\ / ' ) / \ ; ) \I New York- LPB Training Ernie Hesling ) ) ) ) \ ' New York DMV 110055 GULaw Privacy FR 1 \) ) ) Identification Type ) ) ) • 1:N (Many) - 1:N Identificationisthe processof comparingthe image ) template for one person(the Probe)to the imagetemplatesof everyother personin the IVSdatabase. ) • 1:R (Record)- 1:RIdentificationisthe processof comparingthe image \ template for one personto that same person'shistoricalset of templates and demographicdata. / ) ) ) 3 ) ) The identification type 1:N, sometime called 1 to many is the process of comparing the image template for one person (the Probe) to the image templates of every other person in the IVS database. If a closeness match is found a case is created. \ ) The identification type 1:R is called 1 to Record - 1:R Identification is the process of comparing the image template for one person to that same person's historical set of templates expecting to see like facial features. If likeness is NOT found a case is created. New York DMV 110056 GULaw Privacy FR 3 ) Main Screen - Cases \ ) \ ) ) ) ) ) You are logged into FAS. The FAS Cases tab is displayed. \ J New York DMV 110057 GULaw Privacy FR 5 ) ) ) ) ) FRS Framework \ I -, MAXIMIZE ) ) .,._ABOUT 'LOG ) OFF ') ) \ ) ) USER INVESTIGATORLEVEL ~ ) ,- ,/ ) The FAS framework is present throughout the workflow process. ) ) ) New York DMV 110058 GULaw Privacy FR 7 i) ) ') } ) ) \ I ) ) ) ) • In Use - an investigation is started and the investigator is actively looking at the search results. While in use, no other users can edit the case. The status does not change until the investigator saves the work, completes and closes the file, or logs out of the FAS application. • No Matches - the probe has no matches. This status is used only for manual identifications, watch list identifications and managed cleanse. • Processing - the probe is in the process of being matched with the templates in the database. • Ready - the identification process is completed and the case is ready for further investigation and processing. • Closed - case is closed and is read-only • New - the probe has been added to the database, but the identification process has not yet started. If the Case Status is New, the row is highlighted in red. ) ) \ ) ) Level Level of the investigation. Possible levels are: Possible Data Error or Resolved Data Error. Case Origin How the case was originated. '> Possible sources are: Automated (A), Manual (M), S (Scrub), and Watch List (W). (Cases tab) ) Created Date Date the case was created using the format YYYY-MM-DD. DFI Case Number Case number from the NY System of Record; the alphanumeric imported from Face Explorer. ) ) New York DMV 110059 GULaw Privacy FR 8 Viewing a Case- MOVE TO - DFI ) ) ) ) ) ) \ J ) } ) ) \ ) 10 ) ) ) Select the reason for moving the case from the Move to: drop-down menu on the probe or the candidate. Click Move to. The case is moved to the Cases Tab \ J New York DMV 110060 GULaw Privacy FR 10 1 I ) ) ) Record View ) ) ) PROBE CANDIDATES IGALLERY) ) ) ) ) ) ) 12 ) ) :i ) New York DMV 110061 GULaw Privacy FR 12 ', I ') ) Relative Match Scores ) \) ) Low ) \ J Low-Medium Medium Green Yellow Medium-High High \ I ) ) ) \ j ) ) \ I 14 ) ) ) New York DMV 110062 GULaw Privacy FR 14 \ I ) \I ) Usethe Cursor ) \ ) ) ) ) ) ) \ ) \ j \) ) ) ) 16 ) \ By placing the cursor over an Icon or the color that surrounds the image, a message box will appear explaining either the Icon or what the color indicates as seen in this slide. ' \ ) New York DMV 110063 GULaw Privacy FR 16 ) \I Demographics ) \ J ) ) ) \ / \ j ) ) 18 ) ) Matching demographics for probe and candidate are highlighted in red when viewing a Probe and Candidate Record Details screen \ j New York DMV 110064 GULaw Privacy FR 18 ,- '\ I ) ) ) Side by Side View ) ') \ ) \ I ) 20 ) \ ,/ ) New York DMV 110065 GULaw Privacy FR 20 Side By Side Image Zoom Control Bar ) \ I ZOOMI ROTATE \ \ COLORMASK + I + 0 ) \ ) t OVERLAY ) \ ) ) 22 \ ' New York DMV 110066 GULaw Privacy FR 22 1 I ) \ / \ Grayscale I ) ) \ j ) ') \ I ) ) 24 ) Grayscale Use this button to display images in shades of gray. New York DMV 110067 GULaw Privacy FR 24 ',I ---) \) \I \ I Negative \ ) ) ) \ I \ I ', I \ j \ j ) ) 26 \ ) ) \ ; \ ) New York DMV 110068 GULaw Privacy FR 26 ) 'l 1 ·, \ J Magnify ) '\/ ) ) ·, / ) I ) ) ) } \ I \ 'JI 28 \ ) \ J )' \ ) ) New York DMV 110069 GULaw Privacy FR 28 \I \ \) ) View Signature \ -, J / ) \ \ l ) ) ) 30 \ ; The default view is the front Portrait view however you may want to compare signatures. Click on the drop down list box to the top right of the Image and select Applicant Signature. Select applicant signature in the other view as well to display side by side signatures. You can also zoom in on the signatures by clicking on the signature to launch the zoom tool. To view the images again change the drop down list box to front Portrait on both the probe and candidate. New York DMV 110070 GULaw Privacy FR 30 \I ,'\ ) '\ Compare Probe and Canidate ) \ ) ) \j \ ) ') ) 32 lj Click an image in the gallery. The Probe and Candidate Record Details screen is displayed side by side for comparison. Note that the green star indicates the candidate that is currently selected for side by side comparison with the probe. \ / ) 1 4To: 0 Return to the investigations results list, click the List View sub-tab 0 Close the current case details screen, click the in the upper right corner of the case tab. 0 Zoom in on the probe or selected candidate image, click the image and the selected image is enlarged New York DMV 110071 GULaw Privacy FR 32 ) '"'\ ) ) ) ) Record Dossier * ) ) ) ) ) ) ) ) ) ) ) PRINT ) ) ) 34 ) ) A record dossier similar is generated. ) ) ) New York DMV 110072 GULaw Privacy FR 34 ?qqx/ (I vi New York DMV Side by Side Dossier (mm: Mammal? my: 36 110073 PrivacBB? ) ) Case Dossier ) ) ) ) ') ) ) ) ) ) ) \ ) ) 38 ) ) Open the record you want to convert into dossier form. Select the Case Dossier link from the Case View Options. ) ) ) ) ) New York DMV 110074 GULaw Privacy FR 38 ) ) Case Dossier 1 ) ) ) '\ ) ) ) ) ) ) ) ) ) 40 ) New York DMV 110075 GULaw Privacy FR 40 ) ) Move Data Case to Possible Data Error * ) ) IMoveto; IPossibleDataError " I ) 1' ) ) ) ) ) ) ) ) ) ) 42 ) \I Select the reason for moving the case from the Move to: drop-down menu on the probe or the candidate ) New York DMV 110076 GULaw Privacy FR 42 ) Changing Record Status 1I \) ) ) ) ) ) ) ) ) ) 44 ) Click Save Changes to save the change. This selection saves your work, but will not close the investigation. ) ) New York DMV 110077 GULaw Privacy FR 44 ) Final Disposition of a Case * ) 1 ) ) '\ J \ ) ) ) ) ) ) ) ) 46 ) ) A Confirmation screen is displayed. Assign a DFI Case Number to the case Click Confirm to confirm the status change; otherwise click Cancel to exit the screen without saving the change. New York DMV 110078 GULaw Privacy FR 46 ! ,-) '; ) l I Find People Tab * ) '\ ) ) ', } \ J ) ) '1 I ! ) ) ) 48 \ J New York DMV 110079 GULaw Privacy FR 48 Admin Log In ) 1I \) \ ) \ ! I I ', J \ ) ) \ ) 50 Enter your User ID, Password and Domain and then click Login. You are logged into FRS Admin; the Reports screen is displayed. New York DMV 110080 GULaw Privacy FR 50 \ ) ) ) Administration Portal \ J '\ 1 ) \ / ) ) ) ) ) ) 52 ) ) New York DMV 110081 GULaw Privacy FR 52 Template Management - Search Options ': ) ) \ ) ', ) ) Any ) NotEnrolled Success I:?: ) 54 ) To search for enrollment records using Search Options Enter the CID or GRN criteria or use the selections in the Enroll Status and Manual Status drop-down menus to search for a template. Select Reset at any time to clear the Search Options fields. New York DMV 110082 GULaw Privacy FR 54 \ J ) \ J Edit a Template \, \j ) ) \ J 56 ) ) To edit a template ) Complete the search steps in Searching for a Template. Select Edit. The Edit Record window is displayed. If necessary, click and drag the crosshairs to adjust the center point of the eyes on the displayed image. New York DMV 110083 GULaw Privacy FR 56 \ I ) \ ) Quality Scores * ) \ ) \ ) ) \i \ ) ) ) 58 The quality score indicates how well the system generates an accurate template for the given biometric. System administrators can view facial scores for enrolled portraits to ensure good quality portraits are enrolled. Each enrolled template displays a score from O (lowest quality) to 10 (highest quality). \ ,, I New York DMV 110084 GULaw Privacy FR 58 ) Case Reports \ \ J \ i CasesReport ) EllW.2Ji.lhl.nl UHtlD:AB Sort Field:CtHle Dal& DateRange:Ftom:2015.QS.,1$ To:2016,-09..01 CasoOilgln:AB Workflow Typo:AJI - en.Jll - l.m.HAmt ElilllitmI l!w.ll! °"'" °""' Op•• °""' °""' Op,• \ / lJ.u.. ~ A A A A A ---ClillL Im M M M Im had lead Uad 201S-0S.31 2015-0$-3 20t5-08-31 2015-0S.3 2015-08-31 2015.(JS.3 M Lead 201S-Oe.3t 2015-08·3 M lead 201S--08-31 201S.CS.3 60 The Cases Report shows case related data based on user selected filter settings. The results are sorted by Create Date unless a User ID is specified, and then the results are sorted by User ID. New York DMV 110085 GULaw Privacy FR 60 Case Activity Report ) \ From 2015-08-15TO2015-09-01 l.W.c.lll CIS tffimanager Open \ I ru:.tln QilJl!ll tlQUslWilbIUIIH 0 I.ilal 477 0 5 1 10 477 16 16 16 Toi.I 21 Generatedon 2015-09-0115:03:51bydfladmln SWVersion:4.9.0.19 0 0 478 10 509 CoseActlvllyReport Pag• 1 of1 V } 62 \ I New York DMV 110086 GULaw Privacy FR 62 \ I ) --,) ) Case Disposition Report ' ) 'i I \ I ) Dalo Range: FOlS45-Je WAl.lUi --· W,\LJ(R ) H½>i ) ) 2015.U·I• •4tt,9$1), ~ WQtl ) 70lS·~•lt 2ClJ.-OHI llmN tSTl;S H!;h ~l~l ) ) ) ) 15 ) ) ) ) ) As mentioned earlier, to open a case, double click on the case in the List view. The case opens and the Case Details screen is displayed as shown here. Let's review the items on this page. Notice at the top left a tab was created next to the List view tab. This is the case and the case number is shown inside the tab. You can have multiple cases open at once. Click the red X to close case without saving any changes. The case view by default is shown just below the List view tab and is the 1:N gallery. 1:N meaning the identification was made using the 1:Nor 1 to Many or in other words the entire database was searched for potential matches. We will explain Notes & Files shortly. Just below is the Case Details. In this example the case Level is Lead meaning it is a new lead. The Case Origin is A for Automated, meaning it was created by the automated identification that was run overnight. The case is In Use By a user named limited Investigator, this would usually show your user name if you opened the case. The Max. 1:N Candidates means the maximum number of candidates was set to 25, meaning return up to 25 of the highest matches, the setting is configurable in increments of 5 up to 50. The 1:N Threshold is set to 0. This is the default setting for manual investigations that we will explain later. The larger image in the middle is the PROBE and the GALLERY of images being the CANDIDATES are to the right. Just below the Probe Image is the Demographics. We will explain the items on the top right shortly. Simply put, double clicking and opening a case displays case status information, the probe and demographic as well as images of the candidates. There is a lot of information to absorb. We will continue point out the items and features as we go through this tutorial. Also it will be easier to understand once you start using the tool. Note: If you navigate back to the List View tab once a case is opened you must click the Reset button in Filter Options to see the status of the case change from Ready to In Use. New York DMV 110098 GULaw Privacy FR 15 ) ) ) ) ) Demographics ) ~) ) ) ) ) ) ) ) ) ) ) 17 ) ) • Click the Demographics tab to view demographic information. Information displayed includes CID, GRN, Last Name, First Name, Middle Name, Issue Date, DOB, Height, Gender, Eye Color, Address 1, City, State, Postal code, Case Id, Enroll Status, Investigation Status, and DFI Case Number. Use the scroll bars to the right of the list to view all information. ) ) Matching demographics for probe and candidate are highlighted in red when viewing a Probe and Candidate Record Details screen. New York DMV 110099 GULaw Privacy17 FR Use the Cursor ) ) '; ) ) ) ) ) ) ) ) ) 19 By placing the cursor over an Icon or the color that surrounds the image, a message box will appear explaining either the Icon or what the color indicates as seen in this slide. New York DMV 110100 GULaw Privacy FR 19 Selecta Record ) ) ) ) .... """ .... """ .... .... .... .... ) ) ) ) ""' ,""' ... ) ""' .... lOlS-«-11 - --- ..... ~IHIH4 1.0WU,l' 1DIHl$•U lOIHf.lt ll)tf>Ol·U 101s-os.u 20lHl·U 201HIIM) 2'1l!.Q$•tl 2-0l~~MI 1015-0$·11 ua-Ge-1• ~1,.1)1.i, , """' H(AA&XotS «ttittu •oowo , ..,. "''"" """" ,._ "'""' '°"'" "'"' ""' «*t.ll.lt """' <4ll0Wi91 4*lU46S Sst11»1l S6U1ll~ w;m< ~:»nu WAl.t'fk UJUtl.ft ""' U1~» """ '"""" """" e:nmrn ,,..., 4'J$.TMWU Udit1it ""' UJ~SHS ""' ...., .. ""' .. .., ...., ...., ...., ,., lOIS-OHt l01HH4 :iouoi.1, !'l:01!.ot•H ZOIHM• 101HH4 lOU,(lil·H :tt.111-0£.1$ lOU#II :ton-ot-11 :.!OIJ-0$.lt l{)15-"·J1 ) ) ) 21 ) Click the case that you want to view from the Automated Leads tab search results list. New York DMV 110101 GULaw Privacy FR 21 \ I CompareProbeto a candidate \ I '\ ) ) ) ) ) 23 ) ) Click an image in the gallery. The Probe and Candidate Record Details screen is displayed side by side for comparison. Note that the Green Star indicates the candidate that is currently selected for side by side comparison with the probe. ) \ / To: - Return to the investigations results list, click the List View sub-tab - Close the current case details screen, click the X in the upper right corner of the case tab. - Zoom in on the probe or selected candidate image, click the image and the selected image is enlarged New York DMV 110102 GULaw Privacy FR 23 __ . ~ I AssignTo \ ) \ ) ) ) \ I 25 ) Select your name or the name of the investigator from the Assign to: dropdown list. This example assumes you are assigning the case to dfinvestigator. ) 'J 1 Click the Assign to: button. The case is assigned to the investigator as shown in the Assigned To column of the results list New York DMV 110103 GULaw Privacy FR 25 Changestatus ) ) \ / ) \ J ) ) 27 ) 1 Select the Cases tab and the search results list is displayed. Click the case that you want to review. The Case Details screen is displayed. This example shows a record with a status of Suspect. ) ) New York DMV 110104 GULaw Privacy FR 27 \ ; Confirm ) ) ) ) ) ) ) ) ) 29 ) ) ) A Confirmation screen is displayed. Click Confirm to confirm the status change; otherwise click Cancel to exit the screen without saving the change. ) Click the Move to: button. ) \ / New York DMV 110105 GULaw Privacy FR 29 Side by Side- Zoom \ ! ) ) ) ) \ / ) 31 ) ) In this example 2 records of the same person are displayed. Click on the magnifying glass to further enlarge or decrease the Image size. You may want to zoom in on an image to look for a distinctive mark on the face. When done, click to Close button to exit the Zoom tool. '} New York DMV 110106 GULaw Privacy FR 31 UnlinkedZoom ) ) ) ) ) ) ) ) ) 33 ) ) Link/Unlink Link images to apply actions to both images. I J ) Unlink images to apply action to one image. Use the Unlink button in combination with Grab and Pan, Zoom In/Out, and Rotate buttons ) New York DMV 110107 GULaw Privacy33 FR ) ) ) ) ) Blue scale ) ) ) ) ) ) ) ) ) ) ) ) ) 35 ) ) Greenscale Use this button to display images in shades of blue. ) ) ) ) New York DMV 110108 GULaw Privacy FR 35 ) HorizontalSplit ) ) ) ) ) ) 37 ) ) Split Horizontally ) Use this button to move the slider to change the overlay splitter. New York DMV 110109 GULaw Privacy FR 37 <63 aptly 39 \1 \\Lj k) \?111 \11/ Privacsg? 110110 New York DMV \ / IndividualControls ) ) ) ) 41 ) } Image zoom controls are available any time you click an individual image or when you select the Side by Side button. ) ) ) ) New York DMV 110111 GULaw Privacy FR 41 View Signature ) ) ) ) ) ') ) ) ) ) \ ) 43 ) ) The default view is the front Portrait view however you may want to compare signatures. Click on the drop down list box to the top right of the Image and select Applicant Signature. Select applicant signature in the other view as well to display side by side signatures. You can also zoom in on the signatures by clicking on the signature to launch the zoom tool. To view the images again change the drop down list box to front Portrait on both the probe and candidate. ) ) ) ) New York DMV 110112 GULaw Privacy43 FR ) Add a Note to a Case . ) ) ) ) ) ) ) ) ) ) ) ) ) 45 ) Keeping good notes is important for your records as well as other Investigators. Clicking on the Notes & Files section on the left hand side bring up the "Case" notes window. Case notes can be added to the middle section in white. To the right, if other case notes existed, they would be displayed by timestamp. Let's take a closer look at adding and viewing case notes. ) ) ) \ / New York DMV 110113 GULaw Privacy45 FR ) SavedCase Notes examiner N case Note3 Title 2010-07-22 11:47:20 AM examiner N Case Note2 Title 2010-07-22 11:46:52 AM examiner N Case Notel Title 2010-07-22 11:46:23 AM \ ) ) ) ) ) ) 47 ) ) Notes entered by a user become a permanent part of the case. The notes are sorted by date with the most recent note at the top of the list. As shown here the case notes section in the right side shows the Author who created the note, a Y or N if the author created an attachment, we will show you and example next. The title is displayed as well as the time and date the note was created. ) \ J ) New York DMV 110114 GULaw Privacy FR 47 ) Savea File to an Investigation ~~ r::--~-~------i=! ElleUpload 1 ._.tocelDlsk(C:) . &D\'Cl/CO-RW Dove(0:) ~shore on 'MainFie Server(shore)'(M:) @J ) Desktop C;it~..io tl!~ J,IM< ~~n l'IV""' } ) ) ) 49 ) ~J New York DMV 110115 GULaw Privacy FR 49 1 I To Add a File to an Investigation • ..JPG •.PDF •.BMP •.HTML ') ) •.DOC •TXT •.XML •.XLS ) Note: There is a 10MB limit for file attachments. ) ) ) 51 ) ) These are the types of files that can be added or attached to the case. Note, there is a 10MB file size limit for attachments. ) 1 J ) ) New York DMV 110116 GULaw Privacy FR 51 1 I ) .,,--'\ ) /\ J Reviewinga Note in a Case ; Case Note3 Title This is the 3rd note. ) \ ) \ I 53 ) ) The case title is displayed at the top and the description is displayed in the window. Remember notes are permanent and read only. Click the close button when finished. ) ) New York DMV 110117 GULaw Privacy FR 53 Review Files ) ) ) ) ) ) ) 55 ) The File download window allows you to Open the attachment or Save it to your PC or Cancel all together. ) ) ) ) ) ' J New York DMV 110118 GULaw Privacy FR 55 ) ) ) Add a Note to a Record ) ~) ) ) ) ) ) ) ) ) ) ) ) ) 57 ) The New Note window is displayed. Similar to case notes you enter your notes in the text box, there is a 500 character limit. One feature that is different with record or person notes is the ability to create a public or private note. It should be noted however, Investigator user levels are not allowed to create a private note. It should be further noted most jurisdiction require their Investigators to create Public notes. Supervisors are allowed to see all private notes. Type your new Note and click the save button to permanently save the note to the record. Click the Close button to close the window. ) ) ) ) ) ) ) New York DMV 110119 GULaw Privacy FR 57 ,c} ) /) ) ReviewingNotes on a Record ) ) ) ) ) ) ) ) ) ) ) ) ) ) 59 ) To review the notes on a record select the View Notes tab instead of the default New Notes tab. You will see a time stamped list of al the notes with the most recent note on top. You should also be aware there are sub tabs for viewing notes. The default is the Public notes. To see the private notes you can click on the Private Notes sub tab. Private notes can only be seen by the person who entered them or a Supervisor. Again, Investigators are not allowed to enter private notes and many jurisdictions expect others to add public notes. Click the close button to exit the window. ) ) ) ) ) New York DMV 110120 GULaw Privacy FR 59 Reviewthe CaseHistory ) ) ) ) ) ') ) ) ) ) ) ) 61 ) ) Select the Case History link from the left side of the screen. The Case History table displays a times stamped history of all changes to the case. Let's take a closer look on the next slide. ) \ J l / New York DMV 110121 GULaw Privacy FR 61 ~i LinkingCases ) ) ) ) ) ) ) ) ) ) \ J 63 If you are reviewing a case and believe it is similar to another case, you can manually link the two cases. The list of linked cases remains with the case even if it is re-assigned to another Investigator. ) ) To link cases ) From an open case, select the Linked Cases link. This example selects case ID 1658. The Linked Cases screen is displayed. ) ) New York DMV 110122 GULaw Privacy FR 63 ) Deleting LinkedCases ) ) ) ) ) ) ) ) ) 65 ) ) Click OK to delete the case. Otherwise, click Cancel to cancel the transaction. ) ) ) ) i New York DMV 110123 GULaw Privacy65 FR ) \ Create a Dossierfrom a Record / ) ) ) ') ) ) ) ) ) 67 ) The PDF is created with the image, signature and demographics of the individual record. If you want to include public and private notes you can select the check boxes at the bottom of the window and then select the Regenerate button. A new PDF will be generated with notes included. ) New York DMV 110124 GULaw Privacy FR 67 ! /'\ j "\ / Create a side by side Dossier ) I ) '-. ) ) ) ) ) ) 69 ) } Click the Create Dossier button on the Probe and Candidate Record Details screen. ) New York DMV 110125 GULaw Privacy FR 69 ) ) Side by Side Dossier \ I ) ) ) ) ) ~-----·-l• ) ) 71 You can print or send the dossier by email. Determine which Dossier Options you want to include in the dossier. If you want to include notes, scores, or generate dossier with smaller portrait images, checkmark your selection(s). Note that if you select smaller images, additional demographics are displayed. Click Generate. New York DMV 110126 GULaw Privacy FR 71 \ Create a CaseDossier / 1I ) ) ) \ I ) ) ) ) 73 ) ) The last menu option allows you to created PDF style dossier of the Case. To create the Case Dossier of the probe and all the candidates click on the Case Dossier link. The Dossier Options window is displayed, by default the 1:N gallery is selected. The "Only Flagged Records" checkbox allows you to only create the dossier with flagged records. To this point in the training we haven't talked about a flagged records but do you see the color of the probe is Orange? The colored background indicated the records has been flagged as Suspect. We will talk more about flagged records shortly. The "Include Scores" check box allows you to decide whether to create a dossier with the match scores or not. If the dossier is to be used in an investigation it is common to NOT print the scores. As you will see shortly the default case dossier displays the probe at the top left of the paper and all candidates in rows of 4 images. The Court Dossier options displays the images in rows of 3. Select the Generate Dossier button to create the dossier. Let take a look at an example. ) ) New York DMV 110127 GULaw Privacy FR 73 Create a CaseDossier ) ) ) ') } ) ) ) 75 ) ) This is an example of the court dossier. The probe is at the top and the candidates are below. In the default dossier if there were more than 3 candidates another image would have displayed on the right of the 3 rd candidate as the default it 4-up or 4 per row. If the court dossier check box was selected it would display 3 images per row. The dossier is a PDF file. It can be saved, printed and depending on your business rules possibly emailed to others. ) ) l \ ) ) New York DMV 110128 GULaw Privacy FR 75 ) '\J \ Questions? I STIONS ') \ ) ) Answers ) ) ) ) 77 ) ) ) New York DMV 110129 GULaw Privacy FR 77 '\ I ) ) ) CasesFilter Optioms ) : Automated Manual W•khJ!s\ ) ) Fded In Use New Nol·,Mdlet ) P~ssing Ready Closed ! \J 79 ) New York DMV 110130 GULaw Privacy FR 79 ) '; "' \ I \ J ') -, Keeper ) --,) ) ) ) I \ / \ ) \ I \ I / \ ) 81 ) ) \ j I \I \ J \ \ ) New York DMV 110131 GULaw Privacy FR 81 \I _.--"\ ) ) ) ) LinkingRecords ') ) ) ) ) ) ) ) ) ) ) PROBELINKICON CANDIDA TELINKICON ) ) ) 83 ) ) Click the Link icon on the candidate FIRST record. ) ) ) ) ) ) ) New York DMV 110132 GULaw Privacy FR 83 ') LinkingRecords ) ) ) ) ) ) ) ) ) ) ) ) ) ) 85 ) ) Click the Link icon on the probe record. •If this is a newly created link set, the Link Name screen is displayed. If you did not name the newly created link, your link set is automatically named Link Name n (where 'n' is lowest unused number 1,2,3, etc.). •If you want to change the name at this time, type in a link name. This example changes the name to Suspects Market Street. Click OK. •If this is not a newly created link set, this screen is skipped. 2 The View Link Records screen is displayed. Hover the cursor over the image to view the case name and record number. ) ) New York DMV 110133 GULaw Privacy FR 85 . \ I Unlink a Record ) ) ) ) ) iI ) ) ) 87 ) ) From the Link Record Images field, click the red X next to the record you want to unlink. ) ) A Confirm message is displayed. Click OK to unlink the record; click Cancel to keep the record as part of the link set. ) New York DMV 110134 GULaw Privacy FR 87 ) Changethe Name of a LinkedSet ) ) ) ) ) ) 89 ) ) ) Select the My Links and Exclusions tab. ) Select the Link Records sub-tab. ) ) Select the link set from the Linked Records list. This example selects Link Name1. ) Type the new name in the Link Name field. This example names the link Suspects Concord Rd. ) Click Update. The updated link name appears in the Linked Records list. New York DMV 110135 GULaw Privacy FR 89 \ I ) ) ) • Public exclusions do not apply to uploaded images. Public exclusions are based on Person ID, and uploaded images do not have a Person ID. I ) \ ) ) ) ) ) ) ) ) ) ) \ / ) ) ) ) ) \ New York DMV 110136 GULaw Privacy FR 90 ) ) View Exclusions ) ) ') ) ) ) ) ) ) ) ) ) ) ) 92 ) ) • Use the Exclusion icon when you have a case open ) • Use the Links and Exclusions tab To use the Exclusion icon ) ) \ I New York DMV 110137 GULaw Privacy FR 92 Removean Exclusion ) ) ) ) ) ) 94 ) ) From the Exclusion Images field, click the red X next to the record you want to remove. ) A Confirm message is displayed. Click OK to remove the image; click Cancel to keep the image as an exclusion. ) ) ) New York DMV 110138 GULaw Privacy FR 94 C \ ) ,--°\ - J \ I Working on a Case- DFI Investigator Investigators perform detailed case reviews to determine if there is suspect activity or data error. Investigators can perform all of the functions of an Investigator plus .... ) ) ) ) •Close and Clear an Investigation •Start a new Investigation •Can use My Identifications •Can use My Groups •Find (Search) People ) ) ) $6 ) ) •The role of Investigators is to perform detailed case reviews to determine if there is suspect activity, data error, the case needs further investigation or clear the case with no issues. Investigators can: ) •View a Case from workflow tab called the Cases Tab •Assign a Case to them self •Review the Case History Notes and Attachments that may have been created by others •Create a Group of cases •Create a Dossier for the Probe only to create a PDF file or print a hard copy •Create a Dossier for the Case which is the Probe and All Candidates to create a PDF file or print a hard copy •Move a Case on for Further Investigation by Senior Level people •Close and Clear an Investigation with No Issues •Start a new Investigation on a Person of Interest •Create an personal group, like a file folder of a group of individuals •Upload a photo into the Bl system to be able to start an investigation New York DMV 110139 GULaw Privacy FR 96 ) New Tabs ) ) . \ ) ) ) ) ) ) 98 ) ) My Identifications Tab ·, You can retrieve a specific case and begin a new investigation. This tab displays a list of all manual investigations that were processed by a specific user. ) Find People Tab ; This tab allows you to locate individual records in the system using criteria entered into search fields. ) Face Search Tab This tab allows you to upload images to scratchpad, delete images in scratchpad, search for images, and compare uploaded images. Images under Face Search are also available under My Groups if you decide to start an investigation. New York DMV 110140 GULaw Privacy FR 98 ) Find PeopleTab ) ) ) ) ) ) 100 ) ) ) You can create a new search from the Find People tab. Use any of the search fields to narrow your search results, and then click Find. ) Click Reset at any time to clear the fields. ) Search Option ) CID - Client ID or Person ID number of the individual, a unique ID using a 9digit format. GRN - Global Reference Number. This number is a unique ID of the actual portrait image using the format: YYYYMMDDSSSCSEQ (SSS-Site code, CCamera, SEQ 0-999). ) New York DMV 110141 GULaw Privacy FR 100 \ I Manually Start an Identification ) ) ) ) \ ) 102 ) ) After searching and finding a person of interest you may decide to conduct a manual identification. The manual identification searches the entire database for matching candidates to your person of interest or what we call the Probe. Selecting the Target or Bulls Eye Icon located at the top left of the image will launch the Identification Options window as we will see next. \ ) New York DMV 110142 GULaw Privacy FR 102 \; My Identifications \ J "J ) \J Refresh List \I 104 ) The My Identifications tab contains your manual investigations. You may need to click the Filter Reset button to Refresh the list. Just like from the Cases and Cases tab, click on the case to open the case in detailed view. \ J \ ) New York DMV 110143 GULaw Privacy FR 104 ) ) ) /) FaceSearch ) ) EXPAND I COLLAPSE SEARCHSETllNGS SEARCH BUTION SIDEBYSIDE BUTION GRIDVIEWI LISTVIEW TOGGLE BUTION ) ,, ) ) ) ) ) ) ) ) ) ) 106 ) ) Face Search allows you to upload images to its Scratchpad and perform searches of the uploaded images. The following figure shows the Probe, Candidate, Results, and Scratchpad boxes and associated buttons. ) ) I ) ) ) ) \ J New York DMV 110144 GULaw Privacy FR 106 \ ) Upload an Image I I I I ) 2,vif l ).gif ~,gif <~d-91 ) .J;;,libt:Mes ) f]De,c~ 'J, ....... ) ) ) ) ) ) 108 ) ) The Image Upload window is displayed. \ Click Choose File. The Open dialog box is displayed Navigate to the location of the file, and click Open. The Image Upload screen is displayed. J New York DMV 110145 GULaw Privacy FR 108 Searchfor Results ) ) ) ) ) ) ) 110 ) Drag and drop an image from the Scratchpad box to the Probe box. (The image in Scratchpad appears faded when it is selected.) ) ) Click search in the Probe box to obtain search results. \ J ) ) New York DMV 110146 GULaw Privacy FR 110 ' ) p) ', I } ') Views } } ) ) ) ) ) ) '\ ) ) ) SEARCHRESULTSLISTVIEW SEARCHRESULTSGRIDVIEW ) ) ) 112 ) ) ) ) I \ ) ) ) ) \ ) New York DMV 110147 GULaw Privacy FR 112 \ ) Use SearchCriteria Options ) -) ) ) ) ) ) ) ) ) ) ) ) ) 114 ) ) • Enter any specific traits (gender, height range, age range, maximum number of candidates) you want to use to narrow your results. ) • Maximum number of candidates determines the maximum number of matches you want to be returned by the CIS. Possible number of candidates ranges from 5 to 50 in increments of 5. • If the Auto Search box is checked, a search is automatically started when an image is dragged and dropped in the Probe box. This enables rapid examination of images. If the Auto Search box is not checked, click search in the Probe box to start a search. New York DMV 110148 GULaw Privacy FR 114 ScratchpadImage UploadsAvailable ) ) ) ) ) ) ) ) ) ) 116 ) ) Images that are uploaded via the Face Search tab or the My Groups tab are available under both tabs in the Scratchpad box/group. \ J \ I ) ) New York DMV 110149 GULaw Privacy FR 116 FRS- SupervisorLevel \ ) ) ) ) ) ) ) ) ) Today we are here to introduce the Issuance Tracking Application. This application will work in conjunction with the new Central Issuance process. Central Issuance now introduces a new set of services we will offer to our customer and also insures them from some instances of identity fraud. ) ) ) ) New York DMV 110150 GULaw Privacy FR 118 ) My Watch List ) ) ) ) ) ) 120 j Select the Watch List icon. The Watch List settings screen is displayed. Select specific settings you want to use from the applicable drop-down menus. To save your changes, click Add and the record will be visible when you select the My Watch List tab. Click Cancel to exit the screen without saving the change. New York DMV 110151 GULaw Privacy FR 120 1) ,,-) /\ ) /) ') RecordDetails /\ ) ) ) ) ) lI ) ) ) ) ) ) ) ) 122 ) ) ) \ j \ ) \ j New York DMV 110152 GULaw Privacy FR 122 ) Delete a Record ) ) ) ) ) ) ) ) \ J 124 ) ) 2 Click the red X located to the right of the image. The name and identification number associated with the image is displayed when the cursor hovers over the red X. ) ) ) ) ) New York DMV 110153 GULaw Privacy FR 124 \ J ,--, ) ) \ J ) My GroupsTab ") ) ) ) ) ) ) -) ) ) ) ) ) ) 126 ) \ ) \ I ) \ J ) \ New York DMV 110154 GULaw Privacy FR 126 Add recordto a Group from Image ) ) ) ) ) ) ) ) ) ) ) ) 128 ) \ } Select a lineup from the listed Lineups or create a new lineup by clicking the Add Lineup icon and entering a name for the lineup. ) ) Click Add. The My Lineups dialog closes. To view the added lineup image, click the My Lineups tab. The My Lineups tab displays the image added to the lineup. \ ) ) New York DMV 110155 GULaw Privacy FR 128 Upload a File ) ) ) ) ) ) ) ) 130 ) \ J In the Choose File to Upload window, navigate to the location an select the file. Select the Open button to attach the file. Now click the Save Note button as we did before to save the attachment to the case. ) ) \ ,I New York DMV 110156 GULaw Privacy FR 130 \ ) Start an Investigation ) 132 ) ) ) ) ) ) New York DMV 110157 GULaw Privacy FR 132 ) ) -) View Assignmentsof Investigators ) ) ) ) ) ) ) ) ) ) ) ) ) ) 134 ) ) ) Select a user from the Filter Options Assigned To drop-down list to narrow your search ) The cases assigned to that user will be displayed. ) Click Reset to return to the original search results list ) ) ) ) New York DMV 110158 GULaw Privacy FR 134 View the Watch Listsof Any Investigator 136 ) Select the My Watch List tab. \ Select a user from the Other Users drop-down menu. ) The watch list images for the selected user are displayed. If you go to the detailed view of the image, the Hot List settings cannot be updated. ) ) To return to your own Hot List images Select Current User from the Other Users drop-down menu. \ / New York DMV 110159 GULaw Privacy FR 136 \ I Find PeopleTab -, / ) ) ) ) ) 138 ) You can create a new search from the Find People tab. Use any of the search fields to narrow your search results, and then click Find. Click Reset at any time to clear the fields. \ J Search Option Description CID - Client ID or Person ID number of the individual, a unique ID using a 9digit format. GAN - Global Reference Number. This number is a unique ID of the actual portrait image using the format: YYYYMMDDSSSCSEQ (SSS-Site code, CCamera, SEQ 0-999). \ ) New York DMV 110160 GULaw Privacy FR 138 Reseta ClosedCase ') ) 140 ) Click Reset Status. A message similar to the following is displayed Click Confirm to reset the status. Otherwise, click Cancel if you do not want to reset the status. ) ) ) Upon confirmation, the Reset Status button is no longer available on the screen. The image background color changes to gray and the record returns to a No Issues status. ) ) New York DMV 110161 GULaw Privacy FR 140 \ / RecordStatus Permanently Flagged as Suspect ) ) ) ') ) Permanently Flagged as Data Error ) ) ) ) 142 ) ) If a record contains a Yellow background the record is Closed and Permanently flagged as Suspect or Criminal Activity. If the color is Magenta a red/purple color the record is permanently flagged as Data Error. Once you get used to the different colors you can quickly identify the status of the record. Also, if you hold your mouse over the background a tool tip will pop up to give you the status of the record. By the way, if you hold your mouse over any of the other buttons you will also get a tool tip. ) ) \ / New York DMV 110162 GULaw Privacy FR 142 1 I l ) ) ) Questions???? ·~ J '\ j \ I 1I ) ) ) ) 144 ) ) \ j ) ) New York DMV 110163 GULaw Privacy FR 144 2.3.t3.7 Issue Escalation Path 2.3.13.s System Maintenance Tasks The following table outlines FRS maintenance designated as Contractor-tasks and DMVtasks. System Maintenance Tasks Backups Operating System (OS) Patches Anti-Virus Network/Security VPN Access Production Hardware / Support 3rd Party Software/ Support Software System Maintenance Updates 2.a.14 Contractor Tasks DMV Tasks Contractor shall provide the plan for backups and verify process Contractor shall work with DMV to schedule approved OS patches Contractor shall work with DMV to confirm the anti-virus update Contractor shall comply with the DMV network security polices Contractor shall comply with the VPN access security polices Contractor provided hardware specifications Contractor provided 3rd party software specifications Contractor to provide weekly software system maintenance Technology Updates FRS System Updates DMV to provide tape rotations and off site storage DMV to install OS patches DMV to provide anti-virus OMV to provide network and security infrastructure OMV to provide VPN Access OMV to provide hardware and hardware support DMV to provide 3rd party software and software support FRS Upgrades At DMV's request, Contractor shall upgrade the database, operating system, and related software to supported levels. Contractor shall assist in the migration of the FRS to any new hardware components. Contractor shall have six months from DMV's request for an upgrade to prepare for such upgrade. Contractor has a dedicated team to introduce new features and technology into the L-1 ABISTM (Automated Biometric Identification System) search engine and FaceEXPLORER application suite. In-version upgrades shall be tested on the test system at Contractor's facility, using DMV test data/images. The test system shall be comprised of the initial legacy enrollment components plus additional servers, to simulate the DMV production environment in Albany. As new engine technology is developed and introduced to the market, Contractor shall work with the OMV to plan a migration path for any out of version major release. Often major releases require a new comparison template to be created. For this type of upgrade, Contractor shall leverage the existing test environment at its facility in order to re-template the existing database and to requalify the new system 1 before introducing it to the OMV Albany production environment. FRS Contract #000665 New York DMV 22 110164 2/20/2009 GULaw Privacy FR Contractor shall work with the DMV team to ensure that new system technology is introduced in a seamless manner, with a process similar to the initial rollout. It is anticipated that upcoming versions will decrease the hardware requirements for this system. If available, one out of version major upgrade shall be introduced over the three-year contract term, at no additional cost to DMV. 2.a.1s Documentation Contractor shall supply high-level documentation, including detailed documentation of the connections between the FRS and DMV's IT systems. This documentation shall be provided on a media that is agreeable to DMV. At a minimum, this documentation shall include: • • • • • • • • • • Overview of the facial recognition system; Overview of the Central Image Database Server; Overview of the automatic image enrollment process; Automated Image Quality Assessment; Overview of the manual image enrollment process; Overview of the 1: 1 comparison process; Overview of the 1:N comparison process; Detailed functional requirement specifications; Detailed interface specifications; Acceptance test documentation. Contractor shall provide updates to the documentation as needed, or upon request by the DMV. Original documentation and any updates shall be provided in WORD 2003 format, or any other standard format designated by DMV. Contractor shall use a web-based document management portal where all documents shall be kept updated and made available for access by authorized DMV personnel. Contractor shall use a staged documentation development, labeling (Draft, Final, Approved) and versioning number (major and minor revision) approach for all documents to ensure efficient control of manuals. A change history section at the beginning of each document shall reflect the complete history of document for changes and revisions. 2.3.16 Installed Software Inventory Contractor shall maintain a list of all software installed on the FRS through the term of the Contract. This inventory shall be regularly updated to reflect any changes , and the inventory shall be provided to DMV. All installations, whether for initial rollout or subsequent updates, shall be routed via Contractor's Quality Assurance (QA) and release, which shall ensure that only authorized configuration changes are included in the installation by verifying that there is traceability between approved changes, new development, and the content of the installation. In addition, QA shall check the completeness of the installation by ensuring all impacted deliverables (i.e., hardware, software and documentation) are appropriately updated. Once the installation is FRS Contract#000665 New York DMV 23 110165 2/20/2009 GULaw Privacy FR approved, it shall be registered in the Configuration Management Repository and deployed at the DMV site. Deployment may consist of a field installation or an automated system update. Contractor uses the following Software Configuration Management Tools to ensure the availability of updated inventory of software and documents: • • • • 2.J.11 Oracle Installed Base/ Oracle Inventory: Installed software inventory. The inventory is maintained and managed using Oracle Part Numbers. Each release to DMV shall be assigned a part number in this system; AccuRev or similar: Centralized repository of all project software, code and configuration items, fundamentally used for source code control and document version control; AccuDuild Manager or similar package: Used to Manage Software Releases; Privia or similar repository: Centralized repository of the project document thmughout the life cycle of the project and during the operations phase; proposals, contracts, deliverables and related artifacts are maintained and tracked in the Project Portal. Training Contractor agrees to work closely with DMV to establish a training schedule which coincides with the installation schedule. Contractor agrees to provide the required number of training sessions to DMV trainers in use of the facial recognition system to enroll and compare images at a time or times determined by the DMV. The training session shall provide adequate preparation and materials for DMV trainers to train other DMV staff members. Contractor agrees to provide training in the use of the investigative browser and all of its functions, at a time or times determined by DMV. Contractor shall provide detailed step~by~step instructions for investigative browser to DMV's License Production Bureau (LPB) and Division of Field Investigation (DFI) staff. Contractor shall provide paper copies as well as electronic copies of the training materials. Contractor shall provide 20 paper copies, and additional electronic copies in the required format, to DMV for the first round of training. The latest electronic copies shall also be available on the project web portal for the life of the contract. The Contractor User Manuals and Job Aids shall provide detailed step by step instructions to end-users for executing any functionality of the application. Patt of the Job Aid shall include a Getting Stmted Guide to introduce end-users to the product. Similar to a tutorial, this manual shall explain important concepts that new users will need in order to become productive quickly. The user manual shall include the following sections at a minimum: • • • • • A cover page; A title page and copyright page; A preface, containing details of related documents and information on how to best use the user guide; A contents page; Overview of the system; FRS Contract #000665 New York DMV 24 110166 2/20/2009 GULaw Privacy FR Cr);),I . Lf New York State - Department of Motor Vehicles Facial Recognition System Contract #C000665 2120/2009 Contract #000665 New York DMV 110167 GULaw Privacy FR 1 RECITALS ........................................................................................................................................................ l 1.1 RECITALS ................................................. :................................................................................................. HIERARCHY OF PRECEDENCE...................................................................................................................... 1.2 2 1 l STATEMENTOFWORK ............................................................................................................................... 2 2.1 2 PROJECT OVERVIEW ................................................................................................................................... PROJECT MANAGEMENT PLAN ................................................................................................................... 2.2 2 2.2. I 2.2.2 2.2.3 Project Tasks ......................................................................................................................................... 2 Contractor Roles and Responsibilities ..................................................................................................3 DMV Roles and Responsibilities ...........................................................................................................5 2.3 SYSTEM REQUIREMENTS ............................................................................................................................ 5 2.3. I Enrollment of Legacy Image Database .................................................................................................5 2.3.2 Cleansing of Legacy Image Database...................................................................................................6 2.3.3 Daily Operations of the Facial Recognition System ............................................................................. 7 2.3.4 Investigator Support ..............................................................................................................................9 2.3.5 Reports ................................................................................................................................................ 11 12 2.3.6 DATA SECURITY ............................................................................................................................... 2.3.7 System Backup and Recovery ..............................................................................................................14 2.3.8 Disaster Recovery Plan .......................................................................................................................15 2.3.9 Daily Operation System Security Requirements .................................................................................15 2.3.10 Legacy Enrollment Site Security Requirements..............................................................................15 2.3.11 General Maintenance Requirements ..............................................................................................16 2.3.12 Application Software Distribution..................................................................................................17 2.3.13 System Support ............................................................................................................................... 19 2.3.14 FRS Upgrades................................................................................................................................22 2. 3.15 Documentation ...............................................................................................................................23 2.3. 16 Installed Software Inventmy ..........................................................................................................23 Training .......................................................................................................................................... 24 2.3.17 3 PAYMENT AND DELIVERY INFORMATION......................................................................................... 27 3.1 3.2 3.3 PURCHASE AND COST ............................................................................................................................... DELIVERY................................................................................................................................................. PAYMENT FOR PRODUCTS AND SERVICES................................................................................................. ACHIEVEMENTOF MILESTONES ................................................................................................................ TAXES ...................................................................................................................................................... LATE PAYMENTS ...................................................................................................................................... 3 .4 3.5 3.6 4 27 28 28 28 28 28 ADDITIONAL CONTRACTUAL PROVISIONS ....................................................................................... 30 4.1 4.2 4.3 TITLE AND LICENSE .................................................................................................................................. OWNERSHIP OF SOFTWARE, ETC............................................................................................................... SERVICES.................................................................................................................................................. 30 30 30 4.3. I Provision a/Services ........................................................................................................................... 30 4.3.2 Manner and Means ............................................................................................................................. 30 4.3.3 Subcontracts and Subcontractors .......................................................................................................30 DRIVERS PRIVACY PROTECTION ACT ....................................................................................................... 31 4.4 4.5 4.6 INFORMATIONSECURITY BREACH AND NOTIFICATION ACT.. ................................................................... ITEMS PROVIDED BY DMV ....................................................................................................................... DMV Provided Materials, Facilities, etc............................................................................................31 DMV Personnel...................................................................................................................................31 4.6.1 4.6.2 4.7 4.8 PROJECT SCHEDULE ................................................................................................................................. COMPLIANCEWITH SPECIFICATIONS ........................................................................................................ 4.8.1 4.9 Change Orders .................................................................................................................................... INTELLECTUALPROPERTY RIGHTS ........................................................................................................... 4.9.1 4.9.2 4.10 31 31 32 32 32 32 DMV-Provided Materials ...................................................................................................................32 Retained Ownership Rights .................................................................................................................32 LICENSE TO CONTRACTOR TECHNOLOGY ................................................................................................ 4. IO.I 4. I 0.2 4.10.3 33 license ........................................................................................................................................... 33 33 Rights Reserved .............................................................................................................................. No Reverse Engineering .................................................................................................................33 New YorkFRS DMVContract #000665 110168 3 GULaw Privacy FR 2/20/09 4.10.4 4.11 4.11.1 4.11.2 4.12 4.15 Letter a/Credit .........................................,..................................................................................... 36 Limitation on Liabilily .................................................................................................................... 37 Liability of Contractor Secure Credentialing Division .................................................................. 37 37 CorifidentialInformation ................................................................................................................ 37 Obligations..................................................................................................................................... 37 Return or Destruction...................,................................................................................................. 38 Injunctive Relief ............................................................................................................................. 38 38 38 Duration a/Term ............................................................................................................................ 38 Early Termination a/Contract Without Fault a/Contractor ......................................................... 38 Early Termination a/Contract Due to Contractor's Default ......................................................... 39 Early Termination a/Contract by Contractor................................................................................ 39 MISCELLANEOUS...................................................................................................................................... 4.18.1 4.18.2 4.18.3 4.18.4 4.18.5 4.18.6 4.18.7 4.18.8 4.18.9 4.18.10 4.18.11 4.18.12 4.18.13 4.18.14 4.18.15 4.18.16 4.19 4.20 4.21 4.22 36 36 RlGHT TO PERFORM SIMILAR SERVICES................................................................................................... TERM AND TERMINATION......................................................................................................................... 4.17.1 4.17.2 4.17.3 4.17.4 4 .18 34 By Contractor................................................................................................................................. 34 ByDMV .......................................................................................................................................... 35 Procedure....................................................................................................................................... 35 CONFIDENTIALITY.................................................................................................................................... 4.15.1 4.15.2 4.15.3 4.15.4 4.16 4.17 Contractor limited Warranty.........................................................................................................34 Disclaimer ...................................................................................................................................... 34 COMMERCIAL GENERAL LIABILITY AND PROPERTY DAMAGE INSURANCE.............................................. LEITER OF CREDIT; LIMITATIONS ON LIABILITY...................................................................................... 4.14.1 4.14.2 4.14.3 33 34 INDEMNIFICATION.................................................................................................................................... 4.12.1 4.12.2 4.12.3 4.13 4.14 Escrow ............................................................................................................................................ LIMITED WARRANTIES AND EXCEPTIONS................................................................................................. 39 Independent Contractors................................................................................................................ 39 Compliance With Laws ................................................................................................................... 40 Notices ............................................................................................................................................ 40 Severability ..................................................................................................................................... 40 Force Majeure (Events Beyond Control) ....................................................................................... 40 Assignment ..................................................................................................................................... 41 Complete Agreement ...................................................................................................................... 41 Modification ................................................................................................................................... 41 41 No Waiver....................................................................................................................................... Language ........................................................................................................................................ 42 Survival .................................................................:........................................................................ 42 Public Statements ........................................................................................................................... 42 Corifiict of Interest; Non-solicitation.............................................................................................. 42 Termination For Cause .................................................................................................................. 42 Requirements Regarding Women and Minority Owned Business Development ............................ 42 Procurement Lobbying Act Termination Clause ............................................................................ 42 DISPUTES .................................................................................................................................................. PROCUREMENTLOBBYING REQUIREMENT ............................................................................................... CONTRACTOR CERTIFICATION.................................................................................................................. CONSULTANT DISCLOSURE LEGISLATION ................................................................................................ 42 43 43 44 APPENDIX A STANDARD CLAUSES FOR ALL NYS CONTRACTS ................................................... 48 APPENDIXB DRIVER'S PRIVACY PROTECTION ACT (DPPA) ........................................................ 56 APPENDIXC MEMORANDUM OF UNDERSTANDING - DPI'A ......................................................... 59 APPENDIXD NYS PROCUREMENT LOBBYING POLICY AND PROCEDURES ............................. 63 APPENDIXE COMPLIANCE OR NON-APPLICABILITY TO§ 5-A OF THE NYS TAX LAW ... 79 APPENDIXF ST-220- CA .............................................................................................................................. 80 APPENDIXG ST-220-TD ................................................................................................................................ 82 APPENDIXH INFORMATION SECURITY BREACH AND NOTIFICATION ACT ............................ 86 NYS GENERAL BUSINESS LAW SECTION 899-AA ................................................................................................... NYS TECHNOLOGY LAW SECTION 208 ................................................................................................................... SECURITYBREACH AND DISCLOSURE ACT REPORTING FORM ................................................................................ New York FRS DMVContract #000665 110169 4 86 89 92 GULaw 2/20/09 Privacy FR APPENDIX I CONSULTANT DISCLOSURE LEGISLATION .................................................................... 94 CHAPTER10, LAWSOF2006 ................................................................................................................................... FORM A ................................................................................................................................................................. 94 96 FORM 8 ................................................................................................................................................................... 97 APPENDIX J TERMS AND DEFINITIONS .................................................................................................... 