Learning Management System

HUMAN RESOURCES DEPARTMENT REQUEST FOR PROPOSAL LEARNING MANAGEMENT SYSTEM SPECIFICATION NO. HR22-0274F Form No. SPEC-040C Revised: 07/11/2022 City of Tacoma Human Resources REQUEST FOR PROPOSALS HR22-0274F Learning Management System Submittal Deadline: 11:00 a.m., Pacific Time, Tuesday, October 18th, 2022 Submittals must be received by the City’s Procurement and Payables Division prior to 11:00 a.m. Pacific Time. For electronic submittals, the City of Tacoma will designate the time of receipt recorded by our email, bids@cityoftacoma.org, as the official time of receipt. This clock will be used as the official time of receipt of all parts of electronic bid submittals. Submittal Delivery: Sealed submittals will be received as follows: By Email: bids@cityoftacoma.org Maximum file size: 35 MB. Multiple emails may be sent for each submittal. In Person: If possible, please

include a flash drive of your full submittal. City of Tacoma Procurement & Payables Division Tacoma Public Utilities Administration Building North Guard House (east side of main building) 3628 S 35th Street Tacoma, WA 98409 Bid Opening: Held virtually each Tuesday at 11AM. Attend via this link or call 1 (253) 215 8782. Submittals in response to a RFP will be recorded as received. As soon as possible, after 1:00 PM, on the day of submittal deadline, preliminary results will be posted to www.TacomaPurchasing.org. Solicitation Documents: An electronic copy of the complete solicitation documents may be viewed and obtained by accessing the City of Tacoma Purchasing website at www.TacomaPurchasing.org. • Register for the Bid Holders List to receive notices of addenda, questions and answers and related updates. • Click here to see a list of vendors registered for this solicitation. Pre-Proposal Meeting: A pre-proposal meeting will be held at via Zoom on September 26, 2022 @ 8AM PDT. https://us02web.zoom.us/j/82514071463?pwd=dHhlekpTQW1BYXh4ZUlyc0R2K2JBdz09 Meeting ID: 825 1407 1463 Passcode: 804277 One tap mobile +12532158782,,82514071463#,,,,*804277# US (Tacoma) +16694449171,,82514071463#,,,,*804277# US Project Scope: The City of Tacoma currently utilizes 5+ training systems across the organization. This has resulted in complicated compliancy efforts and tracking, increased administrative effort, and limited access to training data for employees and the organization. The intent of the project is to provide one unified LMS for use by all City of Tacoma departments that will allow for increased efficiency, improvements in data & compliancy, improved accessibility, and increased capacity to provide training across the organization. Estimate: $125,000 mailto:bids@cityoftacoma.org mailto:bids@cityoftacoma.org https://us02web.zoom.us/j/83250498294 https://www.cityoftacoma.org/cms/One.aspx?portalId=169&pageId=22848 http://www.tacomapurchasing.org/ http://www.ci.tacoma.wa.us/45bidsapps/PlanholderRegister.aspx http://www.ci.tacoma.wa.us/45bidsapps/PlanholderList.aspx https://us02web.zoom.us/j/82514071463?pwd=dHhlekpTQW1BYXh4ZUlyc0R2K2JBdz09 Form No. SPEC-040C Revised: 07/11/2022 Paid Sick Leave: The City of Tacoma requires all employers to provide paid sick leave as set forth in Title 18 of the Tacoma Municipal Code. For more information, visit our Minimum Employment Standards Paid Sick Leave webpage. Americans with Disabilities Act (ADA Information: The City of Tacoma, in accordance with Section 504 of the Rehabilitation Act (Section 504) and the Americans with Disabilities Act (ADA), commits to nondiscrimination on the basis of disability, in all of its programs and activities. Specification materials can be made available in an alternate format by emailing Gail Himes at ghimes@cityoftacoma.org, or by calling her collect at 253-591-5785. Title VI Information: “The City of Tacoma” in accordance with provisions of Title VI of the Civil Rights Act of 1964, (78 Stat. 252, 42 U.S.C. sections 2000d to 2000d-4) and the Regulations, hereby notifies all bidders that it will affirmatively ensure that in any contract entered into pursuant to this advertisement, disadvantaged business enterprises will be afforded full and fair opportunity to submit bids in response to this invitation and will not be discriminated against on the grounds of race, color, national origin in consideration of award. Additional Information: Requests for information regarding the specifications may be obtained by contacting Erica Pierce, Senior Buyer by email to epierce@cityoftacoma.org Protest Policy: City of Tacoma protest policy, located at www.tacomapurchasing.org, specifies procedures for protests submitted prior to and after submittal deadline. Meeting sites are accessible to persons with disabilities. Reasonable accommodations for persons with disabilities can be arranged with 48 hours advance notice by calling 253-502-8468. https://www.cityoftacoma.org/cms/one.aspx?pageId=75860 https://www.cityoftacoma.org/cms/one.aspx?pageId=75860 mailto:ghimes@cityoftacoma.org http://cms.cityoftacoma.org/Purchasing/CandA/ProtestPolicy052711.pdf http://www.tacomapurchasing.org/ Request for Proposal Template Revised: 02/15/2022 Specification No. HR22-0274F Page 4 Table of Contents SUBMITTAL CHECK LIST ......................................................................................................... 5 1. BACKGROUND ..................................................................................................................... 6 2. STANDARD TERMS AND CONDITIONS .............................................................................. 6 3. MINIMUM REQUIREMENTS ................................................................................................. 6 4. SUMMARY OF SCOPE OF SERVICES AND DELIVERABLES ............................................. 6 5. ANTICIPATED CONTRACT TERM ........................................................................................ 9 6. CALENDAR OF EVENTS ...................................................................................................... 9 7. PRE-PROPOSAL MEETING .................................................................................................10 8. INQUIRIES ...........................................................................................................................10 9. DISCLAIMER ........................................................................................................................10 10. EVALUATION CRITERIA ....................................................................................................11 11. RESPONSIVENESS ...........................................................................................................11 12. CONTENT TO BE SUBMITTED – This section represents 100% of the possible scoring criteria. ......................................................................................................................................11 13. CITY’S RESERVED RIGHTS ..............................................................................................13 14. INTERVIEWS / ORAL PRESENTATIONS ..........................................................................13 15. CONTRACT OBLIGATION .................................................................................................13 16. FORM OF CONTRACT .......................................................................................................14 17. INSURANCE REQUIREMENTS .........................................................................................14 18. PAID LEAVE .......................................................................................................................14 19. PARTNERSHIPS ................................................................................................................14 20. COMMITMENT OF FIRM KEY PERSONNEL .....................................................................14 21. AWARD ..............................................................................................................................14 22. ENVIRONMENTALLY PREFERABLE PROCUREMENT ....................................................15 23. EQUITY IN CONTRACTING ...............................................................................................15 24. PROPRIETARY OR CONFIDENTIAL INFORMATION ........................................................15 25. ADDENDUMS .....................................................................................................................16 APPENDIX A – REQUIRED FORMS ........................................................................................17 APPENDIX B – INSURANCE REQUIREMENTS.......................................................................45 Request for Proposal Template Revised: 02/15/2022 Specification No. HR22-0274F Page 5 SUBMITTAL CHECK LIST This checklist identifies items to be included with your submittal. Any submittal received without these required items may be deemed non-responsive and not be considered for award. Submittals must be received by the City of Tacoma Purchasing Division by the date and time specified in the Request for Proposal page. The following items make up your submittal package: One electronic copy emailed to bids@cityoftacoma.org of your complete submittal package, a maximum of 25 single sided pages to include the following items: 1) Signature Page (Appendix A) 2) Vendor Submittal with Pricing Proposal (Appendix A – Attachment A) 3) Project Management Plan/Schedule (Please reference timeframe noted in Section 4.4) 4) Change Management Plan (please separate out pricing as an Optional item in Attachment A) 5) One page background describing experience of the project team (in lieu of resumes – Section 12.4) 6) SaaS Vendor Cybersecurity Risk Questionnaire (Appendix A – Attachment B) *Required but not included within the maximum number of pages. After award, the following documents will be executed and provided: Contract Certificate of Insurance and related endorsements Request for Proposal Template Revised: 02/15/2022 Specification No. HR22-0274F Page 6 1. BACKGROUND The City of Tacoma is a local government agency serving a population of 219,000, according to the 2020 United States Census. The City is the fifth largest employer in Tacoma, with an employee count of over 3,800 in 19 departments. Departments serve internal and external customers with services ranging from public safety to public utilities and other infrastructure. The City of Tacoma currently utilizes 5+ training systems across the organization. This has resulted in complicated compliancy efforts and tracking, increased administrative effort, and limited access to training data for employees and the organization. The intent of the project is to provide one unified LMS for use by all City of Tacoma departments that will allow for increased efficiency, improvements in data & compliancy, improved accessibility, and increased capacity to provide training across the organization. To learn more about the City of Tacoma, visit www.cityoftacoma.org. The City anticipates awarding one (1) contract. Submittals submitted and/or the selected Consultant(s) may be used for projects of similar type and scope at the sole discretion of the City for up to one year. 2. STANDARD TERMS AND CONDITIONS City of Tacoma Standard Terms and Conditions apply. 