLEDGE .__ _..».....». ...».. . .........5 History........................................................................................................................................................5 Resumes......................................................................................................................................................5 SECTION 3-METHODOLOGY AND APPROACH............ ».»..._.._....».»..»..».»»»...».....»».»».12 METHODOLOGY FOR YEAR 2000 COMPLIANCE ASSESSMENT........................................................................12 Task 1 Initiation and Project Management..............................................................................................12 Task 2—Assistance with Initial Inventory................................................................................................12 Task 3—Development of a Y2K Master Plan...........................................................................................12 Task 4—Business Process Analysis and Prioritization............................................................................13 Task 5—IT Disaster Recovery Planning..................................................................................................13 SECTION4—SUGGESTED SCHEDULE........»............».....»»...............»............»......».»....................14 SECTION5-PROPOSED COSTS»»»...»............. »...»......»»...._. ..»....... ....»..».»......................15 3 3j•Zs _. Information Integration Innovation and Associates Inc. SECTION I. EXECUTIVE SUMMARY Purpose The Information Integration Innovation and Associates ( I3 ) is pleased to submit the following information to provide our continuing assistance for various Year 2000 initiatives for the City of San Luis Obispo. This submission is intended to respond to your request by providing the support and services of our talented and highly experienced personnel. Our personnel will provide an initial assistance for a new inventory and preparation of a master plan. Concurrently we will assist in developing business processes and prioritization of those processes and a disaster recovery plan. Throughout the project we will provide additional support for later phases to keep the city on track with the project while continuously providing imperative and timely advice on the scope of the problem. Categories of Requirements It is understood that this contract is requesting support in following areas: 0 Assistance with a new inventory of software and hardware for Y2K applicability 0 Assistance with identification and prioritization of business processes 0 Development of a Y2K Master Plan 0 Development of a Disaster Recovery Plan 0 Continued review of the status of Y2K efforts of the city 4 3� Information Integration Innovation and Associates Inc. SECTION 2 - EXPERIENCE AND KNOWLEDGE Information, Integration and Innovation(I') 1005 12th Street,Suite J Sacramento, CA 95814 Contact: Dr. Michael J. Cox History The founder of Information,Integration, Innovation(I) and Associates,Inc. conducted business as an independent consultant under the name of Cox Consulting from 1983-1993. I'was established in February 1993. A consulting firm skilled in project management, information technology,telecommunications systems, information systems development and database design techniques,it's strengths include the ability to examine information needs,assess technology infrastructure and then recommend changes to organization policies with necessary implementation plans. The firm works on the principle of task organizing teams of highly qualified associates to combine their collective skills,talents and experience in the resolution of challenging and complex information technology and business problems. In 1993-94,the firm completed a thorough review of information technology requirements for the California Department of Transportation. Caltrans, like many large organizations, is faced with the challenge of replacing old mainframe based information systems with modern cost- efficient systems numing in a client/server architecture. The plan was accomplished in a stepwise fashion using the latest techniques in process re-engineering, information requirements development and infrastructure analysis. In 1996,the firm completed development of the Statewide Telecommunications Strategic Plan for the DGS Telecommunications Division. In addition the firm conducted a study of Statewide E-mail and a number of IV&V reviews of existing information systems for the CIO. Currently we are conducting an oversight review of AB3086 Partnership Project for FTB and EDD and an oversight review for the DGS ABMS. Other recent contracts include work with the Regional Training Center of San Diego, Environmental Systems Research Institute,Massachusetts Bay Transit Authority,US Army Systems Integration and Management Agency, Long Island Light Co.,the Brightstar Corporation, the Virginia State Corporation Commission and Siemens Automotive. Resumes One of the most important factors in the selection of a team for Year 2000 Compliance and related issues is the actual personnel to be involved on the project. Attached are the resumes of our highly qualified personnel with years of experience in project management and system review. Dr.Michael J. Cox -Project Manager and Senior Technical Leader Dr. Cox has an extensive background in information technology,project management and information systems spanning the last twenty-three years. 