98 APPENDIX K CHANGE CONTROL PROCESS & PROCEDURES ...................................................... 105 APPENDIX L SOFTWARE ESCROW AGREEMENT ............................................................................ 108 APPENDIX M NYS CYBER SECURITY POLICIES ................................................................................. 109 APPENDIXN SAMPLE PROJECT PLAN ................................................................................................ 110 APPENDIX O HARDWARE & SOFTWARE SUMMARY ....................................................................... 113 APPENDIX P NY FACIAL RECOGNITION SYSTEM BUSINESS CONTINUITY PLAN ................ 116 APPENDIX Q NY FACIAL RECOGNITION SYSTEM DISASTER RECOVERY PLAN ................... 130 Contract #000665 New YorkFRS DMV 110170 5 GULaw Privacy FR 2120109 1 RECITALS 1.1 Recitals This Product and Services Sales Agreement (this "Agreement" or "Contract"), dated this~ day of~, 2009, is entered into by and between the New York State Depaitment of Motor Vehicles, an agency of the State ofNew York, with an address at 6 Empire State Plaza, Room 138, Albany, New York 12228 ( "DMV") and L-1 Iclentjty Solutions Operating Company, a Delaware corporation, acting through its Secure Credentialing Division, with fill address at 296 Concord Road, Billerica, MA O1821 (collectively, "Contractor"). WHEREAS, the DMV released a Request for Proposal for Facial Recognition System, dated July 7, 2008 (the "Program"); WHEREAS, the DMV awarded a contract to Contractor under the Program; WHEREAS, the parties mutually desire to memorialize their rights and duties under the Project in this Agreement. WHEREAS, this Agreement, including the Exhibits attached hereto, governs the sale of ce1iain products by Contractor to the DMV and the supply by Contractor to the DMV of ce1iain related installation, custom engineering, and other services related to the Products. NOW, THEREFORE, in consideration of the mutual promises, covenants and conditions set forth below, DMV and Contractor hereby agree as follows: 1.2 Hierarchy of Precedence In the event of any conflict of terms, the hierarchy of precedence shall be as follows with No. 1 being highest in order: v 1. Appendix A, "Standard Clauses For All New York State Contracts"; ' 2. The Agreement, inclusive of all Appendices except Appendix A; 3. The Contractor's response to the RFP 4. The RFP #C000665 issued on dated July 7, 2008; FRS Contract #000665 New York DMV 110171 2/20/2009 GULaw Privacy FR // 2 2.1 STATEMENTOFWORK Project Overview Contractor is providing the DMV with a facial recognition system solution ("FRS") subject to the terms and conditions of this Agreement. The Contractor shall emoll the 17 million images, which are comprised ofDMV's legacy image database, at the Contractor's own site using only the Contractor's own equipment. The enrolled legacy image database shall then be delivered to DMV and loaded onto equipment (meeting the specifications required by the Contractor as outlined in this contract) which shall be provided by DMV. The Contractor shall then install an FRS that shall both perform 1:1 (one-to-one) and 1:N (one-to-many) searches on DMV's daily image capture volumes, (approximately 20,000 images daily), while concurrently cleansing (performing a 1:N search) the enrolled legacy image database. This system shall be installed at a site designated and provided by DMV and shall only use equipment (hardware and operating software meeting the specifications required by the Contractor as outlined in this contract) provided by DMV. 2.2 2.2.1 Project Management Plan Project Tasks Based on the proposed project plan the principal high level project task along with target completion dates are given below: Project Task Contract Phase P Janning Phase Requirements Phase Documentation Phase Setup and Enrollment of Legacy Database Testing of Legacy Database Setup and Enrollment Procurement Phase Installation of Daily Operations Svstem Testing of Daily Operations System Train the Trainer System Rollout System Turned Over to Contractor Support for Maintenance Start 10/14/2008 3/02/2009 3/09/2009 3/30/2009 4/13/2009 5/13/2009 3/16/2009 7/06/2009 7/10/2009 7/28/2009 7/28/2009 8/14/2009 End 3/27/2009 3/05/2009 3/27/2009 4/10/2009 7/10/2009 6/19/2009 6/05/2009 7/17/2009 7/27/2009 7/29/2009 8/14/2009 8/14/2009 The first critical task following contract finalization shall be the planning phase in which Contractor shall meet with NY DMV staff and draft a final Project Plan reflecting the actual implementation dates as required by the DMV and as accepted by Contractor. The final Project Plan shall supersede the dates set forth in this Section 2.2.1. A more detailed sample project plan can be found in Appendix N, "Sample Project Plan". Immediately following the issuance of an agreed to project plan, Contractor and the DMV shall have a series of meetings to generate the requirements specifications which shall govern the design and development of the system. FRS Contract #000665 New York DMV 2 110172 2/20/2009 GULaw Privacy FR 2.2.2 Contractor Roles and Responsibilities The following table identifies the Contractor's roles and responsibilities, and contact information for the Contractor's key personnel for this project. Leadership Team Role Program Manager Name Phone Number(s) Email Address James McDermott 978-932-2262 jmcdermott@LIID.com Account Executive Alan Chapski 508-400-1510 achapski@L 1ID .com The roles and responsibilities of each are as follows: Program Manager: The Program Manager (PM) shall serve as Contractor's main point of contact with DMV for all matters dealing with this contract. The PM shall manage requirements and deliverables; lead the project team; and manage all tasks in the development, implementation, and delivery of the project. The PM shall also control the project and maintain the project plan (track due dates, deliverables, design reviews and progress updates). The PM shall lead the system requirements definition with DMV to ensure that the system meets the defined specifications. The PM shall also conduct design reviews related to hardware and software modules and shall work with the implementation team to assure quality engineering installations. The PM shall be available 100% of the time prior to full system implementation and system rollout, and as needed during ongoing maintenance and support. Account Executive: Shall work with the Program Manager and DMV to ensure a successful implementation. Additional personnel may include: Systems/Security Architect: The Systems/Security Architect (SSA) shall be responsible for overall system architecture. The SSA shall work on the development of design specifications and requirements. The SSA shall develop procedures to ensure the integrity of data, and reliability of systems, and shall contribute to the development oftest plans and requirements. The SSA shall participate in the development of the Facial Recognition System design, and in design reviews and technical reviews. The SSA shall provide technical advice to the PM. The SSA shall be available 70% of the time during design, development, test and implementation phases. SSA involvement shall be reduced to 5% to 10% during ongoing operational support. Lead Database Administrator: The Lead Database Administrator (LDA) shall manage the setup, configuration, and administration of the enrollment, production, and test Oracle databases. The LDA shall be available 80% of the time during design, development, test and implementation phases. LDA involvement shall be reduced to 5% to 10% during ongoing operational support. Biometric Software Manager: The Biometric Software Manager (BSM) shall manage the development of custom software features and FR business workflows. The BSM shall be available 70% of the time during design, development, test and implementation phases. BSM involvement shall be reduced to 5% to 10% during ongoing operational supp01t. FRS Contract #000665 New York DMV 3 110173 2/20/2009 GULaw Privacy FR Lead Programmer Analyst: The Lead Programmer Analyst (LPA) shall manage the development of business rules and system interfaces as they are applied to the application workflows. The LP A shall be available 90% of the time during design, development, test and implementation phases. LDA involvement shall be reduced to 2% to 4% during ongoing operational suppo1t. Programmer/Analyst: The Programmer/Analyst (PA) shall perform analysis and workflow creation as directed by the Lead Programmer Analyst. The PA shall be available 90% of the time during design, development, test and implementation phases. PA involvement shall be reduced to 2% to 4% during ongoing operational support. Lead Software Engineer: The Lead Software Engineer (LSA) shall create the customized software and perform integration efforts. The LSA shall be available 90% of the time during design, development, test and implementation phases. LSA involvement shall be reduced to 5% to 10% during ongoing operational support. Senior Product Line Manager: The Senior Product Line Manager (SPLM) shall manage FRS system capabilities to ensure project requirements are integrated into the appropriate Product development efforts. The SPLM shall be available 25% of the time during design, development, test and implementation phases. SPLM involvement shall be reduced to 5% to 10% during ongoing operational support. Training Manager: The Training Manager (TM) shall provide all training material for Image Collection Systems and shall be responsible for conducting formal and informal training as required by DMV. The TM shall work closely with DMV in creating the training program and training schedule. The TM shall be available 100% of the time during the training phase. Onality Assurance Test Manager: The Quality Assurance Test Manager (QATM) shall establish the Program's quality standards and shall ensure that all hardware and software are in compliance with contractual and program quality standards. The QATM shall develop test requirements and shall coordinate and monitor testing. The QA TM shall be available 25% of the time during design, development, and implementation phases; and 100% of the time during test phases. QATM involvement shall be reduced to 2% to 4% during ongoing operational support. Director of Installation Services: The Director oflnstallation Services (DIS) shall oversee all installation activities including defining physical site requirements, conducting site surveys, training and installation. The DIS shall ensure that the system as installed is ready for ongoing support and shall smoothly transition into operation. The DIS shall be available for 10% of the time during design and test phases and for 100% of the time during implementation. Field Service Manager: The Field Service Manager (FSM) shall lead the field service organization and shall manage calls for repair, software bug reports, and upgrades. The FSM shall be available for 25% of the time during the implementation phase and shall be available 10% of the time during ongoing operational support. OMV Service Manager: The DMV Service Manager (DSM) shall manage all aspects of services, maintenance, support and training to ensure that all DMV needs are met. The DSM shall manage help desk staff and field teclmicians to resolve all DMV-related issues and to ensure that state-of-the-art service is provided. The DSM shall be available for 25% of the time FRS Contract #000665 New York DMV 4 110174 2120/2009 GULaw Privacy FR during the design, development, and implementation phases and I 00% of the time during ongoing operational support. Help Manager: The Help Manager (HM) shall be responsible for scheduling Help Desk coverage and ensuring all Help Desk contractual requirements are met. The HM shall be available for 25% of the time during the design, development, implementation, and ongoing operational support phases. L-1 management staff and core team members shall be supported by additional staff and resources, as may be needed to meet project timelines, without additional cost to DMV. In the event there is a personnel change, the Account Executive shall notify the NY DMV Program Manager of the change within 5 business days. If the change occurs with the Account Executive, the Program Manager shall handle the notification. 2.2.3 OMV Roles and Responsibilities The following table identifies the DMV's roles and responsibilities, and contact information for DMV's key leadership personnel for this project. Leadership Team Role Project Manager Name Email Address David Irving Phone Number(s) 518-408-2034 Teclmical Manager Mark Hammond 518-473-2168 mhamm@dmv.state.ny.us Business Lead (DFI) David Fribourg 518-4 73-1074 dfrib@dmv.state.ny.us Business Lead (LPB) Janice McGowty 5 I 8-4 74-0482 jmcgo@dmv.state.ny.us dirvi@dmv.state.ny.us The roles and responsibilities of each are as follows: Project Manager: The DMV Project Manager shall be the DMV's primary and single point of contact for all matters related to this project. This person shall be in direct communications with the Contractor project manager and shall be responsible for maintaining and resolving all matters requiring DMV suppmt that may arise during the course of this project from startup to post rollout. The project manager shall be available as appropriate to the stage of the project. Technical Manager: The Technical Manager shall serve as the DMV's primary resource for all technical issues related to the project. This person shall work closely with Contractor's technical team to generate the final requirements. Business Lead (DFI): The Business Lead (DFI) shall coordinate all necessary background checks and arrange for the secure transportation of any data and/or software. Business Lead (LPB): The Business Lead (LPB) shall relay any LPB user problems or issues regarding software operations, training, or daily image emollment to the DMV Project Manager. 2.3 2.3.1 System Requirements Enrollment of Legacy Image Database Initial emollment of the legacy image database is the sole responsibility of the Contractor. Enrollment of the legacy image database must be done on Contractor's premises. Contractor shall be responsible for the acquisition, operation and maintenance of all equipment used for the FRS Contract #000665 New York DMV 5 110175 2/20/2009 GULaw Privacy FR initial enrollment. DMV shall deliver to the Contractor the legacy image database JPEGS and applicable DMV data (approximately 17 million images), _ina secure fashion, on a medium to be mutually agreed upon by DMV and the Contractor. Statistics on the enrollment success rate shall be documented, and shall include any reasons for failure to enroll. The error codes that shall be used when an image is rejected for enrollment are as follows: • • • • • • • • • • • Darkness Brightness Exposure Focus Resolution Cropping Glass glare Faceness Contrast Texture Head finding confidence Images meeting the quality standards incorporated in ISO/IEC 19794-5 shall automatically enroll at a rate of 97% or better. All legacy images shall be enrolled within 6 weeks from Contractor's receipt of the images from DMV. After initial enrollment, the wsulting database of enrolled images shall be delivered to DMV, and loaded onto DMV's equipment specified in Appendix 0). The Contractor shall provide a manual enrollment process for any records that are rejected in the automated enrollment process (i.e., "failure to enroll" records). Cleansing of Legacy Image Database 2.3.2 After the delivery of the enrolled DMV legacy image database to DMV, the cleansing of the DMV legacy image database system shall run concu11'entlywith daily facial recognition operations and shall be completed by the end of the three year contracted period. The legacy image database system shall compare each image in the DMV legacy image database to every other image in the database. Where comparisons meet or exceed the match threshold, the system shall generate a candidate match list that is sorted from "most likely" to "least likely". The results shall be presented in a searchable format and reside in a queue that shall be separate from the results of daily operations. · The FRS shall allow DMV to set and re-calibrate, as desired, match thresholds for the initial database cleansing for a minimum of 2 confidence bands: • • Absolute Match; Possible Match. FRS Contract #000665 New York DMV 6 110176 2/20/2009 GULaw Privacy FR In between the time of the legacy database handoffto the contractor and the beginning of daily operations, there will be a set of images referred to as the "delta". Once the daily production of images has begun, the delta image set will be transferred from the state to the contractor in a mutually agreed to format. The contractor will import these images and data into the face recognition database, automatically enroll all viable images, and then process these images trough the 1:N FR process in the same manner as the legacy image set. Any potential matches from these images will reside in the "Daily" queues. 2.3.3 Daily Operations of the Facial Recognition System General System Requirements 2.1.1.1 The system must support a core of approximately 200 foll-time users, with 50 concurrent users. The system shall be scalable, and capable of accommodating additional users. Depending on the number of users beyond 200, the state may be required to purchase additional hardware, software, and/or services outside of this agreement. Contractor shall provide DMV with access to the system over a secure, SSL-based web application, which is compatible with Internet Explorer Version 6.0 or newer. This application shall include all report, audit, and investigator fonctions. The system shall be able to securely receive a file of images and other DMV information from a DMV file server. The system shall be abkto securely transfer files to and from the DMV server using SFTP and/or FTPS file transfer protocols or another mutually agreed upon transport mechanism. The system shall use Windows Server 2003 or a successor operating system, and Intelbased server hardware. The system shall use an Oracle 11g database platform, (or newer if the Oracle 11g is no longer supported), to be provided by the Contractor at no additional cost. The Oracle license is a Hosted database license provided by L-1 for the exclusive use by DMV for the FaceEXPLORER application. The system must be able to enroll JPEG images from any source, including still images, scmmed images, and video surveillance frames. The system must be able to use images of varying quality levels such as: • vm-ied lighting conditions; • small image sizes (300 x 300 pixels); • low JPEG image quality. The Contractor shall install a facial recognition system that shall perform both I: 1 and 1:N s.earches on DMV's daily image capture volumes, while concurrently clem1sing (performing a I :N search) on the enrolled legacy image database. 2.1.1.2 OMV Requirements This system shall be completely installed at a site designated by DMV, and shall use only equipment (hardware and operating software specified in Appendix O) provided by FRS Contract #000665 New York DMV 7 110177 2/20/2009 GULaw Privacy FR DMV. The daily operations equipment to be supplied by DMV includes servers, printers, and workstations. The following items shall also be provided by DMV: • • Images and demographic data; Adequate server space; power; HV AC; remote connectivity from Contractor; network connectivity for DMV to use the system in DMV's offices in Albany, NY. 2.3.3.3 Enrollment of New Images The system shall be capable of enrolling all digital images captured by DMV during DMV's daily operations (a maximum of20,000 per day). New images captured during daily operations shall be enrolled at a rate of approximately 7,500 images per hour. Statistics on the enrollment success rate for daily operations shall be documented, and shall include any reasons for failure to enroll. The error codes that shall be used when an image is rejected for enrollment are as follows: • • • • • • • • • • • Darkness Brightness Exposure Focus Resolution Cropping Glass glare Faceness Contrast Texture Head finding confidence Images meeting the quality standards incorporated in ISO/IEC 19794-5 shall automatically enroll at a rate of 97% or better. The Contractor shall provide a manual enrollment process for any records that are rejected in the automated enrollment process (i.e., "failure to enroll" records). The transfer of the images mid DMV information files shall be done via a secure FTP server to be provided by DMV or by another mutually agreed upon transport mechanism. Files for daily processing shall be made available by the end of the day (NLT 10:00 p.m.). These images must be processed (enrolled, ve1'.ified,and identified with 1:1 and 1 :N match reports generated), by 7:00 a.m., on the following business day. The Contractor shall provide the ability to enroll images in a way that makes the emolled image "unnmtchable" in any comparison. NY will specify the business rule( s) required for L-1 to perform this operation on the desired images. New York FRS DMVContract #000665 8 110178 2/20/2009 GULaw Privacy FR Image Comparisons for New Images 2.3.3.4 On a daily basis the system shall perform I: I comparisons for all digital images captured by DMV on a daily basis (a maximum of20,000 per day), using the new image against a previously stored image(s) for the same client identification number (CID). The system shall identify any "absolute non-matches" in the I: 1 string of images. The results shall be presented in a searchable format. The system shall compare each daily batched image (a maximum of20,000 per day) to every other image in the em-oiled database. Where comparisons meet or exceed the match threshold, the system shall generate a candidate match list that is sorted from "most likely" to "least likely". The results shall be presented in a searchable format. The system shall provide the ability for DMV to configure the image match threshold when and if DMV finds this to be necessary. The system shall allow DMV to input ad-hoc images and conduct one-to-many (1 :N) searches on a scheduled or on-demand basis. The results of these ad-hoc searches shall be presented in a searchable format. Facial Recognition System shall allow DMV to set and re-calibrate, as desired, match thresholds for a minimum of 3 confidence bands: • • • Absolute Match; Possible Match; Absolute Non-Match. Image Comparison Output 2.J.J.s The output provided by the Contractor, resulting from the overnight comparison process, · shall include the following: • • • 2.3.4 a file of client ID numbers for all images that passed both the 1: 1 and 1:N compansons; a queue of images that failed the 1:1 comparison (absolute non-matches); a queue of images that failed the I :N comparison (potential and absolute matches). Investigator Support The system shall provide user-based access to data and functionality, including: • • • • • allowing users to select the maximum number of images ("N") to be displayed for each photo comparison; query the database for specific records to use within a comparison; execute comparisons to identify duplicate images within a database; ability to perform searches using predetermined demographic data (e.g. age, gender, height) to filter the comparison database; support a status flag within records in the database to indicate suspected fraud, approval for DL/ID issuance, or to close a case; New York FRS DMVContract #000665 9 110179 2/20/2009 GULaw Privacy FR • • generate daily a file of client ID numbers for all images that have been designated by investigators as approved for DL/ID issuance; produce, view, print, and schedule reports. The proposed system shall have the ability to add notes as part of the investigator function; indicate the user who added the notes; and allow a user to view those notes upon request. The system shall provide configurable settings for interactive comparisons, which are accessible by individual investigators during: • • • progressive searching of suspected duplicate DL/IDs; investigation of externally uploaded images; investigations of duplicate DL/IDs discovered by law enforcement. The user interface shall be easy and simple to use, so occasional users can use the system with minimal training. For each image on the summary view, the system shall provide a side-by-side view of the probe with a view of the candidate matches, to support detailed evaluation of potential fraud. The side-by-side view of facial images shall include, with each image, the following related data and images that shall be provided to the Contractor by DMV: • • • • • • • • • • • • Client ID Number; Global Reference Number (GRN); DL/ID Issuance Date; Name; Date of Birth; Address; Height; Eye Color; Gender; Signature Image; Match Score; Data from Previous Investigations. The system shall support progressive searching, by using one of the match candidates within the results view as a probe in a new interactive comparison. The system shall provide a function to generate printed dossiers and other supporting documents, which include images and data to be used during formal investigation and/or adjudication activities. New YorkFRS DMVContract #000665 10 110180 2/20/2009 GULaw Privacy FR 2.3.s Reports General Requirements 2.3.5.1 The proposed system shall provide reporting functionality that shall include, at a minimum, reporting on all aspects of the enrollment and matching processes, database management, and executive summary information. The system shall generate a daily system status report that it shall send by email to a designated DMV contact person, in the event of a system outage. System Reports 2.3.s.2 The system shall provide configurable reports of system activities and comparison results which permit the independent evaluation of system performance along with all activities of the system (timestamps, operators, actions). At a minimum this shall include: • • user reports detailing the time the system was accessed, user identification, and the amount of time the system was in use; repotis detailing emollment and matching statistics. Comparison Reports 2.3_5.3 Comparison results whether created during initial cleansing, during nightly batches, or performed interactively shall be organized as a list which includes key details that support grouping and sorting for efficiency. At a minimum, these details shall include: • • • • • • • • • • • • • • Client ID Number; Global Reference Number (GRN); DL/ID Issuance Date; Highest Match Score; Number of Matches; Name; Date of Birth; Address; Height; Eye Color; Gender; Signature Image; Match Score; Data from Previous Investigations. For each row in the results list, the system shall construct a summary view containing images and data which indicate possible duplicates. Data on this page shall include: • • • • • Client ID Number; Global Reference Number (GRN); DL/ID Issuance Date; Portrait Images for the Probe and All Templates Identified as Possible Matches; Signature Images for the Probe and All Templates Identified as Possible Matches; New YorkFRS DMVContract #000665 11 110181 2/20/2009 GULaw Privacy FR • • • • • • • • • 2.a.s Name; Date of Birth; Address; Height; Eye Color; Gender; Signature Image; Associated Match Scores; Data from Previous Investigations. DATA SECURITY Contractor shall protect all DMV data, in transit or at rest, in accordance with the statewide information security policy of the NYS Office ofCyber Security and Critical Infrastructure Coordination (CSCIC). Protection of Data at Rest 2.J.6.1 Only authorized administrators from Contractor, or approved sub-contractors, shall have access to, and use of, DMV data. All access to DMV data shall be controlled and auditable. In those cases where access is obtained through a PC, the access control shall be through log-on user ID/Passwords. The logging requirement for such Direct Access shall be satisfied by retaining log-on information (user ID and date/time) for all personnel who have access to the PC. Access logs must be maintained for a period of 6 years following the expiration of the contract and shall be provided by Contractor to DMV at any time during such 6-year period for audit. Hard copies ofDMV data shall be secured against access by unauthorized persons. DMV data shall not be copied or shared with anyone outside of the Contractor's organization, other than authorized DMV employees or representatives. DMV data exchanged by electronic means shall be stored in a place that is physically secure from access by wmuthorized persons. The facility shall be secured by card access and 24/7 monitoring cameras. The entire rack shall then be located in a restricted access room which is only used for secure credential production and disk storage of secure information. Within the facility, DMV data shall be stored on servers held in a locked rack. Only the Project Manager and Technical Lead shall have keys to this rack. The network shall be setup in a manner which places DMV data on an isolated LAN. 2.J.6.2 Disposal of Electronic DMV Data In order to prevent the unauthorized disclosure or dissemination ofDMV data, electronic storage devices (such as hard disk drives) and other magnetic/optical media (such as tape, diskettes, or CDs), which contain DMV data, shall be either (I) physically destroyed, or (2) returned to DMV, or (3) securely overwritten. When overwriting the data, the device or file(s) shall be overwritten, using U.S. Depmtment of Defense clearing standards (Department of Defense (DOD) Standard New YorkFRS DMVContract #000665 110182 12 2/20/2009 GULaw Privacy FR 5220.22-M, and DoD.5200.28-STD: http://www.dtic.mil/whs/directives/corres/html/522022m.htm), passes. 23.63 with seven (7) overwrite Disposal of Hard Copy ofDMV Data Disposal of hard copies of DMV data shall be accomplished through the use of a crosscut shredder, or safer disposal mechanism. 23.6.4 Confidentiality The equipment used in the conversion from the legacy image database to the new FRS shall reside in a secure, secluded area behind three layers of physical security. This enrollment system shall be a stand alone rack with no external data connections. After processing, all data shall be destroyed in compliance with the aforementioned requirements. During ongoing operations the data shall be stored and managed by the DMV in DMV's facility, in order to benefit from the physical security ofDMV's facility. The Contractor shall ensure that all data transfers occur in an encrypted secure fashion. Stored data shall also be encrypted to maximize security. Transport of physical media containing DMV data shall follow these safeguards: • • • • • Data stored on removable media (tape backups, optical storage, flash based memory or external hard drives) shall be encrypted prior to transport; Media shall be kept in a locked transpott container during transpott; Media shall be directly transpmted between Contractor and DMV facilities by Contractor's personnel, or by a commercial carrier contracted to transport the media, in conformance with the Department of Defense Constant Surveillance Service transpott regulations (see http://www.sddc.army.mil/sddc/Content/Pub/1482/ /aftrpS .pdf for details); Personnel shall keep the media in their personal possession (except as may required by appropriate law enforcement); In emergencies, if the media cannot be delivered directly to the Contractor's facility, the transport container shall be stored in a locked storage container within a locked residence (wall safe or fully enclosed, permm1ently mounted, metal gun safe). Contractor shall protect and maintain the confidentiality and security of DMV data to the fullest extent possible. Direct Access to DMV data shall be limited to an "as needed", or , "need to know" basis (i.e., DMV data shall only be accessed as required to perform the work that is necessary to deliver the product or service for which the DMV has contracted hereunder). · All Contractor personnel with access to DMV data during DMV's onsite enrollment of the legacy images, or providing suppott to ongoing operations at the DMV, shall be subject to background checks, and Contractor shall be responsible for informing personnel in writing of the confidential nature ofDMV data. New York FRS DMVContract #000665 110183 13 2/2012009 GULaw Privacy FR Any derivatives of the DMV data, such as the creation of a facial recognition template database or a fraud screening report, shall be managed as DMV data if any elements of the original DMV data persist into the derivative. 2.J.6.s Access to OMV Data Contractor acknowledges that all DMV data is confidential and the property of DMV and the State of New York. Contractor shall control access to those areas in which DMV data is stored when DMV data is in the Contractor's possession. Only authorized employees directly involved in the processing and storage of such data will be permitted access the storage areas. Contractor shall identify all employees to DMV who may be authorized to gain access to the data storage area. All such employees shall undergo background checks, which shall be subject to approval by DMV prior to granting authorization. Contractor shall maintain adequate security to prevent unauthorized access to, or theft or vandalism of, DMV data by anyone at all times that DMV data is in their possession. Contractor shall advise all personnel with access to DMV data of the criminal consequences for unauthorized access to, or use of, such data. All of Contractor's employees, subcontractors, and employees of subcontractors, having access to DMV data shall sign a non-disclosure affidavit. Contractor shall execute any additional agreements necessary to safeguard DMV data. Contractor shall provide DMV with written notice of any suspected or confirmed misuse of, or unauthorized access to, DMV data, within one hour from the discovery of such misuse or unauthorized access. Contractor recognizes that the intentional failure to submit such notification shall result in civil and/or criminal penalties as provided by law. All DMV data and data transmissions shall be secured from unauthorized access. Access to DMV data exchanged shall be protected in such a way that unauthorized persons cam1ot review or retrieve the information. 2.J.6.6 Security Review The design and architecture of the Facial Recognition System shall meet or exceed the standards established by the NYS Office of Cyber Security and Critical Infrastructure Coordination (CSCIC). The design and architecture shall pass an initial internal DMV security review, in addition to any subsequent security audits conducted by DMV's Information Security Office. 2.3.1 System Backup and Recovery DMV shall integrate the proposed daily operations system into its existing database and server backup systems. The Contractor shall work with DMV to develop, test, and document an appropriate backup and recovery strategy. Complete documentation of the backup and recovery procedures for the proposed daily operations system shall be provided to the appropriate DMV staff. System recovery procedures shall be reviewed as part of system design. Prior to system implementation, recove1y procedures shall be documented, tested and proved. FRS Contract #000665 New York DMV 14 110184 2/20/2009 GULaw Privacy FR A Business Continuity Plan is attached as Appendix P. The system shall be built with fully redundant components and mirrored by Oracle Data Guard to provide full failover capability for any component failure. 2.3.B Disaster Recovery Plan The disaster recovery plan is attached as Appendix Q. The plan provides procedures to be followed for the expeditious recovery of all critical elements. The plan shall be updated, as needed over the course of the Contract, or upon the request of the DMV. The plan includes complete specifications for all hardware to be replaced, so any such hardware can be ordered on an emergency basis. DMV is responsible for purchase of the hardwme. The plan includes detailed testing criteria for each step of the recovery process. The plan is based on the assumption that processing must resume within 48 hours of a disaster. The plan is predicated on the fact that the required DMV hardware, 3rd pmiy software, and network infrastructure is in place and ready for FRS recovery by the Contractor. 2.3.9 Daily Operation System Security Requirements 2.J.9.1 System Security The Contractor shall adhere to existing DMV security standards when interfacing with existing DMV applications. DMV may, at its discretion, place the facial recognition servers on an isolated network segment behind a firewall. In that event, DMV shall work with the Contractor to define an appropriate firewall rulebase. All network settings, including server name, IP address, and domain membership shall be solely at DMV's discretion. DMV's Information Technology unit shall be solely responsible for ensuring compliance with all security policies on the servers and workstations. 2.J.9.2 Control Features The system authentication shall use DMV's internal Microsoft Active Directory authentication system to provide log-on services, as well as to utilize its ability to designate specific levels of access to the system. The proposed system shall log all user activity including FRS specific record changes, record semches, manual accepts and/or overrides, etc. 2.3.10 Legacy Enrollment Site Security Requirements 2.J.10.1 Alarm System Contractor shall provide a system for securing the area where enrollment of the legacy image database shall occur, with a UL-approved intrusion and fire alarm system, with battery back-up, which is integrated with either a law enforcement agency or a licensed private security company acceptable to the DMV. In the event that the Contractor's premises are not occupied 24 hours a day, and m1electrical outage or telephone line failure occurs which makes the alarm system inoperative, the Contractor shall provide New York FRS DMVContract #000665 15 110185 2/20/2009 GULaw Privacy FR licensed security guards at the facility until the alarm becomes operative, at no additional cost to DMV. Background Investigation 2J.10.2 Notwithstanding any provision to the contrary contained in this Agreement, Contractor shall work within the DMV's security-clearance requirements and ensure that all staff working on this project are properly cleared. Contractor shall assume the costs of these security measures. Plant Inspection 2J.10.J DMV reserves the right to enter the Contractor's premises at any time during normal business hours to evaluate the Contractor's plant security and storage facilities, to ensure full compliance with all specifications of this Contract. Plant security inspections and audits must demonstrate that the security measures indicated herein are fully met at all times during the term of the Contract. Contractor, and any subcontractors, shall permit unannounced and intermittent security inspections by DMV of all of their facilities relating to this project. 2.3.11 General Maintenance Requirements During the entire term of the Contract, Contractor shall provide maintenance to keep the system in, and restore the system to, "good working order." For the purposes of this Contract, "good working order" as applicable to software shall mean: • • Software shall perform all functions as required by this Contract; Software shall perform all functions as specified in the Contract. In order keep the system and database operating at peak performance Contractor shall require four (4) hours of preventative system maintenance typically occurring each week between 8:00a.m. to 12:00 p.m. each Sunday. During this period Contractor shall analyze database indexes, manage archive logs, and adjust table spaces. Contractor shall also validate search engine system perfo1mance and implement any approved and tested change orders/bug fixes. Contractor shall provide all necessary maintenance to the system related to software enhancements and troubleshooting. Contractor agrees to perform all software maintenance without the intervention of DMV users or DMV IT staff. During the life of the Contract, Contractor shall obtain and install required periodic software upgrades (new versions or service packs), at no cost to DMV, upon request and in the sole discretion of DMV teclmical staff. 2J.11.1 Operating System and Third Party Software The FRS shall function within the secure computing environment managed by DMV. This shall include the following necessary software upgrades: • • Operating system critical patches and updates (after testing and review by Contractor); Operating system service pack updates (after testing and review by Contractor); New YorkFRS DMVContract #000665 110186 16 2/20/2009 GULaw Privacy FR • • Third-party software critical patches and updates (after testing and review by Contractor); Application bug fixes or enhancements to Contractor's application software. 2.3.11.2 Connectivity to DMV DMV shall allow the Contractor to remote-control the Facial Recognition servers over a Virtual Private Network (VPN) connection with Microsoft Terminal Services. The Contractor agrees to adhere to DMV's VPN security agreement. 2.J.11.3 Anti-Virus and Security Patching The FRS shall function within the secure computing environment managed by DMV, including compatibility with anti-virus software used by DMV. 2.3.12 Application Software Distribution All application code is web-based, therefore all updates shall be centralized on the FaceEXPLORER web servers. Contractor shall use a carefully designed and executed process for release/ patch management to ensure that product updates and upgrades are transitioned to production seamlessly, without causing any disruption to DMV. The releases may include any of the following: • • • Product updates to include enhancements / modifications as per change requests or according to Contractor product enhancement strategy; Bug fixes to resolve production issues - Bug fixes may be required to be moved as emergency "patches"; Operating system / licensed software updates I upgrades / security patches. A release plan shall be created on a regular basis to plan out the scheduled releases. This plan shall also consolidate the updates to minimize the need for frequent releases, except when an emergency patch is required to fix a production problem. The QA tested release shall first be deployed on a staging/ test environment. The staging enviromnent shall simulate the production enviromnent and hence the same tools and process shall be used for applying the release as shall be used for production. Once the deployment in the staging environment is successfully completed and tested, the release shall be ready to be deployed in production. This test environment shall be at the Contractor's headquarters, utilizing DMV test data/images. For each software release, release notes shall be generated that indicate all configuration management items, changes, bug fixes, and other modifications that went into the release. Complete audit trails shall be available for each release component, in order to ensure that any changes that cause disruptions can immediately be rolled back if needed. New York FRS DMVConlracl #000665 17 110187 2/20/2009 GULaw Privacy FR 2J.12.1 Application Updates Change Control Process Major changes are those with significant impact on the requirements or specifications documents. These require a thorough evaluation before inclusion in the FRS. The change control process shall ensure effective management of major FRS changes. Effective management shall mean involving the appropriate stakeholders and accurate assessment of the potential impact to the project's cost, scope, risk, and schedule. Management and Standards Following development of the software, the Contractor shall employ the following systems to manage the project: The source code control system The source code control system (SCS) shall support the orderly development of software by many developers working collaboratively. The SCS shall enforce a check-out/checkin discipline to guarnntee that cooperating developers do not inadvertently make conflicting changes to code. The SCS shall incorporate the naming and version conventions applied to software components to enable management of builds and baselines. The issue tracking system The issue tracking system (ITS) shall track defects, enhancement requests, build requests, and other actions affecting the software. For each issue, this system shall track the current owner, priority, status, history, related issues, etc. Documentation repositories Documentation, like software, evolves during the project and shall be similarly tracked and managed. Documentation shall be maintained in a document management system or sometimes, in the case of small, plain-text documents, in the source code control system. Standards repositories Standards applicable to the project's software components originate from organizations such as the International Standards Organization (ISO), the American National Standards Institute (ANSI), and the American Association of Motor Vehicle Administrators (AAMV A). These shall be available during development and testing to ensure compliance, and shall be maintained in an easily accessible repository. The release engineering environment When a software application is built for release, whether for quality assurance (QA) testing, user acceptance testing (UAT), or production, the release environment shall be carefully controlled and all details of the environment shall be captured. The details shall include not only the version of the application itself, but also the compiler used, the target operating system, the platform on which the build occurs, associated third-party software components, and so on. Managing the release environment shall guarantee reproducibility of the build, enable testing in a known enviromnent, and suppo1t discovery and repair of defects. FRS Contract #000665 New York DMV 16 110188 212012009 GULaw Privacy FR 2.3.13 System Support The Contractor shall provide the DMV with 3 years of maintenance for the FRS. Contractor shall perform all system maintenance in accordance the terms of the Maintenance Agreement. Contractor shall respond within 15-minutes to all voice, web and e-mail service requests during DMV operational hours (Monday through Friday, 7am to 5pm, excluding U.S. federal holidays). In addition to the delivered FRS, Contractor agrees to provide follow-on suppoli and maintenance through the end of the contract period, as follows: • • • • • • • • • A technical suppo1i team dedicated to this project; Comprehensive troubleshooting and problem resolution training; DMV supp01i help desk toll-free phone/email suppo1i; Direct engineering telephone support and remote problem diagnostics/resolution, via DMV provided VPN; Available on-site support for advanced problem resolutions/fixes; Regularly provided service and performance reporting; Bug repoli fixes; Software update support; Problem escalation process. 2.J.tJ.1 DMV Support Help Desk All elements of FRS maintenance and service deli very shall be coordinated through Contractor's DMV Support Help Desk. The DMV Supp01i Help Desk shall be the point of contact for all problem calls and operational issues. The DMV Supp01i Help Desk shall remain accessible to the DMV from 7:00 a.m.(EST) to 5:00 p.m.(EST), Mondays through Fridays, excluding U.S. Federal holidays. All calls to the Contractor's DMV Support Help Desk shall be logged and tracked via a state of the art call handling system. This application shall permit the Contractor to log and track all incoming calls from DMV, in order to provide quick and efficient service. The call shall remain open until DMV is satisfied with the repair. The application shall also store all of the history of every DMV call to Contractor's DMV Support Help Desk, in order to allow Contractor to analyze the basis of the call to identify trends and to take the proper corrective action. When contacted regarding a field problem, the Contractor's DMV Suppoli Help Desk shall first attempt to resolve the problem quickly over the telephone while the end-user is still on the line. When a service representative designated to DMV cannot resolve the problem over the telephone, he or she shall contact the support engineering project lead. The support engineering project lead shall then evaluate the problem and contact the DMV site to fuliher determine the required corrective action. As required, the support engineering project lead shall draw upon software, systems and database engineering technical staff to resolve the issue. If required, a field service technician or engineer shall be dispatched to the problem site. The technician or engineer shall be fully briefed and prepared by the Contractor's DMV Support Help Desk and/or engineering project lead before taking the call, in this way significantly decreasing required repair times. New York FRS DMVContract #000665 110189 19 2/2012009 GULaw Privacy FR All data captured within the Contractor call-handling system shall be continuously tracked to ensure that the repairs are made in a timely manner, and any potential systemic problems are identified and rectified as early as possible. The data shall be catalogued and maintained by the Contractor's Service Department as the source for periodic service and performance reports. The archived data shall also provide the basis for historical performance analysis which shall be used to improve Contractor maintenance and equipment performance levels. Bug Report Fixes 2.J.13.2 Contractor shall use an online tracker to compile a report of any bugs/issues raised for the deployed version of the product, and shall have dedicated staff members to respond to these problems, and to take proactive measures to prevent similaT or related problems in the future. All acknowledged and reproducible bugs shall be scheduled for fixes, and made available for deployments in the form of patches or software upgrades, based on the severity of the issues. All bug repo1is shall be tracked until the closure of the issue, (as defined by DMV). 2.3.13.3 Remote Problem Diagnostics and Resolution Contractor shall also support remote problem diagnostics and resolution capability using . remote management software components. Any trouble call or issue query, after passing through a review process, shall be assigned to the dedicated staff member for resolution, and shall be tracked in Contractor's system support log. On-Site Support 2.3.13.4 On-Site Software Services support shall be provided when phone and dial-in support fails . to resolve the issue. 2.J.ns Software Update Support Software updates shall be published regularly to suppmt any operational issues with detailed documented release notes. 2.3.13.6 Escalation Procedures The following procedure shall be used to repo1t system problems and to solve them in the shmtest possible time. 1. The site should first contact the Contractor's DMV Suppo1t Help Desk by toll free (800) telephone number. 2. The call shall be opened at the Contractor's DMV Support Help Desk, and assigned an incident number that can be used to reference the call. 3. If call queue avoidance was selected and a voicemail message left, the Contractor's DMV Support Help Desk shall call the site back within 15 minutes to determine the exact nature of the problem. 4. If the call can be diagnosed and remedied with the help of the end-users, the call shall be closed. 5. If the call needs the attention of a support engineer, the Contractor's DMV Support Help Desk shall contact the Engineering Project Lead to inform him/her of the incident, and to provide all relevant information. New York FRS DMVConlracl #000665 20 110190 2/20/2009 GULaw Privacy FR 6. The Engineering Project Lead shall determine the required cortective action with the support of software, systems and/or database engineering support staff, as required. 7. If the call is determined to need the attention of a Contractor support field technician or engineer, the Contractor's DMV Support Help Desk shall contact the Contractor technician/engineer, and dispatch the technician/engineer to the call with all materials required to fix the problem. 8. The Contractor's DMV Suppmi Help Desk shall call the site and inform them of the estimated time of response by the Contractor technician/engineer. 9. The Contractor technician/engineer shall call the Contractor's DMV Support Help Desk to report what was done, and that the person at the site who called in the problem is satisfied that it is fixed. 10. The Contractor's DMV Support Help Desk shall keep a complete record of each call, including event times, notes, the degree of urgency, locations, persons involved, and the problem resolution. 11. If the site has not received an ET A/VPN login within an hour, they should call the Contractor's DMV Support Help Desk to ascettain the ETA. 12. If the technician is late for the ETA/VPN Login, the site should call the Contractor's DMV Suppoti Help Desk and Contractor shall contact the responsible technician or software/systems engineer. Whenever possible Contractor shall be proactive, and shall notify the site if they expect to be late. 13. If the above steps do not result in a satisfactory result, the site can escalate the call by calling the Contractor's DMV Support Help Desk Manager. 14. If contacting the Contractor's DMV Support Help Desk Manager fails to resolve the matter to DMV's satisfaction, the site should then contact the designated Contractor Project Manager. 15. If contacting the Contractor Project Manager fails to resolve the matter to DMV's satisfaction, the site should then contact the Contractor Vice President of Technical Services. Any individual at the DMV, at any time, is always free to escalate any concern or issue. Contractor shall address all concerns and issues promptly and professionally. New YorkFRS DMVContract #000665 21 110191 2/20/2009 GULaw Privacy FR 2.J.13.7 Issue Escalation Path 2.3.13.s System Maintenance Tasks The following table outlines FRS maintenance designated as Contractor-tasks and DMVtasks. System Maintenance Contractor Tasks Tasks Backups Contractor shall provide the plan for backups and verify orocess Operating System Contractor shall work with DMV (OS) Patches to schedule approved OS patches Anti-Virus Contractor shall work with DMV to confirm the anti-virus update Network/Security Contractor shall comply with the DMV network security polices VPN Access Contractor shall comply with the VPN access security polices Production Hardware Contractor provided hardware / Supnort specifications 3rd Party Software/ Contractor provided 3rd party Supoort software specifications Software System Contractor to provide weekly Maintenance software system maintenance Updates Technology Updates FRS System Updates 2.J.14 DMVTasks DMV to provide tape rotations and off site storage DMV to install OS patches DMV to provide anti-virus DMV to provide network and security infrastructure DMV to provide VPN Access DMV to provide hardware and hardware support DMV to provide 3rd pmty software and software suooort FRS Upgrades At DMV's request, Contractor shall upgrade the database, operating system, and related software to supported levels. Contractor shall assist in the migration of the FRS to any new hardware components. Contractor shall have six months from DMV's request for an upgrade to prepare for such upgrade. Contractor has a dedicated temn to introduce new features and technology into the L-1 ABISTM (Automated Biometric Identification System) sem·ch engine and FaceEXPLORER application suite. In-version upgrades shall be tested on the test system at Contractor's facility, using DMV test data/images. The test system shall be comprised of the initial legacy enrollment components plus additional servers, to simulate the DMV production environment in Albany. As new engine technology is developed and introduced to the market, Contractor shall work with the DMV to plan a migration path for any out of version major release. Often major releases require a new comparison template to be created. For this type of upgrade, Contractor shall leverage the existing test environment at its facility in order to re-template the existing database and to requalify the new system, before introducing it to the DMV Albany production environment. FRS Contract #000665 New York DMV 22 110192 2/20/2009 GULaw Privacy FR Contractor shall work with the DMV team to ensure that new system technology is introduced in a seamless manner, with a process similar to the initial rollout. It is anticipated that upcoming versions will decrease the hardware requirements for this system. If available, one out of version major upgrade shall be introduced over the three-year contract term, at no additional cost to DMV. 2.3.1s Documentation Contractor shall supply high-level documentation, including detailed documentation of the connections between the FRS and DMV's IT systems. This documentation shall be provided on a media that is agreeable to DMV. At a minimum, this documentation shall include: • • • • • • • • • • Overview of the facial recognition system; Overview of the Central Image Database Server; Overview of the automatic image enrollment process; Automated Image Quality Assessment; Overview of the manual image enrollment process; Overview of the I: I comparison process; Overview of the I :N comparison process; Detailed functional requirement specifications; Detailed interface specifications; Acceptance test documentation. Contractor shall provide updates to the documentation as needed, or upon request by the DMV. Original documentation and any updates shall be provided in WORD 2003 format, or any other standard format designated by DMV. Contractor shall use a web-based document management portal where all documents shall be kept updated and made available for access by authorized DMV personnel. Contractor shall use a staged documentation development, labeling (Draft, Final, Approved) and versioning number (major and minor revision) approach for all documents to ensure efficient control of manuals. A change history section at the beginning of each document shall reflect the complete history of document for changes and revisions. 