3. MINIMUM REQUIREMENTS 3.1 Vendor must have been in business for at least three (3) years. 3.2 For the list of LMS specific requirements see Attachment A – Vendor Submittal, tab Vendor Requirements. 4. SUMMARY OF SCOPE OF SERVICES AND DELIVERABLES 4.1 It is the City’s intent to select a vendor based on qualifications and abilities of the firm and their software to provide a solution that will meet the needs of the City. We are looking for a vendor who has experience implementing with a government entity, an entity that has at least 4,000 employees, and an entity that connected to LinkedIn Learning. 4.2 Estimated Implementation Costs: $50,000 4.3 Estimated Annual Licensing Costs: $75,000 4.4 Estimated Project Schedule: Project Start: January 2023 Go Live: June 2023 4.5 The vendor will be requested to assist with implementation, project management, training, migration of data from current platforms into the new solution, user testing prior to go live, and change management. http://www.cityoftacoma.org/ https://cms.cityoftacoma.org/purchasing/StandardTermsandConditions.pdf Request for Proposal Template Revised: 02/15/2022 Specification No. HR22-0274F Page 7 4.6 Required features: 4.6.1 Admin Features • Ability to customize, organize and assign learning modules into path or tracks for employees to follow • Ability to customize approvers for training registrations • The ability to customize required and recommended training based upon role and workgroup • Recurring (time based) training certification/qualification management • Ability to assign subadmins with the ability to assign courses to employees in their workgroup • Class roster administration for internal instructors, including bulk upload via Excel file • Ability to list a class, allow for sign-ups, and notifications to user when registered • Ability for users to register, cancel registration, and reschedule • Functional waitlist with effective automation of registration changes • Ability to create and manage course equivalencies • Able to integrate with COT single sign on, active directory, and SAP personnel data • Ability to manually add non city personnel and/or contractors to system • Ability to track non-classroom related job exercises • Ability to bulk import training records from existing LMS and other internal systems • Ability to export all submitted content and user data in the event we move to another LMS at the end of the contract • Provide a single location for creating, accessing, and tracking online, instructor-led Training, on-the-job training, and virtual instructor-led training • Automated learner enrollment based on specific parameters • Must be able to manually assign • Supervisors should have the ability to enroll their team members in training • Must be able to create and assign custom security roles • Restrict learner access to content based on specific criteria • Restrict admin access to specific content based on security role 4.6.2 Content Features • Learner course knowledge assessment or quiz functionality • Must be able to house SCORM (sharable content object reference model), AICC (aviation industry computer based training) and HTML (Hyper text markup language) formats • Must be able to create content with multiple content types (SCORM files, documents, videos, links, etc) • Departments must be able to manage their own content independently • Ability to clearly designate required and optional learning • Ability to prevent users from skipping/fast forwarding through videos/modules Request for Proposal Template Revised: 02/15/2022 Specification No. HR22-0274F Page 8 4.6.3 Integration Features • LinkedIn Learning integration • Must be able to create integrations to import completion data from third-party platforms • Must be able to create integrations to import content from third-party platforms • Must track progress and completion from third-party platforms 4.6.4 Notification Features • Automatic reminders for certifications and licenses • Messaging feature enabling the system to forward a variety of reminders to learners • Outlook calendar invite automation for class participants with ability to include Zoom or Teams link 4.6.5 Reporting Features • Advanced reporting capabilities, including ability to run individual, workgroup, citywide training reports, and reports by training(s)/supervisors • Accurate training progress & completion tracking • Training transcripts, plans, records for all employees • Decentralized and easy access to reporting • Data must be accurate, reliable, and secure • Supervisors and department admins should be able to view training records for their own and cascading teams 4.6.6. User Interface Features • Ability for employees to document participation in external / non-city development programs, including the upload of certificates (PDF, Word) • Accessibility features and/or components for hearing, vision, etc • Needs to be easy to navigate for learners and admins • Mobile friendly interface 4.7 Optional Features 4.7.1 Administration Features • Training calendar view feature with Sharepoint Online integration • Approval process for uploading content • Bot support for learners and admins • Scheduling instructor-led training for specific departments 4.7.2 Content Features • Private discussion boards based on certain offerings of specific courses • Learning pre-assessment allowing for “testing out” • Course versioning to enable instructors to update/adjust materials • Ability for users to express interest in learning content • Automated scheduling and delivery of learning reinforcement exercises • Survey/assessments tool included Request for Proposal Template Revised: 02/15/2022 Specification No. HR22-0274F Page 9 • Ability to organize and tag courses by skill 4.7.3 Integration Features • The ability to integrate with Office 365 products and TEAMS • The ability to use connectors or API's to extract data to systems like Tableau, SAP, Snowflake 4.7.4 Notification Features • Text Messaging reminders – opt in • Class programming update communications – opt in 4.7.5 Reporting Features • Ability to print and save certificates • Class/course evaluation automation and reporting capability • Automated tracking and reporting of cancellation/attendance trends • Ability to report on skill development trends for individuals and groups • Ability to print off a resume or list of courses completed 4.7.6 User Interface Features • Training in the flow of work • Elements of gamification including but not limited to leaderboards and badging • Automated learning recommendations based upon user interest and role • Customization of user experience based upon workgroup including imagery and written content 5. ANTICIPATED CONTRACT TERM The anticipated duration of the contract is for a three-year period with the City’s sole option to renew for three (3) additional one-year (1) year periods as applicable. 6. CALENDAR OF EVENTS This is a tentative schedule only and may be altered at the sole discretion of the City. The anticipated schedule of events concerning this RFP is as follows: Publish and issue RFP: 9/19/2022 Pre-Proposal Meeting: 9/26/2022 Pre-Submittal Questions Due: 9/28/2022 Response to Questions on or about: 10/4/2022 Submittal Due Date: 10/18/2022 Submittal Evaluated, on or about: 10/25/2022 Interviews/Presentations, on or about: 11/7/2022 Award Recommendation, on or about: 11/10/2022 Request for Proposal Template Revised: 02/15/2022 Specification No. HR22-0274F Page 10 7. PRE-PROPOSAL MEETING A pre-proposal meeting will be held via Zoom on September 26, 2022 @ 8AM PDT https://us02web.zoom.us/j/82514071463?pwd=dHhlekpTQW1BYXh4ZUlyc0R2K2JBdz09 Meeting ID: 825 1407 1463 Passcode: 804277 One tap mobile +12532158782,,82514071463#,,,,*804277# US (Tacoma) +16694449171,,82514071463#,,,,*804277# US Dial by your location +1 253 215 8782 US (Tacoma) +1 669 444 9171 US +1 669 900 9128 US (San Jose) +1 719 359 4580 US +1 346 248 7799 US (Houston) +1 312 626 6799 US (Chicago) +1 386 347 5053 US +1 564 217 2000 US +1 646 558 8656 US (New York) +1 646 931 3860 US +1 301 715 8592 US (Washington DC) +1 309 205 3325 US Meeting ID: 825 1407 1463 Passcode: 804277 8. INQUIRIES 8.1 Questions must be received by 4 PM on the date specified in the calendar of events. 8.2 Questions must be emailed to Erica Pierce, epierce@cityoftacoma.org Subject line: HR22-0274F – Learning Management System – Vendor Name 8.3 Questions marked confidential will not be answered or included. 8.4 The City reserves the discretion to group similar questions to provide a single answer or not to respond when the requested information is confidential. 