5 Information Integration Innovation and Associates Inc. Experience: Dr. Cox has been involved with strategic planning of telecommunications,networks and computing systems for nearly twenty years. In 1979 he completed the Automated Data Systems Strategic Plan for the United States Military Academy which included planning for future networks, information systems and required hardware. His next extensive involvement with local and wide area networks and data communications was in 1980-1982. As project manager for the United States Military Academy's Automated Network,he worked with researchers and vendors to determine the best communications network and information systems platform for USMA. This included testing and comparing token ring, ethernet and broadband networks for quality and reliability. Software and hardware for both academic and administrative processing was specified resulting in a$16M project to replace all existing equipment at USMA. During the period from 1983 to 1988,Dr. Cox studied the evolving technology of LAN's and the required interfaces with Wide Area networks. During his graduate work at Polytechnic University and later as an Associate Professor of the Department of Geography and Computer Science,he set up and utilized several networks. This work included performance testing for a number of network configurations at both locations, and the practical application of the networks in the classroom. During the same period as an independent consultant, he evaluated the information system requirements for two other universities,Williams College and Lehigh University. From 1989 to 1993,Dr. Cox directed the Integrated Systems Team at Training and Doctrine Command. One of the first major projects was to consolidate four diverse nation-wide networks into a single integrated voice, data and video network. In addition,the team was responsible for assisting all seventeen installations in installing 34 programming modules using a modem relational database. As Project Director he was continually providing strategic planning for the large organization's diverse network and information technology needs. From 1993 until the end of 1994,Dr. Cox was project manager for two Caltrans contracts. The first was a feasibility study evaluating the overall capability to integrate diverse computer network systems under a single authority. In this study,he accomplished a general review of the information systems in the organization. His recommendations included standardization of the EMAIL process, greater use of existing file transfer capabilities and performance analysis of the network to ensure speed and reliability of the network services. In 1994,Dr. Cox consulted for the Caltrans Corporate DataBase Project. Dr. Cox was one of the primary authors of the Strategic Plan. Another major task included analyzing the DOTNET for consideration for consolidation with other networks. This study included the options of using Internet, CALNET and services from the Teale Data Center. In addition,the study covered evaluation of the local area networks and provided recommendations for standard network file servers for Caltrans. In 1995 and 1996 he was project manager for Department of General Services Telecommunication Division to develop a strategic plan for Telecommunications for the State. In early 1996 he was also responsible to develop a strategic plan for Statewide E-mail for the CIO of California. Since late 1996 he has been project manager for AB3086, a project management oversight for EDD and FTB. In addition he was project manager for the Virginia State Corporation Commission Call Center project,and two contracts for the Administrative Office of the Courts;Disaster Recovery Plan and Strategic Plan for Telecommunications. Most recently he has been project manager for two DMV projects,the ABMS project and the FTB B&C review. s "}'o Information Integration Innovation and Associates Inc. Education: Ph.D. in Computer Science,Polytechnic University, 1988. MS in Information Systems and Computer Science, Georgia Tech, 1975. BS in Engineering,United States Military Academy, 1967. Dr. John Or&dan - Senior Consultant Dr. Oristian has more than twenty years of information technology and telecommunications experience. He is an expert in electronics design and has also had a wide range of experiences in IT strategic planning. Experience: Dr. Oristian began his career in the United States Army. His job was to plan,install, operate and maintain analog and digital telecommunications systems in support of tactical forces in the United States, Central Europe and Vietnam. In his early assignments Dr. Oristian provided single channel radio support as well as multi-channel microwave system support for mobile field units. The multi-channel voice and data systems used Time Division Multiplexed Pulse Code Modulated signals. Later in his military career Dr. Oristian had several consulting opportunities for the government. He was involved in integrating the Automated Tactical Data Link used by the Litton Industries AM/TSQ 73 Missile Minder air defense system and the tactical microwave systems. He provided technical support during fielding of Mobile Subscriber Equipment system and identified multi-path problems with the high-data rate,microwave links. Dr. Oristian also provided computer aided surface acoustic wave device design capability to the Electronic Technology and Devices Lab at Fort Monmouth,New Jersey. In the mid 80's Dr. Oristian served as Professor of Electrical Engineering at the United States Military Academy. In this capacity he developed procedures to develop a database which articulated the equipment