2.3.16 Installed Software Inventory Contractor shall maintain a list of all software installed on the FRS through the term of the Contract. This inventory shall be regularly updated to reflect any changes, and the inventory shall be provided to DMV. All installations, whether for initial rollout or subsequent updates, shall be routed via Contractor's Quality Assurance (QA) and release, which shall ensure that only authorized configuration changes are included in the installation by verifying that there is traceability between approved changes, new development, and the content of the installation. In addition, QA shall check the completeness of the installation by ensuring all impacted deliverables (i.e., hardware, software and documentation) are appropriately updated. Once the installation is FRS Contract #000665 New York DMV 23 110193 2/20/2009 GULaw Privacy FR approved, it shall be registered in the Configuration Management Repository and deployed at the DMV site. Deployment may consist of a field installation or an automated system update. Contractor uses the following Software Configuration Management Tools to ensure the availability of updated inventory of software and documents: • • • • 2.J.11 Oracle Installed Base/ Oracle Inventory: Installed software inventory. The inventory is maintained and managed using Oracle Part Numbers. Each release to DMV shall be assigned a part number in this system; AccuRev or similar: Centralized repository of all project software, code and configuration items, fundamentally used for source code control and document version control; AccuBuild Manager or similar package: Used to Manage Software Releases; Privia or similar repository: Centralized repository of the project document throughout the life cycle of the project and during the operations phase; proposals, contracts, deliverables and related artifacts are maintained and tracked in the Project Portal. Training Contractor agrees to work closely with DMV to establish a training schedule which coincides with the installation schedule. Contractor agrees to provide the required number of training sessions to DMV trainers in use of the facial recognition system to enroll and compare images at a time or times determined by the DMV. The training session shall provide adequate preparntion and materials for DMV trainers to train other DMV staff members. Contractor agrees to provide training in the use of the investigative browser and all of its functions, at a time or times determined by DMV. Contractor shall provide detailed step-by-step instructions for investigative browser to DMV's License Production Bureau (LPB) and Division of Field Investigation (DFI) staff. Contractor shall provide paper copies as well as electronic copies of the training materials. Contractor shall provide 20 paper copies, and additional electronic copies in the required format, to DMV for the first round of training. The latest electronic copies shall also be available on the project web portal for the life of the contract. The Contractor User Manuals and Job Aids shall provide detailed step by step instructions to end-users for executing any functionality of the application. Patt of the Job Aid shall include a Getting Slatted Guide to introduce end-users to the product. Similar to a tutorial, this manual shall explain important concepts that new users will need in order to become productive quickly. The user manual shall include the following sections at a minimum: • • • • • A cover page; A title page and copyright page; A preface, containing details of related documents and information on how to best use the user guide; A contents page; Overview of the system; FRS Contract #000665 New York DMV 24 110194 2/20/2009 GULaw Privacy FR • • • • • • • • • • • • • • Sample screens and reports; Step-by-step guide on how to manually email a document; Description of the different sub-menus; Step by step guide on how to perform I: I and I :N comparisons; Step by step guide on printing reports; System reports and a description of the data elements; Adding users and setting pe1missions and passwords; Preventative maintenance program; Troubleshooting guide for equipment problems and where to call for resolution; Reference tables; Error messages; Index; An FAQ (Frequently Asked Questions); Where to find further help and contact details. The user manuals shall be organized in chapters, the first one giving an overview of what the other chapters contain, so that people can readily find what they need. Contractor agrees to retrain DMV trainers on an as-needed basis, and shall be available for consultation during the term of the Contract. FRS Contract #000665 New York DMV 25 110195 2/20/2009 GULaw Privacy FR Page left intentionally blank FRS Contract #000665 New York DMV 26 110196 2/20/2009 GULaw Privacy FR /J a 3.1 PAYMENT AND DELIVERY INFORMATION Purchase and Cost DMV shall purchase the FRS as provided by the terms of this Agreement. Milestone Deliverable Acceptance Criteria Payable FaceEXPLORER Implementation Services 1 Delivery of 17M converted images to NY Legacy Data Conversion and Enrollment FaceEXPLORER Software Licenses FaceEXPLORER Database License - 21.5 2 million images FR Concurrent Licenses - Qty 50 Custom Implementation, Installation, and 3 Integration Services Maintenance and Support 4 Three (3) Software Maintenance Term (10x5) Installation of converted database - pre UAT Installation of converted database - pre UAT $206,658 $860,000 $75,000 Completion of UAT $307,088 Completion of UAT $504,654 TOTAL $1,953,400 Payments for each milestone will be made after D MV Business Leads have signed off that the requirements for each milestone, as defined in th_eRFP and this contract, have been met. During initial enrollment, design and development phases and subsequent enhancement phases, changes, if any, to the scgp,e of the project shall be made by written mutual agreement pursuant to Section 4.8.1 hereof. In the event these changes are material, a written contract amendment shall be negotiated and shall be subject to the approval of Contractor, the Division of the Budget, Office of the Director of State Operations, Office of the Attorney General, and the Office of the State Comptroller. The payment price for the FRS includes all of the Contractor's costs to implement the Facial Recognition System, including but not limited to: upfront development costs, delivery, installation, and software interface for the enrolled legacy image database (with embedded software and software licensing), installation, testing, and software interface for the Daily Operations Facial Recognition System (with embedded software and software licensing), and Cleansing of Legacy Image Database System (with embedded software, software interface, and software licensing), training, manuals, ongoing maintenance, system updates, enhancements, and testing, network, Help Desk and service staff, insurances. Also included in the payment price are all licensing costs associated with the use of Oracle as the database platform for the system; and all costs associated with one out of version major upgrade to be introduced over the three year contract tetm. Furthermore the costs for the above includes the warranty set forth in Sectlon 4.11, and maintenance and support for three years. The three-year period for maintenance and stipport for the system begins on the date the system is installed. FRS Contract #000665 New York DMV 27 110197 2/20/2009 GULaw Privacy FR 3.2 Delivery The first critical task following contract finalization shall be the planning phase in which Contractor shall meet with NY DMV staff and draft a final Project Plan reflecting the actual implementation dates as required by the DMV and as accepted by Contractor. The final Project Plan shall supersede the dates set forth in this Section 2.2.1. The delivery elates shall change subject to mutual agreement. Once the enrolled legacy image database, Milestone I, is received, DMV shall sign a "Delivery Acceptance Form" acknowledging the receipt as detailed in the form. Once the FRS is ready for UAT acceptance by the customer, DMV shall sign a second "Delivery Acceptance Form" acknowledging the receipt as detailed in the form and therefore initiating the release of Milestone 2 in Section 3.1. When operational for daily use and accepted by DMV, DMV shall sign a third "Delivery Acceptance Form" acknowledging the receipt as detailed in the form, and thereafter final payment shall be dispersed for Milestones 3 and 4. 3.3 Payment for Products and Services For Products, Services and Deliverables provided by Contractor, DMV agrees to pay Contractor the amounts set forth in the Payment Section 3.1 ("Purchase and Cost"). Subject to NYS Finance Law, DMV shall make payment within 30 days following the elate of Contractor's invoice. Contractor shall invoice DMV after delivery and acceptance. 3.4 Achievement of Milestones If achievement of any particular milestone is dependent upon performance and/or completion of tasks within the control of the DMV or within the control of a third party outside Contractor's control, the projected dates for accomplishing such milestones and the Project Schedule shall be appropriately adjusted to reflect the actual performance and/or completion of such tasks. 3.s Taxes Purchases made by the State of New York and certain non-State Authorized Users are exempt from New York State and local sales taxes and, with ce1tain exceptions, federal excise taxes. To satisfy the requirements of the New York State Sales tax exemption, either the Purchase Order issued by a State Agency or the invoice forwarded to authorize payment for such purchases shall be sufficient evidence that the sale by the Contractor was made to the State, an exempt organization under Section 1116 (a) (I) of the Tax Law. Non-State Authorized Users must offer their own proof of exemption upon request. No person, firm or corporation is, however, exempt from paying the State Truck Mileage and Unemployment Insurance or Federal Social Security taxes, which remain the sole responsibility of the Bidder/Contractor. 3.s Late Payments The payment of interest on certain payments due and owed by DMV may be made in accordance with Article 11-A of the State Finance Law (SFL § 179-d, et seq.), and Title 2 of the New York Code of Rules and Regulations, Pait 18 (Implementation of Prompt Payment Legislation -2 NYCRR §18.1, et seq.). FRS Contract #000665 New York DMV 28 110198 2/20/2009 GULaw Privacy FR Page left intentionally blank FRS Contract #000665 New York DMV 29 110199 2/20/2009 GULaw Privacy FR 4 ADDITIONAL CONTRACTUAL PROVISIONS Additional contractual provisions are contained in this Section 4. Capitalized terms not otherwise defined shall have the meanings ascribed to them in Appendix J, "Terms and Definitions." 4.1 Title and License Title to the hardware Products shall vest in the DMV upon installation of the hardware Products. The license to the software included in the Products shall be granted to DMV upon installation of the software Products. 4.2 Ownership of Software, etc. Notwithstru1ding any other provision set forth in this Agreement, DMV acknowledges and agrees that Contractor is the sole and exclusive owner of all Contractor Technology incorporated in the Products (including all Contractor application software incorporated in the Products) and any and all intellectual propeiiy (IP) rights arising under the Products, and of any corrections, modifications, updates, enhancements, and new or revised versions thereof, and of any subsequently derived and/or successor technologies that may be developed therefrom. 4.3 4.3.1 Services Provision of Services DMV shall pay Contractor in accordru1ce with the terms hereof, subject to the provisions9f_~tate finance Law, and Contractor shall provide to DMV the Services ru1dDeliverables described in the Statement of Work (as described Sectif.!h&00ntra€ler, its agents, subcontraele-r e!HjH<>yees,aH&Gentrae!eHeJBains-liable,-without-monetaf)' limitation,for direst Elamagesfor p8P.ionalinj:tf)', Eleath --51;1 or Elamagets real proper!)' er tangible f)8P.iena½,roperty allributaWe4&1hegligene&eH>lheHortsf CentractBf,its . ·, ' / effieers, employees er agents; (b) infringement sf any emTently e,dsting anElvalidly issaed thirEl par!)' U.S. patent,' ~,., eopyrigRI, trade seeret er ether intellectual preperlj' right by the Pro'1u€1& ( Gon!m€leHJ!1all-n0t-b1>-ebligatedts defend er h1>-wilhDMV's speeifisatioes-eHequirnmeets-reqttiFing modifiooti01!&-lo-tl1e-Gontmc-!er-To<>ltnelogy; (ii) any-addition-to-0H11edifi<>ati0n-to-the-Produsts-not-made-by GontrnstBf-(,mless-oulhorized by Centra<>te+,-or (iii) third par!)' software. NetwilhsffiHffi!lg-lt1e-forogeing, sltenld any-Preduets-eeeeme-o1~n-C-0ntraste1"-s-ep-iitieH-be-likcly-tB-bee0rne,--lhe-subje<>t-ef-a11y-sHelt-suih>r-aetion-fer D~Pl ( l) infringemem,Gentrae!eHnay,at~Ge11tra<>te1+8*pense,aHd-Hpen-agreement-lletwee~ntra€ler-and prewre-for DMV the right ts eenti1m0{1&ing-sueh-Pre'1uets,(2) repla<><>-er-medijy-we&Preeuetsse that they-1'"60me tteR infriHgiHg,er (3) termiRatethis Agreement. The Contractorshall defend, protect,and save harmless the State, its officers, agents and employees, againstall suits at law or in equity and from all damages, claims or demands for actual or aIIeged infringementof any protected intellectual property right (including patent, trademark, or copyright) resulting from Contractor'sperformance hereunder. The Contractor will assume liability for injuries, deaths, losses, damages, claims or suits resulting from the Contractor's operations. Notwithstanding any provision to the contrary, Contractor shall remain liable, without monetarylimitation, for direct damages for personal injury, death or damage to real propertyor tangible personal J: property attributable to the negligence or other tort of Contractor, its officers, employees or agents. ~ The Contractorshall indemnify and hold harmless the State, its employees and agents, from and against any third party claims, demands, loss, damage or expense related to the Contractor'sviolation of the federalDriver'sPrivacy Protection Act of 1994 and/or the New York State Information Security Breach and Notification Act. DMV's acceptance or approvalof Contractor'sperformancehereunder,including Contractor'sorderor procedure._ v method, stmcture or equipment submitted or employed by the Contractor will not relieve Contractor of its liabi!it;f': for damagesresulting therefrom. 4.12.2 '"~ By DMV DMV represents and warrants that the DMV Provided Materials and any other information disclosed by DMV pursuant to the terms of this Agreement (including without limitation the use or practice by Contractor or its subcontractors of such materials and information for the purpose of performing any obligations required under the terms of this Agreement) shall not violate the patent, copyright, trademark, trade secret, or other intellec.tual property ~ right of any third party at the time of such disclosure. '.f-he-DMV-heteebyagrees te i110emttify,keep-and-h&ld-l'larmless ~ lhe-Gentrae!er aHd its effieers, employees, and-agents-ffGm-a11y-,1nd-all-&lairns-afising-ent-ef-eHeelated-to-a-b1'0aeh-ef . ' the represeH!ations-an-¼11demnified or delayed. Notwithstaedieg-tlte foregeieg, Js!YS Allerney General-sitalH!efenEl, aHd seHtrel-the defense, sf any Claim against DMV subjeet-tB-indemnifieatiell-ll!lder Seetien 4..1.;!.l(a) (relating ts personal iHjury er property damage). The foregoing states DMV's and Centraetor's sele and-elfsmsive--remetpress written consent of the other party. DMV will not solicit the Contractor's employees for the term of this contract. In no event shall this provision apply to any public solicitation or employment announce111ent.The Contractor shall notify OMV in writing immediately if it becomes aware of a relationship that constitutes a conflict of interest concerning the subject matter of this Agreement in accordance with the NYS Public Officer's Law, Chapter 51, Article 4, Section 74 in the Code of Ethics. 4.18.14 Termination For Cause For a material breach of this Agreement that remains uncured for more than thirty (30) days after written notice to the Contractor, the Contract may be terminated by the DMV . Such termination shall be upon written notice to the Contractor. In such event, the DMV 111aycomplete the contractual require111entsin any manner it may deem advisable and pursue available legal or equitable remedies for breach. 4.18.15 Requirements Regarding \/\(omen and Minority Owned Business Development The Contractor must comply with the requirements, rules and regulations of A1ticle 15-A of the Executive Law regarding minority and women business participation in state contracts. It is the policy of the State of New York to promote equality of economic opportunity for minority and women-owned business enterprises (M/WBEs) in State contracting. In order to comply with the State's objectives, the contractor shall use "good faith efforts" to provide meaningful participation by M/WBE subcontractors or suppliers in the performance of this contract. Procurement Lobbying Act Termination Clause The Department reserves the right to terminate the contract in the event it is found that the certification filed by the Contractor in accordance with New York State Finance Law§ 139-k was intentionally false or intentionally incomplete. Upon such finding, the Oepattment may exercise its termination right by providing thirty (30) days written notification to the Contractor. 4.18.16 Disputes 4.19 DMV and Contractor agree to first enter into negotiations to resolve any controversy, dispute ("Dispute") arising under or relating to this contract as follows: FRS Contract#000665 New York DMV 42 110212 claim or 2/20/2009 GULaw Privacy FR a) The parties' project managers in association with their business staffs shall first attempt resolution. b) If the issues are not resolved at the level of project manager, the parties may raise the remaining issues through their respective chains of authority up to top management. The parties agree to negotiate in good faith to reach a mutually agreeable resolution of such dispute within thirty (30) calendar days from when the matter is submitted for resolution. If good faith negotiations are unsuccessful, DMV and Contractor agree to resolve the dispute in a com1 of competent jurisdiction located within the State of New York. 4.20 Procurement Lobbying Requirement State Finance Law §§139-j And 139-k New York State Finance Law§ 139-k(2) obligates a Governmental Entity to obtain specific information regarding prior non-responsibility determinations with respect to State Finance Law §139-j. This information must be collected in addition to the information that is separately obtained pursuant to State Finance Law § 163(9). In accordance with State Finance Law §139-k, a Contractor must be asked to disclose whether there has been a finding of non-responsibility made within the previous four (4) years by any Governmental Entity due to: (a) a violation of State Finance Law §139-j or (b) the intentional provision of false or incomplete information to a Governmental Entity. State Finance Law §139j sets forth detailed requirements about the restrictions on contacts during the procurement process. A violation of State Finance Law§ 139-j includes, but is not limited to, an impermissible contact during the restricted period. As part of its responsibility determination, State Finance Law §139-k(3) mandates consideration of whether a Contractor fails to timely disclose accurate and complete information regarding the above non-responsibility determination. In accordance with law, no Procurement Contract shall be awarded to any Contractor that fails to timely disclose accurate or complete information under this section, unless a finding is made that the award of the Procurement Contract to the Contractor is necessary to protect public property or public health safety, and that the Contractor is the only source capable of supplying the required A11icleof Procurement with the necessary timeframe. The Department's policy and procedures for implementing these sections of the State Finance Law is attached herein as Appendix D, "State of New York Procurement Lobbying Policy mid Procedures." The required forms for the Contractor to complete and submit as part of the Contract are attached as Form C and Form D. 4.21 Contractor Certification Contractor Certification (Forms ST-220-TD & ST-220-CA) Contractors are required to complete and sign, under penalty ofpe1jmy, the "Contractor Certification Form", ST-220-TD (Appendix G), in accordance with§ 5 - a of the NYS Tax Law, and to file such form with the NYS Department of Taxation and Finance. Contractors must also submit a copy of the Certificate of Authority, if available, for itself, any affiliates, any subcontractors and any affiliates of subcontractors required to register to collect state sales and compensating use tax. Pursuant to Tax Law Section 5-a, Contractors are also required to complete and sign, under penalty ofpe1jury, the "Contractor Certification Form ST-220-CA" (Appendix F) at time of contract execution. FRS Contract #000665 New York DMV 43 110213 2/2012009 GULaw Privacy FR Tax Law Section 5-a applies to all Agreements in excess of $100,000 for the sale of goods or services as defined in Article XI of the State Finance Law and/or tangible personal property or taxable services as defined by the Tax Law. The Department of Motor Vehicles is not authorized to address questions regarding the Tax Law or its interpretation. Any questions regarding the Tax Law must be directed to the New York State Department of Taxation and Finance. • • 4.22 A COMPLETED ST-220-CA MUST ACCOMPANY THE AGREEMENT. IF REQUIRED, THE CONTRACTOR IS RESPONSIBLE FOR FILING THE ST-220TD WITH THE NYS DEPARTMENT OF TAXATION & FINANCE. Consultant Disclosure Legislation Chapter 10 of the Laws of2006 (Appendix I) requires Contractors to annually report certain employment information every year that the Contract is in effect, on or before May 15 for the previous state fiscal year. The state fiscal year runs from April 1 through the next March 31. It is the Contractor's responsibility to ensure timely filings. Contractor shall disclose, by employment category, the number of persons employed to provide services under this Contract, the number of hours to be worked, and the amount paid to the Contractor by the State as compensation for work performed by such employees. This disclosure shall include information concerning any person(s) working under any subcontracts of the Contractor. Contractors must submit Form A, "Contractor's Planned Employment from Contract Start Date through End of Contract Term" at the time of contract execution. Form A must accompany the Contract. The Contractor agrees to meet this requirement by completing three original copies of the attached Form B, for each of the New York State fiscal years spanned by the term of this Agreement, with a state fiscal year being defined as the period beginning April 1 and ending March 31. One original copy of the report shall be sent via mail or overnight service to: NYS Department of Civil Service Alfred E. Smith Office Building Albany, NY 12239 One original copy of the report shall be sent via mail or overnight service to: NYS Department of Motor Vehicles Contract Administration - Room 138 6 Empire State Plaza Albany, NY 12228 One original copy of the repoti shall be sent via mail or overnight service to: FRS Contract #000665 New York DMV 44 110214 212012009 GULaw Privacy FR NYS Office of the State Comptroller Bureau of Contracts 110 State Street, 11th Floor Albany, NY 12236 Attn: Consultant Reporting Notwithstanding the foregoing, the NYS Office of the State Comptroller will accept a facsimile report, in lieu ofan original, faxed to: (518) 474-8030 or (518) 473-8808. The first report shall be due to the aforementioned entities on or before May 15, 2009. Thereafter, the State Consultant Services Contractor's Annual Employment Reports will be due no later than May 15th of each succeeding year. By submitting its bid, Bidder agrees to comply with these filing requirements if awarded a contract. Further the Bidder agrees and acknowledges that it shall be its sole responsibility to comply with these reporting requirements. FRS Contract #000665 New York DMV 45 110215 2/20/2009 GULaw Privacy FR CONTRACT NUMBER C000665 23000 Agency Certification "In addition to the acceptance of This contract, I also certify that original copies of this signature page shall be attached to all other exact copies of this contract" L-1 IDENTITY SOLUTIONS OPERATING COMPANY NEW YORK STATE DEPARTMENT OF MOTOR VEHICLES Signe~ Sign~~~ ~·(!Jv'-.) d /11 /4; Dated Dated ---=J-1-'/"--J-"'b+-f--"'0_"1'-------- NEW YORK STATE OFFICE OF THE STATE COMPTROLLER NEW YORK STATE ATTORNEY GENERAL APPROVEDAS TO FORM NYSATTORNEYGENERAL Signed.__ ---""MAowR__,O.w5..,2c¼loilR091---- ~ \L). {0,,t, MAR2 5 2009 LORRAINE I. REMO Dated~-==~A~SS~O~C~IATg;E~ATT~OR~N~ ted ----lt---fr-.c--EYL.,.~..:D --,=----+ ~ - ' \..;>1' ~ MRTHE StATH'mll!IIPTROLLER FRS Contract #000665 New York DMV 46 110216 2/20/2009 GULaw Privacy FR STATE OF MASSACHUSETTS COUNTY OF MIDDLESEX } } SS: } J1_ On the day of Cl):f1il,j, 2009, before me personal! y came L.. (:,l· j ' 1 I/,v' i?/1 Leo Sullivan, to me known, wto being duly sworn, deposed and said that.ks')be works in 296 Concord Rd, 3rd Fl, Billerica, MA 01821; thaL(-s}heis an officer of L-1 Identity Solutions Operating Company, Acting through its Secure Credentialing Division; namely, the Division President of _ L-1 Identity Solutions Operating Company, Acting through its Secure Credentialing Division . That !s)'he did sign the foregoing instrument on behalf of, and with authority to bind said corporation. Notary Public FRS Contract #000665 New York DMV 47 110217 2/20/2009 GULaw Privacy FR Appendix A Standard Clauses For All NYS Contracts FRS Contract #000665 48 New York DMV 110218 2/20/2009 GULaw Privacy FR APPENDIX A: Standard Clauses For All New York State Contracts Revised June 2006 Table of Contents 1. Executory Clause 2. Non-Assignment Clause 3. Comptroller's Approval 4. Workers' Compensation Benefits 5. Non-Discrimination Requirements 6. Wage and Hours Provisions 7. Non-Collusive Bidding Certification 8. International Boycott Prohibition 9. Set-Off Rights 10.Records 11.Identifying Information and Privacy Notification 12.Equal Employment Opportunities For Minorities and Women Conflicting 13.Terms 14.Governing Law 15.Late Payment 16.No Arbitration 17.Service of Process 18.Prohibition on Purchase of Tropical Hardwoods 19.MacBride Fair Employment Principles 20.Omnibus Procurement Act of 1992 21.Reciprocity and Sanctions Provisions 22.Purchases of Apparel FRS Contract #000665 New York DMV 49 110219 2/20/2009 GULaw Privacy FR The parties to the attached contract, license, lease, amendment or other agreement of any kind (hereinafter, "the contract" or "this contract") agree to be bound by the following clauses which are hereby made a part of the contract (the word "Contractor" herein refers to any party other than the State, whether a contractor, licenser, licensee, lessor, lessee or any other party): I. EXECUTORY CLAUSE. In accordance with Section 41 of the State Finance Law, the State shall have no liability under this contract to the Contractor or to anyone else beyond funds appropriated and available for this contract. 2. NON-ASSIGNMENT CLAUSE. In accordance with Section 138 of the State Finance Law, this contract may not be assigned by the Contractor or its right, title or interest therein assigned, transferred, conveyed, sublet or otherwise disposed of without the previous consent, in writing, of the State a11dany attempts to assign the contract without the State's written consent are null and void. The Contractor may, however, assign its right to receive payment without the State's prior written consent unless this contract concerns Certificates of Participation pursuant to Article 5-A of the State Finance Law. 3. COMPTROLLER'S APPROVAL. In accordance with Section 112 of the State Finance Law (or, if this contract is with the State University or City University of New York, Section 355 or Section 6218 of the Education Law), if this contract exceeds $50,000 (or the minimum thresholds agreed to by the Office of the State Comptroller for certain S.U.N.Y. and C.U.N.Y. contracts), or if this is an amendment for any amow1t to a contract which, as so amended, exceeds said statutory amount, or if, by this contract, the State agrees to give something other than money when the value or reasonably estimated value of such consideration exceeds $10,000, it shall not be valid, effective or binding upon the State until it has been approved by the State Comptroller and filed in his office. Comptroller's approval of contracts let by the Office of General Services is required when such contracts exceed $85,000 (State Finance Law Section 163.6.a). 4. WORKERS' COMPENSATION BENEFITS. In accordance with Section 142 of the State Finance Law, this contract shall be void and of no force and effect unless the Contractor shall provide and maintain coverage during the life of this contract for the benefit of such employees as are required to be covered by the provisions of the Workers' Compensation Law. 5. NON-DISCRIMINATION REQUIREMENTS. To the extent required by Article 15 of the Executive Law (also known as the Human Rights Law) and all other State and Federal statutory and constitutional non-discrimination provisions, the Contractor will not discriminate against any employee or applicant for employment because of race, creed, color, sex, national origin, sexual orientation, age, disability, genetic predisposition or carrier status, or marital status. Fmthermore, in accordance with Section 220-e of the Labor Law, if this is a contract for the construction, alteration or repair of any public building or public work or for the manufacture, sale or distribution of materials, equipment or supplies, and to the extent that this contract shall be performed within the State of New York, Contractor agrees that neither it nor its subcontractors shall, by reason of race, creed, color, disability, sex, or national origin: (a) discriminate in hiring against any New York State citizen who is qualified and available to perform the work; or (b) discriminate against or intimidate any employee hired for the performance of work under this contract. If this is a building service contraet as defined in Section 23 0 of the Labor Law, then, in accordance with Section 239 thereof, Contractor agrees that neither it nor its subcontractors shall by reason of race, creed, color, national origin, age, sex or disability: (a) discriminate in hiring FRS Contract #000665 New York DMV 50 110220 212012009 GULaw Privacy FR against any New York State citizen who is qualified and available to perform the work; or (b) discriminate against or intimidate any employee hired for the performance of work under this contract. Contractor is subject to fines of $50.00 per person per day for any violation of Section 220-e or Section 239 as well as possible termination of this contract and forfeiture of all moneys due hereunder for a second or subsequent violation. 6. WAGE AND HOURS PROVISIONS. If this is a public work contract covered by Article 8 of the Labor Law or a building service contract covered by Article 9 thereof, neither Contractor's employees nor the employees of its subcontractors may be required or permitted to work more than the number of hours or days stated in said statutes, except as otherwise provided in the Labor Law and as set forth in prevailing wage and supplement schedules issued by the State Labor Department. Furthermore, Contractor and its subcontractors must pay at least the prevailing wage rate and pay or provide the prevailing supplements, including the premium rates for overtime pay, as determined by the State Labor Department in accordance with the Labor Law. 7. NON-COLLUSIVE BIDDING CERTIFICATION. In accordance with Section 139-d of the State Finance Law, if this contract was awarded based upon the submission of bids, Contractor affirms, under penalty of pe1jury, that its bid was arrived at independently and without collusion aimed at restricting competition. Contractor further affirms that, at the time Contractor submitted its bid, an authorized and responsible person executed and delivered to the State a non-collusive bidding certification on Contractor's behalf. 8. INTERNATIONAL BOYCOTT PROHIBITION. In accordance with Section 220-f of the Labor Law and Section 139-h of the State Finance Law, if this contract exceeds $5,000, the Contractor agrees, as a material condition of the contract, that neither the Contractor nor any substantially owned or affiliated person, firm, partnership or corporation has participated, is participating, or shall participate in an international boycott in violation of the federal Export Administration Act of 1979 (50 USC App. Sections 2401 et seq.) or regulations thereunder. If such Contractor, or any of the aforesaid affiliates of Contractor, is convicted or is otherwise found to have violated said laws or regulations upon the final determination of the United States Commerce Department or any other appropriate agency of the United States subsequent to the contract's execution, such contract, amendment or modification thereto shall be rendered forfeit and void. The Contractor shall so notify the State Comptroller within five (5) business days of such conviction, determination or disposition of appeal (2NYCRR 105.4). 9. SET-OFF RIGHTS. The State shall have all of its common law, equitable and statutory rights of set-off. These rights shall include, but not be limited to, the State's option to withhold for the purposes of set-off any moneys due to the Contractor under this contract up to any amounts due and owing to the State with regard to this contract, any other contract with any State department or agency, including any contract for a term commencing prior to the term of this contract, plus any amounts due and owing to the State for any other reason including, without limitation, tax delinquencies, fee delinquencies or monetary penalties relative thereto. The State shall exercise its set-off rights in accordance with normal State practices, including, in cases of set-off pursuant to an audit, the finalization of such audit by the State agency, its representatives, or the State Comptroller. 10. RECORDS. The Contractor shall establish and maintain complete and accurate books, records, documents, accounts and other evidence directly pe1tinent to performance under this contract (hereinafter, collectively, "the Records"). The Records must be kept for the balance of the calendar year in which they were made and for six (6) additional years thereafter. The State FRS Contract #000665 New York DMV 51 110221 2/20/2009 GULaw Privacy FR Comptroller, the Attorney General and any other person or entity authorized to conduct an examination, as well as the agency or agencies involved in this contract, shall have access to the Records during normal business hours at an office of the Contractor within the State of New York or, if no such office is available, at a mutually agreeable and reasonable venue within the State, for the term specified above for the purposes of inspection, auditing and copying. The State shall take reasonable steps to protect from public disclosure any of the Records which are exempt from disclosure under Section 87 of the Public Officers Law (the "Statute") provided that: (i) the Contractor shall timely inform an appropriate State official, in writing, that said records should not be disclosed; and (ii) said records shall be sufficiently identified; and (iii) designation of said records as exempt under the Statute is reasonable. Nothing contained herein shall diminish, or in any way adversely affect, the State's right to discovery in any pending or future litigation. 11. IDENTIFYING INFORMATION AND PIUVACY NOTIFICATION. (a) FEDERAL EMPLOYER IDENTIFICATION NUMBER and/or FEDERAL SOCIAL SECURITY NUMBER. All invoices or New York State standard vouchers submitted for payment for the sale of goods or services or the lease of real or personal property to a New York State agency must include the payee's identification number, i.e., the seller's or lessor's identification number. The number is either the payee's Federal employer identification number or Federal social security number, or both such numbers when the payee has both such numbers. Failure to include this number or numbers may delay payment. Where the payee does not have such number or numbers, the payee, on its invoice or New York State standard voucher, must give the reason or reasons why the payee does not have such number or numbers. (b) PRIVACY NOTIFICATION. (I) The authority to request the above personal information from a seller of goods or services or a lessor of real or personal property, and the authority to maintain such information, is found in Section 5 of the State Tax Law. Disclosure of this information by the seller or lessor to the State is mandatory. The principal purpose for which the information is collected is to enable the State to identify individuals, businesses and others who have been delinquent in filing tax returns or may have understated their tax liabilities and to generally identify persons affected by the taxes administered by the Commissioner of Taxation and Finance. The information will be used for tax administration purposes and for any other purpose authorized by law. (2) The personal information is requested by the purchasing unit of the agency contracting to purchase the goods or services or lease the real or personal property covered by this contract or lease. The information is maintained in New York State's Central Accounting System by the Director of Accounting Operations, Office of the State Comptroller, 110 State Street, Albany, New York 12236. 12. EQUAL EMPLOYMENT OPPORTUNITIES FOR MINORITIES AND WOMEN. In accordance with Section 312 of the Executive Law, if this contract is: (i) a written agreement or purchase order instrument, providing for a total expenditure in excess of $25,000.00, whereby a contracting agency is committed to expend or does expend funds in return for labor, services, supplies, equipment, materials or any combination of the foregoing, to be performed for, or rendered or furnished to the contracting agency; or (ii) a written agreement in excess of $100,000.00 whereby a contracting agency is committed to expend or does expend funds for the acquisition, construction, demolition, replacement, major repair or renovation of real property and improvements thereon; or (iii) a written agreement in excess of $100,000.00 whereby the owner of a State assisted housing project is committed to expend or does expend funds for the FRS Contract #000665 New York DMV 52 110222 2120/2009 GULaw Privacy FR acquisition, construction, demolition, replacement, major repair or renovation of real property and improvements thereon for such project, then: (a) the Contractor will not discriminate against employees or applicants for employment because of race, creed, color, national origin, sex, age, disability or marital status, and will undertake or continue existing programs of affirmative action to ensure that minority group members and women are afforded equal employment opportunities without discrimination. Affirmative action shall mean recruitment, employment, job assignment, promotion, upgradings, demotion, transfer, layoff, or termination and rates of pay or other forms of compensation; (b) at the request of the contracting agency, the Contractor shall request each employment agency, labor union, or authorized representative of workers with which it has a collective bargaining or other agreement or understanding, to furnish a written statement that such employment agency, labor w1ion or representative will not discriminate on the basis of race, creed, color, national origin, sex, age, disability or marital status and that such union or representative will affirmatively cooperate in the implementation of the contractor's obligations herein; and (c) the Contractor shall state, in all solicitations or adve1iisements for employees, that, in the performance of the State contract, all qualified applicants will be afforded equal employment opportunities without discrimination because of race, creed, color, national origin, sex, age, disability or marital status. Contractor will include the provisions of "a", "b", and "c" above, in every subcontract over $25,000.00 for the construction, demolition, replacement, major repair, renovation, planning or design of real property and improvements thereon (the "Work") except where the Work is for the beneficial use of the Contractor. Section 312 does not apply to: (i) work, goods or services unrelated to this contract; or (ii) employment outside New York State; or (iii) banking services, insurance policies or the sale of securities. The State shall consider compliance by a contractor or subcof1tractor with the requirements of any federal law conceming equal employment opportunity which effectuates the purpose of this section. The contracting agency shall determine whether the imposition of the requirements of the provisions hereof duplicate or conflict with any such federal law and if such duplication or conflict exists, the contracting agency shall waive the applicability of Section 312 to the extent of such duplication or conflict. Contractor will comply with all duly promulgated and lawful rules and regulations of the Governor's Office of Minority and Women's Business Development pertaining hereto. 13. CONFLICTING TERMS. In the event of a conflict between the terms of the contract (including any and all attachments thereto and amendments thereof) and the terms of this Appendix A, the terms of this Appendix A shall control. 14. GOVERNING LAW. This contract shall be govemed by the laws of the State of New York except where the Federal supremacy clause requires otherwise. 15. LATE PAYMENT. Timeliness of payment and any interest to be paid to Contractor for late payment shall be govemed by Aliicle 11-A of the State Finance Law to the extent required by law. FRS Contract #000665 New York DMV 53 110223 2/20/2009 GULaw Privacy FR 16. NO ARBITRATION. Disputes involving this contract, including the breach or alleged breach thereof, may not be submitted to binding arbitration (except where statutorily authorized), but must, instead, be heard in a court of competent jurisdiction of the State of New York. 17. SERVICE OF PROCESS. In addition to the methods of service allowed by the State Civil Practice Law & Rules ("CPLR"), Contractor hereby consents to service of process upon it by registered or certified mail, return receipt requested. Service hereunder shall be complete upon Contractor's actual receipt of process or upon the State's receipt of the return thereof by the United States Postal Service as refused or undeliverable. Contractor must promptly notify the State, in writing, of each and every change of address to which service of process can be made. Service by the State to the last known address shall be sufficient. Contractor will have thirty (30) calendar days after service hereunder is complete in which to respond. 18. PROHIBITION ON PURCHASE OF TROPICAL HARDWOODS. The Contractor certifies and warrants that all wood products to be used under this contract award will be in accordance with, but not limited to, the specifications and provisions of State Finance Law § 165. (Use of Tropical Hardwoods) which prohibits purchase and use of tropical hardwoods, unless specifically exempted, by the State or any govermnental agency or political subdivision or public benefit corporation. Qualification for an exemption under this law will be the responsibility of the contractor to establish to meet with the approval of the State. In addition, when any portion of this contract involving the use of woods, whether supply or installation, is to be performed by any subcontractor, the prime Contractor will indicate and certify in the submitted bid proposal that the subcontractor has been informed and is in compliance with specifications and provisions regarding use of tropical hardwoods as detailed in §165 State Finance Law. Any such use must meet with the approval of the State; otherwise, the bid may not be considered responsive. Under bidder certifications, proof of qualification for exemption will be the responsibility of the Contractor to meet with the approval of the State. 19. MACBRIDE FAIR EMPLOYMENT PRINCIPLES. In accordance with the MacBride Fair Employment Principles (Chapter 807 of the Laws of 1992), the Contractor hereby stipulates that the Contractor either (a) has no business operations in Northern Ireland, or (b) shall take lawful steps in good faith to conduct any business operations in Northern Ireland in accordance with the MacBride Fair Employment Principles (as described in Section 165 of the New York State Finance Law), and shall permit independent monitoring of compliance with such principles. 20. OMNIBUS PROCUREMENT ACT OF 1992. It is the policy of New York State to maximize opportunities for the participation of New York State business enterprises, including minority and women-owned business enterprises as bidders, subcontractors and suppliers on its procurement contracts. Information on the availability of New York State subcontractors and suppliers is available from: NYS Department of Economic Development Division for Small Business 30 South Pearl St -- 7th Floor Albany, New York 12245 Telephone: 518-292-5220 Fax: 518-292-5884 FRS Contract #000665 New York DMV 54 110224 2/20/2009 GULaw Privacy FR http://www.empire.state.ny.us A directory of certified minority and women-owned business enterprises is available from: NYS Department of Economic Development Division of Minority and Women's Business Development 30 South Pearl St -- 2nd Floor Albany, New York 12245 Telephone: 518-292-5250 Fax: 518-292-5803 http://www.empire.state.ny.us The Omnibus Procurement Act of 1992 requires that by signing this bid proposal or contract, as applicable, Contractors certify that whenever the total bid amount is greater than $1 million: (a) The Contractor has made reasonable efforts to encourage the participation of New York State Business Enterprises as suppliers and subcontractors, including ce1iified minority and womenowned business enterprises, on this project, and has retained the documentation of these efforts to be provided upon request to the State; (b) The Contractor has complied with the Federal Equal Opportunity Act of 1972 (P.L. 92261), as amended; (c) The Contractor agrees to make reasonable efforts to provide notification to New York State residents of employment opportunities on this project through listing any such positions with the Job Service Division of the New York State Department of Labor, or providing such notification in such manner as is consistent with existing collective bargaining contracts or agreements. The Contractor agrees to document these efforts and to provide said documentation to the State upon request; and (d) The Contractor acknowledges notice that the State may seek to obtain offset credits from foreign countries as a result of this contract and agrees to cooperate with the State in these efforts. 21. RECIPROCITY AND SANCTIONS PROVISIONS. Bidders are hereby notified that if their principal place of business is located in a country, nation, province, state. or political subdivision that penalizes New York State vendors, and if the goods or services they offer will be substantially produced or performed outside New York State, the Omnibus Procurement Act 1994 and 2000 amendments (Chapter 684 and Chapter 383, respectively) require that they be denied contracts which they would otherwise obtain. NOTE: As of May 15, 2002, the list of discriminatory jurisdictions subject to this provision includes the states of South Carolina, Alaska, West Virginia, Wyoming, Louisiana and Hawaii. Contact NYS Department of Economic Development for a current list of jurisdictions subject to this provision. 22. PURCHASES OF APPAREL. In accordance with State Finance Law 162 (4-a), the State shall not purchase any apparel from any vendor unable or unwilling to certify that: (i) such apparel was manufactured in compliance with all applicable labor and occupational safety laws, including, but not limited to, child labor laws, wage and hours laws and workplace safety laws, and (ii) vendor will supply, with its bid (or, if not a bid situation, prior to or at the time of signing a contract with the State), if known, the names and addresses of each subcontractor and a list of all manufacturing plants to be utilized by the bidder. New York DMV 110225 GULaw Privacy FR Appendix B FRS Contract #000665 New York DMV Driver's Privacy Protection Act (DPPA) 56 110226 2/20/2009 GULaw Privacy FR MV-15DPPA(5/02) DRIVER'S PRIVACY PROTECTION ACT (18 U.S.C. 82721 et seq.) PROHIBITION ON RELEASE AND USE OF CERTAIN PERSONAL INFORMATION FROM STATE MOTOR VEHICLE RECORDS SEC. 2721. PROHIBITION ON RELEASE AND USE OF CERTAIN PERSONAL INJIORMATION FROM STATE MOTOR VEHICLE RECORDS. a) In General. A State department of motor vehicles, and any officer, employee, or contractor, thereof, shall not knowingly disclose or otherwise make available to any person or entity: R b) I) personal information, as defined in 18 U,S.C. §2725(3), about any individual obtained by the department in connection with a motor vehicle record, except as provided in subsection (b) of this section; or 2) highly restricted personal information, as defined in 18 U.S,C. §2725(4), about any individual obtained by the department in connection with a motor vehicle record, without the expre;;s consent of the person to whom such information applies, except uses permitted in subsections (b)(l), (b)(4), (b)(6), and (b)(9): Provided, that subsection (a)(2) shall not in any way affect the use of organ donation information on an individual's driver's license or affect the administration of organ donation initiatives in the States. Permissible Uses. - Personal information referred to in subsection (a) shall be disclosed for use in connection with matters of motor vehicle or driver safety and theft, motor vehicle emissions, motor vehicle product alternation, recalls, or advisories, performance monitoring of motor vehicles and dealers by motor vehicle manufactmers, and removal of non-owner records from the original owner records of motor vehicle manufacturers to carry out the purposes of titles I and IV of the Anti-Car Thell /\ct of 1992, the Automobile Information Disclosure /\ct (15 U.S.C. §1231 et seq.), the Clean Air Act (42 U.S.C. §7401 et seq.), and chapters 301,305, and 321-331 of title 49 (49 U.S.C. §30101 et seq., §30501 et seq., §32101 ct seq. §33101 ct seq.), and, subject to subsection (a)(2), may be disclosed as follows: I) for use by any government agency, including any court or law enforcement agency, in carrying out its functions, or any private person or entity acting on behalf of a Federal, State, or local agency in carrying out its functions. 2) For use in connection with matters of motor vehicle or driver safety and theft; motor vehicle emissions; motor vehicle product alterations, recalls, or advisories; performance monitoring of motor vehicle product alternations, recalls, or advisories: performance monitoring of motor vehicles, motor vehicle parts and dealers; motor vehicle market research activities, including survey research; and removal of non-owner records from the original owner records of motor vehicle manufacturers. 3) For use in the normal course of business by a legitimate business or its agents, employees, or contractors, but only A to verify the accuracy of personal information submitted by the individual to the business or its agents, employees, or contractors; and B. if such information as so submitted is not correct or is no longer correct, to obtain the correct information, but only for the purposes of preventing fraud by, pursuing legal remedies against, or recovering on a debt or security interest against, the individual. 4) For use in connection with any civil, criminal, administrative, or arbitral proceeding in any Federal, State, or local court or agency or before any self-regulatory body, including the service of process, investigation in anticipation of litigation, and the execution or enforcement of judgments and others, or pursuant to an order of a Federal, State, or local court. 5) For use in research activities, and for use in producing statistical reports, so long as the personal information is not published, redisclosed, or used to contact individuals. 6) For use by any insurer or insurance support organization, or by a self-insured entity, or its agents, employees, or contractors, in connection with claims investigation activities, antifraud activities, rating or underwriting. 7) for use in providing notice to the owners of towed or impounded vehicles, 8) For use by any licensed private investigative agency or licensed security service for any purpose permitted under this subsection. 9) For use by an employer or its agent or insurer to obtain or verify information relating to a holder of a commercial driver's license that is required under Chapter 313 of title 49 [49 U.S.C.§31301 et seq.]. 10) For use in connection with the operation of private toll transportation facilities. 11) For any other use in response to requests for individual motor vehicle records if the State has obtained the express consent of the person to whom such personal information pertains. 12) For bulk distribution for surveys, marketing or solicitations if the State has obtained the express consent of the person to whom such personal information pe1iains. 13) For use by any requester, if the requester demonstrates it has obtained the written consent of the individual to whom the information pertains. FRS Contract #000665 New York DMV 57 110227 2120/2009 GULaw Privacy FR 14) for any other use specifically authorized under the law of the State that holds the record, if such use is related to the operation ofa motor vehicle or public safety. Resale or Rcdisclosure. - Authorized recipient of personal information {except a recipient under subsection (b)( 11) or ( 12)} may resell or redisclose the information only for a use permitted under subsection (b) {but not for uses under subsection (b)(l l) or (12)}. An authorized recipient under subsection (b)(ll) may resell or redisclose personal information for any purpose. An authorized recipient under subsection (b)(l2) may resell or redisclose personal information pursuant to subsection (b )(12). Any authorized recipient {except a recipient under subsection (b)(l 1)} that resells or rediscloses personal information covered by this chapter (18 U.S.C. §2701 et seq.] must keep for a period of 5 years records identifying each person or entity that receives information and the permitted purpose for which the information will be used and must make such records available to the motor vehicle department upon request. c) cl) Waiver procedures. - A State motor vehicle department may establish and carry out procedures under which the department or its agents, upon receiving a request for personal information that docs not fall within one of the exceptions in subsection (b), may mail a copy of the request to the individual about whom the information was requested, informing such individual of the request, together with a statement to the effect that the inforni.ation will not be released unless the individual waives such individual's right to privacy under this section. e) Prohibition on conditions. No State may condition or burden in any way the issuance of an individual's motor vehicle record as defined in 18 U.S.C. §2725(1) to obtain express consent. Nothing in this paragraph shall be construed to prohibit a State from charging an administrative fee for issuance of a motor vehicle record. Sec. 2722. Additional unlawful acts a) Procurement for Unlawful Purpose. - It shall be unlawful for any person knowingly to obtain or disclose personal information, from a motor vehicle record, for any use not permitted under section 2721(b) of this title. b) False Representation. - It shall be unlawful for any person to make false representation to obtain any personal information from an individual's motor vehicle record. Sec, 2723. Penalties a) Criminal Fine. - A person who knowingly violates this chapter shall be fined under this title. b) Violations by State Department of Motor Vehicles. - Any State dcp:'d':lff.11 ':'mplc,yerkltn nurnbi2r(Elf,J) Es11:•nafed conlrncl valueover /he !u(! term of con/me/ {buf nor 1i1dud!i)9 renewals) (;t)ntra,;tc,r's s,1lest,u ID m11nl:•N111 dilf1>"1&11I horn contrnclor'o EIN) $ Contra,)tor's tt'lt!phont' number Coveredagency telephone number I, ______________ , hereby affirm, under penalty of perjury,thal I am (ni:lml:.') {!ille) of the above-namedcontractor,that I am aut11orized to malU1er-0qulrndlnforma11onmay subject Yoll t,:,ch•ilorcrlm!nal promaltles, or both. undGr the T,1xLaw. This in!orm.:1tio11 Is mafnk1i11ed by tho Dlr,;clor of RB::ords Management .:-,ncJ D,11,1 Enll'y, NYS fax Oep.:irtment.WA Homim,1nCampu.s,Alb.iny MY 12227; telephc,ne 1 800 225·5828. from a1toilf,Olltskt1.? ~ie Unitecl St,1tes,;1mloutside Canad.i, c.ill (518) 485·Ell00. FRSContract#000665 New York DMV (for infonnation.forms. and publications) 81 110251 1 2-00748-3676 assistance is c1v,1ilc1blEfrom 8:00 A.M. to5:00 P.lvl.(eastern timei, Mondai throL19h Friday. To ord,s,rforms and l)l!blicatkms: Fromat"o:.as outsido:e th-2.U.S. and outskl8 Cc111<1dc1: .a, Telephone 1 e.oo 698-20:31 1 e.oo 462-e.100 (51e.)485-6800 Hearing and speech impaired (tt2l-?c,:immunic,1tions devk,s,f,:irth,s,d,:,c1f (TDD)call,:,rs,;inly/: 1 e.oo 634-2110 Persons with disabilities: In compliancewith th1;1 t~ Amt'tk,1ns with Disabilities Act, wi::will t'nsure that ,::,mlobbies, "-" olfic':'s, meetingrooms.-:indother fcldlities,;u·':'a,xessibleto If )'OU havequestionsaboutsped,11 personswith disc1bimies. forp12rsons wi!h disabilities,pleas8co1ll1 800 972-12.:.~3. a,:commod,1tiom, ., 2/20/2009 GULaw Privacy FR 11 ST-220-TD Appendix G New York St,1le Dep,11lrrnmtof T.:ix.1tlo11 ,ind Fi11.:i11c.:a ST-220-TD Contractor Certification (G/06) (Pursuantto Section 5~aof the TaxLaw, as amended, effectiveApril 26, 2006) For infornmtion, consult Publication 223, 0flestions ,11Jd Answers Conceming fox Law Section 5·,1 (SGeNeed help? be-low). Contrn-::tor 11<1rne Contra,:tor'sprin-::ip,1I place of busin.;,ss Citi/ State I Contr,1et,:ir'i; f,2der<=1l 'a'mpk,yer id>::rc,r description 1B Uij te-rm o.contr,Kt ! )lit 1wt inclu( 1119 ren&w,1ls)S General Information Privacy no11flcation Section5·a of the Tax Law, as amended, effectiveApril 26, 2006, requirescertnin contractorsawarded certnin state contractsvalued at more than $100,000 to certify to the Tax Departmentthnt they are registeredto collect New York State and locnl sales anclcompensatinguse taxes, if U1ey made sales deliveredby any meansto locationswit11inNev>' YorkState of tangible personal property or taxal)le services havinga cumulativevalue in excessof $300,000, measured over a specifiedperiod. In addition,contractorsmust certify to the Tax Departmentthat each affiliate and subcontractor exceedingsuch sales thresholdduring a specifiedperiod is registeredto collect New YorkState and local sales and compensatinguse taxes.Contractorsmust also file a Form ST-220-CA.certifying to the procuring state entity t11a1 t11eyfiled Form ST-220-TDwith the Tax Departmentand t11at the informationcontained on Form ST-220-TDis correctand completeas of the elatethey file FormST-220-CA. The Commissionerof Taxationand Financemay collect and maintainpersonal informationpursuantto tile New York State Tax Lnw, includingbut not limited to, sections5-a, 171, 171-a,287,308,429,475,505,697, 1096, 1142,and 1415 of that Lnw;and may requiredisclosureof social secl1rity numberspursuantto 42 use 405(c)(2)(C)(i). For more detailed informationregardingthis form and section 5-a of the Tax Law, see Publication223, Questions and Answe,:sConcerningTaxLaw Section 5-a, (as amended, effectiveApril 26, 2006), availableat ww1,v.nystax.gov. Informationis also availableby calling the Tax Department's ContractorInformationCenter a11 800 698-2931. Note: Form ST-220-TDmust be signed by a person authorizedto make the certificationon behalf of the contractor,and the acknowledgementon page 4 of t11isform must be completed before a notarypublic. Mail completedform to: Tl)is informationwill be used to determineand administertax liabilitiesand, when aut11orized by lnw, for certnin tax offset and exchangeof tax informationprogramsas vvellas for any olher lawful purpose. Informationconcerningquarterlyv·mgespaid to ernployees is providedto certain state agenciesfor purposesof fraud prevention,support enforcement.evaluationof tile effectivenessof certain employmentnnd trainingprograms and o1herpurposesautborizeclby law. Failure10providethe requiredinformationmay subject you to civil or criminal penalties,or both, under the Tax Law. This informationis maintainedby the Directorof Records Managementand Da1aEntry,NYS Tax Department, WA HarrimanCampus,Albany NY 12227:telephone 1 800 225-5829.Fromarens outsidet11eUnitedStates and outside Canada,call (518) 485-6800. Need help? fiiiil Internet access: w1,w.nys!c1x.gov 1 ~ (for ink,rmation. forms,,md publications) ip-~~0.._ FRx-on-demanc/forms: NYSTAXDEPARTMENT DATAENTRYSECTION 1 800 748-:3676 .,-. Telephone assistance is availt1bl':'from 8:00 A./vl.to 5:00 P.M. 1:eastttrntime).fvlond<1)' throu9hFIiday. publicatbns: 1 800 462-8100 To or(ler fc,rmsc111el Sales Tax InformationCenter: 1 800 698-2909 From ari:,asoutsid,;.th& U.S. rn1doutside Canada: (518) 48S-6BOO W A HARRIMANCAMPUS M ALBANYNY 12227 Hearing and s/>eech impaired (t.;./e,;ommunications devic,;,for th1;1 ( ea! \TDD) calle-1s only}: 1 800 634-2110 Persons with disabilities: In comp!i<1IKe with thtt Americans withDis,1bilitiesAct. we will ensur':'that our lobbii?S. offices._meetin9 rooms.c1ndother faciliti-?s-:'.1r'O! ,,cc,;,ssibl>? t,:) personswithcl1sc"1bilities. II ;,ouhavequBstionsaboutspecicll accomn1odctlio11s for persc,nswith cliscl!Ji/Jties, pk•asec,1111 eM972-12:?-3. • ~ FRSContract#000665 New York DMV 82 110252 2/20/2009 GULaw Privacy FR Page 2 of 4 ST-220-TD(6/06) I, ______________ , herebyaffirm, under penaltyof perjury,that I am ___________ {twme) _ (title) of tlie above-namedcontractor,and that I am authorizedto makethis certificationon behalf of such contractor. Make only one entry in each section below. Section 1 -Contractor D registration status The contractorhas made sales delivered by any means to locationswithin NewYork State of tangiblepersonalpropertyor taxable serviceshavinga cumulativevaluein excessof $300,000duringthe foursalestax quarters1Nhichimmediatelyprecedethe salestax quarterin whichthis certificationis made.The contractoris registeredto collectNewYorkStateand localsalesandcompensating use of Taxationand Financepursuantto sections1134 and 1253of the TaxLmv,;:mdis listedon ScheduleA of taxeswith the Co1rnnissioner this certification. D· Thecontractorhas not madesalesdeliveredby any meansto locationswithinNe.vYorkStateof tangiblepersonalpropertyor taxable 1 serviceshavinga cumulativevaluein excessof $300,000duringthe foursalestax quarterswhich irnrnecliately precedethe salestax quarterin whichthis certificationis made. Section 2 - Affiliate registration status D The contractordoes not haveany affiliates. D To the bestof the contractor\ knowledge,the contractorhas oneor moreaffiliateshavingmadesalesdeliveredby any meansto locationswithinNev,YorkStateof tangiblepersonalpropertyor taxableserviceshavinga cumulativevaluein excessof $300,000 durinf1the four salestax quarterswhich irnmediatelyprecedethe salestax quarterin which this certificationis made,and eachaffiliate exceedingthe $300,000cumulativesales lhresho!dduringsuch quartersis registeredto collectNewYorkStateand localsalesand compensatingusetaxeswith the Commissionerof Taxationand Financepursuantto sections11:34and_1253of the TaxLaw.The A of this contractorhaslistedeachaffiliateexceedingthe $300,000cumulativesalesthresholdduringsuchquarterson SChedule certification. D To the bestof the contractor'sknov.'leclge, the contractorhas oneor moreaffiliates,and each affiliatehasnot madesalesdeliveredby any meansto locationswithinNewYorkStateof tangiblepersonalpropertyor taxableserviceshavinga cumulativevaluein excessof precedethe salestax quarter in whichthis certificationis made. $300,000duringthe four salestax quarterswhich imrnecliately Section 3 - Subcontractor registration status D The contractordoes not haveany subcontractors. D To the bGstof the contractor'sknowl121dge, the contractorhas one or moresubcontractorshavingmadesalesdGHvered by any meansto locationswithinNewYorkStateof tangiblepersonalproperlyor taxableserviceshavinga cwnulativevakmin excessof $300,000during the four salestax quarterswhichimmediatelyprecedethe saleslax quarterin whichthis certificationis made,andeachsubcontractor exceedingthe $300,000cumulativesales thresholdduringsuchquartersis registeredto collectNewYorkStateand localsalesand compensatingusetaxeswith the Commissionerof Taxationand Financepursuantto sections1134and 1253of theTaxLaw.The contractorhaslistedeachsubcontractorexceedingthe $300,000cumulativesalesthresholdduringsuchquarterson ScheduleA of this ce1tifica.tion. D To the bestof the contractor'sknowledge,tl1econtractorhas one or moresubcontractors,and each subcontractorhas notmadesales deliveredby anymeansto locationswithin NewYorkStateof tangiblepersonalpropertyor taxablesel'viceshavinga cumulativevaluein excessof $300,000duringthe four salestax quarters•:-1hich immediatelyprecedethe sales tax quarterin 1.vhichthir,certificationis made, Sworn to this_day of _______ , 20~~ (sign before a 110/a,ypublic) FRS Contract#000665 New York DMV (lil:'e) 83 110253 2/20/2009 GULaw Privacy FR ST-220-TD (6/06) Page3 of 4 ScheduleA- Listingof eachperson(contractor,affiliate,or subcontractor) exceeding$300,000 cumulativesalesthreshold Listthecontractor, oraffiliate,or subcontractor in Schedule A onlyif suchpersonexceeded the$'.