8.5 The answers are not typically considered an addendum. 8.6 The City will not be responsible for unsuccessful submittal of questions. 8.7 Written answers to questions will be posted in the event approximately one week after the question deadline. 9. DISCLAIMER The City is not liable for any costs incurred by the Respondent for the preparation of materials or a submittal submitted in response to this RFP, for conducting any presentations to the City, or any other activities related to responding to this RFP, or related to the contract negotiation process. https://us02web.zoom.us/j/82514071463?pwd=dHhlekpTQW1BYXh4ZUlyc0R2K2JBdz09 mailto:epierce@cityoftacoma.org Request for Proposal Template Revised: 02/15/2022 Specification No. HR22-0274F Page 11 10. EVALUATION CRITERIA 10.1 A Selection Advisory Committee (SAC) will review and evaluate submittals. After the evaluation, the SAC may conduct interviews of the most qualified Respondents before final selection. (See Section 12 for Criteria) 10.2 The SAC may select one or more respondent to provide the services required. 10.3 The SAC may use references to clarify information in the submittals and interviews, if conducted, which may affect the rating. The City reserves the right to contact references other than those included in the submittal. 11. RESPONSIVENESS Respondents agree their submittal is valid until a contract(s) has been executed. All submittals will be reviewed by the City to determine compliance with the requirements and instructions specified in this RFP. The Respondent is specifically notified that failure to comply with any part of this RFP may result in rejection of the submittal as non-responsive. The City reserves the right, in its sole discretion, to waive irregularities deemed immaterial. The final selection, if any, will be that submittal which, after review of submissions and potential interviews, in the sole judgement of the City, best meets the requirements set forth in this RFP. 12. CONTENT TO BE SUBMITTED – This section represents 100% of the possible scoring criteria. Respondents are to provide complete and detailed responses to all items below. Submittals that are incomplete or conditioned in any way that contain alternatives or items not called for in this RFP, which materially deviate from the requirements of this RFP or which are not in conformity with law, may be rejected as being non-responsive. Submittals should present information in a straightforward and concise manner, while ensuring complete and detailed descriptions of the Respondent’s abilities to meet the requirement of this RFP. Emphasis will be on completeness of content. The written submittals should be prepared in the sequential order as outlined below. The City reserves the right to request clarification of any aspect of a submittal, or request additional information that might be required to properly evaluate the submittal. Failure to respond to such a request may result in rejection of the firm’s submittal. Respondents are required to provide responses to any request clarification within two (2) business days. Requests for clarification or additional information shall be made at the sole discretion of the City. The City’s retention of this right shall no way diminish a Respondent’s responsibility to submit a submittal that is current, clear, complete and accurate. The relative weight of each scoring criteria is indicated in the table below. See Attachment A – Vendor Submittal for details. Request for Proposal Template Revised: 02/15/2022 Specification No. HR22-0274F Page 12 Criteria Max Points Proposed Solution – see Attachment A for requirements that must be included in solution 70 Examples of Projects and Client References 10 Implementation / Contract Costs 5 Qualifications / Experience of Key Personnel 5 Sustainability 5 Equity in Contracting – State of WA OMWBE certified firm 5 Credit Card Acceptance 0 Contract Exceptions 0 Total 100 12.1 Proposed Solution – 70 points See Section 4.6 and Attachment A for requirements that must be included in the solution and 4.7 for desired optional items. 12.2 Examples of Projects and Client References – 10 points Must have at least one example of client/project that matches Section 4.1 – minimum of three (3) examples are REQUIRED. 12.3 Implementation/Contract Costs – 5 points See estimated budget in Section 4.2 and 4.3. Include breakdown of costs between implementation software, implementation services, and ongoing licensing fees. 12.4 Qualifications/Experience of Key Personnel – 5 points In lieu of resumes, please create one page total of qualifications and experience of key personnel on the project considering items in Section 4.1. 12.5 Sustainability – 5 points Describe efforts to create and maintain sustainable business practices. 12.6 – Equity in Contracting – 5 points Points will only be given for firms certified in the State of Washington only. See OMWBE website for certification directory or instructions on how to become certified. 12.7 Credit Card Acceptance – 0 points Does your company accept credit cards without charging a transaction fee? (Circle one) YES NO Provide a statement regarding your ability to meet the City’s credit card requirements(below) as well as identifying your reporting capabilities (Level I, II, or III). This information is not a consideration in the evaluation process. 12.8 Contract Exceptions – 0 points Do you take exceptions to any of the City of Tacoma's Standard Terms and Conditions? (See Section 2) https://omwbe.wa.gov/ https://omwbe.wa.gov/ Request for Proposal Template Revised: 02/15/2022 Specification No. HR22-0274F Page 13 13. CITY’S RESERVED RIGHTS Respondents are advised that the City reserves the right to cancel any award at any time prior to mutual execution of a Contract if cancellation is deemed to be in the City’s best interest. City is not liable to Respondent for any costs or damages for the cancellation of an award. The Respondent assumes the sole risk and responsibility for all expenses connected with the preparation of this submittal. In addition to any reserved rights contained in the City of Tacoma Standard Terms and Conditions, City specifically reserves the following rights: • To waive any or all informalities or irregularities in any submittal which, in City’s sole judgement, are deemed minor or immaterial • To award one or more contracts • To not award a contract • To issue subsequent solicitation 14. INTERVIEWS / ORAL PRESENTATIONS An invitation to interview may be extended to Respondents based on SAC review of the written submittals. The SAC reserves the right to adjust scoring based on additional information and/or clarifications provided during interviews. The SAC may determine additional scoring criteria for the interviews following evaluation of written submittals. The City reserves all rights to begin contract negotiations without conducting interviews. Respondents must be available to interview within three business days notice. If interviews are conducted, the SAC will schedule the interviews using the email address for communications provided on the signature page. Additional interview information will be provided at the time of invitation. At this time, it is anticipated that the main objective of the interview will be for the SAC to meet the project manager and key personnel that will have direct involvement with the project and hear about their relevant experience and expertise. The City does not intend to meet with firm officials unless they are to be directly involved with the project. The relative weight of each Part 2 criterion is indicated in the table below. Criteria Max Points Presentation by finalist 75 Interview / Questions and Answers 25 Total 100 15. CONTRACT OBLIGATION The selected Respondent(s) will be expected to execute a Contract with the City. At a minimum, any contract will incorporate the contents of this specification, including all stated services or deliverables and other requirements and the City of Tacoma Standard Terms and Conditions, together with the contents of Respondent’s submittal. The submittal contents of the successful Respondent will become contractual obligations Request for Proposal Template Revised: 02/15/2022 Specification No. HR22-0274F Page 14 16. FORM OF CONTRACT In event the City’s Services Contract or other City Contract template is attached to this RFP as a sample form of Contract, the City expects to utilize the Terms and Conditions contained in the sample form of Contract. Post award negotiation may occur at the discretion of the City. Respondents should clearly state exceptions to City’s Standard Terms and Conditions as well as to the Terms and Conditions contained in any attached sample form of Contract and to any other portions of this RFP, including the stated Insurance Requirements. Respondents may also propose to utilize their own form of Contract and in such instances, Respondent must provide its form of Contract as part of its submittal. City, at its sole option, will decide whether engage in negation on any or all proposed exceptions. City reserves sole discretion to determine the final form of Contract that will be used. 17. INSURANCE REQUIREMENTS Successful proposer will provide proof of and maintain the insurance coverage in the amounts and in the manner specified in the City of Tacoma Insurance Requirements contained in this solicitation in Appendix B. 18. PAID LEAVE Effective February 1, 2016, the City of Tacoma requires all employers to provide Paid Leave and Minimum Wage, as set forth in Title 18 of the Tacoma Municipal Code. For more information visit http://www.cityoftacoma.org/employmentstandards. 