and supplies required supporting the academic departments laboratories. This led to a multi-year $10 million laboratory program. He used this program to design procure and implement a microwave, electronic design and computer laboratories. He used the labs to provide client/server computer aided design tools for electronic design,microwave design and integrated circuit design. He later developed courses in each of these disciplines. In late 1993,Dr. Oristian retired as a full colonel and pursued full time consulting. As a member of the Corporate Database project at Caltrans in 1994,Dr. Oristian performed a review of new technologies including use of distributed spread spectrum radio systems for traffic surveillance and technical recommendations regarding the Transportation Management Centers,which depended heavily on networked client, server systems. In 1995 he was a member of the consulting team that developed the strategic plan for telecommunications for the State of California,Dr. Oristian visited the 10 largest state J_J_ Information Integration Innovation and Associates Inc. agencies to describe the current level of telecommunications service and satisfaction levels and future telecommunications needs. In April 1996 Dr. Oristian developed current technology profiles for trial courts in eight counties in California. This was followed by the requirement to develop strategic IT plans for these counties. In 1997 this contract was followed by the opportunity to update plans and assist trial courts with budget proposals in six counties. This involved updating strategic plans, identifying projects that would advance their business efficiency and writing a cost/benefit analysis for each of their projects. In late, 1996 Dr. Oristian reviewed business processes and disaster readiness of the California Administrative Office of the Courts (AOC). The information collected was used to develop a Disaster Recovery Plan for the AOC and Supreme Court and Courts of Appeal. Dr. Oristian also reviewed the connectivity requirements for the AOC and 11 trial courts. The results of this study were used to develop a strategic plan for the State Courts for Telecommunications. In early 1997 Dr. Oristian participated in a data collection effort to provide status to Department of Information Technology on 30 major critical projects. This included conducting a risk assessment, a budget analysis and thorough documentation review of the systems. In 1998, Dr. Oristian assisted the Department of Motor Vehicles in the development of policies for configuration management. Education: BS, United States Military Academy, 1969. MS Degree in Electrical Engineering, Stanford University, 1975. Ph.D. in Electrical Engineering, Stanford University, 1988. Dr. Richard Peters- Senior Consultant Experience: Having served as an administrator at the College level for 10 years, Dr. Richard C. Peters founded Management and Training Associates in 1982. Through this organization he provides Organizational,Management and Training services to Technical,Industrial, Governmental and Service organizations. The current focus is on the strategies,business systems, and techniques of high performance organizations. This involves providing design, structure, education and facilitation services for client organizations. Dr.Peters has experience in overall corporate redesign involving nearly every aspect of the enterprise. Of specific note for this project were the opportunities to provide strategic planning guidance and support as well as business process analysis and redesign. One of the more extensive corporate initiatives was with Virginia Power. The effort began with the Nuclear Division and expanded into the Fossil and Hydro Division. There,Dr. Peters was one of two Senior Consultants who were responsible for assisting 8 X40 Information Integration Innovation and Associates Inc. the Division Management Team in the analysis, development and implementation of a Strategic Plan for Production Plants and Corporate Support Services. At DC Cook Power station he worked with the Steering Team and various advisory teams in the development and implementation of Strategic Development Plans for the plant with a focus on the Maintenance and Operations Departments. Business analysis and suggested redesign was the emphasis of the work for Tennessee Valley Authority. The initial project was in the modeling and redesign of the Controllers office at their Browns Ferry Nuclear Power Plant. The work at Colonna's Shipyard was in direct support of the President and CEO. He provided analysis and advisory assistance in the design of a Strategic Implementation Plan. A major part of this activity was the development of Business Process Models, which lead to the initiation of Unit Improvement projects. The most extensive work to date was the Corporate Database redesign effort for the California Department of Transportation. This effort involved the core business processes;Project Development and Management, Financial Management and the Statewide Planning functions. Dr.Peters was the lead facilitator in the Business process analysis and reengineering effort. He had personal responsibility for the Project Development and Management processes. This resulted in a completely unique Team- Based project management approach for the organization The organizations he served range from Utilities such as TVA and Virginia Power,to the Marine Industry including Maritrans and Colonnas' Shipyard. His experience is diverse and also includes work with the Pemnsula/Tidewater Academy of Criminal