<00,000cumulative salesthreshold during thespecified salestaxquarters. Seedirections below. Formoreinformation, seePublication 223. A b4J(f6't,li C:r1Jm B C Adc/rnss Nurne D Fod.iw! ID Number E F SulesT.:ixID Numbor Registr.1lion inpmgrnss ColumnA- EnterC incolumnA if thecontractor: A if anaffiliateof thecontractor; or S if a subcontractor. Column8- Name- lf/lersonis a corporation or limitedliabilitycompany, entertheexactlegalnameasregistered withtheNYDepartment of State,i applicable. If personis a partnership or ,soleproprietor, enterthenameof thepartnership andeachpartnersgiven name,or thegivenname(s) of tl1eowner(s), asapplicable. If personhils a differentOBA(doingbusiness as)name,enterthat nameaswell. ColumnC- Aclclress - Enterthestreetaddressof person's llrincipalplaceof business. Donotentera PObox. If ColumnD- IDnumber- Enterthefederalemployer identification number\EIN)assigned to thepersonor person'sbusiness, asapplicable. thepersonis an individual, enterthesocialsecuritynumbero thatperson. ColumnE- SalestaxID number- Enteronlyif differentfromfederalEINin columnD. its certificate ColumnF- If applicable, enteranX if thepersonhassubmitted FormDTF-t7totheTaxDepartment buthasnotreceived of authorityasoftheelateof thiscertification. FRS Contract #000665 New York DMV 84 110254 2/20/2009 GULaw Privacy FR Page4 of4 ST-220-TD (6106) Individual, Corporation, Partnership, orLLCAcknowledgment STATE OF SS.: COUNTY OF Onthe_ dayof_____ intheyear20_, before mepersonally appeared ________ _ known tometobetheperson whoexecuted theforegoing instrument, who, being dul11 sworn bymediddepose andsaythat heresides at___________________ _ Town of___________________ _ County of__________________ State of_____ _ ~· andfurt11er that: boxandcomplete theaccompanying statement.] [lvlark anXintheappropriate D (Ifanindividual): J1eexecuted theforegoing instrument inhis/her name andonhis/her ownbehalf. D (Ifacorporation): _heisthe_______________________ _ of__________ , thecorporation described insaidinstrument; that,byauthority oftheBoard toexecute theforegoing instrument onbehalf ofthecorporation for ofDirectors ofsaidcorporation, _heisauthorized purposes setforththerein; andthat,pursuant tothatauthority, _heexecuted theforegoing instrument inthename ofandon behalf ofsaidcorporation astheactanddeedofsaidcorporation. D (Ifapartnership):_lle isa---~--------------------described insaidinstrument; that,bytheterms ofsaid of , thepartnership toexecute theforegoing instrument onbehalf ofthepartnership setforth partnership, _heisaut11orized forpurposes therein; andthat,pursuant tothatauthority, _heexecuted theforegoing instrument int11e name ofandonbehalf ofsaid partnership astheactanddeed ofsaidpartnership. 1company): D (Ifalimited liabilit1 _heisa duly.authorized member of______________ _ LLC, thelimited liability company described insaidinstrument; that_heisauthorized toexecute tileforegoing instrument J1eexecuted onbehalf ofthelimited liability company forpurposes setforththerein; andthat,pursuant tothatauthority, theforegoing instrument inthename ofandonbehalf ofsaidlimited liability company astheactanddeed ofsaidlimited liability company. Notary Public Registration No.__________ FRS Contract #000665 New York DMV _ 85 110255 2/20/2009 GULaw Privacy FR AppendixH Information Security Breach and Notification Act NYS General Business Law Section 899-aa § 899-aa. Notification; person without valid authorization has acquired private information 1. As used in this section, the following terms shall have the following meanings: (a) "Personal information" shall mean any information concerning a natnral person which, because of name, number, personal mark, or other identifier, can be used to identify such natnral person; (b) "Private information" shall mean personal information consisting of any information in combination with any one or more of the following data elements, when either the personal information or the data element is not encrypted, or encrypted with an encryption key that has also been acqnired: (I) social security number; (2) driver's license number or non-driver identification card number; or (3) account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account; "Private information" does not include publicly available information which is lawfolly made available to the general public from federal, state, or local government records. (c) "Breach of the security of the system" shall mean unauthorized acquisition or acquisition without valid authorization of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by a business. Good faith acquisition of personal information by an employee or agent of the business for the purposes of the business is not a breach of the security of the system, provided that the private information is not used or subject to unauthorized disclosure. In determining whether information has been acquired, or is reasonably believed to have been acquired, by an unauthorized person or a person without valid authorization, such business may consider the following factors, among others: (1) indications that the information is in the physical possession and control of an unauthorized person, such as a lost or stolen computer or other device containing information; or (2) indications that the information has been downloaded or copied; or (3) indications that the information was used by an unauthorized person, such as fraudulent accounts opened or instances of identity theft repo1ted. (d) "Consumer repo1ting agency" shall mean any person which, for monetary fees, dues, or on a cooperative nonprofit basis, regulm·ly engages in whole or in part in the practice of assembling or evaluating consumer credit information or other information on consumers for the purpose of furnishing consumer reports to third parties, and which uses any means or facility of interstate commerce for the purpose of preparing or furnishing consumer reports. A list of consumer repo1ting agencies shall be compiled by the state attorney general and furnished upon request to FRS Contract #000665 New York DMV 86 110256 2/20/2009 GULaw Privacy FR any person or business required to make a notification under subdivision two of this section. 2. Any person or business which conducts business in New York state, and which owns or licenses computerized data which includes private information shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the system to any resident of New Yorlc state whose private information was, or is reasonably believed to have been, acquired by a person without valid authorization. The disclosure shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subdivision four of this section, or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the system. 3. Any person or business which maintains computerized data which includes private information which such person or business does not own shall notify the owner or licensee of the information of any breach of the security of the system immediately following discovery, if the private information was, or is reasonably believed to have been, acquired by a person without valid authorization. 4. Tlie notification required by this section may be delayed if a law enforcement agency determines that such notification impedes a criminal investigation. The notification required by this section shall be made after such law enforcement agency determines that such notification does not compromise such investigation. 5. The notice required by this section shall be directly provided to the affected persons by one of the following methods: (a) written notice; (b) electronic notice, provided that the person to whom notice is required has expressly consented to receiving said notice in electronic form and a log of each such notification is kept by the person or business who notifies affected persons in such form; provided fmiher, however, that in no case shall any person or business require a person to consent to accepting said notice in said form as a condition of establishing any business relationship or engaging in any transaction. (c) telephone notification provided that a log of each such notification is kept by the person or business who notifies affected persons; or (d) Substitute notice, if a business demonstrates to the state attorney general that the cost of providing notice would exceed two hundred fifty thousand dollars, or that the affected class of subject persons to be notified exceeds five hundred thousand, or such business does not have sufficient contact information. Substitute notice shall consist of all of the following: (I) e-mail notice when such business has an e-mail address for the subject persons; (2) conspicuous posting of the notice on such business's web site page, if such business maintains one; and FRS Contract #000665 New York DMV 87 110257 2/20/2009 GULaw Privacy FR (3) notification to major statewide media. 6. (a) whenever the attorney general shall believe from evidence satisfactory to him that there is a violation of this article he may bring an action in the name and on behalf of the people of the state of New York, in a court ofjustice having jurisdiction to issue an injunction, to enjoin and restrain the continuation of such violation. In such action, preliminary relief may be granted under article sixty-three of the civil practice law and rules. In such action the court may award damages for actual costs or losses incurred by a person entitled to notice pursuant to this article, if notification was not provided to such person pursnant to this article, including consequential financial losses. Whenever the court shall determine in such action that a person or business violated this article knowingly or recklessly, the court may impose a civil penalty of the greater of five thousand dollars or up to ten dollars per instance of failed notification, provided that the latter amount shall not exceed one hundred fifty thousand dollars. (b) the remedies provided by this section shall be in addition to any other lawful remedy available. (c) no action may be brought under the provisions of this section unless such action is co111111enced within two years immediately after the date of the act complained of or the date of discovery of such act. 7. Regardless of the method by which notice is provided, such notice shall include contact information for the person or business making the notification and a description of the categories of information that were, or are reasonably believed to have been, acquired by a person without valid authorization, including specification of which of the elements of personal information and private information were, or are reasonably believed to have been, so acquired. 8. (a) In the event that any New York residents are to be notified, the person or business shall notify the state attorney general, the consumer protection board, and the state office of cyber security and critical infrastructure coordination as to the timing, content and distribution of the notices and approximate number of affected persons. Such notice shall be made without delaying notice to affected New York residents. (b) In the event that more than five thousand New York residents are to be notified at one time, the person or business shall also notify consumer reporting agencies as to the timing, content and distribution of the notices and approximate number of affected persons. Such notice shall be made without delaying notice to affected New York residents. 9. The provisions of this section shall be exclusive and shall preempt any provisions oflocal law, ordinance or code, and no locality shall impose requirements that are inconsistent with or more restrictive than those set forth in this section. FRS Contract #000665 New York DMV 88 110258 2/20/2009 GULaw Privacy FR NYS Technology Law Section 208 § 208. Notification; person without valid authorization has acquired private information I. As used in this section, the following terms shall have the following meanings: (a) "Private information" shall mean personal information in combination with any one or more of the following data elements, when either the personal information or the data element is not encrypted or encrypted with an encryption key that has also been acquired: (1) social security number; (2) driver's license number or non-driver identification card number; or (3) account number, credit or debit card number, in combination with any required security code, access code, or password which would permit access to an individual's financial account. "Private information" does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. ' (b) "Breach of the security of the system" shall mean unauthorized acquisition or acquisition without valid authorization of computerized data which compromises the security, confidentiality, or integrity of personal information maintained by a state entity. Good faith acquisition of personal information by an employee or agent of a state entity for the purposes of the agency is not a breach of the security of the system, provided that the private information is notusedor snbjecno tifiauthotized disclosure. In determining whether information has been acquired, or is reasonably believed to have been acquired, by an unauthorized person or a person without valid authorization, such state entity may consider the following factors, among others: (l) indications that the information is in the physical possession and control of an unauthorized person, such as a lost or stolen computer or other device containing information; or (2) indications that the information has been downloaded or copied; or (3) indications that the information was used by an unauthorized person, such as fraudulent accounts opened or instances of identity theft reported. (c) "State entity" shall mean any state board, bureau, division, committee, commission, council, department, public authority, public benefit corporation, office or other governmental entity performing a governmental or proprietary function for the state of New York, except: (l) the judiciary; and FRS Contract #000665 New York DMV 69 110259 2/20/2009 GULaw Privacy FR (2) all cities, counties, municipalities, villages, towns, and other local agencies. (d) "Consumer reporting agency" shall mean any person which, for monetary fees, dues, or on a cooperative nonprofit basis, regularly engages in whole or in part in the practice of assembling or evaluating consumer credit information or other information on consumers for the purpose of furnishing consumer reports to third parties, and which uses any means or facility of interstate commerce for the purpose of preparing or furnishing consumer reports. A list of consumer rep01iing agencies shall be compiled by the state attorney general and furnished upon request to state entities required to make a notification under subdivision two of this section. 2. Any state entity that owns or licenses computerized data that includes private information shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the system to any resident of New York state whose private information was, or is reasonably believed to have been, acquired by a person without valid authorization. The disclosure shall be made in the most expedient time possible and without umeasonable delay, consistent with the legitimate needs oflaw enforcement, as provided in subdivision four of this section, or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system. The state entity shall consult with the state office of cyber security and critical infrastructure coordination to determine the scope of the breach and restoration measures. 3. Any state entity that maintains computerized data that includes private information which such agency does not own shall notify the owner or licensee of the information of any breach of the security of the system immediately following discovery, if the private information was, or is reasonably believed to have been, acquired by a person without valid authorization. 4. The notification required by this section may be delayed if a law enforcement agency determines that such notification impedes a criminal investigation. The notification required by this section shall be made after such law enforcement agency determines that such notification does not compromise such investigation. 5. The notice required by this section shall be directly provided to the affected persons by one of the following methods: (a) written notice; (b) electronic notice, provided that the person to whom notice is required has expressly consented to receiving said notice in electronic form and a log of each such notification is kept by the state entity who notifies affected persons in such form; provided further, however, that in no case shall any person or business require a person to consent to accepting said notice in said form as a condition of establishing any business relationship or engaging in any transaction; (c) telephone notification provided that a log of each such notification is kept by the state entity FRS Contract #000665 New York DMV 90 110260 2/20/2009 GULaw Privacy FR who notifies affected persons; or (d) Substitute notice, if a state entity demonstrates to the state attorney general that the cost of providing notice would exceed two hundred fifty thousand dollars, or that the affected class of subject persons to be notified exceeds five hundred thousand, or such agency does not have sufficient contact information. Substitute notice shall consist of all of the following: (!) e-mail notice when such state entity has an e-mail address for the subject persons; (2) conspicuous posting of the notice on such state entity's web site page, if such agency maintains one; and (3) notification to major statewide media. 6. Regardless of the method by which notice is provided, such notice shall include contact information for the state entity making the notification and a description of the categories of information that were, or are reasonably believed to have been, acquired by a person without valid authorization, including specification of which of the elements of personal information and private information were, or are reasonably believed to have been, so acquired. 7. (a) In the event that any New York residents are to be notified, the state entity shall notify the state attorney general, the consumer protection board, and the state office of cyber security and critical infrastructure coordination as to the timing, content and distribution of the notices and approximate number of affected persons. Such notice shall be made without delaying notice to affected New York residents. (b) In the event that more than five thousand New York residents are to be notified at one time, the state entity shall also notify consumer repmting agencies as to the timing, content and distribution of the notices and approximate number of affected persons. Such notice shall be made without delaying notice to affected New York residents. 8. Any entity listed in subpm·agraph two ofpm·agraph (c) of subdivision one of this section shall adopt a notification policy no more than one hundred twenty days after the effective date of this section. Such entity may develop a notification policy which is consistent with this section or alternatively shall adopt a local law which is consistent with this section. FRS Contract #000665 New York DMV 91 110261 2120/2009 GULaw Privacy FR Security Breach and Disclosure Act Reporting Form Pursuant to the Information Security Breach and Notification Act (General Business Law §899-aa; State Technology Law §208) _ Name of Entity: _________________________ Street Address: __________________________ _ State: ____ Zip Code: City: _______________ Sector (please select one): [ ] Not-for-profit [ ]Local Government[ [ ]Commercial ]State Govermnent [ ]Federal Government [ ]Educational Type of Business (please select one): [ ]Biotech/Pharm ]Health Care [ ]Insurance [ ]Retail/Internet [ ]Other _____________________ Persons Affected: Total: ______ NY residents: ____ [ ]Education [ ]Telecom. Dates: [ ]Financial Srvcs [ ]Transportation _ Breach Occurred: _ Breach Discovered: -------Consumer Notification: ------Reason for delay, if any, in sending notice: ________________ Description of Breach (please select ;ill that apply): [ ]Hacking incident; ]Stolen computer, CD, tape, etc; [ ]Lost computer, CD, tape, etc; [ ]Insider wrongdoing; [ ] other (specify): ____________ ----- _ ]Inadvertent disclosure; [ _ [Attach additionaldescriptionifnecessmy] Information Acquired (please select ;ill that apply): [ ]Name; [ ]SSN; [ ]Driver's license no.; [ ]Account number; [ ]Credit or Debit card number; [ ]Other (specify): Manner of Notification to Affected Persons (Attach Copy): [ ]Telephone; [ ]Substitute notice (provide justification). 12 months) breach notifications: ________________ [ ]Written; [ ]Electronic (email); List dates of any previous (within _ Credit Monitoring or Other Service Offered: [ ] Yes; [ ] No; Dmation: ___ _ Service: ____________ _ Provider: -----------Submitted by:._________ _ Title: _________ _ _ Firm Name (if other than entity): _____________________ Telephone:---------------~ Dated: __________ FRS Contract #000665 New York DMV Email: _ 92 110262 2/20/2009 GULaw Privacy FR EACH OF THE THREE STATE AGENCIES LISTED BELOW: Fax or E-mail this form to: New York State Attorney General's Office: SECURITY BREACH NOTIFICATION Consumer Frauds & Protection Bureau 120 Broadway - 3,d Floor New York, NY 10271 Fax: 212-416-6003 E-mail: breach.security@oag.state.ny.us New York State Office of Cyber Security & Critical Infrastructure Coordination (CSCIC) SECURITY BREACH NOTIFICATION 30 Sou th pearl Street, Floor P2 Albany, NY 12207 fax: 518-474-9090 E-mail: info@cscic.state.ny.us New York State Consumer Protection Board (CPB): SECURITY BREACH NOTIFICATION 1740 Broadway, 15"' floor New York, NY 10019 fax: 212-459-8855 E-mail: security _breach_notification@consumer FRS Contract #000665 New York DMV 93 110263 .state.ny. us 2/20/2009 GULaw Privacy FR Appendix I Consultant Disclosure Legislation Chapter 10, Laws of2006 LAWS OF NEW YORK, 2006 CHAPTER IO AN ACT to amend the civil service law and the state finance law, in relation to repo1ting and disclosure about contracts for consulting services Became a law March 21, 2006, with the approval of the Governor. Passed by a majority vote, three-fifths being present. The People of the State of New York, represented in Senate and Assembly, do enact as follows: Section 1. Section 97 of the civil service law is amended by adding a new subdivision 3 to read as follows: 3. The department shall maintain records documenting the employment of persons pursuant to contracts for consulting services issued by state agencies as defined in subdivision seventeen of section eight of the state finance law. No later than one hundred eighty days after the end of each fiscal year, the department shall submit to the governor, the senate finance committee, the assembly ways and means committee and the department of audit and control a report summarizing the following information for each state agency: a. the number of contract employees performing such consulting services; and b. the types of services provided by such contract employees. § 2. Subdivision 17 of section 8 of the state finance law, as added by chapter 992 of the laws of 1983, is amended to read as follows: 17. Report ammally to the legislature on or before May first on the contracts issued by state agencies during the previous fiscal year for consulting services. The report shall include the following information for each agency: a. The number of contracts issued for consulting services; b. The name and address of the vendor to whom each contract is issued; c. The total dollar value of each contract; d. The consulting services for which each contract is issued; e. Whether competitive bidding was used in awarding each contract[,];_ f. The number of employees, by employment category within the contract, employed to provide services under the contract, the number of hours they work and their total compensation under the contract. For the purposes of this report, a contract for consulting services shall mean any contract entered into by a state agency for analysis, evaluation, research, training, data processing, computer programming, engineering, environmental health and mental health services, accounting, auditing, paralegal, legal, or similar services. This report shall be available for public inspection and copying pursuant to section eighty-seven of the public officers law provided that in disclosing such reports pursuant to the public officers law, the agency making the disclosure shall redact the name or social security number of any individual employee that is included in such document. § 3. Subdivision 3 of section 22 of the state finance law is amended by adding three new paragraphs a-1, a-2 and a-3 to read as follows: EXPLANATION--Matter in italics is new; matter in brackets[-] is old law to be omitted FRS Contract #000665 New York DMV 94 110264 2120/2009 GULaw Privacy FR a-1. For each state agency, the appropriations, including reappropriations, made for the current fiscal year and recommended for the ensuing fiscal year for contracts for services made for state purposes. a-2. For each state agency, the disbursements estimated to be made before the close of the current fiscal year and proposed to be made during the ensuing fiscal year for contracts for services made for state purposes. a-3. For each state agency, the estimated number of employees hired for the current fiscal year and anticipated to be hired during the ensuing fiscal year pursuant to contracts for services made for state purposes based upon annual employment reports submitted by contractors pursuant to section one hundred sixty-three of this chapter. § 4. Subdivision 4 of section 163 of the state finance law is amended by adding a new paragraph g to read as follows: g. All state agencies shall require all contractors, including subcontractors, that provide services for state purposes pursuant to a contract, to submit au annual employment report for each contract for services that includes for each employment catego1y within the contract the number of employees employed to provide services under the contract, the number of hours they work and their total compensation under the contract. Employment reports shall be submitted to the agency that awarded the contract, the department of civil service and the department of audit and control and shall be available for public inspection and copying pursuant to section eighty-seven of the public officers law provided that in disclosing such reports pursuant to the public officers law, the agency making the disclosure shall redact the name or social security number of any individual employee that is included in such document. § 5. Subdivision 14 of section 163 of the state finance law is amended by adding two new paragraphs (v) and (vi) to read as follows: (v) for each contract for services for state purposes: the number of employees, by employment category within the contract, employed to provide services under the contract, the number of hours they work and their total compensation under the contract; (vi) all reports required under this paragraph shall be available for public inspection and copying pursuant to section eighty-seven of the public officers law provided that in disclosing such reports pursuant to the public officers law, the agency making the disclosure shall redact the name or social security number of any individual employee that is included in such document. § 6. This act shall take effect on the ninetieth day after it shall have become a law, provided, however, that the amendments to section 163 of the state finance law made by sections four and five of this act shall not affect the repeal of such section and shall be deemed repealed therewith. The Legislature of the STATE OF NEW YORK lli Pursuant to the authority vested in us by section 70-b of the Public Officers Law, we hereby jointly ce1iify that this slip copy of this session law was printed under our direction and, in accordance with such section, is entitled to be read into evidence. JOSEPH L. BRUNO Temporary President of the Senate FRS Contract #000665 New York DMV SHELDON SILVER Speaker of the Assembly 95 110265 2/20/2009 GULaw Privacy FR FORMA OSC Use Onlv: Reporting Code: Category Code: Date Contract Approved: State Consultant Services - Contractor's Planned Employment From Contract Start Date Through The End Of The Contract Term State Agency Name: Agency Code: Contractor Name: Contract Number: Contract Start Date: / / Employment Category Contract End Date: Number of Employees / Number of hours to be worked 0 Total this oaae / Amount Payable Under the Contract 0 $ 0.00 Grand Total Name of person who prepared this report: Title: Phone#: Preparer's Signature: Date Prepared: / / Page (Use additional pages, if necessary) FRS Contract #000665 New York DMV 96 110266 of 2/2012009 GULaw Privacy FR FormB OSC Use Only: ReportingCode: Category Code: State Consultant Services Contractor's Annual Employment Report Report Period: April 1, to March 31, Contracting State Agency Name: Agency Code: Contract Number: Contract Term: I I to I I Contractor Name: Contractor Address: Description of Services Being Provided: Scope of Contract (Choose one that best fits): Analysis D Evaluation D Research D Training D Data Processing D Computer Programming D Other IT consulting D Engineering D Architect Services D Surveying D EnvironmentalServices D Health Services D Mental Health Services D Accounting D Auditing D Paralegal D LegalD Other Consulting D EmploymentCategory Number of Employees Numberof HoursWorked 0 0 Total this oaae AmountPayableUnder the Contract $ 0.00 Grand Total Name of person who prepared this report: Preparer's Signature: ________________________ Title: Date Prepared: Phone#: I I Page Use additional pages if necessary) FRS Contract #000665 New York DMV _ 97 110267 of 2/20/2009 GULaw Privacy FR Appendix J Terms and Definitions Interpretation. For purposes of this Agreement: "Absolute match" A set ofreviewable FR matches that will have a very high likelihood of one or more images being the same person as the probe. "Absolute non match" A set ofreviewable FR non matches that will have a high likelihood of one or more images being a different person than the probe. "Affiliate" means any individual or other legal entity, (including but not limited to sole proprietor, partnership, limited liability company, firm or corporation) that effectively controls another company in which (a) the Contractor owns more than 50% of the ownership; or (b) any individual or other legal entity which.owns more than 50% of the ownership of the Contractor. In addition, if a Contractor owns less than 50% of the ownership of another legal entity, but directs or has the right to direct such entity's daily operations, that entity will be an Affiliate. "Agency or Agencies" means the State of New York, acting by or through one or more departments, boards, commissions, offices or institutions of the State of New York. "Business Days" means Monday through Friday exclnding the following holidays: New Year's Day, Martin Luther King, Jr. Day, President's Day, Memorial Day, Independence Day, Labor Day, Columbus Day, Veterans Day, Thanksgiving Day and Christmas Day. "Brightness" - Used to determine if there are any overexposed parts of the subject's face. "Candidate" means an image and an associated match score returned by the search process. "Candidate List" means the images displayed in a gallery format with match scores above the probability threshold. "Change Orders" means the supplementary change orders agreed to in writing by DMV and Contractor as described in Appendix P, "Change Control Process." "Clientidentification Number (CID)" means the unique number that is assigned to each DMV holder of a NYS Permit/License/Non-Driver Identification Card. "Commissioner" means the Commissioner of the New York State Department of Motor Vehicles. "Commissioner's Regulations" means the rules and regulations promulgated by a state agency in interpretation of existing legislation authorizing specific functions and duties. "Comparison" means the process of comparing a biometric template with a previously stored reference template. "Comptroller" means the Comptroller of the State of New York. FRS Contract #000665 New York DMV 98 110268 2/20/2009 GULaw Privacy FR "Confidential Information" means any information written or otherwise disclosed in any medium by one party to the other under this Agreement and marked or otherwise designated as "Confidential" or is clearly by its nature confidential. However, Confidential Information shall not include any information that: (a) is or becomes a part of the public domain through no act or omission of the other party or otherwise available to the public other than by breach of this Agreement; or (b) as in the other party's lawful possession prior to the disclosure and had not been obtained by the other party either directly or indirectly from the disclosing party; or (c) is lawfully disclosed to the other party by a third party without restriction on disclosure; or (d) is independently developed by the other party without access to the Confidential Information. "Contractor Technology" means Contractor's proprietary information, data, hardware and software teclmology, methods and methodologies, source code, object code, documentation, tools, software and interfaces, trade secrets, works of authorship and other proprietary materials, and all other information, inventions, materials, data, software, hardware, technology, trademarks and works of authorship that are protected by IP Rights held by Contractor and incorporated in the Products or used by Contractor in the performance of the Services, including, without limitation, any and all Innovations. "Contrast" Used to measure the contrast in the face region of the image. A poor value indicates that the face may lack detail from too little or too much contrast in the image. "Cropping" Used to ensure that the entire head is safely within the picture. If the head is touching the boundary or, is partly outside the boundary (cropped), the result is 0. The score improves as the subject's head moves away from the boundary. "Darkness" Used to determine if there are any underexposed parts of the subject's face. "Deliverables" means the Products and Services and other tangible deliverable items described in the Statement of Work to be delivered by Contractor to DMV. "Delta" refers to the set of images collected in between the time of the legacy database handoff to the contractor and the beginning of daily operations. "OMV Mainframe License Files" means the License Files containing information about a customer's driving history including document information. "OMV-Provided Materials" means the materials and technology owned, licensed or otherwise controlled by DMV that Contractor reasonably requires to perform the Services including, without limitation, those items described as DMV-Provided Materials in the Statement of Work. "Documentation" means any m1d all technical, engineering and user documentation, and all training materials and tools, whether in printed or electronic form, proprietary to Contractor and provided by Contractor to DMV regarding the Deliverables. "Duplicate" means a candidate image, determined by an investigator, to match the probe image. A duplicate image may be in the database as a result of operator error, computer error or fraud. FRS Contract #000665 New York DMV 99 110269 2/20/2009 GULaw Privacy FR "Effective Date" means the date the contract was approved by the Office of the State Comptroller. "Enrollment" means the process of converting biometric data into a template. "Equal Error Rate" means the error rate occurring when the threshold of a system is set so that the proportion of false rejections will be approximately equal to the proportion of false acceptances. "Exposure" Measures the degree of overexposure and underexposure on the subject's face. "Faceness" Measures the likelihood that a face is unobstructed and suitable for face recognition. An obscnred face will have a low quality score and therefore will likely degrade face recognition performance. Non-faces will give a low score. "Facial Image" means the stored digitized image of a customer's face. "Failure to Enroll" (FTE) means the inability to enroll in a biometric system. "False Acceptance" refers to when a biometric system incorrectly identifies an individual or incorrectly verifies an imposter against a claimed identity. "False Acceptance Rate" (FAR) means the probability that a biometric system will inconectly identify an individual or will fail to detect an imposter. "False Rejection Rate" (FRR) means the probability that a biometric system will fail to identify an enrollee, or verify the legitimate claimed identity of an enrollee. "Filtering" refers to the process of classifying biometric data according to information that is unrelated to the actual biometric data itself. Examples of this are information about the enrollee such as sex, age, etc. . "Finding confidence" Measures of how well the software has resolved the face in the sample image. "Focus" - Used to determine how good the focus of the image is. A blurred image will score with a low value. "Glasses" Quality value that determines if glasses were detected, and the amount of glare if glasses were detected. "Gallery" means a visual display of images and demographics for probes with one or more matches. "Global Reference Number" (GRN) refers to a number used by DMV and the Contractor to uniquely identify a facial and/or signatnre image. This number consists of the processing date in the format 'CCYYMMDD', a three (3) position office code, a one (1) position camera number, and a three (3) digit sequence number. FRS Contract #000665 New York DMV 100 110270 2/20/2009 GULaw Privacy FR "Identification" means the process of searching though a list of face images to match against an input image. One-to-many (1 :N) searching. "Image Capture Device" (ICD) means the device or camera which receives the facial portrait information in order to digitize it. "Image Capture Workstation" (ICW) refers to the PC and !CD used by OMV to view, capture, and store a customer's image. "Image Compare" refers to a process by which OMV manually compares old and new facial images for a client to determine if these images are of the same individual. "Image Compare Request" means a request from OMV to the Contractor to retrieve identified facial images so that OMV staff may examine and compare them. "Image Control Number" means the number printed on the Signature/Image Control Slip. "Image Retrieval Workstation" (IRW) means the PC workstation(s), located in DMV's Central Office, equipped with a software package that allows LPB, DFI, and/or the FOIL Subpoena Unit to view images and compare images. "Innovations" means any invention, development or innovation to, related or arising from the Contractor Technology that may be conceived or developed during the term of this Agreement and in the performance of the Services, and whether or not forming part of a Deliverable, including, but not limited to, software tools, methods and methodologies, algorithms, libraries, design flows, processes, databases, mechanical and electronic hardware, electronic components, computers and their parts, computer languages, programs and their documentation, encoding techniques, articles, writings, compositions, works of authorship and improvements. "IP Rights" means all intangible, intellectual, proprietary and industrial property rights, and all tangible embodiments of such rights, wherever located, including but not limited to the following: (i) all trademarks, trade names, service marks or logos, including all registrations and applications therefore; (ii) all copyrights, moral rights, and other rights in works of authorship including all registrations and applications therefore; (iii) all patents and patent applications, and all ideas, concepts, inventions and innovations, whether or not patentable; (iv) all know-how and trade secrets; and (vi) all other rights covering intangible property recognized in any jurisdiction. "Issuing Office" means one ofNew York's approximately 140 State or County Issuing Offices, any one of which could be the site of customer image capture and DL/1D transaction processing. "Issuing Office System" means the OMV-written and maintained system that issues a temporary document and provides information to the OMV Mainframe License Files. "Issuing Office Workstation" (IOW) means the workstation with a networked OMV PC where the License Issuance Transaction is processed by State or County Issuing Office staff. The IOW has limited image retrieval capabilities. "Landmark" means the reference point(s) in a face image used to create a face recognition algorithm, e.g. position of the eyes. FRS Contract #000665 New York DMV 101 110271 2/20/2009 GULaw Privacy FR "Licensed Software" means software transferred upon the terms and conditions set forth in the Contract. "Licensed Softwme" includes error corrections, upgrades, enhancements or new releases, and any deliverables due under a maintenance or service contract (e.g., patches, fixes, PTFs, programs, code or data conversion, or custom programming). "Licensee" means one or more Authorized Users who acquire Product from Contractor in accordance with the terms and conditions of the Contract; provided that, for purposes of compliance with an individual license, the term "Licensee" shall be deemed to refer separately to the individual Authorized User(s) who took receipt of and who is executing the Product, and who shall be solely responsible for performance and liabilities incurred. In the case of acquisitions by DMV, the Licensee shall be the State of New York. "License Effective Date" means the elate Product is delivered to an Authorized User/DMV. Where a License involves Licensee's right to copy a previously licensed and delivered Master Copy of a Program, the license effective date for additional copies shall be deemed to be the date on which the Purchase Order is executed. "License Production Bureau" (LPB) means the DMV office which is responsible for overseeing all of the processes involved in producing New York's DL/ID documents. "Licensor" means a Contractor who transfers rights in proprietary Product to Authorized Users in accordance with the rights and obligations specified in the Contract. "Match" means the comparison software assigned a candidate image a score above the configured probability threshold. "Match Score" means the level of similarity from comparing a biometric template against a previously stored template. "MQ Series" means a proprietary messaging micldleware developed by IBM that allows programs to communicate with each other across all IBM platforms, Windows, VMS and a variety of UNIX platforms. Introduced in 1994, it provides a common programming interface (API) that programs are written to. "New Product Releases" (Product Revisions) means any commercially released revisions to the licensed version of a Product as may be generally offered and available to Authorized Users/DMV. New releases involve a substantial revision of functionality from a previously released version of the Product. "One-To-Many" (1 :N) is a synonym for "Identification". "One-To-One" (1:1) is a synonym for "Verification". "Probe" means the image used to search for possible matches. "Products" means the Contractor commodities, services and/or technology solutions purchased by DMV from Contractor and identified in the Statement of Work. The term "Product" includes Licensed Software. FRS Contract #000665 New York DMV 102 110272 2120/2009 GULaw Privacy FR "Progressive Search" refers to the situation where an investigator finds one or more interesting candidate images and uses one of these candidates to initiate a new search. "Project Schedule" means the timetable relating to the performance of the Services and delivery of Deliverables that is set out in the Statement of Work. "Proprietary" means protected by secrecy, patent, copyright or trademark against commercial competition. "Purchase Order" means DMV's fiscal form or format that is used when making a purchase (e.g., formal written Purchase Order, Procurement Card, electronic Purchase Order, or other authorized instrument). "Receiver Operating Curves" (ROC) means a graph that shows how the false rejection rate and false acceptance rate vary according to threshold. "Resolution" Quality value used to determine whether the head is suitably large. With a live subject, you should be able to obtain a perfect 10. "Search" means use of a biometric engine to compare a probe against all (or selected) templates within a database. "Services" means those services to be provided by Contractor to DMV pursuant to the terms of this Agreement, and as more fully described on the Statement of Work, which services are related to the design, development, installation, implementation and maintenance of the Products. "Signature Image" means the stored digitized image of a customer's signature. "Signature/Image Control Slip" refers to a pre-barcoded slip, currently supplied by DMV, which includes a preprinted Image Control Number and a barcode which includes this number. The customer signs the slip. This slip is then scanned by the ICW equipment to capture the client's signature to store it digitally. The Image Control Number is associated with the signature and image stored in the Image Data Base on the Local Issuing Office Server. "Site" means the location (street address) where Product will be executed or services delivered. "Source Code" means the programming statements or instructions written and expressed in any language w1derstm1dableby a hwnm1 being skilled in the art which are translated by a language compiler to produce executable machine Object Code, "State" means the State of New York. "Statement of Work" mem1sthe description of the Services and Deliverables to be provided hereunder attached hereto as Section 2. FRS Contract #000665 New York DMV 103 110273 212012009 GULaw Privacy FR "Subcontractor" means any individual or other legal entity, (including but not limited to sole proprietor, partnership, limited liability company, firm or corporation) who has entered into a contract, express or implied, for the performance of a portion of a Contract with a Contractor. "Template" means a proprietary mathematical representation of biometric data which represents the biometric measurement of an enrollee. Any graphical representation is reduced to a numerical representation. The template is then used by the biometric system as an efficient method to make comparisons with other templates stored in the system. "Terms of License" means the terms and conditions set forth in the Contract that are in effect and applicable to a Purchase Order at the time of order placement. "Texture" Measures the effective resolution of the subject face for use with high-resolution face recognition algorithms. Low resolution, poor focus, or over compression will lower the score. "Third Party Components" means those items of hardware or software comprising the DMV's network that are proprietary to or manufactured by the DMV or third parties not under the control of Contractor, and that may interface in any respect with the Products during or following installation. "Threshold" means an adjustable means by which biometric system operators can be more or less strict in how efficient a match score is used to accept or reject matches. "Throughput Rate" means the number of enrollment records that a biometric system can process within a given time interval. "Verification" means the process of ascertaining that two images or image inputs represent the same person. One-to-one (I: 1) matching. "Virus" means any computer code, whether or not written or conceived by Contractor, that disrupts, disables, harms, or otherwise impedes in any manner the operation of the Product, or any other associated software, firmware, hardware, or computer system (such as local area or wide-area networks), including aesthetic disruptions or distortions, but does not include security keys or other such devices installed by Product manufacturer. FRS Contract #000665 New York DMV 104 110274 2/20/2009 GULaw Privacy FR Appendix K Change Control Process & Procedures Purpose of the Change Control Process The Change Control Process is intended to guarantee that the common understanding of the project and commitment to it that the DMV and the Contractor have at the beginning is sustained throughout the term of the contract. The Change Control Process is used to: • • • • Identify change. Determine the effect on function, cost, schedule and terms and conditions. Agree upon a resolution. Provide a process through which DMV and Contractor personnel may agree to any project change request not requiring an amendment to the contract and recoll1ll1endany project change request that requires an amendment. Change Control Team DMV and the Contractor shall establish a Change Control Team with representatives from DMV and the Contractor. The DMV project manager shall chair the team. The tean1 shall meet on an agreed schedule to both decide on ontstanding change requests and review system problems in order to address any trends. Identification of Change Either DMV or Contractor Personnel may submit a change request to be reviewed by the Change Control Team. The change request will include the work product to be changed, a description of the aspect of the work product to change, and description of the impact. Change Control Process The Change Control Team shall evaluate each change request to determine whether the change should be made. The Change Control Team will be responsible for evaluating change requests to determine whether they should be pursued, by assigning appropriate personnel to prepare estimates, and by obtaining authorization to proceed. The Contractor shall indicate feasibility and describe the effort that the change would entail and any effect of the change on the contract in terms of function, cost, schedule and terms and conditions. The more extensive changes may be documented by preparing a more formal impact statement, including how much time the change will require to implement, revised project timelines and costs. The DMV project manager shall review information provided by the Contractor with appropriate technical and managerial persom1el. FRS Contract #000665 New York DMV 105 110275 2/20/2009 GULaw Privacy FR DMV and the Contractor shall agree whether the change is a correction or m1improvement that is not a material change to the contract or the change is a material change to the contract. A contract amendment is required to address material changes to the contract. If the cha11geis a material change to the contract, the Contractor shall again review the change, and estimate the effects of implementing the proposed change on function, cost, schedule, resources and terms and conditions. If both paities accept the change and a contract mnendment is not required, the appropriate project/system documents will be updated. If an amendment to the contract is required, such amendment shall be drafted, signed by both parties and approved by the Attorney General and the Office of the State Comptroller prior to updating project documentation. If one or both parties do not accept the change and cannot agree to a timescale in which the disagreement will be resolved then the Disputes process defined below will control. The Change Control Process will be used to provide the DMV with feasibility analysis and cost estimates for the business decisions of DMV related to this contract. The Contractor will provide a response to these requests within IO business days. These responses will not be binding unless agreed to by the Contractor and DMV. Baseline Control The project documents that have been approved by both the DMV Project Manager and the Contractor will form the baseline against which cha11geis measured. Logging of Changes to the Baseline The DMV project manager shall keep alog of change requests and their disposition. The Contractor's project documentation will include a specific section that will be a change control log, used to record the scope of changes that occur. This log will identify each revision of the document, the date it was completed a11dthe change request that caused the revision. Problem Control Process Either DMV or Contractor personnel may identify and repott a processing problem within the system. Problems will be reported using a process that is mutually agreeable to both DMV and the Contractor and which enables each reported problem to be tracked. The problem control process is intended to ensure that problems m-e recorded and analyzed so that any individual problems and trends are identified and addressed. The problem control mechm1ism is used to: • • • Identify and record problems. Rectify problems. Analyze and address trends. FRS Contract #000665 New York DMV 106 110276 2120/2009 GULaw Privacy FR The Chm1ge Control Team may decide that action is required in which case the team shall decide which members will complete a change request. Once the Change Order is accepted and approved, Contractor's Program Mm1ager shall engage the necessary engineering and testing resources to implement the agreed to change order per the estimated time frame. Contractor agrees to follow the timelines specified by DMV. Any changes to the completion schedule of the change order due to unforeseen problems shall be immediately communicated to the DMV, a11dthe Contractor shall work closely with the DMV to identify the reason for the delay and the steps being taken to minimize the delay. The Change Order Process outlined is intended to provide a formal framework to enter and track change requests and not intended to increase the response time required to effect changes or unnecessarily burden the process with work overhead. Contractor's Program Manager will work closely with the DMV to "fast-track" any issues that have the potential of seriously disrupting the operations of the DMV in order to maintain the response times specified by DMV. Logging of Problem Information Regardless of how a problem is identified, the Contractor shall maintain a log of all problems raised a11dof the problem a11alysisreports. · The Contractor shall prepare a summary of reported problems including resolution and a problem trend analysis report for review by the Change Control Temn. ... FRS Contract #000665 New York DMV 107 110277 2/20/2009 GULaw Privacy FR Appendix L Software Escrow Agreement Pursuant to section 4.10.4 of this agreement, at the request ofDMV, Contractor will enter into a software escrow agreement, subject to DMV approval, which will include, at a minimum, the following terms and conditions: 1. Appointment of Escrow Agent and Escrow fees. Upon request by the DMV, Contractor will enter into an agreement with an Escrow agent, and shall be responsible for escrow agent fees. 2. Term of the Agreement. If requested by DMV, Contractor will use commercially reasonable efforts to cause the term of the agreement to commence prior to the shipment of the enrolled legacy database and shall continue in full force and effect so long as the agreement remains in effect, including contract amendments. 3. Materials Deposited in Escrow. Contractor agrees to deposit with the Escrow Agent one copy of all the constituent elements of the proprietary software owned by Contractor including but not limited to L-1 's FaceEXPLORER Facial Recognition Application Suite built upon L-1 's ABIS multi-biometric platform with L-1 's G8 facial recognition engine, text, data, images, animation, graphics, video and audio segments and source and object code and user and system documentation of all Contractor delivered software to DMV in connection with the Facial Recognition System. 4. Modifications to the Materials Deposited. Contractor agrees to deposit, at the time such updates, improvements, or modifications are made, one copy of such modified Materials, which shall be deemed part of the Materials deposited in escrow under this agreement. 5. Release and Delivery of Materials. The occurrence of any of the events identified in Section 4.10.4 of the Agreement shall provide DMV the right to request the Escrow Agent to release and deliver materials held in escrow to DMV: 6. Release of Materials. Upon release of the materials to DMV, DMV shall have a nonexclusive, non-transferable right and license to use the escrow materials for the purposes set forth in Section 4.10.4. 7. Notices. DMV shall be notified by the Escrow Agent in the event of: a. b. c. d. Termination of the agreement by Contractor, Non-payment by Contractor for a period greater than 60 days, Changes to the agreement between Contractor and the escrow agent, Deposits, including modified materials, made to the Escrow Agent. 8. Termination. In the event Contractor or the Escrow Agent wish to terminate the agreement, the Escrow Agent shall notify DMV within three (3) business days of the notice. FRS Contract #000665 New York DMV 108 110278 2/20/2009 GULaw Privacy FR AppendixM NYS Cyber Security Policies http ://www.cscic.state.ny.us/lib/policies/documents/Cyber-Security-Policy-P03-002- FRS Contract #000665 New York DMV 109 110279 V3. l .pdf 2/20/2009 GULaw Privacy FR AppendixN Sample Project Plan This a sample project plan for this project. The final project plan will be completed during the Planning Phase. -_-:-.<--__ -_ Documentation prepared for OMV audit of Contractor facilitv OMV audit and documentation review OMV audit and documentation annroval -- -_ •. ---- -- -,_-- -------·-------: 2 davs ~etup and E:n~ollmentofl ..egl!CY - - _<:__oafabase -----------, Purchase server hardware for enrollment and internal develooment/testinq Receive server hardware Setuo server hardware at Contractor facilitv Install and configure FaceEXPLORER svstem base at Contractor facilitv Install and configure FaceEXPLORER web server at Contractor facility Receive data/imaqes from OMV Import legacy data into FaceEXPLORER database at Contractor facilitv Install and configure FaceEXPLORER enrollment software Legacy template and bitmap creation for OMV leaacv imaae database Develop/Configure FaceEXPLORER Annlication Suite customizations Install FEConsole, QC Viewer, and FR Web Reports Backup and encrypt FaceEXPLORER database Backuo FaceEXPLORER Aoolicartion Suite FRS Contract #000665 New York DMV ._- Work Session w/Contractor Reauirerriijiits Phase ' --·--·10. 1 < Contractor selection/ Contractor neaotiations beain Contract negotiations complete/Control Aaencv review beains Contract annroved 3_ ' : 110 110280 15 clavs - · Mon 3109/09 - 8 davs 6 davs -- -- __- --- Mon 3/09/09 Thu 3/19/09 Tue 3/03/09 - - Fri3/27/09 Wed 3/18/09 Thu 3/26/09 1 dav Fri 3/27/09 Fri 3/27/09 10 davs .- Mon 3/30/09 --- Fri_4/10/09 5 davs 4 davs 1 dav Mon 3/30/09 Mon 4/06/09 Fri 4/10/09 Fri 4/03/09 Thu 4/09/09 Fri 4/10/09 -- --- --- -; - -, --- -_.,- -- :• 63 cla\ls Mon 4/13/09 ------:-- -Fri 7/10/09 1 dav 9 davs 2 davs Mon 4/13/09 Tue 4/14/09 Mon 4/27/09 Mon 4/13/09 Fri 4/24/09 Tue 4/28/09 2 davs Wed 4/29/09 Thu 4/30/09 5 davs 1 dav Fri 5/01/09 Fri 5/08/09 Thu 5/07/09 Fri 5/08/09 2 davs Mon 5/11/09 Tue 5/12/09 1 dav Fri 5/15/09 Fri 5/15/09 26 davs Mon 5/18/09 Tue 6/23/09 5 davs Wed 5/20/09 Wed 5/27/09 3 davs Mon 6/15/09 Wed 6/17/09 1 dav 1 dav Wed 6/24/09 Wed 6/24/09 Wed 6/24/09 Wed 6/24/09 2/20/2009 GULaw Privacy FR 32. 33. 34. 35. •"'; I:-__ :-.-\ 36i 37. 38. 39. 40. 41. 42. 43. 44. 45. 46. • 47.. 48. 49. 50. Deliver FaceEXPLORER database with DMV leaacv imaae templates Deliver FaceEXPLORER Annlication Suite DMV Acceptance of Deliverables review DMV Acceotance of Deliverables 1 dav 1 dav 9 days 1 dav J~stjn!JofJ..egi-./ > · .. •:.._.