19. PARTNERSHIPS The City will allow Respondents to partner in order to respond to this RFP. Respondents may team under a Prime Respondent’s submittal in order to provide responses to all sections in a single submission; however, each Respondent’s participation must be clearly delineated by section. The Prime Respondent will be considered the responding vendor and the responsible party at contract award. Any contract negotiations will be conducted only with the Prime Respondent. All contract payments will be made only to the Prime Respondent. Any agreements between the Prime Respondent and other companies will not be a part of the agreement between the City and the Prime Respondent. The City reserves the right to select more than one Prime Respondent. 20. COMMITMENT OF FIRM KEY PERSONNEL The Respondent agrees that key personnel identified in its submittal or during contract negotiations as committed to this project will, in fact, be the key personnel to perform during the life of this contract. Should key personnel become unavailable for any reason, the selected Respondent shall provide suitable replacement personnel, subject to the approval of the City. Substantial organizational or personnel changes within the agency are expected to be communicated immediately. Failure to do so could result in cancellation of the Contract. 21. AWARD After the Respondent(s) is selected by the SAC and prior to award, all other Respondents will be notified via the Purchasing Division using the email address for communications provided on the signature page. http://www.cityoftacoma.org/employmentstandards Request for Proposal Template Revised: 02/15/2022 Specification No. HR22-0274F Page 15 Once a Respondent(s) has been selected for award by the SAC, contract negotiations will begin. If a contract with the selected Respondent(s) is not successfully negotiated in that the City’s final offer is not accepted, the City may, in its sole discretion discontinue contract negotiations and commence negotiations with another Respondent. When a contract is successfully negotiated, the Contract will, if required, be submitted for final approval by the Public Utility Board and/or City Council. 22. ENVIRONMENTALLY PREFERABLE PROCUREMENT In accordance with the City’s Sustainable Procurement Policy, it is the policy of the City of Tacoma to encourage the use of products or services that help to minimize the environmental and human health impacts of City Operations. Respondents are encouraged to incorporate environmentally preferable products or services that have a lesser or reduced effect on human health and the environment when compared with competing products or services that serve the same purpose. This comparison may consider raw materials acquisition, products, manufacturing, packaging, distribution reuse, operation, maintenance or disposal of the product or service. The City of Tacoma encourages the use of sustainability practices and desires any awarded contractor(s) to assist in efforts to address such factors when feasible for: Reduction of pollutant releases Toxicity of materials used Waste generation Greenhouse gas emissions, including transportation of materials and services Recycle content Comprehensive energy conservation measures Waste manage reduction plans Potential impact on human health and the environment 23. EQUITY IN CONTRACTING The City of Tacoma is committed to encouraging firms certified through the Washington State Office of Minority and Women’s Business Enterprise to participate in City contracting opportunities. See the TMC 1.07 Equity in Contracting Policy at the City’s Equity in Contracting Program website. 24. PROPRIETARY OR CONFIDENTIAL INFORMATION The Washington State Public Disclosure Act (RCW 42.56 et seq.) requires public agencies in Washington make public records available for inspection and copying unless they fall within the specified exemptions contained in the Act, or are otherwise privileged. Documents submitted under this RFP shall be considered public records and, with limited exceptions, will be made available for inspection and copying by the public. For complete detail on Respondent’s responsibility to identify and mark confidential information, and the applicability of the Public Disclosure Act, see the Standard Terms and Conditions. https://omwbe.diversitycompliance.com/ https://omwbe.diversitycompliance.com/ https://www.cityoftacoma.org/cms/One.aspx?portalId=169&pageId=26616 https://apps.leg.wa.gov/RCW/default.aspx?cite=42.56 Request for Proposal Template Revised: 02/15/2022 Specification No. HR22-0274F Page 16 25. ADDENDUMS In the event it becomes necessary to revise any part of this RFP, an addendum will be posted along with this specification on http://www.tacomapurchasing.org. Failure to acknowledge addendum(s) on the required Signature Page may result in a submittal being deemed non- responsive by the City. http://www.tacomapurchasing.org/ Request for Proposal Template Revised: 02/15/2022 Specification No. HR22-0274F Page 17 APPENDIX A REQUIRED FORMS SIGNATURE PAGE ATTACHMENT A - VENDOR SUBMITTAL SPREADSHEET* ATTACHMENT B - SAAS CYBERSECURITY QUESTIONNAIRE* *SEE LINK ON SPECIFICATION POSTING TO DOWNLOAD THE REQUIRED DOCUMENTS. DOWNLOAD, FILL OUT, AND RETURN THE EXCEL SPREADSHEETS AS PART OF THE SUBMITTAL PACKAGE Form No. SPEC-080A Revised: 06/01/2021 SIGNATURE PAGE CITY OF TACOMA HUMAN RESOURCES All submittals must be in ink or typewritten, executed by a duly authorized officer or representative of the bidding/proposing entity, and received and time stamped as directed in the Request for Proposals page near the beginning of the specification. If the bidder/proposer is a subsidiary or doing business on behalf of another entity, so state, and provide the firm name under which business is hereby transacted. REQUEST FOR PROPOSALS SPECIFICATION NO. HR22-0274F LEARNING MANAGEMENT SYSTEM The undersigned bidder/proposer hereby agrees to execute the proposed contract and furnish all materials, labor, tools, equipment and all other facilities and services in accordance with these specifications. The bidder/proposer agrees, by submitting a bid/proposal under these specifications, that in the event any litigation should arise concerning the submission of bids/proposals or the award of contract under this specification, Request for Bids, Request for Proposals or Request for Qualifications, the venue of such action or litigation shall be in the Superior Court of the State of Washington, in and for the County of Pierce. Non-Collusion Declaration The undersigned bidder/proposer hereby certifies under penalty of perjury that this bid/proposal is genuine and not a sham or collusive bid/proposal, or made in the interests or on behalf of any person or entity not herein named; and that said bidder/proposer has not directly or indirectly induced or solicited any contractor or supplier on the above work to put in a sham bid/proposal or any person or entity to refrain from submitting a bid/proposal; and that said bidder/proposer has not, in any manner, sought by collusion to secure to itself an advantage over any other contractor(s) or person(s). Bidder/Proposer’s Registered Name Address City, State, Zip Authorized Signatory E-Mail Address E.I.No. / Federal Social Security Number Used on Quarterly Federal Tax Return, U.S. Treasury Dept. Form 941 E-Mail Address for Communications Signature of Person Authorized to Enter Date into Contracts for Bidder/Proposer Printed Name and Title (Area Code) Telephone Number / Fax Number State Business License Number in WA, also known as UBI (Unified Business Identifier) Number State Contractor’s License Number (See Ch. 18.27, R.C.W.) Addendum acknowledgement #1_____ #2_____ #3_____ #4_____ #5_____ THIS PAGE MUST BE SIGNED AND RETURNED WITH SUBMITTAL. Corporate Name: Address Line 1: Address Line 2: City: State: Zip: Corporate Web Address: Parent Company (If Any): Primary Contact Person (Name): Primary Contact Person (Title): Primary Contact Person (Phone): Primary Contact Person (Email): Alternate Contact Person (Name): Alternate Contact Person (Title): Alternate Contact Person (Phone): Alternate Contact Person (Email): Office from which project to be managed: Address Line 1: Address Line 2: City: State: Zip: Project Manager Name: Project Manager Phone: Project Manager email: Vendor Information Corporate Summary Information Project Information HR22-0274F - Learning Management System OB CON PAR CUS OTR N/A Question Category Requirements Multiplier Rating Response 1 Admin - REQ Ability to customize, organize and assign learning modules into path or tracks for employees to follow 2 Admin - REQ Ability to customize approvers for training registrations 3 Admin - REQ The ability to customize required and recommended training based upon role and workgroup 4 Admin - REQ Recurring (time based) training certification/qualification management 5 Admin - REQ Ability to assign subadmins with the ability to assign courses to employees in their workgroup 6 Admin - REQ Class roster administration for internal instructors, including bulk upload via Excel file 7 Admin - REQ Ability to list a class, allow for sign-ups, and notifications to user when registered 8 Admin - REQ Ability for users to register, cancel registration, and reschedule 9 Admin - REQ Functional waitlist with effective automation of registration changes 10 Admin - REQ Ability to create and manage course equivalencies 11 Admin - REQ Able to integrate with COT single sign on, active directory, and SAP personnel data 12 Admin - REQ Ability to manually add non city personnel and/or contractors to system 13 Admin - REQ Ability to track non-classroom related job exercises 14 Admin - REQ Ability to bulk import training records from existing LMS and other internal systems 15 Admin - REQ Ability to export all submitted content and user data in the event we move to another LMS at the end of the contract 16 Admin - REQ Provide a single location for creating, accessing, and tracking online, instructor-led Training, on-the-job training, and virtual instructor-led training 17 Admin - REQ Automated learner enrollment based on specific