Justice and the Virginia State Police,the U. S.Army,Ft. Meade, and the U. S. Department of Transportation. The approach Dr.Peters uses requires a Customized Strategic Plan that includes Strategic Visioning, and Clarity in Organizational Philosophy and Organizational Mission. One of the primary techniques for organizational analysis uses Business Process Reengineering principles. This involves review of current resources, identification and measurement of customer requirements and the development of delivery and support systems to ensure cost effective business systems. Recently,Dr. Peters has completed work in process analysis and redesign for the Administrative Office of the Courts,the California Board of Accountancy and the Department of Fish and Game. Education: University of Southern Mississippi Doctorate of Education,Emphasis in Administration, 1972. Appalachian State University Master of Arts, Educational Media and Administration, 1970. Milton College Bachelors Degree-English/Speech Major, 1963. Arthur G. Mulligan -Senior Technical Consultant 9 331 Information Integration Innovation and Associates Inc. QV Mr. Mulligan has more than twenty-five years of experience in information technology, strategic information planning and project management. He served as a Chief Information Officer for ten years. He has extensive experience in software development project management, evaluating information and business processes and systems, strategic technology planning,Year 2000 issues,delivering automation support services and hands-on computer programming. Experience: Most recently,Mr. Mulligan served as a senior consultant to two DMV projects, Software Quality Assurance and V&V processes. In addition he has continued to provide support to EDD and FTB for the AB086 project. Prior to that he was a mentor to the project manager of the AB3086 joint EDD/Franchise Tax Board software development project. Previous consulting assignments include conducting an Independent Verification and Validation(IVV)of a$50 million information technology project providing on-line services to over 300 offices statewide. Activities under this contract involved an evaluation of. budget planning,project planning and execution, system and application testing, and implementation testing. As a Project Manager,he managed several major technology projects for the Admissions Department of the United States Military Academy at West Point,New York: among them was the design,budget and acquisition,installation,personnel training,and quality assurance for a system supporting 50 simultaneous users. Responsibilities included budgeting, developing and supervising workplan,database design,coding, application testing at all levels,convecting Year 2000 problems,and writing technical and user documentation. In another project,he evaluated the logic and code of a large set of COBOL programs for Year 2000 concerns. As a charter member of the USMA MIS Working Group,he was responsible for the design and implementation of five systems. He also served as a project manager for the USMA Management Committee responsible for redesigning and converting a large COBOL based system from one manufacturer's mainframe to another. In this project the application testing plan was crucial to the success of the project. He has also been a computer programmer for a large industrial-based corporation. As a strategic information planner,he developed materials and conducted four two-day strategic technology planning workshops for the 175 trial courts in the 58 counties throughout . the state of California. Workshops were intended as a kick-off for the development of strategic technology plans for the court systems of each county and received very high ratings from the nearly 200 attendees. In addition,he developed a user-based strategic plan for a large church community of over 6000 families. This eighteen month contractual effort involved needs assessment,team building and goal setting workshops, staff interviews,gathering extensive input from all constituency groups, conflict resolution and consensus building. Further,he conducted a strategic technology review of the Association of Graduates Fund Development Organization, USMA. Work involved developing and testing plan for a WIN NT network test, organizational restructuring, creating a criteria matrix to evaluate database software and test subsequent application implementation, and preparing and writing a strategic technology plan for the enterprise. As a reengineering consultant for the Headquarters of the California Department of Transportation,he reengineered business processes and supporting information systems; this involved working with task forces of senior program managers and computer analysts to perform a system-wide reengineering,to include preliminary addressing of Year 2000 concerns. to 33_ Information Integration Innovation and Associates Inc. As a Chief Information Officer,he was responsible for the IS budget,planning and implementing an IS strategy which involved distributed computing power linked to a central mainframe for general data processing services and the operation of a large mainframe system. Education: MS in Computer Science Education,Boston University, 1976 BS in Engineering,United States Military Academy, West Point, 1966 Ph.D. Candidate Lisa Berumen—Administrative Assistant Experience: From February 1996 to present Ms.Berumen has been involved with our firm as a consultant. Her duties have included: Assisting senior consultants in development of IV&V of Women Infant and Children System