·. ·•1 -·_.·• · 27 davs Enrollment ..· • •· Test ported data in FaceEXPLORER database Install and configure FaceEXPLORER recoanition software on Test Svstem Verify image acceptance rate and templates on base svstem Test Dupe Batch Processinq Test lntralD Processina Test lnvestiaative Browser Annlication Test Duplicate Analysis Viewer Test lntralD Viewer Test FEConsole, QC Viewer, and FR Web Reoorts Aoolication Testinq complete l'rocurementPhase ·<: .. i: . - ---:'-:-·_--- .· Contractor and DMV develop hardware/software specifications DMV procures and installs daily operations oroduction svstem Procurement Phase Complete 51. · lnslallationof Dailv Operations Svst~m 52. 53. 54. 55. 56. 57. 58. 59. 62. 63. 64. 65. 66. 67. 68. 69. Remote VPN connectivity between Contractor and DMV tested Web Client applications configured and tested Daily FR Duplicate Analysis and lntralD Processes confiqured and tested Setup developmenUtesting of FaceEXPLORER System at Contractor facilitv /Test Data onlvl Test Legacy 1:N Duplicate Analysis FR Process Verify ported data inteqrity Test Daily Operations System report mechanism Testdailv 1:N and 1:1 FR processina DMV testinq/acceptance FRS Contract #000665 New York DMV 111 110281 . •• Thu Thu Thu Fri . .. °Fri6/19/09 Wed 5/13/09 2 days Wed 5/13/09 Thu 5/14/09 1 dav Mon 5/18/09 Mon 5/18/09 1 dav 2 davs 4 davs 2 davs 2 days 2 davs Tue 5/19/09 Thu 5/28/09 Mon 6/01/09 Fri 6/05/09 Tue 6/09/09 Thu 6/11/09 Tue 5/19/09 Fri 5/29/09 Thu 6/04/09 Mon 6/08/09 Wed 6/10/09 Fri 6/12/09 2 davs 0 days Thu 6/18/09 Fri 6/19/09 Fri 6/19/09 Fri 6/19/09 ·. 59davs .· Mon 3/16/09 •• . --~Fri 6/05/09 10 days Mon 3/16/09 Fri 3/27/09 49 davs 0 davs Mon 3/30/09 Fri 6/05/09 Fri 6/05/09 Fri 6/05/09 . ·._Fri.7/17/09 1 dav 1 dav 1 day Mon 7/06/09 Tue 7/07/09 Wed 7/08/09 Mon 7/06/09 Tue 7/07/09 Wed 7/08/09 2 davs Thu 7/09/09 Fri 7/10/09 1 dav 3 days 3 davs Mon 7/13/09 Fri 7/10/09 Wed 7/15/09 Mon 7/13/09 Tue 7/14/09 Fri 7/17/09 0 days ., 6/25/09 6/25/09 7/09/09 7/10/09 ·-·: I· .••..·· 10clavs , ·-••-Mon7/06/09 .--, Hardware confiaured FaceEXPLORER Database installed FaceEXPLORER Anr lication Suite installed DMV data/images securely overwritten at Contractor facilitv FaceEXPLORER System integrated with DMV network Secure FTP portinq process setun DMV dailv data/imaaes imported Installation of Daily Operations System comolete ...... 60. · ··. Testina of Dailv Operations -Svstem ··-·•·- ~--_. 61. -·_ Thu 6/25/09 Thu 6/25/09 Fri 6/26/09 Fri 7/10/09 Fri 7/17/09 Fri 7/17/09 12 davs · > Fri 7/10/09 1 dav Fri 7/10/09 Fri 7/10/09 1 day Fri 7/10/09 Fri 7/10/09 1 day Mon 7/13/09 Mon 7/13/09 5 davs Mon 7/13/09 Fri 7/17/09 1 day 2 days Tue 7/14/09 Mon 7/20/09 Tue 7/14/09 Tue 7/21/09 1 dav 2 davs 3 days Wed 7/22/09 Wed 7/22/09 Thu 7/23/09 Wed 7/22/09 Thu 7/23/09 Mon 7/27/09 ·. · Mon 7/27/09 212012009 GULaw Privacy FR 70. 77. 78. 79. Dailv Ooerations Svstem Testina comolete . _·- ·,. ./ . · Trainina > .·. ·.. Svstem Administrator Trainina End-User Trainina Trainina Comolete . - __ -,~_:'.-:;-__ ~ ---:-.- 7 S11stemRollouf ·.·· Ongoing FR Duplicate Analysis of Legacy lmane Database beains Ongoing Daily Operations for 1:N Duplicate Analvsis and 1:1 lntralD Analvsis beains OMV Acceotance of Deliverables Review OMV Accentance of Deliverables 80. Svstem Rollout comnlete 0 davs Fri 8/14/09 Fri 8/14/09 81. Contractor Support and Maintenance of Installed Svstem beains Odavs Fri 8/14/09 Fri 8/14/09 .. 71. 72. 73. 74. 75. 76. . ••.·. FRS Contract #000665 New York DMV __ . ,,'. ,.-,: ,:_:_ 112 110282 . ,· 0 davs . · 2davs 1 dav 2 davs 0 davs 14 clavs Mon 7/27/09 Tue7/28/09 Tue 7/28/09 Tue 7/28/09 Wed 7/29/09 . Tua112a109 . Mon Wed Tue Wed Wed Fri 7/27/09 7/29/09 7/28/09 7/29/09 7/29/09 8/14/09 1 dav Tue 7/28/09 Tue 7/28/09 1 dav 10 davs 1 dav Thu 7/30/09 Fri 7/31/09 Fri 8/14/09 Thu 7/30/09 Thu 8/13/09 Fri 8/14/09 212012009 GULaw Privacy FR Appendix 0 Hardware & Software Summary HARDWARE 33 +1 s are Make: Dell PowerEdge Model: M600 Processor: Dual Quad Core Intel® Xeon® E5450, 2x6MB Cache, 2.66GHz, 1333MHz FSB Processing Speed: 2.66Ghz Memor : 8GB Storage Capacity: Dual (2) 146GB SAS drives in RAID! Operating Software: Windows Server 2003 Std. x64 Other Features and/or Software Requirements: BioAp lication Server Type: Blade Server Make: Dell PowerEdge Model: M600 Processor: Dual Core Intel® Xeon® E5450, 2x6MB Cache, 2.66GHz, 1333MHz FSB Processing Speed: 2.66Ghz Memory: 4GB Storage Capacity: Dual (2) 146GB SAS drives in RAID I 0 erating Software: Windows Server 2003 Std. x64 Other Features and/or Software Requirements: II Tem late Creator Server Type: Blade Server 2 FRS Contract #000665 New York DMV 113 110283 212012009 GULaw Privacy FR . rffii"' ~ ~11HraifiifcH.rJsdr1trr«Fexs!feci•· <<· " - .. .. Make: Dell PowerEdge Model: M600 Processor: Dual Quad Core Intel® Xeon® E5450, 2x6MB Cache, 2.66GHz, 1333MHz FSB Processing Speed: 2.66Ghz Memory: 8GB Storage Capacity: Dual (2) 146GB SAS drives in RAID 1 Operating Software: Windows Server 2003 Std. x64 Other Features and/or Software Requirements: Blade Enclosure·. - .. - - - ,_---· ---- -_ -- - . --- J. ·.., -----_- ___ - - - .-- - ---_- : Type: Blade Enclosure Make: Dell PowerEdge Model: MlO00e Processor: NIA Processing Speed: NIA Memory: NIA Storage Capacity: NIA Operating Software: NIA Other Features and/or Software Requirements: Will hold up to sixteen (16) M600 series Blades WebSerJJer----<•---- -_-, ___ :_. .. ', . - a·-·. -- - - ---- - -- ---- -_ - - -·· 2-._ ----.-_ -- .: ·- :: ___ ---- Type: 1U Rack server · Make: Dell PowerEdge Model: 1950 III Processor: Dual Core Intel® Xeon® L5240, 6MB Cache, 3.0GHz, 1333MHz FSB Processing Speed: 3.0Ghz Memo1y: 4GB Storage Capacity: Dual (2) 146GB SAS drives in RAID 1 Operating Software: Windows Server 2003 Std. x64 Other Features and/or Software Requirements: Advanced Host Monitor (system outage/problem monitoring and reporting tool) Database.Server --- . _.·--__ ·. - c_.···' -_-.-- Type: 2U Rack server Make: Dell PowerEdge Model: 2950 III FRS Contract #000665 New York DMV 114 110284 -- - 2·.:. - - -- 212012009 GULaw Privacy FR ,'llJ,c'r/w,a}i'&,Sflltiifarls,N'fli = ~-, ·•· __ .-,,·------i,\, "' ~ Processor: Two (2) Dual Core Intel® Xeon® L5240, 6MB Cache, 3.0GHz, 1333MHz FSB Processing Speed: 3.0Ghz Memory: 8GB Storage Capacity: Six (6) 146GB SAS drives in RAIDI0 Operating Software: Windows Server 2003 Std x64 Other Features and/or Software Requirements: Oracle I lg Enterprise Edition (64 bit) with partitioning Oracle Diagnostic, Tuning, Change Management, Provisioning packs Oracle Data Guard and Data Guard Broker Oracle Enterprise Manager Grid Control ' * Note: The use of the required Oracle licenses will be provided by L-1 at NO ADDITIONAL COST to DMV Backup software such as Veritas StorageArrav ... - - .. -~- -:···-~: .· ', ;----:::_:: -~ - -_ - : -. -_ - 2 -· ·- - .. - Type: Direct Attach SCSI Make: Dell PowerEdge Model: MDI000 Processor: NI A Processing Speed: NIA Memory:N/A Storage Capacity: (15) 500GB SAS drives in RAIDI0 Operating Software: N/ A Other Features and/or Software Requirements: PERC SCSI Card for External RAID FRS Contract #000665 New York DMV 115 110285 2/20/2009 GULaw Privacy FR Appendix P NY Facial Recognition System Business Continuity Plan L-1 Identity Solutions Secure Credentialing Division 296 Concord Road - 3'dFloor Billerica, MA 01821 Tel. (978) 932-2200 FAX (978) 932-2225 L-1 Document No. NY BCP 001 L-1 Sales Order xxxx NY RFP DMV C000665 Revision Level - 1 Issued Date - Februarv 18, 2009 NY OMV Conlrnct No. C000665 Functional Area Approval Approval List L-1 Programs L-1 Engineering L-1 Security Jim McDermott MikeMazzu Senthil Kumar L-1 Installation L-1 Training NYDMV NYDMV NYDMV Eric Hjerpe Dave Scannell FRS Contract#000665 New York DMV 116 110286 Approval Date 2/20/2009 GULaw Privacy FR TABLE OF CONTENTS REVISION HISTORY ...................................................................................................................................... 118 INTRODUCTION ............................................................................................................................................. 119 SCOPE ................................................................................................................................................................ 119 GOALS FOR THE BUSINESS CONTINUITY PLAN .................................................................................. 119 SYSTEM ARCHITECTURE ........................................................................................................................................ 120 DATA STORAGE ............................................................................................................................................... 124 CONTINGENCY PLANNING ......................................................................................................................... Recove,y Time Objective ............................................................................................................................ Recove,y Point Objective ........................................................................................................................... FAILOVER STRATEGY ...................................................................................................................................... SYSTEM FAIL OVERS ........................................................................................................................................ 125 125 125 125 126 Oracle Data Guard ................................................................................................................... ................. 127 BUSINESS CONTINUITY PLAN EXERCISES ............................................................................................ BRP EXERCISE GUIDELINES ............................................................................................................................ FRS Contract #000665 New York DMV 117 110287 128 128 2/20/2009 GULaw Privacy FR Revision History Date Revision 0 Revision Items Sample Draft 1 Updated for contract Aug 12, 2008 Feb 18, 2009 2 3 d:- -~-- FRS Contract #000665 New York DMV 118 110288 2/20/2009 GULaw Privacy FR Introduction L-1 is proposing to provide a high performance facial recognition system for NY DMV. For true disaster recovery wherein all of the equipment hosted at the NY DMV data center is lost, NY DMV has required that the vendor make the system functional and available within 48 homs after NY DMV has acquired and set up all the hardware and copied the data files from tape on to hard disk storage. At the same time, NY DMV has required that a fault-tolerant, highly available system be provided at the primary data center such that single component failures do not disrupt system availability or functionality. In light ofL-1 's vast experience in setting up high availability systems, we are proposing to provide a system architecture with redundant servers in a highly available, fault-tolerant configuration. Our team understands the importance of protecting the system and data from unscheduled downtime. The solution was designed to prevent this type of outage, and to respond to any catastrophic disaster in a managed fashion to restore services at the backup facility location. This document describes the components, technology and configuration choices and rationale that went into the design of the system that provides high availability and fault tolerance at the primary site. The Business Continuity Plan outlines activities necessary to ensure the availability of the NY FRS as per the objectives stated in your RFP. The Disaster Recovery Plan is a separate document that outlines how, in a true disaster where the primary site is completely lost, services will be restored at the backup site. Scope The Business Continuity Plan contains the following sections to ensure the continuity of business in the event of a system failure. Goals for the Business Continuity Plan • • • • Solution Architecture Overview Contingency Planning Business Recovery Business Continuity Plan Exercises Goals for the Business Continuity Plan Following is a list of objectives for the Business Continuity Plan; • • • • • • • • • Ensure correct recovery procedures and information exist in the BCP Ensure the integrity of the DL/ID data resource Ascertain all risks and vulnerabilities are covered in the BCP Ascertain all necessary controls to mitigate risks are established Ascertain that the BCP and the procedures are adequate for current and changing future needs Establish change control procedures Provide a training experience for the recovery teams Coordinate with DMV Once the BCP is established, exercise the plan periodically. FRS Contract #000665 New York DMV 119 110289 2/20/2009 GULaw Privacy FR System Architecture Our team understands the importance of protecting the system and data from unscheduled downtime. The solution was designed to prevent this type of outage, and to respond to any catastrophic disaster in a managed fashion to restore services at the backup facility location. The DMV will manage the facility and ensure the security of the system and infrastructure such as power and external connectivity. Our proposed solution was configured with full redundancy for high-availability and failover to prevent loss of functionality due to the loss of primary solution components at that facility. This design promotes redundancy and eliminates any single point of failure. We also intend to maintain a test system at our Billerica MA facility to aid in troubleshooting and QA of new software versions. We are also proposing the server operating systems and DMV data will be fully backed up to disk and then to tape and sent offsite for secure storage. Our solution is provided using relational database schema design methodology and all system data is stored within the database structures. All data is stored on RAID 10 storage devices and can be archived to magnetic media in cases of disaster recovery. Our product is tested and certified on the Oracle database management system. L-1 will use Oracle Data Guard to maintain synchronous data between the primary and backup database servers. Based on NY' s RFP, L-1 is proposing as a system solution the following configuration: FRS Contract #000665 New York DMV 120 110290 2/20/2009 GULaw Privacy FR I I Client terminals {ijj) ~~- ~ r ... ,:::;:--t--,:::\ --=i:-·-~ Production /~ / Production Network Load Balancing Web Server #1 Production Production <~D_a~ta~G~u~ar~d-~ FR Offsite Tape Database ~,- FR Backup ry Database Database Server Server NY DMV Data Center As outlined in the above diagram, the system consists of only the one site where all the equipment is hosted. If a true disaster strikes which makes either the data center or most of the equipment unavailable, NY DMV will acquire and prepare the necessary hardware, copy the data from tapes onto the hard disk storage and will then call upon L-1 to install the applications and make the system available within 48 hours. New YorkFRS DMVContract #000665 121 110291 2/20/2009 GULaw Privacy FR Primary Site Configuration: Note: All equipment, facilities and infrastructure including uninterruptible power, high bandwidth network etc. are provided by NY DMV. L-1 is only responsible for configuring, setting up and administering the applications and systems. • All server hardware is configured in a high performance, fault tolerant fashion with dual/quad processors, mirrored hard drives, redundant network cards rn1dredundant power supplies with UPS backup. Redundant internal Gigabit Ethernet switches within the rack provide fast, high throughput communication within the rack components. At least one automated tape library unit is used at the primary site for backing up data. • The web servers are in network load balanced mode, exposing only a single virtual IP address to the outside. Thus, when both nodes are operational, they share the load for improved throughput. Moreover, should one of the nodes in the pair go down, it is transparent to the clients as the other web server automatically picks up the load and the exposed IP address remains the srnne. Microsoft's Internet Information Server 6.0 is used as the web server. • Either web server can talk to any one of the two sets of application servers, which run L1's custom application software written using Microsoft .Net. Normally, one web server is connected to one set of application servers, and the other web server is connected to the other set of application servers. This optimizes the throughput. Should one set of the application servers go down, the web server normally connected to the failed application server switches over to the functional application server automatically (using a timeout to detect failure). After the failed server is fixed, the web server is switched back to the repaired server manually. • Even though we have two database servers at the primary site, only one database server is active at any time. Each database server runs one or more instances of Omcle I lg RDMBS Enterprise Edition as needed for the facial recognition system. Each database server has its own direct-attached RAID storage (storage is not shared between the servers) where Oracle data is stored. Oracle's Data Guard product is used to synchronize the data between the active and the standby database servers ( described in detail later). Oracle Data Guard Broker, a component of the Data Guard, runs on the application server and monitors the two database servers. Should the active server fail, the Broker detects the failure md automatically makes the standby database server active within a few minutes. Oracle's Flashback Recovery is enabled on the database servers to allow rolling back the database to a previous point in time, should the need arise. FRS Contract #000665 New York DMV 122 110292 2/20/2009 GULaw Privacy FR Production Database Transaction Shipping (Real Time Apply) Standby Database No Delay Flashback Flashback Log Log FlashbackprovidesData Guard with an easyMtoMuse methodto correctuser errors.Flashback Database can be used on both tile primary and standbydatabase to quickly revert the databases to an earlier point in time to back out user errors.If the administratordecides to failover to a standby database, but those userMerrors were already applied to the standby database (forexample, because Real TimeApplywas enabled),the administratorcan simply flashback the standby database to a safe point in time. Image Database System Flashback Technology • • Both sets of application servers connect to the active database server. Should that database server fail, the application automatically connects to the standby database server (based on a timeout) as soon as it becomes available. After the failed database server is fixed and synchronized with the active database server, the Database Administrator switches the server roles manually. The application servers automatically switch over to the active server again. The active database server is backed up to NY DMV's enterprise tape library using Oracle's RMAN backup feature and SymantecNeritas/Oracle backup software. It is recommended that NY DMV do a full backup of the database once a week and incremental backups once daily. Four sets of tapes are used in rotation every Monday (or any other day) to make backups. The tape set taken out every Monday is sent to a secure, offsite location for safekeeping and the oldest backup set at the offsite location is returned to the primary site for loading the following week. Separately, a server and network monitoring tool called the Advance,/ Host Monitor is installed on the web servers. This tool monitors all the servers, applications and databases (at both the primary and remote sites) to ensure that they are functioning properly. Should a failure be detected, Host Monitor immediately sends an email alert to a distribution list containing at least two tech support personnel. This way at least one of the technical support persons can look into the problems, take corrective action and restore the system to its normal state. With two Advanced Host Monitor installations, they can monitor each other and thus prevent the rare, but real possibility that the monitoring from one server has failed for one reason or another. Given the above description, it is clear how the entire system comprised of web, application and database components continues to function even when multiple components fail simultaneously as long as at least one each of web, application, database servers are functioning properly. In addition, the installation of Advanced Host Monitor makes it possible to detect problems quickly and resolve them, before problems worsen. FRS Contract #000665 New York DMV 123 110293 2/20/2009 GULaw Privacy FR Data Storage A scalable, high-availability, load-balanced and exceptionally fault-resilient Primary Image Database System and Backup Image Database System will be configured to accommodate a minimum of 32-million images over the term of the contract, which includes migrated legacy images and all images enrolled during the contract. To provide redundant storage of these images two identical storage frames are proposed. The primary objectives of the data storage solution design is to provide data integrity, data security, high availability with real-time synchronization and transparent fail over capability along with the highest level of operations recovery, security and performance. At present we propose using RAID 10 and a mix of drives for disk storage. Usable disk storage capacities are estimated based on record size and volume data provided by NY DMV. This disk storage will accommodate the migration requirements of the existing data to the new system as well as the ongoing growth outlined in the RFP. The storage volume is also provided to support the archive logs and disk backup files required for Oracle RDBMS requirements which protect against data loss in the event of a database media corruption. The Backup Image Database will be updated in real-time with the Primary Image Database using Oracle Data Guard (Described in detail below) in Maximum Availability mode to accomplish the highest level of data protection. This mode will ensure a comprehensive zero-data loss recovery solution and allow for a quick fail over configuration for a comprehensive business continuity solution. This will be accomplished by applying the database updates to the Backup Image Database in real-time. RedoLogs Primary ImageDatabase Backup ImageDatabase Real-Time Apply of Redo Logs A low-latency network, broad network bandwidth, an equally-configured Backup Image Database Server will support the performance demands required without impacting the performance of the Production Image Database System. FRS Contract #000665 New York DMV 124 110294 2/20/2009 GULaw Privacy FR Disk Storage • RAID- IO for Online Database Data Tape Storage • NY DMV will utilize their exiting tape backup system Software Oracle Relational Database System (RDBMS) Enterprise Edition version I lg • Oracle Data Guard • Optional Oracle Enterprise Manager Grid Control • Diagnostic, Performance Tuning, Change Management, Configuration Management and Provisioning Packs • Database Partitioning This system architecture is configured for high-availability, redundancy and scalability (both vertical and horizontal) to meet or exceed the performance demands, Recovery Time Objective and Recovery Point Objective. Contingency Planning Recovery Time Objective Recovery Time Objective (RTO) is defined as the maximum amount oftime for which service can be down after a failure is declared. Recovery Point Objective The Recovery Point Objective (RPO) is defined as the maximum length of time for which data could be lost if a failure occurs. Failover Strategy Oracle Enterprise Edition Database ! lg, Oracle Data Guard and Oracle Flashback Technology are critical components for providing the maximum available architecture. These databasespecific products provide an extensive set of data protection and disaster recovery capabilities to sustain business in the event of a disaster (i.e. logical ru1dphysical data corruption, natural disaster and planned or unplanned outages) which can affect database availability. Media-related Disaster Recovery scenarios are rectified utilizing the Oracle Data Guard Failover Strategy. On a daily basis, an incremental backup of the database and all archive logs are written to disk for online availability and tape for daily offsite storage. A low-latency network will support the performance demands required for synchronizing Backup Image Database System with the Primary Image Database System without impacting the performance of the Primary Image Database System. The Image Database System's RTO will be met by the Primary Image Database System failover capability using the Oracle Data Guard application. The database redundant solutions and recovery times attainable with Oracle Data Guard product features and the proposed network bandwidth between the Primary Image Database site and the Backup Image Database site will FRS Contract #000665 New York DMV 125 110295 2/20/2009 GULaw Privacy FR facilitate the requirement to meet or exceed the DMV Recovery Time Objective for both planned and unplanned outages. Table1: SystemRecovery Times Outage Type Solution Recovery Time* Hardware/Network/Database Failure Failover Less than 5-minutes** Site Failure Failover 48 hours after hardware and data are ready. *RecoveryTime appliesto databaseand existing databaseconnectionfailover. **The Data Guard Broker, an application process, will reside remote from the Primary and Standby Database. Data Guard Broker will provide for cenh·alized management of the failover operations, configurations, monitor the data applyrates,runtimeperformance,diagnosticinformation,detecting problemsandprovide event notification. More importantly, the Data Guard Broker will estimate the amount of time required to failover to the Standby Database. System Fail Overs DMV has required a high availability system without a specific RTO/RPO definition. However, DMV has specified a 48 hour disaster recovery window. In the absence of very specific requirements for high availability, L-1 has taken it up itself to configure a system comprising two complete sets of equipment which are practically mirror images of each other. These two systems, resident in the same physical location next to each other, provide limited disaster recovery, but are set up in such a way as to provide I 00% availability of services should one or more of the components of one system or the other fail, as long as the counterpati of the failed components in the other system is fully functional. Load balancing between the web and application servers, real-time data synchronization between the database servers, automatic failover to the standby should the primary database go down and setting up the web, application and database components to work with each other in any combination (i.e., a web server in one set can work with the application server in either set, the application server can work with the database server in either set, etc.) make this high availability possible. In the event of a failover the Backup Image Database System will accommodate I 00% of the database update capability immediately upon failover. The Backup Image Database system will be updated and synchronized in real-time from the Primary Image Database. Therefore, the Backup Image Database data will be readily available to provide DMV update capability within a 5 minute Recovery Time Objective. Since the two systems reside next to each other, failover capability is limited to failure of select equipment only. Should a major disaster strike, whereby the entire site and multiple components of the two sets of equipment are lost, then L-1 will provide disaster recovery within 48 hours of DMV providing the hardware and data as required. This disaster recovery plan is discussed in the following section. FRS Contract #000665 New York DMV 126 110296 2/20/2009 GULaw Privacy FR Oracle Data Guard Oracle's Data Guard, a component of the Oracle I lg Enterprise Edition, is a sophisticated product specifically designed to enable smooth fail over in the event of component failures and address other key aspects of high availability and disaster recovery. After careful analysis of the needs of this project and costs associated with various solutions, the following RPO and RTO have been chosen as appropriate for the project. We can refine these objectives during project planning with the DMV • • • • Zero data loss RPO for database failure within the same site - this means that if the active database server fails, at most no data could be lost. One day data loss RPO for disaster - this means that if a true disaster strikes the data center and the database servers are completely lost, at most one day worth of data could be lost. I hour RTO for database failure within the same site - this means that if the active database server fails, the other server should be brought online and the entire system from the end client perspective should be up and running in I hour or less. 48 hour RTO for disaster - this means that if a major disaster strikes causing the data center and the database servers to be completely lost, the system must be made available within 48 hours after the hardware and data are readied by the DMV. In order to understand how Data Guard in combination with redundm1t system components makes achieving these objectives possible, it is necessary to understand the different modes in which Data Guard can be configured to function. • • • Maximum Performance: In this mode, data is committed to the active database server only, before the client resumes processing. A background process on the active server moves the data to the standby server and commits it in the standby database. This commit to the standby database generally happens in just a few seconds or less as long as the network com1ectivity between the servers is good and the servers me not operating at their peak capacity. Should there be m1interruption in the network communication between the two servers or if the standby server is down/busy, the data will be held in the active server until the problem is resolved. Upon resumption of communications and the availability of the standby server, the data is then sent and committed. Should the active server fail completely (all hard drives destroyed permanently) while the data has not been transmitted to the standby server, the data could be lost forever, unless other m-ra11gementsare made to safeguard against data loss. Maximum Protection: In this mode, data is committed to both the active and at least one standby database servers in one granular transaction before the client resumes processing. If the standby server is busy or unable to be contacted, even if the active server is functional, all transaction processing stops and the clients hang. Obviously, this mode guarantees that data is committed to at least two servers, thus providing utmost protection to the data. But, clearly, this comes at a major inconvenience to the clients, as even minor planned or unplanned network or server outages will cause system unavailability. Maximum Availability: This mode is a compromise between the maximum performance and maximum availability modes. As long as both servers are available and can communicate with each other, Data Guard operates in Maximum Protection mode whereby data is committed to both servers before client resumes processing. Should the FRS Contract #000665 New York DMV 127 110297 2/20/2009 GULaw Privacy FR standby server become busy/unavailable or network outages prevent it from being contacted, the active server reve1is to Maximum Performance mode whereby data is only committed to the active server until the standby server is restored to full function and communication. Since system availability is extremely important in this project, and because the servers share the same rack and network switch thus enabling reliable high speed communication between them, Data Guard will be set up in Maximum Availability mode. This gives the best balance of system availability and data loss prevention. In the remote event the standby server fails first and the active server fails afterward (before data could be synchronized), some data will be lost. However, the lost data can easily be recovered from the data source (NY DMV Driver License System) or the failed primary server hard disks which are engineered to protect data against failure of one disk. Thus, zero data loss RPO is almost achievable, although it might take some time in the remote event data has to be recovered from the NY DMV Driver License System. Even though automatic failover to the standby server at the primary site ensures continued system availability at the primary location within a few minutes, we need the 1 hour RTO to allow the database administrators to troubleshoot problems, if any. In that case, we will need to manually activate the standby server into production, redirect clients to connect to the standby, etc. This should normally take only a few minutes or less in automatic mode. But, the 1 hour RTO provides a comfort zone, in case unexpected problems arise. Business Continuity Plan Exercises As part of the operational acceptance of the new NY DMV system, the Business Continuity Plan will include the proving of the BCP, Recovery Time Objective and Recovery Point Objective including demonstrated failover to the disaster recovery sites. BRP Exercise Guidelines Following is a list of BRP Exercise Guidelines that will be followed in planning and executing the exercises. • • • • • • • DMV will be a participant during all exercises For each scheduled exercise, DMV will define exercise objectives; and define predetermined measurement criteria. Document and distribute a test schedule. Time frames indicate the duration of each schedule exercise. Select participants based on increased awareness and training benefits. Generate and adhere to an exercise script. Evaluate exercise results using the original exercise script as a guideline. A record of the exercise proceedings is kept. An unbiased observer is recommended for this position to maintain separation of duties. Record events, times, actions, and results. Conduct a post-evaluation meeting. The evaluation will answer the following questions: o Were the objectives of the exercise achieved? o Was the test accomplished in the prescribed time frame? o Did exercise pmticipants perform as instructed? FRS Contract #000665 New York DMV 128 110298 2/20/2009 GULaw Privacy FR o • • Was the overall recovery approach, as set forth in the recovery plan, appropriate and effective? Define recovery plan updating instructions and responsibilities. Does the plan need to be updated after the exercise? Who has responsibility for updating the plans and what is the time frame? Create and distribute an exercise report to interested parties, including DMV Management. FRS Contract #000665 New York DMV 129 110299 2/20/2009 GULaw Privacy FR Appendix Q NY Facial Recognition System Disaster Recovery Plan L-1 Identity Solutions Secure Credentialing Division 296 Concord Road - 3rd Floor Billerica, MA 01821 Tel. (978) 932-2200 FAX (978) 932-2225 L-1 Document No. NY DR 001 L-1 Sales Order xxxx NY RFP OMV C000665 Revision Level - l Issued Date - February 19, 2009 NY DMV Contract No. C000665 Functional Area Approval Approval List L-1 Programs L-1 Engineering L-1 Security Jim McDermott MikeMazzu Senthil Kumar L-1 Installation L-1 Training NYDMV NYDMV NYDMV Eric Hjerpe Dave Scannell FRS Contract#000665 New York DMV 130 110300 Approval Date 2/20/2009 GULaw Privacy FR TABLE OF CONTENTS REVISION HISTORY ...................................................................................................................................... 132 INTRODUCTION ............................................................................................................................................. 133 SCOPE ................................................................................................................................................................ 133 GOALS FOR THE DISASTER RECOVERY PLAN (DRP) ........................................................................133 DISASTER RECOVERY ...................................................................................................................................... 134 IMAGE DATABASE BACKUP STRATEGY ................................................................................................134 DISASTER RECOVERY PLAN EXERCISES ..............................................................................................137 DRP EXERCISE GUIDELINES ............................................................................................................................ FRS Contract #000665 New York DMV 131 110301 137 2120/2009 GULaw Privacy FR Revision History Date Revision 0 Revision Items Sample Draft Aug 12, 2008 Feb 19, 2009 1 Updated for contract 2 3 FRS Contract #000665 New York DMV 132 110302 2120/2009 GULaw Privacy FR Introduction L-1 is proposing to provide a high performance facial recognition system for NY DMV. For true disaster recovery wherein all of the equipment hosted at the NY DMV data center is lost, NY DMV has required that the vendor make the system functional and available within 48 hours after NY DMV has acquired and set up all the hardware and copied the data files from tape on to hard disk storage. L-1, with its vast experience in putting together high availability and disaster recovery solutions, has put together a system architecture and processes that respond to any catastrophic disaster in a managed fashion to restore services at the backup facility location. This document describes the components, technology and configuration choices and rationale that went into the design of the system. The Disaster Recovery Plan outlines activities necessary to ensure the availability of the NY FRS as per the objectives stated in your RFP. Scope The Disaster Recovery Plan contains the following sections to ensure the continuity of business in the event of a disaster • • • • • Goals for the Disaster Recovery Plan Solution Architecture Overview Contingency Planning Disaster Recovery Disaster Recovery Plan Exercises Goals for the Disaster Recovery Plan (DRP) Following is a list of objectives for the Disaster Recovery Plan; • • • • • • • • • • Ensure correct recovery procedures and information exist in the DRP Ensure the integrity of the DL/ID data resource Ascertain all risks and vulnerabilities are covered in the D RP Ascertain all necessai·y controls to mitigate risks are established Ascertain that the DRP and the procedures are adequate for current and changing future needs Establish change control procedures Provide a training experience for the recovery teams Coordinate with DMV Once the DRP is established, exercise the plan periodically. Ensure a 48 hour system recovery as soon as the DMV hosted hmdware and infrastructure is operational. FRS Contract #000665 New York DMV 133 110303 2120/2009 GULaw Privacy FR Disaster Recovery In the event of a major disaster whereby both sets of servers at the primary data center are lost, NY DMV is requiring that L-1 make the system fully operational within 48 hours after NY DMV has readied the hm·dware and copied data from tapes on to the hard disks. L-1 requests that NY DMV notify L-1 as soon as a disaster occurs, even while the hardware and data are getting readied. As soon as L-1 is alerted, L-1 will take the following steps for full system recovery. 1. Assemble all the key technical resources in a war room, analyze and understand the scope of the disaster, what can be salvaged (if any) and the optimal path for full system recovery. 2. Retrieve and review all the current documentation and software necessary for system configuration and setup from source code control system, make multiple copies of the media and test to ensure readability. 3. Assist NY DMV in acquiring the hardware and copying data from the tapes on to the hard disk. 4. Arrive at NY DMV's disaster recovery site in a timely manner and prepare for system restore. 5. As soon as the hm·dware and data are readied by DMV, the L-1 team will simultaneously get to work on the web, application and database servers in parallel. 6. The database is brought up and checked. The application servers are configured and checked. Application servers are then loaded with data from the database. The web servers are set up and checked. L-1 engineers will work around the clock with DMV infrastructure personnel in resolving network and other problems as necessary. 7. After all the servers are set up and tested individually, a system integration test is conducted whereby all aspects of the system m·e tested. Any problems noticed are immediately addressed. 8. After integration is completed, DMV will be notified that the system is ready and operational. Image Database Backup Strategy The Image Database System backup will be the source for recovery of the Image Database System. The Image Database System Backup strategy consists of both disk and tape storage. DMV has assumed responsibility for making tape backups using its Enterprise Tape Backup equipment and processes. L-1 's tape backup strategy recommendations are given below. Upon contract award, L-1 will work with the DMV to configure, fine-tune and the tape backup strategy, policies and procedures to ensure that restores from tape are accomplished reliably, quickly and securely A Full (Level-0) encrypted, compressed and password protected Oracle Recovery Manager (RMAN) backup of the Image Database System will be written to disk and tape on a weekly basis. Incremental (Level-I Differential and Level-I Cumulative) encrypted and password protected Oracle RMAN backups baselined from the Weekly Level-0 backup of the Primary Image FRS Contract #000665 New York DMV 134 110304 2/20/2009 GULaw Privacy FR Database System are written to disk and tape via RMAN on a daily basis (e.g. Sunday tlu·ough Friday). For added data integrity and assurance, the Image Database System backup writes will be scanned for logical and physical corruption. Block ChangeTracking Level a level 1- Dlfferential level 1- Differential Level 1- Differential IncrementalCumulative level 1- Differontlal +-----------, Level 1- Differendal +----, ' i I s : ' i I T w ' ''' '' '' ' '' '' '' '' ' '' '' '' ' ' ! [ ' i I i i I I R F s s Incremental and Full Level OBackup Strategy The disk-resident backups are retained local to the Image Database System disk storage for online availability throughout the backup rotation. The Image Database System Full Level-0 and Incremental Cumulative and Differential backups are also written to tape media, which contains the 256-bit key encrypted and password protected database backup. The tape backup will be transferred, daily, to a DMV-approved offsite secured vault for a proposed 30-day retention and onsite rotation. We recommend that the Database Archive Logs generated from the Primary Image Database System updates are written to: I) Disk and retained for 3 0-days 2) Tape concurrently and applied to the Backup Image Database System in real time to ensure I 00% redundancy, accuracy and recoverability of the database to minimize any Recovery Point lag. FRS Contract #000665 New York DMV 135 110305 2/20/2009 GULaw Privacy FR The RMAN Backup Status logs are reviewed daily. In the event the backups are not successful, the DMV is notified, risks are assessed and the appropriate actions will be agreed upon and taken. For example, the DMV may agree to allow a special backup to be accomplished out-ofschedule to ensure recoverability. The DMV should ensure that the server operating systems and database are backed up to disk and tape as per the schedule below. The tape media should be sent offsite for secure storage. Our tape solution includes a weekly and daily data archival plan of the Backup. NY DMV will be responsible to provide the tapes and conduct these backups. L-1 is proposing NY DMV implement the following backup schedule • • Weeldy Backup Schedule: A Full (Level-0) enc1ypted, compressed and password protected archival of the FR Image Database System will be written to disk and tape on a weekly basis. Daily Incremental Backnps: Incremental (Level-I Differential and Level-I Cumulative) encrypted and password protected backups baselined from the Weekly Level-0 archival of the Prima1y Image Database System are written to disk and tape on a daily basis (e.g. Sunday through Friday). The figure below shows the proposed archival plan. LevelO (Full) Level 1 Incremental ArchiveLog Backup Weekly WKLY 15-Days Dally WKDY 15-Days Wlto provide Ile roqLirad1.-.ormatlonmay &Li:Jj9Cl you to dvil or criminal ponaltles, or both, under tho Tax Law. New York DMV Fax-on-demand forms: Telephoneassistanceis availablefrom B·OOA.M. to 5:00 P.M.(easterntine), Mondaythroug, Friday To orderforms and pubications: Fromareas outsidethe U.S.and outsideCanada: .,. 42 USC 405(c)(2)(CJ~). Thi• lnlormalon Is malntolnodby tho Dlnactorof Ra::ordsManagemontand Dato Entry, NYSTax Deportmon~WA Harriman Campus.Albany NY 12227; fQlophono 1 BOO225-6829.From areasout&ido119UnlfQdStalasand ol.Csido Canada,call (518)485-6800. (for nformation.forms,and publications) L Personswithdisabilities:In compliancewith the Americanswith DisabiitiesAct. we willensurethat our lobbies, '-" offices.meetingrooms,and otherfacilitiesare accessibleto If youhavequestionsaboutspecial personswithdisabil1ies. accommodations forpersonswithdisabiities,pleasecall 1 800972-1233. '5\ 110341 32 GULaw Privacy FR C000820 23000 APPENDIX-E: CONTRACTOR REQUIREMENTS AND PROCEDURES FOR BUSINESS PARTICIPATION OPPORTUNITIES FOR NEW YORK STATE CERTIFIED MINORITY AND WOMEN-OWNED BUSINESS ENTERPRISES, AND EQUAL EMPLOYMENT OPPORTUNITIES FOR MINORITY GROUP MEMBERS AND WOMEN (MWBE, v. 2-10-12) I. Introduction: New York's Statewide Certified MWBE Program (Program) serves to ameliorate the significant disparities between the level of participation of MWBE's in state procurement contracting, versus the number of certified minority-and women-owned business enterprises (MWBE's) that are ready, willing and able to participate in state procurements. In order to comply with New York State Executive Law Article 15-A ("Participation by Minority Croup Members and Women with Respect to State Contracts"), Article 15 (the "Human Rights Law"), and 5 NYCRR Parts 142-144 ("MWBE Regulations"), for all State contracts as defined therein, and to facilitate the implementation and operation of the Program, State agencies are required to establish goals for maximizing participation of New York State MWBE's and the employment of minority group members and women in the performance of New York State contracts. This Section articulates DMV's goals for promoting such opportunities. Bidder/Contractor acknowledges that its failure to comply with the following provisions may result in a finding of non-responsiveness, non-responsibility, and/or breach of Contract, which may result in the withholding of payment, suspension or termination of the Contract, or such other actions or enforcement proceedings provided herein or permitted by Law. II. Business Participation Opportunities for MWBEs: DMV hereby establishes an overall goal of 22% for MWBE participation, 11% for Minority-Owned Business Enterprises (MBE) participation, and 11% for Women-Owned Business Enterprises (WBE) participation (based on the current availability of qualified MBE's and WBE's). Contractor must document good faith efforts to provide meaningful participation by MWBE's as subcontractors or suppliers in the performance of the Contract, and Contractor agrees that DMV may withhold payment pending receipt of the required MWBE documentation. The directory of New York http://www.esd.ny.gov/mwbe.htrnl. State Certified MWBE's can be viewed at: For guidance on how DMV will determine a Contractor's "good faith efforts," refer to 5 NYCRR §142.8. D) Liquidated Damages: In accordance with 5 NYCRR § 142.13, Contractor acknowledges that its willful and intentional failure to comply with the MWBE participation goals set forth in the Contract will constitute a material breach of Contract for which DMV may withhold payment from the Contractor as liquidated damages for such breach. New York DMV 110342 33 GULaw Privacy FR C000820 23000 Such liquidated damages shall be calculated as an amount equal to the difference between (1) all sums identified for payment to MWBE's had the Contractor achieved the contractual MWBE goals, and (2) all sums actually paid to MWBE's for work performed or materials supplied under the Contract. E) MWBE Utilization Plan: The Bidder to whom a contract is awarded (Contractor) must submit a MWBE Utilization Plan, upon execution of the Contract. At all times during the performance of the Contract, Contractor must make good faith efforts to utilize MBE's and WBE's identified in its MWBE Utilization Plan. DMV may disqualify circumstances: a Bidder/Contractor as being non-responsive, under the following a) Bidder/Contractor fails to submit a MWBE Utilization Plan; b) Bidder/Contractor fails to submit a written remedy to a notice of deficiency; c) Bidder/Contractor fails totimely submit a request for waiver; or d) DMV determines that the Bidder/Contractor has failed to document good faith efforts. Any modifications or changes to the MWBE Utilization Plan made during the term of the Contract must be promptly reported, and such modifications or changes will be subject to DMV's approval. DMV will review the submitted MWBE Utilization Plan and advise the Contractor of DMV's acceptance, or issue a notice of deficiency within 30 days of receipt. 1. MWBE Waiver Request: Contractor may submit requests for a partial or total waiver of established goal requirements, at any time during the term of the Contract, prior to issuance of final payment on the Contract. If a notice of deficiency is issued, Contractor must respond to the notice of deficiency within seven (7) business days of receipt by submitting to DMV a written remedy that addresses each deficiency contained in the notice of deficiency. If the written remedy that is submitted is not timely or is found by DMV to be inadequate, DMV shall notify Contractor and direct Contractor to re-submit a revised remedy, within five (5) business days. Failure to request the waiver in a timely manner may be grounds for rejection of the request. 2. Contractor's Quarterly Workforce Employment Utilization Report ("Workforce Report"): Contractors are required to submit to DMV, by the 10th day following the end of each quarter during the term of the Contract, a Workforce Report. Such reports document Contractor's progress made toward achieving the MWBE goals for the Contract. The Workforce Report must document any changes to the "Bid Staffing Plan" that Contractor submitted with its Bid (See, below). Contractor must submit separate reports for Contractor and any subcontractor performing work on the Contract. In limited instances, Contractor may not be able to separate out the workforce utilized in the performance of the Contract from Contractor's and/or any subcontractor's total workforce. When a separation can be made, Contractor must submit the Workforce Report and indicate that the information provided related to the actual workforce utilized on the Contract. When the workforce to be utilized on the Contract cannot be separated out from Contractor's and/or a subcontractor's total workforce, Contractor must submit the Workforce Report and indicate that the information provided is Contractor's total workforce during the subject time frame, not limited to work specifically under the Contract. New York DMV 110343 34 GULaw Privacy FR C000820 23000 III. Equal Employment Opportunity Requirements: NOTE: The following requirements do not apply to (a) work, goods, or services unrelated to the Contract; or (b) employment outside New York State. Contractor must ensure that Contractor and its subcontractors undertake or continue programs to ensure that minority group members and women are afforded equal employment opportunities without discrimination because of race, creed, color, national origin, sex, age, disability or marital status. This requirement shall apply to any subcontractors to whom Contractor awards a subcontract for goods or services related to the Contract, valued at over $25,000 for the construction, demolition, replacement, major repair, renovation, planning or design of real property and improvements thereon (except where such subcontract is solely for the beneficial use of the Contractor). • For these purposes, "equal opportunity" must be provided in the areas of recruitment, employment, job assignment, promotion, upgrading, demotion, transfer, layoff, termination, and rates of pay, or other forms of compensation. E) MWBE Form-1, Contractor's EEO Policy Statement: Contractor must execute and submit MWBE Form-1 (attached hereto), as its EEO policy statement, within seventy-two (72) hours after DMV issues written notice of award of the Contract to the Contractor. F) Bid Staffing Plan: Bidder must submit with its proposal a Bid Staffing Plan that identifies the anticipated work force to be utilized on the Contract by specified categories, including ethnic background, gender, and Federal occupational categories. Upon DMV's request, Contractor must promptly submit a workforce utilization report that identifies the workforce actually utilized in the performance of the Contract. G) Non-Discrimination: Contractor agrees that it will not discriminate against any employee or applicant for employment because of race, creed (religion), color, sex, national origin, sexual orientation, military status, age, disability, predisposing genetic characteristic, marital status or domestic violence victim status, and shall also follow the requirements of the Human Rights Law with regard to non-discrimination on the basis of prior criminal conviction and prior arrest; and Contractor shall take reasonable steps to ensure that its subcontractors comport with such non-discrimination provisions during the term of the Contract. Contractor acknowledges that it understands and shall comply with such requirements above, and these provisions shall be deemed supplementary to, and not in lieu of, the nondiscrimination provisions provided by New York State Executive Law Article 15 (the "Human Rights Law") or other applicable federal, state or local laws. New York DMV 110344 35 GULaw Privacy FR C000820 23000 MWBE Form-1: MINORITYAND WOMEN-OWNEDBUSINESS ENTERPRISES- EQUAL EMPLOYMENTOPPORTUNITYPOLICY STATEMENT M/WBE AND EEO POLICY STATEMENT agree to , the (awardee/contractor) _________ I, _____________ adopt the following policies with respect to the project being developed or services rendered at EJ This organization will and will cause its contractors and subcontractors to take good faith actions to achieve the M/WBE contract participations goals set by the State for that area in which the State-funded project is located, by taking the following steps: (I) (2) (3) (4) (5) (6) Actively and affirmatively solicit bids for contracts and subcontracts from qualified State certified MBEs or WBEs, including solicitations to M/WBE contractor associations. Request a list of State-certified M/WBEs from AGENCY and solicit bids from them directly. Ensure that plans, specifications, request for proposals and other documents used to secure bids will be made available in sufficient time for review by prospective M/WBEs. Where feasible, divide the work into smaller portions to enhanced participations by M/WBEs and encourage the formation of joint venture and other partnerships among M/WBE contractors to enhance their participation. Document and maintain records of bid solicitation, including those to M/WBEs and the results thereof . Contractor will also maintain records of actions that its subcontractors have taken toward meeting M/WBE contract participation goals. Ensure that progress payments to M/WBEs are made on a timely basis so that undue financial hardship is avoided, and that bonding and other credit requirements are waived or appropriate alternatives developed to encourage M/WBE participation. Agreed to this _______ (a) This organization will not discriminate against any employee or applicant for employment because of race, creed, color, national origin, sex, age, disability or marital status, will undertake or continue existing programs of affirmative action to ensure that minority group members are afforded equal employment opportunities without discrimination, and shall make and document its conscientious and active efforts to employ and utilize minority group members and women in its work force on state contracts. (b)This organization shall state in all solicitation or advertisements for employees that in the performance of the State contract all qualified applicants will be afforded equal employment opportunities without discrimination because of race, creed, color, national origin, sex disability or marital status. (c) At the request of the contracting agency, this organization shall request each employment agency, labor union, or authorized representative will not discriminate on the basis of race, creed, color, national origin, sex, age, disability or marital status and that such union or will affirmatively cooperate in the representative implementation of this organization's obligations herein. (d) Contractor shall comply with the provisions of the Human Rights Law, all other State and Federal statutory and Contractor constitutional non-discrimination provisions. and subcontractors shall not discriminate against any employee or applicant for employment because of race, creed (religion), color, sex, national origin, sexual orientation, military status, age, disability, predisposing genetic characteristic, marital status or domestic violence victim status, and shall also follow the requirements of the Human Rights Law with regard to non-discrimination on the basis of prior criminal conviction and prior arrest. (e) This organization will include the provisions of sections (a) through (d) of this agreement in every subcontract in such a manner that the requirements of the subdivisions will be binding upon each subcontractor as to work in connection with the State contract. day of ___________ _ By ________________________________ Print: ______________ New York DMV _ , 2________ _ Title: ______________ 110345 36 _ GULaw Privacy FR C000820 23000 _______________ (Name of Designated Liaison) is designated as the Minority Business Enterprise Liaison responsible for administering the Minority and Women-Owned Business Enterprises- Equal Employment Opportunity (M/WBE-EEO) program. M/WBE Contract Goals ___ % Minority and Women's Business Enterprise Participation ___ % Minority Business Enterprise Participation ___ %Women's Business Enterprise Participation EEO Contract Goals ___ % Minority Labor Force Participation ___ % Female Labor Force Participation (Authorized Representative) Title: _________________ _ Date: ____________________ New York DMV _ 110346 37 GULaw Privacy FR C000820 23000 Appendix-F NEW YORK STATE DEPARTMENT OF MOTOR VEHICLES STANDARD SECURITY CLAUSES FOR SHARING DATA WITH EXTERNAL ENTITIES (Revised 5/14/12) The terms of this Appendix have been incorporated into an agreement between the New York State Department of Motor Vehicles and the recipient of DMV data. The Parties to the Agreement shall comply with the applicable provisions hereof, to the extent not superseded by federal law. All data to which the recipient MorphoTrust ("Recipient") will be provided access by OMV is proprietary to OMV. Such data shall hereinafter be referred to as "OMV data". Recipient will safeguard all OMV data and resources to which it is granted access. Such safeguards must provide a level of protection of OMV data which is at least equivalent to those provided under NYS Cyber-Security Policy P03-002-V3.4, and comports with industry standards for such engagements. 1. Recipient agrees to limit its use of OMV data to the purpose for which it is provided hereunder, and for no other purpose, unless expressly authorized to do so by OMV. 2. Recipient must protect OMV data that is in Recipient's possession, or under its control from unauthorized access, disclosure, or dissemination. 3. DMV data includes information that is: • provided by OMV which is marked "Confidential"; • defined as "Personal, Private and Sensitive Information" (PPSI); • not expressly granted for public disclosure or dissemination; • protected by law from disclosure or dissemination; • concerning OMV' s infrastructure; • pertinent to an ongoing investigation. 4. Recipient must not permit OMV data to be copied or shared with anyone outside of the Recipient's organization, unless expressly authorized by OMV; and must limit access to, and use of, OMV data to individuals who require access for the purpose fulfilling Recipient's obligations arising under the terms of this Agreement. 