parameters 18 Admin - REQ Must be able to manually assign Custom programming required (must provide description including any additional costs involved). Other solution available (must provide description including any additional costs involved). Not Available. Vendor Requirements - HR22-0274F - Learning Management System For the following requirements, respond to each criteria by indicating the level of compliance (Rating) of the specific offered system. Worksheets will be evaluated in the following manner: Required Features will be scored on a pass/fail basis. Only Worksheets that pass all required features will be scored. Scores will be calculated using the rating system and multiplier listed next to each criteria. If the criteria listed is not considered a standard offering, however can be obtained by custom programming or through a partnership with the proposer, not how the criteria will be met. Proposer may be asked to clarify/ provide proof of system capabilities. Inaccurate product claims may cause a proposal to be considered nonresponsive. REQ = a required feature OPT = an optional feature Use the following rating criteria when responding: Fully compliant out of the box. Fully configurable by user out of the box. Partially configurable by user out of the box. 19 Admin - REQ Supervisors should have the ability to enroll their team members in training 20 Admin - REQ Must be able to create and assign custom security roles 21 Admin - REQ Restrict learner access to content based on specific criteria 22 Admin - REQ Restrict admin access to specific content based on security role 23 Admin - OPT Training calendar view feature with Sharepoint Online integration 24 Admin - OPT Approval process for uploading content 25 Admin - OPT Bot support for learners and admins 26 Admin - OPT Scheduling instructor-led training for specific departments 27 Content - REQ Learner course knowledge assessment or quiz functionality 28 Content - REQ Must be able to house SCORM (sharable content object reference model), AICC (aviation industry computer based training) and HTML (Hyper text markup language) formats 29 Content - REQ Must be able to create content with multiple content types (SCORM files, documents, videos, links, etc) 30 Content - REQ Departments must be able to manage their own content independently 31 Content - REQ Ability to clearly designate required and optional learning 32 Content - REQ Ability to prevent users from skipping/fast forwarding through videos/modules 33 Content - OPT Private discussion boards based on certain offerings of specific courses 34 Content - OPT Learning pre-assessment allowing for “testing out” 35 Content - OPT Course versioning to enable instructors to update/adjust materials 36 Content - OPT Ability for users to express interest in learning content 37 Content - OPT Automated scheduling and delivery of learning reinforcement exercises 38 Content - OPT Survey/assessments tool included 39 Content - OPT Ability to organize and tag courses by skill 40 Integrations - REQ LinkedIn Learning integration 41 Integrations - REQ Must be able to create integrations to import completion data from third-party platforms 42 Integrations - REQ Must be able to create integrations to import content from third-party platforms 43 Integrations - REQ Must track progress and completion from third-party platforms 44 Integrations - OPT The ability to integrate with Office 365 products and TEAMS 45 Integrations - OPT The ability to use connectors or API's to extract data to systems like Tableau, SAP, Snowflake 46 Notifications - REQ Automatic reminders for certifications and licenses 47 Notifications - REQ Messaging feature enabling the system to forward a variety of reminders to learners 48 Notifications - REQ Outlook calendar invite automation for class participants with ability to include Zoom or Teams link 49 Notifications - OPT Text Messaging reminders – opt in 50 Notifications - OPT Class programming update communications – opt in 51 Reporting - REQ Advanced reporting capabilities, including ability to run individual, workgroup, citywide training reports, and reports by training(s)/supervisors 52 Reporting - REQ Accurate training progress & completion tracking 53 Reporting - REQ Training transcripts, plans, records for all employees 54 Reporting - REQ Decentralized and easy access to reporting 55 Reporting - REQ Data must be accurate, reliable, and secure 56 Reporting - REQ Supervisors and department admins should be able to view training records for their own and cascading teams 57 Reporting - OPT Ability to print and save certificates 58 Reporting - OPT Class/course evaluation automation and reporting capability 59 Reporting - OPT Automated tracking and reporting of cancellation/attendance trends 60 Reporting - OPT Ability to report on skill development trends for individuals and groups 61 Reporting - OPT Ability to print off a resume or list of courses completed 62 Tech - REQ Technical support must be available during West Coast US Business Hours (GMT-7, -8) 63 UI - REQ Ability for employees to document participation in external / non- city development programs, including the upload of certificates (PDF, Word) 64 UI - REQ Accessibility features and/or components for hearing, vision, etc 65 UI - REQ Needs to be easy to navigate for learners and admins 66 UI - REQ Mobile friendly interface 67 UI - OPT Training in the flow of work 68 UI - OPT Elements of gamification including but not limited to leaderboards and badging 69 UI - OPT Automated learning recommendations based upon user interest and role 70 UI - OPT Customization of user experience based upon workgroup including imagery and written content 71 Technology What type of SSO do you support? N/A A. SAML 2.0 B. Oauth C. Both 72 Technology Do you support any type of identity provider that supports the above authentications methods? If specific ones please list N/A 73 Technology How are accounts on the service provider side going to be created and maintained? N/A 74 Technology Do you require that Active Directory groups be sent as an attribute for identity access on the service provider side? N/A 75 Sustainability See Attachment # for the Sustainability worksheet N/A See attachment 76 Equity in Contracting Is your firm, or the firm you are partnering with, certified with Washington State for any of the noted categories (select all that apply)? Selecting any item will award all points for this category. N/A ☐ Combination Business Enterprise (CBE) ☐ Disadvantaged Business Enterprise (DBE) ☐ Minority Business Enterprise (MBE) ☐ Minority/Women Business Enterprise (MWBE) ☐ Small Business Enterprise (SBE) ☐ Socially and Economically Disadvantaged Business Enterprise (SEDBE) ☐ Women Business Enterprise (WBE) 77 Credit Card Acceptance Provide a statement regarding your ability to meet the City’s credit card requirements(state below) as well as identifying your reporting capabilities (Level I, II, or III). This information is not a consideration in the evaluation process. N/A 78 Contract Exceptions Do you take exceptions to any of the City of Tacoma's Standard Terms and Conditions? N/A Company: Company Web Address: Description of Reference and which above listed requirements does it meet: Contact Name: Phone Number: Email Address Address Line 1: Address Line 2: City: State: Zip: Company: Company Web Address: Vendor Reference 2: Vendor Project Examples & References - HR22-0274F - Learning Management System Provide a project that showcases your abilities for the following cateogies: *Note: if you have 1 reference that meets multiple criteria you can combine references, a minimum of 3 are required. The last one cannot be combined. 1) government entity* 2) an entity with around 4000 employees* 3) an entity that uses LinkedIn Learning in conjunction with content the user agency develops* 4) an entity that has implemented within the last 2 to 3 years* 5) a entity that has been utilizing your services for 5+ years Vendor Reference 1: Description of Reference and which above listed requirements does it meet: Contact Name: Phone Number: Email Address Address Line 1: Address Line 2: City: State: Zip: Company: Company Web Address: Description of Reference and which above listed requirements does it meet: Contact Name: Phone Number: Email Address Address Line 1: Address Line 2: City: State: Zip: Company: Company Web Address: Vendor Reference 4: Vendor Reference 3: Description of Reference and which above listed requirements does it meet: Contact Name: Phone Number: Email Address Address Line 1: Address Line 2: City: State: Zip: Company: Company Web Address: Description of Reference and which above listed requirements does it meet: Contact Name: Phone Number: Email Address Address Line 1: Address Line 2: City: State: Zip: Vendor Reference 5: Qty Frequency Unit Price Total One Time $ $ One Time $ $ One Time $ $ Recurring $ $ Recurring $ $ Recurring $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ Price Proposal - HR22-0274F - Learning Management System Descriptions Vendor Name: Date: Quote Number: Please feel free to add lines as needed but we would like the costs categorized in the following manner: One Time Fees: Change Management Optional Items: Recurring Fees: TOTAL Year 1 Annual Fees Year 2-5 Version 1.2-tpwr Approved: 01/31/2020 HR22-0274F - Learning Management System Document ID: 1355 Open Distribution Copyright © 2020 North American Transmission Forum. All rights reserved. Version History: Date Version Notes 7/30/2019 0 Initial version 1/31/2020 1 Refined Version 0 Criteria - Contributions from the NATF Proof of Concept Team and Industry Organizations 3/20/2020 1.1 Refined copyright to allow for open use with conditions 6/19/2020 1.2 Added mapping to UL Supplier Cyber Trust Level; removed incorrect reference in Organizational Information header NATF Cyber Security Criteria for Suppliers The NATF permits the use of the content contained herein (“Content”), without modification; however, any such use must include this notice and reference the associated NATF document name & version number. The Content is provided on an “as is” basis. The NATF makes no and hereby disclaims all representations or warranties (express or implied) relating to the Content. The NATF shall not be liable for any damages arising directly or indirectly from the Content or use thereof. By using the Content, you hereby agree to defend, indemnify, and hold the NATF harmless from and against all claims arising from such use. HR22-0274F - Learning Management System Information Points for Version 1 1 The criteria provided here is composed of two categories: *Organizational Information *Supplier Criteria 2 Organizational Information provides information about the supplier's organization. 