for Department of Information Technology. Independently conducting a survey of telecommunications contracts for Department of General Services for all 168 State Agencies. She conducted review of technical contracts and prepared database of critical aspects of the contracts. She worked with Strategic Planning Team for the Administrative Office of the Courts to develop schedule of site visits and prepared planning documents for team leader. Currently, she is assisting in Project Management oversight of EDD and FTB for Project Partnership of AB3086. This project has been ongoing since August 1996. She also assisted in the development of a disaster recovery plan for the AOC and assisted in the development of Strategic Planning for Telecommunications for the AOC. Assisted in the thorough documentation review, budget summary and risk assessment of the State's 30 critical projects for the Department of Information Technology (DOIT). Her most recent project included assisting in a thorough progress review of the Franchise Tax Board's Banking and Corporation project. Education: BA in Business/Marketing (1978-1982) Information Integration Innovation and Associates Inc. SECTION 3 - METHODOLOGY AND APPROACH Methodology for Year 2000 Compliance Assessment I3 uses a standard methodology of gathering information, analyzing the information, integrating the information and providing constant feedback to the client through briefings and progress reports. Because of the specific requirements of San Luis Obispo, this assessment requires coordinated use of the methodology to ensure that all parties are kept informed simultaneously of the status of the reviews. We understand the requirements to conduct an initial assessment of the planning phase. We will work closely with the program management, and any steering committees in accomplishing the following tasks. We have added the task of Project Management, as it is one of the most important tasks to ensure successful project completion. Task 1 Initiation and Project Management This task involves meeting with the program managers for the City of San Luis Obispo, and any Steering committees, gaining initial guidance and providing monthly progress reports on the status of the project. I3 will provide verbal progress reports as required and ensure that projects stay on time and within budget throughout the life of the project. This task now includes the requirement to periodically assess the status of the project throughout the life cycle, as stated in the original request for proposal. Task 2 -Assistance with Initial Inventory This task involves assisting with the initial inventory of and includes the following tasks and activities: 1. Develop a database sheet in accordance with the needs of the organization. We have previously provided a suggested data gathering worksheet in Excel. 2. Work with the organization to enhance the existing worksheet and discussing the use of the worksheet with SLO Y2K program managers. Provide a briefing on how to conduct the inventory- Task 3 - Development of a Y2K Master Plan Working with the designated personnel of the City we will prepare a plan that includes the primary tasks or steps in Year 2000 planning. The plan will include the guidance necessary to perform at least the following steps: • Awareness • Identify key city processes • Assessment • Pre-test 12 Information Integration Innovation and Associates Inc. • Develop solution set • Implement solution set • Post-test • Plan for Year 2000 failures on the part of others The plan will not be entirely serial in fashion, that is, it not necessary that step 1 be complete before step 2 is started etc. The plan will also be flexible; additional tasks will be added as necessary. The intent is to make the document a living document that can be updated as necessary. Task 4 — Business Process Analysis and Prioritization This task is best accomplished through facilitation from outside consultants and we have accomplished it at a number of previous locations. Under your guidance we will conduct an assessment of key city processes and sub-processes, and then work with your leadership to arrange them in a priority sequence. We intend to interview the necessary program or department heads to verify the key processes and then work with a group of your choosing to establish a prioritization of these processes. This will be documented and presented to city leadership for concurrence. Results of this task can then be used to both prioritize the Y2K efforts and help in the decision process for disaster recovery planning. Task 5 — IT Disaster Recovery Planning This plan is a natural evolution of the Y2K effort in that the two can work hand-in hand and result in some efficiencies if approached simultaneously. We have previously assisted organizations in developing comprehensive disaster recovery plans. Following the completion of the business process analysis, we will meet with designated personnel and define the equipment needs and other procedures and policies needed for the Disaster Recovery Plan. After the initial meetings, we will develop a draft plan for circulation and comment from designated City members. After receipt of comments we will customize the report for final submission to the City. 13 X335 Information Integration Innovation and Associates Inc. SECTION 4 - SUGGESTED SCHEDULE Activity Sugeested Completion Date Plan for and prepare to conduct the inventory 8/7/98 Begin the inventory 8/10/98 Complete the inventory 9/10/98 Build an Awareness Plan 8/30/98 Start critical business process identification 9/7/98 Adopt a new procurement policy Immediately Develop an overall Y2K Master Plan 10/15/98 Conduct Pre-Tests* 10/30/98 Complete Business Process Prioritization 10/30/98 Decide Remaining Remediation Efforts* 11/15/98 Develop Disaster Recovery Plan 12/15/98 Develop DB Standards 12/1/98 Conduct Post Testing* 6/1/99 Monitor progress of the Master Plan 6/1/99 The tasks marked with an asterisk, * indicate tasks that we are not currently bidding because the scope of these efforts is unknown. 