5. Recipient must cooperate with OMV in the review of Recipient's data control processes employed for the protection of OMV data. 6. In the event that Recipient confirms or suspects the unauthorized use or access of OMV data or resources provided hereunder, Recipient agrees to promptly notify OMV's Information Security Office, as follows: a. by email: lnformationSecurity@dmv.ny.gov, or b. by telephone: (518) 402-2676. New York DMV 110347 38 GULaw Privacy FR C000820 23000 7. Recipient acknowledges that it understands and must comply with laws concerning the loss, misappropriation, compromise, or misuse of protected data provided hereunder, including: a) the federal Driver's Privacy Protection Act of 1994 (DPPA) (18 U.S.C. §2721, et seq.), and b) the New York State Information Security Breach and Notification Act (ISBNA) (General Business Law, §899-aa; State Technology Law, §208). 8. In the event that the security of personal information is breached in violation of the ISBNA, from a system maintained by Recipient, then the Recipient shall be responsible for providing notice of breach to the person(s) to whom such information pertains. In the event that Recipient is authorized to share such information with another entity, Recipient must hold its recipient responsible for providing such notice. Prior approval from DMV is required before any notifications are made to such persons. 9. Recipient must take appropriate measures to advise pertinent staff members, and its re-disclosure recipients (if any), of the penalties associated with unauthorized access, use, or dissemination of protected data. 10. Recipient's obligation of indemnification and holding harmless specified hereunder shall survive the expiration of the Contract by termination or otherwise. a) Recipient shall be solely responsible and answerable in damages for any and all accidents and/or injuries to persons (including death) or property arising out of or related to the services to be rendered by the Recipient or its subcontractors pursuant to this Agreement. The Recipient shall indemnify and hold harmless the State and its officers and employees from claims, suits, actions, damages and costs of every nature arising out of the provision of services pursuant to this Agreement. b) Recipient is an independent contractor and may neither hold itself out nor claim to be an officer, employee or subdivision of the State of New York, nor make any claim, demand or application to or for any right based upon any different status. 11. Recipient agrees to comply with DMVs instructions for the secure disposal of agreement-related electronic or hard copy files in Recipient's possession upon expiration of the term of this Agreement. 12. The following provisions apply to circumstances when Recipient or its subcontractors make use ofresources provided by DMV: A) Personal Computers (PCs): DMV-provided PCs must only be used for act1v1t1esrelated to official assignments and/or job responsibilities. Users are responsible for the use, protection, security and care of all New York State owned personal computers (PCs) and related equipment assigned to them by DMV. New York DMV 110348 39 GULaw Privacy FR C000820 23000 OMV-provided PCs (including laptops, monitors, printers, hardware, peripherals, commercially licensed software, files, programs, and data) are the property of DMV. DMV reserves the right to access or audit PCs, storage drives and removable media, and the information contained therein. Users must comply with the following restrictions when using DMV-provided PCs: • Protect against unauthorized access when the PC is left unattended by locking it, or logging-off; • Log-off the PC at the end of the workday, to ensure that the power remains On; • Do not leave a laptop unattended or unsecured; • Do not move the PC or related equipment to another location without approval from your manager/supervisor and DMV' s Information Technology Support Services. • Do not modify or repair any PC or related equipment without prior approval of DMV's Information Technology Support Services. • Do not connect any hardware that is not expressly approved. Users must contact DMV's Information Technology Support Services for a list of approved hardware. B) Software: Only software that is approved by DMV's Information Technology Support Services may be installed on OMV-provided computers. Users must abide by all software license agreements. Non-work related software (e.g. games or music downloading programs) must not be installed or used on DMV computers. Users must not install DMV-owned software or programs on a non-DMV-owned computer, unless expressly approved by DMV's Information Technology Support Services. C) Internet: OMV-provided Internet access must only be used for activities related to official assignments and/or job responsibilities. Users must employ reasonable precautions, including safeguarding and changing passwords , to prevent the unauthorized use of their DMV provided internet account by anyone else. Users must not access third-party internet service providers and webmail accounts (e.g., checking a personal email account on AOL), unless expressly authorized by the DMV's Information Security Office. DMV filters websites for inappropriate content. Users must direct requests to unblock or block a website to the DMV's Information Technology Support Services. D) Network: Users must limit the use of DMV's network to activities related to official assignments and/or job responsibilities . E) Email: Users must limit the use of OMV-provided email accounts to activities related to official assignments and/or job responsibilities. 13. Recipient agrees to continuing cooperation with DMV m response to developing security vulnerabilities. New York DMV 11034940 GULaw Privacy FR C000820 23000 AMENDMENT #1 of CONTRACT No. C000820 Between NEW YORK STATE DEPARTMENT OF MOTOR VEHICLES And MORPHOTRUST USA, INC. For SHARING OF IMAGES BETWEEN MULTIPLE STATES In the event of any conflict between the terms of this Amendment and those contained in State Contract No. C000820 previously entered into by parties hereto, or any previously agreed to amendments thereof, the terms of this Amendment shall be controlling. This Amendment is made this day of , 2016, between the New York State Department of Motor Vehicles , 6 Empire State Plaza, Contract Administration, Room 224 Albany, New York 12228 (hereinafter referred to as the "Department" or "DMV"), and MorphoTrust USA, Inc., 296 Concord Road, Suite 300, Billerica, MA O1821 (hereinafter referred to as the "Contractor"). This Amendment is subject to and shall become effective upon execution by the New York State Office of the State Comptroller ("OSC ") . DMV and Contractor shall collectively be referred to herein as the "Parties". The Parties previou sly entered into a Contract for the maintenance and suppoti for DMV's Facial Recognition System (FRS), referenced as State Contract No. C000820 (the "Contract"), which was executed by OSC on December 2, 2014. For the purposes of this Amendment # 1, New York, New Jersey and Connecticut are hereinafter referred to as the "Jurisdictions" referred to therein. The Parties agree to amend Contract No. C000820, as follows: 1. Multi-State Commercial Driver's License (CDL) Facial Recognition Screening Project: The Contractor will provide the goods and services as outlined in the Contractor's "Multi-State Commercial Driver's License (CDL) Facial Recognition Screening Project" proposal dated February 11, 2016 (Contractor's Proposal) , which is incorporated herein by reference. In the event of any conflict between the tenns of this Amendment and those contained in the Contractor's Proposal, the terms of this Amendment shall be controlling. (A) Payments made to the Contractor Four (4) milestone payments will be paid to the Contractor, upon DMV 's written acceptance of the work completed as specified in the Milestone and upon the Contractor submitting a complete invoice to DMV for such confonning deliverable. The milestones are outlined as follows: 1. Milestone # 1: Upon the Contractor's successful completion and DMV's written acceptance of: one (1) project management plan, one ( l) project schedule, one (1) functional specification document, and one (1) network/architecture/platform specification document , DMV will pay the Contractor Fifty Thousand Dollars ($50,000.00), per jurisdiction , for a total of One-Hundred Fifty Thousand Dollars ($150,000.00). 2. Milestone #2: Upon the Contractor's successful completion and DMV's written acceptance of: three (3) interface control documents (one (1) for each jurisdiction), and three (3) jurisdictionspecific configuration guides (one ( 1) for each jurisdiction), DMV will pay the Contractor OneHundred Thousand Dollars ($100 ,000.00), per jurisdiction, for a total of Three-Hundred Thousand Dollars ($300,000.00) . 3. Milestone #3: Upon .the Contractor's successful completion and DMV's written acceptance of: three (3) Interstate CDL screening communications manager licenses (one (1) for each New York DMV 110350 GULaw Privacy FR C000820 23000 jurisdiction), and three (3) Interstate facial recognition screening and investigations licenses ( one ( 1) for each jurisdiction), OMV will pay the Contractor Three-hundred Fifty Thousand Dollars ($350,000.00) , per jurisdiction, for a total of One Million Fifty Thousand Dollars ($1,050,000.00). 4. Milestone #4: Upon the Contractor's successful completion and DMV's written acceptance of: three (3) on-site trainings (one (1) for each jurisdiction), and tlu·ee (3) End User documents (one ( l) for each jurisdiction) , OMV will pay the Contractor Two-Hundred Thousand Dollars ($200 ,000.00), per jurisdiction, for a total of Six-Hundred Thousand Dollars ($600,000.00). Upon DMV's acceptance of Milestone #4, the Contractor will provide one (1) year of maintenance for each jurisdiction for the CDL screening communications manager, and one (I) year of maintenance for each jurisdiction for the interstate facial recognition investigations. In New York only, the maintenance of COL Screening Communications manager and interstate facial recognition investigations will extend for one (l) year or until the expiration of Contract No. C000820, whichever is later. 5. Should OMV elect to extend Contract C000820 for one ( l) additional one-year tenn, as provided for in Section 1.1 of the Contract, OMV may choose to purchase one ( l) year of maintenance for the COL screening communications manager plus one (I) year of maintenance for interstate facial recognition for Sixty-Eight Thousand Dollars ($68,000.00). (B) Not To Exceed Pricing: The total amount to be paid by OMV to the Contractor for all goods and services to be provided to all three jurisdictions hereunder shall not exceed the sum of Two-Million One-Hundred Thousand Dollars ($2,100,000.00), excepting the additional year of maintenance provided for under Section 1.A.5 of this Amendment. The cost for all goods and services provided per jurisdiction hereunder shall not exceed the sum of Seven-Hundred Thousand Dollars ($700 ,000.00), excepting the additional year of maintenance provided for under Section l .A.5 of this Amendment. 2. Maryland Participation: The Contractor will provide the goods and services outlined in Appendix-I "Maryland Participation Proposal" of the Contractor's Proposal. The Contractor will invoice Maryland directly for the deliverables associated with this proposal. Additionally , the Maryland servers will be hosted by the Contractor. 3. Agreements Between Jurisdictions Contractor acknowledges and understands that the provision of goods and services provided for herein to the jurisdictions shall be dependent upon full execution of implementing agreements between OMV and such jurisdictions. 4. Payment Terms: Contractor will provide OMV with a detailed invoice for each Milestone, by Jurisdiction. The State's preferred method for the submission of invoices is by e-mail, sent to the BSC at: AccountsPayable@ogs.ny.gov. • PLEASE NOTE: Do not send a paper copy in addition to the electronic invoice. As an alternate method for submitting invoices , Contractor may mail hard copy invoices to the BSC at the following address: Department of Motor Vehicles 2 New York DMV 110351 GULaw Privacy FR C000820 23000 Unit ID: 3700321 c/o NYS OGS Business Service Center Building 5, 5th Floor 1220 Washington Ave. Albany, NY 12226-1900 5. Appendix-A - "Standard Clauses for New York State Contracts: Contractor shall comply with and be bound by the provisions of Appendix-A, "Standard Clauses for New York State Contracts". 6. Summary of Policy and Prohibitions on Procurement Lobbying: In order to facilitate transparency in the procurement process, and pursuant to NYS Procurement Lobbying Law (State Finance Law §§ 139-j and 139-k), this solicitation imposes certain restrictions on communications between DMV and an Offerer /Bidder made during the procurement process. An Offerer/Bidder is restricted to communicating with designated DMV staff ("designated contacts"), during the portion of the procurement process known as the "restricted period ". The restricted period runs from DMV 's earliest notice of its intent to solicit offers, through award of the Procurement Contract by DMV, and where applicable, the final approval of the Contract by the NYS Office of State Comptroller. Certain statutory exceptions are provided for in State Finance Law§ 139-j(3)(a) . When contacted during the restricted period , DMV staff members are required to document infonnation , about the communication. DMV must also make a detennination of the "responsibility" of the Offerer/Bidd er. Certain findings of nonresponsibility can result in rejection of the Offerer /Bidder for contract award. In the event of two findings of non-responsibility made within a 4-year period , the Offerer /Bidder may be debarred from obtaining govenunental Procurement Contracts. Further infonnation about the NYS Procurement Lobbying Law can be obtained from the Office of General Services Website, at: http://www.o gs.state.n y. us/ aboutO gs/regulations / defaul tAd visoryCouncil. html. DMV's Policy and Procedures concerning compliance with NYS Procurement Lobbying Law 1s attached hereto as Appendix-B. Bidders must complete and submit Appendix B-1 with their bid. 7. Vendor Responsibility: Prior to awarding a contract, DMV must evaluate infonnation provided in the Vendor Responsibility Questionnaire which must be completed by each bidder. Bidders are invited to file the required Vendor Responsibility Questionnaire online, via the New York State VendRep System. Bidders may elect to submit a completed hard-copy questionnaire , in lieu of using this electronic fo1mat. To enroll in and use the New York State VendRep System, bidders should refer to the VendRep System Instructions available at www.osc .state.ny.us /vendrep. or they may access the VendRep System online , at https ://portal.osc.state.ny.us. For assistance using the VendRep System, bidders may contact the OSC Help Desk at 866-370-4672 or 518-408-4672 , or by email at helpdesk@osc.state.ny.us. Bidders electing to file a hard-copy questionnaire can obtain the questionnaire form at the VendRep website (www.osc .state.ny.us /vendrep) , or they may contact DMV or the Office of the State Comptroller to obtain a copy. 3 New York DMV 110352 GULaw Privacy FR C000820 23000 DMV reserves the right to verify all infonnation provided by the bidder to whom an award of contract is made. DMV reserves the right to disqualify a Bidder /Contractor as "not- responsible", in the event that the Bidder /Contractor has intentionally provided false or incomplete infonnation, or has intentionally failed to disclose pertinent information. DMV reserves the right to make continuing responsibility detenninations at any time during the tenn of the Contract. The Contractor shall at all times during the Contract tenn remain responsible. The Contractor agrees, if requested by the Commissioner or his or her designee, to present evidence of its continuing legal authority to do business in New York State, integrity , experience , ability, prior perfonnance, and organizational and financial capacity. Suspension of Work (for Non-Responsibility): The Commissioner or his or her designee, in his or her sole discretion, reserves the right to suspend any or all activities under this Contract, at any time, when he or she discovers information that calls into question the responsibility of the Contractor. In the event of such suspension , the Contractor will be given written notice outlining the particulars of such suspension. Upon issuance of such notice, the Contractor must comply with the tenns of the suspension order. Contract activity may resume at such time as Commissioner or his or her designee issues a written notice authorizing the resumption of perfonnance under the Contract. Termination (for Non-Responsibility): Upon written notice to the Contractor, and a reasonable opportunity to be heard with appropriate DMV officials or staff, the Contract may be tenninated by Commissioner or his or her designee at the Contractor's expense where the Contractor is detennined by Commissioner or his or her designee to be non-responsible. In such event, Commissioner or his or her designee may complete the contractual requirements in any manner he or she may deem advisable and pursue available legal or equitable remedies for breach. 8. All Other Terms: All other tenns of the original Contract as heretofore amended shall remain unchanged and in full force and effect, excepting those that are in conflict with the tenns of this Amendment. 4 New York DMV 110353 GULaw Privacy FR C000820 23000 IN WITNESS WHEREOF, the Parties hereto have executed this Amendment to the Contract by their duly authori zed officers or officials. MORPHOTRUST USA, INC. NYS DEPARTMENT OF MOTOR VEHICLES By, rM E)izabethCoalts Contract Manag er NYS Dept. of MotorVehicl es (Please Sign Here) (Please Print Nam e) (Please Print Name) tGO Cp,I~ ~i Date : DiP 1--1 I I UJli;J Date: / (mml dd/yyyy) Affin Corpo:ate Seal Here: [ '-5 I I (,nm/dd/yyyy) OFFICE OF NYS ATTORNEY GENERAL B½ l(o OFFICE OF NYS COMPTROLLER B½ (Please Sign Here) (Pl ease Print Name) (Plea Prin Name) AUG11 2016 (Title) FO ~ -- ------ STATECOMPTR OLLER I (mm/dd/yyyy) -- Notarization of Contractor's Signature: STATE OF MtuS'c«.~ f •I . n, I COUNTY OF YY'vl dCl u t"-'Y ) )SS.: ) came i£oBE£r~('$..-l__, ' to me known who being duly sworn, did depose and say that he resides in ANvOVE'..<... that he is the C~D ofMORPHOTRUST USA, INC ., the corporation d'escribed in and which executed the foregoing instrument; that he knew the seal of said corporation; that the seal affixed to said instrument was such corporate seal; that it was so affixed by the order of the Board of Directo s of said corporation, and that he signed his name thereto by like orsfer. On this 2..1 --------~- day of MA 0 it/'£ , 20-42,before me personally ; 5 New York DMV 110354 GULaw Privacy FR C000820 23000 II APPENDIX-A: STANDARD CLAUSES FOR NEW YORK STATE CONTRACTS (January 2014) TABLE OF CONTENTS I. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 2 1. 22 . 23. 24. 25. 26. Executory Clause Non-Ass ig nment Clause Comptroll er's Approval Workers' Com pensation Benefits Non-Discrimination Requir ements Wage and Hours Provisions Non-Collusive Bidding Ce rtification International Boycott Prohibition Set-Off Rights Records Identifying Informati on and Priva cy Notification Equal Employment Opportunities for Minoritie s and Women Con flicting Tenns Governing Law Late Payment No Arbitration Service of Process Prohibition on Purchase of Tropical Hard woods MacBr ide Fair Employment Principles Omnibus Procurement Act of 1992 Reciprocity and Sanctions Provisions Complian ce with New York State Inform ation Security Breach and Notification Ac t Complian ce with Consultant Disclosure Law Procureme nt Lobbying Certifica tion of Registration to Co llect Sales and Comp ensati ng Use Tax by Certain State Contractor s, Affiliates and Subcontra ctors Iran Divestment Act ST AND ARD CLAUSES FOR NYS CONTRACTS The parti es to the attached contract , license , lease , amendment or other agreement of any kind (hereinafter, "the contract" or "this contract") agree to be bound by the following clauses which are hereby made a part of the contract (the word "Contractor" herein refer s to any party other than the State, whether a contractor, licenser , licensee, lessor, les see or any other party): 1. EXECUTORY CLAUSE. In accordance with Section 41 of the State Finance Law, the State shall hav e no liability under this contract to the Contractor or to anyone else beyond funds appropriated and available for thi s contract. 2. NON-ASSIGNMENT CLAUSE . In accordance with Section 138 of the State Finance Law, this contract may not be assigned by the Contractor or its right, title or interest therein assigned, transfe1Ted,conveyed, sublet or otherwise disposed of without the State's previous written consent, and attempts to do so are null and void. Notwith standing the foregoing, such prior written consent of an ass ignment of a contract let pursuant to Article XI of the State Finance Law may be waived at the discretion of the contracting agency and with the concurrence of the State Comptroller where the original contract was subject to the State Comptroller's approval , where the assigmnent is due to a reorgani zation, merger or consolidation of the Contractor's busine ss entity or enterprise. The State retains its right to approve an assigmnent and to require that any Contractor demonstrate its responsibility to do business with the State. The Contractor may , howev er, assign its right to receive payment s 6 New York DMV 110355 GULaw Privacy FR C000820 23000 without the State's prior written consent unless this contract concerns Certificates of Participation pursuant to Article 5-A of the State Finance Law. 3. COMPTROLLER'S APPROVAL. In accordance with Section 112 of the State Finance Law (or, if this contract is with the State University or City University of New York, Section 355 or Section 6218 of the Education Law), if this contract exceeds $50,000 (or the minimum thresholds agreed to by the Office of the State Comptroller for certain S.U.N .Y. and C.U.N.Y. contracts), or if this is an amendment for any amount to a contract which, as so amended, exceeds said statutory amount , or if, by this contract, the State agrees to give something other than money when the value or reasonably estimated value of such consideration exceeds $10,000, it shall not be valid, effective or binding upon the State until it has been approved by the State Comptroller and filed in his office. Comptroller's approval of contracts let by the Office of General Services is required when such contracts exceed $85,000 (State Finance Law Section 163.6-a). However, such pre-approval shall not be required for any contract established as a centralized contract through the Office of General Services or for a purchase order or other transaction issued under such centralized contract. 4. WORKERS' COMPENSATION BENEFITS. In accordance with Section 142 of the State Finance Law, this contract shall be void and of no force and effect unless the Contractor shall provide and maintain coverage during the life of this contract for the benefit of such employees as are required to be covered by the provisions of the Workers' Compensation Law. 5. NON-DISCRIMINATION REQUIREMENTS. To the extent required by Article 15 of the Executive Law (also known as the Human Rights Law) and all other State and Federal statutory and constitutional nondiscrimination provisions , the Contractor will not discriminate against any employee or applicant for employment because of race, creed, color, sex (including gender identity or expression), national origin , sexual orientation, military status, age, disability , predisposing genetic characteristics, marital status or domestic violence victim status. Furthennore, in accordance with Section 220-e of the Labor Law, if this is a contract for the construction, alteration or repair of any public building or public work or for the manufacture , sale or distribution of materials, equipment or supplies , and to the extent that this contract shall be perfonned within the State of New York, Contractor agrees that neither it nor its subcontractors shall , by reason of race, creed , color, disability , sex, or national origin: (a) discriminate in hiring against any New York State citizen who is qualified and available to perfonn the work; or (b) discriminate against or intimidate any employee hired for the performance of work under this contract. If this is a building service contract as defined in Section 230 of the Labor Law, then, in accordance with Section 239 thereof , Contractor agrees that neither it nor its subcontractors shall by reason ofrace, creed , color , national origin , age, sex or disability : (a) discriminate in hiring against any New York State citizen who is qualified and available to perfonn the work; or (b) discriminate against or intimidate any employee hired for the performance of work under this contract. Contractor is subject to fines of $50.00 per person per day for any violation of Section 220-e or Section 239 as well as possible tennination of this contract and forfeiture of all moneys due hereunder for a second or subsequent violation . 6. WAGE AND HOURS PROVISIONS. If this is a public work contract covered by Article 8 of the Labor Law or a building service contract covered by Article 9 thereof , neither Contractor's employees nor the employees of its subcontractors may be required or pennitted to work more than the number of hours or days stated in said statutes, except as otherwise provided in the Labor Law and as set forth in prevailing wage and supplement schedules issued by the State Labor Department. Furthennore, Contractor and its subcontractors must pay at least the prevailing wage rate and pay or provide the prevailing supplements, including the premium rates for overtime pay, as determined by the State Labor Department in accordance with the Labor Law . Additionally, effective April 28, 2008, if this is a public work contract covered by Article 8 of the Labor Law, the Contractor understands and agrees that the filing of payrolls in a manner consistent with Subdivision 3-a of 7 New York DMV 110356 GULaw Privacy FR C000820 23000 Section 220 of the Labor Law shall be a condition precedent to payment by the State of any State approved sums due and owing for work done upon the project. 7. NON-COLLUSIVE BIDDING CERTIFICATION. In accordance with Section 139-d of the State Finance Law, if this contract was awarded based upon the submission of bids, Contractor affirms, under penalty of perjury, that its bid was arrived at independently and without collusion aimed at restricting competition. Contractor further affinns that, at the time Contractor submitted its bid, an authori zed and responsible person executed and delivered to the State a non- collusive bidding certification on Contractor's behalf. 8. INTERNATIONAL BOYCOTT PROHIBITION. In accordance with Section 220-f of the Labor Law and Section 139-h of the State Finance Law, if this contract exceeds $5,000, the Contractor agrees, as a material condition of the contract, that neither the Contractor nor any substantially owned or affiliated person, finn , partnership or corporation has participated, is pa11icipating, or shall participate in an international boycott in violation of the federal Export Administration Act of 1979 (50 USC App. Sections 2401 et seq.) or regulations thereunder. If such Contractor, or any of the aforesaid affiliates of Contractor , is convicted or is otherwise found to have violated said laws or regulations upon the final detennination of the United States Commerce Department or any other appropriate agency of the United States subsequent to the contract's execution, such contract, amendment or modification thereto shall be rendered forfeit and void. The Contractor shall so notify the State Comptroller within five (5) business days of such conviction, detennination or disposition of appeal (2NYCRR 105.4). 9. SET-OFF RIGHTS. The State shall have all of its common law, equitable and statutory rights of set-off. These rights shall include, but not be limited to, the State's option to withhold for the purposes of set-off any moneys due to the Contractor under this contract up to any amounts due and owing to the State with regard to this contract, any other contract with any State department or agency, including any contract for a tenn commencing prior to the term of this contract, plus any amounts due and owing to the State for any other reason including, without limitation , tax delinquencies, fee delinquencies or monetary penalties relative thereto. The State shall exercise its set-off rights in accordance with nonnal State practices including, in cases of set-off pursuant to an audit, the finali zation of such audit by the State agency, its representatives, or the State Comptroller. 10. RECORDS. The Contractor shall establish and maintain complete and accurate books, records, documents, accounts and other evidence directly pertinent to perfonnance under this contract (hereinafter, collectively, "the Records"). The Records must be kept for the balance of the calendar year in which they were made and for six (6) additional years thereafter. The State Comptroller, the Attorney General and any other person or entity authorized to conduct an examination, as well as the agency or agencies involved in this contract, shall have access to the Records during n01mal business hours at an office of the Contractor within the State of New York or, if no such office is available, at a mutually agreeable and reasonable venue within the State, for the tenn specified above for the purposes of inspection, auditing and copying. The State shall take reasonable steps to protect from public disclosure any of the Records which are exempt from disclosure under Section 87 of the Public Officers Law (the "Statute") provided that: (i) the Contractor shall timely infonn an appropriate State official, in writing, that said records should not be disclosed; and (ii) said records shall be sufficiently identified; and (iii) designation of said records as exempt under the Statute is reasonable. Nothing contained herein shall diminish, or in any way adversely affect, the State's right to discovery in any pending or future litigation. 11. IDENTIFYING INFORMATION AND PRIVACY NOTIFICATION. (a) Identification Number(s). Every invoice or New York State Claim for Payment submitted to a New York State agency by a payee, for payment for the sale of goods or services or for transactions ( e.g., leases, easements, licenses, etc.) related to 8 New York DMV 110357 GULaw Privacy FR C000820 23000 real or personal prope11y must include the payee's identification number. The number is any or all of the following: (i) the payee's Federal employer identification number , (ii) the payee 's Federal social security number, and/o r (iii) the payee's Vendor Identification Number assigned by the Statewide Financial System. Failure to include such number or numbers may delay payment. Where the payee does not have such number or numbers, the payee, on its invoice or Claim for Payment , must give the reason or reasons why the payee does not have such number or numbers. (b) Privacy Notification. (I) The authority to request the above personal infonnation from a seller of goods or services or a lessor of real or personal property, and the authority to maintain such infonnation , is found in Section 5 of the State Tax Law. Disclosure of this infonnation by the seller or lessor to the State is mandatory. The principal purpose for which the infonnation is collected is to enable the State to identify individuals, businesses and others who have been delinquent in filing tax returns or may have understated their tax liabilities and to generally identify persons affected by the taxes administered by the Commissioner of Taxation and Finance. The information will be used for tax administration purposes and for any other purpose authorized by law. (2) The personal information is requested by the purchasing unit of the agency contracting to purchase the goods or services or lease the real or personal prope11y covered by this contract or lease. The information is maintained in the Statewide Financial System by the Vendor Management Unit within the Bureau of State Expenditures, Office of the State Comptroller, 110 State Street, Albany , New York 12236. 12. EQUAL EMPLOYMENT OPPORTUNITIES FOR MINORITIES AND WOMEN. In accordance with Section 312 of the Executive Law and 5 NYCRR 143, if this contract is: (i) a written agreement or purchase order instrument , providing for a total expenditure in excess of $25,000.00 whereby a contracting agency is committed to expend or does expend funds in return for labor, services, supplies, equipment, materials or any combination of the foregoing, to be performed for, or rendered or furnished to the contracting agency; or (ii) a written agreement in excess of $100,000.00 whereby a contracting agency is committed to expend or does expend funds for the acquisition, construction , demolition, replacement , major repair or renovation of real property and improvements thereon; or (iii) a written agreement in excess of $100,000.00 whereby the owner of a State assisted housing project is committed to expend or does expend funds for the acquisition, construction, demolition , replacement, major repair or renovation of real property and improvements thereon for such project, then the following shall apply and by signing this agreement the Contractor certifies and affirms that it is Contractor's equal employment opportunity policy that: (a) The Contractor will not discriminate against employees or applicants for employment because of race, creed , color, national origin, sex, age, disability or marital status, shall make and document its conscientious and active efforts to employ and utilize minority group members and women in its work force on State contracts and will undertake or continue existing programs of affirmative action to ensure that minority group members and women are afforded equal employment opportunities without discrimination. Affirmative action shall mean recruitment , employment, job assignment, promotion, upgradings, demotion , transfer, layoff, or termination and rates of pay or other fonns of compensation; (b) at the request of the contracting agency, the Contractor shall request each employment agency, labor union, or authorized representative of workers with which it has a collective bargaining or other agreement or understanding, to furnish a written statement that such employment agency, labor union or representative will not discriminate on the basis of race, creed, color, national origin, sex, age, disability or marital status and that such union or representative will affirmatively cooperate in the implementation of the Contractor's obligations herein; and ( c) the Contractor shall state, in all solicitations or advertisements for employees, that, in the performance of the State contract, all qualified applicants will be afforded equal employment opportunities without discrimination because of race, creed, color, national origin, sex, age , disability or marital status. 9 New York DMV 110358 GULaw Privacy FR C000820 23000 Contractor will include the provisions of "a", "b", and "c" above, in every subcontract over $25,000.00 for the construction, demolition , replacement, major repair, renovation, planning or design of real property and improvements thereon (the "Work") except where the Work is for the beneficial use of the Contractor. Section 312 does not apply to: (i) work, goods or services unrelated to this contract; or (ii) employment outside New York State. The State shall consider compliance by a contractor or subcontractor with the requirements of any federal law concerning equal employment opportunity which effectuates the purpose of this section. The contracting agency shall detennine whether the imposition of the requirements of the provisions hereof duplicate or conflict with any such federal law and if such duplication or conflict exists , the contracting agency shall waive the applicability of Section 312 to the extent of such duplication or conflict. Contractor will comply with all duly promulgated and lawful rules and regulations of the Department of Economic Development's Division of Minority and Women's Business Development pe1iaining hereto. 13. CONFLICTING TERMS. In the event of a conflict between the tenns of the contract (including any and all attachments thereto and amendments thereof) and the tenns of this Appendix A, the terms of this Appendix A shall control. 14. GOVERNING LAW. This contract shall be governed by the laws of the State of New York except where the Federal supremacy clause requires otherwise. 15. LATE PAYMENT. Timeliness of payment and any interest to be paid to Contractor for late payment shall be governed by Article 11-A of the State Finance Law to the extent required by law. 16. NO ARBITRATION. Disputes involving this contract, including the breach or alleged breach thereof, may not be submitted to binding arbitration (except where statutorily authorized), but must, instead, be heard in a court of competent jurisdiction of the State of New York. 17. SERVICE OF PROCESS. In addition to the methods of service allowed by the State Civil Practice Law & Rules ("CPLR"), Contractor hereby consents to service of process upon it by registered or certified mail, return receipt requested. Service hereunder shall be complete upon Contractor's actual receipt of process or upon the State's receipt of the return thereof by the United States Postal Service as refused or undeliverable. Contractor must promptly notify the State, in writing, of each and every change of address to which service of process can be made. Service by the State to the last known address shall be sufficient. Contractor will have thirty (30) calendar days after service hereunder is complete in which to respond. 18. PROHIBITION ON PURCHASE OF TROPICAL HARDWOODS. The Contractor certifies and warrants that all wood products to be used under this contract award will be in accordance with, but not limited to, the specifications and provisions of Section 165 of the State Finance Law, (Use of Tropical Hardwoods) which prohibits purchase and use of tropical hardwoods, unless specifically exempted , by the State or any governmental agency or political subdivision or public benefit corporation. Qualification for an exemption under this law will be the responsibility of the contractor to establish to meet with the approval of the State. In addition, when any portion of this contract involving the use of woods, whether supply or installation, is to be perfonned by any subcontractor , the prime Contractor will indicate and certify in the submitted bid proposal that the subcontractor has been infonned and is in compliance with specifications and provisions regarding use of tropical hardwoods as detailed in § 165 State Finance Law. Any such use must meet with the approval of the State; otherwise, the bid may not be considered responsive . Under bidder certifications, proof of qualification for exemption will be the responsibility of the Contractor to meet with the approval of the State. 10 New York DMV 110359 GULaw Privacy FR C000820 23000 19. MACBRIDE FAIR EMPLOYMENT PRINCIPLES. In accordance with the MacBride Fair Employment Principles (Chapter 807 of the Laws of 1992), the Contractor hereby stipulates that the Contractor either (a) has no business operations in Northern Ireland, or (b) shall take lawful steps in good faith to conduct any business operations in Northern Ireland in accordance with the MacBride Fair Employment Principles (as described in Section 165 of the New York State Finance Law), and shall permit independent monitoring of compliance with such principles. 20. OMNIBUS PROCUREMENT ACT OF 1992. It is the policy of New York State to max1m1ze opportunities for the participation of New York State business enterprises, including minority and womenowned business enterprises as bidders , subcontractors and suppliers on its procurement contracts. Infonnation on the availability of New York State subcontractors and suppliers is available from : NYS Department of Economic Development Division for Small Business Albany, New York 12245 Telephone: 518-292-5100 Fax: 518-292-5884 Email: opa@ esd.ny.gov A directory of ce1iified minority and women-owned business enterprises is available from: NYS Department of Economic Development Division of Minority and Women's Business Development 633 Third A venue New York, NY 10017 212-803-2414 Email: mwbecertification @esd .ny.gov https: //ny.newnycontracts.com / FrontEnd /VendorSearchPub lic.asp The Omnibus Procurement Act of 1992 requires that by signing this bid proposal or contract, as applicable, Contractors certify that whenever the total bid amount is greater than $1 million: (a) The Contractor has made reasonable efforts to encourage the participation of New York State Business Enterprises as suppliers and subcontractors, including certified minority and women-owned business enterprises, on this project, and has retained the documentation of these efforts to be provided upon request to the State; (b) The Contractor has complied with the Federal Equal Opportunity Act of 1972 (P .L. 92-261), as amended; (c) The Contractor agrees to make reasonable efforts to provide notification to New York State residents of employment opportunities on this project through listing any such positions with the Job Service Division of the New York State Department of Labor, or providing such notification in such manner as is consistent with existing collective bargaining contracts or agreements. The Contractor agrees to document these effo1is and to provide said documentation to the State upon request; and (d) The Contractor acknowledges notice that the State may seek to obtain offset credits from foreign countries as a result of this contract and agrees to cooperate with the State in these efforts. 11 New York DMV 110360 GULaw Privacy FR C000820 23000 21. RECIPROCITY AND SANCTIONS PROVISIONS. Bidders are hereby notified that if their principal place of business is located in a country, nation , province, state or politic al subdivision that penalizes New York State vendors, and if the goods or services they offer will be substantially produced or perfonned outside New York State, the Omnibus Procurement Act 1994 and 2000 amendments (Chapter 684 and Chapter 383, respectively) require that they be denied contracts which they would otherwise obtain. NOTE : As of May 15, 2002, the list of discriminatory jurisdictions subject to this provision includes the states of South Carolina, Alaska, West Virginia, Wyoming , Louisiana and Hawaii. Contact NYS Department of Economic Development for a cu1Tentlist of jurisdictions subject to this provision. 22. COMPLIANCE WITH NEW YORK STATE INFORMATION SECURITY BREACH AND NOTIFICATION ACT. Contractor shall comply with the provisions of the New York State Infonnation Security Breach and Notification Act (General Business Law Section 899-aa; State Technology Law Section 208). 23. COMPLIANCE WITH CONSULTANT DISCLOSURE LAW. If this is a contract for consulting services, defined for purposes of this requirement to include analysis, evaluation, research , training, data processing, computer programming, engineering, environmental, health, and mental health services, accounting , auditing , paralegal , legal or similar services, then , in accordance with Section 163 (4-g) of the State Finance Law (as amended by Chapter 10 of the Laws of 2006), the Contractor shall timely, accurately and properly comply with the requirement to submit an annual employment repo1i for the contract to the agency that awarded the contract, the Department of Civil Service and the State Comptroller. 24. PROCUREMENT LOBBYING. To the extent this agreement is a "procurement contract" as defined by State Finance Law Sections 139-j and 139-k, by signing this agreement the contractor certifies and affirms that all disclosures made in accordance with State Finance Law Sections 139-j and 139-k are complete, true and accurate. In the event such certification is found to be intentionally false or intentionally incomplete, the State may tenninate the agreement by providing written notification to the Contractor in accordance with the terms of the agreement. 25. CERTIFICATION OF REGISTRATION TO COLLECT SALES AND COMPENSATING USE TAX BY CERTAIN STATE CONTRACTORS, AFFILIATES AND SUBCONTRACTORS. To the extent this agreement is a contract as defined by Tax Law Section 5-a, if the contractor fails to make the certification required by Tax Law Section 5-a or if during the tenn of the contract, the Department of Taxation and Finance or the covered agency, as defined by Tax Law 5-a, discovers that the certification, made under penalty of perjury , is false, then such failure to file or false ce1iification shall be a material breach of this contract and this contract may be tenninated , by providing written notification to the Contractor in accordance with the tenns of the agreement, if the covered agency detennine s that such action is in the best interest of the State. 26. IRAN DIVESTMENT ACT. By entering into this Agreement , Contractor certifies in accordance with State Finance Law § 165-a that it is not on the "Entities Detennined to be Non-Responsive Bidders /O fferers pursuant to the New York State Iran Divestment Act of 2012" ("Prohibited Entities List") posted at: http:// www.o gs.n y.gov/ about/regs / docs/ListofEnti ties. pdf Contractor further certifies that it will not utili ze on this Contract any subcontractor that is identified on the Prohibited Entities List. Contractor agrees that should it seek to renew or extend this Contract, it must provide the same certification at the time the Contract is renewed or extended. Contractor also agrees that any proposed Assignee of this Contract will be required to ce1iify that it is not on the Prohibited Entities List before the contract assignment will be approved by the State . 12 New York DMV 110361 GULaw Privacy FR C000820 23000 During the tenn of the Contract, should the state agency receive info1mation that a person (as defined in State Finance Law § 165-a) is in violation of the above-referenced certifications, the state agency will review such information and offer the person an opportunity to respond. If the person fails to demonstrate that it has ceased its engagement in the investment activity which is in violation of the Act within 90 days after the detennination of such violation , then the state agency shall take such action as may be appropriate and provided for by law, rule , or contract, including , but not limit ed to, imposing sanctions, seeking compliance, recovering damages , or declaring the Contractor in default. The state agency reserves the right to reject any bid, request for assignment, renewal or extension for an entity that appears on the Prohibited Entities List prior to the award , assignment, renewal or extension of a contract , and to pursue a responsibility review with respect to any entity that is awarded a contract and appears on the Prohibited Entities list after contract award . 13 New York DMV 110362 GULaw Privacy FR C000820 23000 APPENDIX-B: STATE OF NEW YORK PROCUREMENT LOBBYING POLICY AND PROCEDURES Revised March 2012 I. Policy: 1 It is the policy of DMV to comply with the provisions of State Finance Law §§ 139-j and 139-k, and related guidance offered by the Advisory Council on Procurement Lobbying and the Office of the State Comptroller. 2 II. Procedure:3 The procedure set forth hereafter applies to "Governmental Procurements" let by DMV. III. Definitions : Capitali zed te1ms used but not defined herein shall have the meaning ascribed to them in State Finance Law §§139-j and 139-k. For the purpose of this procurement, the terms "Contact" and "Designated Contact" are ascribed the following meanings: "Contact" as used herein is defined as ( 1) any oral, written or electronic communication that is (2) made by the Bidder, or a person acting on behalf of the Bidder, (3) to an employee of DMV or of a Governmental Agency other than the OMV , (4) concerning the related Governmental Procurement , (5) where such communication is made during the "Restricted Period"; and (6) where a reasonable person would infer that such communication was made by the bidder with the intention of improperly influencing the related Governmental Procurement [e.g., any violation of Public Officers Law §73(5) (offer of a gift of $75 or more), or §74 (code of ethics for public officers and employees)]. The term "Contact" does not include permissible communications such as (1) submission of a written proposal 4, (2) submission of written questions5, (3) participation in a bidders' conference 6, (4) complaints 7, (5) contract negotiations subsequent to notice of a tentative award of contract 8, (6) review of contract award 9, and (7) protests, appeals or other review proceedings 10; (8) a communication described in Legislative Law §1-t(e) which is (a) made by a bidder or subcontractor to a bidder qualified by education, training or experience to provide technical services to explain, clarify or demonstrate the qualities, characteristics or advantages of an aiiicle of procurement, who (b) provides information to a Designated Contact to assist the Designated Contact in understanding and assessing the qualities, characteristics or anticipated perfonnance of such article of procurement and (c) who does not recommend or advocate contract provisions 11; or a communication by which the bidder seeks generally available infonnation, including clarification and interpretation, with respect to the solicitation documents or the Governmental Procurement process, including the status or timing of steps in the process 12. 1 139-j (2) 139-j (5) 3 139-j (I) ; 139-k (I) 4 139-j (3)(a)(l) 5 139-j (3)(a)(2) 6 139-j (3)(a)(3) 7 139-j (3)(a)(4) 8 139-j (3)(a)(5) 9 I 39-j (3)(a)(6) 0 ' 139-j (3)(a)(7) 11 139-j (I) , (3); 139-k (I) 12 139-j (3) 2 14 New York DMV 110363 GULaw Privacy FR C000820 23000 "Designated Contact" as used herein is defined as one or more employees of DMV identified in the solicitation for the related Governmental Procurement, or thereafter designated by the DMV's Contract Manager 13 . IV. Solicitations: DMV will include the following in every written solicitation for a Procurement Contract 14: ( l) The name of each Designated Contact person, and a statement which substantially complies with in the following form: "Prior to approval by DMV, or, if applicable, the Office of the State Comptroller, of the contract for which this solicitation has been issued, bidders must direct all communications concerning this solicitation to the person(s) identified as "Designated Contact(s)" 15; (2) A summary of DMV' s policy and procedures regarding "contacts"; (3) A form (See, Appendix B-1, attached) to be submitted by bidders, upon which each bidder affinns in writing (a) its understanding of DMY's procurement lobbying policy and procedures; and (b) that it will comply with such policy and procedures; and (c) discloses whether it has been detennined to be "non-responsible" within the previous four (4) years for violating State Finance Law § l 39-j16, or for having intentionally provided 17 false or incomplete information to a Governmental Entity concerning its compliance with State Finance Law §139-j; and (d) certifies that the bidder has provided accurate and complete info1mation concerning the bidder's compliance with State Finance Law §§139-j and 139-k within the previous four years 18. V. Contracts: Each Procurement Contract will contain the following statement, substantially in the following fonn: "DMV reserves the right to tenninate this contract in the event that it is determined that the certification filed by the Contractor in accordance with State Finance Law § § 139-j and 139-k was intentionally false or intentionally 19 incomplete • Upon such determination, DMV may terminate this Contract by providing written notification to the Contractor, without incurring liability on the pati of DMV or the State for breach of contract." 20 VI. Records of Contacts: 21 In the event that DMV employees who are not Designated Contacts are contacted by bidders, or persons acting on the Bidder's behalf, during the restricted period, the employee will make a record of such Contact and will provide such record to the DMV's Contract Administrator. DMV employees who become aware of impermissible contacts made to another Governmental Entity concerning this procurement will also make and provide records of any such contacts to Contract Administration. The DMV employee may make one (1) record covering multiple Contacts that are made by the same person within a period of five (5) business days. DMV will make all records of Contacts pmi of the procurement record 22 . Contracts Administration will promptly provide records of impennissible Contacts to DMV's Office of the Deputy Commissioner and Counsel for review. 13 I 39-j (I) , (2); 139-k (I) 139-j (2); 139-k (2) 15 139-j (6) 16 139-k (2) 11 Id. is Id. 19 139-j (I O(b); 139-k (5) 20 Id. 21 139-j (8), (IO)(b) ; 139-k (4) 22 Id. 14 15 New York DMV 110364 GULaw Privacy FR C000820 23000 VII. Review and Investigation: 23 Upon receipt of a record of an impennissible Contact, the Deputy Commissioner and Counsel or her or his designee ("Reviewer") will review and investigate, within fifteen ( 15) days from receipt of such infonnation 24 . The Reviewer will notify the Bidder that an investigation is ongoing; give notice of the allegations of misconduct ; and give the Bidder an opp01iunity to respond in writing, within ten (10) days from receipt of notification of the alleged violation 25 . The Bidder will not be entitled to representation by counsel. The Reviewer will detennine whether the Bidder has willfully and knowingly made an impermissible Contact. The Reviewer will advise the Bidder and the Contracts Manager , or employee authorized for such purpose , of the 26 final detennination made . In the event the Reviewer determines that the Bidder has made an im~ermissible Contact with a Governmental Entity other than OMV, the Reviewer will so notify the ethics officer 2 , inspector general or other appropriate official of such other Governmental Entity 28 . In the event the Reviewer detennines that, as the result of an impennissible Contact, an employee of DMV has violated the provisions of Public Officers Law §73(5) [prohibition of acceptance of a gift of$75 or more] or §74 [code of ethics], the Reviewer will so advise the Commissioner of Motor Vehicles, the State Ethics Commission and the Office of the Inspector General 29 . VIII. Determinations of Non-Responsibility: 30 The Reviewer, or employee authori zed for such purpose, will determine whether a bidder has been determined to be "non-responsible" because (1) the Bidder has willfully and knowingly made an impermissible Contact 31, or (2) the Bidder has intentionally failed to make accurate and complete disclosure of prior findings of nonresponsibility with respect to Governmental Procurements made within the previous four (4) years 32 . Upon making a determination of non-responsibility , the Contracts Manager, or employee authorized for such purpose , will so notify the Bidder and the Commissioner of Motor Vehicles 33 . A finding of non-responsibility under this section shall result in OMV not awarding the contract to such bidder, unless OMV determines that (1) the award of the contract is necessary to protect public properiy or public health or safety, and (2) the bidder is the only source capable of supplying the required article of procurement within the required time frame . 23 139-j (9) 24 25 Id. 139-j (I0 )(a) 139-j (I0)(a) 27 139-j (8)(a) , (c) 28 139-j (8)( c), (I0(b) 29 Leg islative Law: POL § 73(5); §74 (Code of Ethics) 30 139 -j (7) 31 139 -j (I0)(b) 32 139-j (I0)(b) ; 139-k (5) 33 139 -j (I0)(a) 26 16 New York DMV 110365 GULaw Privacy FR C000820 23000 APPENDIX-B-1: AFFIRMATION AND DISCLOSURES CONCERNING STATE FINANCE LAW §§139-J AND 139-K Procurement Description/ID No. C000820 Name of Bidder: MorphoTrust USA, Inc. Address: 296 Concord Rd, Suite 300, Billerica , MA 0 1821 Name and Title of Person Submitting this Form: A. Bidd er affinn s that it has received, reviewed and understand s the Policy and Procedure of the Department of Motor Vehicles (DMV), relating to State Finance Law §§ 139-j and 139-k, and agrees to comply with DMV's procedure relating to Contacts with respect to this procurement. B. Disclo sures: l. Has a Governmental Entity, as defined in State Finance Law §139-j(l)(a), made a determination of non-responsibility with respect to the Bidder within the previous four years where such finding was due to a violation of State Finance Law § 139-j or the intentional provision of false or incomplete infonnation with respect to previous determinations of nonresponsibility ? Yes --- If yes, provide the following details: Governmental Entity which made the finding: Date of finding: Basis of finding: 2. Has a Governmental Entity tenninated or withheld a procurement contract with the Bidder because of violations of State Finance Law § 139-j or the intentional provision of false or incomplete 1 infonnation with respect to previous detJ inations of non-responsibility? No___ Yes __ _ If yes, identify the Governmental Entity , the date of tennination or withholding, and related procurement contract: 17 New York DMV 110366 GULaw Privacy FR C000665 23000 AMENDMENT No. 1 TO CONTRACT No. C000665 BETWEEN THE NEW YORK STATE DEPARTMENT OF MOTOR VEHICLES AND MORPHOTRUST USA, INC., A DELAWARE CORPORATION This Agreement is made this day of January, 2013, by and between the Department of Motor Vehicles of the State of New York, 6 Empire State Plaza, Swan Street Building, Albany, New York 12228 (hereinafter referred to as the “Department” or “DMV”), and MorphoTrust USA, Inc., a Delaware corporation, formerly known as L-1 Identity Solutions Operating Company, with an address at 296 Concord Road, Suite 300, Billerica, MA 01821 (“Contractor”), collectively referred to as the “Parties”. The Parties agree as follows: Notwithstanding any provision to the contrary wherever contained, in the event of any inconsistencies between the terms contained in the main body of this Contract and this Amendment, the terms of this Amendment shall prevail. PARAGRAPH HEADINGS: Paragraph headings contained in this Agreement are for convenience only and shall not be considered for any purpose in governing, limiting, modifying, construing or affecting the provisions of this Agreement and shall not otherwise be given any legal effect. This Amendment extends the term of Contract No. C000665 (the “Contract”), entered into on March 25, 2009, between DMV and L-1 Identity Solutions Operating Company (a company later acquired by Contractor) for the provision of ongoing software maintenance and support for DMV’s Facial Recognition System (“FRS”) platform and web services. 1 TERM: The term of this Amendment shall commence on March 04, 2013, and shall expire on March 03, 2015, subject to approval and execution hereof by the Offices of the NYS Attorney General (AG) and Comptroller (OSC). 2 PAYMENT: DMV shall make payment in full of Four Hundred Twenty-Five Thousand, Three Hundred Fifteen And 00/100 Dollars ($425,315.00) on or before March 4, 2013, for the provision of ongoing software maintenance and support for the FRS platform and web services from March 4, 2013 to March 3, 2015. 3 DESCRIPTION OF GOODS AND SERVICES: Contractor shall provide Phone Support, Remote Dial-in, On-Site support as required, Preventative Maintenance and Upgrades of the FRS platform and web services. Maintenance and support shall include troubleshooting and repair of supported software. Contractor shall also provide ongoing software maintenance and support for reinstallation and reconfiguration of Contractor provided software, in the event of any hardware or system failure. DMV shall be responsible for maintenance of all FRS hardware and 3rd party software. Contractor’s services shall include: New York DMV 110367 GULaw Privacy FR C000665 23000      Phone Support – Software services personnel shall provide direct phone support from 8:00 am to 5:00 pm (Eastern Standard Time), Monday through Friday, excluding Federal holidays. Remote Dial-in – Software Services support shall be provided through DMV-provided VPN, as a second step to phone support. On-Site – Software Services support shall be provided for remedial maintenance, if phone support and dial-in fail to resolve the issue. Contractor must provide on-site services within forty-eight (48) hours from initial call for support. Preventative Maintenance – Contractor shall provide a periodic maintenance plan for the required software systems. Hands-on Preventative Maintenance shall be provided by DMV personnel. Upgrades – Contractor must provide in-version upgrades to any and all supported software. Upgrades shall be conducted via downloaded software patch, or installed by Contractor’s Services personnel for larger upgrades. 4 LETTER OF CREDIT: The Letter of Credit provided upon execution of the Contract must be extended to cover the term of this Amendment, and must at least be equivalent to the amount paid hereunder. Contractor must provide such Letter of Credit to DMV immediately upon execution hereof by OSC. 5 APPENDIX-A, “STANDARD CLAUSES FOR NEW YORK STATE CONTRACTS”: The Contractor shall comply with and be bound by the provisions of Appendix-A, “Standard Clauses for New York State Contracts”. 