3 Supplier Criteria provides a benchmark for supplier's cyber security practices and a supplier's level of adherence to these criteria may identify areas of risk for Bulk Power System products or services. Information regarding a supplier's adherence to these criteria is a data input into an entity's risk analysis for the supplier. Many of the criteria are to ascertain good cyber security measures for an entity and are above and beyond the requirements of NERC Reliability Standards. HR22-0274F - Learning Management System Criteria Identification Number Risk Area Cyber Security Initial Information Vendor Response OI.1 Organizational Information Supplier or Company Name OI.2 Organizational Information Provide parent organizations for supplier OI.3 Organizational Information Provide any other subsidiaries or divisions of identified parent organizations OI.4 Organizational Information Provide any supplier subsidiary organizations OI.5 Organizational Information Provide Dun & Bradstreet Number OI.6 Organizational Information Supplier Address OI.7 Organizational Information Supplier web site OI.8 Organizational Information Name of primary contact for information on the form OI.9 Organizational Information Email address for primary contact for information on the form Open Distribution OI.10 Organizational Information Phone number for primary contact for information on the form OI.11 Organizational Information Total number of employees OI.12 Organizational Information Total number of contractors OI.13 Organizational Information Annual gross revenue OI.14 Organizational Information Provide number of years supplier has been in business OI.15 Organizational Information Provide any countries other than the United States or Canada in which supplier operates (has an office, sells product or conducts any business) (indicate if none) OI.16 Organizational Information Provide any countries other than the United States or Canada in which supplier's product (i.e. hardware, software, firmware or components) is manufactured or developed (indicate if none) OI.17 Organizational Information Provide any countries other than the United States or Canada in which supplier's product (i.e. hardware, software, firmware or components) is assembled (indicate if none) OI.18 Organizational Information Provide a summary for any pending or resolved product-related litigation in the last ten (10) years OI.19 Organizational Information Provide any bonding company requests to intervene or make payments on supplier's behalf for any product manufacturing /development in the last ten (10) years OI.20 Organizational Information Provide the level of current cyber security risk insurance coverage the organization has in place (indicate if none) OI.21 Organizational Information Provide the number of contractors the organization employs in countries other than the United States or Canada (indicate if none) OI.22 Organizational Information Provide any currently effective third-party assessment or certifications for cyber security frameworks, the dates covered and the date of expiration (as applicable) OI.23 Organizational Information Provide the findings reports from third party verifications conducted for cyber security frameworks (provide the two most recent reports for each cyber security framework) OI.24 Organizational Information Provide information on any mergers or acquisitions that have been publicly announced or completed with the last 5 years. Criteria Identification Number Applicable to SaaS? Risk Area NATF Cyber Security Supply Chain Criteria for Suppliers Version 1 (NATF Board Approved) 1 yes Access Control and Mgmt Supplier establishes and maintains an identity and access management program that ensures sustainable, secure product manufacturing/development 2 yes Access Control and Mgmt Supplier establishes and maintains a program that ensures storage security at supplier's site (e.g. chain of custody) 3 For high security scenarios Access Control and Mgmt Supplier's personnel vetting process allows supplier to share background check criteria and results with entity for confirmation of process or verification of sampled employees Open Distribution HR22-0274F - Learning Management System Criteria Identification Number Applicable to SaaS? Risk Area NATF Cyber Security Supply Chain Criteria for Suppliers Version 1 (NATF Board Approved) Open Distribution 4 For high security scenarios Access Control and Mgmt Supplier has a process that requires supplier to have background checks (e.g. personnel risk assessments) conducted for all of its employees and contractors. Please provide a list of any exempted employees or contractors due to restrictions by country of employment (i.e. by country) Supplier's process requires supplier to conduct background checks at least every 7 years. If process does not require at least every 7 years, provide frequency that supplier's process requires 5 yes Access Control and Mgmt Supplier requires approval for access based on need for all employees and contractors with access to supplier’s assets and facilities 6 yes Access Control and Mgmt Supplier maintains an access list of all individuals with access to supplier’s assets, information, and facilities Criteria Identification Number Applicable to SaaS? Risk Area NATF Cyber Security Supply Chain Criteria for Suppliers Version 1 (NATF Board Approved) Open Distribution 7 yes Access Control and Mgmt Supplier conducts an annual review of all individuals' access to supplier’s assets, information, and facilities If not reviewed annually, provide frequency 11 yes Access Control and Mgmt For access within supplier's system, supplier has internal controls to ensure it revokes access when an individual no longer requires access due to change in employment status or job duties 12 yes Access Control and Mgmt For access within supplier's system, supplier revokes access when an individual no longer requires access due to change in employment status or job duties 16 yes Access Control and Mgmt The supplier implements security controls for the use of devices that access entity's system (e.g. mobile, laptop, non-company devices) Criteria Identification Number Applicable to SaaS? Risk Area NATF Cyber Security Supply Chain Criteria for Suppliers Version 1 (NATF Board Approved) Open Distribution 18 yes Access Control and Mgmt Supplier establishes and maintains a process that ensures the security of system-to- system remote access including protection of Data at Rest and Data in Transit 19 yes Access Control and Mgmt Where supplier is connected to other entity's systems, supplier ensures that there is no undisclosed path or bridge into entity's system from other entity's system through the supplier 21 yes Governance Supplier has a business continuity plan 22 yes Governance Supplier has processes to notify entity of any mergers and acquisitions as soon as legally permissible 23 yes Governance Supplier notifies entity whenever production and/or operation of products and services entity has purchased is transferred to another supplier Criteria Identification Number Applicable to SaaS? Risk Area NATF Cyber Security Supply Chain Criteria for Suppliers Version 1 (NATF Board Approved) Open Distribution 24 yes Governance Supplier obtains periodic independent third-party assessments or certification audits related to cyber security 25 yes Incident Response Supplier maintains a cyber security incident response plan 26 yes Incident Response Supplier reviews and updates its cyber security incident response plan at least annually If not reviewed annually, provide frequency 27 yes Incident Response Supplier cyber security incident response plan contains clear roles and responsibilities which includes coordination of responses to their customer(s) Criteria Identification Number Applicable to SaaS? Risk Area NATF Cyber Security Supply Chain Criteria for Suppliers Version 1 (NATF Board Approved) Open Distribution 28 yes Incident Response Supplier's cyber security incident response plan contains requirements to notify entities that purchased impacted products or services within 24 hours of initiation of the supplier's plan 29 yes Incident Response Supplier's cyber security incident response plan contains steps to identify, contain, eradicate, recover 30 yes Incident Response Supplier cyber security incident response plan includes steps and requirement to perform an after-action review, i.e. lessons learned 31 yes Incident Response Supplier’s cybersecurity incident response plan is periodically assessed Provide date of last assessment Criteria Identification Number Applicable to SaaS? Risk Area NATF Cyber Security Supply Chain Criteria for Suppliers Version 1 (NATF Board Approved) Open Distribution 32 yes Incident Response Supplier has taken appropriate action in response to assessment(s) of cyber security incident process 33 yes Incident Response Supplier exercises its cyber security incident response plan at least annually If not conducted annually, provide frequency 34 yes Incident Response Supplier has experience initiating its cyber security incident plan Provide the circumstances