14 Information Integration Innovation and Associates Inc. SECTION 5 - PROPOSED COSTS Information Integration Innovation and Associates is currently available to State, County and City agencies under a Master Services Agreement for Y2K services. The services for SLO's initial assessment can be offered under the category of Planning and Assessment. Using it as a guide the following estimated cost schedule is provided. Task Proj. Manager Sr. Technical Admin. Cost Ldr Specialist Task 1 55 75 $9,875 Initiation and Project Mgmt. Task 2 0 10 10 $1,650 Inventory Task 3 25 100 25 $16,250 Master Plan Task 4 25 150 50 $23,375 Business Proc. Analysis Task 5 25 100 25 $16,250 Disaster Recovery Plan Total 1130 360 185 $67,400.00 15 ,�37 Exhibit 2 CONTRACT PERFORMANCE TERMS 1. Business Tag. Consultant must have a valid City of San Luis Obispo business tax certificate prior to execution of the contract. Additional information regarding the City's business tax program may be obtained by calling(805)781-7134. 2. Ability to Perform. Consultant warrants that it possesses, or has arranged through subcontracts, all capital and other equipment, labor, materials, and licenses necessary to carry out and complete the work hereunder in compliance with any and all federal, state, county, city, and special district laws,ordinances,and regulations. 3. Laws to be Observed. Consultant shall keep itself fully informed of and shall observe and comply with all applicable state and federal laws and county and City of San Luis Obispo ordinances,regulations and adopted codes during its performance of the work. 4. Payment of Taxes. The contract prices shall include full compensation for all taxes which Consultant is required to pay. 5. Permits and Licenses. Consultant shall procure all permits and licenses, pay all charges and fees,and give all notices necessary. 6. Safety Provisions. Consultant shall conform to the rules and regulations pertaining to safety established by OSHA and the California Division of Industrial Safety. 7. Public and Employee Safety. Whenever Consultant's operations create a condition hazardous to the public or City employees,it shall,at its expense and without cost to the City, famish,erect and maintain such fences,temporary railings,barricades,lights, signs and other devices and take such other protective measures as are necessary to prevent accidents or damage or injury to the public and employees. 8. Preservation of City Property. Consultant shall provide and install suitable safeguards, approved by the City,to protect City property from injury or damage. If City property is injured or damaged as a result of Consultant's operations, it shall be replaced or restored at Consultant's expense. The facilities shall be replaced or restored to a condition as good as when the Consultant began work 9. Immigration Act of 1986. Consultant wan-ants on behalf of itself and all sub-contractors engaged for the performance of this work that only persons authorized to work in the United States pursuant to the Immigration Reform and Control Act of 1986 and other applicable laws shall be employed in the performance of the work hereunder. 10. Consultant Non-Discrimination. In the performance of this work,Consultant agrees that it will not engage in, nor permit such sub-contractors as it may employ, to engage in discrimination in employment of persons because of age, race, color, sex, national origin or ancestry, sexual orientation,or religion of such persons. 11. Work Delays. Should Consultant be obstructed or delayed in the work required to be done hereunder by changes in the work or by any default, act, or omission of the City, or by strikes, fire, earthquake, or any other Act of God, or by the inability to obtain materials, equipment, or labor due to federal government restrictions arising out of defense or war programs, then the time of completion may,at the City's sole option,be extended for such periods as may be agreed upon by the City and the Consultant. Exhibit 2:CoMract Performance Terms Page 2-2 12. Payment Terms. The City's payment terns are 30 days from the receipt of an original invoice and acceptance by the City of the services provided by Consultant(Net 30). 13. Inspection. Consultant shall furnish City with every reasonable opportunity for City to ascertain that the services of Consultant are being performed in accordance with the requirements and intentions of this contract. All work done and all materials furnished, if any, shall be subject to the City's inspection and approval. The inspection of such work shall not relieve Consultant of any of its obligations to fulfill its contract requirements. 14. Audit. The City shall have the option of inspecting and/or auditing all records and other written materials used by Consultant in preparing its invoices to City as a condition precedent to any payment to Consultant. 