6 SUMMARY OF POLICY AND PROHIBITIONS ON PROCUREMENT LOBBYING: In order to facilitate transparency in the procurement process, and pursuant to NYS Procurement Lobbying Law (State Finance Law §§139-j and 139-k), this solicitation imposes certain restrictions on communications between DMV and an Offerer/Bidder made during the procurement process. An Offerer/Bidder is restricted to communicating with designated DMV staff (“designated contacts”), during the portion of the procurement process known as the “restricted period”. The restricted period runs from DMV’s earliest notice of its intent to solicit offers, through award of the Procurement Contract by DMV, and where applicable, the final approval of the Contract by the NYS Office of State Comptroller. Certain statutory exceptions are provided for in State Finance Law §139-j(3)(a). The Designated Contact for this Amendment is Edwin Lake. Mr. Lake or his alternate, Maureen Younkin, are the persons (“designated contacts”) designated to communicate with Bidders/Offerers on behalf of the Department for all matters relating to this Amendment. All proposals and accompanying documentation must be packaged, sealed and submitted to: Edwin Lake Procurement Services NYS Department of Motor Vehicles 6 Empire State Plaza, Room 528B Albany, NY 12228 (518) 474-0815 (Phone) (518) 486-4541 (Fax) Edwin.Lake@dmv.ny.gov New York DMV Or his alternate: 110368 Maureen Younkin Procurement Services NYS Department of Motor Vehicles 6 Empire State Plaza, Room 528B Albany, NY 12228 (518) 474-0815 (Phone) (518) 486-4541 (Fax) contracts@dmv.ny.gov GULaw Privacy FR C000665 23000 When contacted during the restricted period, DMV staff members are required to document information, about the communication. DMV must also make a determination of the “responsibility” of the Offerer/Bidder. Certain findings of nonresponsibility can result in rejection of the Offerer/Bidder for contract award. In the event of two findings of non-responsibility made within a 4-year period, the Offerer/Bidder may be debarred from obtaining governmental Procurement Contracts. Further information about the NYS Procurement Lobbying Law can be obtained from the Office of General Services Website, at: http://ogs.ny.gov/aboutOgs/regulations/defaultAdvisoryCouncil.html. DMV’s Policy and Procedures concerning compliance with NYS Procurement Lobbying Law is attached hereto as Appendix-B. Bidders must complete and submit Appendix B-1 with their bid. 7 COMPLIANCE WITH LAWS: In performing its obligations under this Contract, the Contractor must comply with all applicable federal, state, and local statutes, ordinances, regulations, and rules, including, but not limited to, laws regulating the terms and conditions of employment, NYS printing law, building and fire codes, zoning laws, privacy, public building requirements for use by the handicapped, and occupational safety and health rules. 8 VENDOR RESPONSIBILITY: Contractor acknowledges that no changes have been made to the Vendor Responsibility Questionnaire submitted with their bid proposal, and that any changes must be disclosed by submitting a new Vendor Responsibility Questionnaire at the time the change occurs. Contractors are invited to file the required Vendor Responsibility Questionnaire online via the New York State VendRep System or may choose to complete and submit a paper questionnaire. To enroll in and use the New York State VendRep System, see the VendRep System Instructions available at www.osc.state.ny.us/vendrep or go directly to the VendRep System online at https://portal.osc.state.ny.us. For direct VendRep System user assistance, the OSC Help Desk may be reached at 866-370-4672 or 518408-4672 or by email at helpdesk@osc.state.ny.us. Bidders opting to file a paper questionnaire can obtain the appropriate questionnaire from the VendRep website www.osc.state.ny.us/vendrep or may contact the DMV or the Office of the State Comptroller for a copy of the paper form. 9 IRAN DIVESTMENT ACT As a result of the Iran Divestment Act of 2012 (Act), Chapter 1 of the 2012 Laws of New York, a new provision has been added to the State Finance Law (SFL), § 165-a, effective April 12, 2012. Under the Act, the Commissioner of the Office of General Services (OGS) will be developing a list (prohibited entities list) of “persons” who are engaged in “investment activities in Iran” (both are defined terms in the law). Pursuant to SFL § 165-a(3)(b), the initial list is expected to be issued no later than 120 days after the Act’s effective date, at which time it will be posted on the OGS website. By entering into a renewal or extension of this Contract, Contractor (or any assignee) certifies that once the prohibited entities list is posted on the OGS website, it will not utilize on such Contract any subcontractor that is identified on the prohibited entities list. Additionally, Contractor understands that during the term of the Contract, should DMV receive information that a person is in violation of the above-referenced certification, DMV will offer the person an opportunity to respond. If the person fails to demonstrate that it has ceased its engagement in the investment which is in violation of the Act within 90 days after the determination of such violation, then DMV shall take such New York DMV 110369 GULaw Privacy FR C000665 23000 action as may be appropriate including, but not limited to, imposing sanctions, seeking compliance, recovering damages, or declaring the Contractor in default. DMV reserves the right to reject any renewal, extension or request for assignment for an entity that appears on the prohibited entities list hereafter and to pursue a responsibility review with respect to any entity that is granted a contract extension/renewal or assignment and appears on the prohibited entities list thereafter. 10 POLICY STATEMENT ON WOMEN AND MINORITY-OWNED BUSINESS DEVELOPMENT: It is the policy of the State of New York to promote equality of economic opportunity for minority and women-owned business enterprises (M/WBEs) in State contracting. In order to comply with the State’s objectives, the Contractor must use “good faith efforts” to provide meaningful participation by M/WBE subcontractors or suppliers in the performance of this contract. Contractor must comply with the provisions of Appendix-L hereof, entitled “Contractor Requirements and Procedures for Business Participation Opportunities for New York State Certified Minority- and Women-Owned Business Enterprises, and Equal Employment Opportunities for Minority Group Members and Women”, and must submit the attached “M/WBE Form-1”, upon contract execution. 11 OTHER TERMS: Except as specifically modified in this Amendment No. 1, the terms and conditions of the original Agreement shall continue in full force and effect. In Witness Whereof, the Parties have executed this Agreement by their duly authorized officer or representative. Signatures on the following Page New York DMV 110370 GULaw Privacy FR C000665 23000 Signature Page MORPHOTRUST USA, INC. NYS DEPARTMENT OF MOTOR VEHICLES BY, ___________________________ (Please Sign Here) BY, ____________________________ (Please Sign Here) Robert Eckel ____________________________ (Please Print Name) (Please Print Name) __________________________________ (Title) President and CEO (Title) Date: _______/ _______/ ________ (mm/dd/yyyy) NYS ATTORNEY GENERAL Date: _______/ _______/ ________ (mm/dd/yyyy) BY, ____________________________ (Please Sign Here) BY, ____________________________ (Please Sign Here) ____________________________ (Please Print Name) __________________________________ (Title) ____________________________ (Please Print Name) __________________________________ (Title) Date: _______/ _______/ ________ (mm/dd/yyyy) Date: _______/ _______/ ________ (mm/dd/yyyy) COMMONWEALTH OF MASSACHUSETTS COUNTY OF MIDDLESEX NYS OFFICE OF THE STATE COMPTROLLER ) ) s.s.: ) On the ______________ day of ______________ in the year 2013 before me personally came ____________________________ to me known, who, being by me duly sworn, did depose and say that he/she/they reside(s) in ____________________________ (if the place of residence is in a city, include the street and street number, if any, thereof); that he/she/they is (are) the _______________________________________ (president, or other officer, or director, or attorney in fact, duly appointed) of MorphoTrust USA, Inc. (name of corporation), the corporation described in and which executed the above instrument; and that he/she/they signed his/her/their name(s) thereto by authority of the board of directors of said corporation. _____________________________________ Notary Public My Commission Expires: _________________ New York DMV 110371 GULaw Privacy FR C000665 23000 APPENDIX-A: STANDARD CLAUSES FOR NEW YORK STATE CONTRACTS (v., December, 2012) TABLE OF CONTENTS 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. Executory Clause Non-Assignment Clause Comptroller’s Approval Workers’ Compensation Benefits Non-Discrimination Requirements Wage and Hours Provisions Non-Collusive Bidding Certification International Boycott Prohibition Set-Off Rights Records Identifying Information and Privacy Notification Equal Employment Opportunities For Minorities and Women Conflicting Terms Governing Law Late Payment No Arbitration Service of Process Prohibition on Purchase of Tropical Hardwoods MacBride Fair Employment Principles Omnibus Procurement Act of 1992 Reciprocity and Sanctions Provisions Compliance with New York State Information Security Breach and Notification Act Compliance with Consultant Disclosure Law Procurement Lobbying Certification of Registration to Collect Sales and Compensating Use Tax by Certain State Contractors, Affiliates and Subcontractors STANDARD CLAUSES FOR NYS CONTRACTS The parties to the attached contract, license, lease, amendment or other agreement of any kind (hereinafter, "the contract" or "this contract") agree to be bound by the following clauses which are hereby made a part of the contract (the word "Contractor" herein refers to any party other than the State, whether a contractor, licenser, licensee, lessor, lessee or any other party): 1. EXECUTORY CLAUSE. In accordance with Section 41 of the State Finance Law, the State shall have no liability under this contract to the Contractor or to anyone else beyond funds appropriated and available for this contract. 2. NON-ASSIGNMENT CLAUSE. In accordance with Section 138 of the State Finance Law, this contract may not be assigned by the Contractor or its right, title or interest therein assigned, transferred, conveyed, sublet or otherwise disposed of without the State’s previous written consent, and attempts to do so are null and void. Notwithstanding the foregoing, such prior written consent of an assignment of a contract let pursuant to Article XI of the State Finance Law may be waived at the discretion of the contracting agency and with the concurrence of the State Comptroller where the original contract was subject to the State Comptroller’s approval, where the assignment is due to a reorganization, merger or consolidation of the New York DMV 110372 GULaw Privacy FR C000665 23000 Contractor’s business entity or enterprise. The State retains its right to approve an assignment and to require that any Contractor demonstrate its responsibility to do business with the State. The Contractor may, however, assign its right to receive payments without the State’s prior written consent unless this contract concerns Certificates of Participation pursuant to Article 5-A of the State Finance Law. However, such preapproval shall not be required for any contract established as a centralized contract through the Office of General Services or for a purchase order or other transaction issued under such centralized contract. 3. COMPTROLLER'S APPROVAL. In accordance with Section 112 of the State Finance Law (or, if this contract is with the State University or City University of New York, Section 355 or Section 6218 of the Education Law), if this contract exceeds $50,000 (or the minimum thresholds agreed to by the Office of the State Comptroller for certain S.U.N.Y. and C.U.N.Y. contracts), or if this is an amendment for any amount to a contract which, as so amended, exceeds said statutory amount, or if, by this contract, the State agrees to give something other than money when the value or reasonably estimated value of such consideration exceeds $10,000, it shall not be valid, effective or binding upon the State until it has been approved by the State Comptroller and filed in his office. Comptroller's approval of contracts let by the Office of General Services is required when such contracts exceed $85,000 (State Finance Law Section 163.6.a). 4. WORKERS' COMPENSATION BENEFITS. In accordance with Section 142 of the State Finance Law, this contract shall be void and of no force and effect unless the Contractor shall provide and maintain coverage during the life of this contract for the benefit of such employees as are required to be covered by the provisions of the Workers' Compensation Law. 5. NON-DISCRIMINATION REQUIREMENTS. To the extent required by Article 15 of the Executive Law (also known as the Human Rights Law) and all other State and Federal statutory and constitutional non-discrimination provisions, the Contractor will not discriminate against any employee or applicant for employment because of race, creed, color, sex, national origin, sexual orientation, age, disability, genetic predisposition or carrier status, or marital status. Furthermore, in accordance with Section 220-e of the Labor Law, if this is a contract for the construction, alteration or repair of any public building or public work or for the manufacture, sale or distribution of materials, equipment or supplies, and to the extent that this contract shall be performed within the State of New York, Contractor agrees that neither it nor its subcontractors shall, by reason of race, creed, color, disability, sex, or national origin: (a) discriminate in hiring against any New York State citizen who is qualified and available to perform the work; or (b) discriminate against or intimidate any employee hired for the performance of work under this contract. If this is a building service contract as defined in Section 230 of the Labor Law, then, in accordance with Section 239 thereof, Contractor agrees that neither it nor its subcontractors shall by reason of race, creed, color, national origin, age, sex or disability: (a) discriminate in hiring against any New York State citizen who is qualified and available to perform the work; or (b) discriminate against or intimidate any employee hired for the performance of work under this contract. Contractor is subject to fines of $50.00 per person per day for any violation of Section 220-e or Section 239 as well as possible termination of this contract and forfeiture of all moneys due hereunder for a second or subsequent violation. 6. WAGE AND HOURS PROVISIONS. If this is a public work contract covered by Article 8 of the Labor Law or a building service contract covered by Article 9 thereof, neither Contractor's employees nor the employees of its subcontractors may be required or permitted to work more than the number of hours or days stated in said statutes, except as otherwise provided in the Labor Law and as set forth in prevailing wage and supplement schedules issued by the State Labor Department. Furthermore, Contractor and its subcontractors must pay at least the prevailing wage rate and pay or provide the prevailing supplements, including the premium rates for overtime pay, as determined by the State Labor Department in accordance with the Labor Law. Additionally, effective April 28, 2008, if this is a public work contract covered by Article 8 of the Labor Law, the Contractor understands and agrees that the filing of payrolls in a manner consistent with Subdivision 3-a of Section 220 of the Labor Law shall be a condition precedent to payment by the State of any State approved sums due and owing for work done upon the project. 7. NON-COLLUSIVE BIDDING CERTIFICATION. In accordance with Section 139-d of the State Finance Law, if this contract was awarded based upon the submission of bids, Contractor affirms, under New York DMV 110373 GULaw Privacy FR C000665 23000 penalty of perjury, that its bid was arrived at independently and without collusion aimed at restricting competition. Contractor further affirms that, at the time Contractor submitted its bid, an authorized and responsible person executed and delivered to the State a non-collusive bidding certification on Contractor's behalf. 8. INTERNATIONAL BOYCOTT PROHIBITION. In accordance with Section 220-f of the Labor Law and Section 139-h of the State Finance Law, if this contract exceeds $5,000, the Contractor agrees, as a material condition of the contract, that neither the Contractor nor any substantially owned or affiliated person, firm, partnership or corporation has participated, is participating, or shall participate in an international boycott in violation of the federal Export Administration Act of 1979 (50 USC App. Sections 2401 et seq.) or regulations thereunder. If such Contractor, or any of the aforesaid affiliates of Contractor, is convicted or is otherwise found to have violated said laws or regulations upon the final determination of the United States Commerce Department or any other appropriate agency of the United States subsequent to the contract's execution, such contract, amendment or modification thereto shall be rendered forfeit and void. The Contractor shall so notify the State Comptroller within five (5) business days of such conviction, determination or disposition of appeal (2NYCRR 105.4). 9. SET-OFF RIGHTS. The State shall have all of its common law, equitable and statutory rights of set-off. These rights shall include, but not be limited to, the State's option to withhold for the purposes of set-off any moneys due to the Contractor under this contract up to any amounts due and owing to the State with regard to this contract, any other contract with any State department or agency, including any contract for a term commencing prior to the term of this contract, plus any amounts due and owing to the State for any other reason including, without limitation, tax delinquencies, fee delinquencies or monetary penalties relative thereto. The State shall exercise its set-off rights in accordance with normal State practices including, in cases of set-off pursuant to an audit, the finalization of such audit by the State agency, its representatives, or the State Comptroller. 10. RECORDS. The Contractor shall establish and maintain complete and accurate books, records, documents, accounts and other evidence directly pertinent to performance under this contract (hereinafter, collectively, "the Records"). The Records must be kept for the balance of the calendar year in which they were made and for six (6) additional years thereafter. The State Comptroller, the Attorney General and any other person or entity authorized to conduct an examination, as well as the agency or agencies involved in this contract, shall have access to the Records during normal business hours at an office of the Contractor within the State of New York or, if no such office is available, at a mutually agreeable and reasonable venue within the State, for the term specified above for the purposes of inspection, auditing and copying. The State shall take reasonable steps to protect from public disclosure any of the Records which are exempt from disclosure under Section 87 of the Public Officers Law (the "Statute") provided that: (i) the Contractor shall timely inform an appropriate State official, in writing, that said records should not be disclosed; and (ii) said records shall be sufficiently identified; and (iii) designation of said records as exempt under the Statute is reasonable. Nothing contained herein shall diminish, or in any way adversely affect, the State's right to discovery in any pending or future litigation. 11. IDENTIFYING INFORMATION AND PRIVACY NOTIFICATION. (a) Identification Number(s). Every invoice or New York State Claim for Payment submitted to a New York State agency by a payee, for payment for the sale of goods or services or for transactions (e.g., leases, easements, licenses, etc.) related to real or personal property must include the payee's identification number. The number is any or all of the following: (i) the payee’s Federal employer identification number, (ii) the payee’s Federal social security number, and/or (iii) the payee’s Vendor Identification Number assigned by the Statewide Financial System. Failure to include such number or numbers may delay payment. Where the payee does not have such number or numbers, the payee, on its invoice or Claim for Payment, must give the reason or reasons why the payee does not have such number or numbers. (b) Privacy Notification. (1) The authority to request the above personal information from a seller of goods or services or a lessor of real or personal property, and the authority to maintain such information, is found in Section 5 of the State Tax Law. Disclosure of this information by the seller or lessor to the State is New York DMV 110374 GULaw Privacy FR C000665 23000 mandatory. The principal purpose for which the information is collected is to enable the State to identify individuals, businesses and others who have been delinquent in filing tax returns or may have understated their tax liabilities and to generally identify persons affected by the taxes administered by the Commissioner of Taxation and Finance. The information will be used for tax administration purposes and for any other purpose authorized by law. (2) The personal information is requested by the purchasing unit of the agency contracting to purchase the goods or services or lease the real or personal property covered by this contract or lease. The information is maintained in the Statewide Financial System by the Vendor Management Unit within the Bureau of State Expenditures, Office of the State Comptroller, 110 State Street, Albany, New York 12236. 12. EQUAL EMPLOYMENT OPPORTUNITIES FOR MINORITIES AND WOMEN. In accordance with Section 312 of the Executive Law and 5 NYCRR 143, if this contract is: (i) a written agreement or purchase order instrument, providing for a total expenditure in excess of $25,000.00, whereby a contracting agency is committed to expend or does expend funds in return for labor, services, supplies, equipment, materials or any combination of the foregoing, to be performed for, or rendered or furnished to the contracting agency; or (ii) a written agreement in excess of $100,000.00 whereby a contracting agency is committed to expend or does expend funds for the acquisition, construction, demolition, replacement, major repair or renovation of real property and improvements thereon; or (iii) a written agreement in excess of $100,000.00 whereby the owner of a State assisted housing project is committed to expend or does expend funds for the acquisition, construction, demolition, replacement, major repair or renovation of real property and improvements thereon for such project, then the following shall apply and by signing this agreement the Contractor certifies and affirms that it is Contractor’s equal employment opportunity policy that: (a) The Contractor will not discriminate against employees or applicants for employment because of race, creed, color, national origin, sex, age, disability or marital status, shall make and document its conscientious and active efforts to employ and utilize minority group members and women in its work force on State contracts and will undertake or continue existing programs of affirmative action to ensure that minority group members and women are afforded equal employment opportunities without discrimination. Affirmative action shall mean recruitment, employment, job assignment, promotion, upgradings, demotion, transfer, layoff, or termination and rates of pay or other forms of compensation; (b) at the request of the contracting agency, the Contractor shall request each employment agency, labor union, or authorized representative of workers with which it has a collective bargaining or other agreement or understanding, to furnish a written statement that such employment agency, labor union or representative will not discriminate on the basis of race, creed, color, national origin, sex, age, disability or marital status and that such union or representative will affirmatively cooperate in the implementation of the Contractor's obligations herein; and (c) the Contractor shall state, in all solicitations or advertisements for employees, that, in the performance of the State contract, all qualified applicants will be afforded equal employment opportunities without discrimination because of race, creed, color, national origin, sex, age, disability or marital status. Contractor will include the provisions of "a", "b", and "c" above, in every subcontract over $25,000.00 for the construction, demolition, replacement, major repair, renovation, planning or design of real property and improvements thereon (the "Work") except where the Work is for the beneficial use of the Contractor. Section 312 does not apply to: (i) work, goods or services unrelated to this contract; or (ii) employment outside New York State. The State shall consider compliance by a contractor or subcontractor with the requirements of any federal law concerning equal employment opportunity which effectuates the purpose of this section. The contracting agency shall determine whether the imposition of the requirements of the provisions hereof duplicate or conflict with any such federal law and if such duplication or conflict exists, the contracting agency shall waive the applicability of Section 312 to the extent of such duplication or conflict. Contractor will comply with all duly promulgated and lawful rules and regulations of the Department of Economic Development’s Division of Minority and Women's Business Development pertaining hereto. New York DMV 110375 GULaw Privacy FR C000665 23000 13. CONFLICTING TERMS. In the event of a conflict between the terms of the contract (including any and all attachments thereto and amendments thereof) and the terms of this Appendix A, the terms of this Appendix A shall control. 14. GOVERNING LAW. This contract shall be governed by the laws of the State of New York except where the Federal supremacy clause requires otherwise. 15. LATE PAYMENT. Timeliness of payment and any interest to be paid to Contractor for late payment shall be governed by Article 11-A of the State Finance Law to the extent required by law. 16. NO ARBITRATION. Disputes involving this contract, including the breach or alleged breach thereof, may not be submitted to binding arbitration (except where statutorily authorized), but must, instead, be heard in a court of competent jurisdiction of the State of New York. 17. SERVICE OF PROCESS. In addition to the methods of service allowed by the State Civil Practice Law & Rules ("CPLR"), Contractor hereby consents to service of process upon it by registered or certified mail, return receipt requested. Service hereunder shall be complete upon Contractor's actual receipt of process or upon the State's receipt of the return thereof by the United States Postal Service as refused or undeliverable. Contractor must promptly notify the State, in writing, of each and every change of address to which service of process can be made. Service by the State to the last known address shall be sufficient. Contractor will have thirty (30) calendar days after service hereunder is complete in which to respond. 18. PROHIBITION ON PURCHASE OF TROPICAL HARDWOODS. The Contractor certifies and warrants that all wood products to be used under this contract award will be in accordance with, but not limited to, the specifications and provisions of Section 165 of the State Finance Law, (Use of Tropical Hardwoods) which prohibits purchase and use of tropical hardwoods, unless specifically exempted, by the State or any governmental agency or political subdivision or public benefit corporation. Qualification for an exemption under this law will be the responsibility of the contractor to establish to meet with the approval of the State. In addition, when any portion of this contract involving the use of woods, whether supply or installation, is to be performed by any subcontractor, the prime Contractor will indicate and certify in the submitted bid proposal that the subcontractor has been informed and is in compliance with specifications and provisions regarding use of tropical hardwoods as detailed in §165 State Finance Law. Any such use must meet with the approval of the State; otherwise, the bid may not be considered responsive. Under bidder certifications, proof of qualification for exemption will be the responsibility of the Contractor to meet with the approval of the State. 19. MACBRIDE FAIR EMPLOYMENT PRINCIPLES. In accordance with the MacBride Fair Employment Principles (Chapter 807 of the Laws of 1992), the Contractor hereby stipulates that the Contractor either (a) has no business operations in Northern Ireland, or (b) shall take lawful steps in good faith to conduct any business operations in Northern Ireland in accordance with the MacBride Fair Employment Principles (as described in Section 165 of the New York State Finance Law), and shall permit independent monitoring of compliance with such principles. 20. OMNIBUS PROCUREMENT ACT OF 1992. It is the policy of New York State to maximize opportunities for the participation of New York State business enterprises, including minority and womenowned business enterprises as bidders, subcontractors and suppliers on its procurement contracts. Information on the availability of New York State subcontractors and suppliers is available from: NYS Department of Economic Development Division for Small Business 30 South Pearl St -- 7th Floor Albany, New York 12245 Telephone: 518-292-5220 Fax: 518-292-5884 http://www.empire.state.ny.us Information on the availability of New York State subcontractors and suppliers is available from: New York DMV 110376 GULaw Privacy FR C000665 23000 NYS Department of Economic Development Division for Small Business Albany, New York 12245 Telephone: 518-292-5100 Fax: 518-292-5884 email: opa@esd.ny.gov A directory of certified minority and women-owned business enterprises is available from: NYS Department of Economic Development Division of Minority and Women's Business Development 633 Third Avenue New York, NY 10017 212-803-2414 email: mwbecertification@esd.ny.gov http://esd.ny.gov/MWBE/directorySearch.html The Omnibus Procurement Act of 1992 requires that by signing this bid proposal or contract, as applicable, Contractors certify that whenever the total bid amount is greater than $1 million: (a) The Contractor has made reasonable efforts to encourage the participation of New York State Business Enterprises as suppliers and subcontractors, including certified minority and women-owned business enterprises, on this project, and has retained the documentation of these efforts to be provided upon request to the State; (b) The Contractor has complied with the Federal Equal Opportunity Act of 1972 (P.L. 92-261), as amended; (c) The Contractor agrees to make reasonable efforts to provide notification to New York State residents of employment opportunities on this project through listing any such positions with the Job Service Division of the New York State Department of Labor, or providing such notification in such manner as is consistent with existing collective bargaining contracts or agreements. The Contractor agrees to document these efforts and to provide said documentation to the State upon request; and (d) The Contractor acknowledges notice that the State may seek to obtain offset credits from foreign countries as a result of this contract and agrees to cooperate with the State in these efforts. 21. RECIPROCITY AND SANCTIONS PROVISIONS. Bidders are hereby notified that if their principal place of business is located in a country, nation, province, state or political subdivision that penalizes New York State vendors, and if the goods or services they offer will be substantially produced or performed outside New York State, the Omnibus Procurement Act 1994 and 2000 amendments (Chapter 684 and Chapter 383, respectively) require that they be denied contracts which they would otherwise obtain. NOTE: As of May 15, 2002, the list of discriminatory jurisdictions subject to this provision includes the states of South Carolina, Alaska, West Virginia, Wyoming, Louisiana and Hawaii. Contact NYS Department of Economic Development for a current list of jurisdictions subject to this provision. 22. COMPLIANCE WITH NEW YORK STATE INFORMATION SECURITY BREACH AND NOTIFICATION ACT. Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law Section 899-aa; State Technology Law Section 208). 23. COMPLIANCE WITH CONSULTANT DISCLOSURE LAW. If this is a contract for consulting services, defined for purposes of this requirement to include analysis, evaluation, research, training, data processing, computer programming, engineering, environmental, health, and mental health services, accounting, auditing, paralegal, legal or similar services, then, in accordance with Section 163 (4-g) of the State Finance Law (as amended by Chapter 10 of the Laws of 2006), the Contractor shall timely, accurately New York DMV 110377 GULaw Privacy FR C000665 23000 and properly comply with the requirement to submit an annual employment report for the contract to the agency that awarded the contract, the Department of Civil Service and the State Comptroller. 24. PROCUREMENT LOBBYING. To the extent this agreement is a "procurement contract" as defined by State Finance Law Sections 139-j and 139-k, by signing this agreement the contractor certifies and affirms that all disclosures made in accordance with State Finance Law Sections 139-j and 139-k are complete, true and accurate. In the event such certification is found to be intentionally false or intentionally incomplete, the State may terminate the agreement by providing written notification to the Contractor in accordance with the terms of the agreement. 25. CERTIFICATION OF REGISTRATION TO COLLECT SALES AND COMPENSATING USE TAX BY CERTAIN STATE CONTRACTORS, AFFILIATES AND SUBCONTRACTORS. To the extent this agreement is a contract as defined by Tax Law Section 5-a, if the contractor fails to make the certification required by Tax Law Section 5-a or if during the term of the contract, the Department of Taxation and Finance or the covered agency, as defined by Tax Law 5-a, discovers that the certification, made under penalty of perjury, is false, then such failure to file or false certification shall be a material breach of this contract and this contract may be terminated, by providing written notification to the Contractor in accordance with the terms of the agreement, if the covered agency determines that such action is in the best interest of the State. New York DMV 110378 GULaw Privacy FR C000665 23000 APPENDIX-B: STATE OF NEW YORK PROCUREMENT LOBBYING POLICY AND PROCEDURES (Revised, March 2012) I. Policy:1 It is the policy of DMV to comply with the provisions of State Finance Law §§139-j and 139-k, and related guidance offered by the Advisory Council on Procurement Lobbying and the Office of the State Comptroller.2 II. Procedure:3 The procedure set forth hereafter applies to “Governmental Procurements” let by DMV. III. Definitions: Capitalized terms used but not defined herein shall have the meaning ascribed to them in State Finance Law §§139-j and 139-k (See, attached). For the purpose of this procurement, the terms “Contact” and “Designated Contact” are ascribed the following meanings: “Contact” as used herein is defined as (1) any oral, written or electronic communication that is (2) made by the Bidder, or a person acting on behalf of the Bidder, (3) to an employee of DMV or of a Governmental Agency other than the DMV, (4) concerning the related Governmental Procurement, (5) where such communication is made during the “Restricted Period”; and (6) where a reasonable person would infer that such communication was made by the bidder with the intention of improperly influencing the related Governmental Procurement [e.g., any violation of Public Officers Law §73(5) (offer of a gift of $75 or more), or §74 (code of ethics for public officers and employees)]. The term “Contact” does not include permissible communications such as (1) submission of a written proposal4, (2) submission of written questions5, (3) participation in a bidders’ conference6, (4) complaints7, (5) contract negotiations subsequent to notice of a tentative award of contract 8, (6) review of contract award9, and (7) protests, appeals or other review proceedings10; (8) a communication described in Legislative Law §1-t(e) which is (a) made by a bidder or subcontractor to a bidder qualified by education, training or experience to provide technical services to explain, clarify or demonstrate the qualities, characteristics or advantages of an article of procurement, who (b) provides information to a Designated Contact to assist the Designated Contact in understanding and assessing the qualities, characteristics or anticipated performance of such article of procurement and (c) who does not recommend or advocate contract provisions11; or a communication by which the bidder seeks generally available information, including clarification and interpretation, with respect to the solicitation documents or the Governmental Procurement process, including the status or timing of steps in the process12. 1139-j (2) 139-j (5) 3 139-j (1); 139-k (1) 4 139-j (3)(a)(1) 5 139-j (3)(a)(2) 6 139-j (3)(a)(3) 7 139-j (3)(a)(4) 8 139-j (3)(a)(5) 9 139-j (3)(a)(6) 10 139-j (3)(a)(7) 11 139-j (1), (3); 139-k (1) 12 139-j (3) New York DMV 2 110379 GULaw Privacy FR C000665 23000 “Designated Contact” as used herein is defined as one or more employees of DMV identified in the solicitation for the related Governmental Procurement, or thereafter designated by the DMV’s Contract Manager13. IV. Solicitations: DMV will include the following in every written solicitation for a Procurement Contract14: (1) The name of each Designated Contact person, and a statement which substantially complies with in the following form: “Prior to approval by DMV, or, if applicable, the Office of the State Comptroller, of the contract for which this solicitation has been issued, bidders must direct all communications concerning this solicitation to the person(s) identified as “Designated Contact(s)”15; (2) A summary of DMV’s policy and procedures regarding “contacts”; (3) A form (See, Appendix B-1, attached) to be submitted by bidders, upon which each bidder affirms in writing (a) its understanding of DMV’s procurement lobbying policy and procedures; and (b) that it will comply with such policy and procedures; and (c) discloses whether it has been determined to be “nonresponsible” within the previous four (4) years for violating State Finance Law §139-j16, or for having intentionally provided false or incomplete information17 to a Governmental Entity concerning its compliance with State Finance Law §139-j; and (d) certifies that the bidder has provided accurate and complete information concerning the bidder’s compliance with State Finance Law §§139-j and 139-k within the previous four years18. V. Contracts: Each Procurement Contract will contain the following statement, substantially in the following form: “DMV reserves the right to terminate this contract in the event that it is determined that the certification filed by the Contractor in accordance with State Finance Law §§139-j and 139-k was intentionally false or intentionally incomplete19. Upon such determination, DMV may terminate this Contract by providing written notification to the Contractor, without incurring liability on the part of DMV or the State for breach of contract.”20 VI. Records of Contacts:21 In the event that DMV employees who are not Designated Contacts are contacted by bidders, or persons acting on the Bidder’s behalf, during the restricted period, the employee will make a record of such Contact and will provide such record to the DMV’s Contract Administrator. DMV employees who become aware of impermissible contacts made to another Governmental Entity concerning this procurement will also make and provide records of any such contacts to Contract Administration. The DMV employee may make one (1) record covering multiple Contacts that are made by the same person within a period of five (5) business days. DMV will make all records of Contacts part of the procurement record22. Contracts Administration will promptly provide records of impermissible Contacts to DMV’s Office of the Deputy Commissioner and Counsel for review. 13 139-j 139-j 15 139-j 16 139-k 17 Id. 18 Id. 19 139-j 20 Id. 21 139-j 22 Id. New York DMV 14 (1), (2); 139-k (1) (2); 139-k (2) (6) (2) (10(b); 139-k (5) (8), (10)(b); 139-k (4) 110380 GULaw Privacy FR C000665 23000 VII. Review and Investigation:23 Upon receipt of a record of an impermissible Contact, the Deputy Commissioner and Counsel or her or his designee (“Reviewer”) will review and investigate, within fifteen (15) days from receipt of such information24. The Reviewer will notify the Bidder that an investigation is ongoing; give notice of the allegations of misconduct; and give the Bidder an opportunity to respond in writing, within ten (10) days from receipt of notification of the alleged violation25. The Bidder will not be entitled to representation by counsel. The Reviewer will determine whether the Bidder has willfully and knowingly made an impermissible Contact. The Reviewer will advise the Bidder and the Contracts Manager, or employee authorized for such purpose, of the final determination made26. In the event the Reviewer determines that the Bidder has made an impermissible Contact with a Governmental Entity other than DMV, the Reviewer will so notify the ethics officer27, inspector general or other appropriate official of such other Governmental Entity28. In the event the Reviewer determines that, as the result of an impermissible Contact, an employee of DMV has violated the provisions of Public Officers Law §73(5) [prohibition of acceptance of a gift of $75 or more] or §74 [code of ethics], the Reviewer will so advise the Commissioner of Motor Vehicles, the State Ethics Commission and the Office of the Inspector General29. VIII. Determinations of Non-Responsibility:30 The Reviewer, or employee authorized for such purpose, will determine whether a bidder has been determined to be “non-responsible” because (1) the Bidder has willfully and knowingly made an impermissible Contact31, or (2) the Bidder has intentionally failed to make accurate and complete disclosure of prior findings of non-responsibility with respect to Governmental Procurements made within the previous four (4) years32. Upon making a determination of non-responsibility, the Contracts Manager, or employee authorized for such purpose, will so notify the Bidder and the Commissioner of Motor Vehicles 33. A finding of non-responsibility under this section shall result in DMV not awarding the contract to such bidder, unless DMV determines that (1) the award of the contract is necessary to protect public property or public health or safety, and (2) the bidder is the only source capable of supplying the required article of procurement within the required time frame. 139-j (9) Id. 25 139-j (10)(a) 26 139-j (10)(a) 27 139-j (8)(a), (c) 28 139-j (8)( c), (10(b) 29 Legislative Law: POL §73(5); §74 (Code of Ethics) 30139-j (7) 31 139-j (10)(b) 32 139-j (10)(b); 139-k (5) 33 139-j (10)(a) 23 24 New York DMV 110381 GULaw Privacy FR C000665 23000 APPENDIX-B-1: AFFIRMATION AND DISCLOSURES CONCERNING STATE FINANCE LAW §§139-J AND 139-K Procurement Description/ID No.: C000665 Name of Bidder: MorphoTrust USA, Inc. Address: 296 Concord Road, Suite 300, Billerica, MA 01821 Name and Title of Person Submitting this Form: Robert Eckel A. Bidder affirms that it has received, reviewed and understands the Policy and Procedure of the Department of Motor Vehicles (DMV), relating to State Finance Law §§139-j and 139-k, and agrees to comply with DMV’s procedure relating to Contacts with respect to this procurement. B. Disclosures: 1. Has a Governmental Entity, as defined in State Finance Law §139-j(1)(a), made a determination of non-responsibility with respect to the Bidder within the previous four years where such finding was due to a violation of State Finance Law §139-j or the intentional provision of false or incomplete information with respect to previous determinations of non-responsibility? No ___ Yes______ If yes, provide the following details: Governmental Entity which made the finding: Date of finding: Basis of finding: 2. Has a Governmental Entity terminated or withheld a procurement contract with the Bidder because of violations of State Finance Law §139-j or the intentional provision of false or incomplete information with respect to previous determinations of non-responsibility? No ___ Yes______ If yes, identify the Governmental Entity, the date of termination or withholding, and related procurement contract: By: _______________________________ New York DMV Date: _________________________________ 110382 GULaw Privacy FR C000665 23000 APPENDIX-C: CONTRACTOR REQUIREMENTS AND PROCEDURES FOR BUSINESS PARTICIPATION OPPORTUNITIES FOR NEW YORK STATE CERTIFIED MINORITY AND WOMEN-OWNED BUSINESS ENTERPRISES, AND EQUAL EMPLOYMENT OPPORTUNITIES FOR MINORITY GROUP MEMBERS AND WOMEN (MWBE, v. 2-10-12) I. Introduction: New York’s Statewide Certified MWBE Program (Program) serves to ameliorate the significant disparities between the level of participation of MWBE’s in state procurement contracting, versus the number of certified minority-and women-owned business enterprises (MWBE’s) that are ready, willing and able to participate in state procurements. In order to comply with New York State Executive Law Article 15-A (“Participation by Minority Croup Members and Women with Respect to State Contracts”), Article 15 (the “Human Rights Law”), and 5 NYCRR Parts 142-144 (“MWBE Regulations”), for all State contracts as defined therein, and to facilitate the implementation and operation of the Program, State agencies are required to establish goals for maximizing participation of New York State MWBE’s and the employment of minority group members and women in the performance of New York State contracts. This Section articulates DMV’s goals for promoting such opportunities. Bidder/Contractor acknowledges that its failure to comply with the following provisions may result in a finding of non-responsiveness, non-responsibility, and/or breach of Contract, which may result in the withholding of payment, suspension or termination of the Contract, or such other actions or enforcement proceedings provided herein or permitted by Law. II. Business Participation Opportunities for MWBEs: DMV hereby establishes an overall goal of 22% for MWBE participation, 11% for Minority-Owned Business Enterprises (MBE) participation, and 11% for Women-Owned Business Enterprises (WBE) participation (based on the current availability of qualified MBE’s and WBE’s). Contractor must document good faith efforts to provide meaningful participation by MWBE’s as subcontractors or suppliers in the performance of the Contract, and Contractor agrees that DMV may withhold payment pending receipt of the required MWBE documentation. The directory of New York State Certified MWBE’s can be viewed at: http://www.esd.ny.gov/mwbe.html. For guidance on how DMV will determine a Contractor’s “good faith efforts,” refer to 5 NYCRR §142.8. A) Liquidated Damages: In accordance with 5 NYCRR §142.13, Contractor acknowledges that its willful and intentional failure to comply with the MWBE participation goals set forth in the Contract will constitute a material breach of Contract for which DMV may withhold payment from the Contractor as liquidated damages for such breach. Such liquidated damages shall be calculated as an amount equal to the difference between (1) all sums identified for payment to MWBE’s had the Contractor achieved the contractual MWBE goals, and (2) all sums actually paid to MWBE’s for work performed or materials supplied under the Contract. New York DMV 110383 GULaw Privacy FR C000665 23000 B) MWBE Utilization Plan: The Bidder to whom a contract is awarded (Contractor) must submit a MWBE Utilization Plan, upon execution of the Contract. At all times during the performance of the Contract, Contractor must make good faith efforts to utilize MBE’s and WBE’s identified in its MWBE Utilization Plan. DMV may disqualify a Bidder/Contractor as being non-responsive, under the following circumstances: a) Bidder/Contractor fails to submit a MWBE Utilization Plan; b) Bidder/Contractor fails to submit a written remedy to a notice of deficiency; c) Bidder/Contractor fails totimely submit a request for waiver; or d) DMV determines that the Bidder/Contractor has failed to document good faith efforts. Any modifications or changes to the MWBE Utilization Plan made during the term of the Contract must be promptly reported, and such modifications or changes will be subject to DMV’s approval. DMV will review the submitted MWBE Utilization Plan and advise the Contractor of DMV’s acceptance, or issue a notice of deficiency within 30 days of receipt. 1. MWBE Waiver Request: Contractor may submit requests for a partial or total waiver of established goal requirements, at any time during the term of the Contract, prior to issuance of final payment on the Contract. If a notice of deficiency is issued, Contractor must respond to the notice of deficiency within seven (7) business days of receipt by submitting to DMV a written remedy that addresses each deficiency contained in the notice of deficiency. If the written remedy that is submitted is not timely or is found by DMV to be inadequate, DMV shall notify Contractor and direct Contractor to re-submit a revised remedy, within five (5) business days. Failure to request the waiver in a timely manner may be grounds for rejection of the request. 2. Contractor’s Quarterly Workforce Employment Utilization Report (“Workforce Report”): Contractors are required to submit to DMV, by the 10th day following the end of each quarter during the term of the Contract, a Workforce Report. Such reports document Contractor’s progress made toward achieving the MWBE goals for the Contract. The Workforce Report must document any changes to the “Bid Staffing Plan” that Contractor submitted with its Bid (See, below). Contractor must submit separate reports for Contractor and any subcontractor performing work on the Contract. In limited instances, Contractor may not be able to separate out the workforce utilized in the performance of the Contract from Contractor's and/or any subcontractor's total workforce. When a separation can be made, Contractor must submit the Workforce Report and indicate that the information provided related to the actual workforce utilized on the Contract. When the workforce to be utilized on the Contract cannot be separated out from Contractor's and/or a subcontractor's total workforce, Contractor must submit the Workforce Report and indicate that the information provided is Contractor's total workforce during the subject time frame, not limited to work specifically under the Contract. III. Equal Employment Opportunity Requirements: NOTE: The following requirements do not apply to (a) work, goods, or services unrelated to the Contract; or (b) employment outside New York State. Contractor must ensure that Contractor and its subcontractors undertake or continue programs to ensure that minority group members and women are afforded equal employment opportunities without discrimination because of race, creed, color, national origin, sex, age, disability or marital status. This requirement shall apply to any subcontractors to whom Contractor awards a subcontract for goods or services related to the New York DMV 110384 GULaw Privacy FR C000665 23000 Contract, valued at over $25,000 for the construction, demolition, replacement, major repair, renovation, planning or design of real property and improvements thereon (except where such subcontract is solely for the beneficial use of the Contractor).  For these purposes, “equal opportunity” must be provided in the areas of recruitment, employment, job assignment, promotion, upgrading, demotion, transfer, layoff, termination, and rates of pay, or other forms of compensation. A) MWBE Form-1, Contractor’s EEO Policy Statement: Contractor must execute and submit MWBE Form-1 (attached hereto), as its EEO policy statement, within seventy-two (72) hours after DMV issues written notice of award of the Contract to the Contractor. B) Bid Staffing Plan: Bidder must submit with its proposal a Bid Staffing Plan that identifies the anticipated work force to be utilized on the Contract by specified categories, including ethnic background, gender, and Federal occupational categories. Upon DMV’s request, Contractor must promptly submit a workforce utilization report that identifies the workforce actually utilized in the performance of the Contract. C) Non-Discrimination: Contractor agrees that it will not discriminate against any employee or applicant for employment because of race, creed (religion), color, sex, national origin, sexual orientation, military status, age, disability, predisposing genetic characteristic, marital status or domestic violence victim status, and shall also follow the requirements of the Human Rights Law with regard to non-discrimination on the basis of prior criminal conviction and prior arrest; and Contractor shall take reasonable steps to ensure that its subcontractors comport with such nondiscrimination provisions during the term of the Contract. Contractor acknowledges that it understands and shall comply with such requirements above, and these provisions shall be deemed supplementary to, and not in lieu of, the nondiscrimination provisions provided by New York State Executive Law Article 15 (the “Human Rights Law”) or other applicable federal, state or local laws. New York DMV 110385 GULaw Privacy FR C000665 23000 MWBE Form-1: MINORITY AND WOMEN-OWNED BUSINESS ENTERPRISES – EQUAL EMPLOYMENT OPPORTUNITY POLICY STATEMENT M/WBE AND EEO POLICY STATEMENT I, ___________________________, the (awardee/contractor) ____________________ agree to adopt the following policies with respect to the project being developed or services rendered at This organization will and will cause its contractors and subcontractors to take good faith actions to achieve the M/WBE contract participations goals set by the State for that area in which the State-funded project is located, by taking the following steps: M/WBE (1) Actively and affirmatively solicit bids for contracts and subcontracts from qualified State certified MBEs or WBEs, including solicitations to M/WBE contractor associations. (2) Request a list of State-certified M/WBEs from AGENCY and solicit bids from them directly. (3) Ensure that plans, specifications, request for proposals and other documents used to secure bids will be made available in sufficient time for review by prospective M/WBEs. (4) Where feasible, divide the work into smaller portions to enhanced participations by M/WBEs and encourage the formation of joint venture and other partnerships among M/WBE contractors to enhance their participation. (5) Document and maintain records of bid solicitation, including those to M/WBEs and the results thereof. Contractor will also maintain records of actions that its subcontractors have taken toward meeting M/WBE contract participation goals. (6) Ensure that progress payments to M/WBEs are made on a timely basis so that undue financial hardship is avoided, and that bonding and other credit requirements are waived or appropriate alternatives developed to encourage M/WBE participation. (a) This organization will not discriminate against any employee or applicant for employment because of race, creed, color, national origin, sex, age, disability or marital status, will undertake or continue existing programs of affirmative action to ensure that minority group members are afforded equal employment opportunities without discrimination, and shall make and document its conscientious and active efforts to employ and utilize minority group members and women in its work force on state contracts. (b)This organization shall state in all solicitation or advertisements for employees that in the performance of the State contract all qualified applicants will be afforded equal employment opportunities without discrimination because of race, creed, color, national origin, sex disability or marital status. (c) At the request of the contracting agency, this organization shall request each employment agency, labor union, or authorized representative will not discriminate on the basis of race, creed, color, national origin, sex, age, disability or marital status and that such union or representative will affirmatively cooperate in the implementation of this organization’s obligations herein. (d) Contractor shall comply with the provisions of the Human Rights Law, all other State and Federal statutory and constitutional non-discrimination provisions. Contractor and subcontractors shall not discriminate against any employee or applicant for employment because of race, creed (religion), color, sex, national origin, sexual orientation, military status, age, disability, predisposing genetic characteristic, marital status or domestic violence victim status, and shall also follow the requirements of the Human Rights Law with regard to non-discrimination on the basis of prior criminal conviction and prior arrest. (e) This organization will include the provisions of sections (a) through (d) of this agreement in every subcontract in such a manner that the requirements of the subdivisions will be binding upon each subcontractor as to work in connection with the State contract. EEO Agreed to this ______________ day of ________________________, 2___________________ By __________________________________________________________________________ Print: _________________________________ Title: ________________________________ New York DMV 110386 GULaw Privacy FR C000665 23000 _________________________________is designated as the Minority Business Enterprise Liaison (Name of Designated Liaison) responsible for administering the Minority and Women-Owned Business Enterprises- Equal Employment Opportunity (M/WBE-EEO) program. M/WBE Contract Goals ________% Minority and Women’s Business Enterprise Participation ________% Minority Business Enterprise Participation ________% Women’s Business Enterprise Participation EEO Contract Goals ________% Minority Labor Force Participation ________% Female Labor Force Participation ____________________________________________ (Authorized Representative) Title: ________________________________________ Date: ________________________________________ New York DMV 110387 GULaw Privacy FR NYS DEPARTMENT OF MOTOR VEHICLES ADDENDUM #2 TO RFP#C000665 Facial Recognition System July 21, 2008 In any case of conflict between the information in this addendum and the originally issued RFP, the information in this addendum supersedes the information in the RFP. Section 1-5 Mandatory Bidders Conference is hereby stricken and replaced with the following: 1-5 MANDATORY BIDDERS’ CONFERENCE Bidders are required to attend a Mandatory Bidders’ Conference to be held in room 3B of the Swan Street Building at the Empire State Plaza in Albany, NY on Tuesday, July 29, 2008 at 2:00 pm. Bidders who do not attend the Mandatory Bidders’ Conference will not be eligible to submit a proposal. At this conference DMV will distribute written answers to Bidders’ questions that were submitted by the July 22nd deadline. In addition, DMV may provide additional details related to system design; and key state personnel involved in the program will answer questions as appropriate. Bidders are limited to five persons per company, although potential subcontractors can be considered a separate company for the purposes of attendance. To assist NYS in ensuring sufficient space and materials are available to all participants—bidders are required to complete the bidder conference attendance form, attached, and fax this form to Maureen Younkin at (518) 486-4541 by noon, EST on Thursday, July 24, 2008. Bidders may also email the form to contracts@dmv.state.ny.us. NYS will fax or email the location, directions and parking information to bidders to the fax number or email address indicated on their form by COB the same day. Bidders are advised that only written communication issued by DMV Contract Administration is binding for the purposes of this procurement. In the event that DMV elects to provide additional information as a result of the Bidders’ Conference, this information will be mailed to all the bidders who attended the conference by Friday, August 8th, 2008. New York DMV 110388 1 of 2 GULaw Privacy FR FACIAL RECOGNITION MANDATORY BIDDERS CONFERENCE ATTENDANCE FORM POTENTIAL BIDDER: ______________________________ (COMPANY NAME) PERSON RESPONDING: PHONE NUMBER OF RESPONDER: ( FAX NUMBER FOR RESPONSE: ( ) EMAIL ADDRESS FOR RESPONSE: “FAX TO”/”EMAIL” NAME: ) ANTICIPATED CORPORATE REPRESENTATIVES: NAME TITLE NYS recognizes that staff identified above may not be those who actually attend the bidder’s conference. NYS will accept one for one substitution, so long as the company limits the number of attendees to five. NOTE: NYS will fax the directions and parking information to bidders at the fax number or email address indicated above. New York DMV 110389 2 of 2 GULaw Privacy FR NYS DEPARTMENT OF MOTOR VEHICLES ADDENDUM #2 TO RFP#C000665 Facial Recognition System July 21, 2008 In any case of conflict between the information in this addendum and the originally issued RFP, the information in this addendum supersedes the information in the RFP. Section 1-5 Mandatory Bidders Conference is hereby stricken and replaced with the following: 1-5 MANDATORY BIDDERS’ CONFERENCE Bidders are required to attend a Mandatory Bidders’ Conference to be held in room 3B of the Swan Street Building at the Empire State Plaza in Albany, NY on Tuesday, July 29, 2008 at 2:00 pm. Bidders who do not attend the Mandatory Bidders’ Conference will not be eligible to submit a proposal. At this conference DMV will distribute written answers to Bidders’ questions that were submitted by the July 22nd deadline. In addition, DMV may provide additional details related to system design; and key state personnel involved in the program will answer questions as appropriate. Bidders are limited to five persons per company, although potential subcontractors can be considered a separate company for the purposes of attendance. To assist NYS in ensuring sufficient space and materials are available to all participants—bidders are required to complete the bidder conference attendance form, attached, and fax this form to Maureen Younkin at (518) 486-4541 by noon, EST on Thursday, July 24, 2008. Bidders may also email the form to contracts@dmv.state.ny.us. NYS will fax or email the location, directions and parking information to bidders to the fax number or email address indicated on their form by COB the same day. Bidders are advised that only written communication issued by DMV Contract Administration is binding for the purposes of this procurement. In the event that DMV elects to provide additional information as a result of the Bidders’ Conference, this information will be mailed to all the bidders who attended the conference by Friday, August 8th, 2008. New York DMV 110390 1 of 2 GULaw Privacy FR FACIAL RECOGNITION MANDATORY BIDDERS CONFERENCE ATTENDANCE FORM POTENTIAL BIDDER: ______________________________ (COMPANY NAME) PERSON RESPONDING: PHONE NUMBER OF RESPONDER: ( FAX NUMBER FOR RESPONSE: ( ) EMAIL ADDRESS FOR RESPONSE: “FAX TO”/”EMAIL” NAME: ) ANTICIPATED CORPORATE REPRESENTATIVES: NAME TITLE NYS recognizes that staff identified above may not be those who actually attend the bidder’s conference. NYS will accept one for one substitution, so long as the company limits the number of attendees to five. NOTE: NYS will fax the directions and parking information to bidders at the fax number or email address indicated above. New York DMV 110391 2 of 2 GULaw Privacy FR NYS DEPARTMENT OF MOTOR VEHICLES ADDENDUM #3 TO RFP#C000665 Facial Recognition System July 29, 2008 In any case of conflict between the information in this addendum and the originally issued RFP, the information in this addendum supersedes the information in the RFP. I. Vendor Questions and DMV Responses: Question # 1. RFP Section Page Question Response 2-1 10 Section 2-1 states: We expect that the Bidders’ proposed system should compare favorably with the “false reject error rates” at a “false acceptance rate of 0.01” achieved by many of the participants in the FRVT 2006 on still facial images. These results are documented in Figures 13, 15, 17, 19, 20, 24, 25, 26, and 27 of the FRVT 2006 Large-Scale Results which can be accessed online at: The Facial Recognition System sought by NYS should be informed by the protocols used in the Facial Recognition Vendor Test 2006. Please provide further clarification. 