under which the plan was executed (test and/or actual) 35 For high security scenarios Incident Response Supplier has demonstrated corrective actions for prior cyber security incident(s) 36 yes Incident Response Supplier has a process to notify entity of any supplier-identified cyber or physical security incidents related to their products or services that could pose risk to the entity In instances where the incident has the potential to affect the entity's data and/or operations, notification is provided to entity within 2 hours of identification. If not within 2 hours, provide number of hours before notification 37 yes Incident Response Supplier has a process to monitor industry threat and information sharing entities (e.g. US-CERT, National Vulnerability Database, CISA-AIS) Criteria Identification Number Applicable to SaaS? Risk Area NATF Cyber Security Supply Chain Criteria for Suppliers Version 1 (NATF Board Approved) Open Distribution 38 yes Information Protection Supplier has a documented program to identify, classify, protect, manage, and maintain sensitive information 39 yes Information Protection Supplier's information protection program includes safeguards and notifications regarding release of data to third parties 40 yes Information Protection Supplier's information protection program includes sanitizing media prior to disposal, release, or reuse 41 yes Information Protection Supplier's information protection program addresses all technologies in use (e.g. on- premise, co-located, off-site, or in cloud) 42 yes Information Protection Supplier implements encryption or technologies to restrict access to and obfuscate Data in Transit (e.g. cryptography, public key infrastructure (PKI), fingerprints, cipher hash) Criteria Identification Number Applicable to SaaS? Risk Area NATF Cyber Security Supply Chain Criteria for Suppliers Version 1 (NATF Board Approved) Open Distribution 43 yes Information Protection Supplier's information protection program prohibits access to customer data without authorization 44 yes Information Protection Supplier's information protection program includes managing and securing Data at Rest to ensure confidentiality, integrity and availability (e.g. supplier implements encryption or technology to restrict access and obfuscate sensitive data) 45 yes Information Protection Supplier's information protection program includes data loss protection tools and practices to remediate data loss 46 yes Information Protection Supplier's information protection program includes secure destruction of sensitive information 47 yes Vulnerability Mgmt Supplier has a documented program for secure product development, including applying security controls and secure coding techniques, within the system development life cycle Criteria Identification Number Applicable to SaaS? Risk Area NATF Cyber Security Supply Chain Criteria for Suppliers Version 1 (NATF Board Approved) Open Distribution 48 yes Vulnerability Mgmt Supplier establishes and maintains a security management program that validates the authenticity and origins of third-party hardware, firmware and software including open source code software 49 yes Vulnerability Mgmt Supplier establishes and maintains a security program for the product or service being purchased, including implemented processes to verify the integrity and authenticity of the software, patches and firmware relevant to the product or service being delivered to the entity 50 yes Vulnerability Mgmt Supplier has a process to assess and apply security patches in its environment within a predetermined timeframe Provide number of days to complete assessment and implementation 51 yes Vulnerability Mgmt Supplier configures automated notifications of, and response to, software, patches and firmware integrity violations Criteria Identification Number Applicable to SaaS? Risk Area NATF Cyber Security Supply Chain Criteria for Suppliers Version 1 (NATF Board Approved) Open Distribution 52 yes Vulnerability Mgmt Supplier implements process and controls to ensure system and information integrity 53 yes Vulnerability Mgmt Supplier uses secure central software repository after software, patches and firmware authenticity and integrity have been validated, so that authenticity and integrity checks do not need to be performed before each installation 54 yes Vulnerability Mgmt Supplier establishes and maintains a security program for the supplier's environment, including implemented processes to approve software, patches and firmware prior to installation, as well as to verify the integrity and authenticity of the software, patches and firmware relevant to any technologies or equipment used in the development, manufacturing, testing, assembly and distribution of the product or service 55 yes Vulnerability Mgmt Supplier uses scanning tools and techniques to detect vulnerabilities or malware in its environment and products 56 yes Vulnerability Mgmt Supplier provides a specific list of, and justifications for, required logical ports (which may include limited ranges) and services required for its deliverables (either products or services), if applicable. Criteria Identification Number Applicable to SaaS? Risk Area NATF Cyber Security Supply Chain Criteria for Suppliers Version 1 (NATF Board Approved) Open Distribution 57 yes Vulnerability Mgmt Supplier notifies entity of any vulnerabilities in its products or services in a timely manner that does not increase threat vectors (i.e. security patch is available or vulnerability is publicly known or imminent to be released publicly) 58 yes Vulnerability Mgmt Supplier digitally signs and validates software, patches and firmware prior to distribution 60 yes Vulnerability Mgmt Supplier uses trusted and controlled distribution for electronic shipment of all products Acronym Term Definition (see Authority Location for Current Definition) Definition as of June 30, 2019 Authority for Definition Company a provider of products or services. For the purposes of this document, "supplier" is synomous with "Vendor" and "Company" and the terms may be used interchangeably CSI Cyber Security Incident According to the NERC Standards Glossary of Terms 6/2019 A malicious act or suspicious event that: • Compromises, or was an attempt to compromise, the Electronic Security Perimeter or Physical Security Perimeter or, • Disrupts, or was an attempt to disrupt, the operation of a BES Cyber System Data at Rest See NATF Definition Data in Transit See NATF Definition E-ISAC Electricity Information Sharing and Analysis Center KPI key performance indicator Not a defined term. A key performance indicator is a measurable value that demonstrates how effectively a company is achieving key business objectives. PRA personnel risk assessment Not a defined term; term as used includes criteria as listed in NERC Reliability Standard CIP-004 R3.2 Supplier A provider of products or services. For the purposes of this document, "supplier" is synomous with "Vendor" (commonly understood meaning, including the NERC definition) and "Company" and the terms may be used interchangeably. For use in this workbook, Supplier is the company that sells the product, services or aggregation of products or services, to a purchasing entity. US-CERT United States Computer Emergency Readiness Team Vendor (also "Company" or "Supplier") The term "vendor" is not a defined term in the NERC Glossary or CIP-013, CIP-005 or CIP-010. In CIP-013 and CIP-005, the term as used in the standard is explained. The NERC Glossary or NERC Reliability Standards are the source of authority for the definition of this term as used in this document. For ease, the following text appears in CIP-013-1 and CIP-005-6: "The term vendor(s) as used in the standard is limited to those persons, companies, or other organizations with whom the Responsible Entity, or its affiliates, contract with to supply BES Cyber Systems and related services." Supplier For the purposes of this document, Supplier is a source that provides products or services to an entity. It is used to broadly to include "vendor" as defined in the NERC Reliabiity Standards. https://www.us-cert.gov/ Request for Proposal Template Revised: 02/15/2022 Specification No. HR22-0274F Page 45 APPENDIX B INSURANCE REQUIREMENTS CITY OF TACOMA INSURANCE REQUIREMENTS FOR CONTRACTS Insurance Requirements Spec/Contract Number: HR22-0274F Template Revised 10/3/2019 Page 1 of 4 The Contractor (Contractor) shall maintain at least the minimum insurance set forth below. By requiring such minimum insurance, the City of Tacoma shall not be deemed or construed to have assessed the risk that may be applicable to Contractor under this Contract. Contractor shall assess its own risks and, if it deems appropriate and/or prudent, maintain greater limits and/or broader coverage. 1. GENERAL REQUIREMENTS The following General Requirements apply to Contractor and to Subcontractor(s) of every tier performing services and/or activities pursuant to the terms of this Contract. Contractor acknowledges and agrees to the following insurance requirements applicable to Contractor and Contractor’s Subcontractor(s): 1.1. City of Tacoma reserves the right to approve or reject the insurance provided based upon the insurer, terms and coverage, the Certificate of Insurance, and/or endorsements. 1.2. Contractor shall not begin work under the Contract until the required insurance has been obtained and approved by City of Tacoma. 1.3. Contractor shall keep this insurance in force during the entire term of the Contract and for Thirty (30) calendar days after completion of all work required by the Contract, unless otherwise provided herein. 1.4. Insurance policies required under this Contract that name “City of Tacoma” as Additional Insured shall: 1.4.1. Be considered primary and non-contributory for all claims. 1.4.2. Contain a “Separation of Insured provision and a “Waiver of Subrogation” clause in favor of City of Tacoma. 