15. Interests of Consultant Consultant covenants that it presently has no interest, and shall not acquire any interest direct or indirect or otherwise,which would conflict in any manner or degree with the performance of the work hereunder. Consultant further covenants that, in the performance of this work,no sub-contractor or person having such an interest shall be employed. Consultant certifies that no one who has or will have any financial interest in performing this work is an officer or employee of the City. It is hereby expressly agreed that,in the performance of the work hereunder,Consultant shall at all times be deemed an independent contractor and not an agent or employee of the City. 16. Hold Harmless and Indemnification. Consultant agrees to defend, indemnify, protect and hold the City and its agents, offcers and employees harmless from and against any and all claims asserted or liability established for damages or injuries to any person or property, including injury to Consultant's employees, agents or officers which arise from or are connected with or are caused or claimed to be caused by the acts or omissions of Consultant, and its agents, of`icers or employees, in performing the work or services herein, and all expenses of investigating and defending against same;provided, however, that Consultant's duty to indemnify and hold harmless shall not include any claims or liability arising from the established sole negligence or willful misconduct of the City,its agents,officers or employees. 17. Year 2000 Compliance. The Consultant wan-ants that the goods or services provided to the City, including those provided through subcontractors, are "Year 2000 compliant." For the purpose of this contract, "Year 2000 compliant" means that goods or services provided to the City will continue to fully fimction, fault-free, before, at and after the Year 2000, without interruption or human intervention; and if applicable, any data outside of the date range 1990- 1999, including leap years, will be correctly processed in any level of computer hardware or software, including,but not limited to,microcode, firmware,application programs, files and data bases. This warranty supersedes all warranty disclaimers or limitations, and all limitations on liability,otherwise provided by the Contractor. Upon request by the City, the Consultant will provide the City with a description of its Year 2000 compliance strategy,or statement of why this is not relevant to contract performance. 18. Contract Assignment. Consultant shall not assign, transfer, convey or otherwise dispose of the contract, or its right, title or interest, or its power to execute such a contract to any individual or business entity of any kind without the previous written consent of the City. Exhibit 2:Contract Performance Terms Page 23 19. Termination. If, during the term of the contract, the City determines that Consultant is not faithfully abiding by any term or condition contained herein, the City may notify Consultant in writing of such defect or failure to perform; which notice must give Consultant a 10 (ten) calendar day notice of time thereafter in which to perform said work or cure the deficiency. If Consultant has not performed the work or cured the deficiency within the ten days specified in the notice, such shall constitute a breach of the contract and the City may terminate the contract immediately by written notice to Consultant to said effect. Thereafter, neither party shall have any further duties,obligations,responsibilities,or rights under the contact. In said event, Consultant shall be entitled to the reasonable value of its services performed from the beginning date in which the breach occurs up to the day it received the City's Notice of Termination, minus any offset from such payment representing the City's damages from such breach. "Reasonable value" includes fees or charges for goods or services as of the last milestone or task satisfactorily delivered or completed by Consultant as may be set forth in the Agreement payment schedule; compensation for any other work, services or goods performed or provided by Consultant shall be based solely on the City's assessment of the value of the work- in-progress in completing the overall workscope. The City reserves the right to delay any such payment until completion or confirmed abandonment of the project, as may be determined in the City's sole discretion, so as to permit a full and complete accounting of costs. In no event, however, shall Consultant be entitled to receive in excess of the compensation quoted in its proposal. 20. Ownership of Materials. All original drawings, plan documents and other materials prepared by or in possession of Consultant as part of the work or services under these specifications shall become the permanent property of the City,and shall be delivered to the City upon demand. 21. Release of Reports and Information. Any reports, information, data, or other material given to, prepared by or assembled by Consultant as part of the work or services under these specifications shall be the property of City, and shall not be made available to any individual or organization by Consultant without the prior written approval of the City . 22. Copies of Reports and Information. If the City requests additional copies of reports,drawings, specifications, or any other material in addition to what Consultant is required to furnish in limited quantities as part of the work or services under these specifications, Consultant shall provide such additional copies as are requested, and City shall compensate Consultant for the costs of duplicating of such copies at the Consultant's direct expense. 