2. 3-1 11 How many unique people are represented by the 17 million images? Will the 17 million images contain multiple images per person? 3. 3-1 11 What is the total number of images expected over the life of the program? What is the expected volume of images to be utilized for 1:N searching at the end of the 3 year contract? 4. 3-1 New York DMV 11 How many images per individual will be retained on the system? http://www.frvt.org/FRVT2006/docs/FRVT2006andICE2006LargeS caleReport.pdf If the Bidder, or a subcontractor they plan to use for this procurement, participated in the FRVT 2006, then the Bidder should note this accordingly. For purposes of this procurement, the legacy image database is comprised of only the most recent image available for each identity document holder where the identity document is current or has expired in the last two years or has been suspended or revoked. Consequently, each of the 17 million images will represent one unique person. 4 to 5 million images will be added yearly to the 17 million images in the legacy database. By the end of the 3 year contract, 1:N searches will be performed on a database of approximately 30 million images. The two most recent images will be retained for each individual. 110392 GULaw Privacy FR Question # 5. RFP Section Page Question Response 3-1 11 Section 3-1 states in part: DMV will supply the equipment and operating software as specified by the Bidder in Appendix B. DMV will be responsible for the software license of the operating system. The Bidder will be responsible for software licenses for any proprietary (facial recognition) software the Bidder installs. This system will be installed completely on site at DMV central operations and will use solely equipment (hardware and operating software meeting the specifications required by the Contractor as outlined in their proposal) provided by DMV. Please further clarify the extent and meaning of operating software that will be provided by DMV. DMV will provide the database software and appropriate software license for the database software that the Bidder specifies in Appendix B. Who is responsible to provide the database software license for the operational deployment in Albany? The State or the vendor? 6. 3-2.1 11 Is it the intent to purchase the recommended hardware and software to implement the Facial Recognition System or is it the intent of DMV to maintain and use the existing configuration of hardware and software? It is DMV’s intent to purchase the hardware and software the Bidder specifies in Appendix B of their proposal. 7. 3-2.1 11 Is it DMV’s preference to run the system on a VMware ESX hosted machine? Yes. If so, what is the Contractor to assume if considering to run its system on this host in terms of hardware and availability? New York DMV The Contractor should spec the system to run in a physical server environment. After contract award DMV will work with the Contractor to determine if the system can be hosted as part of DMV’s current VMWARE ESX environment. Determination will be based on the available VMWARE resources. 110393 GULaw Privacy FR Question # 8. RFP Section Page Question Response 3-3 12 Does this also include communications connectivity from the DMV ftp server to the Facial Recognition Central Server host(s) site? The DMV provided secure FTP server and the Contractor’s facial recognition system will be located on the same DMV internal network segment. The Contractor’s facial recognition system must be able to interact with DMV’s secure FTP server via an FTP client that supports secure connections. Will the ftp server be collocated with the Facial Recognition central server hardware? If yes, what hardware connectivity will be provided? 9. 4-1 13 What is expected of the Contractor with respect to images that do not meet the ISO/IEC 19794-5 standards? The Contractor would be expected to attempt to automatically enroll the images regardless of whether they meet ISO/IEC 19794-5 standards. If the images failed to enroll automatically they would not be counted against the Contractor with respect to the 97% enrollment rate requirement of sections 4-1.3 and 6-1.3. 10. 4-1 13 What is expected of the Contractor with respect to the 3% (max) of images that do not automatically enroll? Images that do not automatically enroll should be returned to DMV in a file wherein each image is identified by its client ID number. 11. 4-1.3 13 In order to provide the most affordable solution to fit into the schedule, could the DMV clarify the requirement for the six week schedule allocation for enrollment? Due to budgetary time constraints the legacy image database must be enrolled by February 15, 2009. It is anticipated that the Contractor will have little more than 6 weeks to accomplish this milestone once the contract has been approved. 12. 5-1 14 What is the timeframe to complete the 1:N legacy batch searching of the 17 million images? One year, meaning completed by March 15, 2010. 13. 5-1 14 In order to minimize cost, would the State want to utilize any demographic binning (filtering) techniques on the legacy 1:N batch search or should each legacy search probe be 1 vs. the entire 17 million images? No. Each legacy search should be 1 vs. the entire 17 million images. New York DMV 110394 GULaw Privacy FR Question # RFP Section Page Question Response 14. 6-1.6 15 Presenting our solution in a public document will potentially compromise its effectiveness as a security measure. Will the State allow vendors to present their approach privately to maintain the security of the solution? In the interest of security Bidders are asked not to respond to Section 6-1.6 of the RFP in writing. Instead each Bidder will be given an opportunity to privately present their solution regarding Section 61.6 to the appropriate evaluators at DMV shortly after the bid proposal closing date of August 15, 2008. 15. 8.2 & 94.2.2 19 & 24 Section 8.2 requires that the system must provide configurable reports of system activities and comparison results which enable the independent evaluation of system performance along with all activities of the system (timestamps, operators, actions). Generally, the retention period for public records is 4 years, unless specified otherwise. NY Vehicle and Traffic Law section 201 sets retention periods for specific public records. Since photo images are not public records, per section 504(3), there is no statutory retention period; such period is set administratively by DMV. Section 9-4.2.2 requires that the proposed system must log all user activity including record changes, password resets, record searches, manual accepts and/or overrides, etc What is the retention period that the DMV requires for this data? 16. 9-1 New York DMV 21 There is a non-disclosure affidavit in the RFP that we have to sign and include with the proposal, but it is not clear whether this will suffice to obtain the security policy standards in advance of submitting the proposal. So the question is, what non-disclosure agreement is the contractor required to sign to obtain these standards? CSCIC policy is public information and is available on the CSCIC website at: www.cscic.state.ny.us. A special, (separate), NonDisclosure agreement must be signed in order to receive the applicable standards. A copy of this Non-Disclosure Agreement will be made available at the Bidders’ Conference and after NonDisclosure Agreement has been executed by the Bidder they will be given a copy of the applicable standards. 110395 GULaw Privacy FR Question # RFP Section Page Question Response 17. 9-4.4 24 Will DMV review Contractor’s background clearance process and potentially agree that the Contractor’s process is sufficient? If not, what is the cost for DMV’s review so that it can be incorporated into the proposal submittal? The only costs that DMV would expect to recoup from its security review of the Contractor would be DMV’s travel expenses. If the Contractor’s premises are close enough to be driven to, these costs would only include gas and tolls. If the Contractor’s premises were not within driving distance, then DMV would expect to be reimbursed for travel and lodging costs. 18. 10-3.3 26 Will the State provide test data/images for system enhancement, development, and testing at the vendor site to aid in complying with section 10-3.3? Yes. 19. 16.21 51 Given that payment will not be made until milestones are completed, what is the purpose of a Letter of Credit? A Letter of Credit is used to ensure that the Contractor performs in compliance with the terms of the Contract. 20. Append ix C-1 76 The MEMORANDUM OF UNDERSTANDING - DRIVER'S PRIVACY PROTECTION ACT, Appendix "1" asks the Contractor to limit its use of Motor Vehicle Records to the items it initials. Would the Department agree that in order to properly and fully perform the tasks required by the RFP, the Contractor should limit its use to the second item only, that is, "Use by any government agency, including any court or law enforcement agency, in carrying out its functions, or any private person or entity acting on behalf of a Federal, State, or local agency in carrying out its functions. [18 U.S.C. Sec. 2721 (b)(1)]" ? The Contractor shall be bound by all of the provisions of the DPPA. Section 2721(b)(1) is the correct characterization of the Contractor’s permissible use for personal information required to perform tasks required by the RFP. New York DMV 110396 GULaw Privacy FR Question # 21. RFP Section Append ix E Page Question Response 96 Is the bidder required to include the cost for the system in the two optional years as part of the total cost requested in Appendix E? No. No. In the form provided there is provision for the “Total Cost for Facial Recognition System $_____”. Since it is possible that the contract may be extended beyond the 3 year contract period, do you require the Bidder to provide pricing for subsequent years at this time? II. The second bullet in section 7-1.1:  manage investigator workload and case assignments based on investigator resources, volumes, priority, etc. (please detail) is deleted in its entirety. III. Section 7-1.8: The system must facilitate collaboration during investigation of suspected fraud, by allowing users to input and share information within one investigation, and automatically link the data with other investigations involving the same individuals. Please detail how this would be accomplished. is deleted in its entirety. IV. The last 4 bullets in Section 8-2:  workload and case assignment reports that identify:  all cases, including status, date created, days outstanding, etc  all cases by investigator, including status, date created, days outstanding, etc.  case load reports including totals by status for each investigator are deleted in their entirety. New York DMV 110397 GULaw Privacy FR NYS DEPARTMENT OF MOTOR VEHICLES ADDENDUM #4 TO RFP#C000665 Facial Recognition System August 6, 2008 In any case of conflict between the information in this addendum and the originally issued RFP, the information in this addendum supersedes the information in the RFP. I. Clarification of Answers to Questions Addressed in Addendum #3 to RFP#000665 Question 3 What is the total number of images expected over the life of the program? What is the expected volume of images to be utilized for 1:N searching at the end of the 3 year contract? Answer to Question 3 4 to 5 million images will be added yearly to the 17 million images in the legacy database. By the end of the 3 year contract, 1:N searches will be performed on a database of approximately 30 million images. Question 4 How many images per individual will be retained on the system? Answer to Question 4 The two most recent images will be retained for each individual. Clarification of the answers to Questions 3 and 4 Approximately 5 million images will be added to the database annually. Approximately 1.5 million of these images will be new images for clients not currently included among the 17 million in the legacy image database. Approximately 3.5 million of these images will be {updated images} of individuals who already have an image on file in the legacy image database. When a second image is received for a client it will be compared to the previous image for that client (1:1 search) and will then be compared to the most recent image of every other client in the image database (1:N search). When a third image is received for a client it will be compared to the other two images held in the database for that client (1:1 search) and will then be compared to the most recent image of every other client in the image database (1:N search). After these comparisons are completed, the oldest of the three images on file for the client will be deleted from the system. As 1:N searches will only compare the most recent images for each client, the volume of the database for 1:N comparison purposes is projected to be as follows:     New York DMV 17 million at start-up; 18.5 million at the end of year one; 20 million at the end of year two; and 21.5 million at the end of year three. 110398 GULaw Privacy FR However, the number of images in the database, including updated images will be as follows:     17 million images at start up; At the end of year one, 15 million clients with one image on file and 3.5 million clients with two images on file, (resulting in 22 million total images on file); At the end of year two, 13 million clients with one image on file and 7 million clients with two images on file, (resulting in 27 million total images on file); and At the end of year three, 11 million clients with one image on file and 10.5 million clients with two images on file, (resulting in 32 million total images on file). Question 14 Presenting our solution in a public document will potentially compromise its effectiveness as a security measure. Will the State allow vendors to present their approach privately to maintain the security of the solution? Answer to Question 14 In the interest of security Bidders are asked not to respond to Section 6-1.6 of the RFP in writing. Instead each Bidder will be given an opportunity to privately present their solution regarding Section 6-1.6 to the appropriate evaluators at DMV shortly after the bid proposal closing date of August 15, 2008. Clarification of the Answer to Question 14 Bidders who timely submit proposals will be contacted no later than 4pm on Monday August 18 to set-up a date for presenting their solution. Presentations will be scheduled for Monday, August 25, 2008 and Tuesday, August 26, 2008. All meetings will be held at DMV’s Central Office in Albany at a location to be determined later. Question 15 Section 8.2 requires that the system must provide configurable reports of system activities and comparison results which enable the independent evaluation of system performance along with all activities of the system (timestamps, operators, actions). Section 9-4.2.2 requires that the proposed system must log all user activity including record changes, password resets, record searches, manual accepts and/or overrides, etc What is the retention period that the DMV requires for this data? Answer to Question 15 Generally, the retention period for public records is 4 years, unless specified otherwise. NY Vehicle and Traffic Law section 201 sets retention periods for specific public records. Since photo images are not public records, per section 504(3), there is no statutory retention period; such period is set administratively by DMV. Clarification of Answer to Question 15 New York DMV 110399 GULaw Privacy FR DMV requires that this data be retained for 7 years. Question 17 – Part 1 Will DMV review Contractor’s background clearance process and potentially agree that the Contractor’s process is sufficient? Answer to Question 17 – Part 1 Yes. II. Vendor Questions from the Bidders’ Conference of July 29, 2008 and DMV Responses Question 22 . Answer to Question 22 Question 23 Answer to Question 23 New York DMV 110400 GULaw Privacy FR New York DMV 110401 Privacy FR Multi-State Commercial Driver’s License (CDL) Facial Recognition Screening Project PROPOSAL Date: February 11, 2016 Submitted to: Owen McShane Director, Division of Field Investigation New York State Department of Motor Vehicles Albany Central Office - Fraud Unit 6 Empire State Plaza, Room 431 Albany, NY 12228 Submitted by: John Corson, Sales Account Executive Telephone: 518-956-0347 Email: jcorson@morphotrust.com New York DMV MorphoTrust USA, LLC 296 Concord Road, Suite 300 Billerica, Massachusetts 01821 www.morphotrust.com 110402 GULaw Privacy FR Confidential Notice Certain information in this proposal is protected from disclosure to the public because it is a proprietary trade secret or confidential commercial or financial information of MorphoTrust USA, LLC or its affiliates (individually and collectively, “MorphoTrust USA” or “MorphoTrust”). MorphoTrust has endeavored to identify each page of its proposal that contains any such proprietary or confidential information with the legends “COMPANY CONFIDENTIAL – Not for Public Disclosure” or “PROPRIETARY” (or words of similar import) somewhere on the relevant page or pages of its proposal. MorphoTrust’s proposal includes all exhibits and appendices thereto, as well as all extrinsic documents and materials that may be identified and incorporated therein by specific reference. MorphoTrust’s proprietary information typically includes, but is not limited to, information related to proprietary security features and related designs, techniques and materials, formulas, manufacturing methods, business plans, pricing and other financial information, technology and product roadmaps, and customer lists and references. Subject to applicable law, such proprietary or confidential information may not be disclosed (pursuant to freedom of information legislation or otherwise), reproduced in whole or in part, or used for any purpose other than the recipient’s evaluation of this proposal, without the prior written consent of an executive officer or the General Counsel of MorphoTrust USA, LLC. Our Mission To simplify, protect and secure the lives of the American people. COPYRIGHT AND TRADEMARKS Copyright © 2015 MorphoTrust USA, LLC All rights reserved. The trademarks identified herein are the trademarks or registered trademarks of MorphoTrust USA, LLC, its parent and affiliated companies, or other third party. New York DMV 110403 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project Contents Executive Summary ...................................................................................................... 1 Project Requirements/Objectives ................................................................................ 2 Description of Goods/Services .................................................................................... 3 Solution Architecture ..................................................................................................................... 4 Scope of Work ................................................................................................................................. 6 Hardware and Software ................................................................................................................ 7 Work Breakdown ........................................................................................................... 9 Program Planning and Management ........................................................................................... 9 Requirements and System Design................................................................................................ 9 Bill of Materials Development and Materials ........................................................................... 10 Development ................................................................................................................................. 10 QA Testing ..................................................................................................................................... 11 Integration ..................................................................................................................................... 11 UAT Testing .................................................................................................................................. 12 Documentation, Training, and Deployment ............................................................................. 12 Field Service and Tier 3 Support Transition ............................................................................. 13 Ongoing Project Work ................................................................................................................. 13 Project Close Out .......................................................................................................................... 13 Timeline........................................................................................................................ 14 Project Deliverables .................................................................................................... 15 New York DMV Table of Contents i 110404 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project Customer provided Hardware and Software ............................................................. 16 Project Payment Milestones ....................................................................................... 17 Project Assumptions .................................................................................................. 20 Change Management Process ................................................................................... 23 Appendix I – Maryland Participation Proposal ........................................................... 1 Project Deliverables ........................................................................................................................ 2 Customer provided Hardware and Software ............................................................................. 3 Project Payment Milestones .......................................................................................................... 3 Project Assumptions ...................................................................................................................... 5 Appendix II – Glossary.................................................................................................. 1 Table of Contents New York DMV 110405 ii GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project Executive Summary Over the last decade facial recognition (FR) screening within state jurisdictional boundaries has been solidly established as an effective fraud preventing tool. Most states’ Motor Vehicle Agencies (MVA) utilize some form of FR to protect their citizens’ identities and the overall integrity of their image databases. Many tie the issuance of their driver’s license or identification card credentials to the results of the outcome of the technology. Within individual jurisdictions results have been spectacular. Tens of thousands of stolen identities have been discovered for follow-on law enforcement investigation solely through the use of FR screening. Each jurisdiction can point to several high profile cases resulting in criminal convictions. MorphoTrust USA, LLC (MorphoTrust) is a leading provider of FR screening solutions to federal and state government agencies, including more than 30 MVAs, continually leading the way to fight fraud, identity theft, and terrorism. In fact our FR systems search billions of images every day. We seek to partner with select MVAs to expand their current systems to include a multi-state screening capability. This proposed Multi-State Commercial Driver’s License (CDL) Facial Recognition Screening Project will advance the reach of the technology for New York Department of Motor Vehicles (NY), Connecticut Department of Motor Vehicles (CT), and New Jersey Department of Motor Vehicles (NJ) to allow for the prevention and identification of identity fraud across MVA jurisdictional boundaries. Up until now there have been limited ways for jurisdictional law enforcement to identify fraudsters obtaining illegal credentials in neighboring states. This project will establish a network and additional investigation capabilities for independent FR systems and users to allow for batch and ad hoc FR searching of other networked jurisdictional FR system(s). Executive Summary New York DMV 110406 COMPANY CONFIDENTIAL – Not for Public Disclosure 1 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project Project Requirements/Objectives The objectives/goals of the proposed Multi-State CDL Facial Recognition Screening Project are to: 1. Prevent the issuance of CDL privileges and credentials for NY, CT, and NJ when possible fraud is detected and minimize the potential for commercial drivers whose driving privileges have been suspended or revoked in one state to illegally obtain a valid CDL in one of the other states in the jurisdiction 2. Reduce the number and severity of commercial motor vehicle crashes by implementing a “point forward” multi-state, cross-jurisdictional image verification program for NY, CT, and NJ 3. Allow for additional jurisdictions to seamlessly join the network and, based on approval from partner jurisdictions, begin searching across jurisdictional boundaries To achieve these goals/objectives, the proposed Multi-State CDL Facial Recognition Screening Project will employ a point-to-point network that enables each MVA jurisdiction involved in the project to establish business rules and exception conditions specific to each MVA with whom they choose to connect. CDL photos from new and renewed applications will be sent to any partner MVA and searched within that MVA’s FR system, with the CDL photos from the requesting state being run against the receiving state’s entire photo database, including CDL and non-CDL (if applicable). If a high probability match is found, the photos and demographics will be sent to the originating MVA for review and adjudication. As part of this process, business rules, record status, and pending actions will be used to filter matches that occur as part of normal operations. These conditions will vary among agencies based on jurisdiction statutes but will require the same manual effort to resolve. When a fraud case is identified, investigators will require support to share and collaborate with their counterparts in the other MVA. This support may be in the form of interactive tools, secure documentation, and/or data access and sharing. Project Requirements/Objectives New York DMV 110407 COMPANY CONFIDENTIAL – Not for Public Disclosure 2 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project Description of Goods/Services MorphoTrust will support the Multi-State CDL Facial Recognition Screening Project with enhancements to existing agency FR solutions and technology to facilitate communication between agencies and professional services. These services will help the project partners analyze needs, capture requirements, manage technology delivery, and manage an enhancements roadmap. This section defines the goods and services from three perspectives: 1. Solution Architecture describes the solution, enhancements and new components using a high level diagram of the multi-agency configuration. 2. Scope of Work describes the efforts and activities required to deliver the solution. 3. Hardware and Software summarizes platforms and new server requirements. Description of Goods/Services New York DMV 110408 COMPANY CONFIDENTIAL – Not for Public Disclosure 3 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project Solution Architecture Figure 1 summarizes the overall solution for the Multi-State CDL Facial Recognition Screening Project. Description of Goods/Services New York DMV 110409 COMPANY CONFIDENTIAL – Not for Public Disclosure 4 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project The Multi-State CDL Facial Recognition Screening Project solution will include an enhanced feature set for The BI enhancements and additions will provide:      Description of Goods/Services New York DMV 110410 COMPANY CONFIDENTIAL – Not for Public Disclosure 5 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project The priority and timing will be based on cost-benefit analysis of the pilot results and product priorities. Scope of Work Several activities are required to define and implement the solution changes that enable the Multi-State CDL Facial Recognition Screening Project. These include:  Definition of the collaborative multi-state investigation process with lead investigators from each agency  Update of the investigation tools in conjunction with the agency IT application teams   Ramp-up of the project operations within each agency in conjunction with investigation team leadership and lead investigators Assumptions • Description of Goods/Services New York DMV 110411 COMPANY CONFIDENTIAL – Not for Public Disclosure 6 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project o Hardware and Software Biometric Identification Software changes that relate to daily operations will be kept to an absolute minimum. However, linkage to idFabric and support for cases with multi-agency content will involve new features and functions. Biometric Identification Changes • Description of Goods/Services New York DMV 110412 COMPANY CONFIDENTIAL – Not for Public Disclosure 7 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project Description of Goods/Services New York DMV 110413 COMPANY CONFIDENTIAL – Not for Public Disclosure 8 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project Work Breakdown Program Planning and Management MorphoTrust will provide project management (PM) leadership to plan and guide the project throughout the contract to ensure customer deliverables are met and provided as required. MorphoTrust PM will be the focal point for project delivery with responsibilities including project kick-off meeting coordination, detailed project schedule creation and maintenance, project reviews, status updates, coordination of activities, and problem resolution. MorphoTrust PM planning will be coordinated with the lead state but will include coordination and communication with all participating jurisdictions. Requirements and System Design MorphoTrust will validate requirements with the participating jurisdictions and create a product requirements document (PRD). The PRD will be approved by all participating agencies and show the overall requirements for the communications among agencies, biometric screening operations, and the investigation and case management tools. The use cases with the appropriate actions, conditions, and work flow will be included. The PRD will also delineate the release date for inclusion in version 1.0 or subsequent product versions. Once the requirements have been approved MorphoTrust will create the design documentation. A product functional specification (FS) and network architecture diagram/platform specification (PS) to detail the delivered product solution for the Multi-State CDL Facial Recognition Screening Project will be created. The overall solution provided will be the same for all MVAs and will be based on the agreements to requirements for version 1.0. MorphoTrust will also work with all jurisdictions to document individual jurisdictional configurations in a Work Breakdown New York DMV 110414 COMPANY CONFIDENTIAL – Not for Public Disclosure 9 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project configuration guide (CG). The CG will document business rules such as searchable jurisdictions, time to search, batch vs. ad hoc, etc. MorphoTrust will also work with the individual jurisdictions to create interface control documents to document the methodology of communication among individual jurisdictions. The establishment of a secure network by allowing individual and batch transactions will be documented. Bill of Materials Development and Materials MorphoTrust will create a bill of materials (BOM) for jurisdictional purchase of the required production, User Acceptance Testing (UAT) system hardware, and third party software in accordance with the PS. MorphoTrust will purchase and stage any of the servers for development and quality assurance (QA) that is performed at MorphoTrust facilities. Development The MorphoTrust development team will work with approved specifications to develop a single product that can be configured for individual jurisdiction use. The three main components of the development will focus on the following areas: a) Interstate Communications Manager MorphoTrust will provide professional services to assist the individual jurisdictions to establish interstate communications among the partner agencies to setup a secure communications channel for the transfer of photos and limited demographics data among the agencies. As part of our idFabric product, MorphoTrust’s multi-state communications manager will be used for this purpose. Individual states will provide the communication channels, security, and bandwidth. MorphoTrust will lead the setup based on the approved interface control document and work with the participating agencies to test the communication. b) Biometric services MorphoTrust will provide professional services and software to allow for scheduled batch searching and ad-hoc investigative searching through the individual jurisdiction Work Breakdown New York DMV 110415 COMPANY CONFIDENTIAL – Not for Public Disclosure 10 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project Automated Biometric Identification System (ABIS) or equivalent one-to-many FR system. The PS and CG will be used for this effort. c) Investigation and case management tools The MorphoTrust biometrics team will provide a software add-on to the existing BI product along with database modification scripts that will be accommodated by the MorphoTrust investigation solution, case management solution, and user interface in accordance with the requirements of the statement of work (SOW), FS, and CG. QA Testing MorphoTrust will create an internal product testing plan and conduct a QA review of the solution prior to delivery to ensure the solution is in accordance with the FS. QA will also review and approve the individual jurisdictional setup based on each agency’s CG. The MorphoTrust communications manager will provide the required scripting, installers, and release processing to allow QA testing to occur. Integration MorphoTrust integration engineers (IEs) will work with the individual jurisdictions to install and configure the QA approved solution in both UAT and production. IEs will also work with MorphoTrust QA and the customer to create a general UAT plan that could then be modified by individual jurisdictions to accommodate any local business rules/configurations. The IE effort will be focused in three areas that will integrate the solution into the individual customer environments for preparation for UAT. Once UAT is complete, IEs will install the approved solution in the customer’s production environment. a) Interstate communications The MorphoTrust IEs will install and configure the idFabric and interstate communications manager at each participating jurisdiction. MorphoTrust IEs will also provide professional services to assist the individual jurisdictions in establishing interstate communications among the partner agencies and in setting up a secure Work Breakdown New York DMV 110416 COMPANY CONFIDENTIAL – Not for Public Disclosure 11 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project communications channel for transfer of photos and limited demographics data among the agencies. b) Biometric services MorphoTrust will provide professional services to install the ABIS biometric searching and business rules and software to allow for scheduled batch searching and ad-hoc investigative searching through the individual jurisdiction ABIS or an equivalent one-tomany FR system. c) Investigation and case management tools The MorphoTrust IEs will install the software add-on to the existing BI product along with database modification scripts to allow for the use of the MorphoTrust investigation and case management solution and user interface. UAT Testing MorphoTrust will provide support and guidance to each customer as the system is brought through the UAT process. The states will notify MorphoTrust when UAT is complete and is ready for integration into the production environment. It is envisioned that the lead state and one other jurisdiction will be the initial UAT/project with subsequent UATs for the remaining partner agencies. Documentation, Training, and Deployment a) Documentation and training MorphoTrust will provide both end user and IT training at each jurisdiction. Two sessions, each lasting approximately four hours in duration, will be provided for investigative end users. One additional training session will be provided for IT. One hard copy of end user documentation will be provided for each customer, in addition to the rights to reproduce for jurisdictional use. Work Breakdown New York DMV 110417 COMPANY CONFIDENTIAL – Not for Public Disclosure 12 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project b) Deployment Upon successful completion of the Multi-State CDL Facial Recognition Screening Project UAT phase, MorphoTrust and the customer will mutually agree on a schedule for the deployment of the system. It is envisioned that the lead state and one other jurisdiction will be the initial project with subsequent project/go-live for the remaining partner agencies. Field Service and Tier 3 Support Transition Once the system is accepted and end users trained, the project and support of the Multi-State CDL Facial Recognition Screening system will be transitioned to the MorphoTrust field service and Tier 3 software support team. This includes bug fixes and patches required to keep the system operational. MorphoTrust will provide product releases once per year to all customers as long as maintenance and support is continued with MorphoTrust. Ongoing Project Work Once the project has been deployed, it will run for one year, with quarterly evaluation and assessment. This will enable the partner MVAs to evaluate the project on an on-going basis and provide for refinement and enhancement of the technology and procedures, as necessary. It is anticipated that additional MVAs will join the program during that time, resulting in a robust, replicable Multi-State CDL Facial Recognition Screening Program that will help meet the goal to reduce the number and severity of commercial motor vehicle crashes. Project Close Out The project will close out at the end of the specified contract period. Work Breakdown New York DMV 110418 COMPANY CONFIDENTIAL – Not for Public Disclosure 13 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project Timeline Timeline New York DMV 110419 COMPANY CONFIDENTIAL – Not for Public Disclosure 14 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project Project Deliverables The following project deliverables will be provided: Project Deliverables New York DMV 110420 COMPANY CONFIDENTIAL – Not for Public Disclosure 15 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project Customer provided Hardware and Software The following hardware and software will be provided by each MVA: Project Payment Milestones New York DMV 110421 COMPANY CONFIDENTIAL – Not for Public Disclosure 16 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project Project Payment Milestones MorphoTrust will invoice the states the amounts listed below upon completion of the respective milestone deliverables: Payment 1: $50,000 per jurisdiction (NY, CT, and NJ – total is $150,000) upon completion of requirements and product design  Deliverables: o Project management plan ( 1 for the program) o Project schedule (1 for the program) o Functional specification (1 for the product) o Network architecture/platform specification (1 for the product) Payment 2: $100,000 per jurisdiction (NY, CT, and NJ – total is $300,000) upon completion of specifications  Deliverables: o Interface control document (1 for each jurisdiction) o Jurisdiction-specific configuration guide (1 for each jurisdiction) Project Payment Milestones New York DMV 110422 COMPANY CONFIDENTIAL – Not for Public Disclosure 17 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project Payment 3: $350,000 per jurisdiction (NY, CT, and NJ – total is $1,050,000) upon completion of UAT testing  Deliverables: o Interstate CDL screening communications manager license (1 for each jurisdiction) o Interstate facial recognition screening and investigations license (1 for each jurisdiction) Payment 4: $200,000 per jurisdiction (NY, CT, and NJ – total is $600,000) upon completion of documentation, training, and deployment  Deliverables: o On-site training (1 for each jurisdiction) o End user documentation (1 for each jurisdiction) o 1st year interstate CDL screening communications manager maintenance (1 for each jurisdiction) o 1st year interstate facial recognition investigations annual maintenance (1 for each jurisdiction) NY total payment - $700,000 CT total payment - $700,000 NJ total payment - $700,000 Total for 3 agency deployment - $2,100,000 Options: • • idFabric interstate CDL screening communications manager server hardware $14,000/jurisdiction Annual maintenance after 1st year - $68,000 per jurisdiction Project Payment Milestones New York DMV 110423 COMPANY CONFIDENTIAL – Not for Public Disclosure 18 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project Terms: When accepted by NY, this proposal shall be deemed an amendment to contract number C00820 between the NY Department of Motor Vehicles and MorphoTrust. All deliverables offered in this quotation shall be subject to the terms and conditions set forth in contract C00820, except as amended by this proposal or the resulting purchase order that will incorporate the terms that have been outlined herein. All shipping terms shall be FOB destination. Project Payment Milestones New York DMV 110424 COMPANY CONFIDENTIAL – Not for Public Disclosure 19 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project Project Assumptions 1. Interstate memorandums of understanding (MOUs) are defined and handled solely by the MVA jurisdictions. 2. If necessary, NY DMV will enter into a MOU with the States of Connecticut, New Jersey, and Maryland to jointly work and complete this project. 3. Any changes to the hardware, software, services, or assumptions will alter the final price. 4. Additional MVA jurisdictions or additional databases within existing partner MVA systems will be handled outside the scope of this agreement. 7. Participating MVAs will procure, configure, install, and maintain any end user systems to view, utilize, and administer the Multi-State CDL Facial Recognition system. 8. Participating MVAs will provide server hardware, operating system and database software as required. 9. Participating MVAs will procure, configure, install, and maintain any server infrastructure (KVM, UPS, KMM, etc.), networking or communication equipment, and data service used in conjunction with this project. Project Assumptions New York DMV 110425 COMPANY CONFIDENTIAL – Not for Public Disclosure 20 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project 10. Participating MVAs will provide adequate system bandwidth among the necessary components to allow for reliable, unencumbered end user usage. 11. Participating MVAs will assign a lead state to act in their behalf and process payments to MorphoTrust for agreed upon services and licensing. 12. Participating MVAs will appoint a project manager who will be the primary point of contact for the state responsible for scheduling and for resolving issues and questions for MorphoTrust in a timely fashion. 13. Participating MVAs will review and approve all submitted documentation in timely fashion. 14. Participating MVAs will provide technical and business support in a timely manner. 15. Participating MVAs will facilitate timely payments to MorphoTrust. 16. Anti-virus installation and updates on all PCs/servers would be the responsibility of participating MVAs unless MorphoTrust is already responsible for these services in the existing BI/ABIS system maintenance contract. Antivirus configuration will need to be vetted by MorphoTrust to ensure that whatever system is chosen does not preclude or interfere with the normal operation of any software systems. 19. Any additional hardware or third party software not included in this document but required for the installation will be the responsibility of participating MVAs. 20. Any requirement for high availability (HA) or disaster recovery (DR) is beyond the scope of this project. 21. UAT would be performed on separate UAT hardware/virtual machine (VM) that could be utilized after production rollout for subsequent patch and new version release testing by the MVA. Project Assumptions New York DMV 110426 COMPANY CONFIDENTIAL – Not for Public Disclosure 21 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project 22. The license/maintenance fees established in the individual jurisdictions for the base BI/ABIS system remain in effect and are unchanged by this agreement. No additional image or concurrent use licensing for end user applications is included with this agreement. 24. The CDL screening project match results will not be used for the gating of daily driver’s license card issuance. 25. If required, MorphoTrust will enter into Contract Amendments of the existing Contracts in place with the States of Connecticut, New Jersey, and Maryland. Project Assumptions New York DMV 110427 COMPANY CONFIDENTIAL – Not for Public Disclosure 22 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project Change Management Process The MorphoTrust change management process provides the coordination of changes to ensure the balance between stability requirements of the program infrastructure and flexibility requirements to meet changing business and users requests. The process recognizes external customer and contractual obligations that may exist and their needs and impact on this process. The change control process is a collaborative effort of the MorphoTrust and the MVA agencies. The change management process should be used to proactively understand, document, and control changes so the project is not overwhelmed, continues to move toward a successful and on-schedule implementation, and provides continuous operations throughout the contract term. This helps us keep change control to a minimum once the requirements and system design phase is completed. Fewer changes to the project reduces risks and permits the agreed-upon schedule to be met, allowing successful deployment of the new system to meet or exceed MVA expectations. Figure 2 outlines a proposed change control process that supports a clear understanding of risk and project impact, as well as smooth documentation update and deployment of changes into the solution. Change Management Process New York DMV 110428 COMPANY CONFIDENTIAL – Not for Public Disclosure 23 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project Figure 2: Change Control Process This process defines clear impact to existing project work and drives smooth deployment of approved changes. Once agreement has been reached regarding the product specifications and agency configurations, we will look for approval from authorized agency staff before migrating any changes from the test environment into the production environment or otherwise modifying or deviating from data provisions and requirements as approved. We will implement our change management process to ensure that standard methods/procedures are used for efficient and prompt handling of all program changes. This will minimize the impact of change-related incidents and improve the delivery of our services. The process helps to: • Control (and track) changes • Provide approval and visibility to all stakeholders • Monitor and manage change consistently and effectively Change Management Process New York DMV 110429 COMPANY CONFIDENTIAL – Not for Public Disclosure 24 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project Appendix I – Maryland Participation Proposal The Maryland MVA and New York DMV have requested input on supporting the merger of the MD MVA FMCSA grant with the Northeast Multi-State CDL Facial Recognition Project. The stated objective was to support MVA participation as a peer with NY, NJ and CT with the solution located within the NY DMV. An estimate of increased costs required to support this merger and expansion was also requested. Appendix I – Maryland Participation Proposal New York DMV 110430 COMPANY CONFIDENTIAL – Not for Public Disclosure 1 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project Appendix I – Maryland Participation Proposal New York DMV 110431 COMPANY CONFIDENTIAL – Not for Public Disclosure 2 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project Project Payment Milestones MorphoTrust will invoice NY the amounts listed below upon completion of the respective milestone deliverables: Payment 1: $300,000 upon completion of UAT testing  Deliverables: o BI system licensed for 400,000 MD CDL images for a 3 year term o Interstate CDL screening communications manager license o Interstate FR screening and investigations license Payment 2: $125,000 upon completion of documentation, training, and deployment  Deliverables: o On-site training o End user documentation o 1st year interstate CDL screening communications manager maintenance o 1st year interstate FR investigations annual maintenance Appendix I – Maryland Participation Proposal New York DMV 110432 COMPANY CONFIDENTIAL – Not for Public Disclosure 3 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project Total for MD deployment - $425,000 Options:  Annual maintenance after 1st year - $60,000 Appendix I – Maryland Participation Proposal New York DMV 110433 COMPANY CONFIDENTIAL – Not for Public Disclosure 4 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project Project Assumptions 1. Interstate memorandums of understanding (MOUs) are defined and handled solely by the MVA jurisdictions. 2. Any changes to the hardware, software, services, or assumptions will alter the final price. 3. It is assumed that MD will provide a historical data extract from their system of record in a mutually agreeable format. 4. It is assumed that MD will provide technical support for interface development and testing. 5. Additional MVA jurisdictions or additional databases within existing partner MVA systems will be handled outside the scope of this agreement. 6. 7. 8. 9. 10. 11. 12. Participating MVAs will assign a lead state to act in their behalf and process payments to MorphoTrust for agreed upon services and licensing. Appendix I – Maryland Participation Proposal New York DMV 110434 COMPANY CONFIDENTIAL – Not for Public Disclosure 5 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project 13. Participating MVAs will appoint a project manager who will be the primary point of contact for the state responsible for scheduling as well as resolving issues and questions for MorphoTrust in a timely fashion. 14. Participating MVAs will review and approve all submitted documentation in timely fashion. 15. Participating MVAs will provide technical and business support in a timely manner. 16. Participating MVAs will facilitate timely payments to MorphoTrust. 17. 18. 19. 20. 21. 22. 23. 24. Appendix I – Maryland Participation Proposal New York DMV 110435 COMPANY CONFIDENTIAL – Not for Public Disclosure 6 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project Appendix II – Glossary This appendix contains a glossary of terms and acronyms used throughout this document. Term Acronym Definition Active Directory AD A directory service that Microsoft developed for Windows domain networks and included in most Windows Server operating systems as a set of processes and services. Automated Biometric Identification System ABIS A software platform for building multibiometric identity management solutions, with business process management, identity record keeping, verification, deduplication, and identification functionality. The platform provides configurable solutions to process, store, create, search, and compare biometric identity records using face, iris and fingerprint, including tenprint, palm and latent, biometric modes, individually and in combination — with the ability to easily add new modalities in the future. Bill of materials BOM A list of the raw materials, sub-assemblies, intermediate assemblies, sub-components, parts and the quantities of each needed to manufacture an end product. Biometric Identification BI A web-based, case management solution for screening daily issuance of secure identities and investigating potential matches. It creates and stores biometric information that matches biometric templates for face and finger. Commercial Driver’s License CDL A driver's license required in the United States to operate any type of vehicle weighing 26,001 pounds, or 10,001 pounds with any type of trailer towed. Appendix II – Glossary New York DMV 110436 COMPANY CONFIDENTIAL – Not for Public Disclosure 1 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project Term Acronym Definition Commercial Driver’s License Information System CDLIS A nationwide computer system that enables state driver licensing agencies to ensure that each commercial driver has only one driver’s license and one complete driver record. State driver licensing agencies use CDLIS to complete various procedures, including:  Transmitting out-of-state convictions and withdrawals  Transferring the driver record when a commercial driver's license holder moves to another state  Responding to requests for driver status and history Commercial off-the-shelf COTS Software and services that are built and delivered usually from a third party vendor. Configuration guide CG A document that contains configuration instructions Disaster recovery DR Involves a set of policies and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster. Facial recognition FR A type of biometric software application that can identify a specific individual in a digital image by analyzing and comparing patterns. Functional specification FS A formal document used to describe in detail for software developers a product's intended capabilities, appearance, and interactions with users. High availability HA A system or component that is continuously operational for a desirably long length of time. Information technology IT The study or use of systems (especially computers and telecommunications) for storing, retrieving, and sending information. Integration engineers IE Engineers who bringing together the component subsystems into one system and ensuring that the subsystems function together as a system. LexisNexis A corporation providing computer-assisted legal research as well as business research and risk management services Appendix II – Glossary New York DMV 110437 COMPANY CONFIDENTIAL – Not for Public Disclosure 2 GULaw Privacy FR Multi-State Facial Recognition CDL Screening Project Term Acronym Definition Memorandum of understanding MOU A formal agreement between two or more parties. Companies and organizations can use MOUs to establish official partnerships. MOUs are not legally binding but they carry a degree of seriousness and mutual respect, stronger than a gentlemen's agreement. MorphoTrust® idFabric idFabric Manages identification batch requests between agencies and consolidation of match results. Motor Vehicle Agencies MVA A state-level government agency that administers vehicle registration and driver licensing. Personally identifiable information PII Information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context Platform specification PS A document detailing the delivered product solution Product requirements document PRD A document that contains all the requirements to a certain product and is written to allow people to understand what a product should do. Project management PM Leadership member(s) who will plan and guide the project through the contract to ensure customer deliverables are met and provided as required. Quality assurance QA The maintenance of a desired level of quality in a service or product, especially by means of attention to every stage of the process of delivery or production. Statement of work SOW A document, routinely employed in the field of project management, which defines project-specific activities, deliverables and their respective timelines, all of which form a contractual obligation upon the vendor, in providing services to the client. System of record SOR An information storage system that is the authoritative data source for a given data element or piece of information. User Acceptance Testing UAT A phase of software development in which the software is tested in the "real world" by the intended audience or a business representative. Virtual machine VM An operating system OS or application environment that is installed on software which imitates dedicated hardware. Appendix II – Glossary New York DMV 110438 COMPANY CONFIDENTIAL – Not for Public Disclosure 3 GULaw Privacy FR