1.5. Section 1.4 above does not apply to contracts for purchasing supplies only. 1.6. Verification of coverage shall include: 1.6.1. An ACORD certificate or equivalent. 1.6.2. Copies of all endorsements naming the City of Tacoma as additional insured and showing the policy number. 1.6.3. A notation of coverage enhancements on the Certificate of Insurance shall not satisfy these requirements – actual endorsements must be submitted. 1.7. Liability insurance policies, with the exception of Professional Liability and Workers’ Compensation, shall name the City of Tacoma and its officers, elected officials, employees, agents, and authorized volunteers as additional insured. 1.7.1. No specific person or department should be identified as the additional insured. 1.7.2. All references on certificates of insurance and endorsements shall be listed as “City of Tacoma”. 1.7.3. The City of Tacoma shall be additional insured for both ongoing and completed operations using Insurance Services Office (ISO) form CG 20 10 04 13 and CG 20 CITY OF TACOMA INSURANCE REQUIREMENTS FOR CONTRACTS Insurance Requirements Spec/Contract Number: HR22-0274F Template Revised 10/3/2019 Page 2 of 4 37 04 13 or the equivalent for the full available limits of liability maintained by the Contractor irrespective of whether such limits maintained by the Contractor are greater than those required by this Contract and irrespective of whether the Certificate of Insurance describes limits lower than those maintained by the Contractor. 1.8. Contractor shall provide a Certificate of Insurance for each policy of insurance meeting the requirements set forth herein when Contractor provides the signed Contract for the work to City of Tacoma. Contractor shall provide copies of any applicable Additional Insured, Waiver of Subrogation, and Primary and Non-contributory endorsements. Contract or Permit number and the City Department must be shown on the Certificate of Insurance. 1.9. Insurance limits shown below may be written with an excess policy that follows the form of an underlying primary liability policy or an excess policy providing the required limit. 1.10. Liability insurance policies shall be written on an “occurrence” form, except for Professional Liability/Errors and Omissions, Pollution Liability, and Cyber/Privacy and Security 1.11. If coverage is approved and purchased on a “Claims-Made” basis, Contractor warrants continuation of coverage, either through policy renewals or by the purchase of an extended reporting period endorsement as set forth below. 1.12. The insurance must be written by companies licensed or authorized in the State of Washington pursuant to RCW 48 with an (A-) VII or higher in the A.M. Best's Key Rating Guide www.ambest.com. 1.13. Contractor shall provide City of Tacoma notice of any cancellation or non-renewal of this required insurance within Thirty (30) calendar days. 1.14. Contractor shall not allow any insurance to be cancelled or lapse during any term of this Contract, otherwise it shall constitute a material breach of the Contract, upon which City of Tacoma may, after giving Five (5) business day notice to Contractor to correct the breach, immediately terminate the Contract or, at its discretion, procure or renew such insurance and pay any and all premiums in connection therewith; with any sums so expended to be repaid to City of Tacoma by Contractor upon demand, or at the sole discretion of City of Tacoma, offset against funds due Contractor from City of Tacoma. 1.15. Contractor shall be responsible for the payment of all premiums, deductibles and self-insured retentions, and shall indemnify and hold the City of Tacoma harmless to the extent such a deductible or self-insured retained limit may apply to the City of Tacoma as an additional insured. Any deductible or self-insured retained limits in excess of Twenty Five Thousand Dollars ($25,000) must be disclosed and approved by City of Tacoma Risk Manager and shown on the Certificate of Insurance. 1.16. City of Tacoma reserves the right to review insurance requirements during any term of the Contract and to require that Contractor make reasonable adjustments when the scope of services has changed. http://www.ambest.com/ CITY OF TACOMA INSURANCE REQUIREMENTS FOR CONTRACTS Insurance Requirements Spec/Contract Number: HR22-0274F Template Revised 10/3/2019 Page 3 of 4 1.17. All costs for insurance shall be incidental to and included in the unit or lump sum prices of the Contract and no additional payment will be made by City of Tacoma to Contractor. 1.18. Insurance coverages specified in this Contract are not intended and will not be interpreted to limit the responsibility or liability of Contractor or Subcontractor(s). 1.19. Failure by City of Tacoma to identify a deficiency in the insurance documentation provided by Contractor or failure of City of Tacoma to demand verification of coverage or compliance by Contractor with these insurance requirements shall not be construed as a waiver of Contractor’s obligation to maintain such insurance. 1.20. If Contractor is a State of Washington or local government and is self-insured for any of the above insurance requirements, a certification of self-insurance shall be attached hereto and be incorporated by reference and shall constitute compliance with this Section. 2. CONTRACTOR As used herein, "Contractor" shall be the Supplier(s) entering a Contract with City of Tacoma, whether designated as a Supplier, Contractor, Vendor, Proposer, Bidder, Respondent, Seller, Merchant, Service Provider, or otherwise. 3. SUBCONTRACTORS It is Contractor's responsibility to ensure that each subcontractor obtain and maintain adequate liability insurance coverage. Contractor shall provide evidence of such insurance upon City of Tacoma’s request. 4. REQUIRED INSURANCE AND LIMITS The insurance policies shall provide the minimum coverages and limits set forth below. Providing coverage in these stated minimum limits shall not be construed to relieve Contractor from liability in excess of such limits. 4.1 Commercial General Liability Insurance Contractor shall maintain Commercial General Liability Insurance policy with limits not less than One Million Dollars ($1,000,000) each occurrence and Two Million Dollars ($2,000,000) annual aggregate. The Commercial General Liability Insurance policy shall be written on an Insurance Services Office form CG 00 01 04 13 or its equivalent. Products and Completed Operations shall be maintained for a period of three years following Substantial Completion of the Work related to performing construction services. This policy shall include product liability especially when a Contract solely is for purchasing supplies. The Commercial General Liability policy shall be endorsed to include: A per project aggregate policy limit, using ISO form CG 25 03 05 09 or an equivalent endorsement. 4.2 Workers' Compensation Contractor shall comply with Workers’ Compensation coverage as required by the Industrial Insurance laws of the State of Washington, as well as any other similar coverage required for this work by applicable federal laws of other states. The Contractor must comply with their domicile CITY OF TACOMA INSURANCE REQUIREMENTS FOR CONTRACTS Insurance Requirements Spec/Contract Number: HR22-0274F Template Revised 10/3/2019 Page 4 of 4 State Industrial Insurance laws if it is outside the State of Washington. 4.3 Employers’ Liability Insurance Contractor shall maintain Employers’ Liability coverage with limits not less than One Million Dollars ($1,000,000) each employee, One Million Dollars ($1,000,000) each accident, and One Million Dollars ($1,000,000) policy limit. 4.4 Professional Liability Insurance or Errors and Omissions Contractor and/or its subcontractor shall maintain Professional Liability or Errors and Omissions with limits of One Million Dollars ($1,000,000) per claim and Two Million Dollars ($2,000,000) in the aggregate covering acts, errors and omissions arising out of the professional services under this Contract. If the policy limit includes the payment of claims or defense costs, from the policy limit, the per claim limit shall be Two Million Dollars ($2,000,000). If the scope of such design-related professional services includes work related to pollution conditions, the Professional Liability policy shall include Pollution Liability coverage. If provided on a “claims-made” basis, such coverage shall be maintained by policy renewals or an extended reporting period endorsement for not less than three years following the end of the Contract. 4.5 Cyber/Privacy and Security Insurance Contractor shall maintain Cyber Privacy and Security Insurance with coverage of not less than One Million Dollars ($1,000,000) per claim and Two Million Dollars ($2,000,000) general aggregate that includes, but is not limited to, coverage for first party costs and third-party claims. Coverage shall include loss resulting from data security/privacy breach, unauthorized access, denial of service attacks, introduction of virus and malicious code, network security failure, dissemination or destruction of electronic data, business interruptions, privacy law violation, and disclosure of non-public, personal and confidential information, and failure to disclose breaches as required law or Contract. Coverage shall include notifications and other expenses incurred in remedying a privacy breach as well as costs to investigate and restore data. Coverage shall also include communications liability (e.g., infringement of copyrights, title, slogan, trademark, trade name, trade dress, service mark, or service name in the policy holders covered material). 4.6 Other Insurance Other insurance may be deemed appropriate to cover risks and exposures related to the scope of work or changes to the scope of work required by City of Tacoma. The costs of such necessary and appropriate Insurance coverage shall be borne by Contractor.