23. Required Deliverable Products. Consultant will provide: a. Twenty five copies of the final report which addresses all elements of the workscope. Any documents or materials provided by Consultant will be reviewed by City staff and, where necessary, Consultant will respond to staff comments and make such changes as deemed appropriate. b. One camera-ready original, unbound, each page printed on only one side, including any original graphics in place and scaled to size,ready for reproduction. C. When computers have been used to produce materials submitted to the City as a part of the workscope, Consultant must provide the corresponding computer files to the City, compatible with the following programs whenever possible: V� Exhibit 2:Conrad Performance Terms Page 2-4 • Word Processing Word • Spreadsheets Excel • Desktop Publishing Coreldraw,Pagemaker • Computer Aided Drafting(CAD) AutoCad Computer files must be on 31/2", high-density, write-protected diskettes, formatted for use on IBM-compatible systems. Each diskette must be clearly labeled and have a printed copy of the directory. 24. Attendance at Meetings and Hearings. As part of the workscope and included in the contract price is attendance by the Consultant at up to three public meetings to present and discuss its findings and recommendations. Consultant shall attend as many "working" meetings with staff as necessary in performing workscope tasks. 25. Insurance. Consultant shall procure and maintain for the duration of the contract insurance against claims for injuries to persons or damages to property which may arise from or in connection with the performance of the work hereunder by Consultant, its agents, representatives,employees,or sub-contractors. a. Minimum scope of insurance. Coverage shall be at least as broad as: • Insurance Services Office Commercial General Liability coverage (occurrence foam CG 0001). • Insurance Services Office form number CA 0001 (Ed. 1/87) covering Automobile Liability,code 1 (any auto). • Workers' Compensation insurance as required by the State of California and Employer's Liability Insurance. • Errors and Omissions Liability insurance as appropriate to Consultant's profession. b. Minimum limits of insurance. Consultant shall maintain limits no less than: • General Liability: $1,000,000 per occurrence for bodily injury, personal injury and property damage. If Commercial General Liability or other form with a general aggregate limit is used, either the general aggregate limit shall apply separately to this project/location or the general aggregate limit shall be twice the required occurrence limit. • Automobile Liability: $1,000,000 per accident for bodily injury and property damage. • Employer's Liability: $1,000,000 per accident for bodily injury or disease. • Errors and Omissions Liability: $1,000,000 per occurrence. C. Deductibles and self-insured retentions. Any deductibles or self-insured retentions must be declared to and approved by the City. At the option of the City, either: the insurer shall reduce or eliminate such deductibles or self-insured retentions as respects the City, its officers, officials, employees and volunteers; or Consultant shall procure a bond guaranteeing payment of losses and related investigations, claim administration and defense expenses. Exhibit 2:Contrad Performance Terms Page 2S d. other insurance provisions. The general liability and automobile liability policies are to contain,or be endorsed to contain,the following provisions: • The City, its officers, officials, employees, agents and volunteers are to be covered as insureds as respects: liability arising out of activities performed by or on behalf of Consultant; products and completed operations of Consultant; premises owned,occupied or used by Consultant; or automobiles owned, leased, hired or borrowed by Consultant. The coverage shall contain no special limitations on the scope of protection afforded to the City, its officers, official, employees,agents or volunteers. • For any claims related to this project, Consultant's insurance coverage shall be primary insurance as respects the City, its officers, officials, employees, agents and volunteers. Any insurance or self-insurance maintained by the City, its officers, officials, employees, agents or volunteers shall be excess of Consultant's insurance and shall not contribute with it. • Any failure to comply with reporting or other provisions of the policies including breaches of warranties shall not affect coverage provided to the City, its officers,officials,employees,agents or volunteers. Consultant's insurance shall apply separately to each insured against whom claim is made or suit is brought, except with respect to the limits of the insurer's liability. • Each insurance policy required by this clause shall be endorsed to state that coverage shall not be suspended, voided, canceled by either party, reduced in coverage or in limits except after thirty (30) days' prior written notice by certified mail,return receipt requested,has been given to the City. e. Acceptability of insurers. Insurance is to be placed with insurers with a current A.M. Best's rating of no less than ANN f. Verification of coverage. Consultant shall furnish the City with a certificate of insurance showing maintenance of the required insurance coverage. original endorsements effecting general liability and automobile liability coverage required by this clause must also be provided. The endorsements are to be signed by a person authorized by that insurer to bind coverage on its behalf. All endorsements are to be received and approved by the City before work commences. J-A(A,